diff --git a/Makefile b/Makefile index a2d585528..0f98ff62d 100644 --- a/Makefile +++ b/Makefile @@ -176,6 +176,7 @@ include test/libc/stdio/test.mk include test/libc/release/test.mk include test/libc/test.mk include test/net/http/test.mk +include test/net/https/test.mk include test/net/test.mk include test/tool/build/lib/test.mk include test/tool/build/test.mk @@ -214,15 +215,19 @@ o/$(MODE)/srcs.txt: o/$(MODE)/.x $(MAKEFILES) $(call uniq,$(foreach x,$(SRCS),$( $(file >$@) $(foreach x,$(SRCS),$(file >>$@,$(x))) o/$(MODE)/hdrs.txt: o/$(MODE)/.x $(MAKEFILES) $(call uniq,$(foreach x,$(HDRS) $(INCS),$(dir $(x)))) $(file >$@) $(foreach x,$(HDRS) $(INCS),$(file >>$@,$(x))) +o/$(MODE)/incs.txt: o/$(MODE)/.x $(MAKEFILES) $(call uniq,$(foreach x,$(INCS) $(INCS),$(dir $(x)))) + $(file >$@) $(foreach x,$(INCS) $(INCS),$(file >>$@,$(x))) else o/$(MODE)/srcs.txt: o/$(MODE)/.x $(MAKEFILES) $(call uniq,$(foreach x,$(SRCS),$(dir $(x)))) $(MAKE) MODE=rel -j8 -pn bopit 2>/dev/null | sed -ne '/^SRCS/ {s/.*:= //;s/ */\n/g;p;q}' >$@ o/$(MODE)/hdrs.txt: o/$(MODE)/.x $(MAKEFILES) $(call uniq,$(foreach x,$(HDRS) $(INCS),$(dir $(x)))) $(MAKE) MODE=rel -j8 -pn bopit 2>/dev/null | sed -ne '/^HDRS/ {s/.*:= //;s/ */\n/g;p;q}' >$@ +o/$(MODE)/incs.txt: o/$(MODE)/.x $(MAKEFILES) $(call uniq,$(foreach x,$(INCS) $(INCS),$(dir $(x)))) + $(MAKE) MODE=rel -j8 -pn bopit 2>/dev/null | sed -ne '/^INCS/ {s/.*:= //;s/ */\n/g;p;q}' >$@ endif -o/$(MODE)/depend: o/$(MODE)/.x o/$(MODE)/srcs.txt o/$(MODE)/hdrs.txt $(SRCS) $(HDRS) $(INCS) - @$(COMPILE) -AMKDEPS $(MKDEPS) -o $@ -r o/$(MODE)/ o/$(MODE)/srcs.txt o/$(MODE)/hdrs.txt +o/$(MODE)/depend: o/$(MODE)/.x o/$(MODE)/srcs.txt o/$(MODE)/hdrs.txt o/$(MODE)/incs.txt $(SRCS) $(HDRS) $(INCS) + @$(COMPILE) -AMKDEPS $(MKDEPS) -o $@ -r o/$(MODE)/ o/$(MODE)/srcs.txt o/$(MODE)/hdrs.txt o/$(MODE)/incs.txt TAGS: o/$(MODE)/srcs.txt $(SRCS) @rm -f $@ diff --git a/build/definitions.mk b/build/definitions.mk index 278a5ddec..7d94b887f 100644 --- a/build/definitions.mk +++ b/build/definitions.mk @@ -181,7 +181,6 @@ DEFAULT_LDLIBS = MCA = llvm-mca-10 \ -mtriple=x86_64-pc-linux-gnu \ - -iterations=3 \ -instruction-info \ -iterations=3 \ -all-stats \ diff --git a/examples/certapp.c b/examples/certapp.c new file mode 100644 index 000000000..7c5edd619 --- /dev/null +++ b/examples/certapp.c @@ -0,0 +1,403 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/fmt/conv.h" +#include "libc/stdio/stdio.h" +#include "libc/sysv/consts/exit.h" +#include "third_party/mbedtls/ctr_drbg.h" +#include "third_party/mbedtls/debug.h" +#include "third_party/mbedtls/entropy.h" +#include "third_party/mbedtls/net_sockets.h" +#include "third_party/mbedtls/ssl.h" +#include "third_party/mbedtls/x509_crt.h" + +STATIC_YOINK("ssl_root_support"); + +#define MODE_NONE 0 +#define MODE_FILE 1 +#define MODE_SSL 2 + +#define DFL_MODE MODE_NONE +#define DFL_FILENAME "cert.crt" +#define DFL_CA_FILE "" +#define DFL_CRL_FILE "" +#define DFL_CA_PATH "zip:usr/share/ssl/root" +#define DFL_SERVER_NAME "localhost" +#define DFL_SERVER_PORT "4433" +#define DFL_DEBUG_LEVEL 0 +#define DFL_PERMISSIVE 0 + +#define USAGE_IO \ + " ca_file=%%s file containing top-level CAs\n" \ + " ca_path=%%s dir containing top-level CAs\n" \ + " crl_file=%%s The single CRL file you want to use\n" + +#define USAGE \ + "\n usage: %s param=<>...\n" \ + "\n acceptable parameters:\n" \ + " mode=file|ssl default: none\n" \ + " filename=%%s default: cert.crt\n" USAGE_IO \ + " server_name=%%s default: localhost\n" \ + " server_port=%%d default: 4433\n" \ + " debug_level=%%d default: 0 (disabled)\n" \ + " permissive=%%d default: 0 (disabled)\n" \ + "\n" + +/* + * global options + */ +struct options { + int mode; /* the mode to run the application in */ + const char *filename; /* filename of the certificate file */ + const char *ca_file; /* the file with the CA certificate(s) */ + const char *crl_file; /* the file with the CRL to use */ + const char *ca_path; /* the path with the CA certificate(s) reside */ + const char *server_name; /* hostname of the server (client only) */ + const char *server_port; /* port on which the ssl service runs */ + int debug_level; /* level of debugging */ + int permissive; /* permissive parsing */ +} opt; + +static void my_debug(void *ctx, int level, const char *file, int line, + const char *str) { + fprintf((FILE *)ctx, "%s:%04d: %s", file, line, str); + fflush((FILE *)ctx); +} + +static int my_verify(void *data, mbedtls_x509_crt *crt, int depth, + uint32_t *flags) { + char buf[1024]; + printf("\nVerify requested for (Depth %d):\n", depth); + mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", crt); + printf("%s", buf); + if (*flags) { + mbedtls_x509_crt_verify_info(buf, sizeof(buf), " ! ", *flags); + printf("%s\n", buf); + } + return 0; +} + +mbedtls_net_context server_fd; +unsigned char buf[1024]; +mbedtls_entropy_context entropy; +mbedtls_ctr_drbg_context ctr_drbg; +mbedtls_ssl_context ssl; +mbedtls_ssl_config conf; +mbedtls_x509_crt cacert; +mbedtls_x509_crl cacrl; + +int main(int argc, char *argv[]) { + int ret = 1; + int exit_code = EXIT_FAILURE; + int i, j; + uint32_t flags; + int verify = 0; + char *p, *q; + const char *pers = "cert_app"; + + /* + * Set to sane values + */ + mbedtls_net_init(&server_fd); + mbedtls_ctr_drbg_init(&ctr_drbg); + mbedtls_ssl_init(&ssl); + mbedtls_ssl_config_init(&conf); + mbedtls_x509_crt_init(&cacert); +#if defined(MBEDTLS_X509_CRL_PARSE_C) + mbedtls_x509_crl_init(&cacrl); +#else + /* Zeroize structure as CRL parsing is not supported and we have to pass + it to the verify function */ + memset(&cacrl, 0, sizeof(mbedtls_x509_crl)); +#endif + + if (argc == 0) { + usage: + printf(USAGE, program_invocation_name); + goto exit; + } + + opt.mode = DFL_MODE; + opt.filename = DFL_FILENAME; + opt.ca_file = DFL_CA_FILE; + opt.crl_file = DFL_CRL_FILE; + opt.ca_path = DFL_CA_PATH; + opt.server_name = DFL_SERVER_NAME; + opt.server_port = DFL_SERVER_PORT; + opt.debug_level = DFL_DEBUG_LEVEL; + opt.permissive = DFL_PERMISSIVE; + + for (i = 1; i < argc; i++) { + p = argv[i]; + if ((q = strchr(p, '=')) == NULL) goto usage; + *q++ = '\0'; + + for (j = 0; p + j < q; j++) { + if (argv[i][j] >= 'A' && argv[i][j] <= 'Z') argv[i][j] |= 0x20; + } + + if (strcmp(p, "mode") == 0) { + if (strcmp(q, "file") == 0) + opt.mode = MODE_FILE; + else if (strcmp(q, "ssl") == 0) + opt.mode = MODE_SSL; + else + goto usage; + } else if (strcmp(p, "filename") == 0) + opt.filename = q; + else if (strcmp(p, "ca_file") == 0) + opt.ca_file = q; + else if (strcmp(p, "crl_file") == 0) + opt.crl_file = q; + else if (strcmp(p, "ca_path") == 0) + opt.ca_path = q; + else if (strcmp(p, "server_name") == 0) + opt.server_name = q; + else if (strcmp(p, "server_port") == 0) + opt.server_port = q; + else if (strcmp(p, "debug_level") == 0) { + opt.debug_level = atoi(q); + if (opt.debug_level < 0 || opt.debug_level > 65535) goto usage; + } else if (strcmp(p, "permissive") == 0) { + opt.permissive = atoi(q); + if (opt.permissive < 0 || opt.permissive > 1) goto usage; + } else + goto usage; + } + + /* + * 1.1. Load the trusted CA + */ + printf(" . Loading the CA root certificate ..."); + fflush(stdout); + + if (strlen(opt.ca_path)) { + if ((ret = mbedtls_x509_crt_parse_path(&cacert, opt.ca_path)) < 0) { + printf(" failed\n ! mbedtls_x509_crt_parse_path returned -0x%x\n\n", + (unsigned int)-ret); + goto exit; + } + + verify = 1; + } else if (strlen(opt.ca_file)) { + if ((ret = mbedtls_x509_crt_parse_file(&cacert, opt.ca_file)) < 0) { + printf(" failed\n ! mbedtls_x509_crt_parse_file returned -0x%x\n\n", + (unsigned int)-ret); + goto exit; + } + + verify = 1; + } + + printf(" ok (%d skipped)\n", ret); + +#if defined(MBEDTLS_X509_CRL_PARSE_C) + if (strlen(opt.crl_file)) { + if ((ret = mbedtls_x509_crl_parse_file(&cacrl, opt.crl_file)) != 0) { + printf(" failed\n ! mbedtls_x509_crl_parse returned -0x%x\n\n", + (unsigned int)-ret); + goto exit; + } + + verify = 1; + } +#endif + + if (opt.mode == MODE_FILE) { + mbedtls_x509_crt crt; + mbedtls_x509_crt *cur = &crt; + mbedtls_x509_crt_init(&crt); + + /* + * 1.1. Load the certificate(s) + */ + printf("\n . Loading the certificate(s) ..."); + fflush(stdout); + + ret = mbedtls_x509_crt_parse_file(&crt, opt.filename); + + if (ret < 0) { + printf(" failed\n ! mbedtls_x509_crt_parse_file returned -0x%04x\n\n", + -ret); + mbedtls_x509_crt_free(&crt); + goto exit; + } + + if (opt.permissive == 0 && ret > 0) { + printf(" failed\n ! mbedtls_x509_crt_parse failed to parse %d " + "certificates\n\n", + ret); + mbedtls_x509_crt_free(&crt); + goto exit; + } + + printf(" ok\n"); + + /* + * 1.2 Print the certificate(s) + */ + while (cur != NULL) { + printf(" . Peer certificate information ...\n"); + ret = mbedtls_x509_crt_info((char *)buf, sizeof(buf) - 1, " ", cur); + if (ret == -1) { + printf(" failed\n ! mbedtls_x509_crt_info returned -0x%04x\n\n", + -ret); + mbedtls_x509_crt_free(&crt); + goto exit; + } + + printf("%s\n", buf); + + cur = cur->next; + } + + /* + * 1.3 Verify the certificate + */ + if (verify) { + printf(" . Verifying X.509 certificate..."); + + if ((ret = mbedtls_x509_crt_verify(&crt, &cacert, &cacrl, NULL, &flags, + my_verify, NULL)) != 0) { + char vrfy_buf[512]; + + printf(" failed\n"); + + mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags); + + printf("%s\n", vrfy_buf); + } else + printf(" ok\n"); + } + + mbedtls_x509_crt_free(&crt); + } else if (opt.mode == MODE_SSL) { + /* + * 1. Initialize the RNG and the session data + */ + printf("\n . Seeding the random number generator..."); + fflush(stdout); + + mbedtls_entropy_init(&entropy); + if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, + (const unsigned char *)pers, + strlen(pers))) != 0) { + printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret); + goto ssl_exit; + } + + printf(" ok\n"); + +#if defined(MBEDTLS_DEBUG_C) + mbedtls_debug_set_threshold(opt.debug_level); +#endif + + /* + * 2. Start the connection + */ + printf(" . Connecting to tcp/%s/%s...\n", opt.server_name, + opt.server_port); + + if ((ret = mbedtls_net_connect(&server_fd, opt.server_name, opt.server_port, + MBEDTLS_NET_PROTO_TCP)) != 0) { + printf(" ! mbedtls_net_connect returned -0x%04x\n\n", -ret); + goto ssl_exit; + } + + /* + * 3. Setup stuff + */ + if ((ret = mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_PRESET_DEFAULT)) != 0) { + printf(" ! mbedtls_ssl_config_defaults returned -0x%04x\n\n", -ret); + goto exit; + } + + if (verify) { + mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED); + mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); + mbedtls_ssl_conf_verify(&conf, my_verify, NULL); + } else + mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE); + + mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); + mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); + + if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { + printf(" ! mbedtls_ssl_setup returned -0x%04x\n\n", -ret); + goto ssl_exit; + } + + if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) { + printf(" ! mbedtls_ssl_set_hostname returned -0x%04x\n\n", -ret); + goto ssl_exit; + } + + mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, + NULL); + + /* + * 4. Handshake + */ + while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { + if (ret != MBEDTLS_ERR_SSL_WANT_READ && + ret != MBEDTLS_ERR_SSL_WANT_WRITE) { + printf(" ! mbedtls_ssl_handshake returned -0x%04x\n\n", -ret); + goto ssl_exit; + } + } + + /* + * 5. Print the certificate + */ +#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) + printf(" . Peer certificate information ... skipped\n"); +#else + printf(" . Peer certificate information ...\n"); + ret = mbedtls_x509_crt_info((char *)buf, sizeof(buf) - 1, " ", + mbedtls_ssl_get_peer_cert(&ssl)); + if (ret == -1) { + printf(" failed\n ! mbedtls_x509_crt_info returned -0x%04x\n\n", -ret); + goto ssl_exit; + } + + printf("%s\n", buf); +#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ + + mbedtls_ssl_close_notify(&ssl); + + ssl_exit: + mbedtls_ssl_free(&ssl); + mbedtls_ssl_config_free(&conf); + } else + goto usage; + + exit_code = MBEDTLS_EXIT_SUCCESS; + +exit: + + mbedtls_net_free(&server_fd); + mbedtls_x509_crt_free(&cacert); +#if defined(MBEDTLS_X509_CRL_PARSE_C) + mbedtls_x509_crl_free(&cacrl); +#endif + mbedtls_ctr_drbg_free(&ctr_drbg); + mbedtls_entropy_free(&entropy); + + mbedtls_exit(exit_code); +} diff --git a/examples/curl.c b/examples/curl.c index e633d5095..9c7d806cf 100644 --- a/examples/curl.c +++ b/examples/curl.c @@ -22,6 +22,7 @@ #include "libc/runtime/gc.h" #include "libc/runtime/runtime.h" #include "libc/sock/sock.h" +#include "libc/stdio/append.internal.h" #include "libc/stdio/stdio.h" #include "libc/str/str.h" #include "libc/sysv/consts/af.h" @@ -40,12 +41,14 @@ #include "net/http/http.h" #include "net/http/url.h" #include "net/https/https.h" +#include "net/https/sslcache.h" #include "third_party/getopt/getopt.h" #include "third_party/mbedtls/ctr_drbg.h" #include "third_party/mbedtls/debug.h" #include "third_party/mbedtls/error.h" #include "third_party/mbedtls/pk.h" #include "third_party/mbedtls/ssl.h" +#include "third_party/mbedtls/ssl_ticket.h" /** * @fileoverview Downloads HTTP URL to stdout. @@ -60,11 +63,6 @@ #define HeaderEqualCase(H, S) \ SlicesEqualCase(S, strlen(S), HeaderData(H), HeaderLength(H)) -struct Buffer { - size_t i, n; - char *p; -}; - static inline bool SlicesEqualCase(const char *a, size_t n, const char *b, size_t m) { return n == m && !memcasecmp(a, b, n); @@ -93,9 +91,9 @@ static int Socket(int family, int type, int protocol) { static int TlsSend(void *c, const unsigned char *p, size_t n) { int rc; - VERBOSEF("begin send %zu", n); + NOISEF("begin send %zu", n); CHECK_NE(-1, (rc = write(*(int *)c, p, n))); - VERBOSEF("end send %zu", n); + NOISEF("end send %zu", n); return rc; } @@ -114,9 +112,9 @@ static int TlsRecv(void *c, unsigned char *p, size_t n, uint32_t o) { v[0].iov_len = n; v[1].iov_base = t; v[1].iov_len = sizeof(t); - VERBOSEF("begin recv %zu", n + sizeof(t) - b); + NOISEF("begin recv %zu", n + sizeof(t) - b); CHECK_NE(-1, (r = readv(*(int *)c, v, 2))); - VERBOSEF("end recv %zu", r); + NOISEF("end recv %zu", r); if (r > n) b = r - n; return MIN(n, r); } @@ -150,30 +148,6 @@ static int GetEntropy(void *c, unsigned char *p, size_t n) { return 0; } -static int AppendFmt(struct Buffer *b, const char *fmt, ...) { - int n; - char *p; - va_list va, vb; - va_start(va, fmt); - va_copy(vb, va); - n = vsnprintf(b->p + b->i, b->n - b->i, fmt, va); - if (b->i + n + 1 > b->n) { - do { - if (b->n) { - b->n += b->n >> 1; - } else { - b->n = 16; - } - } while (b->i + n + 1 > b->n); - b->p = realloc(b->p, b->n); - vsnprintf(b->p + b->i, b->n - b->i, fmt, vb); - } - va_end(vb); - va_end(va); - b->i += n; - return n; -} - int main(int argc, char *argv[]) { if (!NoDebug()) showcrashreports(); xsigaction(SIGPIPE, SIG_IGN, 0, 0, 0); @@ -189,6 +163,7 @@ int main(int argc, char *argv[]) { int method = kHttpGet; bool authmode = MBEDTLS_SSL_VERIFY_REQUIRED; const char *agent = "hurl/1.o (https://github.com/jart/cosmopolitan)"; + __log_level = kLogWarn; while ((opt = getopt(argc, argv, "qksvVIX:H:A:")) != -1) { switch (opt) { case 's': @@ -277,34 +252,36 @@ int main(int argc, char *argv[]) { /* * Create HTTP message. */ - struct Buffer request = {0}; - AppendFmt(&request, - "%s %s HTTP/1.1\r\n" - "Host: %s:%s\r\n" - "Connection: close\r\n" - "User-Agent: %s\r\n", - kHttpMethod[method], _gc(EncodeUrl(&url, 0)), host, port, agent); + char *request = 0; + appendf(&request, + "%s %s HTTP/1.1\r\n" + "Host: %s:%s\r\n" + "Connection: close\r\n" + "User-Agent: %s\r\n", + kHttpMethod[method], _gc(EncodeUrl(&url, 0)), host, port, agent); for (int i = 0; i < headers.n; ++i) { - AppendFmt(&request, "%s\r\n", headers.p[i]); + appendf(&request, "%s\r\n", headers.p[i]); } - AppendFmt(&request, "\r\n"); + appendf(&request, "\r\n"); /* * Setup crypto. */ mbedtls_ssl_config conf; mbedtls_ssl_context ssl; + mbedtls_x509_crt *cachain = 0; mbedtls_ctr_drbg_context drbg; if (usessl) { mbedtls_ssl_init(&ssl); mbedtls_ctr_drbg_init(&drbg); mbedtls_ssl_config_init(&conf); + cachain = GetSslRoots(); CHECK_EQ(0, mbedtls_ctr_drbg_seed(&drbg, GetEntropy, 0, "justine", 7)); CHECK_EQ(0, mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT)); - mbedtls_ssl_conf_ca_chain(&conf, GetSslRoots(), 0); mbedtls_ssl_conf_authmode(&conf, authmode); + mbedtls_ssl_conf_ca_chain(&conf, cachain, 0); mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &drbg); if (!IsTiny()) mbedtls_ssl_conf_dbg(&conf, TlsDebug, 0); CHECK_EQ(0, mbedtls_ssl_setup(&ssl, &conf)); @@ -339,11 +316,13 @@ int main(int argc, char *argv[]) { /* * Send HTTP Message. */ + size_t n; + n = appendz(request).i; if (usessl) { - ret = mbedtls_ssl_write(&ssl, request.p, request.i); - if (ret != request.i) TlsDie("ssl write", ret); + ret = mbedtls_ssl_write(&ssl, request, n); + if (ret != n) TlsDie("ssl write", ret); } else { - CHECK_EQ(request.i, write(sock, request.p, request.i)); + CHECK_EQ(n, write(sock, request, n)); } /* @@ -354,7 +333,7 @@ int main(int argc, char *argv[]) { ssize_t rc; struct HttpMessage msg; struct HttpUnchunker u; - size_t g, i, n, hdrlen, paylen; + size_t g, i, hdrlen, paylen; InitHttpMessage(&msg, kHttpResponse); for (p = 0, hdrlen = paylen = t = i = n = 0;;) { if (i == n) { @@ -460,6 +439,7 @@ Finished: mbedtls_ssl_free(&ssl); mbedtls_ctr_drbg_free(&drbg); mbedtls_ssl_config_free(&conf); + mbedtls_x509_crt_free(cachain); mbedtls_ctr_drbg_free(&drbg); } diff --git a/examples/examples.mk b/examples/examples.mk index d797a2d46..db472cd16 100644 --- a/examples/examples.mk +++ b/examples/examples.mk @@ -69,6 +69,7 @@ EXAMPLES_DIRECTDEPS = \ NET_HTTPS \ THIRD_PARTY_COMPILER_RT \ THIRD_PARTY_DLMALLOC \ + THIRD_PARTY_QUICKJS \ THIRD_PARTY_GDTOA \ THIRD_PARTY_GETOPT \ THIRD_PARTY_LUA \ diff --git a/examples/fastdiv.c b/examples/fastdiv.c new file mode 100644 index 000000000..4bc91660d --- /dev/null +++ b/examples/fastdiv.c @@ -0,0 +1,62 @@ +#if 0 +/*─────────────────────────────────────────────────────────────────╗ +│ To the extent possible under law, Justine Tunney has waived │ +│ all copyright and related or neighboring rights to this file, │ +│ as it is written in the following disclaimers: │ +│ • http://unlicense.org/ │ +│ • http://creativecommons.org/publicdomain/zero/1.0/ │ +╚─────────────────────────────────────────────────────────────────*/ +#endif +#include "libc/calls/calls.h" +#include "libc/macros.internal.h" +#include "libc/stdio/stdio.h" +#include "libc/sysv/consts/sig.h" +#include "libc/testlib/ezbench.h" + +/** + * @fileoverview Fast Division Using Multiplication Tutorial + * + * Expected program output: + * + * 23 / 3 = 7 + * 0x5555555555555556 1 1 + * division l: 16𝑐 5𝑛𝑠 + * fast div l: 5𝑐 2𝑛𝑠 + * precomps l: 70𝑐 23𝑛𝑠 + */ + +struct Divisor { + uint64_t m; + uint8_t s; + uint8_t t; +}; + +struct Divisor GetDivisor(uint64_t d) { + int b; + uint128_t x; + if (!d) raise(SIGFPE); + b = __builtin_clzll(d) ^ 63; + x = -d & (((1ull << b) - 1) | (1ull << b)); + return (struct Divisor){(x << 64) / d + 1, MIN(1, b + 1), MAX(0, b)}; +} + +uint64_t Divide(uint64_t x, struct Divisor d) { + uint128_t t; + uint64_t l, h; + t = d.m; + t *= x; + l = t; + h = t >> 64; + l = (x - h) >> d.s; + return (h + l) >> d.t; +} + +int main(int argc, char *argv[]) { + printf("23 / 3 = %ld\n", Divide(23, GetDivisor(3))); + volatile struct Divisor v = GetDivisor(3); + volatile uint64_t x = 23, y = 3, z; + EZBENCH2("division", donothing, z = x / y); + EZBENCH2("fast div", donothing, z = Divide(x, v)); + EZBENCH2("precomp ", donothing, v = GetDivisor(y)); + return 0; +} diff --git a/examples/fastmod.c b/examples/fastmod.c new file mode 100644 index 000000000..cca365fa9 --- /dev/null +++ b/examples/fastmod.c @@ -0,0 +1,48 @@ +#if 0 +/*─────────────────────────────────────────────────────────────────╗ +│ To the extent possible under law, Justine Tunney has waived │ +│ all copyright and related or neighboring rights to this file, │ +│ as it is written in the following disclaimers: │ +│ • http://unlicense.org/ │ +│ • http://creativecommons.org/publicdomain/zero/1.0/ │ +╚─────────────────────────────────────────────────────────────────*/ +#endif +#include "libc/stdio/stdio.h" +#include "libc/testlib/ezbench.h" + +/** + * @fileoverview Fast Modulus Using Multiplication Tutorial + * + * Expected program output: + * + * 23 / 3 = 7 + * 0x5555555555555556 1 1 + * modulus l: 15𝑐 5𝑛𝑠 + * fastmod l: 4𝑐 1𝑛𝑠 + * precomp l: 18𝑐 6𝑛𝑠 + */ + +struct Modulus { + uint64_t c; + uint64_t d; +}; + +struct Modulus GetModulus(uint64_t d) { + return (struct Modulus){0xFFFFFFFFFFFFFFFFull / d + 1, d}; +} + +uint64_t Modulus(uint64_t x, struct Modulus m) { + return ((uint128_t)(m.c * x) * m.d) >> 64; +} + +int main(int argc, char *argv[]) { + printf("%lx %% %d = %d\n", 3, 23, Modulus(23, GetModulus(3))); + printf("%lx %% %d = %d\n", 3, 23, + Modulus(0xf5bd76d4c3c91f47, GetModulus(34))); + volatile struct Modulus v = GetModulus(3); + volatile uint64_t x = 23, y = 3, z; + EZBENCH2("modulus", donothing, z = x % y); + EZBENCH2("fastmod", donothing, z = Modulus(x, v)); + EZBENCH2("precomp", donothing, v = GetModulus(y)); + return 0; +} diff --git a/examples/getrandom.c b/examples/getrandom.c new file mode 100644 index 000000000..22be61bae --- /dev/null +++ b/examples/getrandom.c @@ -0,0 +1,238 @@ +#if 0 +/*─────────────────────────────────────────────────────────────────╗ +│ To the extent possible under law, Justine Tunney has waived │ +│ all copyright and related or neighboring rights to this file, │ +│ as it is written in the following disclaimers: │ +│ • http://unlicense.org/ │ +│ • http://creativecommons.org/publicdomain/zero/1.0/ │ +╚─────────────────────────────────────────────────────────────────*/ +#endif +#include "libc/bits/bits.h" +#include "libc/calls/calls.h" +#include "libc/errno.h" +#include "libc/fmt/conv.h" +#include "libc/log/check.h" +#include "libc/log/log.h" +#include "libc/macros.internal.h" +#include "libc/nexgen32e/x86feature.h" +#include "libc/rand/rand.h" +#include "libc/stdio/stdio.h" +#include "libc/str/str.h" +#include "libc/sysv/consts/ex.h" +#include "libc/sysv/consts/exit.h" +#include "libc/sysv/consts/grnd.h" +#include "libc/sysv/consts/sig.h" +#include "libc/testlib/hyperion.h" +#include "third_party/getopt/getopt.h" + +uint64_t bcast(uint64_t f(void)) { + unsigned i; + uint64_t x; + for (x = i = 0; i < 8; ++i) { + x <<= 8; + x |= f() & 255; + } + return x; +} + +uint64_t randv6(void) { + static int16_t gorp; + gorp = (gorp + 625) & 077777; + return gorp; +} + +uint64_t randv7(void) { + static uint32_t randx = 1; + return ((randx = randx * 1103515245 + 12345) >> 16) & 077777; +} + +uint64_t zero(void) { + return 0; +} + +uint64_t inc(void) { + static uint64_t x; + return x++; +} + +uint64_t unixv6(void) { + return bcast(randv6); +} + +uint64_t unixv7(void) { + return bcast(randv7); +} + +uint64_t ape(void) { + static int i; + if ((i += 8) > _end - _base) i = 8; + return READ64LE(_base + i); +} + +uint64_t moby(void) { + static int i; + if ((i += 8) > kMobySize) i = 8; + return READ64LE(kMoby + i); +} + +uint64_t knuth(void) { + uint64_t a, b; + static uint64_t x = 1; + x *= 6364136223846793005; + x += 1442695040888963407; + a = x >> 32; + x *= 6364136223846793005; + x += 1442695040888963407; + b = x >> 32; + return a | b << 32; +} + +uint64_t libc(void) { + uint64_t x; + CHECK_EQ(8, getrandom(&x, 8, 0)); + return x; +} + +uint64_t kernel(void) { + uint64_t x; + CHECK_EQ(8, getrandom(&x, 8, GRND_NORDRND)); + return x; +} + +uint64_t hardware(void) { + uint64_t x; + CHECK_EQ(8, getrandom(&x, 8, GRND_NOSYSTEM)); + return x; +} + +uint64_t rdrnd(void) { + char cf; + int i = 0; + uint64_t x; + CHECK(X86_HAVE(RDRND)); + for (;;) { + asm volatile(CFLAG_ASM("rdrand\t%1") + : CFLAG_CONSTRAINT(cf), "=r"(x) + : /* no inputs */ + : "cc"); + if (cf) return x; + if (++i < 10) continue; + asm volatile("pause"); + i = 0; + } +} + +uint64_t rdseed(void) { + char cf; + int i = 0; + uint64_t x; + CHECK(X86_HAVE(RDSEED)); + for (;;) { + asm volatile(CFLAG_ASM("rdseed\t%1") + : CFLAG_CONSTRAINT(cf), "=r"(x) + : /* no inputs */ + : "cc"); + if (cf) return x; + if (++i < 10) continue; + asm volatile("pause"); + i = 0; + } +} + +const struct Function { + const char *s; + uint64_t (*f)(void); +} kFunctions[] = { + {"ape", ape}, // + {"hardware", hardware}, // + {"inc", inc}, // + {"kernel", kernel}, // + {"knuth", knuth}, // + {"libc", libc}, // + {"moby", moby}, // + {"rand64", rand64}, // + {"rdrand", rdrnd}, // + {"rdrnd", rdrnd}, // + {"rdseed", rdseed}, // + {"unixv6", unixv6}, // + {"unixv7", unixv7}, // + {"zero", zero}, // +}; + +bool isdone; +bool isbinary; +unsigned long count = -1; + +void OnInt(int sig) { + isdone = true; +} + +wontreturn void PrintUsage(FILE *f, int rc) { + fprintf(f, "Usage: %s [-b] [-n NUM] [FUNC]\n", program_invocation_name); + exit(rc); +} + +int main(int argc, char *argv[]) { + int i, opt; + ssize_t rc; + uint64_t x; + uint64_t (*f)(void); + + while ((opt = getopt(argc, argv, "hbn:")) != -1) { + switch (opt) { + case 'b': + isbinary = true; + break; + case 'n': + count = strtoul(optarg, 0, 0); + break; + case 'h': + PrintUsage(stdout, EXIT_SUCCESS); + default: + PrintUsage(stderr, EX_USAGE); + } + } + + if (optind == argc) { + f = libc; + } else { + for (f = 0, i = 0; i < ARRAYLEN(kFunctions); ++i) { + if (!strcasecmp(argv[optind], kFunctions[i].s)) { + f = kFunctions[i].f; + break; + } + } + if (!f) { + fprintf(stderr, "unknown function: %`'s\n", argv[optind]); + fprintf(stderr, "try: "); + for (i = 0; i < ARRAYLEN(kFunctions); ++i) { + if (i) fprintf(stderr, ", "); + fprintf(stderr, "%s", kFunctions[i].s); + } + fprintf(stderr, "\n"); + return 1; + } + } + + signal(SIGINT, OnInt); + signal(SIGPIPE, SIG_IGN); + + if (!isbinary) { + for (; count && !isdone && !feof(stdout); --count) { + printf("0x%016lx\n", f()); + } + fflush(stdout); + return ferror(stdout) ? 1 : 0; + } + + while (count && !isdone) { + x = f(); + rc = write(1, &x, MIN(8, count)); + if (!rc) break; + if (rc == -1 && errno == EPIPE) return 1; + if (rc == -1) perror("write"), exit(1); + count -= rc; + } + + return 0; +} diff --git a/examples/stringbuffer.c b/examples/stringbuffer.c index 35f63ef98..aa6cb9b22 100644 --- a/examples/stringbuffer.c +++ b/examples/stringbuffer.c @@ -9,47 +9,27 @@ #endif #include "libc/calls/calls.h" #include "libc/fmt/fmt.h" +#include "libc/log/check.h" +#include "libc/stdio/append.internal.h" /** * @fileoverview Fast Growable Strings Tutorial */ -struct Buffer { - size_t i, n; - char *p; -}; - -int AppendFmt(struct Buffer *b, const char *fmt, ...) { - int n; - char *p; - va_list va, vb; - va_start(va, fmt); - va_copy(vb, va); - n = vsnprintf(b->p + b->i, b->n - b->i, fmt, va); - if (n >= b->n - b->i) { - do { - if (b->n) { - b->n += b->n >> 1; /* this is the important line */ - } else { - b->n = 16; - } - } while (b->i + n + 1 > b->n); - b->p = realloc(b->p, b->n); - vsnprintf(b->p + b->i, b->n - b->i, fmt, vb); - } - va_end(vb); - va_end(va); - b->i += n; - return n; -} - int main(int argc, char *argv[]) { - struct Buffer b = {0}; - AppendFmt(&b, "hello "); - AppendFmt(&b, " world\n"); - AppendFmt(&b, "%d arg%s\n", argc, argc == 1 ? "" : "s"); - AppendFmt(&b, "%s\n", "have a nice day"); - write(1, b.p, b.i); - free(b.p); + char *b = 0; + appendf(&b, "hello "); // guarantees nul terminator + CHECK_EQ(6, strlen(b)); + CHECK_EQ(6, appendz(b).i); + appendf(&b, " world\n"); + CHECK_EQ(13, strlen(b)); + CHECK_EQ(13, appendz(b).i); + appendd(&b, "\0", 1); // supports binary + CHECK_EQ(13, strlen(b)); + CHECK_EQ(14, appendz(b).i); + appendf(&b, "%d arg%s\n", argc, argc == 1 ? "" : "s"); + appendf(&b, "%s\n", "have a nice day"); + write(1, b, appendz(b).i); + free(b); return 0; } diff --git a/libc/fmt/conv.h b/libc/fmt/conv.h index ae924e671..a4e3894b0 100644 --- a/libc/fmt/conv.h +++ b/libc/fmt/conv.h @@ -53,6 +53,7 @@ char *dirname(char *); char *basename(const char *) nosideeffect; char *basename_n(const char *, size_t) nosideeffect; bool isabspath(const char *) paramsnonnull() nosideeffect; +char *stripexts(char *); /*───────────────────────────────────────────────────────────────────────────│─╗ │ cosmopolitan § conversion » computation ─╬─│┼ diff --git a/libc/fmt/fmt.c b/libc/fmt/fmt.c index adf3d4edb..df6b1cfe9 100644 --- a/libc/fmt/fmt.c +++ b/libc/fmt/fmt.c @@ -191,7 +191,12 @@ hidden int __fmt(void *fn, void *arg, const char *format, va_list va) { } else if (format[1] == '.' && format[2] == '*' && format[3] == 's') { n = va_arg(va, unsigned); /* FAST PATH: PRECISION STRING */ s = va_arg(va, const char *); - if (!s) s = "(null)", n = MIN(6, n); + if (s) { + n = strnlen(s, n); + } else { + s = "(null)"; + n = MIN(6, n); + } if (out(s, arg, n) == -1) return -1; format += 4; continue; @@ -418,10 +423,12 @@ hidden int __fmt(void *fn, void *arg, const char *format, va_list va) { if (flags & FLAGS_ZEROPAD) { if (sign) PUT(sign); sign = 0; - do PUT('0'); + do + PUT('0'); while (--width > 0); } else { - do PUT(' '); + do + PUT(' '); while (--width > 0); } } @@ -523,10 +530,12 @@ hidden int __fmt(void *fn, void *arg, const char *format, va_list va) { if (flags & FLAGS_ZEROPAD) { if (sign) PUT(sign); sign = 0; - do PUT('0'); + do + PUT('0'); while (--width > 0); } else { - do PUT(' '); + do + PUT(' '); while (--width > 0); } } @@ -673,10 +682,12 @@ hidden int __fmt(void *fn, void *arg, const char *format, va_list va) { PUT(sign); sign = 0; } - do PUT('0'); + do + PUT('0'); while (--width > 0); } else { - do PUT(' '); + do + PUT(' '); while (--width > 0); } } diff --git a/libc/fmt/stripexts.c b/libc/fmt/stripexts.c new file mode 100644 index 000000000..ed0163bd0 --- /dev/null +++ b/libc/fmt/stripexts.c @@ -0,0 +1,42 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ │ +│ Permission to use, copy, modify, and/or distribute this software for │ +│ any purpose with or without fee is hereby granted, provided that the │ +│ above copyright notice and this permission notice appear in all copies. │ +│ │ +│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ +│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ +│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ +│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ +│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ +│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ +│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ +│ PERFORMANCE OF THIS SOFTWARE. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/fmt/fmt.h" +#include "libc/str/str.h" + +/** + * Removes file extensions. + * + * @param s is mutated + * @return s + */ +char *stripexts(char *s) { + size_t i; + for (i = strlen(s); i--;) { + switch (s[i]) { + case '.': + s[i] = 0; + break; + case '/': + return s; + default: + break; + } + } + return s; +} diff --git a/libc/intrin/asan.c b/libc/intrin/asan.c index d31de9f1d..33f086dcb 100644 --- a/libc/intrin/asan.c +++ b/libc/intrin/asan.c @@ -660,6 +660,10 @@ static void *__asan_realloc(void *p, size_t n) { return q; } +static void *__asan_realloc_in_place(void *p, size_t n) { + return 0; +} + static void *__asan_valloc(size_t n) { return __asan_memalign(PAGESIZE, n); } @@ -752,6 +756,7 @@ void __asan_install_malloc_hooks(void) { HOOK(hook_realloc, __asan_realloc); HOOK(hook_memalign, __asan_memalign); HOOK(hook_malloc_trim, __asan_malloc_trim); + HOOK(hook_realloc_in_place, __asan_realloc_in_place); HOOK(hook_malloc_usable_size, __asan_malloc_usable_size); } @@ -847,7 +852,8 @@ textstartup void __asan_init(int argc, char **argv, char **envp, REQUIRE(FindMemoryInterval); REQUIRE(TrackMemoryInterval); if (weaken(hook_malloc) || weaken(hook_calloc) || weaken(hook_realloc) || - weaken(hook_pvalloc) || weaken(hook_valloc) || weaken(hook_free) || + weaken(hook_realloc_in_place) || weaken(hook_pvalloc) || + weaken(hook_valloc) || weaken(hook_free) || weaken(hook_malloc_usable_size)) { REQUIRE(dlmemalign); REQUIRE(dlmalloc_usable_size); diff --git a/libc/log/backtrace2.c b/libc/log/backtrace2.c index 72322ad3d..9c516f13f 100644 --- a/libc/log/backtrace2.c +++ b/libc/log/backtrace2.c @@ -48,7 +48,7 @@ static int PrintBacktraceUsingAddr2line(int fd, const struct StackFrame *bp) { struct Garbages *garbage; sigset_t chldmask, savemask; const struct StackFrame *frame; - const char *debugbin, *p1, *p2, *p3, *addr2line; + char *debugbin, *p1, *p2, *p3, *addr2line; char buf[kBacktraceBufSize], *argv[kBacktraceMaxFrames]; if (IsOpenbsd()) return -1; if (IsWindows()) return -1; @@ -90,14 +90,44 @@ static int PrintBacktraceUsingAddr2line(int fd, const struct StackFrame *bp) { } close(pipefds[1]); while ((got = read(pipefds[0], buf, kBacktraceBufSize)) > 0) { - for (p1 = buf; got;) { - /* - * remove racist output from gnu tooling, that can't be disabled - * otherwise, since it breaks other tools like emacs that aren't - * equipped to ignore it, and what's most problematic is that - * addr2line somehow manages to put the racism onto the one line - * in the backtrace we actually care about. - */ + p1 = buf; + p3 = p1 + got; + + /* + * Remove deep libc error reporting facilities from backtraces. + * + * For example, if the following shows up in Emacs: + * + * 40d097: __die at libc/log/die.c:33 + * 434daa: __asan_die at libc/intrin/asan.c:483 + * 435146: __asan_report_memory_fault at libc/intrin/asan.c:524 + * 435b32: __asan_report_store at libc/intrin/asan.c:719 + * 43472e: __asan_report_store1 at libc/intrin/somanyasan.S:118 + * 40c3a9: GetCipherSuite at net/https/getciphersuite.c:80 + * 4383a5: GetCipherSuite_test at test/net/https/getciphersuite.c:23 + * ... + * + * Then it's unpleasant to need to press C-x C-n six times. + */ + while ((p2 = memchr(p1, '\n', p3 - p1))) { + if (memmem(p1, p2 - p1, ": __asan_", 9) || + memmem(p1, p2 - p1, ": __die", 7)) { + memmove(p1, p2 + 1, p3 - (p2 + 1)); + p3 -= p2 + 1 - p1; + } else { + p1 = p2 + 1; + break; + } + } + + /* + * remove racist output from gnu tooling, that can't be disabled + * otherwise, since it breaks other tools like emacs that aren't + * equipped to ignore it, and what's most problematic is that + * addr2line somehow manages to put the racism onto the one line + * in the backtrace we actually care about. + */ + for (got = p3 - buf, p1 = buf; got;) { if ((p2 = memmem(p1, got, " (discriminator ", strlen(" (discriminator ") - 1)) && (p3 = memchr(p2, '\n', got - (p2 - p1)))) { diff --git a/libc/log/getcallername.c b/libc/log/getcallername.c new file mode 100644 index 000000000..c9f5b374b --- /dev/null +++ b/libc/log/getcallername.c @@ -0,0 +1,40 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ │ +│ Permission to use, copy, modify, and/or distribute this software for │ +│ any purpose with or without fee is hereby granted, provided that the │ +│ above copyright notice and this permission notice appear in all copies. │ +│ │ +│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ +│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ +│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ +│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ +│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ +│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ +│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ +│ PERFORMANCE OF THIS SOFTWARE. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/alg/bisectcarleft.internal.h" +#include "libc/log/log.h" +#include "libc/nexgen32e/stackframe.h" +#include "libc/runtime/symbols.internal.h" + +/** + * Returns name of funciton that called caller function. + */ +const char *GetCallerName(const struct StackFrame *bp) { + struct SymbolTable *st; + if (!bp && (bp = __builtin_frame_address(0))) bp = bp->next; + if (bp && (st = GetSymbolTable()) && st->count && + ((intptr_t)bp->addr >= (intptr_t)&_base && + (intptr_t)bp->addr <= (intptr_t)&_end)) { + return st->name_base + + st->symbols[bisectcarleft((const int32_t(*)[2])st->symbols, + st->count, bp->addr - st->addr_base - 1)] + .name_rva; + } else { + return 0; + } +} diff --git a/libc/log/log.h b/libc/log/log.h index 7f0b76d0a..a28abc83a 100644 --- a/libc/log/log.h +++ b/libc/log/log.h @@ -3,6 +3,8 @@ #include "libc/bits/likely.h" #include "libc/calls/struct/sigset.h" #include "libc/calls/struct/winsize.h" +#include "libc/nexgen32e/stackframe.h" +#include "libc/runtime/runtime.h" #include "libc/stdio/stdio.h" /*───────────────────────────────────────────────────────────────────────────│─╗ │ cosmopolitan § liblog ─╬─│┼ @@ -21,7 +23,7 @@ */ #ifndef LOGGABLELEVEL #ifndef TINY -#define LOGGABLELEVEL kLogDebug +#define LOGGABLELEVEL kLogNoise /* #elif IsTiny() */ /* #define LOGGABLELEVEL kLogInfo */ #else @@ -44,6 +46,7 @@ bool IsTerminalInarticulate(void) nosideeffect; const char *commandvenv(const char *, const char *); const char *GetAddr2linePath(void); const char *GetGdbPath(void); +const char *GetCallerName(const struct StackFrame *); void showcrashreports(void); void callexitontermination(struct sigset *); @@ -63,6 +66,7 @@ extern unsigned __log_level; /* log level for runtime check */ #define FATALF(FMT, ...) \ do { \ + ++ftrace; \ ffatalf(kLogFatal, __FILE__, __LINE__, NULL, FMT, ##__VA_ARGS__); \ unreachable; \ } while (0) @@ -70,137 +74,174 @@ extern unsigned __log_level; /* log level for runtime check */ #define WARNF(FMT, ...) \ do { \ if (LOGGABLE(kLogWarn)) { \ + ++ftrace; \ flogf(kLogWarn, __FILE__, __LINE__, NULL, FMT, ##__VA_ARGS__); \ + --ftrace; \ } \ } while (0) #define LOGF(FMT, ...) \ do { \ if (LOGGABLE(kLogInfo)) { \ + ++ftrace; \ flogf(kLogInfo, __FILE__, __LINE__, NULL, FMT, ##__VA_ARGS__); \ + --ftrace; \ } \ } while (0) #define VERBOSEF(FMT, ...) \ do { \ if (LOGGABLE(kLogVerbose)) { \ + ++ftrace; \ fverbosef(kLogVerbose, __FILE__, __LINE__, NULL, FMT, ##__VA_ARGS__); \ + --ftrace; \ } \ } while (0) #define DEBUGF(FMT, ...) \ do { \ - if (LOGGABLE(kLogDebug)) { \ + if (UNLIKELY(LOGGABLE(kLogDebug))) { \ + ++ftrace; \ fdebugf(kLogDebug, __FILE__, __LINE__, NULL, FMT, ##__VA_ARGS__); \ + --ftrace; \ } \ } while (0) #define NOISEF(FMT, ...) \ do { \ - if (LOGGABLE(kLogNoise)) { \ + if (UNLIKELY(LOGGABLE(kLogNoise))) { \ + ++ftrace; \ fnoisef(kLogNoise, __FILE__, __LINE__, NULL, FMT, ##__VA_ARGS__); \ + --ftrace; \ } \ } while (0) #define VFLOG(FMT, VA) \ do { \ if (LOGGABLE(kLogInfo)) { \ + ++ftrace; \ vflogf(kLogInfo, __FILE__, __LINE__, NULL, FMT, VA); \ + --ftrace; \ } \ } while (0) #define FLOGF(F, FMT, ...) \ do { \ if (LOGGABLE(kLogInfo)) { \ + ++ftrace; \ flogf(kLogInfo, __FILE__, __LINE__, F, FMT, ##__VA_ARGS__); \ + --ftrace; \ } \ } while (0) #define VFLOGF(F, FMT, VA) \ do { \ if (LOGGABLE(kLogInfo)) { \ + ++ftrace; \ vflogf(kLogInfo, __FILE__, __LINE__, F, FMT, VA); \ + --ftrace; \ } \ } while (0) #define VWARNF(FMT, VA) \ do { \ if (LOGGABLE(kLogWarn)) { \ + ++ftrace; \ vflogf(kLogWarn, __FILE__, __LINE__, NULL, FMT, VA); \ + --ftrace; \ } \ } while (0) #define FWARNF(F, FMT, ...) \ do { \ if (LOGGABLE(kLogWarn)) { \ + ++ftrace; \ flogf(kLogWarn, __FILE__, __LINE__, F, FMT, ##__VA_ARGS__); \ + --ftrace; \ } \ } while (0) #define VFWARNF(F, FMT, VA) \ do { \ if (LOGGABLE(kLogWarn)) { \ + ++ftrace; \ vflogf(kLogWarn, __FILE__, __LINE__, F, FMT, VA); \ + --ftrace; \ } \ } while (0) #define VFATALF(FMT, VA) \ do { \ + ++ftrace; \ vffatalf(kLogFatal, __FILE__, __LINE__, NULL, FMT, VA); \ unreachable; \ } while (0) #define FFATALF(F, FMT, ...) \ do { \ + ++ftrace; \ ffatalf(kLogFatal, __FILE__, __LINE__, F, FMT, ##__VA_ARGS__); \ unreachable; \ } while (0) #define VFFATALF(F, FMT, VA) \ do { \ + ++ftrace; \ vffatalf(kLogFatal, __FILE__, __LINE__, F, FMT, VA); \ unreachable; \ } while (0) #define VDEBUGF(FMT, VA) \ do { \ - if (LOGGABLE(kLogDebug)) { \ + if (UNLIKELY(LOGGABLE(kLogDebug))) { \ + ++ftrace; \ vfdebugf(kLogDebug, __FILE__, __LINE__, NULL, FMT, VA); \ + --ftrace; \ } \ } while (0) #define FDEBUGF(F, FMT, ...) \ do { \ - if (LOGGABLE(kLogDebug)) { \ + if (UNLIKELY(LOGGABLE(kLogDebug))) { \ + ++ftrace; \ fdebugf(kLogDebug, __FILE__, __LINE__, F, FMT, ##__VA_ARGS__); \ + --ftrace; \ } \ } while (0) #define VFVERBOSEF(F, FMT, VA) \ do { \ if (LOGGABLE(kLogVerbose)) { \ + ++ftrace; \ vfverbosef(kLogVerbose, __FILE__, __LINE__, F, FMT, VA); \ + --ftrace; \ } \ } while (0) #define VFDEBUGF(F, FMT, VA) \ do { \ if (LOGGABLE(kLogDebug)) { \ + ++ftrace; \ vfdebugf(kLogDebug, __FILE__, __LINE__, F, FMT, VA); \ + --ftrace; \ } \ } while (0) #define VNOISEF(FMT, VA) \ do { \ - if (LOGGABLE(kLogNoise)) { \ + if (UNLIKELY(LOGGABLE(kLogNoise))) { \ + ++ftrace; \ vfnoisef(kLogNoise, __FILE__, __LINE__, NULL, FMT, VA); \ + --ftrace; \ } \ } while (0) #define FNOISEF(F, FMT, ...) \ do { \ - if (LOGGABLE(kLogNoise)) { \ + if (UNLIKELY(LOGGABLE(kLogNoise))) { \ + ++ftrace; \ fnoisef(kLogNoise, __FILE__, __LINE__, F, FMT, ##__VA_ARGS__); \ + --ftrace; \ } \ } while (0) @@ -208,20 +249,24 @@ extern unsigned __log_level; /* log level for runtime check */ │ cosmopolitan § liblog » on error resume next ─╬─│┼ ╚────────────────────────────────────────────────────────────────────────────│*/ -#define LOGIFNEG1(FORM) \ - ({ \ - autotype(FORM) Ax = (FORM); \ - if (Ax == (typeof(Ax))(-1) && LOGGABLE(kLogWarn)) { \ - __logerrno(__FILE__, __LINE__, #FORM); \ - } \ - Ax; \ +#define LOGIFNEG1(FORM) \ + ({ \ + autotype(FORM) Ax = (FORM); \ + if (UNLIKELY(Ax == (typeof(Ax))(-1)) && LOGGABLE(kLogWarn)) { \ + ++ftrace; \ + __logerrno(__FILE__, __LINE__, #FORM); \ + --ftrace; \ + } \ + Ax; \ }) #define LOGIFNULL(FORM) \ ({ \ autotype(FORM) Ax = (FORM); \ if (Ax == NULL && LOGGABLE(kLogWarn)) { \ + ++ftrace; \ __logerrno(__FILE__, __LINE__, #FORM); \ + --ftrace; \ } \ Ax; \ }) diff --git a/libc/log/vflogf.c b/libc/log/vflogf.c index a775e2462..dc4344246 100644 --- a/libc/log/vflogf.c +++ b/libc/log/vflogf.c @@ -83,7 +83,6 @@ void(vflogf)(unsigned level, const char *file, int line, FILE *f, int64_t secs, nsec, dots; if (!f) f = __log_file; if (!f) return; - ++ftrace; t2 = nowl(); secs = t2; nsec = (t2 - secs) * 1e9L; @@ -121,5 +120,4 @@ void(vflogf)(unsigned level, const char *file, int line, FILE *f, __die(); unreachable; } - --ftrace; } diff --git a/libc/nexgen32e/mul4x4adx.S b/libc/nexgen32e/mul4x4adx.S new file mode 100644 index 000000000..268d91668 --- /dev/null +++ b/libc/nexgen32e/mul4x4adx.S @@ -0,0 +1,116 @@ +/*-*- mode:unix-assembly; indent-tabs-mode:t; tab-width:8; coding:utf-8 -*-│ +│vi: set et ft=asm ts=8 tw=8 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ │ +│ Permission to use, copy, modify, and/or distribute this software for │ +│ any purpose with or without fee is hereby granted, provided that the │ +│ above copyright notice and this permission notice appear in all copies. │ +│ │ +│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ +│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ +│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ +│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ +│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ +│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ +│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ +│ PERFORMANCE OF THIS SOFTWARE. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/macros.internal.h" + +Mul4x4Adx: + push %rbp + mov %rsp,%rbp + .profilable + push %r15 + push %r14 + push %r13 + push %r12 + mov %rdx,%r12 + push %rbx + sub $16,%rsp + mov (%rdx),%rdx + mov (%rsi),%rax + mov 16(%rsi),%r11 + mov 24(%rsi),%r10 + xor %r13d,%r13d + mulx %rax,%rbx,%rax + mov %rbx,-48(%rbp) + mov 8(%rsi),%rbx + mulx %rbx,%rdx,%rcx + adox %rdx,%rax + mov (%r12),%rdx + mulx %r11,%rdx,%r9 + adox %rdx,%rcx + mov (%r12),%rdx + mulx %r10,%rdx,%r8 + adox %rdx,%r9 + adox %r13,%r8 + xor %r13d,%r13d + mov (%rsi),%r14 + mov 8(%r12),%rdx + mulx %r14,%r14,%r15 + adox %r14,%rax + adcx %r15,%rcx + mov %rax,-56(%rbp) + mulx %rbx,%r14,%rax + adox %r14,%rcx + adcx %rax,%r9 + mulx %r11,%r14,%rax + adox %r14,%r9 + adcx %rax,%r8 + mulx %r10,%rdx,%rax + adox %rdx,%r8 + mov 16(%r12),%rdx + adcx %r13,%rax + adox %r13,%rax + mov (%rsi),%r13 + xor %r15d,%r15d + mulx %r13,%r13,%r14 + adox %r13,%rcx + adcx %r14,%r9 + mulx %rbx,%r14,%r13 + adox %r14,%r9 + adcx %r13,%r8 + mulx %r11,%r14,%r13 + adox %r14,%r8 + adcx %r13,%rax + mov (%rsi),%rsi + mulx %r10,%rdx,%r13 + adox %rdx,%rax + adcx %r15,%r13 + mov 24(%r12),%rdx + adox %r15,%r13 + mulx %rsi,%r12,%rsi + xor %r14d,%r14d + adox %r12,%r9 + adcx %rsi,%r8 + mulx %rbx,%rsi,%rbx + adox %rsi,%r8 + adcx %rbx,%rax + mulx %r11,%r11,%rsi + mov -56(%rbp),%rbx + mov %rcx,16(%rdi) + adcx %rsi,%r13 + mov -48(%rbp),%rsi + mov %rbx,8(%rdi) + adox %r11,%rax + mov %r9,24(%rdi) + mov %r8,32(%rdi) + mov %rax,40(%rdi) + mulx %r10,%rdx,%r10 + adox %rdx,%r13 + adcx %r14,%r10 + mov %r13,48(%rdi) + adox %r14,%r10 + mov %rsi,(%rdi) + mov %r10,56(%rdi) + add $16,%rsp + pop %rbx + pop %r12 + pop %r13 + pop %r14 + pop %r15 + pop %rbp + ret + .endfn Mul4x4Adx,globl diff --git a/libc/nexgen32e/mul6x6adx.S b/libc/nexgen32e/mul6x6adx.S new file mode 100644 index 000000000..b90906014 --- /dev/null +++ b/libc/nexgen32e/mul6x6adx.S @@ -0,0 +1,182 @@ +/*-*- mode:unix-assembly; indent-tabs-mode:t; tab-width:8; coding:utf-8 -*-│ +│vi: set et ft=asm ts=8 tw=8 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ │ +│ Permission to use, copy, modify, and/or distribute this software for │ +│ any purpose with or without fee is hereby granted, provided that the │ +│ above copyright notice and this permission notice appear in all copies. │ +│ │ +│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ +│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ +│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ +│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ +│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ +│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ +│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ +│ PERFORMANCE OF THIS SOFTWARE. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/macros.internal.h" + +Mul6x6Adx: + push %rbp + mov %rsp,%rbp + .profilable + push %r15 + push %r14 + push %r13 + push %r12 + push %rbx + mov %rdx,%rbx + sub $24,%rsp + mov (%rdx),%rdx + xor %r8d,%r8d + mulx (%rsi),%rcx,%rax + mulx 8(%rsi),%rdx,%r12 + mov %rcx,-48(%rbp) + adox %rdx,%rax + mov (%rbx),%rdx + mulx 16(%rsi),%rdx,%r15 + adox %rdx,%r12 + mov (%rbx),%rdx + mulx 24(%rsi),%rdx,%r10 + adox %rdx,%r15 + mov (%rbx),%rdx + mulx 32(%rsi),%rdx,%r9 + adox %rdx,%r10 + mov (%rbx),%rdx + mulx 40(%rsi),%rdx,%rcx + adox %rdx,%r9 + mov 8(%rbx),%rdx + adox %r8,%rcx + mulx (%rsi),%r13,%r11 + xor %r8d,%r8d + adox %r13,%rax + adcx %r11,%r12 + mov %rax,-56(%rbp) + mulx 8(%rsi),%r11,%rax + adox %r11,%r12 + adcx %rax,%r15 + mov %r12,%r14 + mulx 16(%rsi),%r11,%rax + adox %r11,%r15 + adcx %rax,%r10 + mulx 24(%rsi),%r11,%rax + adox %r11,%r10 + adcx %rax,%r9 + mulx 32(%rsi),%r11,%rax + adox %r11,%r9 + adcx %rax,%rcx + mulx 40(%rsi),%rdx,%rax + adox %rdx,%rcx + adcx %r8,%rax + mov 16(%rbx),%rdx + adox %r8,%rax + mulx (%rsi),%r13,%r8 + xor %r11d,%r11d + adox %r13,%r14 + mov %r14,-64(%rbp) + adcx %r8,%r15 + mulx 8(%rsi),%r12,%r8 + adox %r12,%r15 + adcx %r8,%r10 + mulx 16(%rsi),%r12,%r8 + adox %r12,%r10 + adcx %r8,%r9 + mulx 24(%rsi),%r12,%r8 + adox %r12,%r9 + adcx %r8,%rcx + mulx 32(%rsi),%r12,%r8 + adox %r12,%rcx + adcx %r8,%rax + mulx 40(%rsi),%rdx,%r8 + adox %rdx,%rax + adcx %r11,%r8 + mov 24(%rbx),%rdx + adox %r11,%r8 + mulx (%rsi),%r13,%r11 + xor %r12d,%r12d + adox %r13,%r15 + adcx %r11,%r10 + mulx 8(%rsi),%r13,%r11 + adox %r13,%r10 + adcx %r11,%r9 + mulx 16(%rsi),%r13,%r11 + adox %r13,%r9 + adcx %r11,%rcx + mulx 24(%rsi),%r13,%r11 + adox %r13,%rcx + adcx %r11,%rax + mulx 32(%rsi),%r13,%r11 + adox %r13,%rax + adcx %r11,%r8 + mulx 40(%rsi),%rdx,%r11 + adox %rdx,%r8 + mov 32(%rbx),%rdx + adcx %r12,%r11 + mulx (%rsi),%r14,%r13 + adox %r12,%r11 + xor %r12d,%r12d + adox %r14,%r10 + adcx %r13,%r9 + mulx 8(%rsi),%r14,%r13 + adox %r14,%r9 + adcx %r13,%rcx + mulx 16(%rsi),%r14,%r13 + adox %r14,%rcx + adcx %r13,%rax + mulx 24(%rsi),%r14,%r13 + adox %r14,%rax + adcx %r13,%r8 + mulx 32(%rsi),%r14,%r13 + adox %r14,%r8 + adcx %r13,%r11 + mulx 40(%rsi),%rdx,%r13 + adox %rdx,%r11 + adcx %r12,%r13 + mov 40(%rbx),%rdx + adox %r12,%r13 + mulx (%rsi),%r14,%rbx + xor %r12d,%r12d + adox %r14,%r9 + adcx %rbx,%rcx + mulx 8(%rsi),%r14,%rbx + adox %r14,%rcx + adcx %rbx,%rax + mulx 16(%rsi),%r14,%rbx + adox %r14,%rax + adcx %rbx,%r8 + mulx 24(%rsi),%r14,%rbx + adox %r14,%r8 + adcx %rbx,%r11 + mulx 32(%rsi),%r14,%rbx + mulx 40(%rsi),%rsi,%rdx + adox %r14,%r11 + adcx %rbx,%r13 + adox %rsi,%r13 + adcx %r12,%rdx + adox %r12,%rdx + mov -48(%rbp),%rsi + mov -56(%rbp),%rbx + mov %r15,24(%rdi) + mov -64(%rbp),%r14 + mov %r13,80(%rdi) + mov %rbx,8(%rdi) + mov %r14,16(%rdi) + mov %rsi,(%rdi) + mov %r10,32(%rdi) + mov %r9,40(%rdi) + mov %rcx,48(%rdi) + mov %rax,56(%rdi) + mov %r8,64(%rdi) + mov %r11,72(%rdi) + mov %rdx,88(%rdi) + add $24,%rsp + pop %rbx + pop %r12 + pop %r13 + pop %r14 + pop %r15 + pop %rbp + ret + .endfn Mul6x6Adx,globl diff --git a/libc/nexgen32e/mul8x8.S b/libc/nexgen32e/mul8x8.S new file mode 100644 index 000000000..3ad62baf5 --- /dev/null +++ b/libc/nexgen32e/mul8x8.S @@ -0,0 +1,483 @@ +/*-*- mode:unix-assembly; indent-tabs-mode:t; tab-width:8; coding:utf-8 -*-│ +│vi: set et ft=asm ts=8 tw=8 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ │ +│ Permission to use, copy, modify, and/or distribute this software for │ +│ any purpose with or without fee is hereby granted, provided that the │ +│ above copyright notice and this permission notice appear in all copies. │ +│ │ +│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ +│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ +│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ +│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ +│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ +│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ +│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ +│ PERFORMANCE OF THIS SOFTWARE. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/macros.internal.h" + +/ Computes 1024-bit product of 512-bit and 512-bit numbers. +/ +/ Instructions: 262 +/ Total Cycles: 114 +/ Total uOps: 469 +/ Dispatch Width: 6 +/ uOps Per Cycle: 4.11 +/ IPC: 2.30 +/ Block RThroughput: 78.2 +/ +/ @param rdi receives 16 quadword result +/ @param rsi is left hand side which must have 8 quadwords +/ @param rdx is right hand side which must have 8 quadwords +/ @note words are host endian while array is little endian +/ @mayalias +Mul8x8Adx: + push %rbp + mov %rsp,%rbp + .profilable + push %r15 + push %r14 + push %r13 + push %r12 + mov %rdx,%r12 + push %rbx + sub $64,%rsp + mov (%rdx),%rdx + xor %r13d,%r13d + mulx (%rsi),%rax,%rcx + mov %rdi,-48(%rbp) + mov %rax,-56(%rbp) + mulx 8(%rsi),%rdx,%rax + adox %rdx,%rcx + mov (%r12),%rdx + mulx 16(%rsi),%rdx,%rbx + adox %rdx,%rax + mov (%r12),%rdx + mulx 24(%rsi),%rdx,%r11 + adox %rdx,%rbx + mov (%r12),%rdx + mulx 32(%rsi),%rdx,%r10 + adox %rdx,%r11 + mov (%r12),%rdx + mulx 40(%rsi),%rdx,%r9 + adox %rdx,%r10 + mov (%r12),%rdx + mulx 48(%rsi),%rdx,%r8 + adox %rdx,%r9 + mov (%r12),%rdx + mulx 56(%rsi),%rdx,%rdi + adox %rdx,%r8 + adox %r13,%rdi + xor %r13d,%r13d + mov 8(%r12),%rdx + mulx (%rsi),%r15,%r14 + adox %r15,%rcx + adcx %r14,%rax + mov %rcx,-64(%rbp) + mulx 8(%rsi),%r14,%rcx + adox %r14,%rax + adcx %rcx,%rbx + mulx 16(%rsi),%r14,%rcx + adox %r14,%rbx + adcx %rcx,%r11 + mulx 24(%rsi),%r14,%rcx + adox %r14,%r11 + adcx %rcx,%r10 + mulx 32(%rsi),%r14,%rcx + adox %r14,%r10 + adcx %rcx,%r9 + mulx 40(%rsi),%r14,%rcx + adox %r14,%r9 + adcx %rcx,%r8 + mulx 48(%rsi),%r14,%rcx + adox %r14,%r8 + adcx %rcx,%rdi + mulx 56(%rsi),%rdx,%rcx + adox %rdx,%rdi + adcx %r13,%rcx + mov 16(%r12),%rdx + adox %r13,%rcx + mulx (%rsi),%r15,%r14 + xor %r13d,%r13d + adox %r15,%rax + adcx %r14,%rbx + mov %rax,-72(%rbp) + mulx 8(%rsi),%r14,%rax + adox %r14,%rbx + adcx %rax,%r11 + mulx 16(%rsi),%r14,%rax + adox %r14,%r11 + adcx %rax,%r10 + mulx 24(%rsi),%r14,%rax + adox %r14,%r10 + adcx %rax,%r9 + mulx 32(%rsi),%r14,%rax + adox %r14,%r9 + adcx %rax,%r8 + mulx 40(%rsi),%r14,%rax + adox %r14,%r8 + adcx %rax,%rdi + mulx 48(%rsi),%r14,%rax + adox %r14,%rdi + adcx %rax,%rcx + mulx 56(%rsi),%rdx,%rax + adox %rdx,%rcx + adcx %r13,%rax + adox %r13,%rax + xor %r13d,%r13d + mov 24(%r12),%rdx + mulx (%rsi),%r15,%r14 + adox %r15,%rbx + adcx %r14,%r11 + mov %rbx,-80(%rbp) + mov %r11,%r15 + mulx 8(%rsi),%r14,%rbx + adox %r14,%r15 + adcx %rbx,%r10 + mulx 16(%rsi),%rbx,%r11 + adox %rbx,%r10 + adcx %r11,%r9 + mulx 24(%rsi),%rbx,%r11 + adox %rbx,%r9 + adcx %r11,%r8 + mulx 32(%rsi),%rbx,%r11 + adox %rbx,%r8 + adcx %r11,%rdi + mulx 40(%rsi),%rbx,%r11 + adox %rbx,%rdi + adcx %r11,%rcx + mulx 48(%rsi),%rbx,%r11 + adox %rbx,%rcx + adcx %r11,%rax + mulx 56(%rsi),%rdx,%r11 + adox %rdx,%rax + adcx %r13,%r11 + mov 32(%r12),%rdx + adox %r13,%r11 + xor %ebx,%ebx + mulx (%rsi),%r14,%r13 + adox %r14,%r15 + adcx %r13,%r10 + mov %r15,-88(%rbp) + mulx 8(%rsi),%r14,%r13 + mov %r10,%r15 + adcx %r13,%r9 + adox %r14,%r15 + mulx 16(%rsi),%r13,%r10 + adox %r13,%r9 + adcx %r10,%r8 + mulx 24(%rsi),%r13,%r10 + adcx %r10,%rdi + adox %r13,%r8 + mulx 32(%rsi),%r13,%r10 + adox %r13,%rdi + adcx %r10,%rcx + mulx 40(%rsi),%r13,%r10 + adox %r13,%rcx + adcx %r10,%rax + mulx 48(%rsi),%r13,%r10 + adox %r13,%rax + adcx %r10,%r11 + mulx 56(%rsi),%rdx,%r10 + adox %rdx,%r11 + adcx %rbx,%r10 + mov 40(%r12),%rdx + adox %rbx,%r10 + mulx (%rsi),%r14,%r13 + xor %ebx,%ebx + adox %r14,%r15 + mov %r15,-96(%rbp) + adcx %r13,%r9 + mulx 8(%rsi),%r14,%r13 + mov %r9,%r15 + adox %r14,%r15 + adcx %r13,%r8 + mulx 16(%rsi),%r13,%r9 + adox %r13,%r8 + adcx %r9,%rdi + mulx 24(%rsi),%r13,%r9 + adox %r13,%rdi + adcx %r9,%rcx + mulx 32(%rsi),%r13,%r9 + adox %r13,%rcx + adcx %r9,%rax + mulx 40(%rsi),%r13,%r9 + adox %r13,%rax + adcx %r9,%r11 + mulx 48(%rsi),%r13,%r9 + adox %r13,%r11 + adcx %r9,%r10 + mulx 56(%rsi),%rdx,%r9 + adox %rdx,%r10 + adcx %rbx,%r9 + adox %rbx,%r9 + xor %ebx,%ebx + mov 48(%r12),%rdx + mulx (%rsi),%r14,%r13 + adox %r14,%r15 + adcx %r13,%r8 + mov %r15,-104(%rbp) + mulx 8(%rsi),%r14,%r13 + mov %r8,%r15 + adcx %r13,%rdi + adox %r14,%r15 + mulx 16(%rsi),%r13,%r8 + adox %r13,%rdi + adcx %r8,%rcx + mulx 24(%rsi),%r13,%r8 + adox %r13,%rcx + adcx %r8,%rax + mulx 32(%rsi),%r13,%r8 + adox %r13,%rax + adcx %r8,%r11 + mulx 40(%rsi),%r13,%r8 + adox %r13,%r11 + adcx %r8,%r10 + mulx 48(%rsi),%r13,%r8 + adox %r13,%r10 + adcx %r8,%r9 + mulx 56(%rsi),%rdx,%r8 + adox %rdx,%r9 + mov 56(%r12),%rdx + adcx %rbx,%r8 + mulx (%rsi),%r13,%r12 + adox %rbx,%r8 + xor %ebx,%ebx + adox %r13,%r15 + adcx %r12,%rdi + mulx 8(%rsi),%r13,%r12 + adox %r13,%rdi + adcx %r12,%rcx + mulx 16(%rsi),%r13,%r12 + adox %r13,%rcx + adcx %r12,%rax + mulx 24(%rsi),%r13,%r12 + adox %r13,%rax + adcx %r12,%r11 + mulx 32(%rsi),%r13,%r12 + adox %r13,%r11 + adcx %r12,%r10 + mulx 40(%rsi),%r13,%r12 + adox %r13,%r10 + adcx %r12,%r9 + mulx 48(%rsi),%r13,%r12 + mulx 56(%rsi),%rsi,%rdx + adox %r13,%r9 + adcx %r12,%r8 + adox %rsi,%r8 + adcx %rbx,%rdx + mov -64(%rbp),%rsi + adox %rbx,%rdx + mov -48(%rbp),%rbx + mov -56(%rbp),%r14 + mov %rsi,8(%rbx) + mov -72(%rbp),%rsi + mov %r14,(%rbx) + mov %rsi,16(%rbx) + mov -80(%rbp),%rsi + mov %rsi,24(%rbx) + mov -88(%rbp),%rsi + mov %rsi,32(%rbx) + mov -96(%rbp),%rsi + mov %rsi,40(%rbx) + mov -104(%rbp),%rsi + mov %r15,56(%rbx) + mov %rsi,48(%rbx) + mov %rdi,64(%rbx) + mov %rcx,72(%rbx) + mov %rax,80(%rbx) + mov %r11,88(%rbx) + mov %r10,96(%rbx) + mov %r9,104(%rbx) + mov %r8,112(%rbx) + mov %rdx,120(%rbx) + add $64,%rsp + pop %rbx + pop %r12 + pop %r13 + pop %r14 + pop %r15 + pop %rbp + ret + .endfn Mul8x8Adx,globl + + .end +Timeline view: 0123456789 0123456789 0123456789 0123456789 +Index 0123456789 0123456789 0123456789 0123456789 +[0,0] DeeER. . . . . . . . . . . . . . . . pushq %r15 +[0,1] D==eeER . . . . . . . . . . . . . . . pushq %r14 +[0,2] .D===eeER . . . . . . . . . . . . . . . pushq %r13 +[0,3] .D=====eeER . . . . . . . . . . . . . . pushq %r12 +[0,4] . DeE-----R . . . . . . . . . . . . . . movq %rdx, %r12 +[0,5] . D======eeER . . . . . . . . . . . . . . pushq %rbx +[0,6] . D========eER . . . . . . . . . . . . . . subq $64, %rsp +[0,7] . DeeeeeE----R . . . . . . . . . . . . . . movq (%rdx), %rdx +[0,8] . D---------R . . . . . . . . . . . . . . xorl %r13d, %r13d +[0,9] . D====eeeeeeeeeER . . . . . . . . . . . . . mulxq (%rsi), %rax, %rcx +[0,10] . D======eE------R . . . . . . . . . . . . . movq %rdi, -48(%rbp) +[0,11] . D======eE-----R . . . . . . . . . . . . . movq %rax, -56(%rbp) +[0,12] . D====eeeeeeeeeER. . . . . . . . . . . . . mulxq 8(%rsi), %rdx, %rax +[0,13] . D============eER. . . . . . . . . . . . . adoxq %rdx, %rcx +[0,14] . DeeeeeE-------R. . . . . . . . . . . . . movq (%r12), %rdx +[0,15] . D=====eeeeeeeeeER . . . . . . . . . . . . mulxq 16(%rsi), %rdx, %rbx +[0,16] . D============eE-R . . . . . . . . . . . . adoxq %rdx, %rax +[0,17] . .DeeeeeE--------R . . . . . . . . . . . . movq (%r12), %rdx +[0,18] . .D=====eeeeeeeeeER . . . . . . . . . . . . mulxq 24(%rsi), %rdx, %r11 +[0,19] . .D=============eER . . . . . . . . . . . . adoxq %rdx, %rbx +[0,20] . . DeeeeeE--------R . . . . . . . . . . . . movq (%r12), %rdx +[0,21] . . D=====eeeeeeeeeER . . . . . . . . . . . . mulxq 32(%rsi), %rdx, %r10 +[0,22] . . D=============eER . . . . . . . . . . . . adoxq %rdx, %r11 +[0,23] . . DeeeeeE--------R . . . . . . . . . . . . movq (%r12), %rdx +[0,24] . . D=====eeeeeeeeeER. . . . . . . . . . . . mulxq 40(%rsi), %rdx, %r9 +[0,25] . . D=============eER. . . . . . . . . . . . adoxq %rdx, %r10 +[0,26] . . DeeeeeE--------R. . . . . . . . . . . . movq (%r12), %rdx +[0,27] . . D=====eeeeeeeeeER . . . . . . . . . . . mulxq 48(%rsi), %rdx, %r8 +[0,28] . . D=============eER . . . . . . . . . . . adoxq %rdx, %r9 +[0,29] . . DeeeeeE--------R . . . . . . . . . . . movq (%r12), %rdx +[0,30] . . D=====eeeeeeeeeER . . . . . . . . . . . mulxq 56(%rsi), %rdx, %rdi +[0,31] . . D=============eER . . . . . . . . . . . adoxq %rdx, %r8 +[0,32] . . .D=============eER . . . . . . . . . . . adoxq %r13, %rdi +[0,33] . . .D---------------R . . . . . . . . . . . xorl %r13d, %r13d +[0,34] . . .DeeeeeE---------R . . . . . . . . . . . movq 8(%r12), %rdx +[0,35] . . . D====eeeeeeeeeER . . . . . . . . . . . mulxq (%rsi), %r15, %r14 +[0,36] . . . D=======eE-----R . . . . . . . . . . . adoxq %r15, %rcx +[0,37] . . . D=============eER . . . . . . . . . . . adcxq %r14, %rax +[0,38] . . . D=======eE-----R . . . . . . . . . . . movq %rcx, -64(%rbp) +[0,39] . . . D====eeeeeeeeeER . . . . . . . . . . . mulxq 8(%rsi), %r14, %rcx +[0,40] . . . D=============eER. . . . . . . . . . . adoxq %r14, %rax +[0,41] . . . D=============eER . . . . . . . . . . adcxq %rcx, %rbx +[0,42] . . . D====eeeeeeeeeE-R . . . . . . . . . . mulxq 16(%rsi), %r14, %rcx +[0,43] . . . D==============eER . . . . . . . . . . adoxq %r14, %rbx +[0,44] . . . D==============eER . . . . . . . . . . adcxq %rcx, %r11 +[0,45] . . . D====eeeeeeeeeE--R . . . . . . . . . . mulxq 24(%rsi), %r14, %rcx +[0,46] . . . D===============eER . . . . . . . . . . adoxq %r14, %r11 +[0,47] . . . .D===============eER. . . . . . . . . . adcxq %rcx, %r10 +[0,48] . . . .D====eeeeeeeeeE---R. . . . . . . . . . mulxq 32(%rsi), %r14, %rcx +[0,49] . . . .D================eER . . . . . . . . . adoxq %r14, %r10 +[0,50] . . . . D================eER . . . . . . . . . adcxq %rcx, %r9 +[0,51] . . . . D====eeeeeeeeeE----R . . . . . . . . . mulxq 40(%rsi), %r14, %rcx +[0,52] . . . . D=================eER . . . . . . . . . adoxq %r14, %r9 +[0,53] . . . . D=================eER . . . . . . . . . adcxq %rcx, %r8 +[0,54] . . . . D====eeeeeeeeeE-----R . . . . . . . . . mulxq 48(%rsi), %r14, %rcx +[0,55] . . . . D==================eER. . . . . . . . . adoxq %r14, %r8 +[0,56] . . . . D==================eER . . . . . . . . adcxq %rcx, %rdi +[0,57] . . . . D====eeeeeeeeeE------R . . . . . . . . mulxq 56(%rsi), %rdx, %rcx +[0,58] . . . . D===================eER . . . . . . . . adoxq %rdx, %rdi +[0,59] . . . . D===================eER . . . . . . . . adcxq %r13, %rcx +[0,60] . . . . DeeeeeE---------------R . . . . . . . . movq 16(%r12), %rdx +[0,61] . . . . D====================eER . . . . . . . . adoxq %r13, %rcx +[0,62] . . . . .D====eeeeeeeeeE-------R . . . . . . . . mulxq (%rsi), %r15, %r14 +[0,63] . . . . .D---------------------R . . . . . . . . xorl %r13d, %r13d +[0,64] . . . . .D=======eE------------R . . . . . . . . adoxq %r15, %rax +[0,65] . . . . . D============eE------R . . . . . . . . adcxq %r14, %rbx +[0,66] . . . . . D=======eE-----------R . . . . . . . . movq %rax, -72(%rbp) +[0,67] . . . . . D====eeeeeeeeeE------R . . . . . . . . mulxq 8(%rsi), %r14, %rax +[0,68] . . . . . D============eE-----R . . . . . . . . adoxq %r14, %rbx +[0,69] . . . . . D=============eE----R . . . . . . . . adcxq %rax, %r11 +[0,70] . . . . . D====eeeeeeeeeE-----R . . . . . . . . mulxq 16(%rsi), %r14, %rax +[0,71] . . . . . D=============eE---R . . . . . . . . adoxq %r14, %r11 +[0,72] . . . . . D==============eE--R . . . . . . . . adcxq %rax, %r10 +[0,73] . . . . . D====eeeeeeeeeE----R . . . . . . . . mulxq 24(%rsi), %r14, %rax +[0,74] . . . . . D==============eE-R . . . . . . . . adoxq %r14, %r10 +[0,75] . . . . . D===============eER . . . . . . . . adcxq %rax, %r9 +[0,76] . . . . . D====eeeeeeeeeE---R . . . . . . . . mulxq 32(%rsi), %r14, %rax +[0,77] . . . . . .D===============eER. . . . . . . . adoxq %r14, %r9 +[0,78] . . . . . .D================eER . . . . . . . adcxq %rax, %r8 +[0,79] . . . . . .D====eeeeeeeeeE----R . . . . . . . mulxq 40(%rsi), %r14, %rax +[0,80] . . . . . . D================eER . . . . . . . adoxq %r14, %r8 +[0,81] . . . . . . D=================eER . . . . . . . adcxq %rax, %rdi +[0,82] . . . . . . D====eeeeeeeeeE-----R . . . . . . . mulxq 48(%rsi), %r14, %rax +[0,83] . . . . . . D=================eER . . . . . . . adoxq %r14, %rdi +[0,84] . . . . . . D==================eER. . . . . . . adcxq %rax, %rcx +[0,85] . . . . . . D====eeeeeeeeeE------R. . . . . . . mulxq 56(%rsi), %rdx, %rax +[0,86] . . . . . . D==================eER . . . . . . adoxq %rdx, %rcx +[0,87] . . . . . . D===================eER . . . . . . adcxq %r13, %rax +[0,88] . . . . . . D====================eER . . . . . . adoxq %r13, %rax +[0,89] . . . . . . D----------------------R . . . . . . xorl %r13d, %r13d +[0,90] . . . . . . DeeeeeE----------------R . . . . . . movq 24(%r12), %rdx +[0,91] . . . . . . D====eeeeeeeeeE-------R . . . . . . mulxq (%rsi), %r15, %r14 +[0,92] . . . . . . D===========eE--------R . . . . . . adoxq %r15, %rbx +[0,93] . . . . . . D=============eE------R . . . . . . adcxq %r14, %r11 +[0,94] . . . . . . .D===========eE-------R . . . . . . movq %rbx, -80(%rbp) +[0,95] . . . . . . .D=============eE-----R . . . . . . movq %r11, %r15 +[0,96] . . . . . . .D====eeeeeeeeeE------R . . . . . . mulxq 8(%rsi), %r14, %rbx +[0,97] . . . . . . . D=============eE----R . . . . . . adoxq %r14, %r15 +[0,98] . . . . . . . D==============eE---R . . . . . . adcxq %rbx, %r10 +[0,99] . . . . . . . D====eeeeeeeeeE-----R . . . . . . mulxq 16(%rsi), %rbx, %r11 +[0,100] . . . . . . . D==============eE--R . . . . . . adoxq %rbx, %r10 +[0,101] . . . . . . . D===============eE-R . . . . . . adcxq %r11, %r9 +[0,102] . . . . . . . D====eeeeeeeeeE----R . . . . . . mulxq 24(%rsi), %rbx, %r11 +[0,103] . . . . . . . D===============eER . . . . . . adoxq %rbx, %r9 +[0,104] . . . . . . . D================eER . . . . . . adcxq %r11, %r8 +[0,105] . . . . . . . D====eeeeeeeeeE----R . . . . . . mulxq 32(%rsi), %rbx, %r11 +[0,106] . . . . . . . D================eER. . . . . . adoxq %rbx, %r8 +[0,107] . . . . . . . D=================eER . . . . . adcxq %r11, %rdi +[0,108] . . . . . . . D====eeeeeeeeeE-----R . . . . . mulxq 40(%rsi), %rbx, %r11 +[0,109] . . . . . . . .D=================eER . . . . . adoxq %rbx, %rdi +[0,110] . . . . . . . .D==================eER . . . . . adcxq %r11, %rcx +[0,111] . . . . . . . .D====eeeeeeeeeE------R . . . . . mulxq 48(%rsi), %rbx, %r11 +[0,112] . . . . . . . . D==================eER . . . . . adoxq %rbx, %rcx +[0,113] . . . . . . . . D===================eER. . . . . adcxq %r11, %rax +[0,114] . . . . . . . . D====eeeeeeeeeE-------R. . . . . mulxq 56(%rsi), %rdx, %r11 +[0,115] . . . . . . . . D===================eER . . . . adoxq %rdx, %rax +[0,116] . . . . . . . . D====================eER . . . . adcxq %r13, %r11 +[0,117] . . . . . . . . DeeeeeE----------------R . . . . movq 32(%r12), %rdx +[0,118] . . . . . . . . D=====================eER . . . . adoxq %r13, %r11 +[0,119] . . . . . . . . D=====E-----------------R . . . . xorl %ebx, %ebx +[0,120] . . . . . . . . D====eeeeeeeeeE--------R . . . . mulxq (%rsi), %r14, %r13 +[0,121] . . . . . . . . D===========eE---------R . . . . adoxq %r14, %r15 +[0,122] . . . . . . . . D=============eE-------R . . . . adcxq %r13, %r10 +[0,123] . . . . . . . . D===========eE--------R . . . . movq %r15, -88(%rbp) +[0,124] . . . . . . . . D====eeeeeeeeeE-------R . . . . mulxq 8(%rsi), %r14, %r13 +[0,125] . . . . . . . . D=============eE------R . . . . movq %r10, %r15 +[0,126] . . . . . . . . .D============eE------R . . . . adcxq %r13, %r9 +[0,127] . . . . . . . . .D=============eE-----R . . . . adoxq %r14, %r15 +[0,128] . . . . . . . . .D====eeeeeeeeeE------R . . . . mulxq 16(%rsi), %r13, %r10 +[0,129] . . . . . . . . . D=============eE----R . . . . adoxq %r13, %r9 +[0,130] . . . . . . . . . D==============eE---R . . . . adcxq %r10, %r8 +[0,131] . . . . . . . . . D====eeeeeeeeeE-----R . . . . mulxq 24(%rsi), %r13, %r10 +[0,132] . . . . . . . . . D==============eE--R . . . . adcxq %r10, %rdi +[0,133] . . . . . . . . . D===============eE-R . . . . adoxq %r13, %r8 +[0,134] . . . . . . . . . D====eeeeeeeeeE----R . . . . mulxq 32(%rsi), %r13, %r10 +[0,135] . . . . . . . . . D===============eER . . . . adoxq %r13, %rdi +[0,136] . . . . . . . . . D================eER . . . . adcxq %r10, %rcx +[0,137] . . . . . . . . . D====eeeeeeeeeE----R . . . . mulxq 40(%rsi), %r13, %r10 +[0,138] . . . . . . . . . D================eER. . . . adoxq %r13, %rcx +[0,139] . . . . . . . . . D=================eER . . . adcxq %r10, %rax +[0,140] . . . . . . . . . D====eeeeeeeeeE-----R . . . mulxq 48(%rsi), %r13, %r10 +[0,141] . . . . . . . . . .D=================eER . . . adoxq %r13, %rax +[0,142] . . . . . . . . . .D==================eER . . . adcxq %r10, %r11 +[0,143] . . . . . . . . . .D====eeeeeeeeeE------R . . . mulxq 56(%rsi), %rdx, %r10 +[0,144] . . . . . . . . . . D==================eER . . . adoxq %rdx, %r11 +[0,145] . . . . . . . . . . D===================eER. . . adcxq %rbx, %r10 +[0,146] . . . . . . . . . . DeeeeeE---------------R. . . movq 40(%r12), %rdx +[0,147] . . . . . . . . . . D====================eER . . adoxq %rbx, %r10 +[0,148] . . . . . . . . . . D====eeeeeeeeeE-------R . . mulxq (%rsi), %r14, %r13 +[0,149] . . . . . . . . . . D---------------------R . . xorl %ebx, %ebx +[0,150] . . . . . . . . . . D============eE-------R . . adoxq %r14, %r15 +[0,151] . . . . . . . . . . D============eE------R . . movq %r15, -96(%rbp) +[0,152] . . . . . . . . . . D============eE------R . . adcxq %r13, %r9 +[0,153] . . . . . . . . . . D=====eeeeeeeeeE-----R . . mulxq 8(%rsi), %r14, %r13 +[0,154] . . . . . . . . . . D============eE-----R . . movq %r9, %r15 +[0,155] . . . . . . . . . . D=============eE----R . . adoxq %r14, %r15 +[0,156] . . . . . . . . . . D==============eE---R . . adcxq %r13, %r8 +[0,157] . . . . . . . . . . .D====eeeeeeeeeE----R . . mulxq 16(%rsi), %r13, %r9 +[0,158] . . . . . . . . . . .D==============eE--R . . adoxq %r13, %r8 +[0,159] . . . . . . . . . . .D===============eE-R . . adcxq %r9, %rdi +[0,160] . . . . . . . . . . . D====eeeeeeeeeE---R . . mulxq 24(%rsi), %r13, %r9 +[0,161] . . . . . . . . . . . D===============eER . . adoxq %r13, %rdi +[0,162] . . . . . . . . . . . D================eER . . adcxq %r9, %rcx +[0,163] . . . . . . . . . . . D====eeeeeeeeeE---R . . mulxq 32(%rsi), %r13, %r9 +[0,164] . . . . . . . . . . . D================eER . . adoxq %r13, %rcx +[0,165] . . . . . . . . . . . D=================eER . . adcxq %r9, %rax +[0,166] . . . . . . . . . . . D====eeeeeeeeeE----R . . mulxq 40(%rsi), %r13, %r9 +[0,167] . . . . . . . . . . . D=================eER. . adoxq %r13, %rax +[0,168] . . . . . . . . . . . D==================eER . adcxq %r9, %r11 +[0,169] . . . . . . . . . . . D====eeeeeeeeeE-----R . mulxq 48(%rsi), %r13, %r9 +[0,170] . . . . . . . . . . . D==================eER . adoxq %r13, %r11 +[0,171] . . . . . . . . . . . D===================eER . adcxq %r9, %r10 +[0,172] . . . . . . . . . . . .D====eeeeeeeeeE------R . mulxq 56(%rsi), %rdx, %r9 +[0,173] . . . . . . . . . . . .D===================eER. adoxq %rdx, %r10 +[0,174] . . . . . . . . . . . .D====================eER adcxq %rbx, %r9 diff --git a/libc/runtime/ftracer.c b/libc/runtime/ftracer.c index e1e0b255d..f3c58f250 100644 --- a/libc/runtime/ftracer.c +++ b/libc/runtime/ftracer.c @@ -104,7 +104,6 @@ privileged noasan void ftracer(void) { p = mempcpy(p, symbol, symbolsize); *p++ = ' '; p += uint64toarray_radix10((stamp - laststamp) / 3.3, p); - *p++ = '\r'; *p++ = '\n'; write(2, g_buf, p - g_buf); } diff --git a/libc/stdio/append.internal.h b/libc/stdio/append.internal.h new file mode 100644 index 000000000..9543050bb --- /dev/null +++ b/libc/stdio/append.internal.h @@ -0,0 +1,25 @@ +#ifndef COSMOPOLITAN_LIBC_STDIO_APPEND_INTERNAL_H_ +#define COSMOPOLITAN_LIBC_STDIO_APPEND_INTERNAL_H_ +#define APPEND_COOKIE 21578 +#if !(__ASSEMBLER__ + __LINKER__ + 0) +COSMOPOLITAN_C_START_ + +struct appendz { + size_t i; /* data size */ + size_t n; /* allocation size */ +}; + +int appendf(char **, const char *, ...); +int vappendf(char **, const char *, va_list); +int appends(char **, const char *); +int appendd(char **, const void *, size_t); +struct appendz appendz(char *); + +#if defined(__GNUC__) && !defined(__STRICT_ANSI__) +#define appendf(BUF, FMT, ...) (appendf)(BUF, PFLINK(FMT), ##__VA_ARGS__) +#define vappendf(BUF, FMT, VA) (vappendf)(BUF, PFLINK(FMT), VA) +#endif + +COSMOPOLITAN_C_END_ +#endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */ +#endif /* COSMOPOLITAN_LIBC_STDIO_APPEND_INTERNAL_H_ */ diff --git a/libc/stdio/appendd.c b/libc/stdio/appendd.c new file mode 100644 index 000000000..f418a68db --- /dev/null +++ b/libc/stdio/appendd.c @@ -0,0 +1,54 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ │ +│ Permission to use, copy, modify, and/or distribute this software for │ +│ any purpose with or without fee is hereby granted, provided that the │ +│ above copyright notice and this permission notice appear in all copies. │ +│ │ +│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ +│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ +│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ +│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ +│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ +│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ +│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ +│ PERFORMANCE OF THIS SOFTWARE. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/assert.h" +#include "libc/dce.h" +#include "libc/macros.internal.h" +#include "libc/mem/mem.h" +#include "libc/stdio/append.internal.h" +#include "libc/str/str.h" + +#define W sizeof(size_t) + +/** + * Appends raw data to buffer. + */ +int appendd(char **b, const void *s, size_t l) { + char *p; + struct appendz z; + z = appendz((p = *b)); + if (ROUNDUP(z.i + l + 1, 8) + W > z.n) { + if (!z.n) z.n = W * 2; + while (ROUNDUP(z.i + l + 1, 8) + W > z.n) z.n += z.n >> 1; + z.n = ROUNDUP(z.n, W); + if ((p = realloc(p, z.n))) { + z.n = malloc_usable_size(p); + assert(!(z.n & (W - 1))); + *b = p; + } else { + return -1; + } + } + memcpy(p + z.i, s, l + 1); + z.i += l; + if (!IsTiny() && W == 8) { + z.i |= (size_t)APPEND_COOKIE << 48; + } + *(size_t *)(p + z.n - W) = z.i; + return l; +} diff --git a/libc/stdio/appendf.c b/libc/stdio/appendf.c new file mode 100644 index 000000000..209675139 --- /dev/null +++ b/libc/stdio/appendf.c @@ -0,0 +1,31 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ │ +│ Permission to use, copy, modify, and/or distribute this software for │ +│ any purpose with or without fee is hereby granted, provided that the │ +│ above copyright notice and this permission notice appear in all copies. │ +│ │ +│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ +│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ +│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ +│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ +│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ +│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ +│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ +│ PERFORMANCE OF THIS SOFTWARE. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/stdio/append.internal.h" + +/** + * Appends formatted data to buffer. + */ +int(appendf)(char **b, const char *fmt, ...) { + int n; + va_list va; + va_start(va, fmt); + n = (vappendf)(b, fmt, va); + va_end(va); + return n; +} diff --git a/libc/stdio/appends.c b/libc/stdio/appends.c new file mode 100644 index 000000000..b42d86d6f --- /dev/null +++ b/libc/stdio/appends.c @@ -0,0 +1,27 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ │ +│ Permission to use, copy, modify, and/or distribute this software for │ +│ any purpose with or without fee is hereby granted, provided that the │ +│ above copyright notice and this permission notice appear in all copies. │ +│ │ +│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ +│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ +│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ +│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ +│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ +│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ +│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ +│ PERFORMANCE OF THIS SOFTWARE. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/stdio/append.internal.h" +#include "libc/str/str.h" + +/** + * Appends string to buffer. + */ +int appends(char **b, const char *s) { + return appendd(b, s, strlen(s)); +} diff --git a/libc/stdio/appendz.c b/libc/stdio/appendz.c new file mode 100644 index 000000000..b06c2ea9e --- /dev/null +++ b/libc/stdio/appendz.c @@ -0,0 +1,45 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ │ +│ Permission to use, copy, modify, and/or distribute this software for │ +│ any purpose with or without fee is hereby granted, provided that the │ +│ above copyright notice and this permission notice appear in all copies. │ +│ │ +│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ +│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ +│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ +│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ +│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ +│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ +│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ +│ PERFORMANCE OF THIS SOFTWARE. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/assert.h" +#include "libc/dce.h" +#include "libc/mem/mem.h" +#include "libc/stdio/append.internal.h" + +#define W sizeof(size_t) + +/** + * Returns size of append buffer. + */ +struct appendz appendz(char *p) { + struct appendz z; + if (p) { + z.n = malloc_usable_size(p); + assert(z.n >= W * 2 && !(z.n & (W - 1))); + z.i = *(size_t *)(p + z.n - W); + if (!IsTiny() && W == 8) { + assert((z.i >> 48) == APPEND_COOKIE); + z.i &= 0x0000ffffffffffff; + } + assert(z.n >= z.i); + } else { + z.i = 0; + z.n = 0; + } + return z; +} diff --git a/libc/stdio/stdout.c b/libc/stdio/stdout.c index 41227ad12..442971923 100644 --- a/libc/stdio/stdout.c +++ b/libc/stdio/stdout.c @@ -36,9 +36,15 @@ static textstartup void __stdout_init() { struct FILE *sf; sf = stdout; asm("" : "+r"(sf)); - if (IsWindows() || ischardev(pushpop(sf->fd))) { - sf->bufmode = _IOLBF; - } + /* + * Unlike other C libraries we don't bother calling fstat() to check + * if stdio is a character device and we instead choose to always line + * buffer it. We need it because there's no way to use the unbuffer + * command on a statically linked binary. This still goes fast. We + * value latency more than throughput, and stdio isn't the best api + * when the goal is throughput. + */ + sf->bufmode = _IOLBF; __fflush_register(sf); } diff --git a/libc/stdio/vappendf.c b/libc/stdio/vappendf.c new file mode 100644 index 000000000..4e2c03014 --- /dev/null +++ b/libc/stdio/vappendf.c @@ -0,0 +1,59 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ │ +│ Permission to use, copy, modify, and/or distribute this software for │ +│ any purpose with or without fee is hereby granted, provided that the │ +│ above copyright notice and this permission notice appear in all copies. │ +│ │ +│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ +│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ +│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ +│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ +│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ +│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ +│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ +│ PERFORMANCE OF THIS SOFTWARE. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/assert.h" +#include "libc/fmt/fmt.h" +#include "libc/macros.internal.h" +#include "libc/mem/mem.h" +#include "libc/stdio/append.internal.h" + +#define W sizeof(size_t) + +/** + * Appends data to buffer. + */ +int(vappendf)(char **b, const char *f, va_list v) { + char *p; + int r, s; + va_list w; + struct appendz z; + z = appendz((p = *b)); + va_copy(w, v); + if ((r = (vsnprintf)(p + z.i, z.n ? z.n - W - z.i : 0, f, v)) >= 0) { + if (ROUNDUP(z.i + r + 1, 8) + W > z.n) { + if (!z.n) z.n = W * 2; + while (ROUNDUP(z.i + r + 1, 8) + W > z.n) z.n += z.n >> 1; + z.n = ROUNDUP(z.n, W); + if ((p = realloc(p, z.n))) { + z.n = malloc_usable_size(p); + assert(!(z.n & (W - 1))); + s = (vsnprintf)(p + z.i, z.n - W - z.i, f, w); + assert(s == r); + *b = p; + } else { + va_end(w); + return -1; + } + } + z.i += r; + if (!IsTiny() && W == 8) z.i |= (size_t)APPEND_COOKIE << 48; + *(size_t *)(p + z.n - W) = z.i; + } + va_end(w); + return r; +} diff --git a/libc/str/memcasecmp.c b/libc/str/memcasecmp.c index a7ba7ac6d..645c0e634 100644 --- a/libc/str/memcasecmp.c +++ b/libc/str/memcasecmp.c @@ -16,6 +16,7 @@ │ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ │ PERFORMANCE OF THIS SOFTWARE. │ ╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/bits/bits.h" #include "libc/str/str.h" /** @@ -25,10 +26,23 @@ int memcasecmp(const void *p, const void *q, size_t n) { int c; size_t i; + uint64_t w; const unsigned char *a, *b; if ((a = p) != (b = q)) { for (i = 0; i < n; ++i) { - if ((c = kToLower[a[i]] - kToLower[b[i]])) { + while (i + 8 <= n) { + w = READ64LE(a); + w ^= READ64LE(b); + if (w) { + i += (unsigned)__builtin_ctzll(w) >> 3; + break; + } else { + i += 8; + } + } + if (i == n) { + break; + } else if ((c = kToLower[a[i]] - kToLower[b[i]])) { return c; } } diff --git a/net/http/gethttpheader.inc b/net/http/gethttpheader.inc index 2d9cc5079..f5fd11e93 100644 --- a/net/http/gethttpheader.inc +++ b/net/http/gethttpheader.inc @@ -72,7 +72,7 @@ static unsigned char gperf_downcase[256] = #ifndef GPERF_CASE_STRNCMP #define GPERF_CASE_STRNCMP 1 -static int +static inline int gperf_case_strncmp (register const char *s1, register const char *s2, register size_t n) { for (; n > 0;) diff --git a/net/http/parseip.c b/net/http/parseip.c index 29790607d..63c596e7b 100644 --- a/net/http/parseip.c +++ b/net/http/parseip.c @@ -30,13 +30,14 @@ int64_t ParseIp(const char *s, size_t n) { uint32_t x; int b, c, j; if (n == -1) n = s ? strlen(s) : 0; + if (!n) return -1; for (b = x = j = i = 0; i < n; ++i) { c = s[i] & 255; if (isdigit(c)) { b *= 10; b += c - '0'; - if (b > 255) return -1; } else if (c == '.') { + if (b > 255) return -1; x <<= 8; x |= b; b = 0; @@ -47,6 +48,5 @@ int64_t ParseIp(const char *s, size_t n) { } x <<= 8; x |= b; - if (j != 3) return -1; return x; } diff --git a/net/https/getsslcachefile.c b/net/https/getsslcachefile.c new file mode 100644 index 000000000..6023a471f --- /dev/null +++ b/net/https/getsslcachefile.c @@ -0,0 +1,37 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ │ +│ Permission to use, copy, modify, and/or distribute this software for │ +│ any purpose with or without fee is hereby granted, provided that the │ +│ above copyright notice and this permission notice appear in all copies. │ +│ │ +│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ +│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ +│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ +│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ +│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ +│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ +│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ +│ PERFORMANCE OF THIS SOFTWARE. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/bits/safemacros.internal.h" +#include "libc/fmt/fmt.h" +#include "libc/runtime/runtime.h" +#include "net/https/sslcache.h" + +/** + * Returns recommended path argument for CreateSslCache(). + * @return pointer to static memory + */ +char *GetSslCacheFile(void) { + static char sslcachefile[PATH_MAX + 1]; + if (snprintf(sslcachefile, sizeof(sslcachefile), "%s/%s.sslcache", + firstnonnull(getenv("TMPDIR"), "/tmp"), + getenv("USER")) <= PATH_MAX) { + return sslcachefile; + } else { + return 0; + } +} diff --git a/net/https/getsslroots.c b/net/https/getsslroots.c index 00d08127a..c80540cad 100644 --- a/net/https/getsslroots.c +++ b/net/https/getsslroots.c @@ -30,21 +30,7 @@ #include "net/https/https.h" #include "third_party/mbedtls/x509_crt.h" -STATIC_YOINK("zip_uri_support"); -STATIC_YOINK("usr/share/ssl/root/amazon.pem"); -STATIC_YOINK("usr/share/ssl/root/certum.pem"); -STATIC_YOINK("usr/share/ssl/root/comodo.pem"); -STATIC_YOINK("usr/share/ssl/root/digicert.pem"); -STATIC_YOINK("usr/share/ssl/root/dst.pem"); -STATIC_YOINK("usr/share/ssl/root/geotrust.pem"); -STATIC_YOINK("usr/share/ssl/root/globalsign.pem"); -STATIC_YOINK("usr/share/ssl/root/godaddy.pem"); -STATIC_YOINK("usr/share/ssl/root/google.pem"); -STATIC_YOINK("usr/share/ssl/root/isrg.pem"); -STATIC_YOINK("usr/share/ssl/root/quovadis.pem"); -STATIC_YOINK("usr/share/ssl/root/redbean.pem"); -STATIC_YOINK("usr/share/ssl/root/starfield.pem"); -STATIC_YOINK("usr/share/ssl/root/verisign.pem"); +STATIC_YOINK("ssl_root_support"); mbedtls_x509_crt *GetSslRoots(void) { int fd; diff --git a/net/https/https.h b/net/https/https.h index ec29672e2..dbacf4651 100644 --- a/net/https/https.h +++ b/net/https/https.h @@ -1,6 +1,7 @@ #ifndef COSMOPOLITAN_NET_HTTPS_HTTPS_H_ #define COSMOPOLITAN_NET_HTTPS_HTTPS_H_ #include "libc/time/struct/tm.h" +#include "third_party/mbedtls/ssl_ciphersuites.h" #include "third_party/mbedtls/x509_crt.h" #if !(__ASSEMBLER__ + __LINKER__ + 0) COSMOPOLITAN_C_START_ diff --git a/net/https/sslcache.c b/net/https/sslcache.c index 4344c72ff..acbcdc817 100644 --- a/net/https/sslcache.c +++ b/net/https/sslcache.c @@ -19,17 +19,24 @@ #include "libc/bits/bits.h" #include "libc/bits/safemacros.internal.h" #include "libc/calls/calls.h" +#include "libc/calls/struct/stat.h" +#include "libc/errno.h" #include "libc/log/check.h" #include "libc/log/log.h" #include "libc/macros.internal.h" #include "libc/nexgen32e/rdtsc.h" #include "libc/runtime/runtime.h" +#include "libc/str/str.h" #include "libc/sysv/consts/map.h" +#include "libc/sysv/consts/o.h" #include "libc/sysv/consts/prot.h" #include "net/https/sslcache.h" #include "third_party/mbedtls/ssl.h" #include "third_party/mbedtls/x509_crt.h" +#define PROT (PROT_READ | PROT_WRITE) +#define FLAGS MAP_SHARED + static uint32_t HashSslSession(mbedtls_ssl_session *session) { int i; uint32_t h; @@ -44,16 +51,46 @@ static uint32_t HashSslSession(mbedtls_ssl_session *session) { return h; } -struct SslCache *CreateSslCache(size_t bytes, int lifetime) { - struct SslCache *c; +static struct SslCache *OpenSslCache(const char *path, size_t size) { + int fd; + struct stat st; + struct SslCache *c = NULL; + if (path) { + if ((fd = open(path, O_RDWR | O_CREAT, 0600)) != -1) { + CHECK_NE(-1, fstat(fd, &st)); + if (st.st_size && st.st_size != size) { + WARNF("unlinking sslcache because size changed from %,zu to %,zu", + st.st_size, size); + unlink(path); + fd = open(path, O_RDWR | O_CREAT, 0600); + st.st_size = 0; + } + if (fd != -1) { + if (!st.st_size) CHECK_NE(-1, ftruncate(fd, size)); + c = mmap(0, size, PROT, FLAGS, fd, 0); + close(fd); + } + } else { + WARNF("sslcache open(%`'s) failed %s", path, strerror(errno)); + } + } + return c; +} + +struct SslCache *CreateSslCache(const char *path, size_t bytes, int lifetime) { size_t ents, size; + struct SslCache *c; + if (!bytes) bytes = 10 * 1024 * 1024; + if (lifetime <= 0) lifetime = 24 * 60 * 60; ents = rounddown2pow(MAX(2, bytes / sizeof(struct SslCacheEntry))); size = sizeof(struct SslCache) + sizeof(struct SslCacheEntry) * ents; size = ROUNDUP(size, FRAMESIZE); - CHECK_NE(MAP_FAILED, (c = mmap(NULL, size, PROT_READ | PROT_WRITE, - MAP_SHARED | MAP_ANONYMOUS, -1, 0))); - VERBOSEF("ssl cache %,zu bytes with %,u slots", size, ents); - c->lifetime = lifetime > 0 ? lifetime : 24 * 60 * 60; + c = OpenSslCache(path, size); + if (!c) c = mmap(0, size, PROT, FLAGS | MAP_ANONYMOUS, -1, 0); + CHECK_NE(MAP_FAILED, c); + VERBOSEF("opened %`'s %,zu bytes with %,u slots", + c ? path : "anonymous shared memory", size, ents); + c->lifetime = lifetime; c->size = size; c->mask = ents - 1; return c; @@ -72,6 +109,7 @@ int UncacheSslSession(void *data, mbedtls_ssl_session *session) { mbedtls_x509_crt *cert; struct SslCacheEntry *e; uint32_t i, hash, ticketlen; + LOGF("uncache"); cache = data; hash = HashSslSession(session); i = hash & cache->mask; @@ -85,12 +123,12 @@ int UncacheSslSession(void *data, mbedtls_ssl_session *session) { session->compression != e->session.compression || session->id_len != e->session.id_len || memcmp(session->id, e->session.id, e->session.id_len)) { - VERBOSEF("%u ssl cache collision", i); + VERBOSEF("%u sslcache collision", i); return 1; } ts = time(0); if (!(e->time <= ts && ts <= e->time + cache->lifetime)) { - DEBUGF("%u ssl cache expired", i); + DEBUGF("%u sslcache expired", i); lockcmpxchg(&e->tick, tick, 0); return 1; } @@ -114,7 +152,7 @@ int UncacheSslSession(void *data, mbedtls_ssl_session *session) { DEBUGF("%u restored ssl from cache", i); return 0; Contention: - WARNF("%u ssl cache contention 0x%08x", i, hash); + WARNF("%u sslcache contention 0x%08x", i, hash); mbedtls_x509_crt_free(cert); free(ticket); free(cert); @@ -159,10 +197,13 @@ int CacheSslSession(void *data, const mbedtls_ssl_session *session) { } e->hash = hash; e->time = time(0); - tick = unsignedsubtract(rdtsc(), kStartTsc); + tick = rdtsc(); asm volatile("" ::: "memory"); - if (lockcmpxchg(&e->pid, pid, 0)) { - DEBUGF("%u saved", i); + if (tick && lockcmpxchg(&e->pid, pid, 0)) { + DEBUGF("%u saved %s%s %`#.*s", i, + mbedtls_ssl_get_ciphersuite_name(session->ciphersuite), + session->compression ? " DEFLATE" : "", session->id_len, + session->id); e->tick = tick; return 0; } else { diff --git a/net/https/sslcache.h b/net/https/sslcache.h index 83e70a15a..996435cc4 100644 --- a/net/https/sslcache.h +++ b/net/https/sslcache.h @@ -21,10 +21,11 @@ struct SslCache { } p[]; }; -struct SslCache *CreateSslCache(size_t, int); +struct SslCache *CreateSslCache(const char *, size_t, int); void FreeSslCache(struct SslCache *); int UncacheSslSession(void *, mbedtls_ssl_session *); int CacheSslSession(void *, const mbedtls_ssl_session *); +char *GetSslCacheFile(void); COSMOPOLITAN_C_END_ #endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */ diff --git a/net/https/sslroots.c b/net/https/sslroots.c new file mode 100644 index 000000000..5ee79672f --- /dev/null +++ b/net/https/sslroots.c @@ -0,0 +1,37 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ │ +│ Permission to use, copy, modify, and/or distribute this software for │ +│ any purpose with or without fee is hereby granted, provided that the │ +│ above copyright notice and this permission notice appear in all copies. │ +│ │ +│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ +│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ +│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ +│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ +│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ +│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ +│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ +│ PERFORMANCE OF THIS SOFTWARE. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "net/https/https.h" + +STATIC_YOINK("zip_uri_support"); +STATIC_YOINK("usr/share/ssl/root/amazon.pem"); +STATIC_YOINK("usr/share/ssl/root/certum.pem"); +STATIC_YOINK("usr/share/ssl/root/comodo.pem"); +STATIC_YOINK("usr/share/ssl/root/digicert.pem"); +STATIC_YOINK("usr/share/ssl/root/dst.pem"); +STATIC_YOINK("usr/share/ssl/root/geotrust.pem"); +STATIC_YOINK("usr/share/ssl/root/globalsign.pem"); +STATIC_YOINK("usr/share/ssl/root/godaddy.pem"); +STATIC_YOINK("usr/share/ssl/root/google.pem"); +STATIC_YOINK("usr/share/ssl/root/isrg.pem"); +STATIC_YOINK("usr/share/ssl/root/quovadis.pem"); +STATIC_YOINK("usr/share/ssl/root/redbean.pem"); +STATIC_YOINK("usr/share/ssl/root/starfield.pem"); +STATIC_YOINK("usr/share/ssl/root/verisign.pem"); + +char ssl_root_support; diff --git a/test/libc/fmt/stripexts_test.c b/test/libc/fmt/stripexts_test.c new file mode 100644 index 000000000..60992d4d1 --- /dev/null +++ b/test/libc/fmt/stripexts_test.c @@ -0,0 +1,31 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ │ +│ Permission to use, copy, modify, and/or distribute this software for │ +│ any purpose with or without fee is hereby granted, provided that the │ +│ above copyright notice and this permission notice appear in all copies. │ +│ │ +│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ +│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ +│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ +│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ +│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ +│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ +│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ +│ PERFORMANCE OF THIS SOFTWARE. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/fmt/conv.h" +#include "libc/fmt/fmt.h" +#include "libc/testlib/testlib.h" + +TEST(stripexts, test) { + char s[] = "foo/bar.com.dbg"; + EXPECT_STREQ("foo/bar", stripexts(s)); +} + +TEST(stripexts, test2) { + char s[] = "foo/bar.com.dbg"; + EXPECT_STREQ("bar", stripexts(basename(s))); +} diff --git a/test/libc/stdio/vappendf_test.c b/test/libc/stdio/vappendf_test.c new file mode 100644 index 000000000..b1fbef240 --- /dev/null +++ b/test/libc/stdio/vappendf_test.c @@ -0,0 +1,62 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ │ +│ Permission to use, copy, modify, and/or distribute this software for │ +│ any purpose with or without fee is hereby granted, provided that the │ +│ above copyright notice and this permission notice appear in all copies. │ +│ │ +│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ +│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ +│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ +│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ +│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ +│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ +│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ +│ PERFORMANCE OF THIS SOFTWARE. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/stdio/append.internal.h" +#include "libc/testlib/ezbench.h" +#include "libc/testlib/testlib.h" + +TEST(vappendf, test) { + char *b = 0; + appendf(&b, "hello "); + EXPECT_EQ(6, appendz(b).i); + EXPECT_EQ(6, strlen(b)); // guarantees nul terminator + appendf(&b, " world\n"); + EXPECT_EQ(13, appendz(b).i); + EXPECT_EQ(13, strlen(b)); + appendd(&b, "\0", 1); // supports binary + EXPECT_EQ(14, appendz(b).i); + EXPECT_EQ(13, strlen(b)); + EXPECT_EQ(0, b[13]); + EXPECT_EQ(0, b[14]); + EXPECT_STREQ("hello world\n", b); + free(b); +} + +TEST(vappends, test) { + char *b = 0; + appends(&b, "hello "); + EXPECT_EQ(6, appendz(b).i); + EXPECT_EQ(6, strlen(b)); // guarantees nul terminator + appends(&b, " world\n"); + EXPECT_EQ(13, appendz(b).i); + EXPECT_EQ(13, strlen(b)); + EXPECT_EQ(0, b[13]); + EXPECT_STREQ("hello world\n", b); + free(b); +} + +BENCH(vappendf, bench) { + const char t[] = {0}; + char *b = 0; + EZBENCH2("appendf", donothing, appendf(&b, "1")); + free(b), b = 0; + EZBENCH2("appends", donothing, appends(&b, "1")); + free(b), b = 0; + EZBENCH2("appendd", donothing, appendd(&b, t, 1)); + free(b); +} diff --git a/test/libc/str/memcasecmp_test.c b/test/libc/str/memcasecmp_test.c new file mode 100644 index 000000000..3c2bf3035 --- /dev/null +++ b/test/libc/str/memcasecmp_test.c @@ -0,0 +1,39 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ │ +│ Permission to use, copy, modify, and/or distribute this software for │ +│ any purpose with or without fee is hereby granted, provided that the │ +│ above copyright notice and this permission notice appear in all copies. │ +│ │ +│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ +│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ +│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ +│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ +│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ +│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ +│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ +│ PERFORMANCE OF THIS SOFTWARE. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/mem/mem.h" +#include "libc/runtime/gc.internal.h" +#include "libc/str/str.h" +#include "libc/testlib/ezbench.h" +#include "libc/testlib/hyperion.h" +#include "libc/testlib/testlib.h" + +TEST(memcasecmp, test) { + EXPECT_EQ(0, memcasecmp("HELLOHELLO", "hellohello", 10)); + EXPECT_EQ(-17, memcasecmp("HELLOHELLO", "yelloyello", 10)); + EXPECT_EQ(-17, memcasecmp("HELLOHELLO", "YELLOYELLO", 10)); + EXPECT_EQ(+17, memcasecmp("yelloyello", "HELLOHELLO", 10)); + EXPECT_EQ(0, memcasecmp("\0ELLo\0ELLo", "\0ELLO\0ELLO", 10)); + EXPECT_NE(0, memcasecmp("\0ELLo\0ELLo", "\0ELL-\0ELL-", 10)); +} + +BENCH(memcasecmp, bench) { + volatile char *copy = gc(strdup(kHyperion)); + EZBENCH2("memcasecmp", donothing, + EXPROPRIATE(memcasecmp(kHyperion, copy, kHyperionSize))); +} diff --git a/test/libc/str/strcmp_test.c b/test/libc/str/strcmp_test.c index c642e0755..19a4b076d 100644 --- a/test/libc/str/strcmp_test.c +++ b/test/libc/str/strcmp_test.c @@ -16,6 +16,7 @@ │ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ │ PERFORMANCE OF THIS SOFTWARE. │ ╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/assert.h" #include "libc/bits/bits.h" #include "libc/dce.h" #include "libc/macros.internal.h" @@ -27,6 +28,7 @@ #include "libc/stdio/stdio.h" #include "libc/str/str.h" #include "libc/testlib/ezbench.h" +#include "libc/testlib/hyperion.h" #include "libc/testlib/testlib.h" int (*memcmpi)(const void *, const void *, size_t) = memcmp; @@ -602,3 +604,12 @@ BENCH(bench_01_strcasecmp, bench) { longstringislong_dupe(size, data, dupe), EXPROPRIATE(strcasecmp_pure(VEIL("r", data), VEIL("r", dupe)))); } + +BENCH(memcmp, bench) { + volatile char *copy = gc(strdup(kHyperion)); + EZBENCH2("memcmp big", donothing, + EXPROPRIATE(memcmp(kHyperion, copy, kHyperionSize))); + copy = gc(strdup("tought little ship")); + EZBENCH2("memcmp 19", donothing, + EXPROPRIATE(memcmp("tought little ship", copy, 19))); +} diff --git a/test/net/http/isacceptablehost_test.c b/test/net/http/isacceptablehost_test.c index 115d7db21..fbe3df305 100644 --- a/test/net/http/isacceptablehost_test.c +++ b/test/net/http/isacceptablehost_test.c @@ -57,38 +57,6 @@ TEST(IsAcceptablePort, test) { EXPECT_FALSE(IsAcceptablePort("http", -1)); } -TEST(ParseIp, test) { - EXPECT_EQ(-1, ParseIp("", -1)); - EXPECT_EQ(0x00000000, ParseIp("0.0.0.0", -1)); - EXPECT_EQ(0x01020304, ParseIp("1.2.3.4", -1)); - EXPECT_EQ(0x80020304, ParseIp("128.2.3.4", -1)); - EXPECT_EQ(0xFFFFFFFF, ParseIp("255.255.255.255", -1)); - EXPECT_EQ(0xcb007100, ParseIp("203.0.113.0", -1)); - EXPECT_EQ(0x00000000, ParseIp("...", -1)); /* meh */ - EXPECT_EQ(-1, ParseIp("128.2..3.4", -1)); - EXPECT_EQ(-1, ParseIp("1.2.3", -1)); - EXPECT_EQ(-1, ParseIp("256.255.255.255", -1)); - EXPECT_EQ(-1, ParseIp("1.2.3.4.5", -1)); - EXPECT_EQ(-1, ParseIp("1.2.3.4.5.arpa", -1)); - EXPECT_EQ(-1, ParseIp("255.255.255", -1)); - EXPECT_EQ(-1, ParseIp("hello", -1)); - EXPECT_EQ(-1, ParseIp("hello\177", -1)); - EXPECT_EQ(-1, ParseIp("hello.example\300\200", -1)); - EXPECT_EQ(-1, ParseIp(".", -1)); - EXPECT_EQ(-1, ParseIp(".e", -1)); - EXPECT_EQ(-1, ParseIp("e.", -1)); - EXPECT_EQ(-1, ParseIp(".hi.example", -1)); - EXPECT_EQ(-1, ParseIp("hi..example", -1)); - EXPECT_EQ(-1, ParseIp("hi-there.example", -1)); - EXPECT_EQ(-1, ParseIp("_there.example", -1)); - EXPECT_EQ(-1, ParseIp("-there.example", -1)); - EXPECT_EQ(-1, ParseIp("there-.example", -1)); - EXPECT_EQ(-1, ParseIp("ther#e.example", -1)); - EXPECT_EQ(-1, ParseIp("localhost", -1)); - EXPECT_EQ(-1, ParseIp("hello.example", -1)); - EXPECT_EQ(-1, ParseIp("hello..example", -1)); -} - BENCH(IsAcceptableHost, bench) { uint32_t ip; uint16_t port; diff --git a/test/net/http/parseip_test.c b/test/net/http/parseip_test.c new file mode 100644 index 000000000..9fe334193 --- /dev/null +++ b/test/net/http/parseip_test.c @@ -0,0 +1,49 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ │ +│ Permission to use, copy, modify, and/or distribute this software for │ +│ any purpose with or without fee is hereby granted, provided that the │ +│ above copyright notice and this permission notice appear in all copies. │ +│ │ +│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ +│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ +│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ +│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ +│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ +│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ +│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ +│ PERFORMANCE OF THIS SOFTWARE. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/testlib/testlib.h" +#include "net/http/http.h" + +TEST(ParseIp, test) { + EXPECT_EQ(-1, ParseIp("", -1)); + EXPECT_EQ(0x00000000, ParseIp("0.0.0.0", -1)); + EXPECT_EQ(0x01020304, ParseIp("1.2.3.4", -1)); + EXPECT_EQ(0x01020304, ParseIp("16909060", -1)); + EXPECT_EQ(0x80020304, ParseIp("128.2.3.4", -1)); + EXPECT_EQ(0xFFFFFFFF, ParseIp("255.255.255.255", -1)); + EXPECT_EQ(0xcb007100, ParseIp("203.0.113.0", -1)); + EXPECT_EQ(0x00000000, ParseIp("...", -1)); /* meh */ + EXPECT_EQ(0x80000304, ParseIp("128.0.3.4", -1)); + EXPECT_EQ(0x80000304, ParseIp("128..3.4", -1)); + EXPECT_EQ(-1, ParseIp("256.255.255.255", -1)); + EXPECT_EQ(-1, ParseIp("hello", -1)); + EXPECT_EQ(-1, ParseIp("hello\177", -1)); + EXPECT_EQ(-1, ParseIp("hello.example\300\200", -1)); + EXPECT_EQ(-1, ParseIp(".e", -1)); + EXPECT_EQ(-1, ParseIp("e.", -1)); + EXPECT_EQ(-1, ParseIp(".hi.example", -1)); + EXPECT_EQ(-1, ParseIp("hi..example", -1)); + EXPECT_EQ(-1, ParseIp("hi-there.example", -1)); + EXPECT_EQ(-1, ParseIp("_there.example", -1)); + EXPECT_EQ(-1, ParseIp("-there.example", -1)); + EXPECT_EQ(-1, ParseIp("there-.example", -1)); + EXPECT_EQ(-1, ParseIp("ther#e.example", -1)); + EXPECT_EQ(-1, ParseIp("localhost", -1)); + EXPECT_EQ(-1, ParseIp("hello.example", -1)); + EXPECT_EQ(-1, ParseIp("hello..example", -1)); +} diff --git a/test/net/http/test.mk b/test/net/http/test.mk index ab4bd4845..c07da4234 100644 --- a/test/net/http/test.mk +++ b/test/net/http/test.mk @@ -28,10 +28,6 @@ TEST_NET_HTTP_DIRECTDEPS = \ TEST_NET_HTTP_DEPS := \ $(call uniq,$(foreach x,$(TEST_NET_HTTP_DIRECTDEPS),$($(x)))) -o/$(MODE)/test/net/http/joyent_test.o: \ - OVERRIDE_CPPFLAGS += \ - -DSTACK_FRAME_UNLIMITED - o/$(MODE)/test/net/http/http.pkg: \ $(TEST_NET_HTTP_OBJS) \ $(foreach x,$(TEST_NET_HTTP_DIRECTDEPS),$($(x)_A).pkg) diff --git a/test/net/https/getciphersuite_test.c b/test/net/https/getciphersuite_test.c new file mode 100644 index 000000000..e5d937f1c --- /dev/null +++ b/test/net/https/getciphersuite_test.c @@ -0,0 +1,72 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ │ +│ Permission to use, copy, modify, and/or distribute this software for │ +│ any purpose with or without fee is hereby granted, provided that the │ +│ above copyright notice and this permission notice appear in all copies. │ +│ │ +│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ +│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ +│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ +│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ +│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ +│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ +│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ +│ PERFORMANCE OF THIS SOFTWARE. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/testlib/testlib.h" +#include "third_party/mbedtls/config.h" +#include "third_party/mbedtls/ssl_ciphersuites.h" + +int GetCipherId(const char *s) { + const mbedtls_ssl_ciphersuite_t *c; + if ((c = GetCipherSuite(s))) { + return c->id; + } else { + return -1; + } +} + +#ifdef MBEDTLS_CIPHER_MODE_CBC +TEST(GetCipherSuite, theOlde) { + EXPECT_EQ(0x002F, GetCipherId("RSA-AES128-CBC-SHA")); // Cosmo + EXPECT_EQ(0x002F, GetCipherId("TLS_RSA_AES_128_CBC_SHA1")); // GnuTLS + EXPECT_EQ(0x002F, GetCipherId("TLS_RSA_WITH_AES_128_CBC_SHA")); // IANA + // EXPECT_EQ(0x002F, GetCipherId("AES128-SHA")); // OpenSSL +} +#endif + +#ifdef MBEDTLS_DES_C +TEST(GetCipherSuite, theAncient) { + EXPECT_EQ(0x000A, GetCipherId("RSA-3DES-EDE-CBC-SHA")); // Cosmo + EXPECT_EQ(0x000A, GetCipherId("TLS_RSA_3DES_EDE_CBC_SHA1")); // GnuTLS + EXPECT_EQ(0x000A, GetCipherId("TLS_RSA_WITH_3DES_EDE_CBC_SHA")); // IANA + // EXPECT_EQ(0x000A, GetCipherId("DES-CBC3-SHA")); +} +#endif + +#ifdef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +TEST(GetCipherSuite, theUltimo) { + EXPECT_EQ(0xC02C, GetCipherId("ECDHE-ECDSA-AES256-GCM-SHA384")); + EXPECT_EQ(0xC02C, GetCipherId("ECDHE-ECDSA-WITH-AES-256-GCM-SHA384")); + EXPECT_EQ(0xC02C, GetCipherId("TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384")); + EXPECT_EQ(0xC02C, GetCipherId("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384")); +} +#endif + +#ifdef MBEDTLS_CHACHAPOLY_C +TEST(GetCipherSuite, arcfourReborn) { + EXPECT_EQ(0xCCA8, GetCipherId("ECDHE-RSA-CHACHA20-POLY1305-SHA256")); + EXPECT_EQ(0xCCA8, GetCipherId("TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256")); + // EXPECT_EQ(0xCCA8, GetCipherId("TLS_ECDHE_RSA_CHACHA20_POLY1305")); + // EXPECT_EQ(0xCCA8, GetCipherId("ECDHE-RSA-CHACHA20-POLY1305")); +} +#endif + +TEST(GetCipherSuite, forTheeNotForMe) { + EXPECT_EQ(0x0004, GetCipherId("RSA-RC4-128-MD5")); // Cosmo + EXPECT_EQ(0x0004, GetCipherId("TLS_RSA_WITH_RC4_128_MD5")); // IANA + // EXPECT_EQ(0x0004, GetCipherId("TLS_RSA_ARCFOUR_128_MD5")); +} diff --git a/test/net/https/mbedtls_test.c b/test/net/https/mbedtls_test.c new file mode 100644 index 000000000..3cb664029 --- /dev/null +++ b/test/net/https/mbedtls_test.c @@ -0,0 +1,1114 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ │ +│ Permission to use, copy, modify, and/or distribute this software for │ +│ any purpose with or without fee is hereby granted, provided that the │ +│ above copyright notice and this permission notice appear in all copies. │ +│ │ +│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ +│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ +│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ +│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ +│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ +│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ +│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ +│ PERFORMANCE OF THIS SOFTWARE. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/bits/bits.h" +#include "libc/bits/bswap.h" +#include "libc/macros.internal.h" +#include "libc/nexgen32e/nexgen32e.h" +#include "libc/nexgen32e/x86feature.h" +#include "libc/nt/typedef/imagetlscallback.h" +#include "libc/rand/rand.h" +#include "libc/runtime/gc.internal.h" +#include "libc/runtime/runtime.h" +#include "libc/testlib/ezbench.h" +#include "libc/testlib/hyperion.h" +#include "libc/testlib/testlib.h" +#include "libc/x/x.h" +#include "third_party/mbedtls/aes.h" +#include "third_party/mbedtls/base64.h" +#include "third_party/mbedtls/bignum.h" +#include "third_party/mbedtls/bignum_internal.h" +#include "third_party/mbedtls/chacha20.h" +#include "third_party/mbedtls/chachapoly.h" +#include "third_party/mbedtls/ctr_drbg.h" +#include "third_party/mbedtls/des.h" +#include "third_party/mbedtls/dhm.h" +#include "third_party/mbedtls/ecp.h" +#include "third_party/mbedtls/entropy.h" +#include "third_party/mbedtls/error.h" +#include "third_party/mbedtls/gcm.h" +#include "third_party/mbedtls/hmac_drbg.h" +#include "third_party/mbedtls/math.h" +#include "third_party/mbedtls/md5.h" +#include "third_party/mbedtls/memory_buffer_alloc.h" +#include "third_party/mbedtls/nist_kw.h" +#include "third_party/mbedtls/pkcs5.h" +#include "third_party/mbedtls/poly1305.h" +#include "third_party/mbedtls/profile.h" +#include "third_party/mbedtls/rsa.h" +#include "third_party/mbedtls/select.h" +#include "third_party/mbedtls/sha1.h" +#include "third_party/mbedtls/sha256.h" +#include "third_party/mbedtls/sha512.h" +#include "third_party/mbedtls/x509.h" +#include "third_party/quickjs/libbf.h" + +uint64_t rng[12]; +mbedtls_ecp_group grp; + +int GetEntropy(void *c, unsigned char *p, size_t n) { + rngset(p, n, rand64, -1); + return 0; +} + +void SetUp(void) { + rngset(rng, sizeof(rng), rand64, -1); +} + +#ifdef MBEDTLS_SELF_TEST +TEST(mbedtls, selfTest) { +#ifdef MBEDTLS_DES_C + EXPECT_EQ(0, mbedtls_des_self_test(0)); +#endif +#ifdef MBEDTLS_CTR_DRBG_C + EXPECT_EQ(0, mbedtls_ctr_drbg_self_test(0)); +#endif +#ifdef MBEDTLS_HMAC_DRBG_C + EXPECT_EQ(0, mbedtls_hmac_drbg_self_test(0)); +#endif +#ifdef MBEDTLS_ENTROPY_C + EXPECT_EQ(0, mbedtls_entropy_self_test(0)); +#endif +#ifdef MBEDTLS_POLY1305_C + EXPECT_EQ(0, mbedtls_poly1305_self_test(0)); +#endif +#ifdef MBEDTLS_RSA_C + EXPECT_EQ(0, mbedtls_rsa_self_test(0)); +#endif +#ifdef MBEDTLS_BIGNUM_C + EXPECT_EQ(0, mbedtls_mpi_self_test(0)); +#endif +#ifdef MBEDTLS_PKCS5_C + EXPECT_EQ(0, mbedtls_pkcs5_self_test(0)); +#endif +#ifdef MBEDTLS_DHM_C + EXPECT_EQ(0, mbedtls_dhm_self_test(0)); +#endif +#ifdef MBEDTLS_GCM_C + EXPECT_EQ(0, mbedtls_gcm_self_test(0)); +#endif +#ifdef MBEDTLS_X509_USE_C + EXPECT_EQ(0, mbedtls_x509_self_test(0)); +#endif +#ifdef MBEDTLS_CHACHA20_C + EXPECT_EQ(0, mbedtls_chacha20_self_test(0)); +#endif +#ifdef MBEDTLS_CHACHAPOLY_C + EXPECT_EQ(0, mbedtls_chachapoly_self_test(0)); +#endif +#ifdef MBEDTLS_MEMORY_BUFFER_ALLOC_C + EXPECT_EQ(0, mbedtls_memory_buffer_alloc_self_test(0)); +#endif +#ifdef MBEDTLS_AES_C + EXPECT_EQ(0, mbedtls_aes_self_test(0)); +#endif +#ifdef MBEDTLS_BASE64_C + EXPECT_EQ(0, mbedtls_base64_self_test(0)); +#endif +#ifdef MBEDTLS_ECP_C + EXPECT_EQ(0, mbedtls_ecp_self_test(0)); +#endif +#ifdef MBEDTLS_MD5_C + EXPECT_EQ(0, mbedtls_md5_self_test(0)); +#endif +#ifdef MBEDTLS_SHA1_C + EXPECT_EQ(0, mbedtls_sha1_self_test(0)); +#endif +#ifdef MBEDTLS_SHA256_C + EXPECT_EQ(0, mbedtls_sha256_self_test(0)); +#endif +#ifdef MBEDTLS_SHA512_C + EXPECT_EQ(0, mbedtls_sha512_self_test(0)); +#endif +#ifdef MBEDTLS_NIST_KW_C + EXPECT_EQ(0, mbedtls_nist_kw_self_test(0)); +#endif +} +#endif /* MBEDTLS_SELF_TEST */ + +static void P256_MPI(mbedtls_mpi *N) { + memcpy(N->p, rng, 8 * 8); + ASSERT_EQ(0, mbedtls_mpi_mod_mpi(N, N, &grp.P)); +} + +static void P256_JUSTINE(mbedtls_mpi *N) { + memcpy(N->p, rng, 8 * 8); + ecp_mod_p256(N); +} + +static void P384_MPI(mbedtls_mpi *N) { + memcpy(N->p, rng, 8 * 8); + ASSERT_EQ(0, mbedtls_mpi_mod_mpi(N, N, &grp.P)); +} + +static void P384_JUSTINE(mbedtls_mpi *N) { + memcpy(N->p, rng, 8 * 8); + ecp_mod_p384(N); +} + +BENCH(p256, bench) { +#ifdef MBEDTLS_ECP_C + mbedtls_ecp_group_init(&grp); + mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_SECP256R1); + mbedtls_mpi x = {1, 8, gc(calloc(8, 8))}; + EZBENCH2("P-256 modulus MbedTLS MPI lib", donothing, P256_MPI(&x)); + EZBENCH2("P-256 modulus Justine rewrite", donothing, P256_JUSTINE(&x)); + mbedtls_ecp_group_free(&grp); +#endif +} + +BENCH(p384, bench) { +#ifdef MBEDTLS_ECP_C + mbedtls_ecp_group_init(&grp); + mbedtls_ecp_group_load(&grp, MBEDTLS_ECP_DP_SECP384R1); + mbedtls_mpi x = {1, 12, gc(calloc(12, 8))}; + EZBENCH2("P-384 modulus MbedTLS MPI lib", donothing, P384_MPI(&x)); + EZBENCH2("P-384 modulus Justine rewrite", donothing, P384_JUSTINE(&x)); + rngset(x.p, 12 * 8, rand64, -1); + mbedtls_ecp_group_free(&grp); +#endif +} + +TEST(md5, test) { + uint8_t d[16]; + uint8_t want[16] = {0x90, 0x01, 0x50, 0x98, 0x3C, 0xD2, 0x4F, 0xB0, + 0xD6, 0x96, 0x3F, 0x7D, 0x28, 0xE1, 0x7F, 0x72}; + mbedtls_md5_ret("abc", 3, d); + EXPECT_EQ(0, memcmp(want, d, 16)); +} + +TEST(sha1, test) { + uint8_t d[20]; + uint8_t want[20] = {0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, + 0x6A, 0xBA, 0x3E, 0x25, 0x71, 0x78, 0x50, + 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D}; + mbedtls_sha1_ret("abc", 3, d); + EXPECT_EQ(0, memcmp(want, d, 20)); +} + +TEST(sha224, test) { + uint8_t d[28]; + uint8_t want[28] = {0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, + 0x22, 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, + 0x55, 0xB3, 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, + 0xA0, 0xB3, 0xF7, 0xE3, 0x6C, 0x9D, 0xA7}; + mbedtls_sha256_ret("abc", 3, d, 1); + EXPECT_EQ(0, memcmp(want, d, 28)); +} + +TEST(sha256, test) { + uint8_t d[32]; + uint8_t want[32] = {0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA, + 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23, + 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C, + 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD}; + mbedtls_sha256_ret("abc", 3, d, 0); + EXPECT_EQ(0, memcmp(want, d, 32)); +} + +TEST(sha384, test) { + uint8_t d[48]; + uint8_t want[48] = { + 0xCB, 0x00, 0x75, 0x3F, 0x45, 0xA3, 0x5E, 0x8B, 0xB5, 0xA0, 0x3D, 0x69, + 0x9A, 0xC6, 0x50, 0x07, 0x27, 0x2C, 0x32, 0xAB, 0x0E, 0xDE, 0xD1, 0x63, + 0x1A, 0x8B, 0x60, 0x5A, 0x43, 0xFF, 0x5B, 0xED, 0x80, 0x86, 0x07, 0x2B, + 0xA1, 0xE7, 0xCC, 0x23, 0x58, 0xBA, 0xEC, 0xA1, 0x34, 0xC8, 0x25, 0xA7}; + mbedtls_sha512_ret("abc", 3, d, 1); + EXPECT_EQ(0, memcmp(want, d, 48)); +} + +TEST(sha512, test) { + uint8_t d[64]; + uint8_t want[64] = { + 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA, 0xCC, 0x41, 0x73, + 0x49, 0xAE, 0x20, 0x41, 0x31, 0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, + 0x7E, 0xA2, 0x0A, 0x9E, 0xEE, 0xE6, 0x4B, 0x55, 0xD3, 0x9A, 0x21, + 0x92, 0x99, 0x2A, 0x27, 0x4F, 0xC1, 0xA8, 0x36, 0xBA, 0x3C, 0x23, + 0xA3, 0xFE, 0xEB, 0xBD, 0x45, 0x4D, 0x44, 0x23, 0x64, 0x3C, 0xE8, + 0x0E, 0x2A, 0x9A, 0xC9, 0x4F, 0xA5, 0x4C, 0xA4, 0x9F}; + mbedtls_sha512_ret("abc", 3, d, 0); + EXPECT_EQ(0, memcmp(want, d, 64)); +} + +BENCH(mbedtls, bench) { + uint8_t d[64]; + EZBENCH2("md5", donothing, mbedtls_md5_ret(kHyperion, kHyperionSize, d)); + EZBENCH2("sha1", donothing, mbedtls_sha1_ret(kHyperion, kHyperionSize, d)); + EZBENCH2("sha256", donothing, + mbedtls_sha256_ret(kHyperion, kHyperionSize, d, 0)); + EZBENCH2("sha384", donothing, + mbedtls_sha512_ret(kHyperion, kHyperionSize, d, 1)); + EZBENCH2("sha512", donothing, + mbedtls_sha512_ret(kHyperion, kHyperionSize, d, 0)); +} + +char *mpi2str(mbedtls_mpi *m) { + size_t n; + char s[1024]; + ASSERT_EQ(0, mbedtls_mpi_write_string(m, 10, s, sizeof(s), &n)); + return xasprintf("%.*s", n, s); +} + +mbedtls_mpi *str2mpi(const char *s) { + size_t n; + mbedtls_mpi *m; + m = calloc(1, sizeof(mbedtls_mpi)); + ASSERT_EQ(0, mbedtls_mpi_read_string(m, 10, s)); + return m; +} + +char *mpi2str16(mbedtls_mpi *m) { + size_t n; + char s[1024]; + ASSERT_EQ(0, mbedtls_mpi_write_string(m, 16, s, sizeof(s), &n)); + return xasprintf("%.*s", n, s); +} + +mbedtls_mpi *str2mpi16(const char *s) { + size_t n; + mbedtls_mpi *m; + m = calloc(1, sizeof(mbedtls_mpi)); + ASSERT_EQ(0, mbedtls_mpi_read_string(m, 16, s)); + return m; +} + +void CtrDrbgOverhead(void) { + mbedtls_ctr_drbg_context rng; + mbedtls_ctr_drbg_init(&rng); + ASSERT_EQ(0, mbedtls_ctr_drbg_seed(&rng, GetEntropy, 0, "justine", 7)); + mbedtls_ctr_drbg_free(&rng); +} + +void CtrDrbgReseed(mbedtls_ctr_drbg_context *rng) { + ASSERT_EQ(0, mbedtls_ctr_drbg_reseed( + rng, + "justinejustinejustinejustinejustinejustinejustinejustinejus" + "tinejustinejustinejustinejustine", + 64)); +} + +BENCH(CtrDrbg, bench) { + mbedtls_ctr_drbg_context rng; + mbedtls_ctr_drbg_init(&rng); + ASSERT_EQ(0, mbedtls_ctr_drbg_seed(&rng, GetEntropy, 0, "justine", 7)); + /* EZBENCH2("CtrDrbgOverhead", donothing, CtrDrbgOverhead()); */ + /* EZBENCH2("CtrDrbgReseed", donothing, CtrDrbgReseed(&rng)); */ + mbedtls_ctr_drbg_free(&rng); +} + +static void *realloc3(void *opaque, void *ptr, size_t size) { + return realloc(ptr, size); +} + +#if 0 +BENCH(quickjs_remainder, bench) { + char *t; + bf_context_t s; + bfdec_t x, y, r; + bf_context_init(&s, realloc3, 0); + bfdec_init(&s, &x); + bfdec_init(&s, &y); + bfdec_init(&s, &r); + bfdec_atof( + &x, + "131820409343094310010388979423659136318401916109327276909280345024175692" + "811283445510797521231721220331409407564807168230384468176942405812817310" + "624525121840385446744443868889563289706427719939300365865529242495144888" + "321833894158323756200092849226089461110385787540779132654409185831255860" + "504316472846036364908238500078268116724689002106891044880894853471921527" + "088201197650061259448583977618746693012787452335047965869945140544352170" + "538037327032402834008159261693483647994727160945768940072431686625688866" + "030658324868306061250176433564697324072528745672177336948242366753233417" + "556818392219546938204560720202538843712268268448586361942128751395665874" + "453900680147479758139717481147704392488266886671292379541285558418744606" + "657296304926586001793382725791100208812287673612006034789731201688939975" + "743537276539989692230927982557016660679726989062369216287647728379155260" + "864643891615705346169567037448405029752790940875872989684235165316260908" + "983893514490200568512210790489667188789433092320719785756398772086212370" + "409401269127676106581410793787580434036114254547441805771508552049371634" + "609025127325512605396392214570059772472666763440181556475095153967113514" + "87546062479444592779055555421362722504575706910949375", + NULL, BF_PREC_INF, BF_RNDZ | BF_ATOF_NO_NAN_INF); + bfdec_atof( + &y, + "402702961953621844286950607555369624422784868935557056881131335461307658" + "701727371551406721502307932123276358395008895125652043531209418099658895" + "323804953421455502359439932416245276659698167468088937570774479761417692" + "998541764456595941884384880600102787969744607942278005344329659944902212" + "055120534831056155566296908941240558524043054812784309119298489621361046" + "430678313566109525110538452853054430839857155846105630169165566758950183" + "947324955260740763926892668470396323574248496692684009312249052922911490" + "770564765036629340924434941440277974966684311625406958698534967519709470" + "161586090763966964691950363765288731535684692199342872936240602328625671" + "612857527958722799557444770545725755417136296135977255647153119878181440" + "110593529655379472903525700943247456832124407971558524965730661045026185" + "674462056105044630573746839553952570745211879290387589347246867522065584" + "726369942916093728137773105488374703562705889962546268226061545128021323" + "184760695318697037612212579413382773618361971983327301685232523283210570" + "2331094682317528819996876363073536047370469375", + NULL, BF_PREC_INF, BF_RNDZ | BF_ATOF_NO_NAN_INF); + bfdec_rem(&r, &x, &y, BF_PREC_INF, 0, BF_RNDF); + t = gc(bfdec_ftoa(0, &r, BF_PREC_INF, BF_RNDZ | BF_FTOA_FORMAT_FREE)); + ASSERT_STREQ("327339060789614187001318969682759915221664204604306478" + "948329136809613379640467455488327009232590415715088668" + "4127560071009217256545885393053328527589375", + t); + EZBENCH2("quickjs remainder", donothing, + bfdec_rem(&r, &x, &y, BF_PREC_INF, 0, BF_RNDF)); + bfdec_delete(&r); + bfdec_delete(&y); + bfdec_delete(&x); + bf_context_end(&s); +} +#endif + +BENCH(mpi_remainder, bench) { + mbedtls_mpi *x, *y, r; + x = str2mpi( + "131820409343094310010388979423659136318401916109327276909280345024175692" + "811283445510797521231721220331409407564807168230384468176942405812817310" + "624525121840385446744443868889563289706427719939300365865529242495144888" + "321833894158323756200092849226089461110385787540779132654409185831255860" + "504316472846036364908238500078268116724689002106891044880894853471921527" + "088201197650061259448583977618746693012787452335047965869945140544352170" + "538037327032402834008159261693483647994727160945768940072431686625688866" + "624525121840385446744443868889563289706427719939300365865529242495144888" + "321833894158323756200092849226089461110385787540779132654409185831255860" + "504316472846036364908238500078268116724689002106891044880894853471921527" + "088201197650061259448583977618746693012787452335047965869945140544352170" + "538037327032402834008159261693483647994727160945768940072431686625688866" + "624525121840385446744443868889563289706427719939300365865529242495144888" + "321833894158323756200092849226089461110385787540779132654409185831255860" + "504316472846036364908238500078268116724689002106891044880894853471921527" + "088201197650061259448583977618746693012787452335047965869945140544352170" + "538037327032402834008159261693483647994727160945768940072431686625688866" + "624525121840385446744443868889563289706427719939300365865529242495144888" + "321833894158323756200092849226089461110385787540779132654409185831255860" + "504316472846036364908238500078268116724689002106891044880894853471921527" + "088201197650061259448583977618746693012787452335047965869945140544352170" + "538037327032402834008159261693483647994727160945768940072431686625688866" + "030658324868306061250176433564697324072528745672177336948242366753233417" + "556818392219546938204560720202538843712268268448586361942128751395665874" + "453900680147479758139717481147704392488266886671292379541285558418744606" + "657296304926586001793382725791100208812287673612006034789731201688939975" + "743537276539989692230927982557016660679726989062369216287647728379155260" + "864643891615705346169567037448405029752790940875872989684235165316260908" + "430678313566109525110538452853054430839857155846105630169165566758950183" + "947324955260740763926892668470396323574248496692684009312249052922911490" + "770564765036629340924434941440277974966684311625406958698534967519709470" + "161586090763966964691950363765288731535684692199342872936240602328625671" + "612857527958722799557444770545725755417136296135977255647153119878181440" + "430678313566109525110538452853054430839857155846105630169165566758950183" + "947324955260740763926892668470396323574248496692684009312249052922911490" + "770564765036629340924434941440277974966684311625406958698534967519709470" + "161586090763966964691950363765288731535684692199342872936240602328625671" + "612857527958722799557444770545725755417136296135977255647153119878181440" + "983893514490200568512210790489667188789433092320719785756398772086212370" + "409401269127676106581410793787580434036114254547441805771508552049371634" + "609025127325512605396392214570059772472666763440181556475095153967113514" + "87546062479444592779055555421362722504575706910949375"); + y = str2mpi( + "402702961953621844286950607555369624422784868935557056881131335461307658" + "701727371551406721502307932123276358395008895125652043531209418099658895" + "323804953421455502359439932416245276659698167468088937570774479761417692" + "998541764456595941884384880600102787969744607942278005344329659944902212" + "055120534831056155566296908941240558524043054812784309119298489621361046" + "430678313566109525110538452853054430839857155846105630169165566758950183" + "947324955260740763926892668470396323574248496692684009312249052922911490" + "770564765036629340924434941440277974966684311625406958698534967519709470" + "161586090763966964691950363765288731535684692199342872936240602328625671" + "612857527958722799557444770545725755417136296135977255647153119878181440" + "430678313566109525110538452853054430839857155846105630169165566758950183" + "947324955260740763926892668470396323574248496692684009312249052922911490" + "770564765036629340924434941440277974966684311625406958698534967519709470" + "161586090763966964691950363765288731535684692199342872936240602328625671" + "612857527958722799557444770545725755417136296135977255647153119878181440" + "430678313566109525110538452853054430839857155846105630169165566758950183" + "947324955260740763926892668470396323574248496692684009312249052922911490" + "770564765036629340924434941440277974966684311625406958698534967519709470" + "161586090763966964691950363765288731535684692199342872936240602328625671" + "612857527958722799557444770545725755417136296135977255647153119878181440" + "110593529655379472903525700943247456832124407971558524965730661045026185" + "674462056105044630573746839553952570745211879290387589347246867522065584" + "726369942916093728137773105488374703562705889962546268226061545128021323" + "184760695318697037612212579413382773618361971983327301685232523283210570" + "2331094682317528819996876363073536047370469375"); + mbedtls_mpi_init(&r); + EZBENCH2("mpi_remainder", donothing, mbedtls_mpi_mod_mpi(&r, x, y)); + mbedtls_mpi_free(&r); + mbedtls_mpi_free(x); + mbedtls_mpi_free(y); +} + +BENCH(mpi_mul_int, bench) { + mbedtls_mpi *x, y; + x = str2mpi( + "131820409343094310010388979423659136318401916109327276909280345024175692" + "811283445510797521231721220331409407564807168230384468176942405812817310" + "624525121840385446744443868889563289706427719939300365865529242495144888" + "321833894158323756200092849226089461110385787540779132654409185831255860" + "504316472846036364908238500078268116724689002106891044880894853471921527" + "088201197650061259448583977618746693012787452335047965869945140544352170" + "538037327032402834008159261693483647994727160945768940072431686625688866" + "624525121840385446744443868889563289706427719939300365865529242495144888" + "321833894158323756200092849226089461110385787540779132654409185831255860" + "504316472846036364908238500078268116724689002106891044880894853471921527" + "088201197650061259448583977618746693012787452335047965869945140544352170" + "538037327032402834008159261693483647994727160945768940072431686625688866" + "624525121840385446744443868889563289706427719939300365865529242495144888" + "321833894158323756200092849226089461110385787540779132654409185831255860" + "504316472846036364908238500078268116724689002106891044880894853471921527" + "088201197650061259448583977618746693012787452335047965869945140544352170" + "538037327032402834008159261693483647994727160945768940072431686625688866" + "624525121840385446744443868889563289706427719939300365865529242495144888" + "321833894158323756200092849226089461110385787540779132654409185831255860" + "504316472846036364908238500078268116724689002106891044880894853471921527" + "088201197650061259448583977618746693012787452335047965869945140544352170" + "538037327032402834008159261693483647994727160945768940072431686625688866" + "030658324868306061250176433564697324072528745672177336948242366753233417" + "556818392219546938204560720202538843712268268448586361942128751395665874" + "453900680147479758139717481147704392488266886671292379541285558418744606" + "657296304926586001793382725791100208812287673612006034789731201688939975" + "743537276539989692230927982557016660679726989062369216287647728379155260" + "864643891615705346169567037448405029752790940875872989684235165316260908" + "430678313566109525110538452853054430839857155846105630169165566758950183" + "947324955260740763926892668470396323574248496692684009312249052922911490" + "770564765036629340924434941440277974966684311625406958698534967519709470" + "161586090763966964691950363765288731535684692199342872936240602328625671" + "612857527958722799557444770545725755417136296135977255647153119878181440" + "430678313566109525110538452853054430839857155846105630169165566758950183" + "947324955260740763926892668470396323574248496692684009312249052922911490" + "770564765036629340924434941440277974966684311625406958698534967519709470" + "161586090763966964691950363765288731535684692199342872936240602328625671" + "612857527958722799557444770545725755417136296135977255647153119878181440" + "983893514490200568512210790489667188789433092320719785756398772086212370" + "409401269127676106581410793787580434036114254547441805771508552049371634" + "609025127325512605396392214570059772472666763440181556475095153967113514" + "87546062479444592779055555421362722504575706910949375"); + mbedtls_mpi_init(&y); + EZBENCH2("mpi_mul_int", donothing, ({ + mbedtls_mpi_copy(&y, x); + mbedtls_mpi_mul_int(&y, &y, 31337); + })); + EZBENCH2("mpi_mul_mpi (scalar)", donothing, ({ + mbedtls_mpi b = {1, 1, (uint64_t[]){31337}}; + mbedtls_mpi_copy(&y, x); + mbedtls_mpi_mul_mpi(&y, &y, &b); + })); + mbedtls_mpi_free(&y); + mbedtls_mpi_free(x); +} + +BENCH(mpi_shift_r, bench) { + mbedtls_mpi x; + mbedtls_mpi_init(&x); + mbedtls_mpi_fill_random(&x, 2048 / 8, GetEntropy, 0); + EZBENCH2("mpi_shift_r (0)", donothing, mbedtls_mpi_shift_r(&x, 0)); + EZBENCH2("mpi_shift_r (1)", donothing, mbedtls_mpi_shift_r(&x, 1)); + EZBENCH2("mpi_shift_r (65)", donothing, mbedtls_mpi_shift_r(&x, 65)); + EZBENCH2("mpi_shift_r (1024)", donothing, mbedtls_mpi_shift_r(&x, 1024)); + EZBENCH2("mpi_shift_r (1983)", donothing, mbedtls_mpi_shift_r(&x, 1983)); + EZBENCH2("mpi_shift_r (2047)", donothing, mbedtls_mpi_shift_r(&x, 2047)); + EZBENCH2("mpi_shift_r (2048)", donothing, mbedtls_mpi_shift_r(&x, 2048)); + mbedtls_mpi_free(&x); +} + +TEST(mpi_shift_r, doesntCrash_dontUnderstandWeirdUpstreamBehavior) { + mbedtls_mpi x = {1, 0, 0}; + EXPECT_EQ(0, mbedtls_mpi_shift_r(&x, 1)); +} + +TEST(mpi_shift_l, doesntCrash_dontUnderstandWeirdUpstreamBehavior) { + mbedtls_mpi x = {1, 0, 0}; + EXPECT_EQ(0, mbedtls_mpi_shift_l(&x, 1)); +} + +TEST(mpi_shift_r, fun0) { + mbedtls_mpi x = {1, 1, (uint64_t[]){2}}; + EXPECT_EQ(0, mbedtls_mpi_shift_r(&x, 1)); + EXPECT_EQ(1, x.n); + EXPECT_EQ(1, x.p[0]); +} + +TEST(mpi_shift_r, fun1) { + mbedtls_mpi x = {1, 7, (uint64_t[]){2, 4, 8, 16, 32, 64, 128}}; + EXPECT_EQ(0, mbedtls_mpi_shift_r(&x, 129)); + EXPECT_EQ(7, x.n); + EXPECT_EQ(4, x.p[0]); + EXPECT_EQ(8, x.p[1]); + EXPECT_EQ(16, x.p[2]); + EXPECT_EQ(32, x.p[3]); + EXPECT_EQ(64, x.p[4]); + EXPECT_EQ(0, x.p[5]); + EXPECT_EQ(0, x.p[6]); +} + +TEST(mpi_shift_r, fun2) { + mbedtls_mpi x = {1, 3, (uint64_t[]){0, 1, 0}}; + EXPECT_EQ(0, mbedtls_mpi_shift_r(&x, 1)); + EXPECT_EQ(3, x.n); + EXPECT_EQ(0x8000000000000000, x.p[0]); + EXPECT_EQ(0, x.p[1]); + EXPECT_EQ(0, x.p[2]); +} + +TEST(mpi_shift_l, fun0) { + mbedtls_mpi x = {1, 1, (uint64_t[]){2}}; + EXPECT_EQ(0, mbedtls_mpi_shift_l(&x, 1)); + EXPECT_EQ(1, x.n); + EXPECT_EQ(4, x.p[0]); +} + +TEST(mpi_shift_r, funbye) { + mbedtls_mpi x = {1, 1, (uint64_t[]){2}}; + EXPECT_EQ(0, mbedtls_mpi_shift_r(&x, 100)); + EXPECT_EQ(1, x.n); + EXPECT_EQ(0, x.p[0]); +} + +TEST(mpi_shift_l, fun1) { + mbedtls_mpi w = {1, 9, + (uint64_t[]){0, 0, 2 << 1, 4 << 1, 8 << 1, 16 << 1, 32 << 1, + 64 << 1, 128 << 1}}; + mbedtls_mpi x = {1, 9, (uint64_t[]){2, 4, 8, 16, 32, 64, 128, 0, 0}}; + EXPECT_EQ(0, mbedtls_mpi_shift_l(&x, 129)); + EXPECT_EQ(9, x.n); + EXPECT_EQ(0, x.p[0]); + EXPECT_EQ(0, x.p[1]); + EXPECT_EQ(2 << 1, x.p[2]); + EXPECT_EQ(4 << 1, x.p[3]); + EXPECT_EQ(8 << 1, x.p[4]); + EXPECT_EQ(16 << 1, x.p[5]); + EXPECT_EQ(32 << 1, x.p[6]); + EXPECT_EQ(64 << 1, x.p[7]); + EXPECT_EQ(128 << 1, x.p[8]); +} + +TEST(mpi_shift_l, fun2) { + mbedtls_mpi o = {1, 3, (uint64_t[9]){0x8000000000000000, 0, 0}}; + mbedtls_mpi w = {1, 3, (uint64_t[9]){0, 1, 0}}; + mbedtls_mpi x = {1, 3, + (uint64_t[9]){ + 0x8000000000000003, + 0x8000000000000002, + 0x0000000000000001, + }}; + EXPECT_EQ(0, mbedtls_mpi_shift_l(&x, 1)); + EXPECT_EQ(3, x.n); + EXPECT_EQ(6, x.p[0]); + EXPECT_EQ(5, x.p[1]); + EXPECT_EQ(3, x.p[2]); + EXPECT_EQ(0, x.p[3]); +} + +int BenchShiftLeft(mbedtls_mpi *X, size_t k) { + X->n = 2048 / 64; + X->p[X->n - 1] |= 1; + return mbedtls_mpi_shift_l(X, k); +} + +BENCH(mpi_shift_l, bench) { + mbedtls_mpi x; + mbedtls_mpi_init(&x); + mbedtls_mpi_fill_random(&x, 2048 / 8, GetEntropy, 0); + EZBENCH2("mpi_shift_l (0)", donothing, BenchShiftLeft(&x, 0)); + EZBENCH2("mpi_shift_l (1)", donothing, BenchShiftLeft(&x, 1)); + EZBENCH2("mpi_shift_l (65)", donothing, BenchShiftLeft(&x, 65)); + EZBENCH2("mpi_shift_l (1024)", donothing, BenchShiftLeft(&x, 1024)); + EZBENCH2("mpi_shift_l (1983)", donothing, BenchShiftLeft(&x, 1983)); + EZBENCH2("mpi_shift_l (2047)", donothing, BenchShiftLeft(&x, 2047)); + EZBENCH2("mpi_shift_l (2048)", donothing, BenchShiftLeft(&x, 2048)); + mbedtls_mpi_free(&x); +} + +BENCH(gcd, bench) { + mbedtls_mpi g = {1, 16, (uint64_t[32]){0}}; + mbedtls_mpi x = {1, 16, (uint64_t[32]){1500}}; + mbedtls_mpi y = {1, 16, (uint64_t[32]){700}}; + mbedtls_mpi_gcd(&g, &x, &y); + EXPECT_EQ(100, g.p[0]); + mbedtls_mpi_fill_random(&x, 16 * 8, GetEntropy, 0); + mbedtls_mpi_fill_random(&y, 16 * 8, GetEntropy, 0); + EZBENCH2("mbedtls_mpi_gcd (16)", donothing, mbedtls_mpi_gcd(&g, &x, &y)); +} + +BENCH(inv_mod, bench3) { + mbedtls_mpi g = {0}; + mbedtls_mpi *x = str2mpi16( + "837B3E23091602B5D14D619D9B2CD79DD039BC9A9F46F0CA1FFD01B398EE42C8EE2142CB" + "B295109FC4278DB8AB84A6ADBF319D3297216C349D0EB92925E2794C5FF1AAF664034CB2" + "5C15CDA49B7947278AA96BEF9D995C5F99AA4809B12568A1513D8E0A37BB338DC44A1722" + "F7821CFB11EBF2578151A3C8ECA1280AA4B1500463777FBBC00AE603A1A8F3C099524622" + "7AFFD15FB66B320DF53CEA4D6C9935D0593BFC7A75ABAFDD3016F7C596FA58248BC041CF" + "68ED274FA7F7D5BC3E014DDC7BEA4A60DF24805B5F94C998CAF28441FB4A5831755CE935" + "2F17F5416647A81A78899E5B2C4D3F6C84A81CEB463C1593392ABCF6BF708A55578EB0EF" + "E9ABF572"); + mbedtls_mpi *y = str2mpi16( + "C14DA3DDE7CD1DD104D74972B899AC0E78E43A3C4ACF3A1316D05AE4CDA30088A7EE1E6B" + "96A752B490EF2D727A3E249AFCB634AC24F577E026648C9CB0287DA1DAEA8CE6C91C96BC" + "FEC10452B336D4A3FAE1B176D890C161B4665236A22653AAAB745E077D1982DB2AD81FA0" + "D90D1C2D4966F75B257346E80B8A4F690CB50090E1DA8210667DAE542B8B657991A1E261" + "C3CD404908EE680CF18B86D246BFD0B8AA11031E7F56A81A1E44180F0F858BDA8B445EE2" + "18C6622FC7668DFA5DD87DF327892901C5900E3F27F130C84A0EEFD6DEC7C7276BC7053D" + "7AC4023C9A1D3E0FE834985BCB734B5296D811A22C808869395AD30FB0DE592F11C7F7EA" + "12013097"); + mbedtls_mpi_inv_mod(&g, x, y); + EZBENCH2("mbedtls_mpi_inv_mod (actual)", donothing, + mbedtls_mpi_inv_mod(&g, x, y)); + mbedtls_mpi_free(&g); + mbedtls_mpi_free(x); + mbedtls_mpi_free(y); +} + +TEST(ShiftRightAvx, test1) { + int i; + for (i = 0; i < 10; ++i) { + uint64_t mem[1] = {rand64()}; + uint64_t want[1]; + uint64_t got[1]; + memcpy(want, mem, sizeof(mem)); + memcpy(got, mem, sizeof(mem)); + ShiftRightPure(want, 1, 1); + ShiftRightAvx(got, 1, 1); + EXPECT_EQ(want[0], got[0]); + } +} + +TEST(ShiftRightAvx, test2) { + int i; + for (i = 0; i < 10; ++i) { + uint64_t mem[2] = {rand64(), rand64()}; + uint64_t want[2]; + uint64_t got[2]; + memcpy(want, mem, sizeof(mem)); + memcpy(got, mem, sizeof(mem)); + ShiftRightPure(want, 2, 1); + ShiftRightAvx(got, 2, 1); + EXPECT_EQ(want[0], got[0]); + EXPECT_EQ(want[1], got[1]); + } +} + +TEST(ShiftRightAvx, test3) { + int i; + for (i = 0; i < 10; ++i) { + uint64_t mem[3] = {rand64(), rand64(), rand64()}; + uint64_t want[3]; + uint64_t got[3]; + memcpy(want, mem, sizeof(mem)); + memcpy(got, mem, sizeof(mem)); + ShiftRightPure(want, 3, 1); + ShiftRightAvx(got, 3, 1); + EXPECT_EQ(want[0], got[0]); + EXPECT_EQ(want[1], got[1]); + EXPECT_EQ(want[2], got[2]); + } +} + +TEST(ShiftRightAvx, test4) { + int i; + for (i = 0; i < 10; ++i) { + uint64_t mem[4] = {rand64(), rand64(), rand64(), rand64()}; + uint64_t want[4]; + uint64_t got[4]; + memcpy(want, mem, sizeof(mem)); + memcpy(got, mem, sizeof(mem)); + ShiftRightPure(want, 4, 1); + ShiftRightAvx(got, 4, 1); + EXPECT_EQ(want[0], got[0]); + EXPECT_EQ(want[1], got[1]); + EXPECT_EQ(want[2], got[2]); + EXPECT_EQ(want[3], got[3]); + } +} + +TEST(ShiftRightAvx, test8) { + int i; + for (i = 0; i < 10; ++i) { + uint64_t mem[8] = {rand64(), rand64(), rand64(), rand64(), + rand64(), rand64(), rand64(), rand64()}; + uint64_t want[8]; + uint64_t got[8]; + memcpy(want, mem, sizeof(mem)); + memcpy(got, mem, sizeof(mem)); + ShiftRightPure(want, 8, 1); + ShiftRightAvx(got, 8, 1); + EXPECT_EQ(want[0], got[0]); + EXPECT_EQ(want[1], got[1]); + EXPECT_EQ(want[2], got[2]); + EXPECT_EQ(want[3], got[3]); + EXPECT_EQ(want[4], got[4]); + EXPECT_EQ(want[5], got[5]); + EXPECT_EQ(want[6], got[6]); + EXPECT_EQ(want[7], got[7]); + } +} + +TEST(ShiftRightAvx, test9) { + int i; + for (i = 0; i < 10; ++i) { + uint64_t mem[9] = {rand64(), rand64(), rand64(), rand64(), rand64(), + rand64(), rand64(), rand64(), rand64()}; + uint64_t want[9]; + uint64_t got[9]; + memcpy(want, mem, sizeof(mem)); + memcpy(got, mem, sizeof(mem)); + ShiftRightPure(want, 9, 1); + ShiftRightAvx(got, 9, 1); + EXPECT_EQ(want[0], got[0]); + EXPECT_EQ(want[1], got[1]); + EXPECT_EQ(want[2], got[2]); + EXPECT_EQ(want[3], got[3]); + } +} + +BENCH(ShiftRight, bench) { + uint64_t x[64]; + rngset(x, sizeof(x), rand64, -1); + EZBENCH2("ShiftRight", donothing, ShiftRight(x, 64, 1)); + EZBENCH2("ShiftRightAvx", donothing, ShiftRightAvx(x, 64, 1)); + EZBENCH2("ShiftRightPure", donothing, ShiftRightPure(x, 64, 1)); +} + +BENCH(Zeroize, bench) { + uint64_t x[64]; + rngset(x, sizeof(x), rand64, -1); + EZBENCH2("memset (64)", donothing, memset(x, 0, sizeof(x))); + EZBENCH2("Zeroize (64)", donothing, mbedtls_platform_zeroize(x, 64)); +} + +int mbedtls_mpi_read_binary2(mbedtls_mpi *X, const unsigned char *p, size_t n); + +TEST(endian, big1) { + /* uint8_t b[] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, */ + /* 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F}; */ + uint8_t b[] = { + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, // + 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // + 0x03, // + }; + mbedtls_mpi x; + mbedtls_mpi_init(&x); + ASSERT_EQ(0, mbedtls_mpi_read_binary(&x, b, ARRAYLEN(b))); + EXPECT_GE(x.n, 3); + EXPECT_EQ(0x0000000000000003, x.p[0]); + EXPECT_EQ(0x0000000000000702, x.p[1]); + EXPECT_EQ(0x0000000000000001, x.p[2]); + mbedtls_mpi_free(&x); +} + +TEST(endian, big2) { + uint8_t b[] = { + 0x01, // + }; + mbedtls_mpi x; + mbedtls_mpi_init(&x); + ASSERT_EQ(0, mbedtls_mpi_read_binary(&x, b, ARRAYLEN(b))); + EXPECT_EQ(1, x.n); + EXPECT_EQ(0x0000000000000001, x.p[0]); + mbedtls_mpi_free(&x); +} + +TEST(endian, big3) { + uint8_t b[] = { + 0x01, 0x02, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, // + 0x01, 0x02, // + }; + mbedtls_mpi x; + mbedtls_mpi_init(&x); + ASSERT_EQ(0, mbedtls_mpi_read_binary(&x, b, ARRAYLEN(b))); + EXPECT_EQ(2, x.n); + EXPECT_EQ(0x0101010101010102, x.p[0]); + EXPECT_EQ(0x0000000000000102, x.p[1]); + mbedtls_mpi_free(&x); +} + +TEST(endian, big4) { + uint8_t b[] = { + 0x11, 0x68, 0x5b, 0xb5, 0x76, 0x6f, 0xb5, 0x72, // + 0x43, 0xd2, 0x3f, 0xd6, 0xc0, 0x1b, 0xa3, 0x2e, // + 0x40, 0x77, 0x12, 0xc8, 0x59, 0x4e, 0x63, 0xab, // + 0xea, 0xeb, 0x4a, 0x58, 0x50, 0xbd, 0xed, 0x30, // + 0x10, 0x76, 0xa9, 0xfa, 0x01, 0xa1, 0x07, 0xe8, // + 0xa3, 0xd5, 0xaf, 0x4e, 0x1f, 0xf6, 0xaf, // + }; + mbedtls_mpi x; + mbedtls_mpi_init(&x); + ASSERT_EQ(0, mbedtls_mpi_read_binary(&x, b, ARRAYLEN(b))); + EXPECT_GE(x.n, 6); + EXPECT_EQ(0xe8a3d5af4e1ff6af, x.p[0]); + EXPECT_EQ(0x301076a9fa01a107, x.p[1]); + EXPECT_EQ(0xabeaeb4a5850bded, x.p[2]); + EXPECT_EQ(0x2e407712c8594e63, x.p[3]); + EXPECT_EQ(0x7243d23fd6c01ba3, x.p[4]); + mbedtls_mpi_free(&x); +} + +TEST(Mul4x4, test) { + int i, j, N, M; + mbedtls_mpi A, B, C, D; + if (!X86_HAVE(BMI2) || !X86_HAVE(ADX)) return; + N = 4; + M = 4; + mbedtls_mpi_init(&A); + mbedtls_mpi_init(&B); + mbedtls_mpi_init(&C); + mbedtls_mpi_init(&D); + mbedtls_mpi_fill_random(&A, N * 8, GetEntropy, 0); + mbedtls_mpi_fill_random(&B, M * 8, GetEntropy, 0); + mbedtls_mpi_fill_random(&C, (N + M) * 8, GetEntropy, 0); + mbedtls_mpi_fill_random(&D, (N + M) * 8, GetEntropy, 0); + mbedtls_mpi_mul_mpi(&C, &A, &B); + Mul4x4(D.p, A.p, B.p); + EXPECT_EQ(0, memcmp(D.p, C.p, (N + M) * 8)); + mbedtls_mpi_free(&D); + mbedtls_mpi_free(&C); + mbedtls_mpi_free(&B); + mbedtls_mpi_free(&A); +} + +BENCH(Mul4x4, bench) { + int i, j, N, M; + mbedtls_mpi A, B, C, D, E; + if (!X86_HAVE(BMI2) || !X86_HAVE(ADX)) return; + N = 4; + M = 4; + mbedtls_mpi_init(&A); + mbedtls_mpi_init(&B); + mbedtls_mpi_init(&C); + mbedtls_mpi_init(&D); + mbedtls_mpi_init(&E); + mbedtls_mpi_fill_random(&A, N * 8, GetEntropy, 0); + mbedtls_mpi_fill_random(&B, M * 8, GetEntropy, 0); + mbedtls_mpi_fill_random(&C, (N + M) * 8, GetEntropy, 0); + mbedtls_mpi_fill_random(&D, (N + M) * 8, GetEntropy, 0); + mbedtls_mpi_fill_random(&E, (N + M) * 8, GetEntropy, 0); + Mul(C.p, A.p, N, B.p, M); + Mul4x4Adx(D.p, A.p, B.p); + Mul4x4Pure(E.p, A.p, B.p); + if (memcmp(E.p, C.p, (N + M) * 8)) { + printf("\n"); + printf( + "# X Y MPI RESULT PURE " + "RESULT\n"); + for (i = 0; i < N + M; ++i) { + printf("0x%016lx * 0x%016lx = 0x%016lx vs. 0x%016lx %d\n", + i < N ? A.p[i] : 0, i < M ? B.p[i] : 0, E.p[i], C.p[i], + E.p[i] == C.p[i]); + } + printf("\n"); + } + if (memcmp(D.p, C.p, (N + M) * 8)) { + printf("\n"); + printf("# X Y MPI RESULT ADX " + "RESULT\n"); + for (i = 0; i < N + M; ++i) { + printf("0x%016lx * 0x%016lx = 0x%016lx vs. 0x%016lx %d\n", + i < N ? A.p[i] : 0, i < M ? B.p[i] : 0, D.p[i], C.p[i], + D.p[i] == C.p[i]); + } + printf("\n"); + } + EXPECT_EQ(0, memcmp(D.p, C.p, (N + M) * 8)); + EXPECT_EQ(0, memcmp(E.p, C.p, (N + M) * 8)); + EZBENCH2("orig multiply 4x4", donothing, Mul(C.p, A.p, N, B.p, M)); + EZBENCH2("mpi multiply 4x4", donothing, mbedtls_mpi_mul_mpi(&C, &A, &B)); + EZBENCH2("Mul4x4Adx", donothing, Mul4x4Adx(D.p, A.p, B.p)); + EZBENCH2("Mul4x4Pure", donothing, Mul4x4Pure(E.p, A.p, B.p)); + mbedtls_mpi_free(&E); + mbedtls_mpi_free(&D); + mbedtls_mpi_free(&C); + mbedtls_mpi_free(&B); + mbedtls_mpi_free(&A); +} + +BENCH(Mul6x6, bench) { + int i, j, N, M; + mbedtls_mpi A, B, C, D; + if (!X86_HAVE(BMI2) || !X86_HAVE(ADX)) return; + N = 6; + M = 6; + mbedtls_mpi_init(&A); + mbedtls_mpi_init(&B); + mbedtls_mpi_init(&C); + mbedtls_mpi_init(&D); + mbedtls_mpi_fill_random(&A, N * 8, GetEntropy, 0); + mbedtls_mpi_fill_random(&B, M * 8, GetEntropy, 0); + mbedtls_mpi_fill_random(&C, (N + M) * 8, GetEntropy, 0); + mbedtls_mpi_fill_random(&D, (N + M) * 8, GetEntropy, 0); + Mul(C.p, A.p, N, B.p, M); + Mul6x6Adx(D.p, A.p, B.p); + if (memcmp(D.p, C.p, (N + M) * 8)) { + printf("\n"); + printf("# X Y MPI RESULT ADX " + "RESULT\n"); + for (i = 0; i < N + M; ++i) { + printf("0x%016lx * 0x%016lx = 0x%016lx vs. 0x%016lx %d\n", + i < N ? A.p[i] : 0, i < M ? B.p[i] : 0, D.p[i], C.p[i], + D.p[i] == C.p[i]); + } + printf("\n"); + } + EXPECT_EQ(0, memcmp(D.p, C.p, (N + M) * 8)); + EZBENCH2("orig multiply 6x6", donothing, Mul(C.p, A.p, N, B.p, M)); + EZBENCH2("mpi multiply 6x6", donothing, mbedtls_mpi_mul_mpi(&C, &A, &B)); + EZBENCH2("Mul6x6Adx", donothing, Mul6x6Adx(D.p, A.p, B.p)); + mbedtls_mpi_free(&D); + mbedtls_mpi_free(&C); + mbedtls_mpi_free(&B); + mbedtls_mpi_free(&A); +} + +BENCH(Mul10x10, bench) { + int i, j, N, M; + mbedtls_mpi A, B, C, D; + if (!X86_HAVE(BMI2) || !X86_HAVE(ADX)) return; + N = 10; + M = 10; + mbedtls_mpi_init(&A); + mbedtls_mpi_init(&B); + mbedtls_mpi_init(&C); + mbedtls_mpi_fill_random(&A, N * 8, GetEntropy, 0); + mbedtls_mpi_fill_random(&B, M * 8, GetEntropy, 0); + mbedtls_mpi_fill_random(&C, (N + M) * 8, GetEntropy, 0); + mbedtls_mpi_mul_mpi(&C, &A, &B); + EZBENCH2("mpi multiply 10x10", donothing, mbedtls_mpi_mul_mpi(&C, &A, &B)); + mbedtls_mpi_free(&C); + mbedtls_mpi_free(&B); + mbedtls_mpi_free(&A); +} + +BENCH(Mul16x16, bench) { + int i, j, N, M; + mbedtls_mpi A, B, C, D; + if (!X86_HAVE(BMI2) || !X86_HAVE(ADX)) return; + N = 16; + M = 16; + mbedtls_mpi_init(&A); + mbedtls_mpi_init(&B); + mbedtls_mpi_init(&C); + mbedtls_mpi_fill_random(&A, N * 8, GetEntropy, 0); + mbedtls_mpi_fill_random(&B, M * 8, GetEntropy, 0); + mbedtls_mpi_fill_random(&C, (N + M) * 8, GetEntropy, 0); + mbedtls_mpi_mul_mpi(&C, &A, &B); + EZBENCH2("mpi multiply 16x16", donothing, mbedtls_mpi_mul_mpi(&C, &A, &B)); + mbedtls_mpi_free(&C); + mbedtls_mpi_free(&B); + mbedtls_mpi_free(&A); +} + +BENCH(Mul32x32, bench) { + int i, j, N, M; + mbedtls_mpi A, B, C, D, K; + if (!X86_HAVE(BMI2) || !X86_HAVE(ADX)) return; + N = 32; + M = 32; + mbedtls_mpi_init(&A); + mbedtls_mpi_init(&B); + mbedtls_mpi_init(&C); + mbedtls_mpi_init(&D); + mbedtls_mpi_init(&K); + for (i = 0; i < 8; ++i) { + mbedtls_mpi_fill_random(&A, N * 8, GetEntropy, 0); + mbedtls_mpi_fill_random(&B, M * 8, GetEntropy, 0); + mbedtls_mpi_fill_random(&C, (N + M) * 8, GetEntropy, 0); + mbedtls_mpi_fill_random(&D, (N + M) * 8, GetEntropy, 0); + mbedtls_mpi_fill_random(&K, (N + M) * 2 * 8, GetEntropy, 0); + mbedtls_mpi_mul_mpi(&C, &A, &B); + Karatsuba(D.p, A.p, B.p, N, K.p); + if (memcmp(D.p, C.p, (N + M) * 8)) { + printf("\n"); + printf("# X Y MPI RESULT OTH " + "RESULT\n"); + for (i = 0; i < N + M; ++i) { + printf("0x%016lx * 0x%016lx = 0x%016lx vs. 0x%016lx %d\n", + i < N ? A.p[i] : 0, i < M ? B.p[i] : 0, D.p[i], C.p[i], + D.p[i] == C.p[i]); + } + printf("\n"); + exit(1); + } + } + EZBENCH2("mpi multiply 32x32", donothing, mbedtls_mpi_mul_mpi(&C, &A, &B)); + EZBENCH2("karatsuba 32x32", donothing, Karatsuba(C.p, A.p, B.p, N, K.p)); + mbedtls_mpi_free(&K); + mbedtls_mpi_free(&D); + mbedtls_mpi_free(&C); + mbedtls_mpi_free(&B); + mbedtls_mpi_free(&A); +} + +BENCH(Mul16x1, bench) { + int i, j, N, M; + mbedtls_mpi A, B, C, D; + if (!X86_HAVE(BMI2) || !X86_HAVE(ADX)) return; + N = 16; + M = 1; + mbedtls_mpi_init(&A); + mbedtls_mpi_init(&B); + mbedtls_mpi_init(&C); + mbedtls_mpi_fill_random(&A, N * 8, GetEntropy, 0); + mbedtls_mpi_fill_random(&B, M * 8, GetEntropy, 0); + mbedtls_mpi_fill_random(&C, (N + M) * 8, GetEntropy, 0); + mbedtls_mpi_mul_mpi(&C, &A, &B); + EZBENCH2("mpi multiply 16x1", donothing, mbedtls_mpi_mul_mpi(&C, &A, &B)); + mbedtls_mpi_free(&C); + mbedtls_mpi_free(&B); + mbedtls_mpi_free(&A); +} + +BENCH(Mul32x1, bench) { + int i, j, N, M; + mbedtls_mpi A, B, C, D; + if (!X86_HAVE(BMI2) || !X86_HAVE(ADX)) return; + N = 32; + M = 1; + mbedtls_mpi_init(&A); + mbedtls_mpi_init(&B); + mbedtls_mpi_init(&C); + mbedtls_mpi_fill_random(&A, N * 8, GetEntropy, 0); + mbedtls_mpi_fill_random(&B, M * 8, GetEntropy, 0); + mbedtls_mpi_fill_random(&C, (N + M) * 8, GetEntropy, 0); + mbedtls_mpi_mul_mpi(&C, &A, &B); + EZBENCH2("mpi multiply 32x1", donothing, mbedtls_mpi_mul_mpi(&C, &A, &B)); + mbedtls_mpi_free(&C); + mbedtls_mpi_free(&B); + mbedtls_mpi_free(&A); +} + +BENCH(isprime, bench1024) { + mbedtls_mpi P; + mbedtls_mpi_init(&P); + EXPECT_EQ(0, mbedtls_mpi_gen_prime(&P, 1024, 0, GetEntropy, 0)); + EXPECT_EQ(0, mbedtls_mpi_is_prime_ext(&P, 3, GetEntropy, 0)); + EZBENCH2("isprime (1024)", donothing, + mbedtls_mpi_is_prime_ext(&P, 3, GetEntropy, 0)); + mbedtls_mpi_free(&P); +} + +BENCH(cmpint, bench) { + mbedtls_mpi x = {1, 8, (uint64_t[8]){0}}; + mbedtls_mpi y = {1, 8, (uint64_t[8]){1}}; + mbedtls_mpi z = {1, 8, (uint64_t[8]){1, 1, 1, 1, 1, 1, 1, 1}}; + EZBENCH2("cmpint 1.1", donothing, mbedtls_mpi_cmp_int(&x, 0)); + EZBENCH2("cmpint 1.2", donothing, mbedtls_mpi_cmp_int(&x, 1)); + EZBENCH2("cmpint 2.1", donothing, mbedtls_mpi_cmp_int(&y, 0)); + EZBENCH2("cmpint 2.2", donothing, mbedtls_mpi_cmp_int(&y, 1)); + EZBENCH2("cmpint 3.1", donothing, mbedtls_mpi_cmp_int(&z, 0)); + EZBENCH2("cmpint 3.2", donothing, mbedtls_mpi_cmp_int(&z, 1)); +} diff --git a/test/net/https/test.mk b/test/net/https/test.mk new file mode 100644 index 000000000..e3e90b350 --- /dev/null +++ b/test/net/https/test.mk @@ -0,0 +1,46 @@ +#-*-mode:makefile-gmake;indent-tabs-mode:t;tab-width:8;coding:utf-8-*-┐ +#───vi: set et ft=make ts=8 tw=8 fenc=utf-8 :vi───────────────────────┘ + +PKGS += TEST_NET_HTTPS + +TEST_NET_HTTPS_SRCS := $(wildcard test/net/https/*.c) +TEST_NET_HTTPS_SRCS_TEST = $(filter %_test.c,$(TEST_NET_HTTPS_SRCS)) +TEST_NET_HTTPS_BINS = $(TEST_NET_HTTPS_COMS) $(TEST_NET_HTTPS_COMS:%=%.dbg) + +TEST_NET_HTTPS_OBJS = \ + $(TEST_NET_HTTPS_SRCS:%.c=o/$(MODE)/%.o) + +TEST_NET_HTTPS_COMS = \ + $(TEST_NET_HTTPS_SRCS:%.c=o/$(MODE)/%.com) + +TEST_NET_HTTPS_TESTS = \ + $(TEST_NET_HTTPS_SRCS_TEST:%.c=o/$(MODE)/%.com.ok) + +TEST_NET_HTTPS_CHECKS = \ + $(TEST_NET_HTTPS_SRCS_TEST:%.c=o/$(MODE)/%.com.runs) + +TEST_NET_HTTPS_DIRECTDEPS = \ + NET_HTTPS \ + LIBC_LOG \ + LIBC_TESTLIB \ + THIRD_PARTY_MBEDTLS + +TEST_NET_HTTPS_DEPS := \ + $(call uniq,$(foreach x,$(TEST_NET_HTTPS_DIRECTDEPS),$($(x)))) + +o/$(MODE)/test/net/https/https.pkg: \ + $(TEST_NET_HTTPS_OBJS) \ + $(foreach x,$(TEST_NET_HTTPS_DIRECTDEPS),$($(x)_A).pkg) + +o/$(MODE)/test/net/https/%.com.dbg: \ + $(TEST_NET_HTTPS_DEPS) \ + o/$(MODE)/test/net/https/%.o \ + $(LIBC_TESTMAIN) \ + $(CRT) \ + $(APE) + @$(APELINK) + +.PHONY: o/$(MODE)/test/net/https +o/$(MODE)/test/net/https: \ + $(TEST_NET_HTTPS_BINS) \ + $(TEST_NET_HTTPS_CHECKS) diff --git a/test/net/test.mk b/test/net/test.mk index 4d3db11e5..b230c6b96 100644 --- a/test/net/test.mk +++ b/test/net/test.mk @@ -2,4 +2,5 @@ #───vi: set et ft=make ts=8 tw=8 fenc=utf-8 :vi───────────────────────┘ .PHONY: o/$(MODE)/test/net -o/$(MODE)/test/net: o/$(MODE)/test/net/http +o/$(MODE)/test/net: o/$(MODE)/test/net/http \ + o/$(MODE)/test/net/https diff --git a/test/tool/net/mbedtls_test.c b/test/tool/net/mbedtls_test.c deleted file mode 100644 index b3cbe98a0..000000000 --- a/test/tool/net/mbedtls_test.c +++ /dev/null @@ -1,187 +0,0 @@ -/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ -│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ -╞══════════════════════════════════════════════════════════════════════════════╡ -│ Copyright 2021 Justine Alexandra Roberts Tunney │ -│ │ -│ Permission to use, copy, modify, and/or distribute this software for │ -│ any purpose with or without fee is hereby granted, provided that the │ -│ above copyright notice and this permission notice appear in all copies. │ -│ │ -│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ -│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ -│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ -│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ -│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ -│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ -│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ -│ PERFORMANCE OF THIS SOFTWARE. │ -╚─────────────────────────────────────────────────────────────────────────────*/ -#include "libc/testlib/ezbench.h" -#include "libc/testlib/hyperion.h" -#include "libc/testlib/testlib.h" -#include "third_party/mbedtls/aes.h" -#include "third_party/mbedtls/base64.h" -#include "third_party/mbedtls/bignum.h" -#include "third_party/mbedtls/chacha20.h" -#include "third_party/mbedtls/chachapoly.h" -#include "third_party/mbedtls/ctr_drbg.h" -#include "third_party/mbedtls/des.h" -#include "third_party/mbedtls/dhm.h" -#include "third_party/mbedtls/ecp.h" -#include "third_party/mbedtls/entropy.h" -#include "third_party/mbedtls/gcm.h" -#include "third_party/mbedtls/hmac_drbg.h" -#include "third_party/mbedtls/md5.h" -#include "third_party/mbedtls/memory_buffer_alloc.h" -#include "third_party/mbedtls/nist_kw.h" -#include "third_party/mbedtls/pkcs5.h" -#include "third_party/mbedtls/poly1305.h" -#include "third_party/mbedtls/rsa.h" -#include "third_party/mbedtls/sha1.h" -#include "third_party/mbedtls/sha256.h" -#include "third_party/mbedtls/sha512.h" -#include "third_party/mbedtls/x509.h" - -#ifdef MBEDTLS_SELF_TEST -TEST(mbedtls, selfTest) { -#ifdef MBEDTLS_DES_C - EXPECT_EQ(0, mbedtls_des_self_test(0)); -#endif -#ifdef MBEDTLS_CTR_DRBG_C - EXPECT_EQ(0, mbedtls_ctr_drbg_self_test(0)); -#endif -#ifdef MBEDTLS_HMAC_DRBG_C - EXPECT_EQ(0, mbedtls_hmac_drbg_self_test(0)); -#endif -#ifdef MBEDTLS_ENTROPY_C - EXPECT_EQ(0, mbedtls_entropy_self_test(0)); -#endif -#ifdef MBEDTLS_POLY1305_C - EXPECT_EQ(0, mbedtls_poly1305_self_test(0)); -#endif -#ifdef MBEDTLS_RSA_C - EXPECT_EQ(0, mbedtls_rsa_self_test(0)); -#endif -#ifdef MBEDTLS_BIGNUM_C - EXPECT_EQ(0, mbedtls_mpi_self_test(0)); -#endif -#ifdef MBEDTLS_PKCS5_C - EXPECT_EQ(0, mbedtls_pkcs5_self_test(0)); -#endif -#ifdef MBEDTLS_DHM_C - EXPECT_EQ(0, mbedtls_dhm_self_test(0)); -#endif -#ifdef MBEDTLS_GCM_C - EXPECT_EQ(0, mbedtls_gcm_self_test(0)); -#endif -#ifdef MBEDTLS_X509_USE_C - EXPECT_EQ(0, mbedtls_x509_self_test(0)); -#endif -#ifdef MBEDTLS_CHACHA20_C - EXPECT_EQ(0, mbedtls_chacha20_self_test(0)); -#endif -#ifdef MBEDTLS_CHACHAPOLY_C - EXPECT_EQ(0, mbedtls_chachapoly_self_test(0)); -#endif -#ifdef MBEDTLS_MEMORY_BUFFER_ALLOC_C - EXPECT_EQ(0, mbedtls_memory_buffer_alloc_self_test(0)); -#endif -#ifdef MBEDTLS_AES_C - EXPECT_EQ(0, mbedtls_aes_self_test(0)); -#endif -#ifdef MBEDTLS_BASE64_C - EXPECT_EQ(0, mbedtls_base64_self_test(0)); -#endif -#ifdef MBEDTLS_ECP_C - EXPECT_EQ(0, mbedtls_ecp_self_test(0)); -#endif -#ifdef MBEDTLS_MD5_C - EXPECT_EQ(0, mbedtls_md5_self_test(0)); -#endif -#ifdef MBEDTLS_SHA1_C - EXPECT_EQ(0, mbedtls_sha1_self_test(0)); -#endif -#ifdef MBEDTLS_SHA256_C - EXPECT_EQ(0, mbedtls_sha256_self_test(0)); -#endif -#ifdef MBEDTLS_SHA512_C - EXPECT_EQ(0, mbedtls_sha512_self_test(0)); -#endif -#ifdef MBEDTLS_NIST_KW_C - EXPECT_EQ(0, mbedtls_nist_kw_self_test(0)); -#endif -} -#endif /* MBEDTLS_SELF_TEST */ - -TEST(md5, test) { - uint8_t d[16]; - uint8_t want[16] = {0x90, 0x01, 0x50, 0x98, 0x3C, 0xD2, 0x4F, 0xB0, - 0xD6, 0x96, 0x3F, 0x7D, 0x28, 0xE1, 0x7F, 0x72}; - mbedtls_md5_ret("abc", 3, d); - EXPECT_EQ(0, memcmp(want, d, 16)); -} - -TEST(sha1, test) { - uint8_t d[20]; - uint8_t want[20] = {0xA9, 0x99, 0x3E, 0x36, 0x47, 0x06, 0x81, - 0x6A, 0xBA, 0x3E, 0x25, 0x71, 0x78, 0x50, - 0xC2, 0x6C, 0x9C, 0xD0, 0xD8, 0x9D}; - mbedtls_sha1_ret("abc", 3, d); - EXPECT_EQ(0, memcmp(want, d, 20)); -} - -TEST(sha224, test) { - uint8_t d[28]; - uint8_t want[28] = {0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, - 0x22, 0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, - 0x55, 0xB3, 0x2A, 0xAD, 0xBC, 0xE4, 0xBD, - 0xA0, 0xB3, 0xF7, 0xE3, 0x6C, 0x9D, 0xA7}; - mbedtls_sha256_ret("abc", 3, d, 1); - EXPECT_EQ(0, memcmp(want, d, 28)); -} - -TEST(sha256, test) { - uint8_t d[32]; - uint8_t want[32] = {0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA, - 0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23, - 0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C, - 0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD}; - mbedtls_sha256_ret("abc", 3, d, 0); - EXPECT_EQ(0, memcmp(want, d, 32)); -} - -TEST(sha384, test) { - uint8_t d[48]; - uint8_t want[48] = { - 0xCB, 0x00, 0x75, 0x3F, 0x45, 0xA3, 0x5E, 0x8B, 0xB5, 0xA0, 0x3D, 0x69, - 0x9A, 0xC6, 0x50, 0x07, 0x27, 0x2C, 0x32, 0xAB, 0x0E, 0xDE, 0xD1, 0x63, - 0x1A, 0x8B, 0x60, 0x5A, 0x43, 0xFF, 0x5B, 0xED, 0x80, 0x86, 0x07, 0x2B, - 0xA1, 0xE7, 0xCC, 0x23, 0x58, 0xBA, 0xEC, 0xA1, 0x34, 0xC8, 0x25, 0xA7}; - mbedtls_sha512_ret("abc", 3, d, 1); - EXPECT_EQ(0, memcmp(want, d, 48)); -} - -TEST(sha512, test) { - uint8_t d[64]; - uint8_t want[64] = { - 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA, 0xCC, 0x41, 0x73, - 0x49, 0xAE, 0x20, 0x41, 0x31, 0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, - 0x7E, 0xA2, 0x0A, 0x9E, 0xEE, 0xE6, 0x4B, 0x55, 0xD3, 0x9A, 0x21, - 0x92, 0x99, 0x2A, 0x27, 0x4F, 0xC1, 0xA8, 0x36, 0xBA, 0x3C, 0x23, - 0xA3, 0xFE, 0xEB, 0xBD, 0x45, 0x4D, 0x44, 0x23, 0x64, 0x3C, 0xE8, - 0x0E, 0x2A, 0x9A, 0xC9, 0x4F, 0xA5, 0x4C, 0xA4, 0x9F}; - mbedtls_sha512_ret("abc", 3, d, 0); - EXPECT_EQ(0, memcmp(want, d, 64)); -} - -BENCH(mbedtls, bench) { - uint8_t d[64]; - EZBENCH2("md5", donothing, mbedtls_md5_ret(kHyperion, kHyperionSize, d)); - EZBENCH2("sha1", donothing, mbedtls_sha1_ret(kHyperion, kHyperionSize, d)); - EZBENCH2("sha256", donothing, - mbedtls_sha256_ret(kHyperion, kHyperionSize, d, 0)); - EZBENCH2("sha384", donothing, - mbedtls_sha512_ret(kHyperion, kHyperionSize, d, 1)); - EZBENCH2("sha512", donothing, - mbedtls_sha512_ret(kHyperion, kHyperionSize, d, 0)); -} diff --git a/third_party/dlmalloc/dlmalloc_try_realloc_chunk.c b/third_party/dlmalloc/dlmalloc_try_realloc_chunk.c index b3a6c937e..8ecfb94c5 100644 --- a/third_party/dlmalloc/dlmalloc_try_realloc_chunk.c +++ b/third_party/dlmalloc/dlmalloc_try_realloc_chunk.c @@ -1,7 +1,7 @@ #include "third_party/dlmalloc/dlmalloc.internal.h" /* Realloc using mmap */ -static mchunkptr mmap_resize(mstate m, mchunkptr oldp, size_t nb, int flags) { +mchunkptr dlmalloc_mmap_resize(mstate m, mchunkptr oldp, size_t nb, int flags) { size_t oldsize = chunksize(oldp); if (is_small(nb)) return 0; /* Can't shrink mmap regions below small size */ /* Keep old chunk if big enough but not too big */ @@ -39,64 +39,66 @@ mchunkptr dlmalloc_try_realloc_chunk(mstate m, mchunkptr p, size_t nb, mchunkptr next = chunk_plus_offset(p, oldsize); if (RTCHECK(ok_address(m, p) && ok_inuse(p) && ok_next(p, next) && ok_pinuse(next))) { - if (is_mmapped(p)) { - newp = mmap_resize(m, p, nb, can_move); - } else if (oldsize >= nb) { /* already big enough */ - size_t rsize = oldsize - nb; - if (rsize >= MIN_CHUNK_SIZE) { /* split off remainder */ - mchunkptr r = chunk_plus_offset(p, nb); - set_inuse(m, p, nb); - set_inuse(m, r, rsize); - dlmalloc_dispose_chunk(m, r, rsize); - } - newp = p; - } else if (next == m->top) { /* extend into top */ - if (oldsize + m->topsize > nb) { - size_t newsize = oldsize + m->topsize; - size_t newtopsize = newsize - nb; - mchunkptr newtop = chunk_plus_offset(p, nb); - set_inuse(m, p, nb); - newtop->head = newtopsize | PINUSE_BIT; - m->top = newtop; - m->topsize = newtopsize; - newp = p; - } - } else if (next == m->dv) { /* extend into dv */ - size_t dvs = m->dvsize; - if (oldsize + dvs >= nb) { - size_t dsize = oldsize + dvs - nb; - if (dsize >= MIN_CHUNK_SIZE) { - mchunkptr r = chunk_plus_offset(p, nb); - mchunkptr n = chunk_plus_offset(r, dsize); - set_inuse(m, p, nb); - set_size_and_pinuse_of_free_chunk(r, dsize); - clear_pinuse(n); - m->dvsize = dsize; - m->dv = r; - } else { /* exhaust dv */ - size_t newsize = oldsize + dvs; - set_inuse(m, p, newsize); - m->dvsize = 0; - m->dv = 0; - } - newp = p; - } - } else if (!cinuse(next)) { /* extend into next free chunk */ - size_t nextsize = chunksize(next); - if (oldsize + nextsize >= nb) { - size_t rsize = oldsize + nextsize - nb; - unlink_chunk(m, next, nextsize); - if (rsize < MIN_CHUNK_SIZE) { - size_t newsize = oldsize + nextsize; - set_inuse(m, p, newsize); - } else { + if (!is_mmapped(p)) { + if (oldsize >= nb) { /* already big enough */ + size_t rsize = oldsize - nb; + if (rsize >= MIN_CHUNK_SIZE) { /* split off remainder */ mchunkptr r = chunk_plus_offset(p, nb); set_inuse(m, p, nb); set_inuse(m, r, rsize); dlmalloc_dispose_chunk(m, r, rsize); } newp = p; + } else if (next == m->top) { /* extend into top */ + if (oldsize + m->topsize > nb) { + size_t newsize = oldsize + m->topsize; + size_t newtopsize = newsize - nb; + mchunkptr newtop = chunk_plus_offset(p, nb); + set_inuse(m, p, nb); + newtop->head = newtopsize | PINUSE_BIT; + m->top = newtop; + m->topsize = newtopsize; + newp = p; + } + } else if (next == m->dv) { /* extend into dv */ + size_t dvs = m->dvsize; + if (oldsize + dvs >= nb) { + size_t dsize = oldsize + dvs - nb; + if (dsize >= MIN_CHUNK_SIZE) { + mchunkptr r = chunk_plus_offset(p, nb); + mchunkptr n = chunk_plus_offset(r, dsize); + set_inuse(m, p, nb); + set_size_and_pinuse_of_free_chunk(r, dsize); + clear_pinuse(n); + m->dvsize = dsize; + m->dv = r; + } else { /* exhaust dv */ + size_t newsize = oldsize + dvs; + set_inuse(m, p, newsize); + m->dvsize = 0; + m->dv = 0; + } + newp = p; + } + } else if (!cinuse(next)) { /* extend into next free chunk */ + size_t nextsize = chunksize(next); + if (oldsize + nextsize >= nb) { + size_t rsize = oldsize + nextsize - nb; + unlink_chunk(m, next, nextsize); + if (rsize < MIN_CHUNK_SIZE) { + size_t newsize = oldsize + nextsize; + set_inuse(m, p, newsize); + } else { + mchunkptr r = chunk_plus_offset(p, nb); + set_inuse(m, p, nb); + set_inuse(m, r, rsize); + dlmalloc_dispose_chunk(m, r, rsize); + } + newp = p; + } } + } else { + newp = dlmalloc_mmap_resize(m, p, nb, can_move); } } else { USAGE_ERROR_ACTION(m, chunk2mem(p)); diff --git a/third_party/mbedtls/README.cosmo b/third_party/mbedtls/README.cosmo index 066fd23e3..f4a506331 100644 --- a/third_party/mbedtls/README.cosmo +++ b/third_party/mbedtls/README.cosmo @@ -49,6 +49,8 @@ LOCAL CHANGES - Fix mbedtls_mpi_sub_abs() to not call malloc/free/memcpy since it's called 11,124 times during as SSL handshake. + - Make P-256 and P-384 modulus goes 5x faster. + - Make chacha20 26% faster. - Make base64 100x faster. diff --git a/third_party/mbedtls/aes.c b/third_party/mbedtls/aes.c index 5a6b2fcdc..63d78a79e 100644 --- a/third_party/mbedtls/aes.c +++ b/third_party/mbedtls/aes.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "libc/bits/bits.h" #include "libc/nexgen32e/x86feature.h" #include "third_party/mbedtls/aes.h" @@ -11,32 +28,15 @@ Mbed TLS (Apache 2.0)\\n\ Copyright ARM Limited\\n\ Copyright Mbed TLS Contributors\""); asm(".include \"libc/disclaimer.inc\""); - /* clang-format off */ -/* - * FIPS-197 compliant AES implementation - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * The AES block cipher was designed by Vincent Rijmen and Joan Daemen. +/** + * @fileoverview FIPS-197 compliant AES implementation * - * http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf - * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf + * The AES block cipher was designed by Vincent Rijmen and Joan Daemen. + * + * @see http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf + * @see http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf */ #if defined(MBEDTLS_AES_C) @@ -485,7 +485,7 @@ void mbedtls_aes_init( mbedtls_aes_context *ctx ) { AES_VALIDATE( ctx != NULL ); - memset( ctx, 0, sizeof( mbedtls_aes_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_aes_context ) ); } void mbedtls_aes_free( mbedtls_aes_context *ctx ) @@ -733,7 +733,7 @@ int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx, const unsigned char *key, unsigned int keybits) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; const unsigned char *key1, *key2; unsigned int key1bits, key2bits; @@ -758,7 +758,7 @@ int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx, const unsigned char *key, unsigned int keybits) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; const unsigned char *key1, *key2; unsigned int key1bits, key2bits; @@ -1100,7 +1100,7 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, const unsigned char *input, unsigned char *output ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t blocks = length / 16; size_t leftover = length % 16; unsigned char tweak[16]; @@ -1349,12 +1349,12 @@ exit: * AES-CTR buffer encryption/decryption */ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[16], - unsigned char stream_block[16], - const unsigned char *input, - unsigned char *output ) + size_t length, + size_t *nc_off, + unsigned char nonce_counter[16], + unsigned char stream_block[16], + const unsigned char *input, + unsigned char *output ) { int c, i; size_t n; @@ -1734,7 +1734,7 @@ int mbedtls_aes_self_test( int verbose ) #endif mbedtls_aes_context ctx; - memset( key, 0, 32 ); + mbedtls_platform_zeroize( key, 32 ); mbedtls_aes_init( &ctx ); /* @@ -1750,7 +1750,7 @@ int mbedtls_aes_self_test( int verbose ) mbedtls_printf( " AES-ECB-%3u (%s): ", keybits, ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); - memset( buf, 0, 16 ); + mbedtls_platform_zeroize( buf, 16 ); if( mode == MBEDTLS_AES_DECRYPT ) { @@ -1797,9 +1797,9 @@ int mbedtls_aes_self_test( int verbose ) mbedtls_printf( " AES-CBC-%3u (%s): ", keybits, ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); - memset( iv , 0, 16 ); - memset( prv, 0, 16 ); - memset( buf, 0, 16 ); + mbedtls_platform_zeroize( iv , 16 ); + mbedtls_platform_zeroize( prv, 16 ); + mbedtls_platform_zeroize( buf, 16 ); if( mode == MBEDTLS_AES_DECRYPT ) { @@ -2042,7 +2042,7 @@ int mbedtls_aes_self_test( int verbose ) mbedtls_printf( " AES-XTS-128 (%s): ", ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); - memset( key, 0, sizeof( key ) ); + mbedtls_platform_zeroize( key, sizeof( key ) ); memcpy( key, aes_test_xts_key[u], 32 ); data_unit = aes_test_xts_data_unit[u]; diff --git a/third_party/mbedtls/aesni.c b/third_party/mbedtls/aesni.c index 064be41c9..526348f94 100644 --- a/third_party/mbedtls/aesni.c +++ b/third_party/mbedtls/aesni.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "libc/bits/bits.h" #include "libc/str/str.h" #include "third_party/mbedtls/aesni.h" @@ -10,25 +27,6 @@ Copyright Mbed TLS Contributors\""); asm(".include \"libc/disclaimer.inc\""); /* clang-format off */ -/* - * AES-NI support functions - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - /* * [AES-WP] http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-aes-instructions-set * [CLMUL-WP] http://software.intel.com/en-us/articles/intel-carry-less-multiplication-instruction-and-its-usage-for-computing-the-gcm-mode/ @@ -91,22 +89,22 @@ int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx, "1: \n\t" // encryption loop "movdqu (%1), %%xmm1 \n\t" // load round key - AESENC xmm1_xmm0 "\n\t" // do round + "aesenc %%xmm1, %%xmm0 \n\t" // do round "add $16, %1 \n\t" // point to next round key "subl $1, %0 \n\t" // loop "jnz 1b \n\t" "movdqu (%1), %%xmm1 \n\t" // load round key - AESENCLAST xmm1_xmm0 "\n\t" // last round + "aesenclast %%xmm1, %%xmm0 \n\t" // last round "jmp 3f \n\t" "2: \n\t" // decryption loop "movdqu (%1), %%xmm1 \n\t" - AESDEC xmm1_xmm0 "\n\t" // do round + "aesdec %%xmm1, %%xmm0 \n\t" // do round "add $16, %1 \n\t" "subl $1, %0 \n\t" "jnz 2b \n\t" "movdqu (%1), %%xmm1 \n\t" // load round key - AESDECLAST xmm1_xmm0 "\n\t" // last round + "aesdeclast %%xmm1,%%xmm0 \n\t" // last round "3: \n\t" "movdqu %%xmm0, (%4) \n\t" // export output diff --git a/third_party/mbedtls/asn1.h b/third_party/mbedtls/asn1.h index 4732c530a..2eb3c5a6d 100644 --- a/third_party/mbedtls/asn1.h +++ b/third_party/mbedtls/asn1.h @@ -175,9 +175,19 @@ mbedtls_asn1_named_data; * would end beyond \p end. * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable. */ -int mbedtls_asn1_get_len( unsigned char **p, - const unsigned char *end, - size_t *len ); +forceinline int mbedtls_asn1_get_len( unsigned char **p, + const unsigned char *end, + size_t *len ) { + int mbedtls_asn1_get_len_impl( unsigned char **, const unsigned char *, size_t * ); + if( ( end - *p ) < 1 ) + return( MBEDTLS_ERR_ASN1_OUT_OF_DATA ); + if( **p & 0x80 ) + return( mbedtls_asn1_get_len_impl( p, end, len ) ); + *len = *(*p)++; + if( *len > (size_t) ( end - *p ) ) + return( MBEDTLS_ERR_ASN1_OUT_OF_DATA ); + return( 0 ); +} /** * \brief Get the tag and length of the element. @@ -200,9 +210,17 @@ int mbedtls_asn1_get_len( unsigned char **p, * would end beyond \p end. * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable. */ -int mbedtls_asn1_get_tag( unsigned char **p, - const unsigned char *end, - size_t *len, int tag ); +forceinline int mbedtls_asn1_get_tag( unsigned char **p, + const unsigned char *end, + size_t *len, int tag ) +{ + if( ( end - *p ) < 1 ) + return( MBEDTLS_ERR_ASN1_OUT_OF_DATA ); + if( **p != tag ) + return( MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + (*p)++; + return( mbedtls_asn1_get_len( p, end, len ) ); +} /** * \brief Retrieve a boolean ASN.1 tag and its value. diff --git a/third_party/mbedtls/asn1parse.c b/third_party/mbedtls/asn1parse.c index c296b9032..3d878001b 100644 --- a/third_party/mbedtls/asn1parse.c +++ b/third_party/mbedtls/asn1parse.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "third_party/mbedtls/asn1.h" #include "third_party/mbedtls/bignum.h" #include "third_party/mbedtls/common.h" @@ -9,39 +26,19 @@ Mbed TLS (Apache 2.0)\\n\ Copyright ARM Limited\\n\ Copyright Mbed TLS Contributors\""); asm(".include \"libc/disclaimer.inc\""); - /* clang-format off */ -/* - * Generic ASN.1 parsing - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ #if defined(MBEDTLS_ASN1_PARSE_C) /* * ASN.1 DER decoding routines */ -int mbedtls_asn1_get_len( unsigned char **p, - const unsigned char *end, - size_t *len ) +int mbedtls_asn1_get_len_impl( unsigned char **p, + const unsigned char *end, + size_t *len ) { if( ( end - *p ) < 1 ) return( MBEDTLS_ERR_ASN1_OUT_OF_DATA ); - if( ( **p & 0x80 ) == 0 ) *len = *(*p)++; else @@ -51,79 +48,50 @@ int mbedtls_asn1_get_len( unsigned char **p, case 1: if( ( end - *p ) < 2 ) return( MBEDTLS_ERR_ASN1_OUT_OF_DATA ); - *len = (*p)[1]; (*p) += 2; break; - case 2: if( ( end - *p ) < 3 ) return( MBEDTLS_ERR_ASN1_OUT_OF_DATA ); - *len = ( (size_t)(*p)[1] << 8 ) | (*p)[2]; (*p) += 3; break; - case 3: if( ( end - *p ) < 4 ) return( MBEDTLS_ERR_ASN1_OUT_OF_DATA ); - *len = ( (size_t)(*p)[1] << 16 ) | ( (size_t)(*p)[2] << 8 ) | (*p)[3]; (*p) += 4; break; - case 4: if( ( end - *p ) < 5 ) return( MBEDTLS_ERR_ASN1_OUT_OF_DATA ); - *len = ( (size_t)(*p)[1] << 24 ) | ( (size_t)(*p)[2] << 16 ) | ( (size_t)(*p)[3] << 8 ) | (*p)[4]; (*p) += 5; break; - default: return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); } } - if( *len > (size_t) ( end - *p ) ) return( MBEDTLS_ERR_ASN1_OUT_OF_DATA ); - return( 0 ); } -int mbedtls_asn1_get_tag( unsigned char **p, - const unsigned char *end, - size_t *len, int tag ) -{ - if( ( end - *p ) < 1 ) - return( MBEDTLS_ERR_ASN1_OUT_OF_DATA ); - - if( **p != tag ) - return( MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); - - (*p)++; - - return( mbedtls_asn1_get_len( p, end, len ) ); -} - int mbedtls_asn1_get_bool( unsigned char **p, - const unsigned char *end, - int *val ) + const unsigned char *end, + int *val ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len; - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_BOOLEAN ) ) != 0 ) return( ret ); - if( len != 1 ) return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); - *val = ( **p != 0 ) ? 1 : 0; (*p)++; - return( 0 ); } @@ -131,12 +99,10 @@ static int asn1_get_tagged_int( unsigned char **p, const unsigned char *end, int tag, int *val ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len; - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, tag ) ) != 0 ) return( ret ); - /* * len==0 is malformed (0 must be represented as 020100 for INTEGER, * or 0A0100 for ENUMERATED tags @@ -146,28 +112,24 @@ static int asn1_get_tagged_int( unsigned char **p, /* This is a cryptography library. Reject negative integers. */ if( ( **p & 0x80 ) != 0 ) return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); - /* Skip leading zeros. */ while( len > 0 && **p == 0 ) { ++( *p ); --len; } - /* Reject integers that don't fit in an int. This code assumes that * the int type has no padding bit. */ if( len > sizeof( int ) ) return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); if( len == sizeof( int ) && ( **p & 0x80 ) != 0 ) return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); - *val = 0; while( len-- > 0 ) { *val = ( *val << 8 ) | **p; (*p)++; } - return( 0 ); } @@ -185,52 +147,41 @@ int mbedtls_asn1_get_enum( unsigned char **p, return( asn1_get_tagged_int( p, end, MBEDTLS_ASN1_ENUMERATED, val) ); } -#if defined(MBEDTLS_BIGNUM_C) int mbedtls_asn1_get_mpi( unsigned char **p, - const unsigned char *end, - mbedtls_mpi *X ) + const unsigned char *end, + mbedtls_mpi *X ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len; - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 ) return( ret ); - ret = mbedtls_mpi_read_binary( X, *p, len ); - *p += len; - return( ret ); } -#endif /* MBEDTLS_BIGNUM_C */ -int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end, - mbedtls_asn1_bitstring *bs) +int mbedtls_asn1_get_bitstring( unsigned char **p, + const unsigned char *end, + mbedtls_asn1_bitstring *bs) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - + int ret = MBEDTLS_ERR_THIS_CORRUPTION; /* Certificate type is a single byte bitstring */ if( ( ret = mbedtls_asn1_get_tag( p, end, &bs->len, MBEDTLS_ASN1_BIT_STRING ) ) != 0 ) return( ret ); - /* Check length, subtract one for actual bit string length */ if( bs->len < 1 ) return( MBEDTLS_ERR_ASN1_OUT_OF_DATA ); bs->len -= 1; - /* Get number of unused bits, ensure unused bits <= 7 */ bs->unused_bits = **p; if( bs->unused_bits > 7 ) return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); (*p)++; - /* Get actual bitstring */ bs->p = *p; *p += bs->len; - if( *p != end ) return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); - return( 0 ); } @@ -249,68 +200,57 @@ int mbedtls_asn1_traverse_sequence_of( { int ret; size_t len; - /* Get main sequence tag */ if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) { return( ret ); } - if( *p + len != end ) return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); - while( *p < end ) { unsigned char const tag = *(*p)++; - if( ( tag & tag_must_mask ) != tag_must_val ) return( MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); - if( ( ret = mbedtls_asn1_get_len( p, end, &len ) ) != 0 ) return( ret ); - if( ( tag & tag_may_mask ) == tag_may_val ) { - if( cb != NULL ) + if( cb ) { ret = cb( ctx, tag, *p, len ); if( ret != 0 ) return( ret ); } } - *p += len; } - return( 0 ); } /* * Get a bit string without unused bits */ -int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end, - size_t *len ) +int mbedtls_asn1_get_bitstring_null( unsigned char **p, + const unsigned char *end, + size_t *len ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - + int ret = MBEDTLS_ERR_THIS_CORRUPTION; if( ( ret = mbedtls_asn1_get_tag( p, end, len, MBEDTLS_ASN1_BIT_STRING ) ) != 0 ) return( ret ); - - if( *len == 0 ) + if( !*len ) return( MBEDTLS_ERR_ASN1_INVALID_DATA ); --( *len ); - if( **p != 0 ) return( MBEDTLS_ERR_ASN1_INVALID_DATA ); ++( *p ); - return( 0 ); } void mbedtls_asn1_sequence_free( mbedtls_asn1_sequence *seq ) { - while( seq != NULL ) + while( seq ) { mbedtls_asn1_sequence *next = seq->next; mbedtls_platform_zeroize( seq, sizeof( *seq ) ); @@ -334,22 +274,17 @@ static int asn1_get_sequence_of_cb( void *ctx, (asn1_get_sequence_of_cb_ctx_t *) ctx; mbedtls_asn1_sequence *cur = cb_ctx->cur; - - if( cur->buf.p != NULL ) + if( cur->buf.p ) { cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) ); - - if( cur->next == NULL ) + if( !cur->next ) return( MBEDTLS_ERR_ASN1_ALLOC_FAILED ); - cur = cur->next; } - cur->buf.p = start; cur->buf.len = len; cur->buf.tag = tag; - cb_ctx->cur = cur; return( 0 ); } @@ -358,58 +293,48 @@ static int asn1_get_sequence_of_cb( void *ctx, * Parses and splits an ASN.1 "SEQUENCE OF " */ int mbedtls_asn1_get_sequence_of( unsigned char **p, - const unsigned char *end, - mbedtls_asn1_sequence *cur, - int tag) + const unsigned char *end, + mbedtls_asn1_sequence *cur, + int tag) { asn1_get_sequence_of_cb_ctx_t cb_ctx = { tag, cur }; - memset( cur, 0, sizeof( mbedtls_asn1_sequence ) ); + mbedtls_platform_zeroize( cur, sizeof( mbedtls_asn1_sequence ) ); return( mbedtls_asn1_traverse_sequence_of( p, end, 0xFF, tag, 0, 0, asn1_get_sequence_of_cb, &cb_ctx ) ); } int mbedtls_asn1_get_alg( unsigned char **p, - const unsigned char *end, - mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params ) + const unsigned char *end, + mbedtls_asn1_buf *alg, + mbedtls_asn1_buf *params ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len; - if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) return( ret ); - if( ( end - *p ) < 1 ) return( MBEDTLS_ERR_ASN1_OUT_OF_DATA ); - alg->tag = **p; end = *p + len; - if( ( ret = mbedtls_asn1_get_tag( p, end, &alg->len, MBEDTLS_ASN1_OID ) ) != 0 ) return( ret ); - alg->p = *p; *p += alg->len; - if( *p == end ) { mbedtls_platform_zeroize( params, sizeof(mbedtls_asn1_buf) ); return( 0 ); } - params->tag = **p; (*p)++; - if( ( ret = mbedtls_asn1_get_len( p, end, ¶ms->len ) ) != 0 ) return( ret ); - params->p = *p; *p += params->len; - if( *p != end ) return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); - return( 0 ); } @@ -417,36 +342,29 @@ int mbedtls_asn1_get_alg_null( unsigned char **p, const unsigned char *end, mbedtls_asn1_buf *alg ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_asn1_buf params; - - memset( ¶ms, 0, sizeof(mbedtls_asn1_buf) ); - + mbedtls_platform_zeroize( ¶ms, sizeof(mbedtls_asn1_buf) ); if( ( ret = mbedtls_asn1_get_alg( p, end, alg, ¶ms ) ) != 0 ) return( ret ); - if( ( params.tag != MBEDTLS_ASN1_NULL && params.tag != 0 ) || params.len != 0 ) return( MBEDTLS_ERR_ASN1_INVALID_DATA ); - return( 0 ); } void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *cur ) { - if( cur == NULL ) + if( !cur ) return; - mbedtls_free( cur->oid.p ); mbedtls_free( cur->val.p ); - mbedtls_platform_zeroize( cur, sizeof( mbedtls_asn1_named_data ) ); } void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head ) { mbedtls_asn1_named_data *cur; - - while( ( cur = *head ) != NULL ) + while( ( cur = *head ) ) { *head = cur->next; mbedtls_asn1_free_named_data( cur ); @@ -454,20 +372,19 @@ void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head ) } } -mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( mbedtls_asn1_named_data *list, - const char *oid, size_t len ) +mbedtls_asn1_named_data * +mbedtls_asn1_find_named_data(mbedtls_asn1_named_data *list, + const char *oid, size_t len ) { - while( list != NULL ) + while( list ) { if( list->oid.len == len && memcmp( list->oid.p, oid, len ) == 0 ) { break; } - list = list->next; } - return( list ); } diff --git a/third_party/mbedtls/asn1write.c b/third_party/mbedtls/asn1write.c index dd0fe9b24..ed4380cf8 100644 --- a/third_party/mbedtls/asn1write.c +++ b/third_party/mbedtls/asn1write.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "third_party/mbedtls/asn1write.h" #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/error.h" @@ -8,25 +25,10 @@ Mbed TLS (Apache 2.0)\\n\ Copyright ARM Limited\\n\ Copyright Mbed TLS Contributors\""); asm(".include \"libc/disclaimer.inc\""); - /* clang-format off */ -/* - * ASN.1 buffer writing functionality - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + +/** + * @fileoverview ASN.1 buffer writing functionality */ #if defined(MBEDTLS_ASN1_WRITE_C) @@ -49,51 +51,42 @@ int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len { if( *p - start < 1 ) return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); - *--(*p) = (unsigned char) len; return( 1 ); } - if( len <= 0xFF ) { if( *p - start < 2 ) return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); - *--(*p) = (unsigned char) len; *--(*p) = 0x81; return( 2 ); } - if( len <= 0xFFFF ) { if( *p - start < 3 ) return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); - *--(*p) = ( len ) & 0xFF; *--(*p) = ( len >> 8 ) & 0xFF; *--(*p) = 0x82; return( 3 ); } - if( len <= 0xFFFFFF ) { if( *p - start < 4 ) return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); - *--(*p) = ( len ) & 0xFF; *--(*p) = ( len >> 8 ) & 0xFF; *--(*p) = ( len >> 16 ) & 0xFF; *--(*p) = 0x83; return( 4 ); } - #if SIZE_MAX > 0xFFFFFFFF if( len <= 0xFFFFFFFF ) #endif { if( *p - start < 5 ) return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); - *--(*p) = ( len ) & 0xFF; *--(*p) = ( len >> 8 ) & 0xFF; *--(*p) = ( len >> 16 ) & 0xFF; @@ -101,7 +94,6 @@ int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len *--(*p) = 0x84; return( 5 ); } - #if SIZE_MAX > 0xFFFFFFFF return( MBEDTLS_ERR_ASN1_INVALID_LENGTH ); #endif @@ -123,9 +115,7 @@ int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start, unsigned ch { if( *p - start < 1 ) return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); - *--(*p) = tag; - return( 1 ); } @@ -146,14 +136,11 @@ int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start, const unsigned char *buf, size_t size ) { size_t len = 0; - if( *p < start || (size_t)( *p - start ) < size ) return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); - len = size; (*p) -= len; memcpy( *p, buf, len ); - return( (int) len ); } @@ -174,19 +161,15 @@ int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start, */ int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedtls_mpi *X ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len = 0; - // Write the MPI // len = mbedtls_mpi_size( X ); - if( *p < start || (size_t)( *p - start ) < len ) return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); - (*p) -= len; MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( X, *p, len ) ); - // DER format assumes 2s complement for numbers, so the leftmost bit // should be 0 for positive numbers and 1 for negative numbers. // @@ -194,16 +177,12 @@ int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedt { if( *p - start < 1 ) return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); - *--(*p) = 0x00; len += 1; } - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_INTEGER ) ); - ret = (int) len; - cleanup: return( ret ); } @@ -223,14 +202,12 @@ cleanup: */ int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len = 0; - // Write NULL // MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, 0) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_NULL ) ); - return( (int) len ); } @@ -251,14 +228,12 @@ int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start ) int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start, const char *oid, size_t oid_len ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len = 0; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, (const unsigned char *) oid, oid_len ) ); MBEDTLS_ASN1_CHK_ADD( len , mbedtls_asn1_write_len( p, start, len ) ); MBEDTLS_ASN1_CHK_ADD( len , mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_OID ) ); - return( (int) len ); } @@ -281,20 +256,16 @@ int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, unsigned char *s const char *oid, size_t oid_len, size_t par_len ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len = 0; - if( par_len == 0 ) MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_null( p, start ) ); else len += par_len; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, oid_len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); - return( (int) len ); } @@ -313,26 +284,21 @@ int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, unsigned char *s */ int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolean ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len = 0; - if( *p - start < 1 ) return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); - *--(*p) = (boolean) ? 255 : 0; len++; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_BOOLEAN ) ); - return( (int) len ); } static int asn1_write_tagged_int( unsigned char **p, unsigned char *start, int val, int tag ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len = 0; - do { if( *p - start < 1 ) @@ -342,7 +308,6 @@ static int asn1_write_tagged_int( unsigned char **p, unsigned char *start, int v val >>= 8; } while( val > 0 ); - if( **p & 0x80 ) { if( *p - start < 1 ) @@ -350,10 +315,8 @@ static int asn1_write_tagged_int( unsigned char **p, unsigned char *start, int v *--(*p) = 0x00; len += 1; } - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, tag ) ); - return( (int) len ); } @@ -414,15 +377,12 @@ int mbedtls_asn1_write_enum( unsigned char **p, unsigned char *start, int val ) int mbedtls_asn1_write_tagged_string( unsigned char **p, unsigned char *start, int tag, const char *text, size_t text_len ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len = 0; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, (const unsigned char *) text, text_len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, tag ) ); - return( (int) len ); } @@ -515,37 +475,30 @@ int mbedtls_asn1_write_named_bitstring( unsigned char **p, const unsigned char *cur_byte; unsigned char cur_byte_shifted; unsigned char bit; - byte_len = ( bits + 7 ) / 8; unused_bits = ( byte_len * 8 ) - bits; - /* * Named bitstrings require that trailing 0s are excluded in the encoding * of the bitstring. Trailing 0s are considered part of the 'unused' bits * when encoding this value in the first content octet */ - if( bits != 0 ) + if( bits ) { cur_byte = buf + byte_len - 1; cur_byte_shifted = *cur_byte >> unused_bits; - for( ; ; ) { bit = cur_byte_shifted & 0x1; cur_byte_shifted >>= 1; - - if( bit != 0 ) + if( bit ) break; - bits--; if( bits == 0 ) break; - if( bits % 8 == 0 ) cur_byte_shifted = *--cur_byte; } } - return( mbedtls_asn1_write_bitstring( p, start, buf, bits ) ); } @@ -566,18 +519,14 @@ int mbedtls_asn1_write_named_bitstring( unsigned char **p, int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start, const unsigned char *buf, size_t bits ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len = 0; size_t unused_bits, byte_len; - byte_len = ( bits + 7 ) / 8; unused_bits = ( byte_len * 8 ) - bits; - if( *p < start || (size_t)( *p - start ) < byte_len + 1 ) return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); - len = byte_len + 1; - /* Write the bitstring. Ensure the unused bits are zeroed */ if( byte_len > 0 ) { @@ -586,13 +535,10 @@ int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start, ( *p ) -= byte_len; memcpy( *p, buf, byte_len ); } - /* Write unused bits */ *--( *p ) = (unsigned char)unused_bits; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_BIT_STRING ) ); - return( (int) len ); } @@ -613,35 +559,29 @@ int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start, int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start, const unsigned char *buf, size_t size ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len = 0; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, buf, size ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_OCTET_STRING ) ); - return( (int) len ); } - /* This is a copy of the ASN.1 parsing function mbedtls_asn1_find_named_data(), * which is replicated to avoid a dependency ASN1_WRITE_C on ASN1_PARSE_C. */ static mbedtls_asn1_named_data *asn1_find_named_data( mbedtls_asn1_named_data *list, const char *oid, size_t len ) { - while( list != NULL ) + while( list ) { if( list->oid.len == len && memcmp( list->oid.p, oid, len ) == 0 ) { break; } - list = list->next; } - return( list ); } @@ -672,38 +612,33 @@ mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(mbedtls_asn1_named_data * size_t val_len ) { mbedtls_asn1_named_data *cur; - if( ( cur = asn1_find_named_data( *head, oid, oid_len ) ) == NULL ) { // Add new entry if not present yet based on OID // cur = (mbedtls_asn1_named_data*)mbedtls_calloc( 1, sizeof(mbedtls_asn1_named_data) ); - if( cur == NULL ) + if( !cur ) return( NULL ); - cur->oid.len = oid_len; cur->oid.p = mbedtls_calloc( 1, oid_len ); - if( cur->oid.p == NULL ) + if( !cur->oid.p ) { mbedtls_free( cur ); return( NULL ); } - memcpy( cur->oid.p, oid, oid_len ); - cur->val.len = val_len; - if( val_len != 0 ) + if( val_len ) { cur->val.p = mbedtls_calloc( 1, val_len ); - if( cur->val.p == NULL ) + if( !cur->val.p ) { mbedtls_free( cur->oid.p ); mbedtls_free( cur ); return( NULL ); } } - cur->next = *head; *head = cur; } @@ -720,17 +655,15 @@ mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(mbedtls_asn1_named_data * * a consistent state in case allocation fails. */ void *p = mbedtls_calloc( 1, val_len ); - if( p == NULL ) + if( !p ) return( NULL ); - mbedtls_free( cur->val.p ); cur->val.p = p; cur->val.len = val_len; } - - if( val != NULL ) + if( val ) memcpy( cur->val.p, val, val_len ); - return( cur ); } + #endif /* MBEDTLS_ASN1_WRITE_C */ diff --git a/third_party/mbedtls/base64.c b/third_party/mbedtls/base64.c index f7a32becd..dc265e74b 100644 --- a/third_party/mbedtls/base64.c +++ b/third_party/mbedtls/base64.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "third_party/mbedtls/base64.h" #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/platform.h" @@ -7,28 +24,7 @@ Mbed TLS (Apache 2.0)\\n\ Copyright ARM Limited\\n\ Copyright Mbed TLS Contributors\""); asm(".include \"libc/disclaimer.inc\""); - /* clang-format off */ -/* - * RFC 1521 base64 encoding/decoding - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#if defined(MBEDTLS_BASE64_C) #define ENC "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" @@ -187,7 +183,6 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, uint32_t j, x; unsigned char *p; unsigned char dec_map_lookup; - /* First pass: check for validity and get output length */ for( i = n = j = 0; i < slen; i++ ) { @@ -198,65 +193,49 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, ++i; ++x; } - /* Spaces at end of buffer are OK */ if( i == slen ) break; - if( ( slen - i ) >= 2 && src[i] == '\r' && src[i + 1] == '\n' ) continue; - if( src[i] == '\n' ) continue; - /* Space inside a line is an error */ if( x != 0 ) return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER ); - if( src[i] == '=' && ++j > 2 ) return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER ); - dec_map_lookup = mbedtls_base64_table_lookup( base64_dec_map, sizeof( base64_dec_map ), src[i] ); - if( src[i] > 127 || dec_map_lookup == 127 ) return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER ); - if( dec_map_lookup < 64 && j != 0 ) return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER ); - n++; } - if( n == 0 ) { *olen = 0; return( 0 ); } - /* The following expression is to calculate the following formula without * risk of integer overflow in n: * n = ( ( n * 6 ) + 7 ) >> 3; */ n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 ); n -= j; - if( dst == NULL || dlen < n ) { *olen = n; return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); } - for( j = 3, n = x = 0, p = dst; i > 0; i--, src++ ) { if( *src == '\r' || *src == '\n' || *src == ' ' ) continue; - dec_map_lookup = mbedtls_base64_table_lookup( base64_dec_map, sizeof( base64_dec_map ), *src ); - mbedtls_base64_cond_assign_uint32( &j, j - 1, mbedtls_base64_eq( dec_map_lookup, 64 ) ); x = ( x << 6 ) | ( dec_map_lookup & 0x3F ); - if( ++n == 4 ) { n = 0; @@ -265,9 +244,7 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, if( j > 2 ) *p++ = (unsigned char)( x ); } } - *olen = p - dst; - return( 0 ); } @@ -299,41 +276,29 @@ int mbedtls_base64_self_test( int verbose ) size_t len; const unsigned char *src; unsigned char buffer[128]; - if( verbose != 0 ) mbedtls_printf( " Base64 encoding test: " ); - src = base64_test_dec; - if( mbedtls_base64_encode( buffer, sizeof( buffer ), &len, src, 64 ) != 0 || memcmp( base64_test_enc, buffer, 88 ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "failed\n" ); - return( 1 ); } - if( verbose != 0 ) mbedtls_printf( "passed\n Base64 decoding test: " ); - src = base64_test_enc; - if( mbedtls_base64_decode( buffer, sizeof( buffer ), &len, src, 88 ) != 0 || memcmp( base64_test_dec, buffer, 64 ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "failed\n" ); - return( 1 ); } - if( verbose != 0 ) mbedtls_printf( "passed\n\n" ); - return( 0 ); } #endif /* MBEDTLS_SELF_TEST */ - -#endif /* MBEDTLS_BASE64_C */ diff --git a/third_party/mbedtls/bigmul.c b/third_party/mbedtls/bigmul.c new file mode 100644 index 000000000..ecb81ba05 --- /dev/null +++ b/third_party/mbedtls/bigmul.c @@ -0,0 +1,285 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/bits/bits.h" +#include "libc/log/backtrace.internal.h" +#include "libc/log/check.h" +#include "libc/macros.internal.h" +#include "libc/mem/mem.h" +#include "libc/nexgen32e/bsr.h" +#include "libc/nexgen32e/x86feature.h" +#include "third_party/mbedtls/bignum.h" +#include "third_party/mbedtls/bignum_internal.h" +#include "third_party/mbedtls/profile.h" +/* clang-format off */ + +void Mul(uint64_t *c, uint64_t *A, unsigned n, uint64_t *B, unsigned m) +{ + if (!m--) return; + mbedtls_platform_zeroize(c, m * ciL); + mbedtls_mpi_mul_hlp1(n, A, c + m, B[m]); + for (; m > 0; m--) + mbedtls_mpi_mul_hlp(n, A, c + m - 1, B[m - 1]); +} + +/** + * Computes inner loop of multiplication algorithm. + */ +void mbedtls_mpi_mul_hlp1(size_t n, const uint64_t *s, uint64_t *d, uint64_t b) +{ + size_t i; + uint128_t x; + uint64_t c, t; + i = c = 0; +#ifdef __x86_64__ +#define MULXADOX(i) \ + "mulx\t" #i "*8(%2),%%rax,%%r9\n\t" \ + "adox\t%0,%%rax\n\t" \ + "mov\t%%rax," #i "*8(%1)\n\t" \ + "mov\t%%r9,%0\n\t" + if (X86_HAVE(BMI2) && X86_HAVE(ADX)) + { + for (; n >= 8; n -= 8, s += 8, d += 8) + { + asm volatile("xor\t%%r8d,%%r8d\n\t" // + MULXADOX(0) // + MULXADOX(1) // + MULXADOX(2) // + MULXADOX(3) // + MULXADOX(4) // + MULXADOX(5) // + MULXADOX(6) // + MULXADOX(7) // + "adcx\t%%r8,%0\n" // + "adox\t%%r8,%0" // + : "+r"(c) + : "r"(d), "S"(s), "d"(b) + : "rax", "r8", "r9", "memory", "cc"); + } + for (; n >= 4; n -= 4, s += 4, d += 4) + { + asm volatile("xor\t%%r8d,%%r8d\n\t" // + MULXADOX(0) // + MULXADOX(1) // + MULXADOX(2) // + MULXADOX(3) // + "adcx\t%%r8,%0\n" // + "adox\t%%r8,%0" // + : "+r"(c) + : "r"(d), "S"(s), "d"(b) + : "rax", "r8", "r9", "memory", "cc"); + } + } +#undef MULXADOX +#endif + for (; i < n; ++i) + { + x = s[i]; + x *= b; + x += c; + c = x >> 64; + d[i] = x; + } + d[i] = c; +} + +/** + * Computes inner loop of multiplication algorithm. + */ +void mbedtls_mpi_mul_hlp(size_t n, uint64_t *s, uint64_t *d, uint64_t b) +{ + size_t i; + uint128_t x; + uint64_t c, l, h, t; + i = c = 0; +#ifdef __x86_64__ +#define MULADDC(i) \ + "mulx\t" #i "*8(%2),%%rax,%%r9\n\t" \ + "adcx\t" #i "*8(%1),%%rax\n\t" \ + "adox\t%0,%%rax\n\t" \ + "mov\t%%rax," #i "*8(%1)\n\t" \ + "mov\t%%r9,%0\n\t" + if (X86_HAVE(BMI2) && X86_HAVE(ADX)) + { + for (; n >= 8; n -= 8, s += 8, d += 8) + { + asm volatile("xor\t%%r8d,%%r8d\n\t" // + MULADDC(0) // + MULADDC(1) // + MULADDC(2) // + MULADDC(3) // + MULADDC(4) // + MULADDC(5) // + MULADDC(6) // + MULADDC(7) // + "adcx\t%%r8,%0\n" // + "adox\t%%r8,%0" // + : "+r"(c) + : "r"(d), "S"(s), "d"(b) + : "rax", "r8", "r9", "memory", "cc"); + } + + for (; n >= 4; n -= 4, s += 4, d += 4) + { + asm volatile("xor\t%%r8d,%%r8d\n\t" // + MULADDC(0) // + MULADDC(1) // + MULADDC(2) // + MULADDC(3) // + "adcx\t%%r8,%0\n" // + "adox\t%%r8,%0" // + : "+r"(c) + : "r"(d), "S"(s), "d"(b) + : "rax", "r8", "r9", "memory", "cc"); + } + } +#undef MULADDC +#endif + for (; i < n; ++i) + { + x = s[i]; + x *= b; + x += c; + l = x; + h = x >> 64; + t = d[i]; + d[i] = t + l; + c = (t + l < t) + h; + } + do + { + d[i] += c; + } while ((c = d[i++] < c)); +} + +/** + * Multiplies big number with unsigned scalar: X = A × b + * + * @param X receives result w/ aliasing permitted + * @param A is left-hand side big number + * @param B is left-hand side unsigned scalar + * @return 0 on success or negative on error + */ +int mbedtls_mpi_mul_int(mbedtls_mpi *X, const mbedtls_mpi *A, + mbedtls_mpi_uint b) +{ + int r; + size_t n; + MPI_VALIDATE_RET(X); + MPI_VALIDATE_RET(A); + n = mbedtls_mpi_limbs(A); + if ((r = mbedtls_mpi_grow(X, n + 1))) return r; + mbedtls_mpi_mul_hlp1(n, A->p, X->p, b); + X->s = A->s; + X->n = n + 1; + return 0; +} + +/** + * Multiplies big numbers: X = A * B + * + * @param X is destination mpi + * @param A is first factor + * @param B is second factor + * @return 0 on success or <0 on error + */ +int mbedtls_mpi_mul_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, + const mbedtls_mpi *B) +{ + int i, j, t, k, ret; + mbedtls_mpi_uint *K; + mbedtls_mpi TA, TB, *T; + MPI_VALIDATE_RET(X); + MPI_VALIDATE_RET(A); + MPI_VALIDATE_RET(B); + + i = mbedtls_mpi_limbs(A); + j = mbedtls_mpi_limbs(B); + + if (!i || !j) + return mbedtls_mpi_lset(X, 0); + + if( j > i ) + T = A, + A = B, + B = T, + t = i, + i = j, + j = t; + + if (!IsTiny() && j == 1) { + if (X->n < i + 1) + if ((ret = mbedtls_mpi_grow(X, i + 1))) return ret; + else if (X->n > i + 1) + mbedtls_platform_zeroize(X->p + i + 1, (X->n - (i + 1)) * ciL); + mbedtls_mpi_mul_hlp1(i, A->p, X->p, B->p[0]); + X->s = A->s * B->s; + return 0; + } + + if (!IsTiny() && i == j) { + if (X->n < i * 2) + if ((ret = mbedtls_mpi_grow(X, i * 2))) return ret; + else if (X->n > i * 2) + mbedtls_platform_zeroize(X->p + i * 2, (X->n - (i * 2)) * ciL); + if (i == 4) { + Mul4x4(X->p, A->p, B->p); + X->s = A->s * B->s; + return 0; + } else if (i == 6 && X86_HAVE(BMI2) && X86_HAVE(ADX)) { + Mul6x6Adx(X->p, A->p, B->p); + X->s = A->s * B->s; + return 0; + } else if (i == 8 && X86_HAVE(BMI2) && X86_HAVE(ADX)) { + Mul8x8Adx(X->p, A->p, B->p); + X->s = A->s * B->s; + return 0; + } + } + + mbedtls_mpi_init( &TA ); + mbedtls_mpi_init( &TB ); + + if (X->n < i + j) + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + j ) ); + else if (X->n > i + j) + mbedtls_platform_zeroize( X->p + i + j, (X->n - (i + j)) * ciL ); + if (X == A) { + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TA, A ) ); + A = &TA; + } + if (X == B) { + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) ); + B = &TB; + } + if (!IsTiny() && + i >= 16 && i == j && !(i & (i - 1)) && + X86_HAVE(BMI2) && X86_HAVE(ADX) && + (K = malloc(i * 4 * sizeof(*K)))) { + Karatsuba(X->p, A->p, B->p, i, K); + free(K); + } else { + Mul(X->p, A->p, i, B->p, j); + } + + X->s = A->s * B->s; + ret = 0; +cleanup: + mbedtls_mpi_free(&TB); + mbedtls_mpi_free(&TA); + return ret; +} diff --git a/third_party/mbedtls/bigmul4.c b/third_party/mbedtls/bigmul4.c new file mode 100644 index 000000000..67d1a3ca4 --- /dev/null +++ b/third_party/mbedtls/bigmul4.c @@ -0,0 +1,75 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/nexgen32e/x86feature.h" +#include "third_party/mbedtls/bignum_internal.h" +#include "third_party/mbedtls/math.h" +/* clang-format off */ + +/** + * Computes 512-bit product of 256-bit and 256-bit numbers. + * + * @param C receives 8 quadword result + * @param A is left hand side which must have 4 quadwords + * @param B is right hand side which must have 4 quadwords + * @note words are host endian while array is little endian + * @mayalias + */ +void (*Mul4x4)(uint64_t C[8], const uint64_t A[4], const uint64_t B[4]); + +static textstartup void Mul4x4Init() +{ + Mul4x4 = X86_HAVE(ADX) && X86_HAVE(BMI2) ? Mul4x4Adx : Mul4x4Pure; +} + +const void *const Mul4x4Ctor[] initarray = {Mul4x4Init}; + +void Mul4x4Pure(uint64_t C[8], const uint64_t A[4], const uint64_t B[4]) +{ + uint128_t t; + uint64_t h, c1, c2, c3; + uint64_t r0, r1, r2, r3; + c1 = c2 = c3 = 0; + MADD(A[0], B[0], c1, c2, c3); + r0 = c1, c1 = 0; + MADD(A[0], B[1], c2, c3, c1); + MADD(A[1], B[0], c2, c3, c1); + r1 = c2, c2 = 0; + MADD(A[2], B[0], c3, c1, c2); + MADD(A[1], B[1], c3, c1, c2); + MADD(A[0], B[2], c3, c1, c2); + r2 = c3, c3 = 0; + MADD(A[0], B[3], c1, c2, c3); + MADD(A[1], B[2], c1, c2, c3); + MADD(A[2], B[1], c1, c2, c3); + MADD(A[3], B[0], c1, c2, c3); + C[0] = r0; + r3 = c1, c1 = 0; + MADD(A[3], B[1], c2, c3, c1); + MADD(A[2], B[2], c2, c3, c1); + MADD(A[1], B[3], c2, c3, c1); + C[1] = r1; + C[4] = c2, c2 = 0; + MADD(A[2], B[3], c3, c1, c2); + MADD(A[3], B[2], c3, c1, c2); + C[2] = r2; + C[5] = c3, c3 = 0; + MADD(A[3], B[3], c1, c2, c3); + C[3] = r3; + C[6] = c1; + C[7] = c2; +} diff --git a/third_party/mbedtls/bignum.c b/third_party/mbedtls/bignum.c index a3613a8e6..6dc7879fa 100644 --- a/third_party/mbedtls/bignum.c +++ b/third_party/mbedtls/bignum.c @@ -1,95 +1,84 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/assert.h" +#include "libc/bits/bits.h" +#include "libc/bits/bswap.h" +#include "libc/log/backtrace.internal.h" #include "libc/log/check.h" #include "libc/log/log.h" +#include "libc/macros.internal.h" +#include "libc/nexgen32e/bsf.h" #include "libc/nexgen32e/nexgen32e.h" +#include "libc/nexgen32e/x86feature.h" +#include "libc/runtime/runtime.h" +#include "libc/stdio/stdio.h" #include "third_party/mbedtls/bignum.h" -#include "third_party/mbedtls/bn_mul.h" +#include "third_party/mbedtls/bignum_internal.h" +#include "third_party/mbedtls/chk.h" #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/error.h" +#include "third_party/mbedtls/fastdiv.h" +#include "third_party/mbedtls/math.h" #include "third_party/mbedtls/platform.h" +#include "third_party/mbedtls/profile.h" +#include "third_party/mbedtls/select.h" +#include "third_party/mbedtls/traceme.h" asm(".ident\t\"\\n\\n\ Mbed TLS (Apache 2.0)\\n\ Copyright ARM Limited\\n\ Copyright Mbed TLS Contributors\""); asm(".include \"libc/disclaimer.inc\""); - /* clang-format off */ -/* - * Multi-precision integer library - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * The following sources were referenced in the design of this Multi-precision - * Integer library: +/** + * @fileoverview Big Numbers. * - * [1] Handbook of Applied Cryptography - 1997 - * Menezes, van Oorschot and Vanstone + * The following sources were referenced in the design of this + * Multi-precision Integer library: * - * [2] Multi-Precision Math - * Tom St Denis - * https://github.com/libtom/libtommath/blob/develop/tommath.pdf + * [1] Handbook of Applied Cryptography - 1997 + * Menezes, van Oorschot and Vanstone * - * [3] GNU Multi-Precision Arithmetic Library - * https://gmplib.org/manual/index.html + * [2] Multi-Precision Math + * Tom St Denis + * https://github.com/libtom/libtommath/blob/develop/tommath.pdf * + * [3] GNU Multi-Precision Arithmetic Library + * https://gmplib.org/manual/index.html */ #if defined(MBEDTLS_BIGNUM_C) -#define MPI_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA ) -#define MPI_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) +#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ +#define mpi_uint_bigendian_to_host(x) (x) +#elif __SIZEOF_LONG__ == 8 +#define mpi_uint_bigendian_to_host(x) __builtin_bswap64(x) +#elif __SIZEOF_LONG__ == 4 +#define mpi_uint_bigendian_to_host(x) __builtin_bswap32(x) +#endif -#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ -#define biL (ciL << 3) /* bits in limb */ -#define biH (ciL << 2) /* half limb size */ +/* Get a specific byte, without range checks. */ +#define GET_BYTE(X, i) (((X)->p[(i) / ciL] >> (((i) % ciL) * 8)) & 0xff) -#define MPI_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */ - -/* - * Convert between bits/chars and number of limbs - * Divide first in order to avoid potential overflows - */ -#define BITS_TO_LIMBS(i) ( (i) / biL + ( (i) % biL != 0 ) ) -#define CHARS_TO_LIMBS(i) ( (i) / ciL + ( (i) % ciL != 0 ) ) - -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n ) +static inline void mbedtls_mpi_zeroize(mbedtls_mpi_uint *v, size_t n) { - mbedtls_platform_zeroize( v, ciL * n ); -} - -/** - * \brief Initialize an MPI context. - * - * This makes the MPI ready to be set or freed, - * but does not define a value for the MPI. - * - * \param X The MPI context to initialize. This must not be \c NULL. - */ -void mbedtls_mpi_init( mbedtls_mpi *X ) -{ - MPI_VALIDATE( X != NULL ); - - X->s = 1; - X->n = 0; - X->p = NULL; + mbedtls_platform_zeroize(v, ciL * n); } /** @@ -99,20 +88,15 @@ void mbedtls_mpi_init( mbedtls_mpi *X ) * in which case this function is a no-op. If it is * not \c NULL, it must point to an initialized MPI. */ -void mbedtls_mpi_free( mbedtls_mpi *X ) +void mbedtls_mpi_free(mbedtls_mpi *X) { - if( X == NULL ) - return; - - if( X->p != NULL ) + if (!X) return; + if (X->p) { - mbedtls_mpi_zeroize( X->p, X->n ); - mbedtls_free( X->p ); + mbedtls_mpi_zeroize(X->p, X->n); + mbedtls_free(X->p); } - - X->s = 1; - X->n = 0; - X->p = NULL; + mbedtls_mpi_init(X); } /** @@ -128,41 +112,78 @@ void mbedtls_mpi_free( mbedtls_mpi *X ) * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. * \return Another negative error code on other kinds of failure. */ -int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs ) +int mbedtls_mpi_grow(mbedtls_mpi *X, size_t nblimbs) { mbedtls_mpi_uint *p; - MPI_VALIDATE_RET( X != NULL ); - - if( nblimbs > MBEDTLS_MPI_MAX_LIMBS ) - return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); - - if( X->n < nblimbs ) + MPI_VALIDATE_RET(X); + if (nblimbs > MBEDTLS_MPI_MAX_LIMBS) + return MBEDTLS_ERR_MPI_ALLOC_FAILED; + if (nblimbs > X->n) { - if( ( p = (mbedtls_mpi_uint*)malloc( nblimbs*ciL ) ) == NULL ) - return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); - - if( X->p != NULL ) + if (X->p && (p = realloc_in_place(X->p, nblimbs * ciL))) { - memcpy( p, X->p, X->n * ciL ); - memset( p + X->n, 0, ( nblimbs - X->n ) * ciL ); - mbedtls_mpi_zeroize( X->p, X->n ); - mbedtls_free( X->p ); + mbedtls_mpi_zeroize(p + X->n, nblimbs - X->n); } else { - memset( p, 0, nblimbs * ciL ); + if (!(p = malloc(nblimbs * ciL))) + return MBEDTLS_ERR_MPI_ALLOC_FAILED; + if (X->p) + { + memcpy(p, X->p, X->n * ciL); + mbedtls_mpi_zeroize(p + X->n, nblimbs - X->n); + mbedtls_mpi_zeroize(X->p, X->n); + free(X->p); + } + else + { + mbedtls_mpi_zeroize(p, nblimbs); + } } - X->n = nblimbs; X->p = p; } - - return( 0 ); + return 0; } /** - * \brief This function resizes an MPI downwards, keeping at least the - * specified number of limbs. + * \brief This function resizes an MPI to a number of limbs. + * + * \param X The MPI to resize. This must point to an initialized MPI. + * \param n The minimum number of limbs to keep. + * + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed + * which can only happen when resizing up + * \return Another negative error code on other kinds of failure. + */ +int mbedtls_mpi_resize(mbedtls_mpi *X, size_t n) +{ + mbedtls_mpi_uint *p; + MPI_VALIDATE_RET(X); + if (X->n == n) + return 0; + if (X->n <= n) + return mbedtls_mpi_grow(X, n); + if (n > MBEDTLS_MPI_MAX_LIMBS) + return MBEDTLS_ERR_MPI_ALLOC_FAILED; + mbedtls_mpi_zeroize(X->p + n, X->n - n); + if (!realloc_in_place(X->p, n * ciL)) + { + if (!(p = malloc(n * ciL))) + return MBEDTLS_ERR_MPI_ALLOC_FAILED; + memcpy(p, X->p, n * ciL); + mbedtls_mpi_zeroize(X->p, n); + free(X->p); + X->p = p; + } + X->n = n; + return 0; +} + +/** + * \brief This function resizes an MPI downwards, keeping at + * least the specified number of limbs. * * If \c X is smaller than \c nblimbs, it is resized up * instead. @@ -172,45 +193,14 @@ int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs ) * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed - * (this can only happen when resizing up). + * which can only happen when resizing up * \return Another negative error code on other kinds of failure. */ -int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs ) +int mbedtls_mpi_shrink(mbedtls_mpi *X, size_t nblimbs) { - mbedtls_mpi_uint *p; - size_t i; - MPI_VALIDATE_RET( X != NULL ); - - if( nblimbs > MBEDTLS_MPI_MAX_LIMBS ) - return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); - - /* Actually resize up if there are currently fewer than nblimbs limbs. */ - if( X->n <= nblimbs ) - return( mbedtls_mpi_grow( X, nblimbs ) ); - /* After this point, then X->n > nblimbs and in particular X->n > 0. */ - - for( i = X->n - 1; i > 0; i-- ) - if( X->p[i] != 0 ) - break; - i++; - - if( i < nblimbs ) - i = nblimbs; - - if( ( p = (mbedtls_mpi_uint*)mbedtls_calloc( i, ciL ) ) == NULL ) - return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); - - if( X->p != NULL ) - { - memcpy( p, X->p, i * ciL ); - mbedtls_mpi_zeroize( X->p, X->n ); - mbedtls_free( X->p ); - } - - X->n = i; - X->p = p; - - return( 0 ); + MPI_VALIDATE_RET(X); + if (X->n <= nblimbs) return mbedtls_mpi_grow(X, nblimbs); + return mbedtls_mpi_resize(X, MAX(MAX(1, nblimbs), mbedtls_mpi_limbs(X))); } /** @@ -226,43 +216,28 @@ int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs ) * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. * \return Another negative error code on other kinds of failure. */ -int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y ) +int mbedtls_mpi_copy(mbedtls_mpi *X, const mbedtls_mpi *Y) { int ret = 0; size_t i; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( Y != NULL ); - - if( X == Y ) - return( 0 ); - - if( Y->n == 0 ) + MPI_VALIDATE_RET(X); + MPI_VALIDATE_RET(Y); + if (X == Y) + return 0; + if (!Y->n) { - mbedtls_mpi_free( X ); - return( 0 ); + mbedtls_mpi_free(X); + return 0; } - - for( i = Y->n - 1; i > 0; i-- ) - if( Y->p[i] != 0 ) - break; - i++; - + i = MAX(1, mbedtls_mpi_limbs(Y)); X->s = Y->s; - - if( X->n < i ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i ) ); - } + if (X->n < i) + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, i)); else - { - memset( X->p + i, 0, ( X->n - i ) * ciL ); - } - - memcpy( X->p, Y->p, i * ciL ); - + mbedtls_mpi_zeroize(X->p + i, X->n - i); + memcpy(X->p, Y->p, i * ciL); cleanup: - - return( ret ); + return ret; } /** @@ -271,31 +246,14 @@ cleanup: * \param X The first MPI. It must be initialized. * \param Y The second MPI. It must be initialized. */ -void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y ) +void mbedtls_mpi_swap(mbedtls_mpi *X, mbedtls_mpi *Y) { mbedtls_mpi T; - MPI_VALIDATE( X != NULL ); - MPI_VALIDATE( Y != NULL ); - - memcpy( &T, X, sizeof( mbedtls_mpi ) ); - memcpy( X, Y, sizeof( mbedtls_mpi ) ); - memcpy( Y, &T, sizeof( mbedtls_mpi ) ); -} - -/* - * Conditionally assign dest = src, without leaking information - * about whether the assignment was made or not. - * dest and src must be arrays of limbs of size n. - * assign must be 0 or 1. - */ -static void mpi_safe_cond_assign( size_t n, - mbedtls_mpi_uint *dest, - const mbedtls_mpi_uint *src, - unsigned char assign ) -{ - size_t i; - for( i = 0; i < n; i++ ) - dest[i] = dest[i] * ( 1 - assign ) + src[i] * assign; + MPI_VALIDATE(X); + MPI_VALIDATE(Y); + memcpy(&T, X, sizeof(mbedtls_mpi)); + memcpy(X, Y, sizeof(mbedtls_mpi)); + memcpy(Y, &T, sizeof(mbedtls_mpi)); } /** @@ -322,27 +280,24 @@ static void mpi_safe_cond_assign( size_t n, * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. * \return Another negative error code on other kinds of failure. */ -int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign ) +int mbedtls_mpi_safe_cond_assign(mbedtls_mpi *X, + const mbedtls_mpi *Y, + unsigned char assign) { int ret = 0; size_t i; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( Y != NULL ); - + MPI_VALIDATE_RET(X); + MPI_VALIDATE_RET(Y); /* make sure assign is 0 or 1 in a time-constant manner */ + if (Y->n > X->n) MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, Y->n)); assign = (assign | (unsigned char)-assign) >> 7; - - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) ); - - X->s = X->s * ( 1 - assign ) + Y->s * assign; - - mpi_safe_cond_assign( Y->n, X->p, Y->p, assign ); - - for( i = Y->n; i < X->n; i++ ) - X->p[i] *= ( 1 - assign ); - + X->s = Select(Y->s, X->s, -assign); + for (i = 0; i < Y->n; i++) + X->p[i] = Select(Y->p[i], X->p[i], -assign); + for (i = Y->n; i < X->n; i++) + X->p[i] &= CONCEAL("r", assign - 1); cleanup: - return( ret ); + return ret; } /** @@ -368,37 +323,31 @@ cleanup: * \return Another negative error code on other kinds of failure. * */ -int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char swap ) +int mbedtls_mpi_safe_cond_swap(mbedtls_mpi *X, + mbedtls_mpi *Y, + unsigned char swap) { int ret, s; size_t i; mbedtls_mpi_uint tmp; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( Y != NULL ); - - if( X == Y ) - return( 0 ); - + MPI_VALIDATE_RET(X); + MPI_VALIDATE_RET(Y); + if (X == Y) return (0); /* make sure swap is 0 or 1 in a time-constant manner */ swap = (swap | (unsigned char)-swap) >> 7; - - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( Y, X->n ) ); - + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, Y->n)); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(Y, X->n)); s = X->s; - X->s = X->s * ( 1 - swap ) + Y->s * swap; - Y->s = Y->s * ( 1 - swap ) + s * swap; - - - for( i = 0; i < X->n; i++ ) + X->s = X->s * (1 - swap) + Y->s * swap; + Y->s = Y->s * (1 - swap) + s * swap; + for (i = 0; i < X->n; i++) { tmp = X->p[i]; - X->p[i] = X->p[i] * ( 1 - swap ) + Y->p[i] * swap; - Y->p[i] = Y->p[i] * ( 1 - swap ) + tmp * swap; + X->p[i] = X->p[i] * (1 - swap) + Y->p[i] * swap; + Y->p[i] = Y->p[i] * (1 - swap) + tmp * swap; } - cleanup: - return( ret ); + return ret; } /** @@ -411,20 +360,16 @@ cleanup: * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. * \return Another negative error code on other kinds of failure. */ -int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z ) +int mbedtls_mpi_lset(mbedtls_mpi *X, mbedtls_mpi_sint z) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MPI_VALIDATE_RET( X != NULL ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, 1 ) ); - memset( X->p, 0, X->n * ciL ); - - X->p[0] = ( z < 0 ) ? -z : z; - X->s = ( z < 0 ) ? -1 : 1; - + int ret = MBEDTLS_ERR_THIS_CORRUPTION; + MPI_VALIDATE_RET(X); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, 1)); + mbedtls_mpi_zeroize(X->p, X->n); + X->p[0] = (z < 0) ? -z : z; + X->s = (z < 0) ? -1 : 1; cleanup: - - return( ret ); + return ret; } /** @@ -437,20 +382,13 @@ cleanup: * of \c X is unset or set. * \return A negative error code on failure. */ -int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos ) +int mbedtls_mpi_get_bit(const mbedtls_mpi *X, size_t pos) { - MPI_VALIDATE_RET( X != NULL ); - - if( X->n * biL <= pos ) - return( 0 ); - - return( ( X->p[pos / biL] >> ( pos % biL ) ) & 0x01 ); + MPI_VALIDATE_RET(X); + if (X->n * biL <= pos) return 0; + return ((X->p[pos / biL] >> (pos % biL)) & 0x01); } -/* Get a specific byte, without range checks. */ -#define GET_BYTE( X, i ) \ - ( ( ( X )->p[( i ) / ciL] >> ( ( ( i ) % ciL ) * 8 ) ) & 0xff ) - /** * \brief Modify a specific bit in an MPI. * @@ -466,30 +404,23 @@ int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos ) * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. * \return Another negative error code on other kinds of failure. */ -int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val ) +int mbedtls_mpi_set_bit(mbedtls_mpi *X, size_t pos, unsigned char val) { int ret = 0; size_t off = pos / biL; size_t idx = pos % biL; - MPI_VALIDATE_RET( X != NULL ); - - if( val != 0 && val != 1 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - - if( X->n * biL <= pos ) + MPI_VALIDATE_RET(X); + if (val && val != 1) + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + if (X->n * biL <= pos) { - if( val == 0 ) - return( 0 ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, off + 1 ) ); + if (!val) return 0; + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, off + 1)); } - - X->p[off] &= ~( (mbedtls_mpi_uint) 0x01 << idx ); - X->p[off] |= (mbedtls_mpi_uint) val << idx; - + X->p[off] &= ~((mbedtls_mpi_uint)0x01 << idx); + X->p[off] |= (mbedtls_mpi_uint)val << idx; cleanup: - - return( ret ); + return ret; } /** @@ -504,23 +435,24 @@ cleanup: * \return The number of bits of value \c 0 before the least significant * bit of value \c 1 in \p X. */ -size_t mbedtls_mpi_lsb( const mbedtls_mpi *X ) +size_t mbedtls_mpi_lsb(const mbedtls_mpi *X) { size_t i, j, count = 0; - MBEDTLS_INTERNAL_VALIDATE_RET( X != NULL, 0 ); - - for( i = 0; i < X->n; i++ ) - for( j = 0; j < biL; j++, count++ ) - if( ( ( X->p[i] >> j ) & 1 ) != 0 ) - return( count ); - - return( 0 ); + MBEDTLS_INTERNAL_VALIDATE_RET(X, 0); + for (i = 0; i < X->n; i++) + { + if (X->p[i]) + return count + __builtin_ctzll(X->p[i]); + else + count += biL; + } + return 0; } /* * Count leading zero bits in a given integer */ -static inline size_t mbedtls_clz( const mbedtls_mpi_uint x ) +static inline size_t mbedtls_clz(const mbedtls_mpi_uint x) { return x ? __builtin_clzll(x) : biL; } @@ -529,7 +461,7 @@ static inline size_t mbedtls_clz( const mbedtls_mpi_uint x ) * \brief Return the number of bits up to and including the most * significant bit of value \c 1. * - * * \note This is same as the one-based index of the most + * \note This is same as the one-based index of the most * significant bit of value \c 1. * * \param X The MPI to query. This must point to an initialized MPI. @@ -537,20 +469,12 @@ static inline size_t mbedtls_clz( const mbedtls_mpi_uint x ) * \return The number of bits up to and including the most * significant bit of value \c 1. */ -size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X ) +size_t mbedtls_mpi_bitlen(const mbedtls_mpi *X) { - size_t i, j; - - if( X->n == 0 ) - return( 0 ); - - for( i = X->n - 1; i > 0; i-- ) - if( X->p[i] != 0 ) - break; - - j = biL - mbedtls_clz( X->p[i] ); - - return( ( i * biL ) + j ); + size_t n; + n = mbedtls_mpi_limbs(X); + if (!n) return 0; + return biL - __builtin_clzll(X->p[n - 1]) + (n - 1) * biL; } /** @@ -566,26 +490,23 @@ size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X ) * \return The least number of bytes capable of storing * the absolute value of \p X. */ -size_t mbedtls_mpi_size( const mbedtls_mpi *X ) +size_t mbedtls_mpi_size(const mbedtls_mpi *X) { - return( ( mbedtls_mpi_bitlen( X ) + 7 ) >> 3 ); + return (mbedtls_mpi_bitlen(X) + 7) >> 3; } /* * Convert an ASCII character to digit value */ -static int mpi_get_digit( mbedtls_mpi_uint *d, int radix, char c ) +static int mpi_get_digit(mbedtls_mpi_uint *d, int radix, char c) { *d = 255; - - if( c >= 0x30 && c <= 0x39 ) *d = c - 0x30; - if( c >= 0x41 && c <= 0x46 ) *d = c - 0x37; - if( c >= 0x61 && c <= 0x66 ) *d = c - 0x57; - - if( *d >= (mbedtls_mpi_uint) radix ) - return( MBEDTLS_ERR_MPI_INVALID_CHARACTER ); - - return( 0 ); + if (c >= 0x30 && c <= 0x39) *d = c - 0x30; + if (c >= 0x41 && c <= 0x46) *d = c - 0x37; + if (c >= 0x61 && c <= 0x66) *d = c - 0x57; + if (*d >= (mbedtls_mpi_uint)radix) + return MBEDTLS_ERR_MPI_INVALID_CHARACTER; + return 0; } /** @@ -598,114 +519,87 @@ static int mpi_get_digit( mbedtls_mpi_uint *d, int radix, char c ) * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s ) +int mbedtls_mpi_read_string(mbedtls_mpi *X, int radix, const char *s) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t i, j, slen, n; mbedtls_mpi_uint d; mbedtls_mpi T; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( s != NULL ); - - if( radix < 2 || radix > 16 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - - mbedtls_mpi_init( &T ); - - slen = strlen( s ); - - if( radix == 16 ) + MPI_VALIDATE_RET(X); + MPI_VALIDATE_RET(s); + if (radix < 2 || radix > 16) + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + mbedtls_mpi_init(&T); + slen = strlen(s); + if (radix == 16) { - if( slen > MPI_SIZE_T_MAX >> 2 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - - n = BITS_TO_LIMBS( slen << 2 ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, n ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) ); - - for( i = slen, j = 0; i > 0; i--, j++ ) + if (slen > MPI_SIZE_T_MAX >> 2) + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + n = BITS_TO_LIMBS(slen << 2); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, n)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(X, 0)); + for (i = slen, j = 0; i > 0; i--, j++) { - if( i == 1 && s[i - 1] == '-' ) + if (i == 1 && s[i - 1] == '-') { X->s = -1; break; } - - MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i - 1] ) ); - X->p[j / ( 2 * ciL )] |= d << ( ( j % ( 2 * ciL ) ) << 2 ); + MBEDTLS_MPI_CHK(mpi_get_digit(&d, radix, s[i - 1])); + X->p[j / (2 * ciL)] |= d << ((j % (2 * ciL)) << 2); } } else { - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) ); - - for( i = 0; i < slen; i++ ) + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(X, 0)); + for (i = 0; i < slen; i++) { - if( i == 0 && s[i] == '-' ) + if (!i && s[i] == '-') { X->s = -1; continue; } - - MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i] ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T, X, radix ) ); - - if( X->s == 1 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, &T, d ) ); - } + MBEDTLS_MPI_CHK(mpi_get_digit(&d, radix, s[i])); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&T, X, radix)); + if (X->s == 1) + MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(X, &T, d)); else - { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( X, &T, d ) ); - } + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(X, &T, d)); } } - cleanup: - - mbedtls_mpi_free( &T ); - - return( ret ); + mbedtls_mpi_free(&T); + return ret; } /* * Helper to write the digits high-order first. */ -static int mpi_write_hlp( mbedtls_mpi *X, int radix, - char **p, const size_t buflen ) +static int mpi_write_hlp(mbedtls_mpi *X, int radix, char **p, + const size_t buflen) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_mpi_uint r; size_t length = 0; char *p_end = *p + buflen; - - do - { - if( length >= buflen ) - { - return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); - } - - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, radix ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_div_int( X, NULL, X, radix ) ); + do { + if (length >= buflen) + return MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL; + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_int(&r, X, radix)); + MBEDTLS_MPI_CHK(mbedtls_mpi_div_int(X, NULL, X, radix)); /* * Write the residue in the current position, as an ASCII character. */ - if( r < 0xA ) - *(--p_end) = (char)( '0' + r ); + if (r < 0xA) + *(--p_end) = (char)('0' + r); else - *(--p_end) = (char)( 'A' + ( r - 0xA ) ); - + *(--p_end) = (char)('A' + (r - 0xA)); length++; - } while( mbedtls_mpi_cmp_int( X, 0 ) != 0 ); - - memmove( *p, p_end, length ); + } while (!mbedtls_mpi_is_zero(X)); + memmove(*p, p_end, length); *p += length; - cleanup: - - return( ret ); + return ret; } /** @@ -730,91 +624,74 @@ cleanup: * size of \p buf required for a successful call. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix, - char *buf, size_t buflen, size_t *olen ) +int mbedtls_mpi_write_string(const mbedtls_mpi *X, int radix, char *buf, + size_t buflen, size_t *olen) { int ret = 0; size_t n; char *p; mbedtls_mpi T; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( olen != NULL ); - MPI_VALIDATE_RET( buflen == 0 || buf != NULL ); - - if( radix < 2 || radix > 16 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - - n = mbedtls_mpi_bitlen( X ); /* Number of bits necessary to present `n`. */ - if( radix >= 4 ) n >>= 1; /* Number of 4-adic digits necessary to present - * `n`. If radix > 4, this might be a strict - * overapproximation of the number of - * radix-adic digits needed to present `n`. */ - if( radix >= 16 ) n >>= 1; /* Number of hexadecimal digits necessary to - * present `n`. */ - - n += 1; /* Terminating null byte */ - n += 1; /* Compensate for the divisions above, which round down `n` - * in case it's not even. */ - n += 1; /* Potential '-'-sign. */ - n += ( n & 1 ); /* Make n even to have enough space for hexadecimal writing, - * which always uses an even number of hex-digits. */ - - if( buflen < n ) + MPI_VALIDATE_RET(X); + MPI_VALIDATE_RET(olen); + MPI_VALIDATE_RET(!buflen || buf); + if (radix < 2 || radix > 16) + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + n = mbedtls_mpi_bitlen(X); /* Number of bits necessary to present `n`. */ + if (radix >= 4) + n >>= 1; /* Number of 4-adic digits necessary to present + * `n`. If radix > 4, this might be a strict + * overapproximation of the number of + * radix-adic digits needed to present `n`. */ + if (radix >= 16) + n >>= 1; /* Number of hexadecimal digits necessary to + * present `n`. */ + n += 1; /* Terminating null byte */ + n += 1; /* Compensate for the divisions above, which round down `n` + * in case it's not even. */ + n += 1; /* Potential '-'-sign. */ + n += (n & 1); /* Make n even to have enough space for hexadecimal writing, + * which always uses an even number of hex-digits. */ + if (buflen < n) { *olen = n; - return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); + return MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL; } - p = buf; - mbedtls_mpi_init( &T ); - - if( X->s == -1 ) + mbedtls_mpi_init(&T); + if (X->s == -1) { *p++ = '-'; buflen--; } - - if( radix == 16 ) + if (radix == 16) { int c; size_t i, j, k; - - for( i = X->n, k = 0; i > 0; i-- ) + for (i = X->n, k = 0; i > 0; i--) { - for( j = ciL; j > 0; j-- ) + for (j = ciL; j > 0; j--) { - c = ( X->p[i - 1] >> ( ( j - 1 ) << 3) ) & 0xFF; - - if( c == 0 && k == 0 && ( i + j ) != 2 ) - continue; - - *(p++) = "0123456789ABCDEF" [c / 16]; - *(p++) = "0123456789ABCDEF" [c % 16]; + c = (X->p[i - 1] >> ((j - 1) << 3)) & 0xFF; + if (!c && !k && (i + j) != 2) continue; + *(p++) = "0123456789ABCDEF"[c / 16]; + *(p++) = "0123456789ABCDEF"[c % 16]; k = 1; } } } else { - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &T, X ) ); - - if( T.s == -1 ) - T.s = 1; - - MBEDTLS_MPI_CHK( mpi_write_hlp( &T, radix, &p, buflen ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&T, X)); + if (T.s == -1) T.s = 1; + MBEDTLS_MPI_CHK(mpi_write_hlp(&T, radix, &p, buflen)); } - *p++ = '\0'; *olen = p - buf; - cleanup: - - mbedtls_mpi_free( &T ); - - return( ret ); + mbedtls_mpi_free(&T); + return ret; } -#if defined(MBEDTLS_FS_IO) /** * \brief Read an MPI from a line in an opened file. * @@ -836,7 +713,7 @@ cleanup: * is too small. * \return Another negative error code on failure. */ -int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin ) +int mbedtls_mpi_read_file(mbedtls_mpi *X, int radix, FILE *fin) { mbedtls_mpi_uint d; size_t slen; @@ -845,31 +722,32 @@ int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin ) * Buffer should have space for (short) label and decimal formatted MPI, * newline characters and '\0' */ - char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ]; - - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( fin != NULL ); - - if( radix < 2 || radix > 16 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - - memset( s, 0, sizeof( s ) ); - if( fgets( s, sizeof( s ) - 1, fin ) == NULL ) - return( MBEDTLS_ERR_MPI_FILE_IO_ERROR ); - - slen = strlen( s ); - if( slen == sizeof( s ) - 2 ) - return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); - - if( slen > 0 && s[slen - 1] == '\n' ) { slen--; s[slen] = '\0'; } - if( slen > 0 && s[slen - 1] == '\r' ) { slen--; s[slen] = '\0'; } - + char s[MBEDTLS_MPI_RW_BUFFER_SIZE]; + MPI_VALIDATE_RET(X); + MPI_VALIDATE_RET(fin); + if (radix < 2 || radix > 16) + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + mbedtls_platform_zeroize(s, sizeof(s)); + if (!fgets(s, sizeof(s) - 1, fin)) + return MBEDTLS_ERR_MPI_FILE_IO_ERROR; + slen = strlen(s); + if (slen == sizeof(s) - 2) + return MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL; + if (slen > 0 && s[slen - 1] == '\n') + { + slen--; + s[slen] = '\0'; + } + if (slen > 0 && s[slen - 1] == '\r') + { + slen--; + s[slen] = '\0'; + } p = s + slen; - while( p-- > s ) - if( mpi_get_digit( &d, radix, *p ) != 0 ) + while (p-- > s) + if (mpi_get_digit(&d, radix, *p)) break; - - return( mbedtls_mpi_read_string( X, radix, p + 1 ) ); + return mbedtls_mpi_read_string(X, radix, p + 1); } /** @@ -887,61 +765,45 @@ int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin ) * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, int radix, FILE *fout ) +int mbedtls_mpi_write_file(const char *p, const mbedtls_mpi *X, int radix, + FILE *fout) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t n, slen, plen; /* * Buffer should have space for (short) label and decimal formatted MPI, * newline characters and '\0' */ - char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ]; - MPI_VALIDATE_RET( X != NULL ); - - if( radix < 2 || radix > 16 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - - memset( s, 0, sizeof( s ) ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_write_string( X, radix, s, sizeof( s ) - 2, &n ) ); - - if( p == NULL ) p = ""; - - plen = strlen( p ); - slen = strlen( s ); + char s[MBEDTLS_MPI_RW_BUFFER_SIZE]; + MPI_VALIDATE_RET(X); + if (radix < 2 || radix > 16) + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + mbedtls_platform_zeroize(s, sizeof(s)); + MBEDTLS_MPI_CHK(mbedtls_mpi_write_string(X, radix, s, sizeof(s) - 2, &n)); + if (!p) p = ""; + plen = strlen(p); + slen = strlen(s); s[slen++] = '\r'; s[slen++] = '\n'; - - if( fout != NULL ) + if (fout) { - if( fwrite( p, 1, plen, fout ) != plen || - fwrite( s, 1, slen, fout ) != slen ) - return( MBEDTLS_ERR_MPI_FILE_IO_ERROR ); + if (fwrite(p, 1, plen, fout) != plen || fwrite(s, 1, slen, fout) != slen) + return MBEDTLS_ERR_MPI_FILE_IO_ERROR; } else - mbedtls_printf( "%s%s", p, s ); - + { + mbedtls_printf("%s%s", p, s); + } cleanup: - - return( ret ); + return ret; } -#endif /* MBEDTLS_FS_IO */ -#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ -#define mpi_uint_bigendian_to_host(x) (x) -#elif __SIZEOF_LONG__ == 8 -#define mpi_uint_bigendian_to_host(x) __builtin_bswap64(x) -#elif __SIZEOF_LONG__ == 4 -#define mpi_uint_bigendian_to_host(x) __builtin_bswap32(x) -#endif - -static void mpi_bigendian_to_host( mbedtls_mpi_uint * const p, size_t limbs ) +static void mpi_bigendian_to_host(mbedtls_mpi_uint *const p, size_t limbs) { mbedtls_mpi_uint *cur_limb_left; mbedtls_mpi_uint *cur_limb_right; - if( limbs == 0 ) + if (!limbs) return; - /* * Traverse limbs and * - adapt byte-order in each limb @@ -951,15 +813,14 @@ static void mpi_bigendian_to_host( mbedtls_mpi_uint * const p, size_t limbs ) * than the right index (it's not a problem if limbs is odd and the * indices coincide in the last iteration). */ - for( cur_limb_left = p, cur_limb_right = p + ( limbs - 1 ); - cur_limb_left <= cur_limb_right; - cur_limb_left++, cur_limb_right-- ) + for (cur_limb_left = p, cur_limb_right = p + (limbs - 1); + cur_limb_left <= cur_limb_right; cur_limb_left++, cur_limb_right--) { mbedtls_mpi_uint tmp; /* Note that if cur_limb_left == cur_limb_right, * this code effectively swaps the bytes only once. */ - tmp = mpi_uint_bigendian_to_host( *cur_limb_left ); - *cur_limb_left = mpi_uint_bigendian_to_host( *cur_limb_right ); + tmp = mpi_uint_bigendian_to_host(*cur_limb_left); + *cur_limb_left = mpi_uint_bigendian_to_host(*cur_limb_right); *cur_limb_right = tmp; } } @@ -968,93 +829,83 @@ static void mpi_bigendian_to_host( mbedtls_mpi_uint * const p, size_t limbs ) * \brief Import X from unsigned binary data, little endian * * \param X The destination MPI. This must point to an initialized MPI. - * \param buf The input buffer. This must be a readable buffer of length - * \p buflen Bytes. - * \param buflen The length of the input buffer \p p in Bytes. + * \param p The input buffer with \p n bytes. + * \param n The length of the input buffer \p p in Bytes. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_read_binary_le( mbedtls_mpi *X, - const unsigned char *buf, size_t buflen ) +int mbedtls_mpi_read_binary_le(mbedtls_mpi *X, const unsigned char *p, size_t n) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret; size_t i; - size_t const limbs = CHARS_TO_LIMBS( buflen ); - - /* Ensure that target MPI has exactly the necessary number of limbs */ - if( X->n != limbs ) - { - mbedtls_mpi_free( X ); - mbedtls_mpi_init( X ); - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, limbs ) ); + mbedtls_mpi_uint w; + MPI_VALIDATE_RET(X); + MPI_VALIDATE_RET(!n || p); + if ((ret = mbedtls_mpi_resize(X, MAX(1, CHARS_TO_LIMBS(n))))) return ret; + if (n) { + for (i = 0; i + 8 <= n; i += 8) + X->p[i / ciL] = READ64LE(p + i); + if (i < n) { + w = 0; + do { + w <<= 8; + w |= p[i]; + } while (++i < n); + X->p[i / ciL] = w; + } + } else { + X->p[0] = 0; } - - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) ); - - for( i = 0; i < buflen; i++ ) - X->p[i / ciL] |= ((mbedtls_mpi_uint) buf[i]) << ((i % ciL) << 3); - -cleanup: - - /* - * This function is also used to import keys. However, wiping the buffers - * upon failure is not necessary because failure only can happen before any - * input is copied. - */ - return( ret ); + X->s = 1; + return 0; } /** * \brief Import an MPI from unsigned big endian binary data. * * \param X The destination MPI. This must point to an initialized MPI. - * \param buf The input buffer. This must be a readable buffer of length - * \p buflen Bytes. - * \param buflen The length of the input buffer \p p in Bytes. + * \param p The input buffer. This must be a readable buffer of length + * \p n Bytes. + * \param n The length of the input buffer \p p in Bytes. * * \return \c 0 if successful. * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen ) +int mbedtls_mpi_read_binary(mbedtls_mpi *X, const unsigned char *p, size_t n) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t const limbs = CHARS_TO_LIMBS( buflen ); - size_t const overhead = ( limbs * ciL ) - buflen; - unsigned char *Xp; - - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( buflen == 0 || buf != NULL ); - - /* Ensure that target MPI has exactly the necessary number of limbs */ - if( X->n != limbs ) + int ret; + size_t i, j, k; + mbedtls_mpi_uint w; + MPI_VALIDATE_RET(X); + MPI_VALIDATE_RET(!n || p); + if ((ret = mbedtls_mpi_resize(X, MAX(1, CHARS_TO_LIMBS(n))))) + return ret; + if (n) { - mbedtls_mpi_free( X ); - mbedtls_mpi_init( X ); - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, limbs ) ); + for (j = 0, i = n; i >= 8; i -= 8) + X->p[j++] = READ64BE(p + i - ciL); + if (i) + { + k = 0; + w = 0; + do + { + --i; + w <<= 8; + w |= p[k++]; + } while (i); + X->p[j] = w; + } } - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) ); - - /* Avoid calling `memcpy` with NULL source argument, - * even if buflen is 0. */ - if( buf != NULL ) + else { - Xp = (unsigned char*) X->p; - memcpy( Xp + overhead, buf, buflen ); - - mpi_bigendian_to_host( X->p, limbs ); + X->p[0] = 0; } - -cleanup: - - /* - * This function is also used to import keys. However, wiping the buffers - * upon failure is not necessary because failure only can happen before any - * input is copied. - */ - return( ret ); + X->s = 1; + return 0; } /** @@ -1072,40 +923,34 @@ cleanup: * large enough to hold the value of \p X. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_write_binary_le( const mbedtls_mpi *X, - unsigned char *buf, size_t buflen ) +int mbedtls_mpi_write_binary_le(const mbedtls_mpi *X, unsigned char *buf, + size_t buflen) { size_t stored_bytes = X->n * ciL; size_t bytes_to_copy; size_t i; - - if( stored_bytes < buflen ) + if (stored_bytes < buflen) { bytes_to_copy = stored_bytes; } else { bytes_to_copy = buflen; - /* The output buffer is smaller than the allocated size of X. * However X may fit if its leading bytes are zero. */ - for( i = bytes_to_copy; i < stored_bytes; i++ ) + for (i = bytes_to_copy; i < stored_bytes; i++) { - if( GET_BYTE( X, i ) != 0 ) - return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); + if (GET_BYTE(X, i)) + return MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL; } } - - for( i = 0; i < bytes_to_copy; i++ ) - buf[i] = GET_BYTE( X, i ); - - if( stored_bytes < buflen ) + for (i = 0; i < bytes_to_copy; i++) buf[i] = GET_BYTE(X, i); + if (stored_bytes < buflen) { /* Write trailing 0 bytes */ - memset( buf + stored_bytes, 0, buflen - stored_bytes ); + mbedtls_platform_zeroize(buf + stored_bytes, buflen - stored_bytes); } - - return( 0 ); + return 0; } /** @@ -1123,20 +968,17 @@ int mbedtls_mpi_write_binary_le( const mbedtls_mpi *X, * large enough to hold the value of \p X. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_write_binary( const mbedtls_mpi *X, - unsigned char *buf, size_t buflen ) +int mbedtls_mpi_write_binary(const mbedtls_mpi *X, unsigned char *buf, + size_t buflen) { size_t stored_bytes; size_t bytes_to_copy; unsigned char *p; size_t i; - - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( buflen == 0 || buf != NULL ); - + MPI_VALIDATE_RET(X); + MPI_VALIDATE_RET(!buflen || buf); stored_bytes = X->n * ciL; - - if( stored_bytes < buflen ) + if (stored_bytes < buflen) { /* There is enough space in the output buffer. Write initial * null bytes and record the position at which to start @@ -1145,7 +987,7 @@ int mbedtls_mpi_write_binary( const mbedtls_mpi *X, * number. */ bytes_to_copy = stored_bytes; p = buf + buflen - stored_bytes; - memset( buf, 0, buflen - stored_bytes ); + mbedtls_platform_zeroize(buf, buflen - stored_bytes); } else { @@ -1153,126 +995,35 @@ int mbedtls_mpi_write_binary( const mbedtls_mpi *X, * However X may fit if its leading bytes are zero. */ bytes_to_copy = buflen; p = buf; - for( i = bytes_to_copy; i < stored_bytes; i++ ) + for (i = bytes_to_copy; i < stored_bytes; i++) { - if( GET_BYTE( X, i ) != 0 ) - return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL ); + if (GET_BYTE(X, i)) + return MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL; } } - - for( i = 0; i < bytes_to_copy; i++ ) - p[bytes_to_copy - i - 1] = GET_BYTE( X, i ); - - return( 0 ); + for (i = 0; i < bytes_to_copy; i++) p[bytes_to_copy - i - 1] = GET_BYTE(X, i); + return 0; } -/** - * \brief Perform a left-shift on an MPI: X <<= count - * - * \param X The MPI to shift. This must point to an initialized MPI. - * \param count The number of bits to shift by. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. - * \return Another negative error code on different kinds of failure. - */ -int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count ) +static int mpi_cmp_abs(const mbedtls_mpi *X, + const mbedtls_mpi *Y, + size_t *Xn, + size_t *Yn) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t i, v0, t1; - mbedtls_mpi_uint r0 = 0, r1; - MPI_VALIDATE_RET( X != NULL ); - - v0 = count / (biL ); - t1 = count & (biL - 1); - - i = mbedtls_mpi_bitlen( X ) + count; - - if( X->n * biL < i ) - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, BITS_TO_LIMBS( i ) ) ); - - ret = 0; - - /* - * shift by count / limb_size - */ - if( v0 > 0 ) + size_t i, j; + i = mbedtls_mpi_limbs(X); + j = mbedtls_mpi_limbs(Y); + *Xn = i; + *Yn = j; + if (!i && !j) return 0; + if (i > j) return 1; + if (j > i) return -1; + for (; i > 0; i--) { - for( i = X->n; i > v0; i-- ) - X->p[i - 1] = X->p[i - v0 - 1]; - - for( ; i > 0; i-- ) - X->p[i - 1] = 0; + if (X->p[i - 1] > Y->p[i - 1]) return 1; + if (X->p[i - 1] < Y->p[i - 1]) return -1; } - - /* - * shift by count % limb_size - */ - if( t1 > 0 ) - { - for( i = v0; i < X->n; i++ ) - { - r1 = X->p[i] >> (biL - t1); - X->p[i] <<= t1; - X->p[i] |= r0; - r0 = r1; - } - } - -cleanup: - - return( ret ); -} - -/** - * \brief Perform a right-shift on an MPI: X >>= count - * - * \param X The MPI to shift. This must point to an initialized MPI. - * \param count The number of bits to shift by. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. - * \return Another negative error code on different kinds of failure. - */ -int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count ) -{ - size_t i, v0, v1; - mbedtls_mpi_uint r0 = 0, r1; - MPI_VALIDATE_RET( X != NULL ); - - v0 = count / biL; - v1 = count & (biL - 1); - - if( v0 > X->n || ( v0 == X->n && v1 > 0 ) ) - return mbedtls_mpi_lset( X, 0 ); - - /* - * shift by count / limb_size - */ - if( v0 > 0 ) - { - for( i = 0; i < X->n - v0; i++ ) - X->p[i] = X->p[i + v0]; - - for( ; i < X->n; i++ ) - X->p[i] = 0; - } - - /* - * shift by count % limb_size - */ - if( v1 > 0 ) - { - for( i = X->n; i > 0; i-- ) - { - r1 = X->p[i - 1] << (biL - v1); - X->p[i - 1] >>= v1; - X->p[i - 1] |= r0; - r0 = r1; - } - } - - return( 0 ); + return 0; } /** @@ -1285,33 +1036,31 @@ int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count ) * \return \c -1 if `|X|` is lesser than `|Y|`. * \return \c 0 if `|X|` is equal to `|Y|`. */ -int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y ) +int mbedtls_mpi_cmp_abs(const mbedtls_mpi *X, const mbedtls_mpi *Y) { size_t i, j; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( Y != NULL ); + MPI_VALIDATE_RET(X); + MPI_VALIDATE_RET(Y); + return mpi_cmp_abs(X, Y, &i, &j); +} - for( i = X->n; i > 0; i-- ) - if( X->p[i - 1] != 0 ) - break; - - for( j = Y->n; j > 0; j-- ) - if( Y->p[j - 1] != 0 ) - break; - - if( i == 0 && j == 0 ) - return( 0 ); - - if( i > j ) return( 1 ); - if( j > i ) return( -1 ); - - for( ; i > 0; i-- ) - { - if( X->p[i - 1] > Y->p[i - 1] ) return( 1 ); - if( X->p[i - 1] < Y->p[i - 1] ) return( -1 ); +static int mpi_cmp_mpi(const mbedtls_mpi *X, const mbedtls_mpi *Y, + size_t *Xn, size_t *Yn) { + size_t i, j; + i = mbedtls_mpi_limbs(X); + j = mbedtls_mpi_limbs(Y); + *Xn = i; + *Yn = j; + if (!i && !j) return 0; + if (i > j) return X->s; + if (j > i) return -Y->s; + if (X->s > 0 && Y->s < 0) return 1; + if (Y->s > 0 && X->s < 0) return -1; + for (; i > 0; i--) { + if (X->p[i - 1] > Y->p[i - 1]) return X->s; + if (X->p[i - 1] < Y->p[i - 1]) return -X->s; } - - return( 0 ); + return 0; } /** @@ -1324,36 +1073,11 @@ int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y ) * \return \c -1 if \p X is lesser than \p Y. * \return \c 0 if \p X is equal to \p Y. */ -int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y ) -{ +int mbedtls_mpi_cmp_mpi(const mbedtls_mpi *X, const mbedtls_mpi *Y) { size_t i, j; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( Y != NULL ); - - for( i = X->n; i > 0; i-- ) - if( X->p[i - 1] != 0 ) - break; - - for( j = Y->n; j > 0; j-- ) - if( Y->p[j - 1] != 0 ) - break; - - if( i == 0 && j == 0 ) - return( 0 ); - - if( i > j ) return( X->s ); - if( j > i ) return( -Y->s ); - - if( X->s > 0 && Y->s < 0 ) return( 1 ); - if( Y->s > 0 && X->s < 0 ) return( -1 ); - - for( ; i > 0; i-- ) - { - if( X->p[i - 1] > Y->p[i - 1] ) return( X->s ); - if( X->p[i - 1] < Y->p[i - 1] ) return( -X->s ); - } - - return( 0 ); + MPI_VALIDATE_RET(X); + MPI_VALIDATE_RET(Y); + return mpi_cmp_mpi(X, Y, &i, &j); } /** @@ -1364,32 +1088,27 @@ int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y ) * * \return 1 if \p x is less than \p y, 0 otherwise */ -static unsigned ct_lt_mpi_uint( const mbedtls_mpi_uint x, - const mbedtls_mpi_uint y ) -{ +static unsigned ct_lt_mpi_uint(const mbedtls_mpi_uint x, + const mbedtls_mpi_uint y) { mbedtls_mpi_uint ret; mbedtls_mpi_uint cond; - /* * Check if the most significant bits (MSB) of the operands are different. */ - cond = ( x ^ y ); + cond = (x ^ y); /* * If the MSB are the same then the difference x-y will be negative (and * have its MSB set to 1 during conversion to unsigned) if and only if x> ( biL - 1 ); - - return (unsigned) ret; + ret = ret >> (biL - 1); + return (unsigned)ret; } /** @@ -1407,42 +1126,36 @@ static unsigned ct_lt_mpi_uint( const mbedtls_mpi_uint x, * \return MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the allocated length of * the two input MPIs is not the same. */ -int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X, const mbedtls_mpi *Y, - unsigned *ret ) +int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X, const mbedtls_mpi *Y, + unsigned *ret) { size_t i; /* The value of any of these variables is either 0 or 1 at all times. */ unsigned cond, done, X_is_negative, Y_is_negative; - - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( Y != NULL ); - MPI_VALIDATE_RET( ret != NULL ); - - if( X->n != Y->n ) + MPI_VALIDATE_RET(X); + MPI_VALIDATE_RET(Y); + MPI_VALIDATE_RET(ret); + if (X->n != Y->n) return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - /* * Set sign_N to 1 if N >= 0, 0 if N < 0. * We know that N->s == 1 if N >= 0 and N->s == -1 if N < 0. */ - X_is_negative = ( X->s & 2 ) >> 1; - Y_is_negative = ( Y->s & 2 ) >> 1; - + X_is_negative = (X->s & 2) >> 1; + Y_is_negative = (Y->s & 2) >> 1; /* * If the signs are different, then the positive operand is the bigger. * That is if X is negative (X_is_negative == 1), then X < Y is true and it * is false if X is positive (X_is_negative == 0). */ - cond = ( X_is_negative ^ Y_is_negative ); + cond = (X_is_negative ^ Y_is_negative); *ret = cond & X_is_negative; - /* * This is a constant-time function. We might have the result, but we still * need to go through the loop. Record if we have the result already. */ done = cond; - - for( i = X->n; i > 0; i-- ) + for (i = X->n; i > 0; i--) { /* * If Y->p[i - 1] < X->p[i - 1] then X < Y is true if and only if both @@ -1451,10 +1164,9 @@ int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X, const mbedtls_mpi *Y, * Again even if we can make a decision, we just mark the result and * the fact that we are done and continue looping. */ - cond = ct_lt_mpi_uint( Y->p[i - 1], X->p[i - 1] ); - *ret |= cond & ( 1 - done ) & X_is_negative; + cond = ct_lt_mpi_uint(Y->p[i - 1], X->p[i - 1]); + *ret |= cond & (1 - done) & X_is_negative; done |= cond; - /* * If X->p[i - 1] < Y->p[i - 1] then X < Y is true if and only if both * X and Y are positive. @@ -1462,12 +1174,11 @@ int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X, const mbedtls_mpi *Y, * Again even if we can make a decision, we just mark the result and * the fact that we are done and continue looping. */ - cond = ct_lt_mpi_uint( X->p[i - 1], Y->p[i - 1] ); - *ret |= cond & ( 1 - done ) & ( 1 - X_is_negative ); + cond = ct_lt_mpi_uint(X->p[i - 1], Y->p[i - 1]); + *ret |= cond & (1 - done) & (1 - X_is_negative); done |= cond; } - - return( 0 ); + return 0; } /** @@ -1480,18 +1191,91 @@ int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X, const mbedtls_mpi *Y, * \return \c -1 if \p X is lesser than \p z. * \return \c 0 if \p X is equal to \p z. */ -int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z ) +int mbedtls_mpi_cmp_int(const mbedtls_mpi *X, mbedtls_mpi_sint z) { mbedtls_mpi Y; mbedtls_mpi_uint p[1]; - MPI_VALIDATE_RET( X != NULL ); - - *p = ( z < 0 ) ? -z : z; - Y.s = ( z < 0 ) ? -1 : 1; + MPI_VALIDATE_RET(X); + *p = (z < 0) ? -z : z; + Y.s = (z < 0) ? -1 : 1; Y.n = 1; Y.p = p; + return mbedtls_mpi_cmp_mpi(X, &Y); +} - return( mbedtls_mpi_cmp_mpi( X, &Y ) ); +forceinline mbedtls_mpi_uint mpi_add_hlp(mbedtls_mpi_uint *d, + const mbedtls_mpi_uint *b, + size_t n) +{ + size_t i; + unsigned char cf; + mbedtls_mpi_uint c, t, *e; + e = d + n; + c = i = 0; +#ifdef __x86_64__ + for (; d + 4 <= e; d += 4, b += 4, c = cf) + { + asm("add\t%5,%1\n\t" + "adc\t%6,%2\n\t" + "adc\t%7,%3\n\t" + "adc\t%8,%4" + : "=@ccc"(cf), "+m"(d[0]), "+m"(d[1]), "+m"(d[2]), "+m"(d[3]) + : "r"(b[0] + c), "r"(b[1]), "r"(b[2]), "r"(b[3]) + : "cc"); + } +#endif + for (; d < e; ++d, ++b) + ADC(*d, *d, *b, c, c); + return c; +} + +/** + * Helper for mbedtls_mpi subtraction. + * + * Calculate d = a - b where d, a, and b have the same size. + * This function operates modulo (2^ciL)^n and returns the carry + * (1 if there was a wraparound, i.e. if `a < b`, and 0 otherwise). + * + * \param[out] d Result of subtraction. + * \param[in] a Left operand. + * \param[in] b Right operand. + * \param n Number of limbs of \p a and \p b. + * \return 1 if `d < s`. + * 0 if `d >= s`. + */ +forceinline mbedtls_mpi_uint mpi_sub_hlp(mbedtls_mpi_uint *d, + const mbedtls_mpi_uint *a, + const mbedtls_mpi_uint *b, + size_t n) +{ + size_t i; + unsigned char cf; + uint64_t q, r, s, t; + mbedtls_mpi_uint c, z, x, y; + cf = c = i = 0; +#ifdef __x86_64__ + for (; i + 4 <= n; i += 4, c = cf) + { + q = a[i + 0]; + r = a[i + 1]; + s = a[i + 2]; + t = a[i + 3]; + asm volatile("sub\t%5,%1\n\t" + "sbb\t1*8(%6),%2\n\t" + "sbb\t2*8(%6),%3\n\t" + "sbb\t3*8(%6),%4" + : "=@ccc"(cf), "+r"(q), "+r"(r), "+r"(s), "+r"(t) + : "r"(b[i] + c), "r"(b + i) + : "memory", "cc"); + d[i + 0] = q; + d[i + 1] = r; + d[i + 2] = s; + d[i + 3] = t; + } +#endif + for (; i < n; ++i) + SBB(d[i], a[i], b[i], c, c); + return c; } /** @@ -1505,60 +1289,71 @@ int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z ) * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) +int mbedtls_mpi_add_abs(mbedtls_mpi *X, const mbedtls_mpi *A, + const mbedtls_mpi *B) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t i, j; - mbedtls_mpi_uint *o, *p, c, tmp; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( A != NULL ); - MPI_VALIDATE_RET( B != NULL ); - - if( X == B ) + unsigned char cf; + const mbedtls_mpi *T; + mbedtls_mpi_uint c, tmp; + MPI_VALIDATE_RET(X); + MPI_VALIDATE_RET(A); + MPI_VALIDATE_RET(B); + if (X == B) T = A, A = X, B = T; + if (X != A) MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, A)); + X->s = 1; /* always positive b/c unsigned addition */ + j = mbedtls_mpi_limbs(B); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, j)); + c = mpi_add_hlp(X->p, B->p, j); + for (; c; ++j) { - const mbedtls_mpi *T = A; A = X; B = T; + if (j >= X->n) + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, j + 1)); + X->p[j] += c; + c = X->p[j] < c; } +cleanup: + return ret; +} - if( X != A ) - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, A ) ); - +static int mpi_sub_abs(mbedtls_mpi *X, const mbedtls_mpi *A, + const mbedtls_mpi *B, size_t Bn) +{ + int ret; + size_t n, m; + unsigned char cf; + n = Bn; + if (n > A->n) + return MBEDTLS_ERR_MPI_NEGATIVE_VALUE; /* B >= (2^ciL)^n > A */ + if (X != A) + { + if (X->n < A->n) { + if ((ret = mbedtls_mpi_grow(X, A->n))) return ret; + } else if (X->n > A->n) { + mbedtls_mpi_zeroize(X->p + A->n, X->n - A->n); + } + if ((m = A->n - n)) + memcpy(X->p + n, A->p + n, m * ciL); + } /* - * X should always be positive as a result of unsigned additions. + * X should always be positive as a result of unsigned subtractions. */ X->s = 1; - - for( j = B->n; j > 0; j-- ) - if( B->p[j - 1] != 0 ) - break; - - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) ); - - o = B->p; p = X->p; c = 0; - - /* - * tmp is used because it might happen that p == o - */ - for( i = 0; i < j; i++, o++, p++ ) + cf = mpi_sub_hlp(X->p, A->p, B->p, n); + if (cf) { - tmp= *o; - *p += c; c = ( *p < c ); - *p += tmp; c += ( *p < tmp ); - } - - while( c != 0 ) - { - if( i >= X->n ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + 1 ) ); - p = X->p + i; + /* Propagate the carry to the first nonzero limb of X. */ + for (; n < A->n && !A->p[n]; n++) { /* --X->p[n]; */ + X->p[n] = A->p[n] - 1; } - - *p += c; c = ( *p < c ); i++; p++; + /* If we ran out of space for the carry, it means that the result + * is negative. */ + if (n == X->n) + return MBEDTLS_ERR_MPI_NEGATIVE_VALUE; + --X->p[n]; } - -cleanup: - - return( ret ); + return 0; } /** @@ -1572,42 +1367,16 @@ cleanup: * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is greater than \p A. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) +int mbedtls_mpi_sub_abs(mbedtls_mpi *X, const mbedtls_mpi *A, + const mbedtls_mpi *B) { size_t n, m; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( A != NULL ); - MPI_VALIDATE_RET( B != NULL ); - if( X != A && !B->n ) - return mbedtls_mpi_copy( X, A ); /* wut */ - for( n = B->n; n > 0; n-- ) - if( B->p[n - 1] != 0 ) - break; - if( n > A->n ) - return MBEDTLS_ERR_MPI_NEGATIVE_VALUE; /* B >= (2^ciL)^n > A */ - if (X != A) { - if (X->n < A->n) - X->p = realloc(X->p, A->n * 8); - X->n = A->n; - if ( ( m = A->n - n ) ) - memcpy(X->p+n, A->p+n, m * 8); - } - /* - * X should always be positive as a result of unsigned subtractions. - */ - X->s = 1; - if( sbb( X->p, A->p, B->p, n ) ){ - /* Propagate the carry to the first nonzero limb of X. */ - for( ; n < A->n && A->p[n] == 0; n++ ) - /* --X->p[n]; */ - X->p[n] = A->p[n] - 1; - /* If we ran out of space for the carry, it means that the result - * is negative. */ - if( n == X->n ) - return MBEDTLS_ERR_MPI_NEGATIVE_VALUE; - --X->p[n]; - } - return( 0 ); + unsigned char cf; + MPI_VALIDATE_RET(X); + MPI_VALIDATE_RET(A); + MPI_VALIDATE_RET(B); + if (X != A && !B->n) return mbedtls_mpi_copy(X, A); /* wut */ + return mpi_sub_abs(X, A, B, mbedtls_mpi_limbs(B)); } /** @@ -1621,36 +1390,35 @@ int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) +int mbedtls_mpi_add_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, + const mbedtls_mpi *B) { int ret, s; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( A != NULL ); - MPI_VALIDATE_RET( B != NULL ); - + size_t i, j; + MPI_VALIDATE_RET(X); + MPI_VALIDATE_RET(A); + MPI_VALIDATE_RET(B); s = A->s; - if( A->s * B->s < 0 ) + if (A->s * B->s < 0) { - if( mbedtls_mpi_cmp_abs( A, B ) >= 0 ) + if (mpi_cmp_abs(A, B, &i, &j) >= 0) { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, A, B ) ); - X->s = s; + MBEDTLS_MPI_CHK(mpi_sub_abs(X, A, B, j)); + X->s = s; } else { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, B, A ) ); + MBEDTLS_MPI_CHK(mpi_sub_abs(X, B, A, i)); X->s = -s; } } else { - MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( X, A, B ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(X, A, B)); X->s = s; } - cleanup: - - return( ret ); + return ret; } /** @@ -1664,62 +1432,60 @@ cleanup: * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) +int mbedtls_mpi_sub_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, + const mbedtls_mpi *B) { int ret, s; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( A != NULL ); - MPI_VALIDATE_RET( B != NULL ); - + size_t i, j; + MPI_VALIDATE_RET(X); + MPI_VALIDATE_RET(A); + MPI_VALIDATE_RET(B); s = A->s; - if( A->s * B->s > 0 ) + if (A->s * B->s > 0) { - if( mbedtls_mpi_cmp_abs( A, B ) >= 0 ) + if (mpi_cmp_abs(A, B, &i, &j) >= 0) { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, A, B ) ); - X->s = s; + MBEDTLS_MPI_CHK(mpi_sub_abs(X, A, B, j)); + X->s = s; } else { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, B, A ) ); + MBEDTLS_MPI_CHK(mpi_sub_abs(X, B, A, i)); X->s = -s; } } else { - MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( X, A, B ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(X, A, B)); X->s = s; } - cleanup: - - return( ret ); + return ret; } /** - * \brief Perform a signed addition of an MPI and an integer: X = A + b + * \brief Performs signed addition of MPI and integer: X = A + b * * \param X The destination MPI. This must point to an initialized MPI. * \param A The first summand. This must point to an initialized MPI. * \param b The second summand. * * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. - * \return Another negative error code on different kinds of failure. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a allocation failed. + * \return Another negative error code on different kinds of + * failure. */ -int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b ) -{ +int mbedtls_mpi_add_int(mbedtls_mpi *X, const mbedtls_mpi *A, + mbedtls_mpi_sint b) { mbedtls_mpi _B; mbedtls_mpi_uint p[1]; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( A != NULL ); - - p[0] = ( b < 0 ) ? -b : b; - _B.s = ( b < 0 ) ? -1 : 1; + MPI_VALIDATE_RET(X); + MPI_VALIDATE_RET(A); + p[0] = (b < 0) ? -b : b; + _B.s = (b < 0) ? -1 : 1; _B.n = 1; _B.p = p; - - return( mbedtls_mpi_add_mpi( X, A, &_B ) ); + return mbedtls_mpi_add_mpi(X, A, &_B); } /** @@ -1734,257 +1500,121 @@ int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b ) -{ +int mbedtls_mpi_sub_int(mbedtls_mpi *X, const mbedtls_mpi *A, + mbedtls_mpi_sint b) { mbedtls_mpi _B; mbedtls_mpi_uint p[1]; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( A != NULL ); - - p[0] = ( b < 0 ) ? -b : b; - _B.s = ( b < 0 ) ? -1 : 1; + MPI_VALIDATE_RET(X); + MPI_VALIDATE_RET(A); + p[0] = (b < 0) ? -b : b; + _B.s = (b < 0) ? -1 : 1; _B.n = 1; _B.p = p; - - return( mbedtls_mpi_sub_mpi( X, A, &_B ) ); -} - -/* - * Helper for mbedtls_mpi multiplication - */ -static void mpi_mul_hlp( size_t i, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d, mbedtls_mpi_uint b ) -{ - uint128_t axdx; - mbedtls_mpi_uint c = 0, t = 0, ax, dx, z; - -#if defined(MULADDC_HUIT) - for( ; i >= 8; i -= 8 ) - { - MULADDC_INIT - MULADDC_HUIT - MULADDC_STOP - } - - for( ; i > 0; i-- ) - { - MULADDC_INIT - MULADDC_CORE - MULADDC_STOP - } -#else /* MULADDC_HUIT */ - - for( ; i >= 16; i -= 16 ) - { - MULADDC_INIT - MULADDC_CORE MULADDC_CORE - MULADDC_CORE MULADDC_CORE - MULADDC_CORE MULADDC_CORE - MULADDC_CORE MULADDC_CORE - MULADDC_CORE MULADDC_CORE - MULADDC_CORE MULADDC_CORE - MULADDC_CORE MULADDC_CORE - MULADDC_CORE MULADDC_CORE - MULADDC_STOP - } - for( ; i >= 8; i -= 8 ) - { - MULADDC_INIT - MULADDC_CORE MULADDC_CORE - MULADDC_CORE MULADDC_CORE - MULADDC_CORE MULADDC_CORE - MULADDC_CORE MULADDC_CORE - MULADDC_STOP - } - for( ; i > 0; i-- ) - { - MULADDC_INIT - MULADDC_CORE - MULADDC_STOP - } - -#endif /* MULADDC_HUIT */ - - t++; - - do { - *d += c; c = ( *d < c ); d++; - } - while( c != 0 ); -} - -/** - * \brief Perform a multiplication of two MPIs: X = A * B - * - * \param X The destination MPI. This must point to an initialized MPI. - * \param A The first factor. This must point to an initialized MPI. - * \param B The second factor. This must point to an initialized MPI. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. - * \return Another negative error code on different kinds of failure. - * - */ -int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t i, j; - mbedtls_mpi TA, TB; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( A != NULL ); - MPI_VALIDATE_RET( B != NULL ); - - mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB ); - - if( X == A ) { MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TA, A ) ); A = &TA; } - if( X == B ) { MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) ); B = &TB; } - - for( i = A->n; i > 0; i-- ) - if( A->p[i - 1] != 0 ) - break; - - for( j = B->n; j > 0; j-- ) - if( B->p[j - 1] != 0 ) - break; - - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + j ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) ); - - for( ; j > 0; j-- ) - mpi_mul_hlp( i, A->p, X->p + j - 1, B->p[j - 1] ); - - X->s = A->s * B->s; - -cleanup: - - mbedtls_mpi_free( &TB ); mbedtls_mpi_free( &TA ); - - return( ret ); -} - -/** - * \brief Perform a multiplication of an MPI with an unsigned integer: - * X = A * b - * - * \param X The destination MPI. This must point to an initialized MPI. - * \param A The first factor. This must point to an initialized MPI. - * \param b The second factor. - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. - * \return Another negative error code on different kinds of failure. - * - */ -int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b ) -{ - mbedtls_mpi _B; - mbedtls_mpi_uint p[1]; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( A != NULL ); - - _B.s = 1; - _B.n = 1; - _B.p = p; - p[0] = b; - - return( mbedtls_mpi_mul_mpi( X, A, &_B ) ); + return mbedtls_mpi_sub_mpi(X, A, &_B); } /* * Unsigned integer divide - double mbedtls_mpi_uint dividend, u1/u0, and * mbedtls_mpi_uint divisor, d */ -static mbedtls_mpi_uint mbedtls_int_div_int( mbedtls_mpi_uint u1, - mbedtls_mpi_uint u0, - mbedtls_mpi_uint d, - mbedtls_mpi_uint *r ) +static inline mbedtls_mpi_uint mbedtls_int_div_int(mbedtls_mpi_uint u1, + mbedtls_mpi_uint u0, + mbedtls_mpi_uint d, + mbedtls_mpi_uint *r) { -#if defined(MBEDTLS_HAVE_UDBL) + if (d && u1 < d) + { +#ifdef __x86_64__ + mbedtls_mpi_uint quo, rem; + asm("div\t%2" : "=a"(quo), "=d"(rem) : "r"(d), "0"(u0), "1"(u1) : "cc"); + if (r) *r = rem; + return quo; +#elif defined(MBEDTLS_HAVE_UDBL) mbedtls_t_udbl dividend, quotient; + dividend = (mbedtls_t_udbl)u1 << biL; + dividend |= (mbedtls_t_udbl)u0; + quotient = dividend / d; + if (quotient > ((mbedtls_t_udbl)1 << biL) - 1) + quotient = ((mbedtls_t_udbl)1 << biL) - 1; + if (r) *r = (mbedtls_mpi_uint)(dividend - (quotient * d)); + return (mbedtls_mpi_uint)quotient; #else - const mbedtls_mpi_uint radix = (mbedtls_mpi_uint) 1 << biH; - const mbedtls_mpi_uint uint_halfword_mask = ( (mbedtls_mpi_uint) 1 << biH ) - 1; + size_t s; + mbedtls_mpi_uint radix = (mbedtls_mpi_uint)1 << biH; + mbedtls_mpi_uint uint_halfword_mask = ((mbedtls_mpi_uint)1 << biH) - 1; mbedtls_mpi_uint d0, d1, q0, q1, rAX, r0, quotient; mbedtls_mpi_uint u0_msw, u0_lsw; - size_t s; -#endif - - /* - * Check for overflow - */ - if( 0 == d || u1 >= d ) - { - if (r != NULL) *r = ~0; - - return ( ~0 ); - } - -#if defined(MBEDTLS_HAVE_UDBL) - dividend = (mbedtls_t_udbl) u1 << biL; - dividend |= (mbedtls_t_udbl) u0; - quotient = dividend / d; - if( quotient > ( (mbedtls_t_udbl) 1 << biL ) - 1 ) - quotient = ( (mbedtls_t_udbl) 1 << biL ) - 1; - - if( r != NULL ) - *r = (mbedtls_mpi_uint)( dividend - (quotient * d ) ); - - return (mbedtls_mpi_uint) quotient; -#else - /* * Algorithm D, Section 4.3.1 - The Art of Computer Programming * Vol. 2 - Seminumerical Algorithms, Knuth */ - /* * Normalize the divisor, d, and dividend, u0, u1 */ - s = mbedtls_clz( d ); + s = mbedtls_clz(d); d = d << s; - u1 = u1 << s; - u1 |= ( u0 >> ( biL - s ) ) & ( -(mbedtls_mpi_sint)s >> ( biL - 1 ) ); - u0 = u0 << s; - + u1 |= (u0 >> (biL - s)) & (-(mbedtls_mpi_sint)s >> (biL - 1)); + u0 = u0 << s; d1 = d >> biH; d0 = d & uint_halfword_mask; - u0_msw = u0 >> biH; u0_lsw = u0 & uint_halfword_mask; - /* * Find the first quotient and remainder */ q1 = u1 / d1; r0 = u1 - d1 * q1; - - while( q1 >= radix || ( q1 * d0 > radix * r0 + u0_msw ) ) + while (q1 >= radix || (q1 * d0 > radix * r0 + u0_msw)) { - q1 -= 1; - r0 += d1; - - if ( r0 >= radix ) break; + q1 -= 1; + r0 += d1; + if (r0 >= radix) + break; } - - rAX = ( u1 * radix ) + ( u0_msw - q1 * d ); + rAX = (u1 * radix) + (u0_msw - q1 * d); q0 = rAX / d1; r0 = rAX - q0 * d1; - - while( q0 >= radix || ( q0 * d0 > radix * r0 + u0_lsw ) ) + while (q0 >= radix || (q0 * d0 > radix * r0 + u0_lsw)) { - q0 -= 1; - r0 += d1; - - if ( r0 >= radix ) break; + q0 -= 1; + r0 += d1; + if (r0 >= radix) + break; } - - if (r != NULL) - *r = ( rAX * radix + u0_lsw - q0 * d ) >> s; - + if (r) *r = (rAX * radix + u0_lsw - q0 * d) >> s; quotient = q1 * radix + q0; - return quotient; #endif + } + else + { + if (r) *r = ~0; + return ~0; + } +} + +static inline void Multiply2x1(uint64_t a[3], uint64_t b) { + uint128_t x; + uint64_t l, h; + x = a[0]; + x *= b; + l = x; + h = x >> 64; + x = a[1]; + x *= b; + x += h + ((a[0] = l) < 0); + l = x; + h = x >> 64; + a[2] = h + ((a[1] = l) < 0); +} + +static inline bool GreaterThan3x3(uint64_t a[3], uint64_t b[3]) { + if (a[2] > b[2]) return true; + if (a[2] < b[2]) return false; + if (a[1] > b[1]) return true; + if (a[1] < b[1]) return false; + return a[0] > b[0]; } /** @@ -2005,21 +1635,21 @@ static mbedtls_mpi_uint mbedtls_int_div_int( mbedtls_mpi_uint u1, * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, - const mbedtls_mpi *B ) +int mbedtls_mpi_div_mpi(mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, + const mbedtls_mpi *B) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t i, n, t, k; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; + size_t i, n, t, k, Xn, Yn; mbedtls_mpi X, Y, Z, T1, T2; mbedtls_mpi_uint TP2[3]; - MPI_VALIDATE_RET( A != NULL ); - MPI_VALIDATE_RET( B != NULL ); - - if( mbedtls_mpi_cmp_int( B, 0 ) == 0 ) - return( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO ); - - mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); - mbedtls_mpi_init( &T1 ); + MPI_VALIDATE_RET(A); + MPI_VALIDATE_RET(B); + if (mbedtls_mpi_is_zero(B)) + return MBEDTLS_ERR_MPI_DIVISION_BY_ZERO; + mbedtls_mpi_init(&X); + mbedtls_mpi_init(&Y); + mbedtls_mpi_init(&Z); + mbedtls_mpi_init(&T1); /* * Avoid dynamic memory allocations for constant-size T2. * @@ -2028,106 +1658,86 @@ int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, * buffer. */ T2.s = 1; - T2.n = sizeof( TP2 ) / sizeof( *TP2 ); + T2.n = sizeof(TP2) / sizeof(*TP2); T2.p = TP2; - - if( mbedtls_mpi_cmp_abs( A, B ) < 0 ) + if (mbedtls_mpi_cmp_abs(A, B) < 0) { - if( Q != NULL ) MBEDTLS_MPI_CHK( mbedtls_mpi_lset( Q, 0 ) ); - if( R != NULL ) MBEDTLS_MPI_CHK( mbedtls_mpi_copy( R, A ) ); - return( 0 ); + if (Q) MBEDTLS_MPI_CHK(mbedtls_mpi_lset(Q, 0)); + if (R) MBEDTLS_MPI_CHK(mbedtls_mpi_copy(R, A)); + return 0; } - - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &X, A ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Y, B ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&X, A)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&Y, B)); X.s = Y.s = 1; - - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &Z, A->n + 2 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &Z, 0 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T1, 2 ) ); - - k = mbedtls_mpi_bitlen( &Y ) % biL; - if( k < biL - 1 ) + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&Z, A->n + 2)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&Z, 0)); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&T1, 80)); /* we need left pad hard below */ + k = mbedtls_mpi_bitlen(&Y) % biL; + if (k < biL - 1) { k = biL - 1 - k; - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &X, k ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &Y, k ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&X, k)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&Y, k)); + } + else + { + k = 0; } - else k = 0; - n = X.n - 1; t = Y.n - 1; - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &Y, biL * ( n - t ) ) ); - - while( mbedtls_mpi_cmp_mpi( &X, &Y ) >= 0 ) + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&Y, biL * (n - t))); + while (mpi_cmp_abs(&X, &Y, &Xn, &Yn) >= 0) { Z.p[n - t]++; - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X, &X, &Y ) ); + MBEDTLS_MPI_CHK(mpi_sub_abs(&X, &X, &Y, Yn)); } - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Y, biL * ( n - t ) ) ); - - for( i = n; i > t ; i-- ) + mbedtls_mpi_shift_r(&Y, biL * (n - t)); + for (i = n; i > t; i--) { - if( X.p[i] >= Y.p[t] ) + if (X.p[i] >= Y.p[t]) Z.p[i - t - 1] = ~0; else - { - Z.p[i - t - 1] = mbedtls_int_div_int( X.p[i], X.p[i - 1], - Y.p[t], NULL); - } - - T2.p[0] = ( i < 2 ) ? 0 : X.p[i - 2]; - T2.p[1] = ( i < 1 ) ? 0 : X.p[i - 1]; + Z.p[i - t - 1] = mbedtls_int_div_int(X.p[i], X.p[i - 1], Y.p[t], NULL); + T2.p[0] = (i < 2) ? 0 : X.p[i - 2]; + T2.p[1] = (i < 1) ? 0 : X.p[i - 1]; T2.p[2] = X.p[i]; - Z.p[i - t - 1]++; - do - { + do { Z.p[i - t - 1]--; - - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &T1, 0 ) ); - T1.p[0] = ( t < 1 ) ? 0 : Y.p[t - 1]; + T1.p[0] = (t < 1) ? 0 : Y.p[t - 1]; T1.p[1] = Y.p[t]; - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T1, &T1, Z.p[i - t - 1] ) ); - } - while( mbedtls_mpi_cmp_mpi( &T1, &T2 ) > 0 ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T1, &Y, Z.p[i - t - 1] ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &T1, biL * ( i - t - 1 ) ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X, &X, &T1 ) ); - - if( mbedtls_mpi_cmp_int( &X, 0 ) < 0 ) + Multiply2x1(T1.p, Z.p[i - t - 1]); + } while (GreaterThan3x3(T1.p, T2.p)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_int(&T1, &Y, Z.p[i - t - 1])); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&T1, biL * (i - t - 1))); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&X, &X, &T1)); + if (X.s < 0) { - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &T1, &Y ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &T1, biL * ( i - t - 1 ) ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &X, &X, &T1 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&T1, &Y)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&T1, biL * (i - t - 1))); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&X, &X, &T1)); Z.p[i - t - 1]--; } } - - if( Q != NULL ) + if (Q) { - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( Q, &Z ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(Q, &Z)); Q->s = A->s * B->s; } - - if( R != NULL ) + if (R) { - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &X, k ) ); + mbedtls_mpi_shift_r(&X, k); X.s = A->s; - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( R, &X ) ); - - if( mbedtls_mpi_cmp_int( R, 0 ) == 0 ) - R->s = 1; + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(R, &X)); + if (mbedtls_mpi_is_zero(R)) R->s = 1; } - cleanup: - - mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); - mbedtls_mpi_free( &T1 ); - mbedtls_platform_zeroize( TP2, sizeof( TP2 ) ); - - return( ret ); + mbedtls_mpi_free(&X); + mbedtls_mpi_free(&Y); + mbedtls_mpi_free(&Z); + mbedtls_mpi_free(&T1); + mbedtls_platform_zeroize(TP2, sizeof(TP2)); + return ret; } /** @@ -2148,20 +1758,17 @@ cleanup: * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, - const mbedtls_mpi *A, - mbedtls_mpi_sint b ) +int mbedtls_mpi_div_int(mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, + mbedtls_mpi_sint b) { mbedtls_mpi _B; mbedtls_mpi_uint p[1]; - MPI_VALIDATE_RET( A != NULL ); - - p[0] = ( b < 0 ) ? -b : b; - _B.s = ( b < 0 ) ? -1 : 1; + MPI_VALIDATE_RET(A); + p[0] = (b < 0) ? -b : b; + _B.s = (b < 0) ? -1 : 1; _B.n = 1; _B.p = p; - - return( mbedtls_mpi_div_mpi( Q, R, A, &_B ) ); + return mbedtls_mpi_div_mpi(Q, R, A, &_B); } /** @@ -2179,29 +1786,22 @@ int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, * \return #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero. * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p B is negative. * \return Another negative error code on different kinds of failure. - * */ -int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B ) +int mbedtls_mpi_mod_mpi(mbedtls_mpi *R, const mbedtls_mpi *A, + const mbedtls_mpi *B) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MPI_VALIDATE_RET( R != NULL ); - MPI_VALIDATE_RET( A != NULL ); - MPI_VALIDATE_RET( B != NULL ); - - if( mbedtls_mpi_cmp_int( B, 0 ) < 0 ) - return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( NULL, R, A, B ) ); - - while( mbedtls_mpi_cmp_int( R, 0 ) < 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( R, R, B ) ); - - while( mbedtls_mpi_cmp_mpi( R, B ) >= 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( R, R, B ) ); - + size_t i, j; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; + MPI_VALIDATE_RET(R); + MPI_VALIDATE_RET(A); + MPI_VALIDATE_RET(B); + if (B->s < 0) return MBEDTLS_ERR_MPI_NEGATIVE_VALUE; + MBEDTLS_MPI_CHK(mbedtls_mpi_div_mpi(NULL, R, A, B)); + while (R->s < 0) MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(R, R, B)); + while (mbedtls_mpi_cmp_mpi(R, B) >= 0) + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(R, R, B)); cleanup: - - return( ret ); + return ret; } /** @@ -2220,77 +1820,64 @@ cleanup: * \return #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p b is negative. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_sint b ) +int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, + mbedtls_mpi_sint b ) { size_t i; mbedtls_mpi_uint x, y, z; - MPI_VALIDATE_RET( r != NULL ); - MPI_VALIDATE_RET( A != NULL ); - - if( b == 0 ) - return( MBEDTLS_ERR_MPI_DIVISION_BY_ZERO ); - - if( b < 0 ) - return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE ); - + MPI_VALIDATE_RET(r); + MPI_VALIDATE_RET(A); + if (!b) + return MBEDTLS_ERR_MPI_DIVISION_BY_ZERO; + if (b < 0) + return MBEDTLS_ERR_MPI_NEGATIVE_VALUE; /* * handle trivial cases */ - if( b == 1 ) + if (b == 1) { *r = 0; - return( 0 ); + return 0; } - - if( b == 2 ) + if (b == 2) { *r = A->p[0] & 1; - return( 0 ); + return 0; } - /* * general case */ - for( i = A->n, y = 0; i > 0; i-- ) + for (i = A->n, y = 0; i > 0; i--) { - x = A->p[i - 1]; - y = ( y << biH ) | ( x >> biH ); - z = y / b; + x = A->p[i - 1]; + y = (y << biH) | (x >> biH); + z = y / b; y -= z * b; - x <<= biH; - y = ( y << biH ) | ( x >> biH ); - z = y / b; + y = (y << biH) | (x >> biH); + z = y / b; y -= z * b; } - /* * If A is negative, then the current y represents a negative value. * Flipping it to the positive side. */ - if( A->s < 0 && y != 0 ) - y = b - y; - + if (A->s < 0 && y) y = b - y; *r = y; - - return( 0 ); + return 0; } /* * Fast Montgomery initialization (thanks to Tom St Denis) */ -static void mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N ) +static void mpi_montg_init(mbedtls_mpi_uint *mm, const mbedtls_mpi *N) { mbedtls_mpi_uint x, m0 = N->p[0]; unsigned int i; - - x = m0; - x += ( ( m0 + 2 ) & 4 ) << 1; - - for( i = biL; i >= 8; i /= 2 ) - x *= ( 2 - ( m0 * x ) ); - - *mm = ~x + 1; + x = m0; + x += ((m0 + 2) & 4) << 1; + for (i = biL; i >= 8; i /= 2) x *= 2 - m0 * x; + *mm = -x; } /** @@ -2316,51 +1903,51 @@ static void mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N ) * Note that unlike the usual convention in the library * for `const mbedtls_mpi*`, the content of T can change. */ -static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm, - const mbedtls_mpi *T ) +static void mpi_montmul(mbedtls_mpi *A, const mbedtls_mpi *B, + const mbedtls_mpi *N, mbedtls_mpi_uint mm, + const mbedtls_mpi *T) { size_t i, n, m; - mbedtls_mpi_uint u0, u1, *d; - - memset( T->p, 0, T->n * ciL ); - + mbedtls_mpi_uint u0, u1, *d, *Ap, *Bp, *Np; + mbedtls_mpi_zeroize(T->p, T->n); d = T->p; n = N->n; - m = ( B->n < n ) ? B->n : n; - - for( i = 0; i < n; i++ ) + m = (B->n < n) ? B->n : n; + Ap = A->p; + Bp = B->p; + Np = N->p; + for (i = 0; i < n; i++) { /* * T = (T + u0*B + u1*N) / 2^biL */ - u0 = A->p[i]; - u1 = ( d[0] + u0 * B->p[0] ) * mm; - - mpi_mul_hlp( m, B->p, d, u0 ); - mpi_mul_hlp( n, N->p, d, u1 ); - - *d++ = u0; d[n + 1] = 0; + u0 = Ap[i]; + u1 = (d[0] + u0 * Bp[0]) * mm; + mbedtls_mpi_mul_hlp(m, Bp, d, u0); + mbedtls_mpi_mul_hlp(n, Np, d, u1); + *d++ = u0; + d[n + 1] = 0; } - /* At this point, d is either the desired result or the desired result * plus N. We now potentially subtract N, avoiding leaking whether the * subtraction is performed through side channels. */ - /* Copy the n least significant limbs of d to A, so that * A = d if d < N (recall that N has n limbs). */ - memcpy( A->p, d, n * ciL ); + memcpy(Ap, d, n * ciL); /* If d >= N then we want to set A to d - N. To prevent timing attacks, * do the calculation without using conditional tests. */ /* Set d to d0 + (2^biL)^n - N where d0 is the current value of d. */ d[n] += 1; - d[n] -= sbb( d, d, N->p, n ); + d[n] -= mpi_sub_hlp(d, d, Np, n); /* If d0 < N then d < (2^biL)^n * so d[n] == 0 and we want to keep A as it is. * If d0 >= N then d >= (2^biL)^n, and d <= (2^biL)^n + N < 2 * (2^biL)^n * so d[n] == 1 and we want to set A to the result of the subtraction * which is d - (2^biL)^n, i.e. the n least significant limbs of d. * This exactly corresponds to a conditional assignment. */ - mpi_safe_cond_assign( n, A->p, d, (unsigned char) d[n] ); + for (i = 0; i < n; ++i) { + Ap[i] = Select(d[i], Ap[i], -d[n]); + } } /* @@ -2368,16 +1955,14 @@ static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi * * See mpi_montmul() regarding constraints and guarantees on the parameters. */ -static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, - mbedtls_mpi_uint mm, const mbedtls_mpi *T ) +static void mpi_montred(mbedtls_mpi *A, const mbedtls_mpi *N, + mbedtls_mpi_uint mm, const mbedtls_mpi *T) { - mbedtls_mpi_uint z = 1; mbedtls_mpi U; - - U.n = U.s = (int) z; + mbedtls_mpi_uint z = 1; + U.n = U.s = (int)z; U.p = &z; - - mpi_montmul( A, &U, N, mm, T ); + mpi_montmul(A, &U, N, mm, T); } /** @@ -2406,222 +1991,195 @@ static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, * \return Another negative error code on different kinds of failures. * */ -int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, - const mbedtls_mpi *E, const mbedtls_mpi *N, - mbedtls_mpi *_RR ) +int mbedtls_mpi_exp_mod(mbedtls_mpi *X, const mbedtls_mpi *A, + const mbedtls_mpi *E, const mbedtls_mpi *N, + mbedtls_mpi *_RR) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t wbits, wsize, one = 1; size_t i, j, nblimbs; size_t bufsize, nbits; mbedtls_mpi_uint ei, mm, state; - mbedtls_mpi RR, T, W[ 1 << MBEDTLS_MPI_WINDOW_SIZE ], Apos; + mbedtls_mpi RR, T, W[1 << MBEDTLS_MPI_WINDOW_SIZE], Apos; int neg; - - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( A != NULL ); - MPI_VALIDATE_RET( E != NULL ); - MPI_VALIDATE_RET( N != NULL ); - - if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 || ( N->p[0] & 1 ) == 0 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - - if( mbedtls_mpi_cmp_int( E, 0 ) < 0 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - - if( mbedtls_mpi_bitlen( E ) > MBEDTLS_MPI_MAX_BITS || - mbedtls_mpi_bitlen( N ) > MBEDTLS_MPI_MAX_BITS ) - return ( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - + MPI_VALIDATE_RET(X); + MPI_VALIDATE_RET(A); + MPI_VALIDATE_RET(E); + MPI_VALIDATE_RET(N); + if (mbedtls_mpi_cmp_int(N, 0) <= 0 || !(N->p[0] & 1)) + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + if (E->s < 0) + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + if (mbedtls_mpi_bitlen(E) > MBEDTLS_MPI_MAX_BITS || + mbedtls_mpi_bitlen(N) > MBEDTLS_MPI_MAX_BITS) + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; /* * Init temps and window size */ - mpi_montg_init( &mm, N ); - mbedtls_mpi_init( &RR ); mbedtls_mpi_init( &T ); - mbedtls_mpi_init( &Apos ); - memset( W, 0, sizeof( W ) ); - - i = mbedtls_mpi_bitlen( E ); - - wsize = ( i > 671 ) ? 6 : ( i > 239 ) ? 5 : - ( i > 79 ) ? 4 : ( i > 23 ) ? 3 : 1; - -#if( MBEDTLS_MPI_WINDOW_SIZE < 6 ) - if( wsize > MBEDTLS_MPI_WINDOW_SIZE ) - wsize = MBEDTLS_MPI_WINDOW_SIZE; + mpi_montg_init(&mm, N); + mbedtls_mpi_init(&RR); + mbedtls_mpi_init(&T); + mbedtls_mpi_init(&Apos); + mbedtls_platform_zeroize(W, sizeof(W)); + i = mbedtls_mpi_bitlen(E); + wsize = (i > 671) ? 6 : (i > 239) ? 5 : (i > 79) ? 4 : (i > 23) ? 3 : 1; +#if (MBEDTLS_MPI_WINDOW_SIZE < 6) + if (wsize > MBEDTLS_MPI_WINDOW_SIZE) wsize = MBEDTLS_MPI_WINDOW_SIZE; #endif - j = N->n + 1; - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[1], j ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T, j * 2 ) ); - + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, j)); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&W[1], j)); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&T, j * 2)); /* * Compensate for negative A (and correct at the end) */ - neg = ( A->s == -1 ); - if( neg ) + neg = (A->s == -1); + if (neg) { - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Apos, A ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&Apos, A)); Apos.s = 1; A = &Apos; } - /* * If 1st call, pre-compute R^2 mod N */ - if( _RR == NULL || _RR->p == NULL ) + if (!_RR || !_RR->p) { - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &RR, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &RR, N->n * 2 * biL ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &RR, &RR, N ) ); - - if( _RR != NULL ) - memcpy( _RR, &RR, sizeof( mbedtls_mpi ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&RR, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&RR, N->n * 2 * biL)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&RR, &RR, N)); + if (_RR) memcpy(_RR, &RR, sizeof(mbedtls_mpi)); } else - memcpy( &RR, _RR, sizeof( mbedtls_mpi ) ); - + { + memcpy(&RR, _RR, sizeof(mbedtls_mpi)); + } /* * W[1] = A * R^2 * R^-1 mod N = A * R mod N */ - if( mbedtls_mpi_cmp_mpi( A, N ) >= 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &W[1], A, N ) ); + if (mbedtls_mpi_cmp_mpi(A, N) >= 0) + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&W[1], A, N)); else - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[1], A ) ); - - mpi_montmul( &W[1], &RR, N, mm, &T ); - + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&W[1], A)); + mpi_montmul(&W[1], &RR, N, mm, &T); /* * X = R^2 * R^-1 mod N = R mod N */ - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &RR ) ); - mpi_montred( X, N, mm, &T ); - - if( wsize > 1 ) + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, &RR)); + mpi_montred(X, N, mm, &T); + if (wsize > 1) { /* * W[1 << (wsize - 1)] = W[1] ^ (wsize - 1) */ - j = one << ( wsize - 1 ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[j], N->n + 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[j], &W[1] ) ); - - for( i = 0; i < wsize - 1; i++ ) - mpi_montmul( &W[j], &W[j], N, mm, &T ); - + j = one << (wsize - 1); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&W[j], N->n + 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&W[j], &W[1])); + for (i = 0; i < wsize - 1; i++) + mpi_montmul(&W[j], &W[j], N, mm, &T); /* * W[i] = W[i - 1] * W[1] */ - for( i = j + 1; i < ( one << wsize ); i++ ) + for (i = j + 1; i < (one << wsize); i++) { - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[i], N->n + 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[i], &W[i - 1] ) ); - - mpi_montmul( &W[i], &W[1], N, mm, &T ); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&W[i], N->n + 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&W[i], &W[i - 1])); + mpi_montmul(&W[i], &W[1], N, mm, &T); } } - nblimbs = E->n; bufsize = 0; - nbits = 0; - wbits = 0; - state = 0; - - while( 1 ) + nbits = 0; + wbits = 0; + state = 0; + while (1) { - if( bufsize == 0 ) + if (!bufsize) { - if( nblimbs == 0 ) - break; - + if (!nblimbs) break; nblimbs--; - - bufsize = sizeof( mbedtls_mpi_uint ) << 3; + bufsize = sizeof(mbedtls_mpi_uint) << 3; } - bufsize--; - ei = (E->p[nblimbs] >> bufsize) & 1; - /* * skip leading 0s */ - if( ei == 0 && state == 0 ) - continue; - - if( ei == 0 && state == 1 ) + if (ei == 0 && state == 0) continue; + if (ei == 0 && state == 1) { /* * out of window, square X */ - mpi_montmul( X, X, N, mm, &T ); + mpi_montmul(X, X, N, mm, &T); continue; } - /* * add ei to current window */ state = 2; - nbits++; - wbits |= ( ei << ( wsize - nbits ) ); - - if( nbits == wsize ) + wbits |= (ei << (wsize - nbits)); + if (nbits == wsize) { /* * X = X^wsize R^-1 mod N */ - for( i = 0; i < wsize; i++ ) - mpi_montmul( X, X, N, mm, &T ); - + for (i = 0; i < wsize; i++) + mpi_montmul(X, X, N, mm, &T); /* * X = X * W[wbits] R^-1 mod N */ - mpi_montmul( X, &W[wbits], N, mm, &T ); - + mpi_montmul(X, &W[wbits], N, mm, &T); state--; nbits = 0; wbits = 0; } } - /* * process the remaining bits */ - for( i = 0; i < nbits; i++ ) + for (i = 0; i < nbits; i++) { - mpi_montmul( X, X, N, mm, &T ); - + mpi_montmul(X, X, N, mm, &T); wbits <<= 1; - - if( ( wbits & ( one << wsize ) ) != 0 ) - mpi_montmul( X, &W[1], N, mm, &T ); + if ((wbits & (one << wsize))) + mpi_montmul(X, &W[1], N, mm, &T); } - /* * X = A^E * R * R^-1 mod N = A^E mod N */ - mpi_montred( X, N, mm, &T ); - - if( neg && E->n != 0 && ( E->p[0] & 1 ) != 0 ) + mpi_montred(X, N, mm, &T); + if (neg && E->n && (E->p[0] & 1)) { X->s = -1; - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( X, N, X ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(X, N, X)); } - cleanup: + for (i = (one << (wsize - 1)); i < (one << wsize); i++) + mbedtls_mpi_free(&W[i]); + mbedtls_mpi_free(&W[1]); + mbedtls_mpi_free(&T); + mbedtls_mpi_free(&Apos); + if (!_RR || !_RR->p) + mbedtls_mpi_free(&RR); + return ret; +} - for( i = ( one << ( wsize - 1 ) ); i < ( one << wsize ); i++ ) - mbedtls_mpi_free( &W[i] ); - - mbedtls_mpi_free( &W[1] ); mbedtls_mpi_free( &T ); mbedtls_mpi_free( &Apos ); - - if( _RR == NULL || _RR->p == NULL ) - mbedtls_mpi_free( &RR ); - - return( ret ); +static inline int Compare(const mbedtls_mpi *X, + const mbedtls_mpi *Y, + size_t i, + size_t j) +{ + if (!i && !j) return 0; + if (i > j) return 1; + if (j > i) return -1; + for (; i > 0; i--) + { + if (X->p[i - 1] > Y->p[i - 1]) return 1; + if (X->p[i - 1] < Y->p[i - 1]) return -1; + } + return 0; } /** @@ -2635,66 +2193,53 @@ cleanup: * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. * \return Another negative error code on different kinds of failure. */ -int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B ) +int mbedtls_mpi_gcd(mbedtls_mpi *G, const mbedtls_mpi *A, + const mbedtls_mpi *B) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t lz, lzt; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_mpi TA, TB; - - MPI_VALIDATE_RET( G != NULL ); - MPI_VALIDATE_RET( A != NULL ); - MPI_VALIDATE_RET( B != NULL ); - - mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TB ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TA, A ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) ); - - lz = mbedtls_mpi_lsb( &TA ); - lzt = mbedtls_mpi_lsb( &TB ); - - if( lzt < lz ) - lz = lzt; - - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, lz ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, lz ) ); - + size_t lz, lzt, i, j; + MPI_VALIDATE_RET(G); + MPI_VALIDATE_RET(A); + MPI_VALIDATE_RET(B); + mbedtls_mpi_init(&TA); + mbedtls_mpi_init(&TB); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TA, A)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TB, B)); + lz = mbedtls_mpi_lsb(&TA); + lzt = mbedtls_mpi_lsb(&TB); + if (lzt < lz) lz = lzt; + mbedtls_mpi_shift_r(&TA, lz); + mbedtls_mpi_shift_r(&TB, lz); TA.s = TB.s = 1; - - while( mbedtls_mpi_cmp_int( &TA, 0 ) != 0 ) + i = mbedtls_mpi_bitlen(&TA); + j = mbedtls_mpi_bitlen(&TB); + while (!mbedtls_mpi_is_zero(&TA)) { - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, mbedtls_mpi_lsb( &TA ) ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, mbedtls_mpi_lsb( &TB ) ) ); - - if( mbedtls_mpi_cmp_mpi( &TA, &TB ) >= 0 ) + mbedtls_mpi_shift_r(&TA, mbedtls_mpi_lsb(&TA)); + mbedtls_mpi_shift_r(&TB, mbedtls_mpi_lsb(&TB)); + if (mpi_cmp_abs(&TA, &TB, &i, &j) >= 0) { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &TA, &TA, &TB ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, 1 ) ); + MBEDTLS_MPI_CHK(mpi_sub_abs(&TA, &TA, &TB, j)); + mbedtls_mpi_shift_r(&TA, 1); } else { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &TB, &TB, &TA ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, 1 ) ); + MBEDTLS_MPI_CHK(mpi_sub_abs(&TB, &TB, &TA, i)); + mbedtls_mpi_shift_r(&TB, 1); } } - - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &TB, lz ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( G, &TB ) ); - + MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&TB, lz)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(G, &TB)); cleanup: - - mbedtls_mpi_free( &TA ); mbedtls_mpi_free( &TB ); - - return( ret ); + mbedtls_mpi_free(&TA); + mbedtls_mpi_free(&TB); + return ret; } /** * \brief Fill an MPI with a number of random bytes. * - * Use a temporary bytes representation to make sure the result is the - * same regardless of the platform endianness (useful when f_rng is - * actually deterministic, eg for tests). - * * \param X The destination MPI. This must point to an initialized MPI. * \param size The number of random bytes to generate. * \param f_rng The RNG function to use. This must not be \c NULL. @@ -2709,34 +2254,23 @@ cleanup: * as a big-endian representation of an MPI; this can * be relevant in applications like deterministic ECDSA. */ -int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_mpi_fill_random(mbedtls_mpi *X, size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t const limbs = CHARS_TO_LIMBS( size ); - size_t const overhead = ( limbs * ciL ) - size; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; + size_t const limbs = CHARS_TO_LIMBS(size); + size_t const overhead = (limbs * ciL) - size; unsigned char *Xp; - - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( f_rng != NULL ); - - /* Ensure that target MPI has exactly the necessary number of limbs */ - if( X->n != limbs ) - { - mbedtls_mpi_free( X ); - mbedtls_mpi_init( X ); - MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, limbs ) ); - } - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) ); - - Xp = (unsigned char*) X->p; - MBEDTLS_MPI_CHK( f_rng( p_rng, Xp + overhead, size ) ); - - mpi_bigendian_to_host( X->p, limbs ); - + MPI_VALIDATE_RET(X); + MPI_VALIDATE_RET(f_rng); + MBEDTLS_MPI_CHK(mbedtls_mpi_resize(X, limbs)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(X, 0)); + Xp = (unsigned char *)X->p; + MBEDTLS_MPI_CHK(f_rng(p_rng, Xp + overhead, size)); + mpi_bigendian_to_host(X->p, limbs); cleanup: - return( ret ); + return ret; } /** @@ -2755,128 +2289,137 @@ cleanup: * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p has no modular inverse * with respect to \p N. */ -int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N ) +int mbedtls_mpi_inv_mod(mbedtls_mpi *X, const mbedtls_mpi *A, + const mbedtls_mpi *N) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_mpi G, TA, TU, U1, U2, TB, TV, V1, V2; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( A != NULL ); - MPI_VALIDATE_RET( N != NULL ); - - if( mbedtls_mpi_cmp_int( N, 1 ) <= 0 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - - mbedtls_mpi_init( &TA ); mbedtls_mpi_init( &TU ); mbedtls_mpi_init( &U1 ); mbedtls_mpi_init( &U2 ); - mbedtls_mpi_init( &G ); mbedtls_mpi_init( &TB ); mbedtls_mpi_init( &TV ); - mbedtls_mpi_init( &V1 ); mbedtls_mpi_init( &V2 ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, A, N ) ); - - if( mbedtls_mpi_cmp_int( &G, 1 ) != 0 ) + MPI_VALIDATE_RET(X); + MPI_VALIDATE_RET(A); + MPI_VALIDATE_RET(N); + if (mbedtls_mpi_cmp_int(N, 1) <= 0) + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + mbedtls_mpi_init(&TA); + mbedtls_mpi_init(&TU); + mbedtls_mpi_init(&U1); + mbedtls_mpi_init(&U2); + mbedtls_mpi_init(&G); + mbedtls_mpi_init(&TB); + mbedtls_mpi_init(&TV); + mbedtls_mpi_init(&V1); + mbedtls_mpi_init(&V2); + MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(&G, A, N)); + if (!mbedtls_mpi_is_one(&G)) { ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE; goto cleanup; } - - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &TA, A, N ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TU, &TA ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, N ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TV, N ) ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &U1, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &U2, 0 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &V1, 0 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &V2, 1 ) ); - + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&TA, A, N)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TU, &TA)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TB, N)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TV, N)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&U1, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&U2, 0)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&V1, 0)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&V2, 1)); do { - while( ( TU.p[0] & 1 ) == 0 ) + while (!(TU.p[0] & 1)) { - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TU, 1 ) ); - - if( ( U1.p[0] & 1 ) != 0 || ( U2.p[0] & 1 ) != 0 ) + mbedtls_mpi_shift_r(&TU, 1); + if ((U1.p[0] & 1) || (U2.p[0] & 1)) { - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &U1, &U1, &TB ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U2, &U2, &TA ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&U1, &U1, &TB)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&U2, &U2, &TA)); } - - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &U1, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &U2, 1 ) ); + mbedtls_mpi_shift_r(&U1, 1); + mbedtls_mpi_shift_r(&U2, 1); } - - while( ( TV.p[0] & 1 ) == 0 ) + while (!(TV.p[0] & 1)) { - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TV, 1 ) ); - - if( ( V1.p[0] & 1 ) != 0 || ( V2.p[0] & 1 ) != 0 ) + mbedtls_mpi_shift_r(&TV, 1); + if ((V1.p[0] & 1) || (V2.p[0] & 1)) { - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &V1, &V1, &TB ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V2, &V2, &TA ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&V1, &V1, &TB)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&V2, &V2, &TA)); } - - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &V1, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &V2, 1 ) ); + mbedtls_mpi_shift_r(&V1, 1); + mbedtls_mpi_shift_r(&V2, 1); } - - if( mbedtls_mpi_cmp_mpi( &TU, &TV ) >= 0 ) + if (mbedtls_mpi_cmp_mpi(&TU, &TV) >= 0) { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &TU, &TU, &TV ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U1, &U1, &V1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U2, &U2, &V2 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&TU, &TU, &TV)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&U1, &U1, &V1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&U2, &U2, &V2)); } else { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &TV, &TV, &TU ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V1, &V1, &U1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V2, &V2, &U2 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&TV, &TV, &TU)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&V1, &V1, &U1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&V2, &V2, &U2)); } + } while (!mbedtls_mpi_is_zero(&TU)); + while (V1.s < 0) + { + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&V1, &V1, N)); } - while( mbedtls_mpi_cmp_int( &TU, 0 ) != 0 ); - - while( mbedtls_mpi_cmp_int( &V1, 0 ) < 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &V1, &V1, N ) ); - - while( mbedtls_mpi_cmp_mpi( &V1, N ) >= 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V1, &V1, N ) ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &V1 ) ); - + while (mbedtls_mpi_cmp_mpi(&V1, N) >= 0) + { + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&V1, &V1, N)); + } + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, &V1)); cleanup: - - mbedtls_mpi_free( &TA ); mbedtls_mpi_free( &TU ); mbedtls_mpi_free( &U1 ); mbedtls_mpi_free( &U2 ); - mbedtls_mpi_free( &G ); mbedtls_mpi_free( &TB ); mbedtls_mpi_free( &TV ); - mbedtls_mpi_free( &V1 ); mbedtls_mpi_free( &V2 ); - - return( ret ); + mbedtls_mpi_free(&TA); + mbedtls_mpi_free(&TU); + mbedtls_mpi_free(&U1); + mbedtls_mpi_free(&U2); + mbedtls_mpi_free(&G); + mbedtls_mpi_free(&TB); + mbedtls_mpi_free(&TV); + mbedtls_mpi_free(&V1); + mbedtls_mpi_free(&V2); + return ret; } #if defined(MBEDTLS_GENPRIME) -static const short small_prime[] = -{ - 3, 5, 7, 11, 13, 17, 19, 23, - 29, 31, 37, 41, 43, 47, 53, 59, - 61, 67, 71, 73, 79, 83, 89, 97, - 101, 103, 107, 109, 113, 127, 131, 137, - 139, 149, 151, 157, 163, 167, 173, 179, - 181, 191, 193, 197, 199, 211, 223, 227, - 229, 233, 239, 241, 251, 257, 263, 269, - 271, 277, 281, 283, 293, 307, 311, 313, - 317, 331, 337, 347, 349, 353, 359, 367, - 373, 379, 383, 389, 397, 401, 409, 419, - 421, 431, 433, 439, 443, 449, 457, 461, - 463, 467, 479, 487, 491, 499, 503, 509, - 521, 523, 541, 547, 557, 563, 569, 571, - 577, 587, 593, 599, 601, 607, 613, 617, - 619, 631, 641, 643, 647, 653, 659, 661, - 673, 677, 683, 691, 701, 709, 719, 727, - 733, 739, 743, 751, 757, 761, 769, 773, - 787, 797, 809, 811, 821, 823, 827, 829, - 839, 853, 857, 859, 863, 877, 881, 883, - 887, 907, 911, 919, 929, 937, 941, 947, - 953, 967, 971, 977, 983, 991, 997, -103 +static const short kSmallPrime[] = { + 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, + 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, + 113, 127, 131, 137, 139, 149, 151, 157, 163, 167, 173, 179, 181, 191, + 193, 197, 199, 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, 269, + 271, 277, 281, 283, 293, 307, 311, 313, 317, 331, 337, 347, 349, 353, + 359, 367, 373, 379, 383, 389, 397, 401, 409, 419, 421, 431, 433, 439, + 443, 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, 509, 521, 523, + 541, 547, 557, 563, 569, 571, 577, 587, 593, 599, 601, 607, 613, 617, + 619, 631, 641, 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, 709, + 719, 727, 733, 739, 743, 751, 757, 761, 769, 773, 787, 797, 809, 811, + 821, 823, 827, 829, 839, 853, 857, 859, 863, 877, 881, 883, 887, 907, + 911, 919, 929, 937, 941, 947, 953, 967, 971, 977, 983, 991, 997, }; +static struct Divisor kSmallDivisor[ARRAYLEN(kSmallPrime)]; + +static bool IsDivisible( const mbedtls_mpi_uint *Ap, size_t An, + mbedtls_mpi_sint b, struct Divisor d ) +{ + size_t i; + mbedtls_mpi_uint x, y, z; + MBEDTLS_ASSERT(b >= 3); + for (i = An, y = 0; i > 0; i--) + { + x = Ap[i - 1]; + y = (y << biH) | (x >> biH); + z = Divide(y, d); + y -= z * b; + x <<= biH; + y = (y << biH) | (x >> biH); + z = Divide(y, d); + y -= z * b; + } + return !y; +} + /* * Small divisors test (X must be positive) * @@ -2886,109 +2429,99 @@ static const short small_prime[] = * MBEDTLS_ERR_MPI_NOT_ACCEPTABLE: certain non-prime * other negative: error */ -static int mpi_check_small_factors( const mbedtls_mpi *X ) +static int mpi_check_small_factors(const mbedtls_mpi *X) { int ret = 0; - size_t i; - mbedtls_mpi_uint r; - - if( ( X->p[0] & 1 ) == 0 ) - return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ); - - for( i = 0; small_prime[i] > 0; i++ ) - { - if( mbedtls_mpi_cmp_int( X, small_prime[i] ) <= 0 ) - return( 1 ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, small_prime[i] ) ); - - if( r == 0 ) - return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ); + size_t i, n; + static bool once; + if (!(X->p[0] & 1)) + return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE; + n = mbedtls_mpi_limbs(X); + if (!once) { + for (i = 0; i < ARRAYLEN(kSmallPrime); ++i) + kSmallDivisor[i] = GetDivisor(kSmallPrime[i]); + once = true; } - -cleanup: - return( ret ); + for (i = 0; i < ARRAYLEN(kSmallPrime); i++) { + if (n == 1 && mbedtls_mpi_cmp_int(X, kSmallPrime[i]) <= 0) + return 1; + if (IsDivisible(X->p, X->n, kSmallPrime[i], kSmallDivisor[i])) + return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE; + } + return ret; } /* * Miller-Rabin pseudo-primality test (HAC 4.24) */ -static int mpi_miller_rabin( const mbedtls_mpi *X, size_t rounds, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +static int mpi_miller_rabin(const mbedtls_mpi *X, size_t rounds, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret, count; size_t i, j, k, s; mbedtls_mpi W, R, T, A, RR; - - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( f_rng != NULL ); - - mbedtls_mpi_init( &W ); mbedtls_mpi_init( &R ); - mbedtls_mpi_init( &T ); mbedtls_mpi_init( &A ); - mbedtls_mpi_init( &RR ); - + MPI_VALIDATE_RET(X); + MPI_VALIDATE_RET(f_rng); + mbedtls_mpi_init(&W); + mbedtls_mpi_init(&R); + mbedtls_mpi_init(&T); + mbedtls_mpi_init(&A); + mbedtls_mpi_init(&RR); /* * W = |X| - 1 * R = W >> lsb( W ) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &W, X, 1 ) ); - s = mbedtls_mpi_lsb( &W ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R, &W ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &R, s ) ); - - for( i = 0; i < rounds; i++ ) + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&W, X, 1)); + s = mbedtls_mpi_lsb(&W); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&R, &W)); + mbedtls_mpi_shift_r(&R, s); + for (i = 0; i < rounds; i++) { /* * pick a random A, 1 < A < |X| - 1 */ count = 0; - do { - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &A, X->n * ciL, f_rng, p_rng ) ); - - j = mbedtls_mpi_bitlen( &A ); - k = mbedtls_mpi_bitlen( &W ); - if (j > k) { - A.p[A.n - 1] &= ( (mbedtls_mpi_uint) 1 << ( k - ( A.n - 1 ) * biL - 1 ) ) - 1; + do + { + MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&A, X->n * ciL, f_rng, p_rng)); + j = mbedtls_mpi_bitlen(&A); + k = mbedtls_mpi_bitlen(&W); + if (j > k) + { + A.p[A.n - 1] &= ((mbedtls_mpi_uint)1 << (k - (A.n - 1) * biL - 1)) - 1; } - - if (count++ > 30) { + if (count++ > 30) + { ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE; goto cleanup; } - - } while ( mbedtls_mpi_cmp_mpi( &A, &W ) >= 0 || - mbedtls_mpi_cmp_int( &A, 1 ) <= 0 ); + } while (mbedtls_mpi_cmp_mpi(&A, &W) >= 0 || + mbedtls_mpi_cmp_int(&A, 1) <= 0); /* * A = A^R mod |X| */ - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &A, &A, &R, X, &RR ) ); - - if( mbedtls_mpi_cmp_mpi( &A, &W ) == 0 || - mbedtls_mpi_cmp_int( &A, 1 ) == 0 ) + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&A, &A, &R, X, &RR)); + if (!mbedtls_mpi_cmp_mpi(&A, &W) || mbedtls_mpi_is_one(&A)) continue; - j = 1; - while( j < s && mbedtls_mpi_cmp_mpi( &A, &W ) != 0 ) + + while (j < s && mbedtls_mpi_cmp_mpi(&A, &W)) { /* * A = A * A mod |X| */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &A, &A ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &A, &T, X ) ); - - if( mbedtls_mpi_cmp_int( &A, 1 ) == 0 ) - break; - + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&T, &A, &A)); + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&A, &T, X)); + if (mbedtls_mpi_is_one(&A)) break; j++; } /* * not prime if A != |X| - 1 or A == 1 */ - if( mbedtls_mpi_cmp_mpi( &A, &W ) != 0 || - mbedtls_mpi_cmp_int( &A, 1 ) == 0 ) + if (mbedtls_mpi_cmp_mpi(&A, &W) || mbedtls_mpi_is_one(&A)) { ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE; break; @@ -2996,24 +2529,26 @@ static int mpi_miller_rabin( const mbedtls_mpi *X, size_t rounds, } cleanup: - mbedtls_mpi_free( &W ); mbedtls_mpi_free( &R ); - mbedtls_mpi_free( &T ); mbedtls_mpi_free( &A ); - mbedtls_mpi_free( &RR ); - - return( ret ); + mbedtls_mpi_free(&W); + mbedtls_mpi_free(&R); + mbedtls_mpi_free(&T); + mbedtls_mpi_free(&A); + mbedtls_mpi_free(&RR); + return ret; } /** * \brief Miller-Rabin primality test. * - * \warning If \p X is potentially generated by an adversary, for example - * when validating cryptographic parameters that you didn't - * generate yourself and that are supposed to be prime, then - * \p rounds should be at least the half of the security - * strength of the cryptographic algorithm. On the other hand, - * if \p X is chosen uniformly or non-adversially (as is the - * case when mbedtls_mpi_gen_prime calls this function), then - * \p rounds can be much lower. + * \warning If \p X is potentially generated by an adversary, for + * example when validating cryptographic parameters that + * you didn't generate yourself and that are supposed to + * be prime, then \p rounds should be at least the half + * of the security strength of the cryptographic + * algorithm. On the other hand, if \p X is chosen + * uniformly or non-adversially (as is the case when + * mbedtls_mpi_gen_prime calls this function), then \p + * rounds can be much lower. * * \param X The MPI to check for primality. * This must point to an initialized MPI. @@ -3026,39 +2561,32 @@ cleanup: * a context parameter. * * \return \c 0 if successful, i.e. \p X is probably prime. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a allocation failed. * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime. - * \return Another negative error code on other kinds of failure. + * \return Another negative error code on other failures. */ -int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *X, int rounds, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_mpi_is_prime_ext(const mbedtls_mpi *X, int rounds, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_mpi XX; - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( f_rng != NULL ); - + MPI_VALIDATE_RET(X); + MPI_VALIDATE_RET(f_rng); XX.s = 1; XX.n = X->n; XX.p = X->p; - - if( mbedtls_mpi_cmp_int( &XX, 0 ) == 0 || - mbedtls_mpi_cmp_int( &XX, 1 ) == 0 ) - return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ); - - if( mbedtls_mpi_cmp_int( &XX, 2 ) == 0 ) - return( 0 ); - - if( ( ret = mpi_check_small_factors( &XX ) ) != 0 ) + if (mbedtls_mpi_is_zero(&XX) || mbedtls_mpi_is_one(&XX)) + return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE; + if (!mbedtls_mpi_cmp_int(&XX, 2)) + return 0; + if ((ret = mpi_check_small_factors(&XX))) { - if( ret == 1 ) - return( 0 ); - - return( ret ); + if (ret == 1) + return 0; + return ret; } - - return( mpi_miller_rabin( &XX, rounds, f_rng, p_rng ) ); + return mpi_miller_rabin(&XX, rounds, f_rng, p_rng); } /** @@ -3081,38 +2609,37 @@ int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *X, int rounds, * * \return \c 0 if successful, in which case \p X holds a * probably prime number. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. - * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if `nbits` is not between - * \c 3 and #MBEDTLS_MPI_MAX_BITS. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a allocation failed. + * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if `nbits` is not + * between \c 3 and #MBEDTLS_MPI_MAX_BITS. */ -int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_mpi_gen_prime(mbedtls_mpi *X, size_t nbits, int flags, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) { int ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE; size_t k, n; int rounds; mbedtls_mpi_uint r; mbedtls_mpi Y; - - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( f_rng != NULL ); - - if( nbits < 3 || nbits > MBEDTLS_MPI_MAX_BITS ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - - mbedtls_mpi_init( &Y ); - - n = BITS_TO_LIMBS( nbits ); - - if( ( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR ) == 0 ) + MPI_VALIDATE_RET(X); + MPI_VALIDATE_RET(f_rng); + if (nbits < 3 || nbits > MBEDTLS_MPI_MAX_BITS) + return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + mbedtls_mpi_init(&Y); + n = BITS_TO_LIMBS(nbits); + if (!(flags & MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR)) { /* * 2^-80 error probability, number of rounds chosen per HAC, table 4.4 */ - rounds = ( ( nbits >= 1300 ) ? 2 : ( nbits >= 850 ) ? 3 : - ( nbits >= 650 ) ? 4 : ( nbits >= 350 ) ? 8 : - ( nbits >= 250 ) ? 12 : ( nbits >= 150 ) ? 18 : 27 ); + rounds = ((nbits >= 1300) ? 2 + : (nbits >= 850) ? 3 + : (nbits >= 650) ? 4 + : (nbits >= 350) ? 8 + : (nbits >= 250) ? 12 + : (nbits >= 150) ? 18 + : 27); } else { @@ -3120,28 +2647,29 @@ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags, * 2^-100 error probability, number of rounds computed based on HAC, * fact 4.48 */ - rounds = ( ( nbits >= 1450 ) ? 4 : ( nbits >= 1150 ) ? 5 : - ( nbits >= 1000 ) ? 6 : ( nbits >= 850 ) ? 7 : - ( nbits >= 750 ) ? 8 : ( nbits >= 500 ) ? 13 : - ( nbits >= 250 ) ? 28 : ( nbits >= 150 ) ? 40 : 51 ); + rounds = ((nbits >= 1450) ? 4 + : (nbits >= 1150) ? 5 + : (nbits >= 1000) ? 6 + : (nbits >= 850) ? 7 + : (nbits >= 750) ? 8 + : (nbits >= 500) ? 13 + : (nbits >= 250) ? 28 + : (nbits >= 150) ? 40 + : 51); } - - while( 1 ) + while (1) { - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( X, n * ciL, f_rng, p_rng ) ); - /* make sure generated number is at least (nbits-1)+0.5 bits (FIPS 186-4 §B.3.3 steps 4.4, 5.5) */ - if( X->p[n-1] < 0xb504f333f9de6485ULL /* ceil(2^63.5) */ ) continue; - + MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(X, n * ciL, f_rng, p_rng)); + /* make sure generated number is at least (nbits-1)+0.5 bits (FIPS 186-4 + * §B.3.3 steps 4.4, 5.5) */ + if (X->p[n - 1] < 0xb504f333f9de6485ULL /* ceil(2^63.5) */) continue; k = n * biL; - if( k > nbits ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( X, k - nbits ) ); + if (k > nbits) mbedtls_mpi_shift_r(X, k - nbits); X->p[0] |= 1; - - if( ( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH ) == 0 ) + if (!(flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH)) { - ret = mbedtls_mpi_is_prime_ext( X, rounds, f_rng, p_rng ); - - if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) - goto cleanup; + ret = mbedtls_mpi_is_prime_ext(X, rounds, f_rng, p_rng); + if (ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) goto cleanup; } else { @@ -3150,228 +2678,159 @@ int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags, * is X = 2 mod 3 (which is equivalent to Y = 2 mod 3). * Make sure it is satisfied, while keeping X = 3 mod 4 */ - X->p[0] |= 2; - - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_int( &r, X, 3 ) ); - if( r == 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 8 ) ); - else if( r == 1 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 4 ) ); - + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_int(&r, X, 3)); + if (r == 0) + MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(X, X, 8)); + else if (r == 1) + MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(X, X, 4)); /* Set Y = (X-1) / 2, which is X / 2 because X is odd */ - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &Y, X ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &Y, 1 ) ); - - while( 1 ) + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&Y, X)); + mbedtls_mpi_shift_r( &Y, 1 ); + while (1) { /* * First, check small factors for X and Y * before doing Miller-Rabin on any of them */ - if( ( ret = mpi_check_small_factors( X ) ) == 0 && - ( ret = mpi_check_small_factors( &Y ) ) == 0 && - ( ret = mpi_miller_rabin( X, rounds, f_rng, p_rng ) ) - == 0 && - ( ret = mpi_miller_rabin( &Y, rounds, f_rng, p_rng ) ) - == 0 ) + if (!(ret = mpi_check_small_factors(X)) && + !(ret = mpi_check_small_factors(&Y)) && + !(ret = mpi_miller_rabin(X, rounds, f_rng, p_rng)) && + !(ret = mpi_miller_rabin(&Y, rounds, f_rng, p_rng))) goto cleanup; - - if( ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) - goto cleanup; - + if (ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) goto cleanup; /* * Next candidates. We want to preserve Y = (X-1) / 2 and * Y = 1 mod 2 and Y = 2 mod 3 (eq X = 3 mod 4 and X = 2 mod 3) * so up Y by 6 and X by 12. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, X, 12 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &Y, &Y, 6 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(X, X, 12)); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&Y, &Y, 6)); } } } - cleanup: - - mbedtls_mpi_free( &Y ); - - return( ret ); + mbedtls_mpi_free(&Y); + return ret; } #endif /* MBEDTLS_GENPRIME */ #if defined(MBEDTLS_SELF_TEST) -#define GCD_PAIR_COUNT 3 +#define GCD_PAIR_COUNT 3 -static const int gcd_pairs[GCD_PAIR_COUNT][3] = -{ - { 693, 609, 21 }, - { 1764, 868, 28 }, - { 768454923, 542167814, 1 } -}; +static const int gcd_pairs[GCD_PAIR_COUNT][3] = { + {693, 609, 21}, {1764, 868, 28}, {768454923, 542167814, 1}}; /** * \brief Checkup routine * * \return 0 if successful, or 1 if the test failed */ -int mbedtls_mpi_self_test( int verbose ) +int mbedtls_mpi_self_test(int verbose) { int ret, i; mbedtls_mpi A, E, N, X, Y, U, V; - - mbedtls_mpi_init( &A ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &N ); mbedtls_mpi_init( &X ); - mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &U ); mbedtls_mpi_init( &V ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &A, 16, - "EFE021C2645FD1DC586E69184AF4A31E" \ - "D5F53E93B5F123FA41680867BA110131" \ - "944FE7952E2517337780CB0DB80E61AA" \ - "E7C8DDC6C5C6AADEB34EB38A2F40D5E6" ) ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &E, 16, - "B2E7EFD37075B9F03FF989C7C5051C20" \ - "34D2A323810251127E7BF8625A4F49A5" \ - "F3E27F4DA8BD59C47D6DAABA4C8127BD" \ - "5B5C25763222FEFCCFC38B832366C29E" ) ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &N, 16, - "0066A198186C18C10B2F5ED9B522752A" \ - "9830B69916E535C8F047518A889A43A5" \ - "94B6BED27A168D31D4A52F88925AA8F5" ) ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &X, &A, &N ) ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16, - "602AB7ECA597A3D6B56FF9829A5E8B85" \ - "9E857EA95A03512E2BAE7391688D264A" \ - "A5663B0341DB9CCFD2C4C5F421FEC814" \ - "8001B72E848A38CAE1C65F78E56ABDEF" \ - "E12D3C039B8A02D6BE593F0BBBDA56F1" \ - "ECF677152EF804370C1A305CAF3B5BF1" \ - "30879B56C61DE584A0F53A2447A51E" ) ); - - if( verbose != 0 ) - mbedtls_printf( " MPI test #1 (mul_mpi): " ); - - if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - + mbedtls_mpi_init(&A); + mbedtls_mpi_init(&E); + mbedtls_mpi_init(&N); + mbedtls_mpi_init(&X); + mbedtls_mpi_init(&Y); + mbedtls_mpi_init(&U); + mbedtls_mpi_init(&V); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&A, 16, + "EFE021C2645FD1DC586E69184AF4A31E" + "D5F53E93B5F123FA41680867BA110131" + "944FE7952E2517337780CB0DB80E61AA" + "E7C8DDC6C5C6AADEB34EB38A2F40D5E6")); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&E, 16, + "B2E7EFD37075B9F03FF989C7C5051C20" + "34D2A323810251127E7BF8625A4F49A5" + "F3E27F4DA8BD59C47D6DAABA4C8127BD" + "5B5C25763222FEFCCFC38B832366C29E")); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&N, 16, + "0066A198186C18C10B2F5ED9B522752A" + "9830B69916E535C8F047518A889A43A5" + "94B6BED27A168D31D4A52F88925AA8F5")); + MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&X, &A, &N)); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&U, 16, + "602AB7ECA597A3D6B56FF9829A5E8B85" + "9E857EA95A03512E2BAE7391688D264A" + "A5663B0341DB9CCFD2C4C5F421FEC814" + "8001B72E848A38CAE1C65F78E56ABDEF" + "E12D3C039B8A02D6BE593F0BBBDA56F1" + "ECF677152EF804370C1A305CAF3B5BF1" + "30879B56C61DE584A0F53A2447A51E")); + if (verbose) mbedtls_printf(" MPI test #1 (mul_mpi): "); + if (mbedtls_mpi_cmp_mpi(&X, &U)) { + if (verbose) mbedtls_printf("failed\n"); ret = 1; goto cleanup; } - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &X, &Y, &A, &N ) ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16, - "256567336059E52CAE22925474705F39A94" ) ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &V, 16, - "6613F26162223DF488E9CD48CC132C7A" \ - "0AC93C701B001B092E4E5B9F73BCD27B" \ - "9EE50D0657C77F374E903CDFA4C642" ) ); - - if( verbose != 0 ) - mbedtls_printf( " MPI test #2 (div_mpi): " ); - - if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 || - mbedtls_mpi_cmp_mpi( &Y, &V ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - + if (verbose) mbedtls_printf("passed\n"); + MBEDTLS_MPI_CHK(mbedtls_mpi_div_mpi(&X, &Y, &A, &N)); + MBEDTLS_MPI_CHK( + mbedtls_mpi_read_string(&U, 16, "256567336059E52CAE22925474705F39A94")); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&V, 16, + "6613F26162223DF488E9CD48CC132C7A" + "0AC93C701B001B092E4E5B9F73BCD27B" + "9EE50D0657C77F374E903CDFA4C642")); + if (verbose) mbedtls_printf(" MPI test #2 (div_mpi): "); + if (mbedtls_mpi_cmp_mpi(&X, &U) || mbedtls_mpi_cmp_mpi(&Y, &V)) { + if (verbose) mbedtls_printf("failed\n"); ret = 1; goto cleanup; } - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &X, &A, &E, &N, NULL ) ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16, - "36E139AEA55215609D2816998ED020BB" \ - "BD96C37890F65171D948E9BC7CBAA4D9" \ - "325D24D6A3C12710F10A09FA08AB87" ) ); - - if( verbose != 0 ) - mbedtls_printf( " MPI test #3 (exp_mod): " ); - - if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - + if (verbose) mbedtls_printf("passed\n"); + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&X, &A, &E, &N, NULL)); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&U, 16, + "36E139AEA55215609D2816998ED020BB" + "BD96C37890F65171D948E9BC7CBAA4D9" + "325D24D6A3C12710F10A09FA08AB87")); + if (verbose) mbedtls_printf(" MPI test #3 (exp_mod): "); + if (mbedtls_mpi_cmp_mpi(&X, &U)) { + if (verbose) mbedtls_printf("failed\n"); ret = 1; goto cleanup; } - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &X, &A, &N ) ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &U, 16, - "003A0AAEDD7E784FC07D8F9EC6E3BFD5" \ - "C3DBA76456363A10869622EAC2DD84EC" \ - "C5B8A74DAC4D09E03B5E0BE779F2DF61" ) ); - - if( verbose != 0 ) - mbedtls_printf( " MPI test #4 (inv_mod): " ); - - if( mbedtls_mpi_cmp_mpi( &X, &U ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - + if (verbose) mbedtls_printf("passed\n"); + MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&X, &A, &N)); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&U, 16, + "003A0AAEDD7E784FC07D8F9EC6E3BFD5" + "C3DBA76456363A10869622EAC2DD84EC" + "C5B8A74DAC4D09E03B5E0BE779F2DF61")); + if (verbose) mbedtls_printf(" MPI test #4 (inv_mod): "); + if (mbedtls_mpi_cmp_mpi(&X, &U)) { + if (verbose) mbedtls_printf("failed\n"); ret = 1; goto cleanup; } - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - - if( verbose != 0 ) - mbedtls_printf( " MPI test #5 (simple gcd): " ); - - for( i = 0; i < GCD_PAIR_COUNT; i++ ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &X, gcd_pairs[i][0] ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &Y, gcd_pairs[i][1] ) ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &A, &X, &Y ) ); - - if( mbedtls_mpi_cmp_int( &A, gcd_pairs[i][2] ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed at %d\n", i ); - + if (verbose) mbedtls_printf("passed\n"); + if (verbose) mbedtls_printf(" MPI test #5 (simple gcd): "); + for (i = 0; i < GCD_PAIR_COUNT; i++) { + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&X, gcd_pairs[i][0])); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&Y, gcd_pairs[i][1])); + MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(&A, &X, &Y)); + if (mbedtls_mpi_cmp_int(&A, gcd_pairs[i][2])) { + if (verbose) mbedtls_printf("failed at %d\n", i); ret = 1; goto cleanup; } } - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - + if (verbose) mbedtls_printf("passed\n"); cleanup: - - if( ret != 0 && verbose != 0 ) - mbedtls_printf( "Unexpected error, return code = %08X\n", (unsigned int) ret ); - - mbedtls_mpi_free( &A ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &N ); mbedtls_mpi_free( &X ); - mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &U ); mbedtls_mpi_free( &V ); - - if( verbose != 0 ) - mbedtls_printf( "\n" ); - - return( ret ); + if (ret && verbose) + mbedtls_printf("Unexpected error, return code = %08X\n", (unsigned int)ret); + mbedtls_mpi_free(&A); + mbedtls_mpi_free(&E); + mbedtls_mpi_free(&N); + mbedtls_mpi_free(&X); + mbedtls_mpi_free(&Y); + mbedtls_mpi_free(&U); + mbedtls_mpi_free(&V); + if (verbose) mbedtls_printf("\n"); + return ret; } #endif /* MBEDTLS_SELF_TEST */ diff --git a/third_party/mbedtls/bignum.h b/third_party/mbedtls/bignum.h index 8b3dc8a6c..56d745ba4 100644 --- a/third_party/mbedtls/bignum.h +++ b/third_party/mbedtls/bignum.h @@ -1,7 +1,9 @@ #ifndef MBEDTLS_BIGNUM_H_ #define MBEDTLS_BIGNUM_H_ #include "libc/stdio/stdio.h" +#include "third_party/mbedtls/bignum_internal.h" #include "third_party/mbedtls/config.h" +#include "third_party/mbedtls/platform.h" COSMOPOLITAN_C_START_ /* clang-format off */ @@ -16,7 +18,7 @@ COSMOPOLITAN_C_START_ #define MBEDTLS_MPI_CHK(f) \ do \ { \ - if( ( ret = (f) ) != 0 ) \ + if( ( ret = (f) ) ) \ goto cleanup; \ } while( 0 ) @@ -81,11 +83,11 @@ typedef uint64_t mbedtls_mpi_uint; */ typedef struct mbedtls_mpi { - int s; /*!< Sign: -1 if the mpi is negative, 1 otherwise */ - size_t n; /*!< total # of limbs */ + int s; /*!< Sign: -1 if the mpi is negative, 1 otherwise */ + unsigned n; /*!< total # of limbs */ mbedtls_mpi_uint *p; /*!< pointer to limbs */ } -mbedtls_mpi; +mbedtls_mpi forcealign(16); /** * \brief Flags for mbedtls_mpi_gen_prime() @@ -98,53 +100,92 @@ typedef enum { MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR = 0x0002, /**< lower error rate from 2-80 to 2-128 */ } mbedtls_mpi_gen_prime_flag_t; -void mbedtls_mpi_init( mbedtls_mpi * ); -void mbedtls_mpi_free( mbedtls_mpi * ); -int mbedtls_mpi_grow( mbedtls_mpi *, size_t ); -int mbedtls_mpi_shrink( mbedtls_mpi *, size_t ); -int mbedtls_mpi_copy( mbedtls_mpi *, const mbedtls_mpi * ); -void mbedtls_mpi_swap( mbedtls_mpi *, mbedtls_mpi * ); -int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *, const mbedtls_mpi *, unsigned char ); -int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *, mbedtls_mpi *, unsigned char ); -int mbedtls_mpi_lset( mbedtls_mpi *, mbedtls_mpi_sint ); -int mbedtls_mpi_get_bit( const mbedtls_mpi *, size_t ); -int mbedtls_mpi_set_bit( mbedtls_mpi *, size_t, unsigned char ); -size_t mbedtls_mpi_lsb( const mbedtls_mpi * ); -size_t mbedtls_mpi_bitlen( const mbedtls_mpi * ); -size_t mbedtls_mpi_size( const mbedtls_mpi * ); -int mbedtls_mpi_read_string( mbedtls_mpi *, int, const char * ); -int mbedtls_mpi_write_string( const mbedtls_mpi *, int, char *, size_t, size_t * ); -int mbedtls_mpi_read_file( mbedtls_mpi *, int, FILE * ); -int mbedtls_mpi_write_file( const char *, const mbedtls_mpi *, int, FILE * ); -int mbedtls_mpi_read_binary( mbedtls_mpi *, const unsigned char *, size_t ); -int mbedtls_mpi_read_binary_le( mbedtls_mpi *, const unsigned char *, size_t ); -int mbedtls_mpi_write_binary( const mbedtls_mpi *, unsigned char *, size_t ); -int mbedtls_mpi_write_binary_le( const mbedtls_mpi *, unsigned char *, size_t ); -int mbedtls_mpi_shift_l( mbedtls_mpi *, size_t ); -int mbedtls_mpi_shift_r( mbedtls_mpi *, size_t ); -int mbedtls_mpi_cmp_abs( const mbedtls_mpi *, const mbedtls_mpi * ); -int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *, const mbedtls_mpi * ); -int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *, const mbedtls_mpi *, unsigned * ); -int mbedtls_mpi_cmp_int( const mbedtls_mpi *, mbedtls_mpi_sint ); int mbedtls_mpi_add_abs( mbedtls_mpi *, const mbedtls_mpi *, const mbedtls_mpi * ); -int mbedtls_mpi_sub_abs( mbedtls_mpi *, const mbedtls_mpi *, const mbedtls_mpi * ); -int mbedtls_mpi_add_mpi( mbedtls_mpi *, const mbedtls_mpi *, const mbedtls_mpi * ); -int mbedtls_mpi_sub_mpi( mbedtls_mpi *, const mbedtls_mpi *, const mbedtls_mpi * ); int mbedtls_mpi_add_int( mbedtls_mpi *, const mbedtls_mpi *, mbedtls_mpi_sint ); -int mbedtls_mpi_sub_int( mbedtls_mpi *, const mbedtls_mpi *, mbedtls_mpi_sint ); -int mbedtls_mpi_mul_mpi( mbedtls_mpi *, const mbedtls_mpi *, const mbedtls_mpi * ); -int mbedtls_mpi_mul_int( mbedtls_mpi *, const mbedtls_mpi *, mbedtls_mpi_uint ); -int mbedtls_mpi_div_mpi( mbedtls_mpi *, mbedtls_mpi *, const mbedtls_mpi *, const mbedtls_mpi * ); +int mbedtls_mpi_add_mpi( mbedtls_mpi *, const mbedtls_mpi *, const mbedtls_mpi * ); +int mbedtls_mpi_cmp_abs( const mbedtls_mpi *, const mbedtls_mpi * ); +int mbedtls_mpi_cmp_int( const mbedtls_mpi *, mbedtls_mpi_sint ); +int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *, const mbedtls_mpi * ); +int mbedtls_mpi_copy( mbedtls_mpi *, const mbedtls_mpi * ); int mbedtls_mpi_div_int( mbedtls_mpi *, mbedtls_mpi *, const mbedtls_mpi *, mbedtls_mpi_sint ); -int mbedtls_mpi_mod_mpi( mbedtls_mpi *, const mbedtls_mpi *, const mbedtls_mpi * ); -int mbedtls_mpi_mod_int( mbedtls_mpi_uint *, const mbedtls_mpi *, mbedtls_mpi_sint ); +int mbedtls_mpi_div_mpi( mbedtls_mpi *, mbedtls_mpi *, const mbedtls_mpi *, const mbedtls_mpi * ); int mbedtls_mpi_exp_mod( mbedtls_mpi *, const mbedtls_mpi *, const mbedtls_mpi *, const mbedtls_mpi *, mbedtls_mpi * ); int mbedtls_mpi_fill_random( mbedtls_mpi *, size_t, int (*)(void *, unsigned char *, size_t), void * ); int mbedtls_mpi_gcd( mbedtls_mpi *, const mbedtls_mpi *, const mbedtls_mpi * ); +int mbedtls_mpi_gen_prime( mbedtls_mpi *, size_t, int, int (*)(void *, unsigned char *, size_t), void * ); +int mbedtls_mpi_get_bit( const mbedtls_mpi *, size_t ); +int mbedtls_mpi_grow( mbedtls_mpi *, size_t ); int mbedtls_mpi_inv_mod( mbedtls_mpi *, const mbedtls_mpi *, const mbedtls_mpi * ); int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *, int, int (*)(void *, unsigned char *, size_t), void * ); -int mbedtls_mpi_gen_prime( mbedtls_mpi *, size_t, int, int (*)(void *, unsigned char *, size_t), void * ); +int mbedtls_mpi_lset( mbedtls_mpi *, mbedtls_mpi_sint ); +int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *, const mbedtls_mpi *, unsigned * ); +int mbedtls_mpi_mod_int( mbedtls_mpi_uint *, const mbedtls_mpi *, mbedtls_mpi_sint ); +int mbedtls_mpi_mod_mpi( mbedtls_mpi *, const mbedtls_mpi *, const mbedtls_mpi * ); +int mbedtls_mpi_mul_int( mbedtls_mpi *, const mbedtls_mpi *, mbedtls_mpi_uint ); +int mbedtls_mpi_mul_mpi( mbedtls_mpi *, const mbedtls_mpi *, const mbedtls_mpi * ); +int mbedtls_mpi_read_binary( mbedtls_mpi *, const unsigned char *, size_t ); +int mbedtls_mpi_read_binary_le( mbedtls_mpi *, const unsigned char *, size_t ); +int mbedtls_mpi_read_file( mbedtls_mpi *, int, FILE * ); +int mbedtls_mpi_read_string( mbedtls_mpi *, int, const char * ); +int mbedtls_mpi_resize( mbedtls_mpi *, size_t ); +int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *, const mbedtls_mpi *, unsigned char ); +int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *, mbedtls_mpi *, unsigned char ); int mbedtls_mpi_self_test( int ); +int mbedtls_mpi_set_bit( mbedtls_mpi *, size_t, unsigned char ); +int mbedtls_mpi_shift_l( mbedtls_mpi *, size_t ); +int mbedtls_mpi_shift_r( mbedtls_mpi *, size_t ); +int mbedtls_mpi_shrink( mbedtls_mpi *, size_t ); +int mbedtls_mpi_sub_abs( mbedtls_mpi *, const mbedtls_mpi *, const mbedtls_mpi * ); +int mbedtls_mpi_sub_int( mbedtls_mpi *, const mbedtls_mpi *, mbedtls_mpi_sint ); +int mbedtls_mpi_sub_mpi( mbedtls_mpi *, const mbedtls_mpi *, const mbedtls_mpi * ); +int mbedtls_mpi_write_binary( const mbedtls_mpi *, unsigned char *, size_t ); +int mbedtls_mpi_write_binary_le( const mbedtls_mpi *, unsigned char *, size_t ); +int mbedtls_mpi_write_file( const char *, const mbedtls_mpi *, int, FILE * ); +int mbedtls_mpi_write_string( const mbedtls_mpi *, int, char *, size_t, size_t * ); +size_t mbedtls_mpi_bitlen( const mbedtls_mpi * ); +size_t mbedtls_mpi_lsb( const mbedtls_mpi * ); +size_t mbedtls_mpi_size( const mbedtls_mpi * ); +void mbedtls_mpi_free( mbedtls_mpi * ); +void mbedtls_mpi_swap( mbedtls_mpi *, mbedtls_mpi * ); + +/** + * \brief Initialize an MPI context. + * + * This makes the MPI ready to be set or freed, + * but does not define a value for the MPI. + * + * \param X The MPI context to initialize. This must not be \c NULL. + */ +forceinline void mbedtls_mpi_init(mbedtls_mpi *X) +{ + MBEDTLS_INTERNAL_VALIDATE(X); + typedef int mbedtls_mpi_lol + __attribute__((__vector_size__(16), __aligned__(16))); + *(mbedtls_mpi_lol *)X = (mbedtls_mpi_lol){1}; +} + +forceinline size_t mbedtls_mpi_limbs(const mbedtls_mpi *X) { + size_t i; + for (i = X->n; i; i--) { + if (X->p[i - 1]) { + break; + } + } + return i; +} + +static inline bool mbedtls_mpi_is_zero(const mbedtls_mpi *X) +{ + if (X->n && *X->p) return false; + if (!mbedtls_mpi_limbs(X)) return true; + return false; +} + +static inline bool mbedtls_mpi_is_one(const mbedtls_mpi *X) +{ + if (!X->n || *X->p != 1 || X->s != 1) return false; + return mbedtls_mpi_limbs(X) == 1; +} COSMOPOLITAN_C_END_ #endif /* MBEDTLS_BIGNUM_H_ */ diff --git a/third_party/mbedtls/bignum_internal.h b/third_party/mbedtls/bignum_internal.h new file mode 100644 index 000000000..090f4ed41 --- /dev/null +++ b/third_party/mbedtls/bignum_internal.h @@ -0,0 +1,41 @@ +#ifndef COSMOPOLITAN_THIRD_PARTY_MBEDTLS_BIGNUM_INTERNAL_H_ +#define COSMOPOLITAN_THIRD_PARTY_MBEDTLS_BIGNUM_INTERNAL_H_ +#include "third_party/mbedtls/bignum.h" +#include "third_party/mbedtls/platform.h" +#if !(__ASSEMBLER__ + __LINKER__ + 0) +COSMOPOLITAN_C_START_ + +#define MPI_VALIDATE_RET(cond) \ + MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA) +#define MPI_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE(cond) + +#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */ +#define biL (ciL << 3) /* bits in limb */ +#define biH (ciL << 2) /* half limb size */ + +#define MPI_SIZE_T_MAX ((size_t)-1) /* SIZE_T_MAX is not standard */ + +/* + * Convert between bits/chars and number of limbs + * Divide first in order to avoid potential overflows + */ +#define BITS_TO_LIMBS(i) ((i) / biL + ((i) % biL != 0)) +#define CHARS_TO_LIMBS(i) ((i) / ciL + ((i) % ciL != 0)) + +extern void (*Mul4x4)(uint64_t[8], const uint64_t[4], const uint64_t[4]); +extern void (*ShiftRight)(uint64_t *, size_t, unsigned char); + +void ShiftRightAvx(uint64_t *, size_t, unsigned char); +void ShiftRightPure(uint64_t *, size_t, unsigned char); +void Mul4x4Adx(uint64_t[8], const uint64_t[4], const uint64_t[4]); +void Mul6x6Adx(uint64_t[12], const uint64_t[6], const uint64_t[6]); +void Mul8x8Adx(uint64_t[16], const uint64_t[8], const uint64_t[8]); +void Mul4x4Pure(uint64_t[16], const uint64_t[8], const uint64_t[8]); +void Mul(uint64_t *, uint64_t *, unsigned, uint64_t *, unsigned); +void Karatsuba(uint64_t *, uint64_t *, uint64_t *, size_t, uint64_t *); +void mbedtls_mpi_mul_hlp(size_t, uint64_t *, uint64_t *, uint64_t); +void mbedtls_mpi_mul_hlp1(size_t, const uint64_t *, uint64_t *, uint64_t); + +COSMOPOLITAN_C_END_ +#endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */ +#endif /* COSMOPOLITAN_THIRD_PARTY_MBEDTLS_BIGNUM_INTERNAL_H_ */ diff --git a/third_party/mbedtls/bigshift.c b/third_party/mbedtls/bigshift.c new file mode 100644 index 000000000..4d7af72e3 --- /dev/null +++ b/third_party/mbedtls/bigshift.c @@ -0,0 +1,121 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/assert.h" +#include "libc/log/log.h" +#include "libc/macros.internal.h" +#include "libc/str/str.h" +#include "third_party/mbedtls/bignum.h" +#include "third_party/mbedtls/bignum_internal.h" +#include "third_party/mbedtls/platform.h" +/* clang-format off */ + +typedef long long xmm_t __attribute__((__vector_size__(16), __aligned__(1))); + +static inline void shrd(mbedtls_mpi_uint *p, size_t n, size_t j, size_t m, + char k) +{ + mbedtls_mpi_uint x, y, *e, *f; + f = p + m; + if (n) + { + y = 0; + x = p[j]; + e = p + n; + for (; ++p < e; x = y) + { + y = p[j]; + p[-1] = x >> k | y << (biL - k); + } + p[-1] = x >> k; + } + while (p < f) + *p++ = 0; +} + +static inline void shld(mbedtls_mpi_uint *p, size_t n, size_t m, char k) +{ + size_t i; + mbedtls_mpi_uint x, y; + MBEDTLS_ASSERT(n > m); + i = n - 1; + y = p[i - m]; + for (; i - m > 0; --i, y = x) + { + x = p[i - m - 1]; + p[i] = y << k | x >> (64 - k); + } + p[i] = y << k; + while (i) + { + p[--i] = 0; + } +} + +/** + * Performs left shift on big number: X <<= k + */ +int mbedtls_mpi_shift_l(mbedtls_mpi *X, size_t k) +{ + int r; + size_t b, n, m, l, z; + MPI_VALIDATE_RET(X); + l = mbedtls_mpi_bitlen(X); + b = l + k; + n = BITS_TO_LIMBS(b); + m = k / biL; + k = k % biL; + z = X->n; + if (n > X->n && (r = mbedtls_mpi_grow(X, n))) + return r; + if (k) + { + shld(X->p, X->n, m, k); + } + else if (m) + { + memmove_pure(X->p + m, X->p, (X->n - m) * ciL); + mbedtls_platform_zeroize(X->p, m * ciL); + } + return 0; +} + +/** + * Performs right arithmetic shift on big number: X >>= k + */ +int mbedtls_mpi_shift_r(mbedtls_mpi *X, size_t k) +{ + size_t n; + mbedtls_mpi_uint x, y; + MPI_VALIDATE_RET(X); + k = MIN(k, X->n * biL); + n = k / biL; + k = k % biL; + if (k) + { + if (!n) + ShiftRight(X->p, X->n, k); + else + shrd(X->p, X->n - n, n, X->n, k); + } + else if (n) + { + memmove_pure(X->p, X->p + n, (X->n - n) * ciL); + mbedtls_platform_zeroize(X->p + X->n - n, n * ciL); + } + return 0; +} diff --git a/third_party/mbedtls/bn_mul.h b/third_party/mbedtls/bn_mul.h deleted file mode 100644 index a84720a15..000000000 --- a/third_party/mbedtls/bn_mul.h +++ /dev/null @@ -1,907 +0,0 @@ -#ifndef MBEDTLS_BN_MUL_H -#define MBEDTLS_BN_MUL_H -#include "third_party/mbedtls/bignum.h" -#include "third_party/mbedtls/config.h" -/* clang-format off */ - -#if defined(MBEDTLS_HAVE_ASM) - -#ifndef asm -#define asm __asm -#endif - -/* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */ -#if defined(__GNUC__) && \ - ( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 ) - -/* - * Disable use of the i386 assembly code below if option -O0, to disable all - * compiler optimisations, is passed, detected with __OPTIMIZE__ - * This is done as the number of registers used in the assembly code doesn't - * work with the -O0 option. - */ -#if defined(__i386__) && defined(__OPTIMIZE__) - -#define MULADDC_INIT \ - asm( \ - "movl %%ebx, %0 \n\t" \ - "movl %5, %%esi \n\t" \ - "movl %6, %%edi \n\t" \ - "movl %7, %%ecx \n\t" \ - "movl %8, %%ebx \n\t" - -#define MULADDC_CORE \ - "lodsl \n\t" \ - "mull %%ebx \n\t" \ - "addl %%ecx, %%eax \n\t" \ - "adcl $0, %%edx \n\t" \ - "addl (%%edi), %%eax \n\t" \ - "adcl $0, %%edx \n\t" \ - "movl %%edx, %%ecx \n\t" \ - "stosl \n\t" - -#if defined(MBEDTLS_HAVE_SSE2) - -#define MULADDC_HUIT \ - "movd %%ecx, %%mm1 \n\t" \ - "movd %%ebx, %%mm0 \n\t" \ - "movd (%%edi), %%mm3 \n\t" \ - "paddq %%mm3, %%mm1 \n\t" \ - "movd (%%esi), %%mm2 \n\t" \ - "pmuludq %%mm0, %%mm2 \n\t" \ - "movd 4(%%esi), %%mm4 \n\t" \ - "pmuludq %%mm0, %%mm4 \n\t" \ - "movd 8(%%esi), %%mm6 \n\t" \ - "pmuludq %%mm0, %%mm6 \n\t" \ - "movd 12(%%esi), %%mm7 \n\t" \ - "pmuludq %%mm0, %%mm7 \n\t" \ - "paddq %%mm2, %%mm1 \n\t" \ - "movd 4(%%edi), %%mm3 \n\t" \ - "paddq %%mm4, %%mm3 \n\t" \ - "movd 8(%%edi), %%mm5 \n\t" \ - "paddq %%mm6, %%mm5 \n\t" \ - "movd 12(%%edi), %%mm4 \n\t" \ - "paddq %%mm4, %%mm7 \n\t" \ - "movd %%mm1, (%%edi) \n\t" \ - "movd 16(%%esi), %%mm2 \n\t" \ - "pmuludq %%mm0, %%mm2 \n\t" \ - "psrlq $32, %%mm1 \n\t" \ - "movd 20(%%esi), %%mm4 \n\t" \ - "pmuludq %%mm0, %%mm4 \n\t" \ - "paddq %%mm3, %%mm1 \n\t" \ - "movd 24(%%esi), %%mm6 \n\t" \ - "pmuludq %%mm0, %%mm6 \n\t" \ - "movd %%mm1, 4(%%edi) \n\t" \ - "psrlq $32, %%mm1 \n\t" \ - "movd 28(%%esi), %%mm3 \n\t" \ - "pmuludq %%mm0, %%mm3 \n\t" \ - "paddq %%mm5, %%mm1 \n\t" \ - "movd 16(%%edi), %%mm5 \n\t" \ - "paddq %%mm5, %%mm2 \n\t" \ - "movd %%mm1, 8(%%edi) \n\t" \ - "psrlq $32, %%mm1 \n\t" \ - "paddq %%mm7, %%mm1 \n\t" \ - "movd 20(%%edi), %%mm5 \n\t" \ - "paddq %%mm5, %%mm4 \n\t" \ - "movd %%mm1, 12(%%edi) \n\t" \ - "psrlq $32, %%mm1 \n\t" \ - "paddq %%mm2, %%mm1 \n\t" \ - "movd 24(%%edi), %%mm5 \n\t" \ - "paddq %%mm5, %%mm6 \n\t" \ - "movd %%mm1, 16(%%edi) \n\t" \ - "psrlq $32, %%mm1 \n\t" \ - "paddq %%mm4, %%mm1 \n\t" \ - "movd 28(%%edi), %%mm5 \n\t" \ - "paddq %%mm5, %%mm3 \n\t" \ - "movd %%mm1, 20(%%edi) \n\t" \ - "psrlq $32, %%mm1 \n\t" \ - "paddq %%mm6, %%mm1 \n\t" \ - "movd %%mm1, 24(%%edi) \n\t" \ - "psrlq $32, %%mm1 \n\t" \ - "paddq %%mm3, %%mm1 \n\t" \ - "movd %%mm1, 28(%%edi) \n\t" \ - "addl $32, %%edi \n\t" \ - "addl $32, %%esi \n\t" \ - "psrlq $32, %%mm1 \n\t" \ - "movd %%mm1, %%ecx \n\t" - -#define MULADDC_STOP \ - "emms \n\t" \ - "movl %4, %%ebx \n\t" \ - "movl %%ecx, %1 \n\t" \ - "movl %%edi, %2 \n\t" \ - "movl %%esi, %3 \n\t" \ - : "=m" (t), "=m" (c), "=m" (d), "=m" (s) \ - : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \ - : "eax", "ebx", "ecx", "edx", "esi", "edi" \ - ); - -#else - -#define MULADDC_STOP \ - "movl %4, %%ebx \n\t" \ - "movl %%ecx, %1 \n\t" \ - "movl %%edi, %2 \n\t" \ - "movl %%esi, %3 \n\t" \ - : "=m" (t), "=m" (c), "=m" (d), "=m" (s) \ - : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \ - : "eax", "ebx", "ecx", "edx", "esi", "edi" \ - ); -#endif /* SSE2 */ -#endif /* i386 */ - -#if defined(__amd64__) || defined (__x86_64__) - -#if 1 -#define MULADDC_INIT \ - asm( \ - "xorq %%r8, %%r8\n" -#define MULADDC_CORE \ - "movq (%%rsi), %%rax\n" \ - "mulq %%rbx\n" \ - "addq $8, %%rsi\n" \ - "addq %%rcx, %%rax\n" \ - "movq %%r8, %%rcx\n" \ - "adcq $0, %%rdx\n" \ - "nop \n" \ - "addq %%rax, (%%rdi)\n" \ - "adcq %%rdx, %%rcx\n" \ - "addq $8, %%rdi\n" -#define MULADDC_STOP \ - : "+c" (c), "+D" (d), "+S" (s) \ - : "b" (b) \ - : "rax", "rdx", "r8" \ - ); -#else -#define MULADDC_INIT -#define MULADDC_STOP -#define MULADDC_CORE \ - ax = *s++; \ - axdx = (uint128_t)ax * b + c; \ - t = *d; \ - *d++ = t + (uint64_t)axdx; \ - c = (t + (uint64_t)axdx < t) + (uint64_t)(axdx >> 64); -#endif - -#endif /* AMD64 */ - -#if defined(__aarch64__) - -#define MULADDC_INIT \ - asm( - -#define MULADDC_CORE \ - "ldr x4, [%2], #8 \n\t" \ - "ldr x5, [%1] \n\t" \ - "mul x6, x4, %3 \n\t" \ - "umulh x7, x4, %3 \n\t" \ - "adds x5, x5, x6 \n\t" \ - "adc x7, x7, xzr \n\t" \ - "adds x5, x5, %0 \n\t" \ - "adc %0, x7, xzr \n\t" \ - "str x5, [%1], #8 \n\t" - -#define MULADDC_STOP \ - : "+r" (c), "+r" (d), "+r" (s) \ - : "r" (b) \ - : "x4", "x5", "x6", "x7", "cc" \ - ); - -#endif /* Aarch64 */ - -#if defined(__mc68020__) || defined(__mcpu32__) - -#define MULADDC_INIT \ - asm( \ - "movl %3, %%a2 \n\t" \ - "movl %4, %%a3 \n\t" \ - "movl %5, %%d3 \n\t" \ - "movl %6, %%d2 \n\t" \ - "moveq #0, %%d0 \n\t" - -#define MULADDC_CORE \ - "movel %%a2@+, %%d1 \n\t" \ - "mulul %%d2, %%d4:%%d1 \n\t" \ - "addl %%d3, %%d1 \n\t" \ - "addxl %%d0, %%d4 \n\t" \ - "moveq #0, %%d3 \n\t" \ - "addl %%d1, %%a3@+ \n\t" \ - "addxl %%d4, %%d3 \n\t" - -#define MULADDC_STOP \ - "movl %%d3, %0 \n\t" \ - "movl %%a3, %1 \n\t" \ - "movl %%a2, %2 \n\t" \ - : "=m" (c), "=m" (d), "=m" (s) \ - : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "d0", "d1", "d2", "d3", "d4", "a2", "a3" \ - ); - -#define MULADDC_HUIT \ - "movel %%a2@+, %%d1 \n\t" \ - "mulul %%d2, %%d4:%%d1 \n\t" \ - "addxl %%d3, %%d1 \n\t" \ - "addxl %%d0, %%d4 \n\t" \ - "addl %%d1, %%a3@+ \n\t" \ - "movel %%a2@+, %%d1 \n\t" \ - "mulul %%d2, %%d3:%%d1 \n\t" \ - "addxl %%d4, %%d1 \n\t" \ - "addxl %%d0, %%d3 \n\t" \ - "addl %%d1, %%a3@+ \n\t" \ - "movel %%a2@+, %%d1 \n\t" \ - "mulul %%d2, %%d4:%%d1 \n\t" \ - "addxl %%d3, %%d1 \n\t" \ - "addxl %%d0, %%d4 \n\t" \ - "addl %%d1, %%a3@+ \n\t" \ - "movel %%a2@+, %%d1 \n\t" \ - "mulul %%d2, %%d3:%%d1 \n\t" \ - "addxl %%d4, %%d1 \n\t" \ - "addxl %%d0, %%d3 \n\t" \ - "addl %%d1, %%a3@+ \n\t" \ - "movel %%a2@+, %%d1 \n\t" \ - "mulul %%d2, %%d4:%%d1 \n\t" \ - "addxl %%d3, %%d1 \n\t" \ - "addxl %%d0, %%d4 \n\t" \ - "addl %%d1, %%a3@+ \n\t" \ - "movel %%a2@+, %%d1 \n\t" \ - "mulul %%d2, %%d3:%%d1 \n\t" \ - "addxl %%d4, %%d1 \n\t" \ - "addxl %%d0, %%d3 \n\t" \ - "addl %%d1, %%a3@+ \n\t" \ - "movel %%a2@+, %%d1 \n\t" \ - "mulul %%d2, %%d4:%%d1 \n\t" \ - "addxl %%d3, %%d1 \n\t" \ - "addxl %%d0, %%d4 \n\t" \ - "addl %%d1, %%a3@+ \n\t" \ - "movel %%a2@+, %%d1 \n\t" \ - "mulul %%d2, %%d3:%%d1 \n\t" \ - "addxl %%d4, %%d1 \n\t" \ - "addxl %%d0, %%d3 \n\t" \ - "addl %%d1, %%a3@+ \n\t" \ - "addxl %%d0, %%d3 \n\t" - -#endif /* MC68000 */ - -#if defined(__powerpc64__) || defined(__ppc64__) - -#if defined(__MACH__) && defined(__APPLE__) - -#define MULADDC_INIT \ - asm( \ - "ld r3, %3 \n\t" \ - "ld r4, %4 \n\t" \ - "ld r5, %5 \n\t" \ - "ld r6, %6 \n\t" \ - "addi r3, r3, -8 \n\t" \ - "addi r4, r4, -8 \n\t" \ - "addic r5, r5, 0 \n\t" - -#define MULADDC_CORE \ - "ldu r7, 8(r3) \n\t" \ - "mulld r8, r7, r6 \n\t" \ - "mulhdu r9, r7, r6 \n\t" \ - "adde r8, r8, r5 \n\t" \ - "ld r7, 8(r4) \n\t" \ - "addze r5, r9 \n\t" \ - "addc r8, r8, r7 \n\t" \ - "stdu r8, 8(r4) \n\t" - -#define MULADDC_STOP \ - "addze r5, r5 \n\t" \ - "addi r4, r4, 8 \n\t" \ - "addi r3, r3, 8 \n\t" \ - "std r5, %0 \n\t" \ - "std r4, %1 \n\t" \ - "std r3, %2 \n\t" \ - : "=m" (c), "=m" (d), "=m" (s) \ - : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "r3", "r4", "r5", "r6", "r7", "r8", "r9" \ - ); - - -#else /* __MACH__ && __APPLE__ */ - -#define MULADDC_INIT \ - asm( \ - "ld %%r3, %3 \n\t" \ - "ld %%r4, %4 \n\t" \ - "ld %%r5, %5 \n\t" \ - "ld %%r6, %6 \n\t" \ - "addi %%r3, %%r3, -8 \n\t" \ - "addi %%r4, %%r4, -8 \n\t" \ - "addic %%r5, %%r5, 0 \n\t" - -#define MULADDC_CORE \ - "ldu %%r7, 8(%%r3) \n\t" \ - "mulld %%r8, %%r7, %%r6 \n\t" \ - "mulhdu %%r9, %%r7, %%r6 \n\t" \ - "adde %%r8, %%r8, %%r5 \n\t" \ - "ld %%r7, 8(%%r4) \n\t" \ - "addze %%r5, %%r9 \n\t" \ - "addc %%r8, %%r8, %%r7 \n\t" \ - "stdu %%r8, 8(%%r4) \n\t" - -#define MULADDC_STOP \ - "addze %%r5, %%r5 \n\t" \ - "addi %%r4, %%r4, 8 \n\t" \ - "addi %%r3, %%r3, 8 \n\t" \ - "std %%r5, %0 \n\t" \ - "std %%r4, %1 \n\t" \ - "std %%r3, %2 \n\t" \ - : "=m" (c), "=m" (d), "=m" (s) \ - : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "r3", "r4", "r5", "r6", "r7", "r8", "r9" \ - ); - -#endif /* __MACH__ && __APPLE__ */ - -#elif defined(__powerpc__) || defined(__ppc__) /* end PPC64/begin PPC32 */ - -#if defined(__MACH__) && defined(__APPLE__) - -#define MULADDC_INIT \ - asm( \ - "lwz r3, %3 \n\t" \ - "lwz r4, %4 \n\t" \ - "lwz r5, %5 \n\t" \ - "lwz r6, %6 \n\t" \ - "addi r3, r3, -4 \n\t" \ - "addi r4, r4, -4 \n\t" \ - "addic r5, r5, 0 \n\t" - -#define MULADDC_CORE \ - "lwzu r7, 4(r3) \n\t" \ - "mullw r8, r7, r6 \n\t" \ - "mulhwu r9, r7, r6 \n\t" \ - "adde r8, r8, r5 \n\t" \ - "lwz r7, 4(r4) \n\t" \ - "addze r5, r9 \n\t" \ - "addc r8, r8, r7 \n\t" \ - "stwu r8, 4(r4) \n\t" - -#define MULADDC_STOP \ - "addze r5, r5 \n\t" \ - "addi r4, r4, 4 \n\t" \ - "addi r3, r3, 4 \n\t" \ - "stw r5, %0 \n\t" \ - "stw r4, %1 \n\t" \ - "stw r3, %2 \n\t" \ - : "=m" (c), "=m" (d), "=m" (s) \ - : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "r3", "r4", "r5", "r6", "r7", "r8", "r9" \ - ); - -#else /* __MACH__ && __APPLE__ */ - -#define MULADDC_INIT \ - asm( \ - "lwz %%r3, %3 \n\t" \ - "lwz %%r4, %4 \n\t" \ - "lwz %%r5, %5 \n\t" \ - "lwz %%r6, %6 \n\t" \ - "addi %%r3, %%r3, -4 \n\t" \ - "addi %%r4, %%r4, -4 \n\t" \ - "addic %%r5, %%r5, 0 \n\t" - -#define MULADDC_CORE \ - "lwzu %%r7, 4(%%r3) \n\t" \ - "mullw %%r8, %%r7, %%r6 \n\t" \ - "mulhwu %%r9, %%r7, %%r6 \n\t" \ - "adde %%r8, %%r8, %%r5 \n\t" \ - "lwz %%r7, 4(%%r4) \n\t" \ - "addze %%r5, %%r9 \n\t" \ - "addc %%r8, %%r8, %%r7 \n\t" \ - "stwu %%r8, 4(%%r4) \n\t" - -#define MULADDC_STOP \ - "addze %%r5, %%r5 \n\t" \ - "addi %%r4, %%r4, 4 \n\t" \ - "addi %%r3, %%r3, 4 \n\t" \ - "stw %%r5, %0 \n\t" \ - "stw %%r4, %1 \n\t" \ - "stw %%r3, %2 \n\t" \ - : "=m" (c), "=m" (d), "=m" (s) \ - : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "r3", "r4", "r5", "r6", "r7", "r8", "r9" \ - ); - -#endif /* __MACH__ && __APPLE__ */ - -#endif /* PPC32 */ - -/* - * The Sparc(64) assembly is reported to be broken. - * Disable it for now, until we're able to fix it. - */ -#if 0 && defined(__sparc__) -#if defined(__sparc64__) - -#define MULADDC_INIT \ - asm( \ - "ldx %3, %%o0 \n\t" \ - "ldx %4, %%o1 \n\t" \ - "ld %5, %%o2 \n\t" \ - "ld %6, %%o3 \n\t" - -#define MULADDC_CORE \ - "ld [%%o0], %%o4 \n\t" \ - "inc 4, %%o0 \n\t" \ - "ld [%%o1], %%o5 \n\t" \ - "umul %%o3, %%o4, %%o4 \n\t" \ - "addcc %%o4, %%o2, %%o4 \n\t" \ - "rd %%y, %%g1 \n\t" \ - "addx %%g1, 0, %%g1 \n\t" \ - "addcc %%o4, %%o5, %%o4 \n\t" \ - "st %%o4, [%%o1] \n\t" \ - "addx %%g1, 0, %%o2 \n\t" \ - "inc 4, %%o1 \n\t" - - #define MULADDC_STOP \ - "st %%o2, %0 \n\t" \ - "stx %%o1, %1 \n\t" \ - "stx %%o0, %2 \n\t" \ - : "=m" (c), "=m" (d), "=m" (s) \ - : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "g1", "o0", "o1", "o2", "o3", "o4", \ - "o5" \ - ); - -#else /* __sparc64__ */ - -#define MULADDC_INIT \ - asm( \ - "ld %3, %%o0 \n\t" \ - "ld %4, %%o1 \n\t" \ - "ld %5, %%o2 \n\t" \ - "ld %6, %%o3 \n\t" - -#define MULADDC_CORE \ - "ld [%%o0], %%o4 \n\t" \ - "inc 4, %%o0 \n\t" \ - "ld [%%o1], %%o5 \n\t" \ - "umul %%o3, %%o4, %%o4 \n\t" \ - "addcc %%o4, %%o2, %%o4 \n\t" \ - "rd %%y, %%g1 \n\t" \ - "addx %%g1, 0, %%g1 \n\t" \ - "addcc %%o4, %%o5, %%o4 \n\t" \ - "st %%o4, [%%o1] \n\t" \ - "addx %%g1, 0, %%o2 \n\t" \ - "inc 4, %%o1 \n\t" - -#define MULADDC_STOP \ - "st %%o2, %0 \n\t" \ - "st %%o1, %1 \n\t" \ - "st %%o0, %2 \n\t" \ - : "=m" (c), "=m" (d), "=m" (s) \ - : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "g1", "o0", "o1", "o2", "o3", "o4", \ - "o5" \ - ); - -#endif /* __sparc64__ */ -#endif /* __sparc__ */ - -#if defined(__microblaze__) || defined(microblaze) - -#define MULADDC_INIT \ - asm( \ - "lwi r3, %3 \n\t" \ - "lwi r4, %4 \n\t" \ - "lwi r5, %5 \n\t" \ - "lwi r6, %6 \n\t" \ - "andi r7, r6, 0xffff \n\t" \ - "bsrli r6, r6, 16 \n\t" - -#define MULADDC_CORE \ - "lhui r8, r3, 0 \n\t" \ - "addi r3, r3, 2 \n\t" \ - "lhui r9, r3, 0 \n\t" \ - "addi r3, r3, 2 \n\t" \ - "mul r10, r9, r6 \n\t" \ - "mul r11, r8, r7 \n\t" \ - "mul r12, r9, r7 \n\t" \ - "mul r13, r8, r6 \n\t" \ - "bsrli r8, r10, 16 \n\t" \ - "bsrli r9, r11, 16 \n\t" \ - "add r13, r13, r8 \n\t" \ - "add r13, r13, r9 \n\t" \ - "bslli r10, r10, 16 \n\t" \ - "bslli r11, r11, 16 \n\t" \ - "add r12, r12, r10 \n\t" \ - "addc r13, r13, r0 \n\t" \ - "add r12, r12, r11 \n\t" \ - "addc r13, r13, r0 \n\t" \ - "lwi r10, r4, 0 \n\t" \ - "add r12, r12, r10 \n\t" \ - "addc r13, r13, r0 \n\t" \ - "add r12, r12, r5 \n\t" \ - "addc r5, r13, r0 \n\t" \ - "swi r12, r4, 0 \n\t" \ - "addi r4, r4, 4 \n\t" - -#define MULADDC_STOP \ - "swi r5, %0 \n\t" \ - "swi r4, %1 \n\t" \ - "swi r3, %2 \n\t" \ - : "=m" (c), "=m" (d), "=m" (s) \ - : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "r3", "r4", "r5", "r6", "r7", "r8", \ - "r9", "r10", "r11", "r12", "r13" \ - ); - -#endif /* MicroBlaze */ - -#if defined(__tricore__) - -#define MULADDC_INIT \ - asm( \ - "ld.a %%a2, %3 \n\t" \ - "ld.a %%a3, %4 \n\t" \ - "ld.w %%d4, %5 \n\t" \ - "ld.w %%d1, %6 \n\t" \ - "xor %%d5, %%d5 \n\t" - -#define MULADDC_CORE \ - "ld.w %%d0, [%%a2+] \n\t" \ - "madd.u %%e2, %%e4, %%d0, %%d1 \n\t" \ - "ld.w %%d0, [%%a3] \n\t" \ - "addx %%d2, %%d2, %%d0 \n\t" \ - "addc %%d3, %%d3, 0 \n\t" \ - "mov %%d4, %%d3 \n\t" \ - "st.w [%%a3+], %%d2 \n\t" - -#define MULADDC_STOP \ - "st.w %0, %%d4 \n\t" \ - "st.a %1, %%a3 \n\t" \ - "st.a %2, %%a2 \n\t" \ - : "=m" (c), "=m" (d), "=m" (s) \ - : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "d0", "d1", "e2", "d4", "a2", "a3" \ - ); - -#endif /* TriCore */ - -/* - * Note, gcc -O0 by default uses r7 for the frame pointer, so it complains about - * our use of r7 below, unless -fomit-frame-pointer is passed. - * - * On the other hand, -fomit-frame-pointer is implied by any -Ox options with - * x !=0, which we can detect using __OPTIMIZE__ (which is also defined by - * clang and armcc5 under the same conditions). - * - * So, only use the optimized assembly below for optimized build, which avoids - * the build error and is pretty reasonable anyway. - */ -#if defined(__GNUC__) && !defined(__OPTIMIZE__) -#define MULADDC_CANNOT_USE_R7 -#endif - -#if defined(__arm__) && !defined(MULADDC_CANNOT_USE_R7) - -#if defined(__thumb__) && !defined(__thumb2__) - -#define MULADDC_INIT \ - asm( \ - "ldr r0, %3 \n\t" \ - "ldr r1, %4 \n\t" \ - "ldr r2, %5 \n\t" \ - "ldr r3, %6 \n\t" \ - "lsr r7, r3, #16 \n\t" \ - "mov r9, r7 \n\t" \ - "lsl r7, r3, #16 \n\t" \ - "lsr r7, r7, #16 \n\t" \ - "mov r8, r7 \n\t" - -#define MULADDC_CORE \ - "ldmia r0!, {r6} \n\t" \ - "lsr r7, r6, #16 \n\t" \ - "lsl r6, r6, #16 \n\t" \ - "lsr r6, r6, #16 \n\t" \ - "mov r4, r8 \n\t" \ - "mul r4, r6 \n\t" \ - "mov r3, r9 \n\t" \ - "mul r6, r3 \n\t" \ - "mov r5, r9 \n\t" \ - "mul r5, r7 \n\t" \ - "mov r3, r8 \n\t" \ - "mul r7, r3 \n\t" \ - "lsr r3, r6, #16 \n\t" \ - "add r5, r5, r3 \n\t" \ - "lsr r3, r7, #16 \n\t" \ - "add r5, r5, r3 \n\t" \ - "add r4, r4, r2 \n\t" \ - "mov r2, #0 \n\t" \ - "adc r5, r2 \n\t" \ - "lsl r3, r6, #16 \n\t" \ - "add r4, r4, r3 \n\t" \ - "adc r5, r2 \n\t" \ - "lsl r3, r7, #16 \n\t" \ - "add r4, r4, r3 \n\t" \ - "adc r5, r2 \n\t" \ - "ldr r3, [r1] \n\t" \ - "add r4, r4, r3 \n\t" \ - "adc r2, r5 \n\t" \ - "stmia r1!, {r4} \n\t" - -#define MULADDC_STOP \ - "str r2, %0 \n\t" \ - "str r1, %1 \n\t" \ - "str r0, %2 \n\t" \ - : "=m" (c), "=m" (d), "=m" (s) \ - : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "r0", "r1", "r2", "r3", "r4", "r5", \ - "r6", "r7", "r8", "r9", "cc" \ - ); - -#elif (__ARM_ARCH >= 6) && \ - defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1) - -#define MULADDC_INIT \ - asm( - -#define MULADDC_CORE \ - "ldr r0, [%0], #4 \n\t" \ - "ldr r1, [%1] \n\t" \ - "umaal r1, %2, %3, r0 \n\t" \ - "str r1, [%1], #4 \n\t" - -#define MULADDC_STOP \ - : "=r" (s), "=r" (d), "=r" (c) \ - : "r" (b), "0" (s), "1" (d), "2" (c) \ - : "r0", "r1", "memory" \ - ); - -#else - -#define MULADDC_INIT \ - asm( \ - "ldr r0, %3 \n\t" \ - "ldr r1, %4 \n\t" \ - "ldr r2, %5 \n\t" \ - "ldr r3, %6 \n\t" - -#define MULADDC_CORE \ - "ldr r4, [r0], #4 \n\t" \ - "mov r5, #0 \n\t" \ - "ldr r6, [r1] \n\t" \ - "umlal r2, r5, r3, r4 \n\t" \ - "adds r7, r6, r2 \n\t" \ - "adc r2, r5, #0 \n\t" \ - "str r7, [r1], #4 \n\t" - -#define MULADDC_STOP \ - "str r2, %0 \n\t" \ - "str r1, %1 \n\t" \ - "str r0, %2 \n\t" \ - : "=m" (c), "=m" (d), "=m" (s) \ - : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "r0", "r1", "r2", "r3", "r4", "r5", \ - "r6", "r7", "cc" \ - ); - -#endif /* Thumb */ - -#endif /* ARMv3 */ - -#if defined(__alpha__) - -#define MULADDC_INIT \ - asm( \ - "ldq $1, %3 \n\t" \ - "ldq $2, %4 \n\t" \ - "ldq $3, %5 \n\t" \ - "ldq $4, %6 \n\t" - -#define MULADDC_CORE \ - "ldq $6, 0($1) \n\t" \ - "addq $1, 8, $1 \n\t" \ - "mulq $6, $4, $7 \n\t" \ - "umulh $6, $4, $6 \n\t" \ - "addq $7, $3, $7 \n\t" \ - "cmpult $7, $3, $3 \n\t" \ - "ldq $5, 0($2) \n\t" \ - "addq $7, $5, $7 \n\t" \ - "cmpult $7, $5, $5 \n\t" \ - "stq $7, 0($2) \n\t" \ - "addq $2, 8, $2 \n\t" \ - "addq $6, $3, $3 \n\t" \ - "addq $5, $3, $3 \n\t" - -#define MULADDC_STOP \ - "stq $3, %0 \n\t" \ - "stq $2, %1 \n\t" \ - "stq $1, %2 \n\t" \ - : "=m" (c), "=m" (d), "=m" (s) \ - : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "$1", "$2", "$3", "$4", "$5", "$6", "$7" \ - ); -#endif /* Alpha */ - -#if defined(__mips__) && !defined(__mips64) - -#define MULADDC_INIT \ - asm( \ - "lw $10, %3 \n\t" \ - "lw $11, %4 \n\t" \ - "lw $12, %5 \n\t" \ - "lw $13, %6 \n\t" - -#define MULADDC_CORE \ - "lw $14, 0($10) \n\t" \ - "multu $13, $14 \n\t" \ - "addi $10, $10, 4 \n\t" \ - "mflo $14 \n\t" \ - "mfhi $9 \n\t" \ - "addu $14, $12, $14 \n\t" \ - "lw $15, 0($11) \n\t" \ - "sltu $12, $14, $12 \n\t" \ - "addu $15, $14, $15 \n\t" \ - "sltu $14, $15, $14 \n\t" \ - "addu $12, $12, $9 \n\t" \ - "sw $15, 0($11) \n\t" \ - "addu $12, $12, $14 \n\t" \ - "addi $11, $11, 4 \n\t" - -#define MULADDC_STOP \ - "sw $12, %0 \n\t" \ - "sw $11, %1 \n\t" \ - "sw $10, %2 \n\t" \ - : "=m" (c), "=m" (d), "=m" (s) \ - : "m" (s), "m" (d), "m" (c), "m" (b) \ - : "$9", "$10", "$11", "$12", "$13", "$14", "$15", "lo", "hi" \ - ); - -#endif /* MIPS */ -#endif /* GNUC */ - -#if (defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__) - -#define MULADDC_INIT \ - __asm mov esi, s \ - __asm mov edi, d \ - __asm mov ecx, c \ - __asm mov ebx, b - -#define MULADDC_CORE \ - __asm lodsd \ - __asm mul ebx \ - __asm add eax, ecx \ - __asm adc edx, 0 \ - __asm add eax, [edi] \ - __asm adc edx, 0 \ - __asm mov ecx, edx \ - __asm stosd - -#if defined(MBEDTLS_HAVE_SSE2) - -#define EMIT __asm _emit - -#define MULADDC_HUIT \ - EMIT 0x0F EMIT 0x6E EMIT 0xC9 \ - EMIT 0x0F EMIT 0x6E EMIT 0xC3 \ - EMIT 0x0F EMIT 0x6E EMIT 0x1F \ - EMIT 0x0F EMIT 0xD4 EMIT 0xCB \ - EMIT 0x0F EMIT 0x6E EMIT 0x16 \ - EMIT 0x0F EMIT 0xF4 EMIT 0xD0 \ - EMIT 0x0F EMIT 0x6E EMIT 0x66 EMIT 0x04 \ - EMIT 0x0F EMIT 0xF4 EMIT 0xE0 \ - EMIT 0x0F EMIT 0x6E EMIT 0x76 EMIT 0x08 \ - EMIT 0x0F EMIT 0xF4 EMIT 0xF0 \ - EMIT 0x0F EMIT 0x6E EMIT 0x7E EMIT 0x0C \ - EMIT 0x0F EMIT 0xF4 EMIT 0xF8 \ - EMIT 0x0F EMIT 0xD4 EMIT 0xCA \ - EMIT 0x0F EMIT 0x6E EMIT 0x5F EMIT 0x04 \ - EMIT 0x0F EMIT 0xD4 EMIT 0xDC \ - EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x08 \ - EMIT 0x0F EMIT 0xD4 EMIT 0xEE \ - EMIT 0x0F EMIT 0x6E EMIT 0x67 EMIT 0x0C \ - EMIT 0x0F EMIT 0xD4 EMIT 0xFC \ - EMIT 0x0F EMIT 0x7E EMIT 0x0F \ - EMIT 0x0F EMIT 0x6E EMIT 0x56 EMIT 0x10 \ - EMIT 0x0F EMIT 0xF4 EMIT 0xD0 \ - EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ - EMIT 0x0F EMIT 0x6E EMIT 0x66 EMIT 0x14 \ - EMIT 0x0F EMIT 0xF4 EMIT 0xE0 \ - EMIT 0x0F EMIT 0xD4 EMIT 0xCB \ - EMIT 0x0F EMIT 0x6E EMIT 0x76 EMIT 0x18 \ - EMIT 0x0F EMIT 0xF4 EMIT 0xF0 \ - EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x04 \ - EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ - EMIT 0x0F EMIT 0x6E EMIT 0x5E EMIT 0x1C \ - EMIT 0x0F EMIT 0xF4 EMIT 0xD8 \ - EMIT 0x0F EMIT 0xD4 EMIT 0xCD \ - EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x10 \ - EMIT 0x0F EMIT 0xD4 EMIT 0xD5 \ - EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x08 \ - EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ - EMIT 0x0F EMIT 0xD4 EMIT 0xCF \ - EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x14 \ - EMIT 0x0F EMIT 0xD4 EMIT 0xE5 \ - EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x0C \ - EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ - EMIT 0x0F EMIT 0xD4 EMIT 0xCA \ - EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x18 \ - EMIT 0x0F EMIT 0xD4 EMIT 0xF5 \ - EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x10 \ - EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ - EMIT 0x0F EMIT 0xD4 EMIT 0xCC \ - EMIT 0x0F EMIT 0x6E EMIT 0x6F EMIT 0x1C \ - EMIT 0x0F EMIT 0xD4 EMIT 0xDD \ - EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x14 \ - EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ - EMIT 0x0F EMIT 0xD4 EMIT 0xCE \ - EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x18 \ - EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ - EMIT 0x0F EMIT 0xD4 EMIT 0xCB \ - EMIT 0x0F EMIT 0x7E EMIT 0x4F EMIT 0x1C \ - EMIT 0x83 EMIT 0xC7 EMIT 0x20 \ - EMIT 0x83 EMIT 0xC6 EMIT 0x20 \ - EMIT 0x0F EMIT 0x73 EMIT 0xD1 EMIT 0x20 \ - EMIT 0x0F EMIT 0x7E EMIT 0xC9 - -#define MULADDC_STOP \ - EMIT 0x0F EMIT 0x77 \ - __asm mov c, ecx \ - __asm mov d, edi \ - __asm mov s, esi \ - -#else - -#define MULADDC_STOP \ - __asm mov c, ecx \ - __asm mov d, edi \ - __asm mov s, esi \ - -#endif /* SSE2 */ -#endif /* MSVC */ - -#endif /* MBEDTLS_HAVE_ASM */ - -#if !defined(MULADDC_CORE) -#if defined(MBEDTLS_HAVE_UDBL) - -#define MULADDC_INIT \ -{ \ - mbedtls_t_udbl r; \ - mbedtls_mpi_uint r0, r1; - -#define MULADDC_CORE \ - r = *(s++) * (mbedtls_t_udbl) b; \ - r0 = (mbedtls_mpi_uint) r; \ - r1 = (mbedtls_mpi_uint)( r >> biL ); \ - r0 += c; r1 += (r0 < c); \ - r0 += *d; r1 += (r0 < *d); \ - c = r1; *(d++) = r0; - -#define MULADDC_STOP \ -} - -#else -#define MULADDC_INIT \ -{ \ - mbedtls_mpi_uint s0, s1, b0, b1; \ - mbedtls_mpi_uint r0, r1, rx, ry; \ - b0 = ( b << biH ) >> biH; \ - b1 = ( b >> biH ); - -#define MULADDC_CORE \ - s0 = ( *s << biH ) >> biH; \ - s1 = ( *s >> biH ); s++; \ - rx = s0 * b1; r0 = s0 * b0; \ - ry = s1 * b0; r1 = s1 * b1; \ - r1 += ( rx >> biH ); \ - r1 += ( ry >> biH ); \ - rx <<= biH; ry <<= biH; \ - r0 += rx; r1 += (r0 < rx); \ - r0 += ry; r1 += (r0 < ry); \ - r0 += c; r1 += (r0 < c); \ - r0 += *d; r1 += (r0 < *d); \ - c = r1; *(d++) = r0; - -#define MULADDC_STOP \ -} - -#endif /* C (generic) */ -#endif /* C (longlong) */ - -#endif /* bn_mul.h */ diff --git a/third_party/mbedtls/ccm.c b/third_party/mbedtls/ccm.c index ca6f80cdb..d723f7137 100644 --- a/third_party/mbedtls/ccm.c +++ b/third_party/mbedtls/ccm.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "third_party/mbedtls/ccm.h" #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/error.h" @@ -8,32 +25,13 @@ Mbed TLS (Apache 2.0)\\n\ Copyright ARM Limited\\n\ Copyright Mbed TLS Contributors\""); asm(".include \"libc/disclaimer.inc\""); - /* clang-format off */ -/* - * NIST SP800-38C compliant CCM implementation - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ /** - * \file ccm.c + * @fileoverview NIST SP800-38C compliant CCM implementation * - * \brief This file provides an API for the CCM authenticated encryption - * mode for block ciphers. + * This file provides an API for the CCM authenticated encryption mode + * for block ciphers. * * CCM combines Counter mode encryption with CBC-MAC authentication * for 128-bit block ciphers. @@ -76,8 +74,8 @@ asm(".include \"libc/disclaimer.inc\""); */ void mbedtls_ccm_init( mbedtls_ccm_context *ctx ) { - CCM_VALIDATE( ctx != NULL ); - memset( ctx, 0, sizeof( mbedtls_ccm_context ) ); + CCM_VALIDATE( ctx ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ccm_context ) ); } /** @@ -98,31 +96,24 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx, const unsigned char *key, unsigned int keybits ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; const mbedtls_cipher_info_t *cipher_info; - - CCM_VALIDATE_RET( ctx != NULL ); - CCM_VALIDATE_RET( key != NULL ); - + CCM_VALIDATE_RET( ctx ); + CCM_VALIDATE_RET( key ); cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, MBEDTLS_MODE_ECB ); if( cipher_info == NULL ) return( MBEDTLS_ERR_CCM_BAD_INPUT ); - if( cipher_info->block_size != 16 ) return( MBEDTLS_ERR_CCM_BAD_INPUT ); - mbedtls_cipher_free( &ctx->cipher_ctx ); - if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 ) return( ret ); - if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits, MBEDTLS_ENCRYPT ) ) != 0 ) { return( ret ); } - return( 0 ); } @@ -184,7 +175,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length, const unsigned char *input, unsigned char *output, unsigned char *tag, size_t tag_len ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char i; unsigned char q; size_t len_left, olen; @@ -395,12 +386,12 @@ int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, const unsigned char *input, unsigned char *output, unsigned char *tag, size_t tag_len ) { - CCM_VALIDATE_RET( ctx != NULL ); - CCM_VALIDATE_RET( iv != NULL ); - CCM_VALIDATE_RET( add_len == 0 || add != NULL ); - CCM_VALIDATE_RET( length == 0 || input != NULL ); - CCM_VALIDATE_RET( length == 0 || output != NULL ); - CCM_VALIDATE_RET( tag_len == 0 || tag != NULL ); + CCM_VALIDATE_RET( ctx ); + CCM_VALIDATE_RET( iv ); + CCM_VALIDATE_RET( add_len == 0 || add ); + CCM_VALIDATE_RET( length == 0 || input ); + CCM_VALIDATE_RET( length == 0 || output ); + CCM_VALIDATE_RET( tag_len == 0 || tag ); return( ccm_auth_crypt( ctx, CCM_ENCRYPT, length, iv, iv_len, add, add_len, input, output, tag, tag_len ) ); } @@ -447,12 +438,12 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length, const unsigned char *input, unsigned char *output, unsigned char *tag, size_t tag_len ) { - CCM_VALIDATE_RET( ctx != NULL ); - CCM_VALIDATE_RET( iv != NULL ); - CCM_VALIDATE_RET( add_len == 0 || add != NULL ); - CCM_VALIDATE_RET( length == 0 || input != NULL ); - CCM_VALIDATE_RET( length == 0 || output != NULL ); - CCM_VALIDATE_RET( tag_len == 0 || tag != NULL ); + CCM_VALIDATE_RET( ctx ); + CCM_VALIDATE_RET( iv ); + CCM_VALIDATE_RET( add_len == 0 || add ); + CCM_VALIDATE_RET( length == 0 || input ); + CCM_VALIDATE_RET( length == 0 || output ); + CCM_VALIDATE_RET( tag_len == 0 || tag ); if( tag_len == 0 ) return( MBEDTLS_ERR_CCM_BAD_INPUT ); @@ -505,17 +496,17 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, const unsigned char *input, unsigned char *output, const unsigned char *tag, size_t tag_len ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char check_tag[16]; unsigned char i; int diff; - CCM_VALIDATE_RET( ctx != NULL ); - CCM_VALIDATE_RET( iv != NULL ); - CCM_VALIDATE_RET( add_len == 0 || add != NULL ); - CCM_VALIDATE_RET( length == 0 || input != NULL ); - CCM_VALIDATE_RET( length == 0 || output != NULL ); - CCM_VALIDATE_RET( tag_len == 0 || tag != NULL ); + CCM_VALIDATE_RET( ctx ); + CCM_VALIDATE_RET( iv ); + CCM_VALIDATE_RET( add_len == 0 || add ); + CCM_VALIDATE_RET( length == 0 || input ); + CCM_VALIDATE_RET( length == 0 || output ); + CCM_VALIDATE_RET( tag_len == 0 || tag ); if( ( ret = ccm_auth_crypt( ctx, CCM_DECRYPT, length, iv, iv_len, add, add_len, @@ -569,21 +560,19 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, * match. \return A cipher-specific error code on calculation failure. */ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, - const unsigned char *iv, size_t iv_len, - const unsigned char *add, size_t add_len, - const unsigned char *input, unsigned char *output, - const unsigned char *tag, size_t tag_len ) + const unsigned char *iv, size_t iv_len, + const unsigned char *add, size_t add_len, + const unsigned char *input, unsigned char *output, + const unsigned char *tag, size_t tag_len ) { - CCM_VALIDATE_RET( ctx != NULL ); - CCM_VALIDATE_RET( iv != NULL ); - CCM_VALIDATE_RET( add_len == 0 || add != NULL ); - CCM_VALIDATE_RET( length == 0 || input != NULL ); - CCM_VALIDATE_RET( length == 0 || output != NULL ); - CCM_VALIDATE_RET( tag_len == 0 || tag != NULL ); - - if( tag_len == 0 ) + CCM_VALIDATE_RET( ctx ); + CCM_VALIDATE_RET( iv ); + CCM_VALIDATE_RET( add || !add_len ); + CCM_VALIDATE_RET( input || !length ); + CCM_VALIDATE_RET( output || !length ); + CCM_VALIDATE_RET( tag || !tag_len ); + if( !tag_len ) return( MBEDTLS_ERR_CCM_BAD_INPUT ); - return( mbedtls_ccm_star_auth_decrypt( ctx, length, iv, iv_len, add, add_len, input, output, tag, tag_len ) ); } @@ -654,7 +643,7 @@ int mbedtls_ccm_self_test( int verbose ) unsigned char plaintext[CCM_SELFTEST_PT_MAX_LEN]; unsigned char ciphertext[CCM_SELFTEST_CT_MAX_LEN]; size_t i; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_ccm_init( &ctx ); @@ -672,8 +661,8 @@ int mbedtls_ccm_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " CCM-AES #%u: ", (unsigned int) i + 1 ); - memset( plaintext, 0, CCM_SELFTEST_PT_MAX_LEN ); - memset( ciphertext, 0, CCM_SELFTEST_CT_MAX_LEN ); + mbedtls_platform_zeroize( plaintext, CCM_SELFTEST_PT_MAX_LEN ); + mbedtls_platform_zeroize( ciphertext, CCM_SELFTEST_CT_MAX_LEN ); memcpy( plaintext, msg_test_data, msg_len_test_data[i] ); ret = mbedtls_ccm_encrypt_and_tag( &ctx, msg_len_test_data[i], @@ -692,7 +681,7 @@ int mbedtls_ccm_self_test( int verbose ) return( 1 ); } - memset( plaintext, 0, CCM_SELFTEST_PT_MAX_LEN ); + mbedtls_platform_zeroize( plaintext, CCM_SELFTEST_PT_MAX_LEN ); ret = mbedtls_ccm_auth_decrypt( &ctx, msg_len_test_data[i], iv_test_data, iv_len_test_data[i], diff --git a/third_party/mbedtls/certs.c b/third_party/mbedtls/certs.c index 76236f130..cdcf71f75 100644 --- a/third_party/mbedtls/certs.c +++ b/third_party/mbedtls/certs.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "third_party/mbedtls/certs.h" #include "third_party/mbedtls/common.h" @@ -6,26 +23,7 @@ Mbed TLS (Apache 2.0)\\n\ Copyright ARM Limited\\n\ Copyright Mbed TLS Contributors\""); asm(".include \"libc/disclaimer.inc\""); - /* clang-format off */ -/* - * X.509 test certificates - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ #if defined(MBEDTLS_CERTS_C) diff --git a/third_party/mbedtls/chacha20.c b/third_party/mbedtls/chacha20.c index d49f885d7..654f8b03f 100644 --- a/third_party/mbedtls/chacha20.c +++ b/third_party/mbedtls/chacha20.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "libc/bits/bits.h" #include "libc/stdio/stdio.h" #include "third_party/mbedtls/chacha20.h" @@ -10,30 +27,7 @@ Mbed TLS (Apache 2.0)\\n\ Copyright ARM Limited\\n\ Copyright Mbed TLS Contributors\""); asm(".include \"libc/disclaimer.inc\""); - /* clang-format off */ -/** - * \file chacha20.c - * - * \brief ChaCha20 cipher. - * - * \author Daniel King - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ /* Parameter validation macros */ #define CHACHA20_VALIDATE_RET( cond ) \ @@ -384,7 +378,7 @@ int mbedtls_chacha20_crypt( const unsigned char key[32], unsigned char* output ) { mbedtls_chacha20_context ctx; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; CHACHA20_VALIDATE_RET( key != NULL ); CHACHA20_VALIDATE_RET( nonce != NULL ); @@ -602,7 +596,7 @@ int mbedtls_chacha20_self_test( int verbose ) { unsigned char output[381]; unsigned i; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; for( i = 0U; i < 2U; i++ ) { diff --git a/third_party/mbedtls/chachapoly.c b/third_party/mbedtls/chachapoly.c index fdcbe8ae7..ccb3a0254 100644 --- a/third_party/mbedtls/chachapoly.c +++ b/third_party/mbedtls/chachapoly.c @@ -1,4 +1,22 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "third_party/mbedtls/chachapoly.h" +#include "third_party/mbedtls/chk.h" #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/error.h" #include "third_party/mbedtls/platform.h" @@ -8,27 +26,10 @@ Mbed TLS (Apache 2.0)\\n\ Copyright ARM Limited\\n\ Copyright Mbed TLS Contributors\""); asm(".include \"libc/disclaimer.inc\""); - /* clang-format off */ + /** - * \file chachapoly.c - * - * \brief ChaCha20-Poly1305 AEAD construction based on RFC 7539. - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * @fileoverview ChaCha20-Poly1305 AEAD construction based on RFC 7539. */ #if defined(MBEDTLS_CHACHAPOLY_C) @@ -59,7 +60,7 @@ static int chachapoly_pad_aad( mbedtls_chachapoly_context *ctx ) if( partial_block_len == 0U ) return( 0 ); - memset( zeroes, 0, sizeof( zeroes ) ); + mbedtls_platform_zeroize( zeroes, sizeof( zeroes ) ); return( mbedtls_poly1305_update( &ctx->poly1305_ctx, zeroes, @@ -79,7 +80,7 @@ static int chachapoly_pad_ciphertext( mbedtls_chachapoly_context *ctx ) if( partial_block_len == 0U ) return( 0 ); - memset( zeroes, 0, sizeof( zeroes ) ); + mbedtls_platform_zeroize( zeroes, sizeof( zeroes ) ); return( mbedtls_poly1305_update( &ctx->poly1305_ctx, zeroes, 16U - partial_block_len ) ); @@ -87,7 +88,7 @@ static int chachapoly_pad_ciphertext( mbedtls_chachapoly_context *ctx ) void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx ) { - CHACHAPOLY_VALIDATE( ctx != NULL ); + CHACHAPOLY_VALIDATE( ctx ); mbedtls_chacha20_init( &ctx->chacha20_ctx ); mbedtls_poly1305_init( &ctx->poly1305_ctx ); @@ -113,12 +114,10 @@ void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx ) int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx, const unsigned char key[32] ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - CHACHAPOLY_VALIDATE_RET( ctx != NULL ); - CHACHAPOLY_VALIDATE_RET( key != NULL ); - + int ret = MBEDTLS_ERR_THIS_CORRUPTION; + CHACHAPOLY_VALIDATE_RET( ctx ); + CHACHAPOLY_VALIDATE_RET( key ); ret = mbedtls_chacha20_setkey( &ctx->chacha20_ctx, key ); - return( ret ); } @@ -126,26 +125,22 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx, const unsigned char nonce[12], mbedtls_chachapoly_mode_t mode ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char poly1305_key[64]; - CHACHAPOLY_VALIDATE_RET( ctx != NULL ); - CHACHAPOLY_VALIDATE_RET( nonce != NULL ); + CHACHAPOLY_VALIDATE_RET( ctx ); + CHACHAPOLY_VALIDATE_RET( nonce ); /* Set counter = 0, will be update to 1 when generating Poly1305 key */ - ret = mbedtls_chacha20_starts( &ctx->chacha20_ctx, nonce, 0U ); - if( ret != 0 ) - goto cleanup; + MBEDTLS_CHK( mbedtls_chacha20_starts( &ctx->chacha20_ctx, nonce, 0U ) ); /* Generate the Poly1305 key by getting the ChaCha20 keystream output with * counter = 0. This is the same as encrypting a buffer of zeroes. * Only the first 256-bits (32 bytes) of the key is used for Poly1305. * The other 256 bits are discarded. */ - memset( poly1305_key, 0, sizeof( poly1305_key ) ); - ret = mbedtls_chacha20_update( &ctx->chacha20_ctx, sizeof( poly1305_key ), - poly1305_key, poly1305_key ); - if( ret != 0 ) - goto cleanup; + mbedtls_platform_zeroize( poly1305_key, sizeof( poly1305_key ) ); + MBEDTLS_CHK( mbedtls_chacha20_update( &ctx->chacha20_ctx, sizeof( poly1305_key ), + poly1305_key, poly1305_key ) ); ret = mbedtls_poly1305_starts( &ctx->poly1305_ctx, poly1305_key ); @@ -166,8 +161,8 @@ int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx, const unsigned char *aad, size_t aad_len ) { - CHACHAPOLY_VALIDATE_RET( ctx != NULL ); - CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL ); + CHACHAPOLY_VALIDATE_RET( ctx ); + CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad ); if( ctx->state != CHACHAPOLY_STATE_AAD ) return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); @@ -182,10 +177,10 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx, const unsigned char *input, unsigned char *output ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - CHACHAPOLY_VALIDATE_RET( ctx != NULL ); - CHACHAPOLY_VALIDATE_RET( len == 0 || input != NULL ); - CHACHAPOLY_VALIDATE_RET( len == 0 || output != NULL ); + int ret = MBEDTLS_ERR_THIS_CORRUPTION; + CHACHAPOLY_VALIDATE_RET( ctx ); + CHACHAPOLY_VALIDATE_RET( len == 0 || input ); + CHACHAPOLY_VALIDATE_RET( len == 0 || output ); if( ( ctx->state != CHACHAPOLY_STATE_AAD ) && ( ctx->state != CHACHAPOLY_STATE_CIPHERTEXT ) ) @@ -231,16 +226,14 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx, int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx, unsigned char mac[16] ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char len_block[16]; - CHACHAPOLY_VALIDATE_RET( ctx != NULL ); - CHACHAPOLY_VALIDATE_RET( mac != NULL ); - + CHACHAPOLY_VALIDATE_RET( ctx ); + CHACHAPOLY_VALIDATE_RET( mac ); if( ctx->state == CHACHAPOLY_STATE_INIT ) { return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); } - if( ctx->state == CHACHAPOLY_STATE_AAD ) { ret = chachapoly_pad_aad( ctx ); @@ -253,9 +246,7 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx, if( ret != 0 ) return( ret ); } - ctx->state = CHACHAPOLY_STATE_FINISHED; - /* The lengths of the AAD and ciphertext are processed by * Poly1305 as the final 128-bit block, encoded as little-endian integers. */ @@ -275,13 +266,10 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx, len_block[13] = (unsigned char)( ctx->ciphertext_len >> 40 ); len_block[14] = (unsigned char)( ctx->ciphertext_len >> 48 ); len_block[15] = (unsigned char)( ctx->ciphertext_len >> 56 ); - ret = mbedtls_poly1305_update( &ctx->poly1305_ctx, len_block, 16U ); if( ret != 0 ) return( ret ); - ret = mbedtls_poly1305_finish( &ctx->poly1305_ctx, mac ); - return( ret ); } @@ -295,22 +283,11 @@ static int chachapoly_crypt_and_tag( mbedtls_chachapoly_context *ctx, unsigned char *output, unsigned char tag[16] ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - ret = mbedtls_chachapoly_starts( ctx, nonce, mode ); - if( ret != 0 ) - goto cleanup; - - ret = mbedtls_chachapoly_update_aad( ctx, aad, aad_len ); - if( ret != 0 ) - goto cleanup; - - ret = mbedtls_chachapoly_update( ctx, length, input, output ); - if( ret != 0 ) - goto cleanup; - - ret = mbedtls_chachapoly_finish( ctx, tag ); - + int ret = MBEDTLS_ERR_THIS_CORRUPTION; + MBEDTLS_CHK( mbedtls_chachapoly_starts( ctx, nonce, mode ) ); + MBEDTLS_CHK( mbedtls_chachapoly_update_aad( ctx, aad, aad_len ) ); + MBEDTLS_CHK( mbedtls_chachapoly_update( ctx, length, input, output ) ); + MBEDTLS_CHK( mbedtls_chachapoly_finish( ctx, tag ) ); cleanup: return( ret ); } @@ -324,13 +301,12 @@ int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx, unsigned char *output, unsigned char tag[16] ) { - CHACHAPOLY_VALIDATE_RET( ctx != NULL ); - CHACHAPOLY_VALIDATE_RET( nonce != NULL ); - CHACHAPOLY_VALIDATE_RET( tag != NULL ); - CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL ); - CHACHAPOLY_VALIDATE_RET( length == 0 || input != NULL ); - CHACHAPOLY_VALIDATE_RET( length == 0 || output != NULL ); - + CHACHAPOLY_VALIDATE_RET( ctx ); + CHACHAPOLY_VALIDATE_RET( nonce ); + CHACHAPOLY_VALIDATE_RET( tag ); + CHACHAPOLY_VALIDATE_RET( aad || !aad_len ); + CHACHAPOLY_VALIDATE_RET( input || !length ); + CHACHAPOLY_VALIDATE_RET( output || !length ); return( chachapoly_crypt_and_tag( ctx, MBEDTLS_CHACHAPOLY_ENCRYPT, length, nonce, aad, aad_len, input, output, tag ) ); @@ -345,34 +321,30 @@ int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx, const unsigned char *input, unsigned char *output ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char check_tag[16]; size_t i; int diff; - CHACHAPOLY_VALIDATE_RET( ctx != NULL ); - CHACHAPOLY_VALIDATE_RET( nonce != NULL ); - CHACHAPOLY_VALIDATE_RET( tag != NULL ); - CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL ); - CHACHAPOLY_VALIDATE_RET( length == 0 || input != NULL ); - CHACHAPOLY_VALIDATE_RET( length == 0 || output != NULL ); - + CHACHAPOLY_VALIDATE_RET( ctx ); + CHACHAPOLY_VALIDATE_RET( nonce ); + CHACHAPOLY_VALIDATE_RET( tag ); + CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad ); + CHACHAPOLY_VALIDATE_RET( length == 0 || input ); + CHACHAPOLY_VALIDATE_RET( length == 0 || output ); if( ( ret = chachapoly_crypt_and_tag( ctx, MBEDTLS_CHACHAPOLY_DECRYPT, length, nonce, aad, aad_len, input, output, check_tag ) ) != 0 ) { return( ret ); } - /* Check tag in "constant-time" */ for( diff = 0, i = 0; i < sizeof( check_tag ); i++ ) diff |= tag[i] ^ check_tag[i]; - if( diff != 0 ) { mbedtls_platform_zeroize( output, length ); return( MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED ); } - return( 0 ); } @@ -486,20 +458,16 @@ int mbedtls_chachapoly_self_test( int verbose ) { mbedtls_chachapoly_context ctx; unsigned i; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char output[200]; unsigned char mac[16]; - for( i = 0U; i < 1U; i++ ) { if( verbose != 0 ) mbedtls_printf( " ChaCha20-Poly1305 test %u ", i ); - mbedtls_chachapoly_init( &ctx ); - ret = mbedtls_chachapoly_setkey( &ctx, test_key[i] ); ASSERT( 0 == ret, ( "setkey() error code: %i\n", ret ) ); - ret = mbedtls_chachapoly_encrypt_and_tag( &ctx, test_input_len[i], test_nonce[i], @@ -508,24 +476,17 @@ int mbedtls_chachapoly_self_test( int verbose ) test_input[i], output, mac ); - ASSERT( 0 == ret, ( "crypt_and_tag() error code: %i\n", ret ) ); - ASSERT( 0 == memcmp( output, test_output[i], test_input_len[i] ), ( "failure (wrong output)\n" ) ); - ASSERT( 0 == memcmp( mac, test_mac[i], 16U ), ( "failure (wrong MAC)\n" ) ); - mbedtls_chachapoly_free( &ctx ); - if( verbose != 0 ) mbedtls_printf( "passed\n" ); } - if( verbose != 0 ) mbedtls_printf( "\n" ); - return( 0 ); } diff --git a/third_party/mbedtls/chk.h b/third_party/mbedtls/chk.h new file mode 100644 index 000000000..c47397b37 --- /dev/null +++ b/third_party/mbedtls/chk.h @@ -0,0 +1,9 @@ +#ifndef COSMOPOLITAN_THIRD_PARTY_MBEDTLS_CHK_H_ +#define COSMOPOLITAN_THIRD_PARTY_MBEDTLS_CHK_H_ + +#define MBEDTLS_CHK(f) \ + do { \ + if ((ret = (f))) goto cleanup; \ + } while (0) + +#endif /* COSMOPOLITAN_THIRD_PARTY_MBEDTLS_CHK_H_ */ diff --git a/third_party/mbedtls/cipher.c b/third_party/mbedtls/cipher.c index 7052c819a..85cc9af96 100644 --- a/third_party/mbedtls/cipher.c +++ b/third_party/mbedtls/cipher.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "third_party/mbedtls/ccm.h" #include "third_party/mbedtls/chacha20.h" #include "third_party/mbedtls/chachapoly.h" @@ -14,30 +31,7 @@ Mbed TLS (Apache 2.0)\\n\ Copyright ARM Limited\\n\ Copyright Mbed TLS Contributors\""); asm(".include \"libc/disclaimer.inc\""); - /* clang-format off */ -/** - * \file cipher.c - * - * \brief Generic cipher wrapper for mbed TLS - * - * \author Adriaan de Jong - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ #if defined(MBEDTLS_CIPHER_C) @@ -136,7 +130,7 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx ) { CIPHER_VALIDATE( ctx != NULL ); - memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_cipher_context_t ) ); } void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx ) @@ -189,7 +183,7 @@ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, if( cipher_info == NULL ) return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_cipher_context_t ) ); if( NULL == ( ctx->cipher_ctx = cipher_info->base->ctx_alloc_func() ) ) return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED ); @@ -229,7 +223,7 @@ int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx, if( mbedtls_psa_translate_cipher_type( cipher_info->type ) == 0 ) return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); - memset( ctx, 0, sizeof( mbedtls_cipher_context_t ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_cipher_context_t ) ); cipher_psa = mbedtls_calloc( 1, sizeof(mbedtls_cipher_context_psa ) ); if( cipher_psa == NULL ) @@ -471,7 +465,7 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t block_size; CIPHER_VALIDATE_RET( ctx != NULL ); @@ -495,8 +489,9 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i *olen = ilen; - if( 0 != ( ret = ctx->cipher_info->base->ecb_func( ctx->cipher_ctx, - ctx->operation, input, output ) ) ) + if( ( ret = ctx->cipher_info->base->ecb_func( ctx->cipher_ctx, + ctx->operation, + input, output ) ) ) { return( ret ); } @@ -1085,7 +1080,7 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, const unsigned char *tag, size_t tag_len ) { unsigned char check_tag[16]; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; CIPHER_VALIDATE_RET( ctx != NULL ); CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL ); @@ -1162,7 +1157,7 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t finish_olen; CIPHER_VALIDATE_RET( ctx != NULL ); @@ -1254,11 +1249,11 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, * mbedtls_cipher_auth_encrypt() and mbedtls_cipher_auth_encrypt_ext(). */ static int mbedtls_cipher_aead_encrypt( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, - unsigned char *tag, size_t tag_len ) + const unsigned char *iv, size_t iv_len, + const unsigned char *ad, size_t ad_len, + const unsigned char *input, size_t ilen, + unsigned char *output, size_t *olen, + unsigned char *tag, size_t tag_len ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) if( ctx->psa_enabled == 1 ) @@ -1270,14 +1265,11 @@ static int mbedtls_cipher_aead_encrypt( mbedtls_cipher_context_t *ctx, * below will gracefully fail. */ mbedtls_cipher_context_psa * const cipher_psa = (mbedtls_cipher_context_psa *) ctx->cipher_ctx; - psa_status_t status; - /* PSA Crypto API always writes the authentication tag * at the end of the encrypted message. */ if( output == NULL || tag != output + ilen ) return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); - status = psa_aead_encrypt( cipher_psa->slot, cipher_psa->alg, iv, iv_len, @@ -1286,7 +1278,6 @@ static int mbedtls_cipher_aead_encrypt( mbedtls_cipher_context_t *ctx, output, ilen + tag_len, olen ); if( status != PSA_SUCCESS ) return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED ); - *olen -= tag_len; return( 0 ); } @@ -1376,7 +1367,7 @@ static int mbedtls_cipher_aead_decrypt( mbedtls_cipher_context_t *ctx, #if defined(MBEDTLS_GCM_C) if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; *olen = ilen; ret = mbedtls_gcm_auth_decrypt( ctx->cipher_ctx, ilen, @@ -1392,7 +1383,7 @@ static int mbedtls_cipher_aead_decrypt( mbedtls_cipher_context_t *ctx, #if defined(MBEDTLS_CCM_C) if( MBEDTLS_MODE_CCM == ctx->cipher_info->mode ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; *olen = ilen; ret = mbedtls_ccm_auth_decrypt( ctx->cipher_ctx, ilen, @@ -1408,7 +1399,7 @@ static int mbedtls_cipher_aead_decrypt( mbedtls_cipher_context_t *ctx, #if defined(MBEDTLS_CHACHAPOLY_C) if ( MBEDTLS_CIPHER_CHACHA20_POLY1305 == ctx->cipher_info->type ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; /* ChachaPoly has fixed length nonce and MAC (tag) */ if ( ( iv_len != ctx->cipher_info->iv_size ) || @@ -1527,8 +1518,8 @@ int mbedtls_cipher_auth_encrypt_ext( mbedtls_cipher_context_t *ctx, return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); int ret = mbedtls_cipher_aead_encrypt( ctx, iv, iv_len, ad, ad_len, - input, ilen, output, olen, - output + ilen, tag_len ); + input, ilen, output, olen, + output + ilen, tag_len ); *olen += tag_len; return( ret ); #else diff --git a/third_party/mbedtls/cipher.h b/third_party/mbedtls/cipher.h index 4a15ee6ca..2498034e5 100644 --- a/third_party/mbedtls/cipher.h +++ b/third_party/mbedtls/cipher.h @@ -411,7 +411,6 @@ static inline unsigned int mbedtls_cipher_get_block_size( MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 ); if( ctx->cipher_info == NULL ) return 0; - return ctx->cipher_info->block_size; } @@ -430,7 +429,6 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_MODE_NONE ); if( ctx->cipher_info == NULL ) return MBEDTLS_MODE_NONE; - return ctx->cipher_info->mode; } diff --git a/third_party/mbedtls/cipher_wrap.c b/third_party/mbedtls/cipher_wrap.c index 973c23404..fe586ede9 100644 --- a/third_party/mbedtls/cipher_wrap.c +++ b/third_party/mbedtls/cipher_wrap.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "libc/mem/mem.h" #include "third_party/mbedtls/aes.h" #include "third_party/mbedtls/ccm.h" @@ -16,30 +33,8 @@ Mbed TLS (Apache 2.0)\\n\ Copyright ARM Limited\\n\ Copyright Mbed TLS Contributors\""); asm(".include \"libc/disclaimer.inc\""); - /* clang-format off */ -/** - * \file cipher_wrap.c - * - * \brief Generic cipher wrapper for mbed TLS - * - * \author Adriaan de Jong - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ + #if defined(MBEDTLS_CIPHER_C) #if defined(MBEDTLS_GCM_C) @@ -48,7 +43,7 @@ static void *gcm_ctx_alloc( void ) { void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_gcm_context ) ); - if( ctx != NULL ) + if( ctx ) mbedtls_gcm_init( (mbedtls_gcm_context *) ctx ); return( ctx ); @@ -67,7 +62,7 @@ static void *ccm_ctx_alloc( void ) { void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_ccm_context ) ); - if( ctx != NULL ) + if( ctx ) mbedtls_ccm_init( (mbedtls_ccm_context *) ctx ); return( ctx ); @@ -82,21 +77,6 @@ static void ccm_ctx_free( void *ctx ) #if defined(MBEDTLS_AES_C) -static int aes_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation, - const unsigned char *input, unsigned char *output ) -{ - return mbedtls_aes_crypt_ecb( (mbedtls_aes_context *) ctx, operation, input, output ); -} - -#if defined(MBEDTLS_CIPHER_MODE_CBC) -static int aes_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, size_t length, - unsigned char *iv, const unsigned char *input, unsigned char *output ) -{ - return mbedtls_aes_crypt_cbc( (mbedtls_aes_context *) ctx, operation, length, iv, input, - output ); -} -#endif /* MBEDTLS_CIPHER_MODE_CBC */ - #if defined(MBEDTLS_CIPHER_MODE_CFB) static int aes_crypt_cfb128_wrap( void *ctx, mbedtls_operation_t operation, size_t length, size_t *iv_off, unsigned char *iv, @@ -169,7 +149,7 @@ static void * aes_ctx_alloc( void ) { mbedtls_aes_context *aes = mbedtls_calloc( 1, sizeof( mbedtls_aes_context ) ); - if( aes == NULL ) + if( !aes ) return( NULL ); mbedtls_aes_init( aes ); @@ -185,9 +165,9 @@ static void aes_ctx_free( void *ctx ) static const mbedtls_cipher_base_t aes_info = { MBEDTLS_CIPHER_ID_AES, - aes_crypt_ecb_wrap, + (void *)mbedtls_aes_crypt_ecb, #if defined(MBEDTLS_CIPHER_MODE_CBC) - aes_crypt_cbc_wrap, + (void *)mbedtls_aes_crypt_cbc, #endif #if defined(MBEDTLS_CIPHER_MODE_CFB) aes_crypt_cfb128_wrap, @@ -1041,7 +1021,7 @@ static int chacha20_stream_wrap( void *ctx, size_t length, const unsigned char *input, unsigned char *output ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; ret = mbedtls_chacha20_update( ctx, length, input, output ); if( ret == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA ) diff --git a/third_party/mbedtls/config.h b/third_party/mbedtls/config.h index df220a1f1..fd3a085cf 100644 --- a/third_party/mbedtls/config.h +++ b/third_party/mbedtls/config.h @@ -1,5 +1,6 @@ #ifndef MBEDTLS_CONFIG_H_ #define MBEDTLS_CONFIG_H_ +#include "libc/dce.h" /* protocols */ #define MBEDTLS_SSL_PROTO_TLS1_2 @@ -46,8 +47,8 @@ /* block modes */ #define MBEDTLS_GCM_C #ifndef TINY -/*#define MBEDTLS_CCM_C*/ #define MBEDTLS_CIPHER_MODE_CBC +/*#define MBEDTLS_CCM_C*/ /*#define MBEDTLS_CIPHER_MODE_CFB*/ /*#define MBEDTLS_CIPHER_MODE_CTR*/ /*#define MBEDTLS_CIPHER_MODE_OFB*/ @@ -60,9 +61,9 @@ #ifndef TINY #define MBEDTLS_ECP_C #define MBEDTLS_ECDH_C -#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED #define MBEDTLS_ECDSA_C #define MBEDTLS_ECDSA_DETERMINISTIC +#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED /*#define MBEDTLS_DHM_C*/ @@ -113,7 +114,7 @@ #endif #endif -#ifndef NDEBUG +#if IsModeDbg() #define MBEDTLS_CHECK_PARAMS #endif @@ -121,11 +122,10 @@ #define MBEDTLS_SHA1_SMALLER #define MBEDTLS_SHA256_SMALLER #define MBEDTLS_SHA512_SMALLER +#define MBEDTLS_ECP_NIST_OPTIM #ifdef TINY #define MBEDTLS_AES_ROM_TABLES #define MBEDTLS_AES_FEWER_TABLES -#else -#define MBEDTLS_ECP_NIST_OPTIM #endif #define MBEDTLS_PLATFORM_C @@ -793,7 +793,7 @@ * * Comment this macro to disable support for server name indication in SSL */ -/*#define MBEDTLS_SSL_SERVER_NAME_INDICATION*/ +#define MBEDTLS_SSL_SERVER_NAME_INDICATION /** * \def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH @@ -1205,7 +1205,6 @@ * \warning SHA-1 is considered a weak message digest and its use constitutes * a security risk. If possible, we recommend avoiding dependencies * on it, and considering stronger message digests instead. - * */ /*#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES*/ @@ -1223,7 +1222,11 @@ * a security risk. If possible, we recommend avoiding dependencies * on it, and considering stronger message digests instead. */ -/*#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE*/ +#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE +#define mbedtls_t_udbl uint128_t +#define MBEDTLS_HAVE_UDBL + +#include "libc/dce.h" #include "third_party/mbedtls/check.h" #endif /* MBEDTLS_CONFIG_H_ */ diff --git a/third_party/mbedtls/ctr_drbg.c b/third_party/mbedtls/ctr_drbg.c index c975b7f03..9ac092cb3 100644 --- a/third_party/mbedtls/ctr_drbg.c +++ b/third_party/mbedtls/ctr_drbg.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "libc/stdio/stdio.h" #include "libc/str/str.h" #include "third_party/mbedtls/common.h" @@ -12,28 +29,12 @@ Copyright ARM Limited\\n\ Copyright Mbed TLS Contributors\""); asm(".include \"libc/disclaimer.inc\""); -/* - * CTR_DRBG implementation based on AES-256 (NIST SP 800-90) +/** + * @fileoverview CTR_DRBG implementation based on AES-256 (NIST SP 800-90) * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 + * The NIST SP 800-90 DRBGs are described in the following publication. * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * The NIST SP 800-90 DRBGs are described in the following publication. - * - * http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf + * http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf */ /** @@ -50,7 +51,7 @@ asm(".include \"libc/disclaimer.inc\""); */ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx ) { - memset( ctx, 0, sizeof( mbedtls_ctr_drbg_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ctr_drbg_context ) ); /* Indicate that the entropy nonce length is not set explicitly. * See mbedtls_ctr_drbg_set_nonce_len(). */ ctx->reseed_counter = -1; @@ -134,7 +135,7 @@ static int block_cipher_df( unsigned char *output, if( data_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); - memset( buf, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + + mbedtls_platform_zeroize( buf, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + MBEDTLS_CTR_DRBG_BLOCKSIZE + 16 ); mbedtls_aes_init( &aes_ctx ); @@ -172,7 +173,7 @@ static int block_cipher_df( unsigned char *output, for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE ) { p = buf; - memset( chain, 0, MBEDTLS_CTR_DRBG_BLOCKSIZE ); + mbedtls_platform_zeroize( chain, MBEDTLS_CTR_DRBG_BLOCKSIZE ); use_len = buf_len; while( use_len > 0 ) @@ -248,14 +249,14 @@ exit: * ctx->counter = V */ static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx, - const unsigned char data[MBEDTLS_CTR_DRBG_SEEDLEN] ) + const unsigned char data[MBEDTLS_CTR_DRBG_SEEDLEN] ) { unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN]; unsigned char *p = tmp; int i, j; int ret = 0; - memset( tmp, 0, MBEDTLS_CTR_DRBG_SEEDLEN ); + mbedtls_platform_zeroize( tmp, MBEDTLS_CTR_DRBG_SEEDLEN ); for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE ) { @@ -314,7 +315,7 @@ int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx, size_t add_len ) { unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN]; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; if( add_len == 0 ) return( 0 ); @@ -349,7 +350,7 @@ static int mbedtls_ctr_drbg_reseed_internal( mbedtls_ctr_drbg_context *ctx, { unsigned char seed[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT]; size_t seedlen = 0; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; if( ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); @@ -358,7 +359,7 @@ static int mbedtls_ctr_drbg_reseed_internal( mbedtls_ctr_drbg_context *ctx, if( len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len - nonce_len ) return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); - memset( seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ); + mbedtls_platform_zeroize( seed, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ); /* Gather entropy_len bytes of entropy to seed state. */ if( 0 != ctx->f_entropy( ctx->p_entropy, seed, ctx->entropy_len ) ) @@ -399,7 +400,7 @@ exit: } int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, - const unsigned char *additional, size_t len ) + const void *additional, size_t len ) { return( mbedtls_ctr_drbg_reseed_internal( ctx, additional, len, 0 ) ); } @@ -434,11 +435,11 @@ int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx, const void *custom, size_t len ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE]; size_t nonce_len; - memset( key, 0, MBEDTLS_CTR_DRBG_KEYSIZE ); + mbedtls_platform_zeroize( key, MBEDTLS_CTR_DRBG_KEYSIZE ); mbedtls_aes_init( &ctx->aes_ctx ); @@ -508,7 +509,7 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng, if( add_len > MBEDTLS_CTR_DRBG_MAX_INPUT ) return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG ); - memset( add_input, 0, MBEDTLS_CTR_DRBG_SEEDLEN ); + mbedtls_platform_zeroize( add_input, MBEDTLS_CTR_DRBG_SEEDLEN ); if( ctx->reseed_counter > ctx->reseed_interval || ctx->prediction_resistance ) diff --git a/third_party/mbedtls/ctr_drbg.h b/third_party/mbedtls/ctr_drbg.h index 6f01d1bb8..00317bcb3 100644 --- a/third_party/mbedtls/ctr_drbg.h +++ b/third_party/mbedtls/ctr_drbg.h @@ -356,7 +356,7 @@ void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx, * \return #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure. */ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, - const unsigned char *additional, size_t len ); + const void *additional, size_t len ); /** * \brief This function updates the state of the CTR_DRBG context. diff --git a/third_party/mbedtls/debug.c b/third_party/mbedtls/debug.c index e373fbba4..5b86c1be3 100644 --- a/third_party/mbedtls/debug.c +++ b/third_party/mbedtls/debug.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/debug.h" #include "third_party/mbedtls/error.h" @@ -8,26 +25,7 @@ Mbed TLS (Apache 2.0)\\n\ Copyright ARM Limited\\n\ Copyright Mbed TLS Contributors\""); asm(".include \"libc/disclaimer.inc\""); - /* clang-format off */ -/* - * Debugging routines - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ char mbedtls_debug_threshold; @@ -57,7 +55,7 @@ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level, { va_list argp; char str[DEBUG_BUF_SIZE]; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; if( NULL == ssl || NULL == ssl->conf || @@ -129,7 +127,7 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level, debug_send_line( ssl, level, file, line, str ); idx = 0; - memset( txt, 0, sizeof( txt ) ); + mbedtls_platform_zeroize( txt, sizeof( txt ) ); for( i = 0; i < len; i++ ) { if( i >= 4096 ) @@ -143,7 +141,7 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level, debug_send_line( ssl, level, file, line, str ); idx = 0; - memset( txt, 0, sizeof( txt ) ); + mbedtls_platform_zeroize( txt, sizeof( txt ) ); } idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, "%04x: ", @@ -273,7 +271,7 @@ static void debug_print_pk( const mbedtls_ssl_context *ssl, int level, mbedtls_pk_debug_item items[MBEDTLS_PK_DEBUG_MAX_ITEMS]; char name[16]; - memset( items, 0, sizeof( items ) ); + mbedtls_platform_zeroize( items, sizeof( items ) ); if( mbedtls_pk_debug( pk, items ) != 0 ) { diff --git a/third_party/mbedtls/des.c b/third_party/mbedtls/des.c index f89ad23c7..4be5e18cb 100644 --- a/third_party/mbedtls/des.c +++ b/third_party/mbedtls/des.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "libc/stdio/stdio.h" #include "libc/str/str.h" #include "third_party/mbedtls/common.h" @@ -10,31 +27,15 @@ Mbed TLS (Apache 2.0)\\n\ Copyright ARM Limited\\n\ Copyright Mbed TLS Contributors\""); asm(".include \"libc/disclaimer.inc\""); - /* clang-format off */ -/* - * FIPS-46-3 compliant Triple-DES implementation + +/** + * @fileoverview FIPS-46-3 compliant Triple-DES implementation * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 + * DES, on which TDES is based, was originally designed by Horst Feistel + * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS). * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * DES, on which TDES is based, was originally designed by Horst Feistel - * at IBM in 1974, and was adopted as a standard by NIST (formerly NBS). - * - * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf + * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf */ /* @@ -276,7 +277,7 @@ static const uint32_t RHs[16] = void mbedtls_des_init( mbedtls_des_context *ctx ) { - memset( ctx, 0, sizeof( mbedtls_des_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des_context ) ); } void mbedtls_des_free( mbedtls_des_context *ctx ) @@ -289,7 +290,7 @@ void mbedtls_des_free( mbedtls_des_context *ctx ) void mbedtls_des3_init( mbedtls_des3_context *ctx ) { - memset( ctx, 0, sizeof( mbedtls_des3_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_des3_context ) ); } void mbedtls_des3_free( mbedtls_des3_context *ctx ) diff --git a/third_party/mbedtls/des.h b/third_party/mbedtls/des.h index 644169d3e..ce1fccbda 100644 --- a/third_party/mbedtls/des.h +++ b/third_party/mbedtls/des.h @@ -254,8 +254,8 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx, * \return 0 if successful */ int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx, - const unsigned char input[8], - unsigned char output[8] ); + const unsigned char input[8], + unsigned char output[8] ); #if defined(MBEDTLS_CIPHER_MODE_CBC) /** diff --git a/third_party/mbedtls/dhm.c b/third_party/mbedtls/dhm.c index 382b1c5fd..6574cfcf4 100644 --- a/third_party/mbedtls/dhm.c +++ b/third_party/mbedtls/dhm.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "libc/calls/calls.h" #include "third_party/mbedtls/asn1.h" #include "third_party/mbedtls/common.h" @@ -11,34 +28,16 @@ Mbed TLS (Apache 2.0)\\n\ Copyright ARM Limited\\n\ Copyright Mbed TLS Contributors\""); asm(".include \"libc/disclaimer.inc\""); - /* clang-format off */ -/* - * Diffie-Hellman-Merkle key exchange - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * The following sources were referenced in the design of this implementation - * of the Diffie-Hellman-Merkle algorithm: +/** + * @fileoverview Diffie-Hellman-Merkle key exchange * - * [1] Handbook of Applied Cryptography - 1997, Chapter 12 - * Menezes, van Oorschot and Vanstone + * The following sources were referenced in the design of this + * implementation of the Diffie-Hellman-Merkle algorithm: * + * [1] Handbook of Applied Cryptography - 1997, Chapter 12 + * Menezes, van Oorschot and Vanstone */ #if defined(MBEDTLS_DHM_C) @@ -112,7 +111,7 @@ cleanup: void mbedtls_dhm_init( mbedtls_dhm_context *ctx ) { DHM_VALIDATE( ctx != NULL ); - memset( ctx, 0, sizeof( mbedtls_dhm_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_dhm_context ) ); } /* @@ -122,7 +121,7 @@ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx, unsigned char **p, const unsigned char *end ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; DHM_VALIDATE_RET( ctx != NULL ); DHM_VALIDATE_RET( p != NULL && *p != NULL ); DHM_VALIDATE_RET( end != NULL ); @@ -167,7 +166,7 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->X, 1 ) ); + mbedtls_mpi_shift_r( &ctx->X, 1 ); if( count++ > 10 ) return( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED ); @@ -224,7 +223,7 @@ int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx, const mbedtls_mpi *P, const mbedtls_mpi *G ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; DHM_VALIDATE_RET( ctx != NULL ); DHM_VALIDATE_RET( P != NULL ); DHM_VALIDATE_RET( G != NULL ); @@ -245,7 +244,7 @@ int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx, int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx, const unsigned char *input, size_t ilen ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; DHM_VALIDATE_RET( ctx != NULL ); DHM_VALIDATE_RET( input != NULL ); @@ -285,7 +284,7 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->X, 1 ) ); + mbedtls_mpi_shift_r( &ctx->X, 1 ); if( count++ > 10 ) return( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED ); @@ -323,7 +322,7 @@ static int dhm_random_below( mbedtls_mpi *R, const mbedtls_mpi *M, MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( R, mbedtls_mpi_size( M ), f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( R, M ) >= 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( R, 1 ) ); + mbedtls_mpi_shift_r( &R, 1 ); if( count++ > 10 ) return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ); @@ -367,7 +366,7 @@ static int dhm_update_blinding( mbedtls_dhm_context *ctx, * Ok, we need blinding. Can we re-use existing values? * If yes, just update them by squaring them. */ - if( mbedtls_mpi_cmp_int( &ctx->Vi, 1 ) != 0 ) + if( !mbedtls_mpi_is_one( &ctx->Vi ) ) { MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &ctx->Vi ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->P ) ); @@ -411,7 +410,7 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_mpi GYb; DHM_VALIDATE_RET( ctx != NULL ); DHM_VALIDATE_RET( output != NULL ); @@ -488,7 +487,7 @@ void mbedtls_dhm_free( mbedtls_dhm_context *ctx ) int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len; unsigned char *p, *end; #if defined(MBEDTLS_PEM_PARSE_C) @@ -642,7 +641,7 @@ static int load_file( const char *path, unsigned char **buf, size_t *n ) */ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t n; unsigned char *buf; DHM_VALIDATE_RET( dhm != NULL ); @@ -694,7 +693,7 @@ static const size_t mbedtls_test_dhm_params_len = sizeof( mbedtls_test_dhm_param */ int mbedtls_dhm_self_test( int verbose ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_dhm_context dhm; mbedtls_dhm_init( &dhm ); diff --git a/third_party/mbedtls/ecdh.c b/third_party/mbedtls/ecdh.c index 5fdc54f26..4e686bfb9 100644 --- a/third_party/mbedtls/ecdh.c +++ b/third_party/mbedtls/ecdh.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/ecdh.h" #include "third_party/mbedtls/error.h" @@ -8,32 +25,13 @@ Mbed TLS (Apache 2.0)\\n\ Copyright ARM Limited\\n\ Copyright Mbed TLS Contributors\""); asm(".include \"libc/disclaimer.inc\""); - /* clang-format off */ -/* - * Elliptic curve Diffie-Hellman - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * References: +/** + * @fileoverview Elliptic curve Diffie-Hellman * - * SEC1 http://www.secg.org/index.php?action=secg,docs_secg - * RFC 4492 + * @see SEC1 http://www.secg.org/index.php?action=secg,docs_secg + * @see RFC4492 */ #if defined(MBEDTLS_ECDH_C) @@ -73,16 +71,16 @@ int mbedtls_ecdh_can_do( mbedtls_ecp_group_id gid ) * acceptable for a public function but is OK here as we control call sites. */ static int ecdh_gen_public_restartable( mbedtls_ecp_group *grp, - mbedtls_mpi *d, mbedtls_ecp_point *Q, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - mbedtls_ecp_restart_ctx *rs_ctx ) + mbedtls_mpi *d, mbedtls_ecp_point *Q, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + mbedtls_ecp_restart_ctx *rs_ctx ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; /* If multiplication is in progress, we already generated a privkey */ #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx == NULL || rs_ctx->rsm == NULL ) + if( !rs_ctx || !rs_ctx->rsm ) #endif MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) ); @@ -97,8 +95,8 @@ cleanup: * Generate public key */ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) { ECDH_VALIDATE_RET( grp != NULL ); ECDH_VALIDATE_RET( d != NULL ); @@ -119,7 +117,7 @@ static int ecdh_compute_shared_restartable( mbedtls_ecp_group *grp, void *p_rng, mbedtls_ecp_restart_ctx *rs_ctx ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_ecp_point P; mbedtls_ecp_point_init( &P ); @@ -184,7 +182,7 @@ void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx ) mbedtls_ecp_point_init( &ctx->Vf ); mbedtls_mpi_init( &ctx->_d ); #else - memset( ctx, 0, sizeof( mbedtls_ecdh_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ecdh_context ) ); ctx->var = MBEDTLS_ECDH_VARIANT_NONE; #endif @@ -197,7 +195,7 @@ void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx ) static int ecdh_setup_internal( mbedtls_ecdh_context_mbed *ctx, mbedtls_ecp_group_id grp_id ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; ret = mbedtls_ecp_group_load( &ctx->grp, grp_id ); if( ret != 0 ) @@ -305,7 +303,7 @@ static int ecdh_make_params_internal( mbedtls_ecdh_context_mbed *ctx, void *p_rng, int restart_enabled ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t grp_len, pt_len; #if defined(MBEDTLS_ECP_RESTARTABLE) mbedtls_ecp_restart_ctx *rs_ctx = NULL; @@ -412,7 +410,7 @@ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx, const unsigned char **buf, const unsigned char *end ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_ecp_group_id grp_id; ECDH_VALIDATE_RET( ctx != NULL ); ECDH_VALIDATE_RET( buf != NULL ); @@ -449,7 +447,7 @@ static int ecdh_get_params_internal( mbedtls_ecdh_context_mbed *ctx, const mbedtls_ecp_keypair *key, mbedtls_ecdh_side side ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; /* If it's not our key, just import the public part as Qp */ if( side == MBEDTLS_ECDH_THEIRS ) @@ -473,7 +471,7 @@ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key, mbedtls_ecdh_side side ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; ECDH_VALIDATE_RET( ctx != NULL ); ECDH_VALIDATE_RET( key != NULL ); ECDH_VALIDATE_RET( side == MBEDTLS_ECDH_OURS || @@ -528,7 +526,7 @@ static int ecdh_make_public_internal( mbedtls_ecdh_context_mbed *ctx, void *p_rng, int restart_enabled ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; #if defined(MBEDTLS_ECP_RESTARTABLE) mbedtls_ecp_restart_ctx *rs_ctx = NULL; #endif @@ -600,7 +598,7 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen, static int ecdh_read_public_internal( mbedtls_ecdh_context_mbed *ctx, const unsigned char *buf, size_t blen ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; const unsigned char *p = buf; if( ( ret = mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, &p, @@ -650,7 +648,7 @@ static int ecdh_calc_secret_internal( mbedtls_ecdh_context_mbed *ctx, void *p_rng, int restart_enabled ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; #if defined(MBEDTLS_ECP_RESTARTABLE) mbedtls_ecp_restart_ctx *rs_ctx = NULL; #endif diff --git a/third_party/mbedtls/ecdsa.c b/third_party/mbedtls/ecdsa.c index 46e20d473..04beab389 100644 --- a/third_party/mbedtls/ecdsa.c +++ b/third_party/mbedtls/ecdsa.c @@ -1,9 +1,27 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "third_party/mbedtls/asn1write.h" #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/ecdsa.h" #include "third_party/mbedtls/error.h" #include "third_party/mbedtls/hmac_drbg.h" #include "third_party/mbedtls/platform.h" +#include "third_party/mbedtls/profile.h" asm(".ident\t\"\\n\\n\ Mbed TLS (Apache 2.0)\\n\ @@ -219,7 +237,7 @@ static void ecdsa_restart_det_free( mbedtls_ecdsa_restart_det_ctx *ctx ) static int derive_mpi( const mbedtls_ecp_group *grp, mbedtls_mpi *x, const unsigned char *buf, size_t blen ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t n_size = ( grp->nbits + 7 ) / 8; size_t use_size = blen > n_size ? n_size : blen; @@ -421,7 +439,7 @@ static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp, void *p_rng_blind, mbedtls_ecdsa_restart_ctx *rs_ctx ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_hmac_drbg_context rng_ctx; mbedtls_hmac_drbg_context *p_rng = &rng_ctx; unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES]; @@ -576,7 +594,7 @@ static int ecdsa_verify_restartable( mbedtls_ecp_group *grp, const mbedtls_mpi *r, const mbedtls_mpi *s, mbedtls_ecdsa_restart_ctx *rs_ctx ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_mpi e, s_inv, u1, u2; mbedtls_ecp_point R; mbedtls_mpi *pu1 = &u1, *pu2 = &u2; @@ -700,7 +718,7 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, static int ecdsa_signature_to_asn1( const mbedtls_mpi *r, const mbedtls_mpi *s, unsigned char *sig, size_t *slen ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char buf[MBEDTLS_ECDSA_MAX_LEN]; unsigned char *p = buf + sizeof( buf ); size_t len = 0; @@ -729,7 +747,7 @@ int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx, void *p_rng, mbedtls_ecdsa_restart_ctx *rs_ctx ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_mpi r, s; ECDSA_VALIDATE_RET( ctx != NULL ); ECDSA_VALIDATE_RET( hash != NULL ); @@ -808,7 +826,7 @@ int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx, const unsigned char *sig, size_t slen, mbedtls_ecdsa_restart_ctx *rs_ctx ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char *p = (unsigned char *) sig; const unsigned char *end = sig + slen; size_t len; @@ -870,7 +888,7 @@ cleanup: * Generate key pair */ int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { int ret = 0; ECDSA_VALIDATE_RET( ctx != NULL ); @@ -890,7 +908,7 @@ int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, */ int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; ECDSA_VALIDATE_RET( ctx != NULL ); ECDSA_VALIDATE_RET( key != NULL ); diff --git a/third_party/mbedtls/ecp.c b/third_party/mbedtls/ecp.c index 0334b553f..69e3cce88 100644 --- a/third_party/mbedtls/ecp.c +++ b/third_party/mbedtls/ecp.c @@ -1,3 +1,26 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/log/check.h" +#include "libc/log/log.h" +#include "libc/runtime/runtime.h" +#include "libc/stdio/stdio.h" +#include "third_party/mbedtls/bignum.h" +#include "third_party/mbedtls/bignum_internal.h" #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/ctr_drbg.h" #include "third_party/mbedtls/ecp.h" @@ -5,33 +28,19 @@ #include "third_party/mbedtls/error.h" #include "third_party/mbedtls/hmac_drbg.h" #include "third_party/mbedtls/platform.h" +#include "third_party/mbedtls/profile.h" +#include "third_party/mbedtls/traceme.h" asm(".ident\t\"\\n\\n\ Mbed TLS (Apache 2.0)\\n\ Copyright ARM Limited\\n\ Copyright Mbed TLS Contributors\""); asm(".include \"libc/disclaimer.inc\""); - /* clang-format off */ -/* - * Elliptic curves over GF(p): generic functions + +/** + * @fileoverview Elliptic curves over GF(p): generic functions * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* * References: * * SEC1 http://www.secg.org/index.php?action=secg,docs_secg @@ -53,15 +62,15 @@ asm(".include \"libc/disclaimer.inc\""); * */ -#if defined(MBEDTLS_ECP_C) - -#if !defined(MBEDTLS_ECP_ALT) - #define ECP_VALIDATE_RET( cond ) \ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA ) #define ECP_VALIDATE( cond ) \ MBEDTLS_INTERNAL_VALIDATE( cond ) +#if defined(MBEDTLS_ECP_C) + +#if !defined(MBEDTLS_ECP_ALT) + #if defined(MBEDTLS_SELF_TEST) /* * Counts of point addition and doubling, and field multiplications. @@ -115,28 +124,24 @@ static inline int ecp_drbg_random( void *p_rng, /* DRBG context seeding */ static int ecp_drbg_seed( ecp_drbg_context *ctx, - const mbedtls_mpi *secret, size_t secret_len ) + const mbedtls_mpi *secret, + size_t secret_len ) { int ret; unsigned char secret_bytes[MBEDTLS_ECP_MAX_BYTES]; /* The list starts with strong hashes */ const mbedtls_md_type_t md_type = mbedtls_md_list()[0]; const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_type ); - if( secret_len > MBEDTLS_ECP_MAX_BYTES ) { ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( secret, secret_bytes, secret_len ) ); - ret = mbedtls_hmac_drbg_seed_buf( ctx, md_info, secret_bytes, secret_len ); - cleanup: mbedtls_platform_zeroize( secret_bytes, secret_len ); - return( ret ); } @@ -174,7 +179,7 @@ static inline int ecp_drbg_random( void *p_rng, static int ecp_ctr_drbg_null_entropy(void *ctx, unsigned char *out, size_t len) { (void) ctx; - memset( out, 0, len ); + mbedtls_platform_zeroize( out, len ); return( 0 ); } @@ -184,22 +189,17 @@ static int ecp_drbg_seed( ecp_drbg_context *ctx, { int ret; unsigned char secret_bytes[MBEDTLS_ECP_MAX_BYTES]; - if( secret_len > MBEDTLS_ECP_MAX_BYTES ) { ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( secret, secret_bytes, secret_len ) ); - ret = mbedtls_ctr_drbg_seed( ctx, ecp_ctr_drbg_null_entropy, NULL, secret_bytes, secret_len ); - cleanup: mbedtls_platform_zeroize( secret_bytes, secret_len ); - return( ret ); } @@ -340,23 +340,18 @@ static void ecp_restart_rsm_init( mbedtls_ecp_restart_mul_ctx *ctx ) static void ecp_restart_rsm_free( mbedtls_ecp_restart_mul_ctx *ctx ) { unsigned char i; - - if( ctx == NULL ) + if( !ctx ) return; - mbedtls_ecp_point_free( &ctx->R ); - - if( ctx->T != NULL ) + if( ctx->T ) { for( i = 0; i < ctx->T_size; i++ ) mbedtls_ecp_point_free( ctx->T + i ); mbedtls_free( ctx->T ); } - #if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) ecp_drbg_free( &ctx->drbg_ctx ); #endif - ecp_restart_rsm_init( ctx ); } @@ -390,12 +385,10 @@ static void ecp_restart_ma_init( mbedtls_ecp_restart_muladd_ctx *ctx ) */ static void ecp_restart_ma_free( mbedtls_ecp_restart_muladd_ctx *ctx ) { - if( ctx == NULL ) + if( !ctx ) return; - mbedtls_ecp_point_free( &ctx->mP ); mbedtls_ecp_point_free( &ctx->R ); - ecp_restart_ma_init( ctx ); } @@ -407,7 +400,7 @@ static void ecp_restart_ma_free( mbedtls_ecp_restart_muladd_ctx *ctx ) */ void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx ) { - ECP_VALIDATE( ctx != NULL ); + ECP_VALIDATE( ctx ); ctx->ops_done = 0; ctx->depth = 0; ctx->rsm = NULL; @@ -425,13 +418,10 @@ void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx ) { if( ctx == NULL ) return; - ecp_restart_rsm_free( ctx->rsm ); mbedtls_free( ctx->rsm ); - ecp_restart_ma_free( ctx->ma ); mbedtls_free( ctx->ma ); - mbedtls_ecp_restart_init( ctx ); } @@ -442,9 +432,8 @@ int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp, mbedtls_ecp_restart_ctx *rs_ctx, unsigned ops ) { - ECP_VALIDATE_RET( grp != NULL ); - - if( rs_ctx != NULL && ecp_max_ops != 0 ) + ECP_VALIDATE_RET( grp ); + if( rs_ctx && ecp_max_ops != 0 ) { /* scale depending on curve size: the chosen reference is 256-bit, * and multiplication is quadratic. Round to the closest integer. */ @@ -452,7 +441,6 @@ int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp, ops *= 4; else if( grp->pbits >= 384 ) ops *= 2; - /* Avoid infinite loops: always allow first step. * Because of that, however, it's not generally true * that ops_done <= ecp_max_ops, so the check @@ -463,23 +451,21 @@ int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp, { return( MBEDTLS_ERR_ECP_IN_PROGRESS ); } - /* update running count */ rs_ctx->ops_done += ops; } - return( 0 ); } /* Call this when entering a function that needs its own sub-context */ #define ECP_RS_ENTER( SUB ) do { \ /* reset ops count for this call if top-level */ \ - if( rs_ctx != NULL && rs_ctx->depth++ == 0 ) \ + if( rs_ctx && rs_ctx->depth++ == 0 ) \ rs_ctx->ops_done = 0; \ \ /* set up our own sub-context if needed */ \ if( mbedtls_ecp_restart_is_enabled() && \ - rs_ctx != NULL && rs_ctx->SUB == NULL ) \ + rs_ctx && rs_ctx->SUB == NULL ) \ { \ rs_ctx->SUB = mbedtls_calloc( 1, sizeof( *rs_ctx->SUB ) ); \ if( rs_ctx->SUB == NULL ) \ @@ -492,7 +478,7 @@ int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp, /* Call this when leaving a function that needs its own sub-context */ #define ECP_RS_LEAVE( SUB ) do { \ /* clear our sub-context when not in progress (done or error) */ \ - if( rs_ctx != NULL && rs_ctx->SUB != NULL && \ + if( rs_ctx && rs_ctx->SUB && \ ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) \ { \ ecp_restart_## SUB ##_free( rs_ctx->SUB ); \ @@ -500,7 +486,7 @@ int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp, rs_ctx->SUB = NULL; \ } \ \ - if( rs_ctx != NULL ) \ + if( rs_ctx ) \ rs_ctx->depth--; \ } while( 0 ) @@ -604,12 +590,10 @@ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void ) const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void ) { static int init_done = 0; - if( ! init_done ) { size_t i = 0; const mbedtls_ecp_curve_info *curve_info; - for( curve_info = mbedtls_ecp_curve_list(); curve_info->grp_id != MBEDTLS_ECP_DP_NONE; curve_info++ ) @@ -617,10 +601,8 @@ const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void ) ecp_supported_grp_id[i++] = curve_info->grp_id; } ecp_supported_grp_id[i] = MBEDTLS_ECP_DP_NONE; - init_done = 1; } - return( ecp_supported_grp_id ); } @@ -636,7 +618,6 @@ const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void ) const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id ) { const mbedtls_ecp_curve_info *curve_info; - for( curve_info = mbedtls_ecp_curve_list(); curve_info->grp_id != MBEDTLS_ECP_DP_NONE; curve_info++ ) @@ -644,7 +625,6 @@ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_gr if( curve_info->grp_id == grp_id ) return( curve_info ); } - return( NULL ); } @@ -660,7 +640,6 @@ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_gr const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id ) { const mbedtls_ecp_curve_info *curve_info; - for( curve_info = mbedtls_ecp_curve_list(); curve_info->grp_id != MBEDTLS_ECP_DP_NONE; curve_info++ ) @@ -668,7 +647,6 @@ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_i if( curve_info->tls_id == tls_id ) return( curve_info ); } - return( NULL ); } @@ -684,10 +662,8 @@ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_i const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name ) { const mbedtls_ecp_curve_info *curve_info; - if( name == NULL ) return( NULL ); - for( curve_info = mbedtls_ecp_curve_list(); curve_info->grp_id != MBEDTLS_ECP_DP_NONE; curve_info++ ) @@ -695,7 +671,6 @@ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name if( strcmp( curve_info->name, name ) == 0 ) return( curve_info ); } - return( NULL ); } @@ -706,7 +681,6 @@ mbedtls_ecp_curve_type mbedtls_ecp_get_type( const mbedtls_ecp_group *grp ) { if( grp->G.X.p == NULL ) return( MBEDTLS_ECP_TYPE_NONE ); - if( grp->G.Y.p == NULL ) return( MBEDTLS_ECP_TYPE_MONTGOMERY ); else @@ -720,8 +694,7 @@ mbedtls_ecp_curve_type mbedtls_ecp_get_type( const mbedtls_ecp_group *grp ) */ void mbedtls_ecp_point_init( mbedtls_ecp_point *pt ) { - ECP_VALIDATE( pt != NULL ); - + ECP_VALIDATE( pt ); mbedtls_mpi_init( &pt->X ); mbedtls_mpi_init( &pt->Y ); mbedtls_mpi_init( &pt->Z ); @@ -738,8 +711,7 @@ void mbedtls_ecp_point_init( mbedtls_ecp_point *pt ) */ void mbedtls_ecp_group_init( mbedtls_ecp_group *grp ) { - ECP_VALIDATE( grp != NULL ); - + ECP_VALIDATE( grp ); grp->id = MBEDTLS_ECP_DP_NONE; mbedtls_mpi_init( &grp->P ); mbedtls_mpi_init( &grp->A ); @@ -764,8 +736,7 @@ void mbedtls_ecp_group_init( mbedtls_ecp_group *grp ) */ void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key ) { - ECP_VALIDATE( key != NULL ); - + ECP_VALIDATE( key ); mbedtls_ecp_group_init( &key->grp ); mbedtls_mpi_init( &key->d ); mbedtls_ecp_point_init( &key->Q ); @@ -778,9 +749,8 @@ void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key ) */ void mbedtls_ecp_point_free( mbedtls_ecp_point *pt ) { - if( pt == NULL ) + if( !pt ) return; - mbedtls_mpi_free( &( pt->X ) ); mbedtls_mpi_free( &( pt->Y ) ); mbedtls_mpi_free( &( pt->Z ) ); @@ -796,10 +766,8 @@ void mbedtls_ecp_point_free( mbedtls_ecp_point *pt ) void mbedtls_ecp_group_free( mbedtls_ecp_group *grp ) { size_t i; - - if( grp == NULL ) + if( !grp ) return; - if( grp->h != 1 ) { mbedtls_mpi_free( &grp->P ); @@ -808,14 +776,12 @@ void mbedtls_ecp_group_free( mbedtls_ecp_group *grp ) mbedtls_ecp_point_free( &grp->G ); mbedtls_mpi_free( &grp->N ); } - - if( grp->T != NULL ) + if( grp->T ) { for( i = 0; i < grp->T_size; i++ ) mbedtls_ecp_point_free( &grp->T[i] ); mbedtls_free( grp->T ); } - mbedtls_platform_zeroize( grp, sizeof( mbedtls_ecp_group ) ); } @@ -828,7 +794,7 @@ void mbedtls_ecp_group_free( mbedtls_ecp_group *grp ) */ void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key ) { - if( key == NULL ) + if( !key ) return; mbedtls_ecp_group_free( &key->grp ); mbedtls_mpi_free( &key->d ); @@ -848,14 +814,12 @@ void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key ) */ int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ECP_VALIDATE_RET( P != NULL ); - ECP_VALIDATE_RET( Q != NULL ); - + int ret = MBEDTLS_ERR_THIS_CORRUPTION; + ECP_VALIDATE_RET( P ); + ECP_VALIDATE_RET( Q ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->X, &Q->X ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->Y, &Q->Y ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &P->Z, &Q->Z ) ); - cleanup: return( ret ); } @@ -873,34 +837,11 @@ cleanup: */ int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src ) { - ECP_VALIDATE_RET( dst != NULL ); - ECP_VALIDATE_RET( src != NULL ); - + ECP_VALIDATE_RET( dst ); + ECP_VALIDATE_RET( src ); return( mbedtls_ecp_group_load( dst, src->id ) ); } -/** - * \brief This function sets a point to the point at infinity. - * - * \param pt The point to set. This must be initialized. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. - * \return Another negative error code on other kinds of failure. - */ -int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt ) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ECP_VALIDATE_RET( pt != NULL ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->X , 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Y , 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z , 0 ) ); - -cleanup: - return( ret ); -} - /** * \brief This function checks if a point is the point at infinity. * @@ -912,9 +853,8 @@ cleanup: */ int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt ) { - ECP_VALIDATE_RET( pt != NULL ); - - return( mbedtls_mpi_cmp_int( &pt->Z, 0 ) == 0 ); + ECP_VALIDATE_RET( pt ); + return( mbedtls_mpi_is_zero( &pt->Z ) ); } /** @@ -932,16 +872,14 @@ int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt ) int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q ) { - ECP_VALIDATE_RET( P != NULL ); - ECP_VALIDATE_RET( Q != NULL ); - + ECP_VALIDATE_RET( P ); + ECP_VALIDATE_RET( Q ); if( mbedtls_mpi_cmp_mpi( &P->X, &Q->X ) == 0 && mbedtls_mpi_cmp_mpi( &P->Y, &Q->Y ) == 0 && mbedtls_mpi_cmp_mpi( &P->Z, &Q->Z ) == 0 ) { return( 0 ); } - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); } @@ -960,15 +898,13 @@ int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P, int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix, const char *x, const char *y ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ECP_VALIDATE_RET( P != NULL ); - ECP_VALIDATE_RET( x != NULL ); - ECP_VALIDATE_RET( y != NULL ); - + int ret = MBEDTLS_ERR_THIS_CORRUPTION; + ECP_VALIDATE_RET( P ); + ECP_VALIDATE_RET( x ); + ECP_VALIDATE_RET( y ); MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->X, radix, x ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &P->Y, radix, y ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &P->Z, 1 ) ); - cleanup: return( ret ); } @@ -1008,15 +944,13 @@ int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, */ int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; size_t plen; - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( P != NULL ); - ECP_VALIDATE_RET( olen != NULL ); - ECP_VALIDATE_RET( buf != NULL ); + ECP_VALIDATE_RET( grp ); + ECP_VALIDATE_RET( P ); + ECP_VALIDATE_RET( olen ); + ECP_VALIDATE_RET( buf ); ECP_VALIDATE_RET( format == MBEDTLS_ECP_PF_UNCOMPRESSED || format == MBEDTLS_ECP_PF_COMPRESSED ); - plen = mbedtls_mpi_size( &grp->P ); - #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) (void) format; /* Montgomery curves always use the same point format */ if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) @@ -1024,7 +958,6 @@ int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, *olen = plen; if( buflen < *olen ) return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary_le( &P->X, buf, plen ) ); } #endif @@ -1034,24 +967,19 @@ int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, /* * Common case: P == 0 */ - if( mbedtls_mpi_cmp_int( &P->Z, 0 ) == 0 ) + if( mbedtls_mpi_is_zero( &P->Z ) ) { if( buflen < 1 ) return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); - buf[0] = 0x00; *olen = 1; - return( 0 ); } - if( format == MBEDTLS_ECP_PF_UNCOMPRESSED ) { *olen = 2 * plen + 1; - if( buflen < *olen ) return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); - buf[0] = 0x04; MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->X, buf + 1, plen ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->Y, buf + 1 + plen, plen ) ); @@ -1059,16 +987,13 @@ int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, else if( format == MBEDTLS_ECP_PF_COMPRESSED ) { *olen = plen + 1; - if( buflen < *olen ) return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); - buf[0] = 0x02 + mbedtls_mpi_get_bit( &P->Y, 0 ); MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->X, buf + 1, plen ) ); } } #endif - cleanup: return( ret ); } @@ -1104,55 +1029,44 @@ int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, */ int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; size_t plen; - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( pt != NULL ); - ECP_VALIDATE_RET( buf != NULL ); - + ECP_VALIDATE_RET( grp ); + ECP_VALIDATE_RET( pt ); + ECP_VALIDATE_RET( buf ); if( ilen < 1 ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - plen = mbedtls_mpi_size( &grp->P ); - #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) { if( plen != ilen ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary_le( &pt->X, buf, plen ) ); mbedtls_mpi_free( &pt->Y ); - if( grp->id == MBEDTLS_ECP_DP_CURVE25519 ) /* Set most significant bit to 0 as prescribed in RFC7748 §5 */ MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &pt->X, plen * 8 - 1, 0 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) ); } #endif #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) { - if( buf[0] == 0x00 ) + if( !buf[0] ) { if( ilen == 1 ) return( mbedtls_ecp_set_zero( pt ) ); else return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); } - if( buf[0] != 0x04 ) return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); - if( ilen != 2 * plen + 1 ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->X, buf + 1, plen ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->Y, - buf + 1 + plen, plen ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->Y, buf + 1 + plen, plen ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) ); } #endif - cleanup: return( ret ); } @@ -1187,27 +1101,23 @@ int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, */ unsigned char data_len; const unsigned char *buf_start; - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( pt != NULL ); - ECP_VALIDATE_RET( buf != NULL ); - ECP_VALIDATE_RET( *buf != NULL ); - + ECP_VALIDATE_RET( grp ); + ECP_VALIDATE_RET( pt ); + ECP_VALIDATE_RET( buf ); + ECP_VALIDATE_RET( *buf ); /* * We must have at least two bytes (1 for length, at least one for data) */ if( buf_len < 2 ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - data_len = *(*buf)++; if( data_len < 1 || data_len > buf_len - 1 ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - /* * Save buffer start for read_binary and update buf */ buf_start = *buf; *buf += data_len; - return( mbedtls_ecp_point_read_binary( grp, pt, buf_start, data_len ) ); } @@ -1233,7 +1143,7 @@ int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, * is too small to hold the exported point. * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, +int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt, int format, size_t *olen, unsigned char *buf, size_t blen ) @@ -1244,30 +1154,26 @@ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, * opaque point <1..2^8-1>; * } ECPoint; */ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( pt != NULL ); - ECP_VALIDATE_RET( olen != NULL ); - ECP_VALIDATE_RET( buf != NULL ); + int ret = MBEDTLS_ERR_THIS_CORRUPTION; + ECP_VALIDATE_RET( grp ); + ECP_VALIDATE_RET( pt ); + ECP_VALIDATE_RET( olen ); + ECP_VALIDATE_RET( buf ); ECP_VALIDATE_RET( format == MBEDTLS_ECP_PF_UNCOMPRESSED || format == MBEDTLS_ECP_PF_COMPRESSED ); - /* * buffer length must be at least one, for our length byte */ if( blen < 1 ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - if( ( ret = mbedtls_ecp_point_write_binary( grp, pt, format, olen, buf + 1, blen - 1) ) != 0 ) return( ret ); - /* * write length to the first byte and update total length */ buf[0] = (unsigned char) *olen; ++*olen; - return( 0 ); } @@ -1291,15 +1197,13 @@ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_ecp_group_id grp_id; - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( buf != NULL ); - ECP_VALIDATE_RET( *buf != NULL ); - + ECP_VALIDATE_RET( grp ); + ECP_VALIDATE_RET( buf ); + ECP_VALIDATE_RET( *buf ); if( ( ret = mbedtls_ecp_tls_read_group_id( &grp_id, buf, len ) ) != 0 ) return( ret ); - return( mbedtls_ecp_group_load( grp, grp_id ) ); } @@ -1326,34 +1230,28 @@ int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp, { uint16_t tls_id; const mbedtls_ecp_curve_info *curve_info; - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( buf != NULL ); - ECP_VALIDATE_RET( *buf != NULL ); - + ECP_VALIDATE_RET( grp ); + ECP_VALIDATE_RET( buf ); + ECP_VALIDATE_RET( *buf ); /* * We expect at least three bytes (see below) */ if( len < 3 ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - /* * First byte is curve_type; only named_curve is handled */ if( *(*buf)++ != MBEDTLS_ECP_TLS_NAMED_CURVE ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - /* * Next two bytes are the namedcurve value */ tls_id = *(*buf)++; tls_id <<= 8; tls_id |= *(*buf)++; - if( ( curve_info = mbedtls_ecp_curve_info_from_tls_id( tls_id ) ) == NULL ) return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); - *grp = curve_info->grp_id; - return( 0 ); } @@ -1379,31 +1277,26 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen, unsigned char *buf, size_t blen ) { const mbedtls_ecp_curve_info *curve_info; - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( buf != NULL ); - ECP_VALIDATE_RET( olen != NULL ); - + ECP_VALIDATE_RET( grp ); + ECP_VALIDATE_RET( buf ); + ECP_VALIDATE_RET( olen ); if( ( curve_info = mbedtls_ecp_curve_info_from_grp_id( grp->id ) ) == NULL ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - /* * We are going to write 3 bytes (see below) */ *olen = 3; if( blen < *olen ) return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ); - /* * First byte is curve_type, always named_curve */ *buf++ = MBEDTLS_ECP_TLS_NAMED_CURVE; - /* * Next two bytes are the namedcurve value */ buf[0] = curve_info->tls_id >> 8; buf[1] = curve_info->tls_id & 0xFF; - return( 0 ); } @@ -1415,28 +1308,22 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen, */ static int ecp_modp( mbedtls_mpi *N, const mbedtls_ecp_group *grp ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if( grp->modp == NULL ) + int ret = MBEDTLS_ERR_THIS_CORRUPTION; + if( !grp->modp ) return( mbedtls_mpi_mod_mpi( N, N, &grp->P ) ); - /* N->s < 0 is a much faster test, which fails only if N is 0 */ - if( ( N->s < 0 && mbedtls_mpi_cmp_int( N, 0 ) != 0 ) || + if( ( N->s < 0 && !mbedtls_mpi_is_zero( N ) ) || mbedtls_mpi_bitlen( N ) > 2 * grp->pbits ) { return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); } - MBEDTLS_MPI_CHK( grp->modp( N ) ); - /* N->s < 0 is a much faster test, which fails only if N is 0 */ - while( N->s < 0 && mbedtls_mpi_cmp_int( N, 0 ) != 0 ) + while( N->s < 0 && !mbedtls_mpi_is_zero( N ) ) MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( N, N, &grp->P ) ); - while( mbedtls_mpi_cmp_mpi( N, &grp->P ) >= 0 ) /* we known P, N and the result are positive */ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( N, N, &grp->P ) ); - cleanup: return( ret ); } @@ -1467,12 +1354,12 @@ cleanup: INC_MUL_COUNT \ } while( 0 ) -static inline int mbedtls_mpi_mul_mod( const mbedtls_ecp_group *grp, - mbedtls_mpi *X, - const mbedtls_mpi *A, - const mbedtls_mpi *B ) +int mbedtls_mpi_mul_mod( const mbedtls_ecp_group *grp, + mbedtls_mpi *X, + const mbedtls_mpi *A, + const mbedtls_mpi *B ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( X, A, B ) ); MOD_MUL( *X ); cleanup: @@ -1484,7 +1371,7 @@ cleanup: * N->s < 0 is a very fast test, which fails only if N is 0 */ #define MOD_SUB( N ) \ - while( (N).s < 0 && mbedtls_mpi_cmp_int( &(N), 0 ) != 0 ) \ + while( (N).s < 0 && !mbedtls_mpi_is_zero( &(N) ) ) \ MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &(N), &(N), &grp->P ) ) #if ( defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) && \ @@ -1494,12 +1381,12 @@ cleanup: ( defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) && \ !( defined(MBEDTLS_ECP_NO_FALLBACK) && \ defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) ) ) -static inline int mbedtls_mpi_sub_mod( const mbedtls_ecp_group *grp, - mbedtls_mpi *X, - const mbedtls_mpi *A, - const mbedtls_mpi *B ) +int mbedtls_mpi_sub_mod( const mbedtls_ecp_group *grp, + mbedtls_mpi *X, + const mbedtls_mpi *A, + const mbedtls_mpi *B ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( X, A, B ) ); MOD_SUB( *X ); cleanup: @@ -1521,29 +1408,13 @@ static inline int mbedtls_mpi_add_mod( const mbedtls_ecp_group *grp, const mbedtls_mpi *A, const mbedtls_mpi *B ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( X, A, B ) ); MOD_ADD( *X ); cleanup: return( ret ); } -#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) && \ - !( defined(MBEDTLS_ECP_NO_FALLBACK) && \ - defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && \ - defined(MBEDTLS_ECP_ADD_MIXED_ALT) ) -static inline int mbedtls_mpi_shift_l_mod( const mbedtls_ecp_group *grp, - mbedtls_mpi *X, - size_t count ) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( X, count ) ); - MOD_ADD( *X ); -cleanup: - return( ret ); -} -#endif /* All functions referencing mbedtls_mpi_shift_l_mod() are alt-implemented without fallback */ - #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) /* * For curves in short Weierstrass form, we do all the internal operations in @@ -1559,43 +1430,39 @@ cleanup: */ static int ecp_normalize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt ) { - if( mbedtls_mpi_cmp_int( &pt->Z, 0 ) == 0 ) + if( mbedtls_ecp_is_zero( pt ) ) return( 0 ); - #if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) if( mbedtls_internal_ecp_grp_capable( grp ) ) return( mbedtls_internal_ecp_normalize_jac( grp, pt ) ); #endif /* MBEDTLS_ECP_NORMALIZE_JAC_ALT */ - #if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); #else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; +#ifdef MBEDTLS_ECP_DP_SECP256R1_ENABLED + if ( grp->modp == ecp_mod_p256 ) + return mbedtls_p256_normalize_jac(grp, pt); +#endif + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_mpi Zi, ZZi; mbedtls_mpi_init( &Zi ); mbedtls_mpi_init( &ZZi ); - /* * X = X / Z^2 mod p */ - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &Zi, &pt->Z, &grp->P ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &Zi, &pt->Z, &grp->P ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &ZZi, &Zi, &Zi ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->X, &pt->X, &ZZi ) ); - /* * Y = Y / Z^3 mod p */ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Y, &pt->Y, &ZZi ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Y, &pt->Y, &Zi ) ); - /* * Z = 1 */ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) ); - cleanup: - mbedtls_mpi_free( &Zi ); mbedtls_mpi_free( &ZZi ); - return( ret ); #endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) */ } @@ -1616,27 +1483,29 @@ static int ecp_normalize_jac_many( const mbedtls_ecp_group *grp, { if( T_size < 2 ) return( ecp_normalize_jac( grp, *T ) ); - #if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) if( mbedtls_internal_ecp_grp_capable( grp ) ) return( mbedtls_internal_ecp_normalize_jac_many( grp, T, T_size ) ); #endif - #if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); #else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; +#ifdef MBEDTLS_ECP_DP_SECP384R1_ENABLED + if ( grp->modp == ecp_mod_p384 ) + return mbedtls_p384_normalize_jac_many(grp, T, T_size); +#endif +#ifdef MBEDTLS_ECP_DP_SECP256R1_ENABLED + if ( grp->modp == ecp_mod_p256 ) + return mbedtls_p256_normalize_jac_many(grp, T, T_size); +#endif + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t i; mbedtls_mpi *c, u, Zi, ZZi; - if( ( c = mbedtls_calloc( T_size, sizeof( mbedtls_mpi ) ) ) == NULL ) return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); - for( i = 0; i < T_size; i++ ) mbedtls_mpi_init( &c[i] ); - mbedtls_mpi_init( &u ); mbedtls_mpi_init( &Zi ); mbedtls_mpi_init( &ZZi ); - /* * c[i] = Z_0 * ... * Z_i */ @@ -1645,12 +1514,10 @@ static int ecp_normalize_jac_many( const mbedtls_ecp_group *grp, { MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &c[i], &c[i-1], &T[i]->Z ) ); } - /* * u = 1 / (Z_0 * ... * Z_n) mod P */ MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &u, &c[T_size-1], &grp->P ) ); - for( i = T_size - 1; ; i-- ) { /* @@ -1665,7 +1532,6 @@ static int ecp_normalize_jac_many( const mbedtls_ecp_group *grp, MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &Zi, &u, &c[i-1] ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &u, &u, &T[i]->Z ) ); } - /* * proceed as in normalize() */ @@ -1673,7 +1539,6 @@ static int ecp_normalize_jac_many( const mbedtls_ecp_group *grp, MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T[i]->X, &T[i]->X, &ZZi ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T[i]->Y, &T[i]->Y, &ZZi ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T[i]->Y, &T[i]->Y, &Zi ) ); - /* * Post-precessing: reclaim some memory by shrinking coordinates * - not storing Z (always 1) @@ -1683,18 +1548,14 @@ static int ecp_normalize_jac_many( const mbedtls_ecp_group *grp, MBEDTLS_MPI_CHK( mbedtls_mpi_shrink( &T[i]->X, grp->P.n ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_shrink( &T[i]->Y, grp->P.n ) ); mbedtls_mpi_free( &T[i]->Z ); - if( i == 0 ) break; } - cleanup: - mbedtls_mpi_free( &u ); mbedtls_mpi_free( &Zi ); mbedtls_mpi_free( &ZZi ); for( i = 0; i < T_size; i++ ) mbedtls_mpi_free( &c[i] ); mbedtls_free( c ); - return( ret ); #endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) */ } @@ -1704,23 +1565,19 @@ cleanup: * "inv" must be 0 (don't invert) or 1 (invert) or the result will be invalid */ static int ecp_safe_invert_jac( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *Q, - unsigned char inv ) + mbedtls_ecp_point *Q, + unsigned char inv ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char nonzero; mbedtls_mpi mQY; - mbedtls_mpi_init( &mQY ); - /* Use the fact that -Q.Y mod P = P - Q.Y unless Q.Y == 0 */ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &mQY, &grp->P, &Q->Y ) ); - nonzero = mbedtls_mpi_cmp_int( &Q->Y, 0 ) != 0; + nonzero = !mbedtls_mpi_is_zero( &Q->Y ); MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &Q->Y, &mQY, inv & nonzero ) ); - cleanup: mbedtls_mpi_free( &mQY ); - return( ret ); } @@ -1744,38 +1601,47 @@ static int ecp_double_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, #if defined(MBEDTLS_SELF_TEST) dbl_count++; #endif - #if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) if( mbedtls_internal_ecp_grp_capable( grp ) ) return( mbedtls_internal_ecp_double_jac( grp, R, P ) ); #endif /* MBEDTLS_ECP_DOUBLE_JAC_ALT */ - #if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); #else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + +#ifdef MBEDTLS_ECP_DP_SECP256R1_ENABLED + if ( grp->modp == ecp_mod_p256 ) + return mbedtls_p256_double_jac(grp, P, R); +#endif + +#ifdef MBEDTLS_ECP_DP_SECP384R1_ENABLED + if ( grp->modp == ecp_mod_p384 ) + return mbedtls_p384_double_jac(grp, P, R); +#endif + + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_mpi M, S, T, U; - - mbedtls_mpi_init( &M ); mbedtls_mpi_init( &S ); mbedtls_mpi_init( &T ); mbedtls_mpi_init( &U ); - + mbedtls_mpi_init( &M ); + mbedtls_mpi_init( &S ); + mbedtls_mpi_init( &T ); + mbedtls_mpi_init( &U ); /* Special case for A = -3 */ - if( grp->A.p == NULL ) + if( !grp->A.p ) { /* M = 3(X + Z^2)(X - Z^2) */ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &P->Z, &P->Z ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &T, &P->X, &S ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &U, &P->X, &S ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &T, &U ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M, &S, 3 ) ); MOD_ADD( M ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M, &S, 3 ) ); MOD_ADD( M ); } else { /* M = 3.X^2 */ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &P->X, &P->X ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M, &S, 3 ) ); MOD_ADD( M ); - + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M, &S, 3 ) ); MOD_ADD( M ); /* Optimize away for "koblitz" curves with A = 0 */ - if( mbedtls_mpi_cmp_int( &grp->A, 0 ) != 0 ) + if( !mbedtls_mpi_is_zero( &grp->A ) ) { /* M += A.Z^4 */ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &P->Z, &P->Z ) ); @@ -1784,38 +1650,33 @@ static int ecp_double_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &M, &M, &S ) ); } } - /* S = 4.X.Y^2 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T, &P->Y, &P->Y ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &T, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &P->X, &T ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &S, 1 ) ); - + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T, &P->Y, &P->Y ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &T ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &P->X, &T ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &S ) ); /* U = 8.Y^4 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &U, &T, &T ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &U, 1 ) ); - + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &U, &T, &T ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &U ) ); /* T = M^2 - 2.S */ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T, &M, &M ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T, &T, &S ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T, &T, &S ) ); - /* S = M(S - T) - U */ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &S, &S, &T ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &S, &S, &M ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &S, &S, &U ) ); - /* U = 2.Y.Z */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &U, &P->Y, &P->Z ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &U, 1 ) ); - + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &U, &P->Y, &P->Z ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &U ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->X, &T ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Y, &S ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Z, &U ) ); - cleanup: - mbedtls_mpi_free( &M ); mbedtls_mpi_free( &S ); mbedtls_mpi_free( &T ); mbedtls_mpi_free( &U ); - + mbedtls_mpi_free( &M ); + mbedtls_mpi_free( &S ); + mbedtls_mpi_free( &T ); + mbedtls_mpi_free( &U ); return( ret ); #endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) */ } @@ -1844,47 +1705,47 @@ static int ecp_add_mixed( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, #if defined(MBEDTLS_SELF_TEST) add_count++; #endif - #if defined(MBEDTLS_ECP_ADD_MIXED_ALT) if( mbedtls_internal_ecp_grp_capable( grp ) ) return( mbedtls_internal_ecp_add_mixed( grp, R, P, Q ) ); #endif /* MBEDTLS_ECP_ADD_MIXED_ALT */ - #if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_ADD_MIXED_ALT) return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); #else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_mpi T1, T2, T3, T4, X, Y, Z; - /* * Trivial cases: P == 0 or Q == 0 (case 1) */ - if( mbedtls_mpi_cmp_int( &P->Z, 0 ) == 0 ) + if( mbedtls_ecp_is_zero( P ) ) return( mbedtls_ecp_copy( R, Q ) ); - - if( Q->Z.p != NULL && mbedtls_mpi_cmp_int( &Q->Z, 0 ) == 0 ) + if( Q->Z.p && mbedtls_ecp_is_zero( Q ) ) return( mbedtls_ecp_copy( R, P ) ); - /* * Make sure Q coordinates are normalized */ - if( Q->Z.p != NULL && mbedtls_mpi_cmp_int( &Q->Z, 1 ) != 0 ) + if( Q->Z.p && !mbedtls_mpi_is_one( &Q->Z ) ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - +#ifdef MBEDTLS_ECP_DP_SECP384R1_ENABLED + if ( grp->modp == ecp_mod_p384 ) + return mbedtls_p384_add_mixed(grp, P, Q, R); +#endif +#ifdef MBEDTLS_ECP_DP_SECP256R1_ENABLED + if ( grp->modp == ecp_mod_p256 ) + return mbedtls_p256_add_mixed(grp, P, Q, R); +#endif mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 ); mbedtls_mpi_init( &T3 ); mbedtls_mpi_init( &T4 ); mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T1, &P->Z, &P->Z ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T2, &T1, &P->Z ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T1, &T1, &Q->X ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T2, &T2, &Q->Y ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T1, &T1, &P->X ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T2, &T2, &P->Y ) ); - /* Special cases (2) and (3) */ - if( mbedtls_mpi_cmp_int( &T1, 0 ) == 0 ) + if( mbedtls_mpi_is_zero( &T1 ) ) { - if( mbedtls_mpi_cmp_int( &T2, 0 ) == 0 ) + if( mbedtls_mpi_is_zero( &T2 ) ) { ret = ecp_double_jac( grp, R, P ); goto cleanup; @@ -1895,30 +1756,25 @@ static int ecp_add_mixed( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, goto cleanup; } } - - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &Z, &P->Z, &T1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T3, &T1, &T1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T4, &T3, &T1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T3, &T3, &P->X ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &T1, &T3 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &T1, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &X, &T2, &T2 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &X, &X, &T1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &X, &X, &T4 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T3, &T3, &X ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T3, &T3, &T2 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T4, &T4, &P->Y ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &Y, &T3, &T4 ) ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->X, &X ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Y, &Y ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Z, &Z ) ); - + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &Z, &P->Z, &T1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T3, &T1, &T1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T4, &T3, &T1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T3, &T3, &P->X ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &T1, &T3 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l_mod( grp, &T1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &X, &T2, &T2 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &X, &X, &T1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &X, &X, &T4 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &T3, &T3, &X ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T3, &T3, &T2 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &T4, &T4, &P->Y ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &Y, &T3, &T4 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->X, &X ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Y, &Y ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &R->Z, &Z ) ); cleanup: - mbedtls_mpi_free( &T1 ); mbedtls_mpi_free( &T2 ); mbedtls_mpi_free( &T3 ); mbedtls_mpi_free( &T4 ); mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &Z ); - return( ret ); #endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_ADD_MIXED_ALT) */ } @@ -1931,31 +1787,26 @@ cleanup: * This countermeasure was first suggested in [2]. */ static int ecp_randomize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { #if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) if( mbedtls_internal_ecp_grp_capable( grp ) ) return( mbedtls_internal_ecp_randomize_jac( grp, pt, f_rng, p_rng ) ); #endif /* MBEDTLS_ECP_RANDOMIZE_JAC_ALT */ - #if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); #else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_mpi l, ll; int count = 0; size_t p_size = ( grp->pbits + 7 ) / 8; - mbedtls_mpi_init( &l ); mbedtls_mpi_init( &ll ); - /* Generate l such that 1 < l < p */ do { MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ) ); - while( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) ); - + mbedtls_mpi_shift_r( &l, 1 ); if( count++ > 10 ) { ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; @@ -1963,21 +1814,16 @@ static int ecp_randomize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *p } } while( mbedtls_mpi_cmp_int( &l, 1 ) <= 0 ); - /* Z = l * Z */ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Z, &pt->Z, &l ) ); - /* X = l^2 * X */ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &ll, &l, &l ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->X, &pt->X, &ll ) ); - /* Y = l^3 * Y */ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &ll, &ll, &l ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Y, &pt->Y, &ll ) ); - cleanup: mbedtls_mpi_free( &l ); mbedtls_mpi_free( &ll ); - return( ret ); #endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) */ } @@ -2047,14 +1893,11 @@ static void ecp_comb_recode_core( unsigned char x[], size_t d, { size_t i, j; unsigned char c, cc, adjust; - - memset( x, 0, d+1 ); - + mbedtls_platform_zeroize( x, d+1 ); /* First get the classical comb values (except for x_d = 0) */ for( i = 0; i < d; i++ ) for( j = 0; j < w; j++ ) x[i] |= mbedtls_mpi_get_bit( m, i + d * j ) << j; - /* Now make sure x_1 .. x_d are odd */ c = 0; for( i = 1; i <= d; i++ ) @@ -2063,7 +1906,6 @@ static void ecp_comb_recode_core( unsigned char x[], size_t d, cc = x[i] & c; x[i] = x[i] ^ c; c = cc; - /* Adjust if needed, avoiding branches */ adjust = 1 - ( x[i] & 0x01 ); c |= x[i] & ( x[i-1] * adjust ); @@ -2111,14 +1953,13 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, unsigned char w, size_t d, mbedtls_ecp_restart_ctx *rs_ctx ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char i; size_t j = 0; const unsigned char T_size = 1U << ( w - 1 ); mbedtls_ecp_point *cur, *TT[COMB_MAX_PRE - 1]; - #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + if( rs_ctx && rs_ctx->rsm ) { if( rs_ctx->rsm->state == ecp_rsm_pre_dbl ) goto dbl; @@ -2132,16 +1973,13 @@ static int ecp_precompute_comb( const mbedtls_ecp_group *grp, #else (void) rs_ctx; #endif - #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + if( rs_ctx && rs_ctx->rsm ) { rs_ctx->rsm->state = ecp_rsm_pre_dbl; - /* initial state for the loop */ rs_ctx->rsm->i = 0; } - dbl: #endif /* @@ -2149,31 +1987,24 @@ dbl: * T[2^{l-1}] = 2^{dl} P for l = 1 .. w-1 (this is not the final value) */ MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &T[0], P ) ); - #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0 ) + if( rs_ctx && rs_ctx->rsm && rs_ctx->rsm->i != 0 ) j = rs_ctx->rsm->i; else #endif j = 0; - for( ; j < d * ( w - 1 ); j++ ) { MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_DBL ); - i = 1U << ( j / d ); cur = T + i; - - if( j % d == 0 ) + if( !( j % d ) ) MBEDTLS_MPI_CHK( mbedtls_ecp_copy( cur, T + ( i >> 1 ) ) ); - MBEDTLS_MPI_CHK( ecp_double_jac( grp, cur, cur ) ); } - #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + if( rs_ctx && rs_ctx->rsm ) rs_ctx->rsm->state = ecp_rsm_pre_norm_dbl; - norm_dbl: #endif /* @@ -2183,15 +2014,11 @@ norm_dbl: j = 0; for( i = 1; i < T_size; i <<= 1 ) TT[j++] = T + i; - MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV + 6 * j - 2 ); - MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) ); - #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + if( rs_ctx && rs_ctx->rsm ) rs_ctx->rsm->state = ecp_rsm_pre_add; - add: #endif /* @@ -2199,18 +2026,16 @@ add: * Be careful to update T[2^l] only after using it! */ MBEDTLS_ECP_BUDGET( ( T_size - 1 ) * MBEDTLS_ECP_OPS_ADD ); - for( i = 1; i < T_size; i <<= 1 ) { j = i; - while( j-- ) + while( j-- ) { MBEDTLS_MPI_CHK( ecp_add_mixed( grp, &T[i + j], &T[j], &T[i] ) ); + } } - #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + if( rs_ctx && rs_ctx->rsm ) rs_ctx->rsm->state = ecp_rsm_pre_norm_add; - norm_add: #endif /* @@ -2220,21 +2045,17 @@ norm_add: */ for( j = 0; j + 1 < T_size; j++ ) TT[j] = T + j + 1; - MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV + 6 * j - 2 ); - MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) ); - cleanup: #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL && + if( rs_ctx && rs_ctx->rsm && ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) { if( rs_ctx->rsm->state == ecp_rsm_pre_dbl ) rs_ctx->rsm->i = j; } #endif - return( ret ); } @@ -2247,22 +2068,18 @@ static int ecp_select_comb( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_ecp_point T[], unsigned char T_size, unsigned char i ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char ii, j; - /* Ignore the "sign" bit and scale down */ ii = ( i & 0x7Fu ) >> 1; - /* Read the whole table to thwart cache-based timing attacks */ for( j = 0; j < T_size; j++ ) { MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &R->X, &T[j].X, j == ii ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &R->Y, &T[j].Y, j == ii ) ); } - /* Safely invert result if i is "negative" */ MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, R, i >> 7 ) ); - cleanup: return( ret ); } @@ -2280,26 +2097,22 @@ static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R void *p_rng, mbedtls_ecp_restart_ctx *rs_ctx ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_ecp_point Txi; size_t i; - mbedtls_ecp_point_init( &Txi ); - #if !defined(MBEDTLS_ECP_RESTARTABLE) (void) rs_ctx; #endif - #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL && + if( rs_ctx && rs_ctx->rsm && rs_ctx->rsm->state != ecp_rsm_comb_core ) { rs_ctx->rsm->i = 0; rs_ctx->rsm->state = ecp_rsm_comb_core; } - /* new 'if' instead of nested for the sake of the 'else' branch */ - if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0 ) + if( rs_ctx && rs_ctx->rsm && rs_ctx->rsm->i != 0 ) { /* restore current index (R already pointing to rs_ctx->rsm->R) */ i = rs_ctx->rsm->i; @@ -2316,30 +2129,24 @@ static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R #endif MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, R, f_rng, p_rng ) ); } - while( i != 0 ) { MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_DBL + MBEDTLS_ECP_OPS_ADD ); --i; - MBEDTLS_MPI_CHK( ecp_double_jac( grp, R, R ) ); MBEDTLS_MPI_CHK( ecp_select_comb( grp, &Txi, T, T_size, x[i] ) ); MBEDTLS_MPI_CHK( ecp_add_mixed( grp, R, R, &Txi ) ); } - cleanup: - mbedtls_ecp_point_free( &Txi ); - #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL && + if( rs_ctx && rs_ctx->rsm && ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) { rs_ctx->rsm->i = i; /* no need to save R, already pointing to rs_ctx->rsm->R */ } #endif - return( ret ); } @@ -2362,31 +2169,24 @@ static int ecp_comb_recode_scalar( const mbedtls_ecp_group *grp, unsigned char w, unsigned char *parity_trick ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_mpi M, mm; - mbedtls_mpi_init( &M ); mbedtls_mpi_init( &mm ); - /* N is always odd (see above), just make extra sure */ if( mbedtls_mpi_get_bit( &grp->N, 0 ) != 1 ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - /* do we need the parity trick? */ *parity_trick = ( mbedtls_mpi_get_bit( m, 0 ) == 0 ); - /* execute parity fix in constant time */ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &M, m ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &mm, &grp->N, m ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( &M, &mm, *parity_trick ) ); - /* actual scalar recoding */ ecp_comb_recode_core( k, d, w, &M ); - cleanup: mbedtls_mpi_free( &mm ); mbedtls_mpi_free( &M ); - return( ret ); } @@ -2398,41 +2198,36 @@ cleanup: * if that is the case we'll need to recover m * P at the end. */ static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *R, - const mbedtls_mpi *m, - const mbedtls_ecp_point *T, - unsigned char T_size, - unsigned char w, - size_t d, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - mbedtls_ecp_restart_ctx *rs_ctx ) + mbedtls_ecp_point *R, + const mbedtls_mpi *m, + const mbedtls_ecp_point *T, + unsigned char T_size, + unsigned char w, + size_t d, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + mbedtls_ecp_restart_ctx *rs_ctx ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char parity_trick; unsigned char k[COMB_MAX_D + 1]; mbedtls_ecp_point *RR = R; - #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + if( rs_ctx && rs_ctx->rsm ) { RR = &rs_ctx->rsm->R; - if( rs_ctx->rsm->state == ecp_rsm_final_norm ) goto final_norm; } #endif - MBEDTLS_MPI_CHK( ecp_comb_recode_scalar( grp, m, k, d, w, &parity_trick ) ); MBEDTLS_MPI_CHK( ecp_mul_comb_core( grp, RR, T, T_size, k, d, f_rng, p_rng, rs_ctx ) ); MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, RR, parity_trick ) ); - #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + if( rs_ctx && rs_ctx->rsm ) rs_ctx->rsm->state = ecp_rsm_final_norm; - final_norm: MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV ); #endif @@ -2451,14 +2246,11 @@ final_norm: if( f_rng != 0 ) #endif MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, RR, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, RR ) ); - #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + if( rs_ctx && rs_ctx->rsm ) MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, RR ) ); #endif - cleanup: return( ret ); } @@ -2470,14 +2262,12 @@ static unsigned char ecp_pick_window_size( const mbedtls_ecp_group *grp, unsigned char p_eq_g ) { unsigned char w; - /* * Minimize the number of multiplications, that is minimize * 10 * d * w + 18 * 2^(w-1) + 11 * d + 7 * w, with d = ceil( nbits / w ) * (see costs of the various parts, with 1S = 1M) */ w = grp->nbits >= 384 ? 5 : 4; - /* * If P == G, pre-compute a bit more, since this may be re-used later. * Just adding one avoids upping the cost of the first mul too much, @@ -2485,7 +2275,6 @@ static unsigned char ecp_pick_window_size( const mbedtls_ecp_group *grp, */ if( p_eq_g ) w++; - /* * Make sure w is within bounds. * (The last test is useful only for very small curves in the test suite.) @@ -2496,7 +2285,6 @@ static unsigned char ecp_pick_window_size( const mbedtls_ecp_group *grp, #endif if( w >= grp->nbits ) w = 2; - return( w ); } @@ -2519,31 +2307,27 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, void *p_rng, mbedtls_ecp_restart_ctx *rs_ctx ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char w, p_eq_g, i; size_t d; unsigned char T_size = 0, T_ok = 0; mbedtls_ecp_point *T = NULL; #if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) ecp_drbg_context drbg_ctx; - ecp_drbg_init( &drbg_ctx ); #endif - ECP_RS_ENTER( rsm ); - #if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) if( f_rng == NULL ) { /* Adjust pointers */ f_rng = &ecp_drbg_random; #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + if( rs_ctx && rs_ctx->rsm ) p_rng = &rs_ctx->rsm->drbg_ctx; else #endif p_rng = &drbg_ctx; - /* Initialize internal DRBG if necessary */ #if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx == NULL || rs_ctx->rsm == NULL || @@ -2554,12 +2338,11 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, MBEDTLS_MPI_CHK( ecp_drbg_seed( p_rng, m, m_len ) ); } #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + if( rs_ctx && rs_ctx->rsm ) rs_ctx->rsm->drbg_seeded = 1; #endif } #endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */ - /* Is P the base point ? */ #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 p_eq_g = ( mbedtls_mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 && @@ -2567,14 +2350,12 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, #else p_eq_g = 0; #endif - /* Pick window size and deduce related sizes */ w = ecp_pick_window_size( grp, p_eq_g ); T_size = 1U << ( w - 1 ); d = ( grp->nbits + w - 1 ) / w; - /* Pre-computed table: do we have it already for the base point? */ - if( p_eq_g && grp->T != NULL ) + if( p_eq_g && grp->T ) { /* second pointer to the same table, will be deleted on exit */ T = grp->T; @@ -2583,13 +2364,12 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, else #if defined(MBEDTLS_ECP_RESTARTABLE) /* Pre-computed table: do we have one in progress? complete? */ - if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->T != NULL ) + if( rs_ctx && rs_ctx->rsm && rs_ctx->rsm->T ) { /* transfer ownership of T from rsm to local function */ T = rs_ctx->rsm->T; rs_ctx->rsm->T = NULL; rs_ctx->rsm->T_size = 0; - /* This effectively jumps to the call to mul_comb_after_precomp() */ T_ok = rs_ctx->rsm->state >= ecp_rsm_comb_core; } @@ -2598,23 +2378,19 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, /* Allocate table if we didn't have any */ { T = mbedtls_calloc( T_size, sizeof( mbedtls_ecp_point ) ); - if( T == NULL ) + if( !T ) { ret = MBEDTLS_ERR_ECP_ALLOC_FAILED; goto cleanup; } - for( i = 0; i < T_size; i++ ) mbedtls_ecp_point_init( &T[i] ); - T_ok = 0; } - /* Compute table (or finish computing it) if not done already */ if( !T_ok ) { MBEDTLS_MPI_CHK( ecp_precompute_comb( grp, T, P, w, d, rs_ctx ) ); - if( p_eq_g ) { /* almost transfer ownership of T to the group, but keep a copy of @@ -2623,25 +2399,20 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, grp->T_size = T_size; } } - /* Actual comb multiplication using precomputed points */ MBEDTLS_MPI_CHK( ecp_mul_comb_after_precomp( grp, R, m, T, T_size, w, d, f_rng, p_rng, rs_ctx ) ); - cleanup: - #if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) ecp_drbg_free( &drbg_ctx ); #endif - /* does T belong to the group? */ if( T == grp->T ) T = NULL; - /* does T belong to the restart context? */ #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS && T != NULL ) + if( rs_ctx && rs_ctx->rsm && ret == MBEDTLS_ERR_ECP_IN_PROGRESS && T ) { /* transfer ownership of T from local function to rsm */ rs_ctx->rsm->T_size = T_size; @@ -2649,15 +2420,13 @@ cleanup: T = NULL; } #endif - /* did T belong to us? then let's destroy it! */ - if( T != NULL ) + if( T ) { for( i = 0; i < T_size; i++ ) mbedtls_ecp_point_free( &T[i] ); mbedtls_free( T ); } - /* don't free R while in progress in case R == P */ #if defined(MBEDTLS_ECP_RESTARTABLE) if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) @@ -2665,9 +2434,7 @@ cleanup: /* prevent caller from using invalid value */ if( ret != 0 ) mbedtls_ecp_point_free( R ); - ECP_RS_LEAVE( rsm ); - return( ret ); } @@ -2692,15 +2459,13 @@ static int ecp_normalize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P if( mbedtls_internal_ecp_grp_capable( grp ) ) return( mbedtls_internal_ecp_normalize_mxz( grp, P ) ); #endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */ - #if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); #else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &P->Z, &P->Z, &grp->P ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &P->X, &P->X, &P->Z ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &P->Z, 1 ) ); - cleanup: return( ret ); #endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) */ @@ -2715,30 +2480,27 @@ cleanup: * Cost: 2M */ static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) { #if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) if( mbedtls_internal_ecp_grp_capable( grp ) ) return( mbedtls_internal_ecp_randomize_mxz( grp, P, f_rng, p_rng ); #endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */ - #if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); #else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_mpi l; int count = 0; size_t p_size = ( grp->pbits + 7 ) / 8; mbedtls_mpi_init( &l ); - /* Generate l such that 1 < l < p */ do { MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ) ); - while( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 ) - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) ); - + mbedtls_mpi_shift_r( &l, 1 ); if( count++ > 10 ) { ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; @@ -2746,13 +2508,10 @@ static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P } } while( mbedtls_mpi_cmp_int( &l, 1 ) <= 0 ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &P->X, &P->X, &l ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &P->Z, &P->Z, &l ) ); - cleanup: mbedtls_mpi_free( &l ); - return( ret ); #endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) */ } @@ -2781,17 +2540,14 @@ static int ecp_double_add_mxz( const mbedtls_ecp_group *grp, if( mbedtls_internal_ecp_grp_capable( grp ) ) return( mbedtls_internal_ecp_double_add_mxz( grp, R, S, P, Q, d ) ); #endif /* MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT */ - #if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); #else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_mpi A, AA, B, BB, E, C, D, DA, CB; - mbedtls_mpi_init( &A ); mbedtls_mpi_init( &AA ); mbedtls_mpi_init( &B ); mbedtls_mpi_init( &BB ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &C ); mbedtls_mpi_init( &D ); mbedtls_mpi_init( &DA ); mbedtls_mpi_init( &CB ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &A, &P->X, &P->Z ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &AA, &A, &A ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mod( grp, &B, &P->X, &P->Z ) ); @@ -2810,12 +2566,10 @@ static int ecp_double_add_mxz( const mbedtls_ecp_group *grp, MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &R->Z, &grp->A, &E ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &R->Z, &BB, &R->Z ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &R->Z, &E, &R->Z ) ); - cleanup: mbedtls_mpi_free( &A ); mbedtls_mpi_free( &AA ); mbedtls_mpi_free( &B ); mbedtls_mpi_free( &BB ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &C ); mbedtls_mpi_free( &D ); mbedtls_mpi_free( &DA ); mbedtls_mpi_free( &CB ); - return( ret ); #endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) */ } @@ -2829,18 +2583,16 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t i; unsigned char b; mbedtls_ecp_point RP; mbedtls_mpi PX; #if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) ecp_drbg_context drbg_ctx; - ecp_drbg_init( &drbg_ctx ); #endif mbedtls_ecp_point_init( &RP ); mbedtls_mpi_init( &PX ); - #if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) if( f_rng == NULL ) { @@ -2850,25 +2602,20 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, p_rng = &drbg_ctx; } #endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */ - /* Save PX and read from P before writing to R, in case P == R */ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &PX, &P->X ) ); MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &RP, P ) ); - /* Set R to zero in modified x/z coordinates */ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->X, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 0 ) ); mbedtls_mpi_free( &R->Y ); - /* RP.X might be sligtly larger than P, so reduce it */ MOD_ADD( RP.X ); - /* Randomize coordinates of the starting point */ #if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - if( f_rng != NULL ) + if( f_rng ) #endif MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, &RP, f_rng, p_rng ) ); - /* Loop invariant: R = result so far, RP = R + P */ i = mbedtls_mpi_bitlen( m ); /* one past the (zero-based) most significant bit */ while( i-- > 0 ) @@ -2887,7 +2634,6 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->X, &RP.X, b ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_swap( &R->Z, &RP.Z, b ) ); } - /* * Knowledge of the projective coordinates may leak the last few bits of the * scalar [1], and since our MPI implementation isn't constant-flow, @@ -2900,19 +2646,15 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * Avoid the leak by randomizing coordinates before we normalize them. */ #if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - if( f_rng != NULL ) + if( f_rng ) #endif MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, R, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( ecp_normalize_mxz( grp, R ) ); - cleanup: #if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) ecp_drbg_free( &drbg_ctx ); #endif - mbedtls_ecp_point_free( &RP ); mbedtls_mpi_free( &PX ); - return( ret ); } @@ -2957,37 +2699,32 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, #if defined(MBEDTLS_ECP_INTERNAL_ALT) char is_grp_capable = 0; #endif - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( R != NULL ); - ECP_VALIDATE_RET( m != NULL ); - ECP_VALIDATE_RET( P != NULL ); - + ECP_VALIDATE_RET( grp ); + ECP_VALIDATE_RET( R ); + ECP_VALIDATE_RET( m ); + ECP_VALIDATE_RET( P ); #if defined(MBEDTLS_ECP_RESTARTABLE) /* reset ops count for this call if top-level */ - if( rs_ctx != NULL && rs_ctx->depth++ == 0 ) + if( rs_ctx && rs_ctx->depth++ == 0 ) rs_ctx->ops_done = 0; #else (void) rs_ctx; #endif - #if defined(MBEDTLS_ECP_INTERNAL_ALT) if( ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) ) MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); #endif /* MBEDTLS_ECP_INTERNAL_ALT */ - #if defined(MBEDTLS_ECP_RESTARTABLE) /* skip argument check when restarting */ - if( rs_ctx == NULL || rs_ctx->rsm == NULL ) + if( !rs_ctx || !rs_ctx->rsm ) #endif { /* check_privkey is free */ MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_CHK ); - /* Common sanity checks */ MBEDTLS_MPI_CHK( mbedtls_ecp_check_privkey( grp, m ) ); MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) ); } - ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) @@ -2997,19 +2734,15 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) MBEDTLS_MPI_CHK( ecp_mul_comb( grp, R, m, P, f_rng, p_rng, rs_ctx ) ); #endif - cleanup: - #if defined(MBEDTLS_ECP_INTERNAL_ALT) if( is_grp_capable ) mbedtls_internal_ecp_free( grp ); #endif /* MBEDTLS_ECP_INTERNAL_ALT */ - #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL ) + if( rs_ctx ) rs_ctx->depth--; #endif - return( ret ); } @@ -3053,10 +2786,10 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( R != NULL ); - ECP_VALIDATE_RET( m != NULL ); - ECP_VALIDATE_RET( P != NULL ); + ECP_VALIDATE_RET( grp ); + ECP_VALIDATE_RET( R ); + ECP_VALIDATE_RET( m ); + ECP_VALIDATE_RET( P ); return( mbedtls_ecp_mul_restartable( grp, R, m, P, f_rng, p_rng, NULL ) ); } @@ -3067,27 +2800,23 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, */ static int ecp_check_pubkey_sw( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_mpi YY, RHS; - /* pt coordinates must be normalized for our checks */ if( mbedtls_mpi_cmp_int( &pt->X, 0 ) < 0 || mbedtls_mpi_cmp_int( &pt->Y, 0 ) < 0 || mbedtls_mpi_cmp_mpi( &pt->X, &grp->P ) >= 0 || mbedtls_mpi_cmp_mpi( &pt->Y, &grp->P ) >= 0 ) return( MBEDTLS_ERR_ECP_INVALID_KEY ); - mbedtls_mpi_init( &YY ); mbedtls_mpi_init( &RHS ); - /* * YY = Y^2 * RHS = X (X^2 + A) + B = X^3 + A X + B */ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &YY, &pt->Y, &pt->Y ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &RHS, &pt->X, &pt->X ) ); - /* Special case for A = -3 */ - if( grp->A.p == NULL ) + if( !grp->A.p ) { MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &RHS, &RHS, 3 ) ); MOD_SUB( RHS ); } @@ -3095,17 +2824,12 @@ static int ecp_check_pubkey_sw( const mbedtls_ecp_group *grp, const mbedtls_ecp_ { MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &RHS, &RHS, &grp->A ) ); } - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &RHS, &RHS, &pt->X ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_add_mod( grp, &RHS, &RHS, &grp->B ) ); - if( mbedtls_mpi_cmp_mpi( &YY, &RHS ) != 0 ) ret = MBEDTLS_ERR_ECP_INVALID_KEY; - cleanup: - mbedtls_mpi_free( &YY ); mbedtls_mpi_free( &RHS ); - return( ret ); } #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ @@ -3121,16 +2845,15 @@ static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp, const mbedtls_ecp_point *P, mbedtls_ecp_restart_ctx *rs_ctx ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if( mbedtls_mpi_cmp_int( m, 1 ) == 0 ) + int ret = MBEDTLS_ERR_THIS_CORRUPTION; + if( mbedtls_mpi_is_one( m ) ) { MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) ); } else if( mbedtls_mpi_cmp_int( m, -1 ) == 0 ) { MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) ); - if( mbedtls_mpi_cmp_int( &R->Y, 0 ) != 0 ) + if( !mbedtls_mpi_is_zero( &R->Y ) ) MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &R->Y, &grp->P, &R->Y ) ); } else @@ -3138,7 +2861,6 @@ static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp, MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, R, m, P, NULL, NULL, rs_ctx ) ); } - cleanup: return( ret ); } @@ -3189,34 +2911,29 @@ int mbedtls_ecp_muladd_restartable( const mbedtls_mpi *n, const mbedtls_ecp_point *Q, mbedtls_ecp_restart_ctx *rs_ctx ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_ecp_point mP; mbedtls_ecp_point *pmP = &mP; mbedtls_ecp_point *pR = R; #if defined(MBEDTLS_ECP_INTERNAL_ALT) char is_grp_capable = 0; #endif - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( R != NULL ); - ECP_VALIDATE_RET( m != NULL ); - ECP_VALIDATE_RET( P != NULL ); - ECP_VALIDATE_RET( n != NULL ); - ECP_VALIDATE_RET( Q != NULL ); - + ECP_VALIDATE_RET( grp ); + ECP_VALIDATE_RET( R ); + ECP_VALIDATE_RET( m ); + ECP_VALIDATE_RET( P ); + ECP_VALIDATE_RET( n ); + ECP_VALIDATE_RET( Q ); if( mbedtls_ecp_get_type( grp ) != MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS ) return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); - mbedtls_ecp_point_init( &mP ); - ECP_RS_ENTER( ma ); - #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->ma != NULL ) + if( rs_ctx && rs_ctx->ma ) { /* redirect intermediate results to restart context */ pmP = &rs_ctx->ma->mP; pR = &rs_ctx->ma->R; - /* jump to next operation */ if( rs_ctx->ma->state == ecp_rsma_mul2 ) goto mul2; @@ -3226,53 +2943,42 @@ int mbedtls_ecp_muladd_restartable( goto norm; } #endif /* MBEDTLS_ECP_RESTARTABLE */ - MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, pmP, m, P, rs_ctx ) ); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->ma != NULL ) + if( rs_ctx && rs_ctx->ma ) rs_ctx->ma->state = ecp_rsma_mul2; - mul2: #endif MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, pR, n, Q, rs_ctx ) ); - #if defined(MBEDTLS_ECP_INTERNAL_ALT) if( ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) ) MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); #endif /* MBEDTLS_ECP_INTERNAL_ALT */ - #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->ma != NULL ) + if( rs_ctx && rs_ctx->ma ) rs_ctx->ma->state = ecp_rsma_add; - add: #endif MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_ADD ); MBEDTLS_MPI_CHK( ecp_add_mixed( grp, pR, pmP, pR ) ); #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->ma != NULL ) + if( rs_ctx && rs_ctx->ma ) rs_ctx->ma->state = ecp_rsma_norm; - norm: #endif MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV ); MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, pR ) ); - #if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->ma != NULL ) + if( rs_ctx && rs_ctx->ma ) MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, pR ) ); #endif - cleanup: #if defined(MBEDTLS_ECP_INTERNAL_ALT) if( is_grp_capable ) mbedtls_internal_ecp_free( grp ); #endif /* MBEDTLS_ECP_INTERNAL_ALT */ - mbedtls_ecp_point_free( &mP ); - ECP_RS_LEAVE( ma ); - return( ret ); } @@ -3312,15 +3018,15 @@ cleanup: * \return Another negative error code on other kinds of failure. */ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, - const mbedtls_mpi *m, const mbedtls_ecp_point *P, - const mbedtls_mpi *n, const mbedtls_ecp_point *Q ) + const mbedtls_mpi *m, const mbedtls_ecp_point *P, + const mbedtls_mpi *n, const mbedtls_ecp_point *Q ) { - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( R != NULL ); - ECP_VALIDATE_RET( m != NULL ); - ECP_VALIDATE_RET( P != NULL ); - ECP_VALIDATE_RET( n != NULL ); - ECP_VALIDATE_RET( Q != NULL ); + ECP_VALIDATE_RET( grp ); + ECP_VALIDATE_RET( R ); + ECP_VALIDATE_RET( m ); + ECP_VALIDATE_RET( P ); + ECP_VALIDATE_RET( n ); + ECP_VALIDATE_RET( Q ); return( mbedtls_ecp_muladd_restartable( grp, R, m, P, n, Q, NULL ) ); } #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ @@ -3370,13 +3076,11 @@ static int ecp_check_pubkey_mx( const mbedtls_ecp_group *grp, const mbedtls_ecp_ int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt ) { - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( pt != NULL ); - + ECP_VALIDATE_RET( grp ); + ECP_VALIDATE_RET( pt ); /* Must use affine coordinates */ - if( mbedtls_mpi_cmp_int( &pt->Z, 1 ) != 0 ) + if( !mbedtls_mpi_is_one( &pt->Z ) ) return( MBEDTLS_ERR_ECP_INVALID_KEY ); - #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) return( ecp_check_pubkey_mx( grp, pt ) ); @@ -3407,12 +3111,11 @@ int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, * private key for the given curve. * \return Another negative error code on other kinds of failure. */ -int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, - const mbedtls_mpi *d ) +noinline int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, + const mbedtls_mpi *d ) { - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( d != NULL ); - + ECP_VALIDATE_RET( grp ); + ECP_VALIDATE_RET( d ); #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) { @@ -3421,11 +3124,9 @@ int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, mbedtls_mpi_get_bit( d, 1 ) != 0 || mbedtls_mpi_bitlen( d ) - 1 != grp->nbits ) /* mbedtls_mpi_bitlen is one-based! */ return( MBEDTLS_ERR_ECP_INVALID_KEY ); - /* see [Curve25519] page 5 */ if( grp->nbits == 254 && mbedtls_mpi_get_bit( d, 2 ) != 0 ) return( MBEDTLS_ERR_ECP_INVALID_KEY ); - return( 0 ); } #endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ @@ -3440,7 +3141,6 @@ int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, return( 0 ); } #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); } @@ -3467,9 +3167,9 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp, int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; size_t n_size; - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( d != NULL ); - ECP_VALIDATE_RET( f_rng != NULL ); + ECP_VALIDATE_RET( grp ); + ECP_VALIDATE_RET( d ); + ECP_VALIDATE_RET( f_rng ); n_size = ( grp->nbits + 7 ) / 8; @@ -3577,21 +3277,19 @@ cleanup: * on failure. */ int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp, - const mbedtls_ecp_point *G, - mbedtls_mpi *d, mbedtls_ecp_point *Q, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) + const mbedtls_ecp_point *G, + mbedtls_mpi *d, mbedtls_ecp_point *Q, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( d != NULL ); - ECP_VALIDATE_RET( G != NULL ); - ECP_VALIDATE_RET( Q != NULL ); - ECP_VALIDATE_RET( f_rng != NULL ); - + int ret = MBEDTLS_ERR_THIS_CORRUPTION; + ECP_VALIDATE_RET( grp ); + ECP_VALIDATE_RET( d ); + ECP_VALIDATE_RET( G ); + ECP_VALIDATE_RET( Q ); + ECP_VALIDATE_RET( f_rng ); MBEDTLS_MPI_CHK( mbedtls_ecp_gen_privkey( grp, d, f_rng, p_rng ) ); MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, Q, d, G, f_rng, p_rng ) ); - cleanup: return( ret ); } @@ -3624,11 +3322,10 @@ int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( d != NULL ); - ECP_VALIDATE_RET( Q != NULL ); - ECP_VALIDATE_RET( f_rng != NULL ); - + ECP_VALIDATE_RET( grp ); + ECP_VALIDATE_RET( d ); + ECP_VALIDATE_RET( Q ); + ECP_VALIDATE_RET( f_rng ); return( mbedtls_ecp_gen_keypair_base( grp, &grp->G, d, Q, f_rng, p_rng ) ); } @@ -3648,13 +3345,11 @@ int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ECP_VALIDATE_RET( key != NULL ); - ECP_VALIDATE_RET( f_rng != NULL ); - + int ret = MBEDTLS_ERR_THIS_CORRUPTION; + ECP_VALIDATE_RET( key ); + ECP_VALIDATE_RET( f_rng ); if( ( ret = mbedtls_ecp_group_load( &key->grp, grp_id ) ) != 0 ) return( ret ); - return( mbedtls_ecp_gen_keypair( &key->grp, &key->d, &key->Q, f_rng, p_rng ) ); } @@ -3683,8 +3378,8 @@ int mbedtls_ecp_read_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, { int ret = 0; - ECP_VALIDATE_RET( key != NULL ); - ECP_VALIDATE_RET( buf != NULL ); + ECP_VALIDATE_RET( key ); + ECP_VALIDATE_RET( buf ); if( ( ret = mbedtls_ecp_group_load( &key->grp, grp_id ) ) != 0 ) return( ret ); @@ -3764,8 +3459,8 @@ int mbedtls_ecp_write_key( mbedtls_ecp_keypair *key, { int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; - ECP_VALIDATE_RET( key != NULL ); - ECP_VALIDATE_RET( buf != NULL ); + ECP_VALIDATE_RET( key ); + ECP_VALIDATE_RET( buf ); #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) @@ -3811,13 +3506,14 @@ cleanup: * \return An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX * error code on calculation failure. */ -int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv ) +int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, + const mbedtls_ecp_keypair *prv ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_ecp_point Q; mbedtls_ecp_group grp; - ECP_VALIDATE_RET( pub != NULL ); - ECP_VALIDATE_RET( prv != NULL ); + ECP_VALIDATE_RET( pub ); + ECP_VALIDATE_RET( prv ); if( pub->grp.id == MBEDTLS_ECP_DP_NONE || pub->grp.id != prv->grp.id || @@ -3956,7 +3652,7 @@ cleanup: */ int mbedtls_ecp_self_test( int verbose ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_ecp_group grp; mbedtls_ecp_point R, P; mbedtls_mpi m; @@ -4068,3 +3764,23 @@ cleanup: #endif /* !MBEDTLS_ECP_ALT */ #endif /* MBEDTLS_ECP_C */ + +/** + * \brief This function sets a point to the point at infinity. + * + * \param pt The point to set. This must be initialized. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure. + * \return Another negative error code on other kinds of failure. + */ +int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt ) +{ + int ret = MBEDTLS_ERR_THIS_CORRUPTION; + ECP_VALIDATE_RET( pt ); + MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->X , 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Y , 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z , 0 ) ); +cleanup: + return( ret ); +} diff --git a/third_party/mbedtls/ecp.h b/third_party/mbedtls/ecp.h index 52cf1d57b..ff310d3e6 100644 --- a/third_party/mbedtls/ecp.h +++ b/third_party/mbedtls/ecp.h @@ -1,5 +1,6 @@ #ifndef COSMOPOLITAN_THIRD_PARTY_MBEDTLS_ECP_H_ #define COSMOPOLITAN_THIRD_PARTY_MBEDTLS_ECP_H_ +#include "libc/log/backtrace.internal.h" #include "third_party/mbedtls/bignum.h" #include "third_party/mbedtls/config.h" COSMOPOLITAN_C_START_ @@ -350,6 +351,7 @@ int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *, mbedtls_ecp_point *, int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *, size_t *, unsigned char *, size_t ); int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *, const mbedtls_ecp_point *, int, size_t *, unsigned char *, size_t ); int mbedtls_ecp_write_key( mbedtls_ecp_keypair *, unsigned char *, size_t ); +int mbedtls_mpi_shift_l_mod( const mbedtls_ecp_group *, mbedtls_mpi * ); mbedtls_ecp_curve_type mbedtls_ecp_get_type( const mbedtls_ecp_group * ); void mbedtls_ecp_group_free( mbedtls_ecp_group * ); void mbedtls_ecp_group_init( mbedtls_ecp_group * ); @@ -361,5 +363,8 @@ void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx * ); void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx * ); void mbedtls_ecp_set_max_ops( unsigned ); +int ecp_mod_p256(mbedtls_mpi *); +int ecp_mod_p384(mbedtls_mpi *); + COSMOPOLITAN_C_END_ #endif /* COSMOPOLITAN_THIRD_PARTY_MBEDTLS_ECP_H_ */ diff --git a/third_party/mbedtls/ecp256.c b/third_party/mbedtls/ecp256.c new file mode 100644 index 000000000..d2e4c1f65 --- /dev/null +++ b/third_party/mbedtls/ecp256.c @@ -0,0 +1,673 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ │ +│ Permission to use, copy, modify, and/or distribute this software for │ +│ any purpose with or without fee is hereby granted, provided that the │ +│ above copyright notice and this permission notice appear in all copies. │ +│ │ +│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ +│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ +│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ +│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ +│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ +│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ +│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ +│ PERFORMANCE OF THIS SOFTWARE. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/log/check.h" +#include "libc/nexgen32e/x86feature.h" +#include "libc/runtime/gc.internal.h" +#include "libc/runtime/runtime.h" +#include "third_party/mbedtls/bignum_internal.h" +#include "third_party/mbedtls/ecp.h" +#include "third_party/mbedtls/ecp_internal.h" +#include "third_party/mbedtls/error.h" +#include "third_party/mbedtls/math.h" +#include "third_party/mbedtls/profile.h" +#include "third_party/mbedtls/traceme.h" +/* clang-format off */ + +static inline bool +mbedtls_p256_isz( uint64_t p[4] ) +{ + return( !p[0] & !p[1] & !p[2] & !p[3] ); +} + +static inline bool +mbedtls_p256_gte( uint64_t p[5] ) +{ + return( (p[4] || + p[3] > 0xffffffff00000001 || + (p[3] == 0xffffffff00000001 && + p[2] > 0x0000000000000000 || + (p[2] == 0x0000000000000000 && + p[1] > 0x00000000ffffffff || + (p[1] == 0x00000000ffffffff && + p[0] > 0xffffffffffffffff || + (p[0] == 0xffffffffffffffff))))) ); +} + +static int +mbedtls_p256_cmp( const uint64_t a[5], + const uint64_t b[5] ) +{ + if( a[4] < b[4] ) return -1; + if( a[4] > b[4] ) return 1; + if( a[3] < b[3] ) return -1; + if( a[3] > b[3] ) return 1; + if( a[2] < b[2] ) return -1; + if( a[2] > b[2] ) return 1; + if( a[1] < b[1] ) return -1; + if( a[1] > b[1] ) return 1; + if( a[0] < b[0] ) return -1; + if( a[0] > b[0] ) return 1; + return 0; +} + +static inline void +mbedtls_p256_red( uint64_t p[5] ) +{ +#if defined(__x86_64__) && !defined(__STRICT_ANSI__) + asm("subq\t%1,%0\n\t" + "sbbq\t%2,8+%0\n\t" + "sbbq\t%3,16+%0\n\t" + "sbbq\t%4,24+%0\n\t" + "sbbq\t$0,32+%0" + : "+o"(*p) + : "i"(0xffffffffffffffffl), "r"(0x00000000ffffffffl), + "i"(0x0000000000000000l), "r"(0xffffffff00000001l) + : "memory", "cc"); +#else + uint64_t c; + SBB( p[0], p[0], 0xffffffffffffffff, 0, c ); + SBB( p[1], p[1], 0x00000000ffffffff, c, c ); + SBB( p[2], p[2], 0x0000000000000000, c, c ); + SBB( p[3], p[3], 0xffffffff00000001, c, c ); + SBB( p[4], p[4], 0, c, c ); +#endif +} + +static noinline void +mbedtls_p256_gro( uint64_t p[5] ) +{ +#if defined(__x86_64__) && !defined(__STRICT_ANSI__) + asm("addq\t%1,%0\n\t" + "adcq\t%2,8+%0\n\t" + "adcq\t%3,16+%0\n\t" + "adcq\t%4,24+%0\n\t" + "adcq\t$0,32+%0" + : "+o"(*p) + : "i"(0xffffffffffffffffl), "r"(0x00000000ffffffffl), + "i"(0x0000000000000000l), "r"(0xffffffff00000001l) + : "memory", "cc"); +#else + uint64_t c; + ADC( p[0], p[0], 0xffffffffffffffff, 0, c ); + ADC( p[1], p[1], 0x00000000ffffffff, c, c ); + ADC( p[2], p[2], 0x0000000000000000, c, c ); + ADC( p[3], p[3], 0xffffffff00000001, c, c ); + ADC( p[4], p[4], 0, c, c ); +#endif +} + +static void +mbedtls_p256_rum( uint64_t p[5] ) +{ + while( mbedtls_p256_gte( p ) ) + mbedtls_p256_red( p ); +} + +static inline void +mbedtls_p256_sar( uint64_t p[5] ) +{ +#if defined(__x86_64__) && !defined(__STRICT_ANSI__) + asm("sarq\t32+%0\n\t" + "rcrq\t24+%0\n\t" + "rcrq\t16+%0\n\t" + "rcrq\t8+%0\n\t" + "rcrq\t%0\n\t" + : "+o"(*p) + : /* no inputs */ + : "memory", "cc"); +#else + p[0] = p[0] >> 1 | p[1] << 63; + p[1] = p[1] >> 1 | p[2] << 63; + p[2] = p[2] >> 1 | p[3] << 63; + p[3] = p[3] >> 1 | p[4] << 63; + p[4] = (int64_t)p[4] >> 1; +#endif +} + +static inline void +mbedtls_p256_shl( uint64_t p[5] ) +{ +#if defined(__x86_64__) && !defined(__STRICT_ANSI__) + asm("shlq\t%0\n\t" + "rclq\t8+%0\n\t" + "rclq\t16+%0\n\t" + "rclq\t24+%0\n\t" + "rclq\t32+%0\n\t" + : "+o"(*p) + : /* no inputs */ + : "memory", "cc"); +#else + p[4] = p[3] >> 63; + p[3] = p[3] << 1 | p[2] >> 63; + p[2] = p[2] << 1 | p[1] >> 63; + p[1] = p[1] << 1 | p[0] >> 63; + p[0] = p[0] << 1; +#endif + mbedtls_p256_rum( p ); +} + +static inline void +mbedtls_p256_jam( uint64_t p[5] ) +{ + secp256r1( p ); + if( (int64_t)p[4] < 0 ) + do + mbedtls_p256_gro( p ); + while( (int64_t)p[4] < 0 ); + else + mbedtls_p256_rum( p ); +} + +static void +mbedtls_p256_mul_1x1( uint64_t X[8], + const uint64_t A[4], size_t n, + const uint64_t B[4], size_t m ) +{ + uint128_t t; + t = A[0]; + t *= B[0]; + X[ 0] = t; + X[ 1] = t >> 64; + X[ 2] = 0; + X[ 3] = 0; + X[ 4] = 0; + X[ 5] = 0; + X[ 6] = 0; + X[ 7] = 0; +} + +static void +mbedtls_p256_mul_nx1( uint64_t X[8], + const uint64_t A[4], size_t n, + const uint64_t B[4], size_t m ) +{ + mbedtls_mpi_mul_hlp1(n, A, X, B[0]); + mbedtls_platform_zeroize( X + n + m, ( 8 - n - m ) * 8 ); + if ( n + m >= 4 ) + mbedtls_p256_jam( X ); +} + +static void +mbedtls_p256_mul_4x4( uint64_t X[8], + const uint64_t A[4], size_t n, + const uint64_t B[4], size_t m ) +{ + Mul4x4( X, A, B ); + mbedtls_p256_jam( X ); +} + +static void +mbedtls_p256_mul_nxm( uint64_t X[8], + const uint64_t A[4], size_t n, + const uint64_t B[4], size_t m ) +{ + if (A == X) A = gc(memcpy(malloc(4 * 8), A, 4 * 8)); + if (B == X) B = gc(memcpy(malloc(4 * 8), B, 4 * 8)); + Mul( X, A, n, B, m ); + mbedtls_platform_zeroize( X + n + m, (8 - n - m) * 8 ); + if ( n + m >= 4 ) + mbedtls_p256_jam( X ); +} + +static void +mbedtls_p256_mul( uint64_t X[8], + const uint64_t A[4], size_t n, + const uint64_t B[4], size_t m ) +{ + if( n == 4 && m == 4 ) + mbedtls_p256_mul_4x4( X, A, n, B, m ); + else if( m == 1 && n == 1 ) + mbedtls_p256_mul_1x1( X, A, n, B, m ); + else if( m == 1 ) + mbedtls_p256_mul_nx1( X, A, n, B, m ); + else + mbedtls_p256_mul_nxm( X, A, n, B, m ); +} + +static void +mbedtls_p256_add( uint64_t X[5], + const uint64_t A[4], + const uint64_t B[4] ) +{ +#if defined(__x86_64__) && !defined(__STRICT_ANSI__) + asm("xor\t%%rcx,%%rcx\n\t" + "mov\t%1,%%rax\n\t" + "add\t%2,%%rax\n\t" + "mov\t%%rax,%0\n\t" + "mov\t8+%1,%%rax\n\t" + "adc\t8+%2,%%rax\n\t" + "mov\t%%rax,8+%0\n\t" + "mov\t16+%1,%%rax\n\t" + "adc\t16+%2,%%rax\n\t" + "mov\t%%rax,16+%0\n\t" + "mov\t24+%1,%%rax\n\t" + "adc\t24+%2,%%rax\n\t" + "mov\t%%rax,24+%0\n\t" + "adc\t$0,%%rcx\n\t" + "mov\t%%rcx,32+%0" + : "+o"(*X) + : "o"(*A), "o"(*B) + : "rax", "rcx", "memory", "cc"); +#else + uint64_t c; + ADC( X[0], A[0], B[0], 0, c ); + ADC( X[1], A[1], B[1], c, c ); + ADC( X[2], A[2], B[2], c, c ); + ADC( X[3], A[3], B[3], c, X[4] ); +#endif + mbedtls_p256_rum( X ); + DCHECK_EQ( 0, X[4] ); +} + +static void +mbedtls_p256_sub( uint64_t X[5], + const uint64_t A[4], + const uint64_t B[4] ) +{ +#if defined(__x86_64__) && !defined(__STRICT_ANSI__) + asm("xor\t%%rcx,%%rcx\n\t" + "mov\t%1,%%rax\n\t" + "sub\t%2,%%rax\n\t" + "mov\t%%rax,%0\n\t" + "mov\t8+%1,%%rax\n\t" + "sbb\t8+%2,%%rax\n\t" + "mov\t%%rax,8+%0\n\t" + "mov\t16+%1,%%rax\n\t" + "sbb\t16+%2,%%rax\n\t" + "mov\t%%rax,16+%0\n\t" + "mov\t24+%1,%%rax\n\t" + "sbb\t24+%2,%%rax\n\t" + "mov\t%%rax,24+%0\n\t" + "sbb\t$0,%%rcx\n\t" + "mov\t%%rcx,32+%0" + : "+o"(*X) + : "o"(*A), "o"(*B) + : "rax", "rcx", "memory", "cc"); +#else + uint64_t c; + SBB( X[0], A[0], B[0], 0, c ); + SBB( X[1], A[1], B[1], c, c ); + SBB( X[2], A[2], B[2], c, c ); + SBB( X[3], A[3], B[3], c, c ); + X[4] = -c; +#endif + while( (int64_t)X[4] < 0 ) + mbedtls_p256_gro( X ); + DCHECK_EQ( 0, X[4] ); +} + +static void +mbedtls_p256_hub( uint64_t A[5], + const uint64_t B[4] ) +{ +#if defined(__x86_64__) && !defined(__STRICT_ANSI__) + asm("xor\t%%rcx,%%rcx\n\t" + "mov\t%1,%%rax\n\t" + "sub\t%%rax,%0\n\t" + "mov\t8+%1,%%rax\n\t" + "sbb\t%%rax,8+%0\n\t" + "mov\t16+%1,%%rax\n\t" + "sbb\t%%rax,16+%0\n\t" + "mov\t24+%1,%%rax\n\t" + "sbb\t%%rax,24+%0\n\t" + "sbb\t$0,%%rcx\n\t" + "mov\t%%rcx,32+%0" + : "+o"(*A) + : "o"(*B) + : "rax", "rcx", "memory", "cc"); + while( (int64_t)A[4] < 0 ) + mbedtls_p256_gro( A ); + DCHECK_EQ( 0, A[4] ); +#else + mbedtls_p256_sub( A, A, B ); +#endif +} + +static inline void +mbedtls_p256_cop( uint64_t X[4], + const uint64_t Y[4] ) +{ + memcpy( X, Y, 4 * 8 ); +} + +static int +mbedtls_p256_dim( mbedtls_ecp_point *R ) +{ + int ret; + if( R->X.n < 4 && ( ret = mbedtls_mpi_grow( &R->X, 4 ) ) ) return ret; + if( R->Y.n < 4 && ( ret = mbedtls_mpi_grow( &R->Y, 4 ) ) ) return ret; + if( R->Z.n < 4 && ( ret = mbedtls_mpi_grow( &R->Z, 4 ) ) ) return ret; + return 0; +} + +int mbedtls_p256_double_jac( const mbedtls_ecp_group *G, + const mbedtls_ecp_point *P, + mbedtls_ecp_point *R ) +{ + int ret; + struct { + uint64_t X[4], Y[4], Z[4]; + uint64_t M[8], S[8], T[8], U[8]; + size_t Xn, Yn, Zn; + } s; + MBEDTLS_ASSERT( G->A.p == 0 ); + MBEDTLS_ASSERT( P->X.s == 1 ); + MBEDTLS_ASSERT( P->Y.s == 1 ); + MBEDTLS_ASSERT( P->Z.s == 1 ); + MBEDTLS_ASSERT( G->P.p[0] == 0xffffffffffffffff ); + MBEDTLS_ASSERT( G->P.p[1] == 0x00000000ffffffff ); + MBEDTLS_ASSERT( G->P.p[2] == 0x0000000000000000 ); + MBEDTLS_ASSERT( G->P.p[3] == 0xffffffff00000001 ); + if ( ( ret = mbedtls_p256_dim( R ) ) ) return ret; + mbedtls_platform_zeroize(&s, sizeof(s)); + s.Xn = mbedtls_mpi_limbs( &P->X ); + s.Yn = mbedtls_mpi_limbs( &P->Y ); + s.Zn = mbedtls_mpi_limbs( &P->Z ); + CHECK_LE( s.Xn, 4 ); + CHECK_LE( s.Yn, 4 ); + CHECK_LE( s.Zn, 4 ); + memcpy( s.X, P->X.p, s.Xn * 8 ); + memcpy( s.Y, P->Y.p, s.Yn * 8 ); + memcpy( s.Z, P->Z.p, s.Zn * 8 ); + mbedtls_p256_mul( s.S, s.Z, s.Zn, s.Z, s.Zn ); + mbedtls_p256_add( s.T, s.X, s.S ); + mbedtls_p256_sub( s.U, s.X, s.S ); + mbedtls_p256_mul( s.S, s.T, 4, s.U, 4 ); + mbedtls_mpi_mul_hlp1( 4, s.S, s.M, 3 ); + mbedtls_p256_rum( s.M ); + mbedtls_p256_mul( s.T, s.Y, s.Yn, s.Y, s.Yn ); + mbedtls_p256_shl( s.T ); + mbedtls_p256_mul( s.S, s.X, s.Xn, s.T, 4 ); + mbedtls_p256_shl( s.S ); + mbedtls_p256_mul( s.U, s.T, 4, s.T, 4 ); + mbedtls_p256_shl( s.U ); + mbedtls_p256_mul( s.T, s.M, 4, s.M, 4 ); + mbedtls_p256_hub( s.T, s.S ); + mbedtls_p256_hub( s.T, s.S ); + mbedtls_p256_hub( s.S, s.T ); + mbedtls_p256_mul( s.S, s.S, 4, s.M, 4 ); + mbedtls_p256_hub( s.S, s.U ); + mbedtls_p256_mul( s.U, s.Y, s.Yn, s.Z, s.Zn ); + mbedtls_p256_shl( s.U ); + mbedtls_p256_cop( R->X.p, s.T ); + mbedtls_p256_cop( R->Y.p, s.S ); + mbedtls_p256_cop( R->Z.p, s.U ); + mbedtls_platform_zeroize( &s, sizeof(s) ); + return 0; +} + +int mbedtls_p256_add_mixed( const mbedtls_ecp_group *G, + const mbedtls_ecp_point *P, + const mbedtls_ecp_point *Q, + mbedtls_ecp_point *R ) +{ + int ret; + struct { + uint64_t X[8], Y[8], Z[8]; + uint64_t T1[8], T2[8], T3[8], T4[8]; + size_t Xn, Yn, Zn, QXn, QYn; + } s; + MBEDTLS_ASSERT( P->X.s == 1 ); + MBEDTLS_ASSERT( P->Y.s == 1 ); + MBEDTLS_ASSERT( P->Z.s == 1 ); + MBEDTLS_ASSERT( Q->X.s == 1 ); + MBEDTLS_ASSERT( Q->Y.s == 1 ); + if ( ( ret = mbedtls_p256_dim( R ) ) ) return ret; + mbedtls_platform_zeroize(&s, sizeof(s)); + s.Xn = mbedtls_mpi_limbs( &P->X ); + s.Yn = mbedtls_mpi_limbs( &P->Y ); + s.Zn = mbedtls_mpi_limbs( &P->Z ); + s.QXn = mbedtls_mpi_limbs( &Q->X ); + s.QYn = mbedtls_mpi_limbs( &Q->Y ); + CHECK_LE( s.Xn, 4 ); + CHECK_LE( s.Yn, 4 ); + CHECK_LE( s.Zn, 4 ); + CHECK_LE( s.QXn, 4 ); + CHECK_LE( s.QYn, 4 ); + memcpy( s.X, P->X.p, s.Xn * 8 ); + memcpy( s.Y, P->Y.p, s.Yn * 8 ); + memcpy( s.Z, P->Z.p, s.Zn * 8 ); + mbedtls_p256_mul( s.T1, s.Z, s.Zn, s.Z, s.Zn ); + mbedtls_p256_mul( s.T2, s.T1, 4, s.Z, s.Zn ); + mbedtls_p256_mul( s.T1, s.T1, 4, Q->X.p, s.QXn ); + mbedtls_p256_mul( s.T2, s.T2, 4, Q->Y.p, s.QYn ); + mbedtls_p256_hub( s.T1, s.X ); + mbedtls_p256_hub( s.T2, s.Y ); + if( mbedtls_p256_isz( s.T1 ) ) + { + if( mbedtls_p256_isz( s.T2 ) ) + return mbedtls_p256_double_jac( G, P, R ); + else + return mbedtls_ecp_set_zero( R ); + } + mbedtls_p256_mul( s.Z, s.Z, s.Zn, s.T1, 4 ); + mbedtls_p256_mul( s.T3, s.T1, 4, s.T1, 4 ); + mbedtls_p256_mul( s.T4, s.T3, 4, s.T1, 4 ); + mbedtls_p256_mul( s.T3, s.T3, 4, s.X, s.Xn ); + mbedtls_p256_cop( s.T1, s.T3 ); + mbedtls_p256_shl( s.T1 ); + mbedtls_p256_mul( s.X, s.T2, 4, s.T2, 4 ); + mbedtls_p256_hub( s.X, s.T1 ); + mbedtls_p256_hub( s.X, s.T4 ); + mbedtls_p256_hub( s.T3, s.X ); + mbedtls_p256_mul( s.T3, s.T3, 4, s.T2, 4 ); + mbedtls_p256_mul( s.T4, s.T4, 4, s.Y, s.Yn ); + mbedtls_p256_sub( s.Y, s.T3, s.T4 ); + mbedtls_p256_cop( R->X.p, s.X ); + mbedtls_p256_cop( R->Y.p, s.Y ); + mbedtls_p256_cop( R->Z.p, s.Z ); + mbedtls_platform_zeroize(&s, sizeof(s)); + return 0; +} + +static int mbedtls_p256_inv(mbedtls_mpi *X, + const mbedtls_mpi *A, + const mbedtls_mpi *B) +{ + int ret = MBEDTLS_ERR_THIS_CORRUPTION; + mbedtls_mpi G, TA, TU, U1, U2, TB, TV, V1, V2; + MBEDTLS_ASSERT( A->s == 1 ); + MBEDTLS_ASSERT( B->s == 1 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs(X) <= 4 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs(A) <= 4 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs(B) <= 4 ); + MBEDTLS_ASSERT( mbedtls_mpi_cmp_int(B, 1) > 0 ); + mbedtls_mpi_init( &TA ); + mbedtls_mpi_init( &TU ); + mbedtls_mpi_init( &U1 ); + mbedtls_mpi_init( &U2 ); + mbedtls_mpi_init( &G ); + mbedtls_mpi_init( &TB ); + mbedtls_mpi_init( &TV ); + mbedtls_mpi_init( &V1 ); + mbedtls_mpi_init( &V2 ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &TA, 5 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &TU, 5 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &U1, 5 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &U2, 5 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &G, 5 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &TB, 5 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &TV, 5 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &V1, 5 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &V2, 5 ) ); + MBEDTLS_MPI_CHK(mbedtls_mpi_gcd( &G, A, B )); + if (!mbedtls_mpi_is_one( &G )) + { + ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE; + goto cleanup; + } + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &TA, A, B ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TU, &TA ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TV, B ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &U1, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &U2, 0 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &V1, 0 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &V2, 1 ) ); + do + { + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &TU ) <= 5 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &U1 ) <= 5 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &U2 ) <= 5 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &TV ) <= 5 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &V2 ) <= 5 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &V1 ) <= 5 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &G ) <= 5 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &TA ) <= 5 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &TB ) <= 5 ); + while (!(TU.p[0] & 1)) + { + mbedtls_p256_sar(TU.p); + if ((U1.p[0] & 1) || (U2.p[0] & 1)) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi(&U1, &U1, &TB) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi(&U2, &U2, &TA) ); + } + mbedtls_p256_sar(U1.p); + mbedtls_p256_sar(U2.p); + } + while (!(TV.p[0] & 1)) + { + mbedtls_p256_sar(TV.p); + if ((V1.p[0] & 1) || (V2.p[0] & 1)) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi(&V1, &V1, &TB) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi(&V2, &V2, &TA) ); + } + mbedtls_p256_sar( V1.p ); + mbedtls_p256_sar( V2.p ); + } + if (mbedtls_mpi_cmp_mpi( &TU, &TV ) >= 0) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &TU, &TU, &TV ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U1, &U1, &V1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U2, &U2, &V2 ) ); + } + else + { + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &TV, &TV, &TU ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V1, &V1, &U1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V2, &V2, &U2 ) ); + } + } while ( TU.p[0] | TU.p[1] | TU.p[2] | TU.p[3] ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &TU ) <= 5 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &U1 ) <= 5 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &U2 ) <= 5 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &TV ) <= 5 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &V2 ) <= 5 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &V1 ) <= 5 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &G ) <= 5 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &TA ) <= 5 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &TB ) <= 5 ); + while (V1.s < 0) + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi( &V1, &V1, B )); + while (mbedtls_mpi_cmp_mpi( &V1, B ) >= 0) + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi( &V1, &V1, B )); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &V1 ) ); +cleanup: + mbedtls_mpi_free( &TA ); + mbedtls_mpi_free( &TU ); + mbedtls_mpi_free( &U1 ); + mbedtls_mpi_free( &U2 ); + mbedtls_mpi_free( &G ); + mbedtls_mpi_free( &TB ); + mbedtls_mpi_free( &TV ); + mbedtls_mpi_free( &V1 ); + mbedtls_mpi_free( &V2 ); + return ret; +} + +int mbedtls_p256_normalize_jac_many( const mbedtls_ecp_group *grp, + mbedtls_ecp_point *T[], size_t T_size ) +{ + int ret = MBEDTLS_ERR_THIS_CORRUPTION; + size_t i; + uint64_t ta[8]; + mbedtls_mpi *c, u, Zi, ZZi; + if( !( c = mbedtls_calloc( T_size, sizeof( mbedtls_mpi ) ) ) ) + return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); + mbedtls_mpi_init( &u ); + mbedtls_mpi_init( &Zi ); + mbedtls_mpi_init( &ZZi ); + for( i = 0; i < T_size; i++ ) + { + CHECK_EQ( 4, T[i]->X.n ); + CHECK_EQ( 4, T[i]->Y.n ); + CHECK_EQ( 4, T[i]->Z.n ); + mbedtls_mpi_init( c + i ); + } + for( i = 0; i < T_size; i++ ) + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( c + i, 8 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &u, 8 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &Zi, 8 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &ZZi, 8 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( c, &T[0]->Z ) ); + for( i = 1; i < T_size; i++ ) + mbedtls_p256_mul( c[i].p, c[i-1].p, 4, T[i]->Z.p, 4 ); + /* mbedtls_mpi_inv_mod( &u, &c[T_size-1], &grp->P ); */ + MBEDTLS_MPI_CHK( mbedtls_p256_inv( &u, c + T_size - 1, &grp->P ) ); + for( i = T_size - 1; ; i-- ) + { + if( !i ) + memcpy( Zi.p, u.p, 4 * 8 ); + else + { + mbedtls_p256_mul( Zi.p, u.p, 4, c[i-1].p, 4 ); + mbedtls_p256_mul( u.p, u.p, 4, T[i]->Z.p, 4 ); + } + mbedtls_p256_mul( ZZi.p, Zi.p, 4, Zi.p, 4 ); + mbedtls_p256_mul( ta, T[i]->X.p, 4, ZZi.p, 4 ); + memcpy( T[i]->X.p, ta, 4 * 8 ); + mbedtls_p256_mul( ta, T[i]->Y.p, 4, ZZi.p, 4 ); + mbedtls_p256_mul( ta, ta, 4, Zi.p, 4 ); + memcpy( T[i]->Y.p, ta, 4 * 8 ); + mbedtls_mpi_free( &T[i]->Z ); + if( !i ) break; + } +cleanup: + mbedtls_platform_zeroize( ta, sizeof(ta) ); + for( i = 0; i < T_size; i++ ) + mbedtls_mpi_free( c + i ); + mbedtls_mpi_free( &ZZi ); + mbedtls_mpi_free( &Zi ); + mbedtls_mpi_free( &u ); + mbedtls_free( c ); + return( ret ); +} + +int mbedtls_p256_normalize_jac( const mbedtls_ecp_group *grp, + mbedtls_ecp_point *pt ) +{ + int ret = MBEDTLS_ERR_THIS_CORRUPTION; + mbedtls_mpi Zi, ZZi; + mbedtls_mpi_init( &Zi ); + mbedtls_mpi_init( &ZZi ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &Zi, 8 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &ZZi, 8 ) ); + mbedtls_p256_inv( &Zi, &pt->Z, &grp->P ); + mbedtls_p256_mul( ZZi.p, Zi.p, 4, Zi.p, 4 ); + mbedtls_p256_mul( pt->X.p, pt->X.p, 4, ZZi.p, 4 ); + mbedtls_p256_mul( pt->Y.p, pt->Y.p, 4, ZZi.p, 4 ); + mbedtls_p256_mul( pt->Y.p, pt->Y.p, 4, Zi.p, 4 ); + mbedtls_mpi_lset( &pt->Z, 1 ); +cleanup: + mbedtls_mpi_free( &ZZi ); + mbedtls_mpi_free( &Zi ); + return( ret ); +} diff --git a/third_party/mbedtls/ecp384.c b/third_party/mbedtls/ecp384.c new file mode 100644 index 000000000..d4421f22f --- /dev/null +++ b/third_party/mbedtls/ecp384.c @@ -0,0 +1,701 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ │ +│ Permission to use, copy, modify, and/or distribute this software for │ +│ any purpose with or without fee is hereby granted, provided that the │ +│ above copyright notice and this permission notice appear in all copies. │ +│ │ +│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ +│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ +│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ +│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ +│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ +│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ +│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ +│ PERFORMANCE OF THIS SOFTWARE. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/log/check.h" +#include "libc/nexgen32e/x86feature.h" +#include "libc/runtime/gc.internal.h" +#include "libc/runtime/runtime.h" +#include "third_party/mbedtls/bignum_internal.h" +#include "third_party/mbedtls/ecp.h" +#include "third_party/mbedtls/ecp_internal.h" +#include "third_party/mbedtls/error.h" +#include "third_party/mbedtls/math.h" +#include "third_party/mbedtls/profile.h" +#include "third_party/mbedtls/traceme.h" +/* clang-format off */ + +static inline bool +mbedtls_p384_isz( uint64_t p[6] ) +{ + return( !p[0] & !p[1] & !p[2] & !p[3] & !p[4] & !p[5] ); +} + +static inline bool +mbedtls_p384_gte( uint64_t p[7] ) +{ + return( (p[6] || + p[5] > 0xffffffffffffffff || + (p[5] == 0xffffffffffffffff && + p[4] > 0xffffffffffffffff || + (p[4] == 0xffffffffffffffff && + p[3] > 0xffffffffffffffff || + (p[3] == 0xffffffffffffffff && + p[2] > 0xfffffffffffffffe || + (p[2] == 0xfffffffffffffffe && + p[1] > 0xffffffff00000000 || + (p[1] == 0xffffffff00000000 && + p[0] > 0x00000000ffffffff || + (p[0] == 0x00000000ffffffff))))))) ); +} + +static int +mbedtls_p384_cmp( const uint64_t a[7], + const uint64_t b[7] ) +{ + if( a[6] < b[6] ) return -1; + if( a[6] > b[6] ) return 1; + if( a[5] < b[5] ) return -1; + if( a[5] > b[5] ) return 1; + if( a[4] < b[4] ) return -1; + if( a[4] > b[4] ) return 1; + if( a[3] < b[3] ) return -1; + if( a[3] > b[3] ) return 1; + if( a[2] < b[2] ) return -1; + if( a[2] > b[2] ) return 1; + if( a[1] < b[1] ) return -1; + if( a[1] > b[1] ) return 1; + if( a[0] < b[0] ) return -1; + if( a[0] > b[0] ) return 1; + return 0; +} + +static inline void +mbedtls_p384_red( uint64_t p[7] ) +{ +#if defined(__x86_64__) && !defined(__STRICT_ANSI__) + asm("subq\t%1,%0\n\t" + "sbbq\t%2,8+%0\n\t" + "sbbq\t%3,16+%0\n\t" + "sbbq\t%4,24+%0\n\t" + "sbbq\t%4,32+%0\n\t" + "sbbq\t%4,40+%0\n\t" + "sbbq\t$0,48+%0" + : "+o"(*p) + : "r"(0x00000000ffffffffl), "r"(0xffffffff00000000), + "i"(0xfffffffffffffffel), "i"(0xffffffffffffffff) + : "memory", "cc"); +#else + uint64_t c; + SBB( p[0], p[0], 0x00000000ffffffff, 0, c ); + SBB( p[1], p[1], 0xffffffff00000000, c, c ); + SBB( p[2], p[2], 0xfffffffffffffffe, c, c ); + SBB( p[3], p[3], 0xffffffffffffffff, c, c ); + SBB( p[4], p[4], 0xffffffffffffffff, c, c ); + SBB( p[5], p[5], 0xffffffffffffffff, c, c ); + SBB( p[6], p[6], 0, c, c ); +#endif +} + +static noinline void +mbedtls_p384_gro( uint64_t p[7] ) +{ +#if defined(__x86_64__) && !defined(__STRICT_ANSI__) + asm("addq\t%1,%0\n\t" + "adcq\t%2,8+%0\n\t" + "adcq\t%3,16+%0\n\t" + "adcq\t%4,24+%0\n\t" + "adcq\t%4,32+%0\n\t" + "adcq\t%4,40+%0\n\t" + "adcq\t$0,48+%0" + : "+o"(*p) + : "r"(0x00000000ffffffffl), "r"(0xffffffff00000000), + "i"(0xfffffffffffffffel), "i"(0xffffffffffffffff) + : "memory", "cc"); +#else + uint64_t c; + ADC( p[0], p[0], 0x00000000ffffffff, 0, c ); + ADC( p[1], p[1], 0xffffffff00000000, c, c ); + ADC( p[2], p[2], 0xfffffffffffffffe, c, c ); + ADC( p[3], p[3], 0xffffffffffffffff, c, c ); + ADC( p[4], p[4], 0xffffffffffffffff, c, c ); + ADC( p[5], p[5], 0xffffffffffffffff, c, c ); + ADC( p[6], p[6], 0, c, c ); +#endif +} + +static void +mbedtls_p384_rum( uint64_t p[7] ) +{ + while( mbedtls_p384_gte( p ) ) + mbedtls_p384_red( p ); +} + +static inline void +mbedtls_p384_sar( uint64_t p[7] ) +{ +#if defined(__x86_64__) && !defined(__STRICT_ANSI__) + asm("sarq\t48+%0\n\t" + "rcrq\t40+%0\n\t" + "rcrq\t32+%0\n\t" + "rcrq\t24+%0\n\t" + "rcrq\t16+%0\n\t" + "rcrq\t8+%0\n\t" + "rcrq\t%0\n\t" + : "+o"(*p) + : /* no inputs */ + : "memory", "cc"); +#else + p[0] = p[0] >> 1 | p[1] << 63; + p[1] = p[1] >> 1 | p[2] << 63; + p[2] = p[2] >> 1 | p[3] << 63; + p[3] = p[3] >> 1 | p[4] << 63; + p[4] = p[4] >> 1 | p[5] << 63; + p[5] = p[5] >> 1 | p[6] << 63; + p[6] = (int64_t)p[6] >> 1; +#endif +} + +static inline void +mbedtls_p384_shl( uint64_t p[7] ) +{ +#if defined(__x86_64__) && !defined(__STRICT_ANSI__) + asm("shlq\t%0\n\t" + "rclq\t8+%0\n\t" + "rclq\t16+%0\n\t" + "rclq\t24+%0\n\t" + "rclq\t32+%0\n\t" + "rclq\t40+%0\n\t" + "rclq\t48+%0\n\t" + : "+o"(*p) + : /* no inputs */ + : "memory", "cc"); +#else + p[6] = p[5] >> 63; + p[5] = p[5] << 1 | p[4] >> 63; + p[4] = p[4] << 1 | p[3] >> 63; + p[3] = p[3] << 1 | p[2] >> 63; + p[2] = p[2] << 1 | p[1] >> 63; + p[1] = p[1] << 1 | p[0] >> 63; + p[0] = p[0] << 1; +#endif + mbedtls_p384_rum( p ); +} + +static inline void +mbedtls_p384_jam( uint64_t p[7] ) +{ + secp384r1( p ); + if( (int64_t)p[6] < 0 ) + do + mbedtls_p384_gro( p ); + while( (int64_t)p[6] < 0 ); + else + mbedtls_p384_rum( p ); +} + +static void +mbedtls_p384_mul_1x1( uint64_t X[12], + const uint64_t A[6], size_t n, + const uint64_t B[6], size_t m ) +{ + uint128_t t; + t = A[0]; + t *= B[0]; + X[ 0] = t; + X[ 1] = t >> 64; + X[ 2] = 0; + X[ 3] = 0; + X[ 4] = 0; + X[ 5] = 0; + X[ 6] = 0; + X[ 7] = 0; + X[ 8] = 0; + X[ 9] = 0; + X[10] = 0; + X[11] = 0; +} + +static void +mbedtls_p384_mul_nx1( uint64_t X[12], + const uint64_t A[6], size_t n, + const uint64_t B[6], size_t m ) +{ + mbedtls_mpi_mul_hlp1(n, A, X, B[0]); + mbedtls_platform_zeroize( X + n + m, ( 12 - n - m ) * 8 ); + if ( n + m >= 6 ) + mbedtls_p384_jam( X ); +} + +static void +mbedtls_p384_mul_6x6( uint64_t X[12], + const uint64_t A[6], size_t n, + const uint64_t B[6], size_t m ) +{ + Mul6x6Adx( X, A, B ); + mbedtls_p384_jam( X ); +} + +static void +mbedtls_p384_mul_nxm( uint64_t X[12], + const uint64_t A[6], size_t n, + const uint64_t B[6], size_t m ) +{ + if (A == X) A = gc(memcpy(malloc(6 * 8), A, 6 * 8)); + if (B == X) B = gc(memcpy(malloc(6 * 8), B, 6 * 8)); + Mul( X, A, n, B, m ); + mbedtls_platform_zeroize( X + n + m, (12 - n - m) * 8 ); + if ( n + m >= 6 ) + mbedtls_p384_jam( X ); +} + +static void +mbedtls_p384_mul( uint64_t X[12], + const uint64_t A[6], size_t n, + const uint64_t B[6], size_t m ) +{ + if( n == 6 && m == 6 && X86_HAVE(ADX) && X86_HAVE(BMI2) ) + mbedtls_p384_mul_6x6( X, A, n, B, m ); + else if( m == 1 && n == 1 ) + mbedtls_p384_mul_1x1( X, A, n, B, m ); + else if( m == 1 ) + mbedtls_p384_mul_nx1( X, A, n, B, m ); + else + mbedtls_p384_mul_nxm( X, A, n, B, m ); +} + +static void +mbedtls_p384_add( uint64_t X[7], + const uint64_t A[6], + const uint64_t B[6] ) +{ +#if defined(__x86_64__) && !defined(__STRICT_ANSI__) + asm("xor\t%%rcx,%%rcx\n\t" + "mov\t%1,%%rax\n\t" + "add\t%2,%%rax\n\t" + "mov\t%%rax,%0\n\t" + "mov\t8+%1,%%rax\n\t" + "adc\t8+%2,%%rax\n\t" + "mov\t%%rax,8+%0\n\t" + "mov\t16+%1,%%rax\n\t" + "adc\t16+%2,%%rax\n\t" + "mov\t%%rax,16+%0\n\t" + "mov\t24+%1,%%rax\n\t" + "adc\t24+%2,%%rax\n\t" + "mov\t%%rax,24+%0\n\t" + "mov\t32+%1,%%rax\n\t" + "adc\t32+%2,%%rax\n\t" + "mov\t%%rax,32+%0\n\t" + "mov\t40+%1,%%rax\n\t" + "adc\t40+%2,%%rax\n\t" + "mov\t%%rax,40+%0\n\t" + "adc\t$0,%%rcx\n\t" + "mov\t%%rcx,48+%0" + : "+o"(*X) + : "o"(*A), "o"(*B) + : "rax", "rcx", "memory", "cc"); +#else + uint64_t c; + ADC( X[0], A[0], B[0], 0, c ); + ADC( X[1], A[1], B[1], c, c ); + ADC( X[2], A[2], B[2], c, c ); + ADC( X[3], A[3], B[3], c, c ); + ADC( X[4], A[4], B[4], c, c ); + ADC( X[5], A[5], B[5], c, X[6] ); +#endif + mbedtls_p384_rum( X ); + DCHECK_EQ(0, X[6]); +} + +static void +mbedtls_p384_sub( uint64_t X[7], + const uint64_t A[6], + const uint64_t B[6] ) +{ +#if defined(__x86_64__) && !defined(__STRICT_ANSI__) + asm("xor\t%%rcx,%%rcx\n\t" + "mov\t%1,%%rax\n\t" + "sub\t%2,%%rax\n\t" + "mov\t%%rax,%0\n\t" + "mov\t8+%1,%%rax\n\t" + "sbb\t8+%2,%%rax\n\t" + "mov\t%%rax,8+%0\n\t" + "mov\t16+%1,%%rax\n\t" + "sbb\t16+%2,%%rax\n\t" + "mov\t%%rax,16+%0\n\t" + "mov\t24+%1,%%rax\n\t" + "sbb\t24+%2,%%rax\n\t" + "mov\t%%rax,24+%0\n\t" + "mov\t32+%1,%%rax\n\t" + "sbb\t32+%2,%%rax\n\t" + "mov\t%%rax,32+%0\n\t" + "mov\t40+%1,%%rax\n\t" + "sbb\t40+%2,%%rax\n\t" + "mov\t%%rax,40+%0\n\t" + "sbb\t$0,%%rcx\n\t" + "mov\t%%rcx,48+%0" + : "+o"(*X) + : "o"(*A), "o"(*B) + : "rax", "rcx", "memory", "cc"); +#else + uint64_t c; + SBB( X[0], A[0], B[0], 0, c ); + SBB( X[1], A[1], B[1], c, c ); + SBB( X[2], A[2], B[2], c, c ); + SBB( X[3], A[3], B[3], c, c ); + SBB( X[4], A[4], B[4], c, c ); + SBB( X[5], A[5], B[5], c, c ); + X[6] = -c; +#endif + while( (int64_t)X[6] < 0 ) + mbedtls_p384_gro( X ); + DCHECK_EQ(0, X[6]); +} + +static void +mbedtls_p384_hub( uint64_t A[7], + const uint64_t B[6] ) +{ +#if defined(__x86_64__) && !defined(__STRICT_ANSI__) + asm("xor\t%%rcx,%%rcx\n\t" + "mov\t%1,%%rax\n\t" + "sub\t%%rax,%0\n\t" + "mov\t8+%1,%%rax\n\t" + "sbb\t%%rax,8+%0\n\t" + "mov\t16+%1,%%rax\n\t" + "sbb\t%%rax,16+%0\n\t" + "mov\t24+%1,%%rax\n\t" + "sbb\t%%rax,24+%0\n\t" + "mov\t32+%1,%%rax\n\t" + "sbb\t%%rax,32+%0\n\t" + "mov\t40+%1,%%rax\n\t" + "sbb\t%%rax,40+%0\n\t" + "sbb\t$0,%%rcx\n\t" + "mov\t%%rcx,48+%0" + : "+o"(*A) + : "o"(*B) + : "rax", "rcx", "memory", "cc"); + while( (int64_t)A[6] < 0 ) + mbedtls_p384_gro( A ); + DCHECK_EQ(0, A[6]); +#else + mbedtls_p384_sub(A, A, B); +#endif +} + +static inline void +mbedtls_p384_cop( uint64_t X[6], + const uint64_t Y[6] ) +{ + memcpy( X, Y, 6 * 8 ); +} + +static int +mbedtls_p384_dim( mbedtls_ecp_point *R ) +{ + int ret; + if( R->X.n < 6 && ( ret = mbedtls_mpi_grow( &R->X, 6 ) ) ) return ret; + if( R->Y.n < 6 && ( ret = mbedtls_mpi_grow( &R->Y, 6 ) ) ) return ret; + if( R->Z.n < 6 && ( ret = mbedtls_mpi_grow( &R->Z, 6 ) ) ) return ret; + return 0; +} + +int mbedtls_p384_double_jac( const mbedtls_ecp_group *G, + const mbedtls_ecp_point *P, + mbedtls_ecp_point *R ) +{ + int ret; + struct { + uint64_t X[6], Y[6], Z[6]; + uint64_t M[12], S[12], T[12], U[12]; + size_t Xn, Yn, Zn; + } s; + MBEDTLS_ASSERT( G->A.p == 0 ); + MBEDTLS_ASSERT( P->X.s == 1 ); + MBEDTLS_ASSERT( P->Y.s == 1 ); + MBEDTLS_ASSERT( P->Z.s == 1 ); + MBEDTLS_ASSERT( G->P.p[0] == 0x00000000ffffffff ); + MBEDTLS_ASSERT( G->P.p[1] == 0xffffffff00000000 ); + MBEDTLS_ASSERT( G->P.p[2] == 0xfffffffffffffffe ); + MBEDTLS_ASSERT( G->P.p[3] == 0xffffffffffffffff ); + MBEDTLS_ASSERT( G->P.p[4] == 0xffffffffffffffff ); + MBEDTLS_ASSERT( G->P.p[5] == 0xffffffffffffffff ); + if ( ( ret = mbedtls_p384_dim( R ) ) ) return ret; + mbedtls_platform_zeroize( &s, sizeof( s ) ); + s.Xn = mbedtls_mpi_limbs( &P->X ); + s.Yn = mbedtls_mpi_limbs( &P->Y ); + s.Zn = mbedtls_mpi_limbs( &P->Z ); + CHECK_LE( s.Xn, 6 ); + CHECK_LE( s.Yn, 6 ); + CHECK_LE( s.Zn, 6 ); + memcpy( s.X, P->X.p, s.Xn * 8 ); + memcpy( s.Y, P->Y.p, s.Yn * 8 ); + memcpy( s.Z, P->Z.p, s.Zn * 8 ); + mbedtls_p384_mul( s.S, s.Z, s.Zn, s.Z, s.Zn ); + mbedtls_p384_add( s.T, s.X, s.S ); + mbedtls_p384_sub( s.U, s.X, s.S ); + mbedtls_p384_mul( s.S, s.T, 6, s.U, 6 ); + mbedtls_mpi_mul_hlp1( 6, s.S, s.M, 3 ); + mbedtls_p384_rum( s.M ); + mbedtls_p384_mul( s.T, s.Y, s.Yn, s.Y, s.Yn ); + mbedtls_p384_shl( s.T ); + mbedtls_p384_mul( s.S, s.X, s.Xn, s.T, 6 ); + mbedtls_p384_shl( s.S ); + mbedtls_p384_mul( s.U, s.T, 6, s.T, 6 ); + mbedtls_p384_shl( s.U ); + mbedtls_p384_mul( s.T, s.M, 6, s.M, 6 ); + mbedtls_p384_hub( s.T, s.S ); + mbedtls_p384_hub( s.T, s.S ); + mbedtls_p384_hub( s.S, s.T ); + mbedtls_p384_mul( s.S, s.S, 6, s.M, 6 ); + mbedtls_p384_hub( s.S, s.U ); + mbedtls_p384_mul( s.U, s.Y, s.Yn, s.Z, s.Zn ); + mbedtls_p384_shl( s.U ); + mbedtls_p384_cop( R->X.p, s.T ); + mbedtls_p384_cop( R->Y.p, s.S ); + mbedtls_p384_cop( R->Z.p, s.U ); + mbedtls_platform_zeroize( &s, sizeof(s) ); + return 0; +} + +int mbedtls_p384_add_mixed( const mbedtls_ecp_group *G, + const mbedtls_ecp_point *P, + const mbedtls_ecp_point *Q, + mbedtls_ecp_point *R ) +{ + int ret; + struct { + uint64_t X[12], Y[12], Z[12]; + uint64_t T1[12], T2[12], T3[12], T4[12]; + size_t Xn, Yn, Zn, QXn, QYn; + } s; + MBEDTLS_ASSERT( P->X.s == 1 ); + MBEDTLS_ASSERT( P->Y.s == 1 ); + MBEDTLS_ASSERT( P->Z.s == 1 ); + MBEDTLS_ASSERT( Q->X.s == 1 ); + MBEDTLS_ASSERT( Q->Y.s == 1 ); + if ( ( ret = mbedtls_p384_dim( R ) ) ) return ret; + mbedtls_platform_zeroize(&s, sizeof(s)); + s.Xn = mbedtls_mpi_limbs( &P->X ); + s.Yn = mbedtls_mpi_limbs( &P->Y ); + s.Zn = mbedtls_mpi_limbs( &P->Z ); + s.QXn = mbedtls_mpi_limbs( &Q->X ); + s.QYn = mbedtls_mpi_limbs( &Q->Y ); + CHECK_LE( s.Xn, 6 ); + CHECK_LE( s.Yn, 6 ); + CHECK_LE( s.Zn, 6 ); + CHECK_LE( s.QXn, 6 ); + CHECK_LE( s.QYn, 6 ); + memcpy( s.X, P->X.p, s.Xn * 8 ); + memcpy( s.Y, P->Y.p, s.Yn * 8 ); + memcpy( s.Z, P->Z.p, s.Zn * 8 ); + mbedtls_p384_mul( s.T1, s.Z, s.Zn, s.Z, s.Zn ); + mbedtls_p384_mul( s.T2, s.T1, 6, s.Z, s.Zn ); + mbedtls_p384_mul( s.T1, s.T1, 6, Q->X.p, s.QXn ); + mbedtls_p384_mul( s.T2, s.T2, 6, Q->Y.p, s.QYn ); + mbedtls_p384_hub( s.T1, s.X ); + mbedtls_p384_hub( s.T2, s.Y ); + if( mbedtls_p384_isz( s.T1 ) ) + { + if( mbedtls_p384_isz( s.T2 ) ) + return mbedtls_p384_double_jac( G, P, R ); + else + return mbedtls_ecp_set_zero( R ); + } + mbedtls_p384_mul( s.Z, s.Z, s.Zn, s.T1, 6 ); + mbedtls_p384_mul( s.T3, s.T1, 6, s.T1, 6 ); + mbedtls_p384_mul( s.T4, s.T3, 6, s.T1, 6 ); + mbedtls_p384_mul( s.T3, s.T3, 6, s.X, s.Xn ); + mbedtls_p384_cop( s.T1, s.T3 ); + mbedtls_p384_shl( s.T1 ); + mbedtls_p384_mul( s.X, s.T2, 6, s.T2, 6 ); + mbedtls_p384_hub( s.X, s.T1 ); + mbedtls_p384_hub( s.X, s.T4 ); + mbedtls_p384_hub( s.T3, s.X ); + mbedtls_p384_mul( s.T3, s.T3, 6, s.T2, 6 ); + mbedtls_p384_mul( s.T4, s.T4, 6, s.Y, s.Yn ); + mbedtls_p384_sub( s.Y, s.T3, s.T4 ); + mbedtls_p384_cop( R->X.p, s.X ); + mbedtls_p384_cop( R->Y.p, s.Y ); + mbedtls_p384_cop( R->Z.p, s.Z ); + mbedtls_platform_zeroize( &s, sizeof( s ) ); + return 0; +} + +static int mbedtls_p384_inv_mod(mbedtls_mpi *X, + const mbedtls_mpi *A, + const mbedtls_mpi *N) +{ + int ret = MBEDTLS_ERR_THIS_CORRUPTION; + mbedtls_mpi G, TA, TU, U1, U2, TB, TV, V1, V2; + MBEDTLS_ASSERT( A->s == 1 ); + MBEDTLS_ASSERT( N->s == 1 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( X ) <= 6 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( A ) <= 6 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( N ) <= 6 ); + MBEDTLS_ASSERT( mbedtls_mpi_cmp_int( N, 1 ) > 0 ); + mbedtls_mpi_init( &TA ); + mbedtls_mpi_init( &TU ); + mbedtls_mpi_init( &U1 ); + mbedtls_mpi_init( &U2 ); + mbedtls_mpi_init( &G ); + mbedtls_mpi_init( &TB ); + mbedtls_mpi_init( &TV ); + mbedtls_mpi_init( &V1 ); + mbedtls_mpi_init( &V2 ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &TA, 7 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &TU, 7 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &U1, 7 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &U2, 7 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &G, 7 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &TB, 7 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &TV, 7 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &V1, 7 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &V2, 7 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, A, N ) ); + if (!mbedtls_mpi_is_one( &G )) + { + ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE; + goto cleanup; + } + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &TA, A, N ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TU, &TA ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, N ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TV, N ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &U1, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &U2, 0 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &V1, 0 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &V2, 1 ) ); + do + { + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &TU ) <= 7 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &U1 ) <= 7 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &U2 ) <= 7 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &TV ) <= 7 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &V2 ) <= 7 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &V1 ) <= 7 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &G ) <= 7 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &TA ) <= 7 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &TB ) <= 7 ); + while ( !( TU.p[0] & 1 ) ) + { + mbedtls_p384_sar( TU.p ); + if ((U1.p[0] & 1) || (U2.p[0] & 1)) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &U1, &U1, &TB ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U2, &U2, &TA ) ); + } + mbedtls_p384_sar(U1.p); + mbedtls_p384_sar(U2.p); + } + while ( !( TV.p[0] & 1 ) ) + { + mbedtls_p384_sar(TV.p); + if ((V1.p[0] & 1) || (V2.p[0] & 1)) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &V1, &V1, &TB ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V2, &V2, &TA ) ); + } + mbedtls_p384_sar( V1.p ); + mbedtls_p384_sar( V2.p ); + } + if (mbedtls_mpi_cmp_mpi( &TU, &TV ) >= 0) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &TU, &TU, &TV ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U1, &U1, &V1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U2, &U2, &V2 ) ); + } + else + { + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &TV, &TV, &TU ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V1, &V1, &U1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V2, &V2, &U2 ) ); + } + } while ( TU.p[0] | TU.p[1] | TU.p[2] | TU.p[3] | TU.p[4] | TU.p[5] ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &TU ) <= 7 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &U1 ) <= 7 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &U2 ) <= 7 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &TV ) <= 7 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &V2 ) <= 7 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &V1 ) <= 7 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &G ) <= 7 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &TA ) <= 7 ); + MBEDTLS_ASSERT( mbedtls_mpi_limbs( &TB ) <= 7 ); + while (V1.s < 0) + MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &V1, &V1, N ) ); + while (mbedtls_mpi_cmp_mpi( &V1, N ) >= 0) + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V1, &V1, N ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &V1 ) ); +cleanup: + mbedtls_mpi_free( &TA ); + mbedtls_mpi_free( &TU ); + mbedtls_mpi_free( &U1 ); + mbedtls_mpi_free( &U2 ); + mbedtls_mpi_free( &G ); + mbedtls_mpi_free( &TB ); + mbedtls_mpi_free( &TV ); + mbedtls_mpi_free( &V1 ); + mbedtls_mpi_free( &V2 ); + return ret; +} + +int mbedtls_p384_normalize_jac_many( const mbedtls_ecp_group *grp, + mbedtls_ecp_point *T[], size_t T_size ) +{ + int ret = MBEDTLS_ERR_THIS_CORRUPTION; + size_t i; + uint64_t ta[12]; + mbedtls_mpi *c, u, Zi, ZZi; + if( !( c = mbedtls_calloc( T_size, sizeof( mbedtls_mpi ) ) ) ) + return( MBEDTLS_ERR_ECP_ALLOC_FAILED ); + mbedtls_mpi_init( &u ); + mbedtls_mpi_init( &Zi ); + mbedtls_mpi_init( &ZZi ); + for( i = 0; i < T_size; i++ ) + { + CHECK_EQ( 6, T[i]->X.n ); + CHECK_EQ( 6, T[i]->Y.n ); + CHECK_EQ( 6, T[i]->Z.n ); + mbedtls_mpi_init( c + i ); + } + for( i = 0; i < T_size; i++ ) + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( c + i, 12 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &u, 12 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &Zi, 12 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &ZZi, 12 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( c, &T[0]->Z ) ); + for( i = 1; i < T_size; i++ ) + mbedtls_p384_mul( c[i].p, c[i-1].p, 6, T[i]->Z.p, 6 ); + MBEDTLS_MPI_CHK( mbedtls_p384_inv_mod( &u, c + T_size - 1, &grp->P ) ); + for( i = T_size - 1; ; i-- ) + { + if( !i ) + memcpy( Zi.p, u.p, 6 * 8 ); + else + { + mbedtls_p384_mul( Zi.p, u.p, 6, c[i-1].p, 6 ); + mbedtls_p384_mul( u.p, u.p, 6, T[i]->Z.p, 6 ); + } + mbedtls_p384_mul( ZZi.p, Zi.p, 6, Zi.p, 6 ); + mbedtls_p384_mul( ta, T[i]->X.p, 6, ZZi.p, 6 ); + memcpy( T[i]->X.p, ta, 6 * 8 ); + mbedtls_p384_mul( ta, T[i]->Y.p, 6, ZZi.p, 6 ); + mbedtls_p384_mul( ta, ta, 6, Zi.p, 6 ); + memcpy( T[i]->Y.p, ta, 6 * 8 ); + mbedtls_mpi_free( &T[i]->Z ); + if( !i ) break; + } +cleanup: + mbedtls_platform_zeroize( ta, sizeof( ta ) ); + for( i = 0; i < T_size; i++ ) + mbedtls_mpi_free( c + i ); + mbedtls_mpi_free( &ZZi ); + mbedtls_mpi_free( &Zi ); + mbedtls_mpi_free( &u ); + mbedtls_free( c ); + return( ret ); +} diff --git a/third_party/mbedtls/ecp_curves.c b/third_party/mbedtls/ecp_curves.c index f1b437734..2dc189e8f 100644 --- a/third_party/mbedtls/ecp_curves.c +++ b/third_party/mbedtls/ecp_curves.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/ecp.h" #include "third_party/mbedtls/error.h" @@ -29,7 +46,7 @@ asm(".include \"libc/disclaimer.inc\""); * limitations under the License. */ -#if defined(MBEDTLS_ECP_C) +/* #if defined(MBEDTLS_ECP_C) */ #if !defined(MBEDTLS_ECP_ALT) @@ -618,29 +635,23 @@ static int ecp_group_load( mbedtls_ecp_group *grp, #endif /* ECP_LOAD_GROUP */ #if defined(MBEDTLS_ECP_NIST_OPTIM) -/* Forward declarations */ +#define NIST_MODP( P ) grp->modp = ecp_mod_ ## P; +#else +#define NIST_MODP( P ) +#endif + +#if defined(MBEDTLS_ECP_NIST_OPTIM) #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) static int ecp_mod_p192( mbedtls_mpi * ); #endif #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) static int ecp_mod_p224( mbedtls_mpi * ); #endif -#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) -static int ecp_mod_p256( mbedtls_mpi * ); -#endif -#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) -static int ecp_mod_p384( mbedtls_mpi * ); -#endif #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) static int ecp_mod_p521( mbedtls_mpi * ); #endif - -#define NIST_MODP( P ) grp->modp = ecp_mod_ ## P; -#else -#define NIST_MODP( P ) #endif /* MBEDTLS_ECP_NIST_OPTIM */ -/* Additional forward declarations */ #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) static int ecp_mod_p255( mbedtls_mpi * ); #endif @@ -681,7 +692,7 @@ static int ecp_mod_p256k1( mbedtls_mpi * ); */ static int ecp_use_curve25519( mbedtls_ecp_group *grp ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; /* Actually ( A + 2 ) / 4 */ MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &grp->A, 16, "01DB42" ) ); @@ -721,7 +732,7 @@ cleanup: static int ecp_use_curve448( mbedtls_ecp_group *grp ) { mbedtls_mpi Ns; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_mpi_init( &Ns ); @@ -760,6 +771,8 @@ cleanup: } #endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ + +#if defined(MBEDTLS_ECP_C) /** * \brief This function sets up an ECP group context * from a standardized set of domain parameters. @@ -866,6 +879,7 @@ int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id ) return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ); } } +#endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_ECP_NIST_OPTIM) /* @@ -878,7 +892,6 @@ int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id ) * MPI remains loose, since these functions can be deactivated at will. */ -#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) /* * Compared to the way things are presented in FIPS 186-3 D.2, * we proceed in columns, from right (least significant chunk) to left, @@ -926,20 +939,16 @@ static inline void carry64( mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry ) */ static int ecp_mod_p192( mbedtls_mpi *N ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_mpi_uint c = 0; mbedtls_mpi_uint *p, *end; - /* Make sure we have enough blocks so that A(5) is legal */ MBEDTLS_MPI_CHK( mbedtls_mpi_grow( N, 6 * WIDTH ) ); - p = N->p; end = p + N->n; - ADD( 3 ); ADD( 5 ); NEXT; // A0 += A3 + A5 ADD( 3 ); ADD( 4 ); ADD( 5 ); NEXT; // A1 += A3 + A4 + A5 ADD( 4 ); ADD( 5 ); LAST; // A2 += A4 + A5 - cleanup: return( ret ); } @@ -949,11 +958,7 @@ cleanup: #undef ADD #undef NEXT #undef LAST -#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \ - defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \ - defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) /* * The reader is advised to first understand ecp_mod_p192() since the same * general structure is used here, but with additional complications: @@ -1017,7 +1022,7 @@ static inline void sub32( uint32_t *dst, uint32_t src, signed char *carry ) * (see fix_negative for the motivation of C) */ #define INIT( b ) \ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; \ + int ret = MBEDTLS_ERR_THIS_CORRUPTION; \ signed char c = 0, cc; \ uint32_t cur; \ size_t i = 0, bits = (b); \ @@ -1053,8 +1058,7 @@ static inline void sub32( uint32_t *dst, uint32_t src, signed char *carry ) */ static inline int fix_negative( mbedtls_mpi *N, signed char c, mbedtls_mpi *C, size_t bits ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - + int ret = MBEDTLS_ERR_THIS_CORRUPTION; /* C = - c * 2^(bits + 32) */ #if !defined(MBEDTLS_HAVE_INT64) ((void) bits); @@ -1064,24 +1068,19 @@ static inline int fix_negative( mbedtls_mpi *N, signed char c, mbedtls_mpi *C, s else #endif C->p[ C->n - 1 ] = (mbedtls_mpi_uint) -c; - /* N = - ( C - N ) */ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( N, C, N ) ); N->s = -1; - cleanup: - return( ret ); } -#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) /* * Fast quasi-reduction modulo p224 (FIPS 186-3 D.2.2) */ static int ecp_mod_p224( mbedtls_mpi *N ) { INIT( 224 ); - SUB( 7 ); SUB( 11 ); NEXT; // A0 += -A7 - A11 SUB( 8 ); SUB( 12 ); NEXT; // A1 += -A8 - A12 SUB( 9 ); SUB( 13 ); NEXT; // A2 += -A9 - A13 @@ -1089,97 +1088,9 @@ static int ecp_mod_p224( mbedtls_mpi *N ) SUB( 11 ); ADD( 8 ); ADD( 12 ); NEXT; // A4 += -A11 + A8 + A12 SUB( 12 ); ADD( 9 ); ADD( 13 ); NEXT; // A5 += -A12 + A9 + A13 SUB( 13 ); ADD( 10 ); LAST; // A6 += -A13 + A10 - cleanup: return( ret ); } -#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) -/* - * Fast quasi-reduction modulo p256 (FIPS 186-3 D.2.3) - */ -static int ecp_mod_p256( mbedtls_mpi *N ) -{ - INIT( 256 ); - - ADD( 8 ); ADD( 9 ); - SUB( 11 ); SUB( 12 ); SUB( 13 ); SUB( 14 ); NEXT; // A0 - - ADD( 9 ); ADD( 10 ); - SUB( 12 ); SUB( 13 ); SUB( 14 ); SUB( 15 ); NEXT; // A1 - - ADD( 10 ); ADD( 11 ); - SUB( 13 ); SUB( 14 ); SUB( 15 ); NEXT; // A2 - - ADD( 11 ); ADD( 11 ); ADD( 12 ); ADD( 12 ); ADD( 13 ); - SUB( 15 ); SUB( 8 ); SUB( 9 ); NEXT; // A3 - - ADD( 12 ); ADD( 12 ); ADD( 13 ); ADD( 13 ); ADD( 14 ); - SUB( 9 ); SUB( 10 ); NEXT; // A4 - - ADD( 13 ); ADD( 13 ); ADD( 14 ); ADD( 14 ); ADD( 15 ); - SUB( 10 ); SUB( 11 ); NEXT; // A5 - - ADD( 14 ); ADD( 14 ); ADD( 15 ); ADD( 15 ); ADD( 14 ); ADD( 13 ); - SUB( 8 ); SUB( 9 ); NEXT; // A6 - - ADD( 15 ); ADD( 15 ); ADD( 15 ); ADD( 8 ); - SUB( 10 ); SUB( 11 ); SUB( 12 ); SUB( 13 ); LAST; // A7 - -cleanup: - return( ret ); -} -#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) -/* - * Fast quasi-reduction modulo p384 (FIPS 186-3 D.2.4) - */ -static int ecp_mod_p384( mbedtls_mpi *N ) -{ - INIT( 384 ); - - ADD( 12 ); ADD( 21 ); ADD( 20 ); - SUB( 23 ); NEXT; // A0 - - ADD( 13 ); ADD( 22 ); ADD( 23 ); - SUB( 12 ); SUB( 20 ); NEXT; // A2 - - ADD( 14 ); ADD( 23 ); - SUB( 13 ); SUB( 21 ); NEXT; // A2 - - ADD( 15 ); ADD( 12 ); ADD( 20 ); ADD( 21 ); - SUB( 14 ); SUB( 22 ); SUB( 23 ); NEXT; // A3 - - ADD( 21 ); ADD( 21 ); ADD( 16 ); ADD( 13 ); ADD( 12 ); ADD( 20 ); ADD( 22 ); - SUB( 15 ); SUB( 23 ); SUB( 23 ); NEXT; // A4 - - ADD( 22 ); ADD( 22 ); ADD( 17 ); ADD( 14 ); ADD( 13 ); ADD( 21 ); ADD( 23 ); - SUB( 16 ); NEXT; // A5 - - ADD( 23 ); ADD( 23 ); ADD( 18 ); ADD( 15 ); ADD( 14 ); ADD( 22 ); - SUB( 17 ); NEXT; // A6 - - ADD( 19 ); ADD( 16 ); ADD( 15 ); ADD( 23 ); - SUB( 18 ); NEXT; // A7 - - ADD( 20 ); ADD( 17 ); ADD( 16 ); - SUB( 19 ); NEXT; // A8 - - ADD( 21 ); ADD( 18 ); ADD( 17 ); - SUB( 20 ); NEXT; // A9 - - ADD( 22 ); ADD( 19 ); ADD( 18 ); - SUB( 21 ); NEXT; // A10 - - ADD( 23 ); ADD( 20 ); ADD( 19 ); - SUB( 22 ); LAST; // A11 - -cleanup: - return( ret ); -} -#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ #undef A #undef LOAD32 @@ -1189,10 +1100,6 @@ cleanup: #undef NEXT #undef LAST -#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED || - MBEDTLS_ECP_DP_SECP256R1_ENABLED || - MBEDTLS_ECP_DP_SECP384R1_ENABLED */ - #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) /* * Here we have an actual Mersenne prime, so things are more straightforward. @@ -1211,7 +1118,7 @@ cleanup: */ static int ecp_mod_p521( mbedtls_mpi *N ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t i; mbedtls_mpi M; mbedtls_mpi_uint Mp[P521_WIDTH + 1]; @@ -1249,8 +1156,6 @@ cleanup: #endif /* MBEDTLS_ECP_NIST_OPTIM */ -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) - /* Size of p255 in terms of mbedtls_mpi_uint */ #define P255_WIDTH ( 255 / 8 / sizeof( mbedtls_mpi_uint ) + 1 ) @@ -1260,38 +1165,32 @@ cleanup: */ static int ecp_mod_p255( mbedtls_mpi *N ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t i; mbedtls_mpi M; mbedtls_mpi_uint Mp[P255_WIDTH + 2]; - if( N->n < P255_WIDTH ) return( 0 ); - /* M = A1 */ M.s = 1; M.n = N->n - ( P255_WIDTH - 1 ); if( M.n > P255_WIDTH + 1 ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); M.p = Mp; - memset( Mp, 0, sizeof Mp ); + mbedtls_platform_zeroize( Mp, sizeof Mp ); memcpy( Mp, N->p + P255_WIDTH - 1, M.n * sizeof( mbedtls_mpi_uint ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, 255 % ( 8 * sizeof( mbedtls_mpi_uint ) ) ) ); M.n++; /* Make room for multiplication by 19 */ - /* N = A0 */ MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( N, 255, 0 ) ); for( i = P255_WIDTH; i < N->n; i++ ) N->p[i] = 0; - /* N = A0 + 19 * A1 */ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &M, &M, 19 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_add_abs( N, N, &M ) ); - cleanup: return( ret ); } -#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) @@ -1317,7 +1216,7 @@ cleanup: */ static int ecp_mod_p448( mbedtls_mpi *N ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t i; mbedtls_mpi M, Q; mbedtls_mpi_uint Mp[P448_WIDTH + 1], Qp[P448_WIDTH]; @@ -1332,7 +1231,7 @@ static int ecp_mod_p448( mbedtls_mpi *N ) /* Shouldn't be called with N larger than 2^896! */ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); M.p = Mp; - memset( Mp, 0, sizeof( Mp ) ); + mbedtls_platform_zeroize( Mp, sizeof( Mp ) ); memcpy( Mp, N->p + P448_WIDTH, M.n * sizeof( mbedtls_mpi_uint ) ); /* N = A0 */ @@ -1379,7 +1278,7 @@ cleanup: static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p_limbs, size_t adjust, size_t shift, mbedtls_mpi_uint mask ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t i; mbedtls_mpi M, R; mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1]; @@ -1400,7 +1299,7 @@ static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t M.n = N->n - ( p_limbs - adjust ); if( M.n > p_limbs + adjust ) M.n = p_limbs + adjust; - memset( Mp, 0, sizeof Mp ); + mbedtls_platform_zeroize( Mp, sizeof Mp ); memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) ); if( shift != 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) ); @@ -1422,7 +1321,7 @@ static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t M.n = N->n - ( p_limbs - adjust ); if( M.n > p_limbs + adjust ) M.n = p_limbs + adjust; - memset( Mp, 0, sizeof Mp ); + mbedtls_platform_zeroize( Mp, sizeof Mp ); memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) ); if( shift != 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &M, shift ) ); @@ -1493,4 +1392,4 @@ static int ecp_mod_p256k1( mbedtls_mpi *N ) #endif /* !MBEDTLS_ECP_ALT */ -#endif /* MBEDTLS_ECP_C */ +/* #endif /\* MBEDTLS_ECP_C *\/ */ diff --git a/third_party/mbedtls/ecp_internal.h b/third_party/mbedtls/ecp_internal.h index 6d0dfdf0d..ee5204f0c 100644 --- a/third_party/mbedtls/ecp_internal.h +++ b/third_party/mbedtls/ecp_internal.h @@ -1,6 +1,7 @@ -#ifndef MBEDTLS_ECP_INTERNAL_H -#define MBEDTLS_ECP_INTERNAL_H +#ifndef COSMOPOLITAN_THIRD_PARTY_MBEDTLS_ECP_INTERNAL_H_ +#define COSMOPOLITAN_THIRD_PARTY_MBEDTLS_ECP_INTERNAL_H_ #include "third_party/mbedtls/config.h" +#include "third_party/mbedtls/ecp.h" /* clang-format off */ #if defined(MBEDTLS_ECP_INTERNAL_ALT) @@ -105,8 +106,9 @@ int mbedtls_internal_ecp_randomize_jac( const mbedtls_ecp_group *grp, * \return 0 if successful. */ int mbedtls_internal_ecp_add_mixed( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *R, const mbedtls_ecp_point *P, - const mbedtls_ecp_point *Q ); + mbedtls_ecp_point *R, + const mbedtls_ecp_point *P, + const mbedtls_ecp_point *Q ); #endif /** @@ -178,7 +180,7 @@ int mbedtls_internal_ecp_normalize_jac_many( const mbedtls_ecp_group *grp, */ #if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) int mbedtls_internal_ecp_normalize_jac( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *pt ); + mbedtls_ecp_point *pt ); #endif #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ @@ -208,8 +210,9 @@ int mbedtls_internal_ecp_double_add_mxz( const mbedtls_ecp_group *grp, */ #if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) int mbedtls_internal_ecp_randomize_mxz( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *P, int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); + mbedtls_ecp_point *P, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ); #endif /** @@ -224,12 +227,36 @@ int mbedtls_internal_ecp_randomize_mxz( const mbedtls_ecp_group *grp, */ #if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) int mbedtls_internal_ecp_normalize_mxz( const mbedtls_ecp_group *grp, - mbedtls_ecp_point *P ); + mbedtls_ecp_point *P ); #endif #endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */ #endif /* MBEDTLS_ECP_INTERNAL_ALT */ -#endif /* ecp_internal.h */ +void secp256r1( uint64_t[8] ); +void secp384r1( uint64_t[12] ); +int mbedtls_p256_double_jac( const mbedtls_ecp_group *, + const mbedtls_ecp_point *, + mbedtls_ecp_point * ); +int mbedtls_p256_add_mixed( const mbedtls_ecp_group *, + const mbedtls_ecp_point *, + const mbedtls_ecp_point *, + mbedtls_ecp_point * ); +int mbedtls_p256_normalize_jac( const mbedtls_ecp_group *, + mbedtls_ecp_point * ); +int mbedtls_p256_normalize_jac_many( const mbedtls_ecp_group *, + mbedtls_ecp_point *[], size_t ); + +int mbedtls_p384_double_jac( const mbedtls_ecp_group *, + const mbedtls_ecp_point *, + mbedtls_ecp_point * ); +int mbedtls_p384_add_mixed( const mbedtls_ecp_group *, + const mbedtls_ecp_point *, + const mbedtls_ecp_point *, + mbedtls_ecp_point * ); +int mbedtls_p384_normalize_jac_many( const mbedtls_ecp_group *, + mbedtls_ecp_point *[], size_t ); + +#endif /* COSMOPOLITAN_THIRD_PARTY_MBEDTLS_ECP_INTERNAL_H_ */ diff --git a/third_party/mbedtls/ecpshl.c b/third_party/mbedtls/ecpshl.c new file mode 100644 index 000000000..6f0d5fb17 --- /dev/null +++ b/third_party/mbedtls/ecpshl.c @@ -0,0 +1,105 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "third_party/mbedtls/ecp.h" +#include "third_party/mbedtls/math.h" +/* clang-format off */ + +static void mbedtls_mpi_shift_l_mod_p256( const mbedtls_ecp_group *G, + mbedtls_mpi *X ) +{ + bool c; + MBEDTLS_ASSERT( G->P.n == 4 ); + MBEDTLS_ASSERT( mbedtls_mpi_bitlen( X ) <= 256 ); + MBEDTLS_ASSERT( mbedtls_mpi_bitlen( &G->P ) <= 256 ); + X->p[4] = X->p[3] >> 63; + X->p[3] = X->p[3] << 1 | X->p[2] >> 63; + X->p[2] = X->p[2] << 1 | X->p[1] >> 63; + X->p[1] = X->p[1] << 1 | X->p[0] >> 63; + X->p[0] = X->p[0] << 1; + if( (X->p[4] || + X->p[3] > G->P.p[3] || + (X->p[3] == G->P.p[3] && + X->p[2] > G->P.p[2] || + (X->p[2] == G->P.p[2] && + X->p[0] > G->P.p[0] || + (X->p[0] == G->P.p[0])))) ) + { + SBB(X->p[0], X->p[0], G->P.p[0], 0, c); + SBB(X->p[1], X->p[1], G->P.p[1], c, c); + SBB(X->p[2], X->p[2], G->P.p[2], c, c); + SBB(X->p[3], X->p[3], G->P.p[3], c, c); + SBB(X->p[4], X->p[4], 0, c, c); + } +} + +static void mbedtls_mpi_shift_l_mod_p384( const mbedtls_ecp_group *G, + mbedtls_mpi *X ) +{ + bool c; + MBEDTLS_ASSERT( G->P.n == 6 ); + MBEDTLS_ASSERT( mbedtls_mpi_bitlen( X ) <= 384 ); + MBEDTLS_ASSERT( mbedtls_mpi_bitlen( &G->P ) <= 384 ); + X->p[6] = X->p[5] >> 63; + X->p[5] = X->p[5] << 1 | X->p[4] >> 63; + X->p[4] = X->p[4] << 1 | X->p[3] >> 63; + X->p[3] = X->p[3] << 1 | X->p[2] >> 63; + X->p[2] = X->p[2] << 1 | X->p[1] >> 63; + X->p[1] = X->p[1] << 1 | X->p[0] >> 63; + X->p[0] = X->p[0] << 1; + if( (X->p[6] || + X->p[5] > G->P.p[5] || + (X->p[5] == G->P.p[5] && + X->p[4] > G->P.p[4] || + (X->p[4] == G->P.p[4] && + X->p[3] > G->P.p[3] || + (X->p[3] == G->P.p[3] && + X->p[2] > G->P.p[2] || + (X->p[2] == G->P.p[2] && + X->p[0] > G->P.p[0] || + (X->p[0] == G->P.p[0])))))) ) + { + SBB(X->p[0], X->p[0], G->P.p[0], 0, c); + SBB(X->p[1], X->p[1], G->P.p[1], c, c); + SBB(X->p[2], X->p[2], G->P.p[2], c, c); + SBB(X->p[3], X->p[3], G->P.p[3], c, c); + SBB(X->p[4], X->p[4], G->P.p[4], c, c); + SBB(X->p[5], X->p[5], G->P.p[5], c, c); + SBB(X->p[6], X->p[6], 0, c, c); + } +} + +int mbedtls_mpi_shift_l_mod( const mbedtls_ecp_group *G, mbedtls_mpi *X ) +{ + int ret = 0; + MBEDTLS_ASSERT( mbedtls_mpi_cmp_int( X, 0 ) >= 0 ); + MBEDTLS_ASSERT( mbedtls_mpi_cmp_mpi( X, &G->P ) < 0 ); + if( X->n == 8 ) + mbedtls_mpi_shift_l_mod_p256( G, X ); + else if( X->n == 12 ) + mbedtls_mpi_shift_l_mod_p384( G, X ); + else + { + MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( X, 1 ) ); + if( mbedtls_mpi_cmp_mpi( X, &G->P ) >= 0 ) + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, X, &G->P ) ); + } + MBEDTLS_ASSERT( mbedtls_mpi_cmp_mpi( X, &G->P ) < 0 ); + MBEDTLS_ASSERT( mbedtls_mpi_cmp_int( X, 0 ) >= 0 ); +cleanup: + return( ret ); +} diff --git a/third_party/mbedtls/endian.h b/third_party/mbedtls/endian.h index 963f2c2f8..eed96a72b 100644 --- a/third_party/mbedtls/endian.h +++ b/third_party/mbedtls/endian.h @@ -43,6 +43,21 @@ OuT + 8; \ }) +#define Write64le(P, V) \ + ({ \ + uint64_t VaL = (V); \ + uint8_t *OuT = (P); \ + OuT[0] = (0x00000000000000FF & VaL) >> 000; \ + OuT[1] = (0x000000000000FF00 & VaL) >> 010; \ + OuT[2] = (0x0000000000FF0000 & VaL) >> 020; \ + OuT[3] = (0x00000000FF000000 & VaL) >> 030; \ + OuT[4] = (0x000000FF00000000 & VaL) >> 040; \ + OuT[5] = (0x0000FF0000000000 & VaL) >> 050; \ + OuT[6] = (0x00FF000000000000 & VaL) >> 060; \ + OuT[7] = (0xFF00000000000000 & VaL) >> 070; \ + OuT + 8; \ + }) + #define GET_UINT32_BE(n, b, i) (n) = Read32be((b) + (i)) #define PUT_UINT32_BE(n, b, i) Write32be((b) + (i), n) #define GET_UINT64_BE(n, b, i) (n) = Read64be((b) + (i)) diff --git a/third_party/mbedtls/entropy.c b/third_party/mbedtls/entropy.c index 6053cc4d8..b7e6ee67d 100644 --- a/third_party/mbedtls/entropy.c +++ b/third_party/mbedtls/entropy.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "libc/calls/calls.h" #include "libc/stdio/stdio.h" #include "third_party/mbedtls/common.h" @@ -50,7 +67,7 @@ asm(".include \"libc/disclaimer.inc\""); void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) { ctx->source_count = 0; - memset( ctx->source, 0, sizeof( ctx->source ) ); + mbedtls_platform_zeroize( ctx->source, sizeof( ctx->source ) ); ctx->accumulator_started = 0; #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) @@ -315,7 +332,7 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) } while( ! thresholds_reached || strong_size < MBEDTLS_ENTROPY_BLOCK_SIZE ); - memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); + mbedtls_platform_zeroize( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ); #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) /* @@ -398,7 +415,7 @@ int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx ) if( mbedtls_nv_seed_write( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) < 0 ) return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR ); /* Manually update the remaining stream with a separator value to diverge */ - memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); + mbedtls_platform_zeroize( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ); ret = mbedtls_entropy_update_manual( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ); return( ret ); } @@ -581,8 +598,8 @@ int mbedtls_entropy_source_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " ENTROPY_BIAS test: " ); - memset( buf0, 0x00, sizeof( buf0 ) ); - memset( buf1, 0x00, sizeof( buf1 ) ); + mbedtls_platform_zeroize( buf0, sizeof( buf0 ) ); + mbedtls_platform_zeroize( buf1, sizeof( buf1 ) ); if( ( ret = mbedtls_entropy_source_self_test_gather( buf0, sizeof( buf0 ) ) ) != 0 ) goto cleanup; diff --git a/third_party/mbedtls/entropy_poll.c b/third_party/mbedtls/entropy_poll.c index c9b7b94dc..6bad5784e 100644 --- a/third_party/mbedtls/entropy_poll.c +++ b/third_party/mbedtls/entropy_poll.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "libc/nexgen32e/rdtsc.h" #include "libc/str/str.h" #include "third_party/mbedtls/entropy_poll.h" diff --git a/third_party/mbedtls/error.c b/third_party/mbedtls/error.c index 75cc6dc09..68747c6ea 100644 --- a/third_party/mbedtls/error.c +++ b/third_party/mbedtls/error.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "libc/fmt/fmt.h" #include "third_party/mbedtls/aes.h" #include "third_party/mbedtls/asn1.h" @@ -544,7 +561,7 @@ const char * mbedtls_low_level_strerr( int error_code ) #if defined(MBEDTLS_ERROR_C) case -(MBEDTLS_ERR_ERROR_GENERIC_ERROR): return( "ERROR - Generic error" ); - case -(MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED): + case -(MBEDTLS_ERR_THIS_CORRUPTION): return( "ERROR - This is a bug in the library" ); #endif /* MBEDTLS_ERROR_C */ @@ -637,7 +654,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( buflen == 0 ) return; - memset( buf, 0x00, buflen ); + mbedtls_platform_zeroize( buf, buflen ); if( ret < 0 ) ret = -ret; diff --git a/third_party/mbedtls/error.h b/third_party/mbedtls/error.h index a2b0e3cbf..167e7a209 100644 --- a/third_party/mbedtls/error.h +++ b/third_party/mbedtls/error.h @@ -85,7 +85,7 @@ extern "C" { #endif #define MBEDTLS_ERR_ERROR_GENERIC_ERROR -0x0001 /**< Generic error */ -#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E /**< This is a bug in the library */ +#define MBEDTLS_ERR_THIS_CORRUPTION -0x006E /**< This is a bug in the library */ /** * \brief Translate a mbed TLS error code into a string representation, diff --git a/third_party/mbedtls/everest.c b/third_party/mbedtls/everest.c index 410ce2d2c..fe9ff9d00 100644 --- a/third_party/mbedtls/everest.c +++ b/third_party/mbedtls/everest.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright 2016-2018 INRIA and Microsoft Corporation │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "libc/bits/bits.h" #include "libc/limits.h" #include "third_party/mbedtls/asn1.h" @@ -6,93 +23,31 @@ #include "third_party/mbedtls/error.h" #include "third_party/mbedtls/everest.h" #include "third_party/mbedtls/platform.h" +#include "third_party/mbedtls/profile.h" asm(".ident\t\"\\n\\n\ Everest (Apache 2.0)\\n\ Copyright 2016-2018 INRIA and Microsoft Corporation\""); asm(".include \"libc/disclaimer.inc\""); - /* clang-format off */ -/* - * ECDH with curve-optimized implementation multiplexing - * - * Copyright 2016-2018 INRIA and Microsoft Corporation - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) - */ #if defined(MBEDTLS_ECDH_C) && defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) -#ifdef memcpy -#undef memcpy -#endif -#define memcpy(x,y,z) __builtin_memcpy(x,y,z) - #define load64_le(b) READ64LE(b) #define store64_le(b, i) WRITE64LE(b, i) -#define KRML_HOST_EXIT exit -#define KRML_HOST_PRINTF printf - -#define KRML_EXIT \ - do { \ - KRML_HOST_PRINTF("Unimplemented function at %s:%d\n", __FILE__, __LINE__); \ - KRML_HOST_EXIT(254); \ - } while (0) - -#define _KRML_CHECK_SIZE_PRAGMA \ - _Pragma("GCC diagnostic ignored \"-Wtype-limits\"") - -#define KRML_CHECK_SIZE(size_elt, sz) \ - do { \ - _KRML_CHECK_SIZE_PRAGMA \ - if (((size_t)(sz)) > ((size_t)(SIZE_MAX / (size_elt)))) { \ - KRML_HOST_PRINTF( \ - "Maximum allocatable size exceeded, aborting before overflow at " \ - "%s:%d\n", \ - __FILE__, __LINE__); \ - KRML_HOST_EXIT(253); \ - } \ - } while (0) - -typedef const char *Prims_string; - -typedef struct { - uint32_t length; - const char *data; -} FStar_Bytes_bytes; - -typedef int32_t Prims_pos, Prims_nat, Prims_nonzero, Prims_int, - krml_checked_int_t; - -/* Prims_nat not yet in scope */ -inline static int32_t krml_time() { - return (int32_t)time(NULL); -} - -static uint64_t FStar_UInt64_eq_mask(uint64_t a, uint64_t b) +static uint64_t +FStar_UInt64_eq_mask(uint64_t a, uint64_t b) { uint64_t x = a ^ b; - uint64_t minus_x = ~x + (uint64_t)1U; + uint64_t minus_x = ~x + 1; uint64_t x_or_minus_x = x | minus_x; - uint64_t xnx = x_or_minus_x >> (uint32_t)63U; - return xnx - (uint64_t)1U; + uint64_t xnx = x_or_minus_x >> 63; + return xnx - 1; } -static uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b) +static uint64_t +FStar_UInt64_gte_mask(uint64_t a, uint64_t b) { uint64_t x = a; uint64_t y = b; @@ -101,20 +56,22 @@ static uint64_t FStar_UInt64_gte_mask(uint64_t a, uint64_t b) uint64_t x_sub_y_xor_y = x_sub_y ^ y; uint64_t q = x_xor_y | x_sub_y_xor_y; uint64_t x_xor_q = x ^ q; - uint64_t x_xor_q_ = x_xor_q >> (uint32_t)63U; - return x_xor_q_ - (uint64_t)1U; + uint64_t x_xor_q_ = x_xor_q >> 63; + return x_xor_q_ - 1; } -static uint32_t FStar_UInt32_eq_mask(uint32_t a, uint32_t b) +static uint32_t +FStar_UInt32_eq_mask(uint32_t a, uint32_t b) { uint32_t x = a ^ b; - uint32_t minus_x = ~x + (uint32_t)1U; + uint32_t minus_x = ~x + 1; uint32_t x_or_minus_x = x | minus_x; - uint32_t xnx = x_or_minus_x >> (uint32_t)31U; - return xnx - (uint32_t)1U; + uint32_t xnx = x_or_minus_x >> 31; + return xnx - 1; } -static uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b) +static uint32_t +FStar_UInt32_gte_mask(uint32_t a, uint32_t b) { uint32_t x = a; uint32_t y = b; @@ -123,20 +80,22 @@ static uint32_t FStar_UInt32_gte_mask(uint32_t a, uint32_t b) uint32_t x_sub_y_xor_y = x_sub_y ^ y; uint32_t q = x_xor_y | x_sub_y_xor_y; uint32_t x_xor_q = x ^ q; - uint32_t x_xor_q_ = x_xor_q >> (uint32_t)31U; - return x_xor_q_ - (uint32_t)1U; + uint32_t x_xor_q_ = x_xor_q >> 31; + return x_xor_q_ - 1; } -static uint16_t FStar_UInt16_eq_mask(uint16_t a, uint16_t b) +static uint16_t +FStar_UInt16_eq_mask(uint16_t a, uint16_t b) { uint16_t x = a ^ b; - uint16_t minus_x = ~x + (uint16_t)1U; + uint16_t minus_x = ~x + 1; uint16_t x_or_minus_x = x | minus_x; - uint16_t xnx = x_or_minus_x >> (uint32_t)15U; - return xnx - (uint16_t)1U; + uint16_t xnx = x_or_minus_x >> 15; + return xnx - 1; } -static uint16_t FStar_UInt16_gte_mask(uint16_t a, uint16_t b) +static uint16_t +FStar_UInt16_gte_mask(uint16_t a, uint16_t b) { uint16_t x = a; uint16_t y = b; @@ -145,20 +104,22 @@ static uint16_t FStar_UInt16_gte_mask(uint16_t a, uint16_t b) uint16_t x_sub_y_xor_y = x_sub_y ^ y; uint16_t q = x_xor_y | x_sub_y_xor_y; uint16_t x_xor_q = x ^ q; - uint16_t x_xor_q_ = x_xor_q >> (uint32_t)15U; - return x_xor_q_ - (uint16_t)1U; + uint16_t x_xor_q_ = x_xor_q >> 15; + return x_xor_q_ - 1; } -static uint8_t FStar_UInt8_eq_mask(uint8_t a, uint8_t b) +static uint8_t +FStar_UInt8_eq_mask(uint8_t a, uint8_t b) { uint8_t x = a ^ b; - uint8_t minus_x = ~x + (uint8_t)1U; + uint8_t minus_x = ~x + 1; uint8_t x_or_minus_x = x | minus_x; - uint8_t xnx = x_or_minus_x >> (uint32_t)7U; - return xnx - (uint8_t)1U; + uint8_t xnx = x_or_minus_x >> 7; + return xnx - 1; } -static uint8_t FStar_UInt8_gte_mask(uint8_t a, uint8_t b) +static uint8_t +FStar_UInt8_gte_mask(uint8_t a, uint8_t b) { uint8_t x = a; uint8_t y = b; @@ -167,35 +128,37 @@ static uint8_t FStar_UInt8_gte_mask(uint8_t a, uint8_t b) uint8_t x_sub_y_xor_y = x_sub_y ^ y; uint8_t q = x_xor_y | x_sub_y_xor_y; uint8_t x_xor_q = x ^ q; - uint8_t x_xor_q_ = x_xor_q >> (uint32_t)7U; - return x_xor_q_ - (uint8_t)1U; + uint8_t x_xor_q_ = x_xor_q >> 7; + return x_xor_q_ - 1; } -static void Hacl_Bignum_Modulo_carry_top(uint64_t *b) +static void +Hacl_Bignum_Modulo_carry_top(uint64_t *b) { - uint64_t b4 = b[4U]; - uint64_t b0 = b[0U]; - uint64_t b4_ = b4 & (uint64_t)0x7ffffffffffffU; - uint64_t b0_ = b0 + (uint64_t)19U * (b4 >> (uint32_t)51U); - b[4U] = b4_; - b[0U] = b0_; + uint64_t b4 = b[4]; + uint64_t b0 = b[0]; + uint64_t b4_ = b4 & 0x7ffffffffffff; + uint64_t b0_ = b0 + 19 * (b4 >> 51); + b[4] = b4_; + b[0] = b0_; } -inline static void Hacl_Bignum_Fproduct_copy_from_wide_(uint64_t *output, uint128_t *input) +forceinline void +Hacl_Bignum_Fproduct_copy_from_wide_(uint64_t *output, uint128_t *input) { uint32_t i; - for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) + for (i = 0; i < 5; ++i) { uint128_t xi = input[i]; - output[i] = (uint64_t)xi; + output[i] = xi; } } -inline static void +forceinline void Hacl_Bignum_Fproduct_sum_scalar_multiplication_(uint128_t *output, uint64_t *input, uint64_t s) { uint32_t i; - for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) + for (i = 0; i < 5; ++i) { uint128_t xi = output[i]; uint64_t yi = input[i]; @@ -203,123 +166,115 @@ Hacl_Bignum_Fproduct_sum_scalar_multiplication_(uint128_t *output, uint64_t *inp } } -inline static void Hacl_Bignum_Fproduct_carry_wide_(uint128_t *tmp) +forceinline void +Hacl_Bignum_Fproduct_carry_wide_(uint128_t *tmp) { uint32_t i; - for (i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U) + for (i = 0; i < 4; ++i) { uint32_t ctr = i; uint128_t tctr = tmp[ctr]; - uint128_t tctrp1 = tmp[ctr + (uint32_t)1U]; - uint64_t r0 = (uint64_t)tctr & (uint64_t)0x7ffffffffffffU; - uint128_t c = tctr >> (uint32_t)51U; + uint128_t tctrp1 = tmp[ctr + 1]; + uint64_t r0 = (uint64_t)tctr & 0x7ffffffffffff; + uint128_t c = tctr >> 51; tmp[ctr] = (uint128_t)r0; - tmp[ctr + (uint32_t)1U] = tctrp1 + c; + tmp[ctr + 1] = tctrp1 + c; } } -inline static void Hacl_Bignum_Fmul_shift_reduce(uint64_t *output) +forceinline void +Hacl_Bignum_Fmul_shift_reduce(uint64_t *output) { - uint64_t tmp = output[4U]; - uint64_t b0; + uint64_t tmp = output[4]; + uint32_t i; + for (i = 0; i < 4; ++i) { - uint32_t i; - for (i = (uint32_t)0U; i < (uint32_t)4U; i = i + (uint32_t)1U) - { - uint32_t ctr = (uint32_t)5U - i - (uint32_t)1U; - uint64_t z = output[ctr - (uint32_t)1U]; - output[ctr] = z; - } + uint32_t ctr = 5 - i - 1; + uint64_t z = output[ctr - 1]; + output[ctr] = z; } - output[0U] = tmp; - b0 = output[0U]; - output[0U] = (uint64_t)19U * b0; + output[0] = tmp * 19; } -static void +static inline void Hacl_Bignum_Fmul_mul_shift_reduce_(uint128_t *output, uint64_t *input, uint64_t *input2) { uint32_t i; - uint64_t input2i; + for (i = 0; i < 4; ++i) { - uint32_t i0; - for (i0 = (uint32_t)0U; i0 < (uint32_t)4U; i0 = i0 + (uint32_t)1U) - { - uint64_t input2i0 = input2[i0]; - Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i0); - Hacl_Bignum_Fmul_shift_reduce(input); - } + Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2[i]); + Hacl_Bignum_Fmul_shift_reduce(input); } - i = (uint32_t)4U; - input2i = input2[i]; - Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2i); + Hacl_Bignum_Fproduct_sum_scalar_multiplication_(output, input, input2[4]); } -inline static void Hacl_Bignum_Fmul_fmul(uint64_t *output, uint64_t *input, uint64_t *input2) +static inline void +Hacl_Bignum_Fmul_fmul(uint64_t *output, uint64_t *input, uint64_t *input2) { - uint64_t tmp[5U] = { 0U }; - memcpy(tmp, input, (uint32_t)5U * sizeof input[0U]); - KRML_CHECK_SIZE(sizeof (uint128_t), (uint32_t)5U); - { - uint128_t t[5U]; - { - uint32_t _i; - for (_i = 0U; _i < (uint32_t)5U; ++_i) - t[_i] = (uint128_t)(uint64_t)0U; - } - { - uint128_t b4; - uint128_t b0; - uint128_t b4_; - uint128_t b0_; - uint64_t i0; - uint64_t i1; - uint64_t i0_; - uint64_t i1_; - Hacl_Bignum_Fmul_mul_shift_reduce_(t, tmp, input2); - Hacl_Bignum_Fproduct_carry_wide_(t); - b4 = t[4U]; - b0 = t[0U]; - b4_ = b4 & (uint128_t)(uint64_t)0x7ffffffffffffU; - b0_ = b0 + (uint128_t)(uint64_t)19U * (uint64_t)(b4 >> (uint32_t)51U); - t[4U] = b4_; - t[0U] = b0_; - Hacl_Bignum_Fproduct_copy_from_wide_(output, t); - i0 = output[0U]; - i1 = output[1U]; - i0_ = i0 & (uint64_t)0x7ffffffffffffU; - i1_ = i1 + (i0 >> (uint32_t)51U); - output[0U] = i0_; - output[1U] = i1_; - } - } + uint64_t i0; + uint64_t i1; + uint64_t i0_; + uint64_t i1_; + uint128_t b4; + uint128_t b0; + uint128_t b4_; + uint128_t b0_; + uint128_t t[5]; + uint64_t tmp[5]; + t[0] = 0; + t[1] = 0; + t[2] = 0; + t[3] = 0; + t[4] = 0; + tmp[0] = input[0]; + tmp[1] = input[1]; + tmp[2] = input[2]; + tmp[3] = input[3]; + tmp[4] = input[4]; + Hacl_Bignum_Fmul_mul_shift_reduce_(t, tmp, input2); + Hacl_Bignum_Fproduct_carry_wide_(t); + b4 = t[4]; + b0 = t[0]; + b4_ = b4 & 0x7ffffffffffff; + b0_ = b0 + (uint128_t)19 * (uint64_t)(b4 >> 51); + t[4] = b4_; + t[0] = b0_; + Hacl_Bignum_Fproduct_copy_from_wide_(output, t); + i0 = output[0]; + i1 = output[1]; + i0_ = i0 & 0x7ffffffffffff; + i1_ = i1 + (i0 >> 51); + output[0] = i0_; + output[1] = i1_; } -inline static void Hacl_Bignum_Fsquare_fsquare__(uint128_t *tmp, uint64_t *output) +forceinline void +Hacl_Bignum_Fsquare_fsquare__(uint128_t *tmp, uint64_t *output) { - uint64_t r0 = output[0U]; - uint64_t r1 = output[1U]; - uint64_t r2 = output[2U]; - uint64_t r3 = output[3U]; - uint64_t r4 = output[4U]; - uint64_t d0 = r0 * (uint64_t)2U; - uint64_t d1 = r1 * (uint64_t)2U; - uint64_t d2 = r2 * (uint64_t)2U * (uint64_t)19U; - uint64_t d419 = r4 * (uint64_t)19U; - uint64_t d4 = d419 * (uint64_t)2U; + uint64_t r0 = output[0]; + uint64_t r1 = output[1]; + uint64_t r2 = output[2]; + uint64_t r3 = output[3]; + uint64_t r4 = output[4]; + uint64_t d0 = r0 * 2; + uint64_t d1 = r1 * 2; + uint64_t d2 = r2 * 2 * 19; + uint64_t d419 = r4 * 19; + uint64_t d4 = d419 * 2; uint128_t s0 = (uint128_t)r0 * r0 + (uint128_t)d4 * r1 + (uint128_t)d2 * r3; - uint128_t s1 = (uint128_t)d0 * r1 + (uint128_t)d4 * r2 + (uint128_t)(r3 * (uint64_t)19U) * r3; + uint128_t s1 = (uint128_t)d0 * r1 + (uint128_t)d4 * r2 + (uint128_t)(r3 * 19) * r3; uint128_t s2 = (uint128_t)d0 * r2 + (uint128_t)r1 * r1 + (uint128_t)d4 * r3; uint128_t s3 = (uint128_t)d0 * r3 + (uint128_t)d1 * r2 + (uint128_t)r4 * d419; uint128_t s4 = (uint128_t)d0 * r4 + (uint128_t)d1 * r3 + (uint128_t)r2 * r2; - tmp[0U] = s0; - tmp[1U] = s1; - tmp[2U] = s2; - tmp[3U] = s3; - tmp[4U] = s4; + tmp[0] = s0; + tmp[1] = s1; + tmp[2] = s2; + tmp[3] = s3; + tmp[4] = s4; } -inline static void Hacl_Bignum_Fsquare_fsquare_(uint128_t *tmp, uint64_t *output) +forceinline void +Hacl_Bignum_Fsquare_fsquare_(uint128_t *tmp, uint64_t *output) { uint128_t b4; uint128_t b0; @@ -331,19 +286,19 @@ inline static void Hacl_Bignum_Fsquare_fsquare_(uint128_t *tmp, uint64_t *output uint64_t i1_; Hacl_Bignum_Fsquare_fsquare__(tmp, output); Hacl_Bignum_Fproduct_carry_wide_(tmp); - b4 = tmp[4U]; - b0 = tmp[0U]; - b4_ = b4 & (uint128_t)(uint64_t)0x7ffffffffffffU; - b0_ = b0 + (uint128_t)(uint64_t)19U * (uint64_t)(b4 >> (uint32_t)51U); - tmp[4U] = b4_; - tmp[0U] = b0_; + b4 = tmp[4]; + b0 = tmp[0]; + b4_ = b4 & 0x7ffffffffffff; + b0_ = b0 + (uint128_t)19 * (b4 >> 51); + tmp[4] = b4_; + tmp[0] = b0_; Hacl_Bignum_Fproduct_copy_from_wide_(output, tmp); - i0 = output[0U]; - i1 = output[1U]; - i0_ = i0 & (uint64_t)0x7ffffffffffffU; - i1_ = i1 + (i0 >> (uint32_t)51U); - output[0U] = i0_; - output[1U] = i1_; + i0 = output[0]; + i1 = output[1]; + i0_ = i0 & 0x7ffffffffffff; + i1_ = i1 + (i0 >> 51); + output[0] = i0_; + output[1] = i1_; } static void @@ -351,46 +306,47 @@ Hacl_Bignum_Fsquare_fsquare_times_(uint64_t *input, uint128_t *tmp, uint32_t cou { uint32_t i; Hacl_Bignum_Fsquare_fsquare_(tmp, input); - for (i = (uint32_t)1U; i < count1; i = i + (uint32_t)1U) + for (i = 1; i < count1; ++i) Hacl_Bignum_Fsquare_fsquare_(tmp, input); } -inline static void +forceinline void Hacl_Bignum_Fsquare_fsquare_times(uint64_t *output, uint64_t *input, uint32_t count1) { - KRML_CHECK_SIZE(sizeof (uint128_t), (uint32_t)5U); - { - uint128_t t[5U]; - { - uint32_t _i; - for (_i = 0U; _i < (uint32_t)5U; ++_i) - t[_i] = (uint128_t)(uint64_t)0U; - } - memcpy(output, input, (uint32_t)5U * sizeof input[0U]); - Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1); - } + uint128_t t[5]; + t[0] = 0; + t[1] = 0; + t[2] = 0; + t[3] = 0; + t[4] = 0; + output[0] = input[0]; + output[1] = input[1]; + output[2] = input[2]; + output[3] = input[3]; + output[4] = input[4]; + Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1); } -inline static void Hacl_Bignum_Fsquare_fsquare_times_inplace(uint64_t *output, uint32_t count1) +forceinline void +Hacl_Bignum_Fsquare_fsquare_times_inplace(uint64_t *output, uint32_t count1) { - KRML_CHECK_SIZE(sizeof (uint128_t), (uint32_t)5U); - { - uint128_t t[5U]; - { - uint32_t _i; - for (_i = 0U; _i < (uint32_t)5U; ++_i) - t[_i] = (uint128_t)(uint64_t)0U; - } - Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1); - } + uint128_t t[5]; + t[0] = 0; + t[1] = 0; + t[2] = 0; + t[3] = 0; + t[4] = 0; + Hacl_Bignum_Fsquare_fsquare_times_(output, t, count1); } -inline static void Hacl_Bignum_Crecip_crecip(uint64_t *out, uint64_t *z) +forceinline void +Hacl_Bignum_Crecip_crecip(uint64_t *out, uint64_t *z) { - uint64_t buf[20U] = { 0U }; + uint32_t i; + uint64_t buf[20]; uint64_t *a0 = buf; - uint64_t *t00 = buf + (uint32_t)5U; - uint64_t *b0 = buf + (uint32_t)10U; + uint64_t *t00 = buf + 5; + uint64_t *b0 = buf + 10; uint64_t *t01; uint64_t *b1; uint64_t *c0; @@ -398,41 +354,43 @@ inline static void Hacl_Bignum_Crecip_crecip(uint64_t *out, uint64_t *z) uint64_t *t0; uint64_t *b; uint64_t *c; - Hacl_Bignum_Fsquare_fsquare_times(a0, z, (uint32_t)1U); - Hacl_Bignum_Fsquare_fsquare_times(t00, a0, (uint32_t)2U); + for (i = 0; i < 20; ++i) buf[i] = 0; + Hacl_Bignum_Fsquare_fsquare_times(a0, z, 1); + Hacl_Bignum_Fsquare_fsquare_times(t00, a0, 2); Hacl_Bignum_Fmul_fmul(b0, t00, z); Hacl_Bignum_Fmul_fmul(a0, b0, a0); - Hacl_Bignum_Fsquare_fsquare_times(t00, a0, (uint32_t)1U); + Hacl_Bignum_Fsquare_fsquare_times(t00, a0, 1); Hacl_Bignum_Fmul_fmul(b0, t00, b0); - Hacl_Bignum_Fsquare_fsquare_times(t00, b0, (uint32_t)5U); - t01 = buf + (uint32_t)5U; - b1 = buf + (uint32_t)10U; - c0 = buf + (uint32_t)15U; + Hacl_Bignum_Fsquare_fsquare_times(t00, b0, 5); + t01 = buf + 5; + b1 = buf + 10; + c0 = buf + 15; Hacl_Bignum_Fmul_fmul(b1, t01, b1); - Hacl_Bignum_Fsquare_fsquare_times(t01, b1, (uint32_t)10U); + Hacl_Bignum_Fsquare_fsquare_times(t01, b1, 10); Hacl_Bignum_Fmul_fmul(c0, t01, b1); - Hacl_Bignum_Fsquare_fsquare_times(t01, c0, (uint32_t)20U); + Hacl_Bignum_Fsquare_fsquare_times(t01, c0, 20); Hacl_Bignum_Fmul_fmul(t01, t01, c0); - Hacl_Bignum_Fsquare_fsquare_times_inplace(t01, (uint32_t)10U); + Hacl_Bignum_Fsquare_fsquare_times_inplace(t01, 10); Hacl_Bignum_Fmul_fmul(b1, t01, b1); - Hacl_Bignum_Fsquare_fsquare_times(t01, b1, (uint32_t)50U); + Hacl_Bignum_Fsquare_fsquare_times(t01, b1, 50); a = buf; - t0 = buf + (uint32_t)5U; - b = buf + (uint32_t)10U; - c = buf + (uint32_t)15U; + t0 = buf + 5; + b = buf + 10; + c = buf + 15; Hacl_Bignum_Fmul_fmul(c, t0, b); - Hacl_Bignum_Fsquare_fsquare_times(t0, c, (uint32_t)100U); + Hacl_Bignum_Fsquare_fsquare_times(t0, c, 100); Hacl_Bignum_Fmul_fmul(t0, t0, c); - Hacl_Bignum_Fsquare_fsquare_times_inplace(t0, (uint32_t)50U); + Hacl_Bignum_Fsquare_fsquare_times_inplace(t0, 50); Hacl_Bignum_Fmul_fmul(t0, t0, b); - Hacl_Bignum_Fsquare_fsquare_times_inplace(t0, (uint32_t)5U); + Hacl_Bignum_Fsquare_fsquare_times_inplace(t0, 5); Hacl_Bignum_Fmul_fmul(out, t0, a); } -inline static void Hacl_Bignum_fsum(uint64_t *a, uint64_t *b) +forceinline void +Hacl_Bignum_fsum(uint64_t *a, uint64_t *b) { uint32_t i; - for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) + for (i = 0; i < 5; ++i) { uint64_t xi = a[i]; uint64_t yi = b[i]; @@ -440,77 +398,55 @@ inline static void Hacl_Bignum_fsum(uint64_t *a, uint64_t *b) } } -inline static void Hacl_Bignum_fdifference(uint64_t *a, uint64_t *b) +forceinline void +Hacl_Bignum_fdifference(uint64_t *a, uint64_t *b) { - uint64_t tmp[5U] = { 0U }; - uint64_t b0; - uint64_t b1; - uint64_t b2; - uint64_t b3; - uint64_t b4; - memcpy(tmp, b, (uint32_t)5U * sizeof b[0U]); - b0 = tmp[0U]; - b1 = tmp[1U]; - b2 = tmp[2U]; - b3 = tmp[3U]; - b4 = tmp[4U]; - tmp[0U] = b0 + (uint64_t)0x3fffffffffff68U; - tmp[1U] = b1 + (uint64_t)0x3ffffffffffff8U; - tmp[2U] = b2 + (uint64_t)0x3ffffffffffff8U; - tmp[3U] = b3 + (uint64_t)0x3ffffffffffff8U; - tmp[4U] = b4 + (uint64_t)0x3ffffffffffff8U; + uint32_t i; + uint64_t tmp[5]; + tmp[0] = b[0] + 0x3fffffffffff68; + tmp[1] = b[1] + 0x3ffffffffffff8; + tmp[2] = b[2] + 0x3ffffffffffff8; + tmp[3] = b[3] + 0x3ffffffffffff8; + tmp[4] = b[4] + 0x3ffffffffffff8; + for (i = 0; i < 5; ++i) { - uint32_t i; - for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) - { - uint64_t xi = a[i]; - uint64_t yi = tmp[i]; - a[i] = yi - xi; - } + uint64_t xi = a[i]; + uint64_t yi = tmp[i]; + a[i] = yi - xi; } } -inline static void Hacl_Bignum_fscalar(uint64_t *output, uint64_t *b, uint64_t s) +forceinline void +Hacl_Bignum_fscalar(uint64_t *output, uint64_t *b, uint64_t s) { - KRML_CHECK_SIZE(sizeof (uint128_t), (uint32_t)5U); + uint32_t i; + uint128_t b4; + uint128_t b0; + uint128_t b4_; + uint128_t b0_; + uint128_t tmp[5]; + for (i = 0; i < 5; ++i) { - uint128_t tmp[5U]; - { - uint32_t _i; - for (_i = 0U; _i < (uint32_t)5U; ++_i) - tmp[_i] = (uint128_t)(uint64_t)0U; - } - { - uint128_t b4; - uint128_t b0; - uint128_t b4_; - uint128_t b0_; - { - uint32_t i; - for (i = (uint32_t)0U; i < (uint32_t)5U; i = i + (uint32_t)1U) - { - uint64_t xi = b[i]; - tmp[i] = (uint128_t)xi * s; - } - } - Hacl_Bignum_Fproduct_carry_wide_(tmp); - b4 = tmp[4U]; - b0 = tmp[0U]; - b4_ = b4 & (uint128_t)(uint64_t)0x7ffffffffffffU; - b0_ = b0 + (uint128_t)(uint64_t)19U * (uint64_t)(b4 >> (uint32_t)51U); - tmp[4U] = b4_; - tmp[0U] = b0_; - Hacl_Bignum_Fproduct_copy_from_wide_(output, tmp); - } + tmp[i] = (uint128_t)b[i] * s; } + Hacl_Bignum_Fproduct_carry_wide_(tmp); + b4 = tmp[4]; + b0 = tmp[0]; + b4_ = b4 & 0x7ffffffffffff; + b0_ = b0 + (uint128_t)19 * (uint64_t)(b4 >> 51); + tmp[4] = b4_; + tmp[0] = b0_; + Hacl_Bignum_Fproduct_copy_from_wide_(output, tmp); } -inline static void Hacl_Bignum_fmul(uint64_t *output, uint64_t *a, uint64_t *b) +forceinline void +Hacl_Bignum_fmul(uint64_t *output, uint64_t *a, uint64_t *b) { Hacl_Bignum_Fmul_fmul(output, a, b); } -inline static void Hacl_Bignum_crecip(uint64_t *output, uint64_t *input) +forceinline void +Hacl_Bignum_crecip(uint64_t *output, uint64_t *input) { Hacl_Bignum_Crecip_crecip(output, input); } @@ -518,7 +454,7 @@ inline static void Hacl_Bignum_crecip(uint64_t *output, uint64_t *input) static void Hacl_EC_Point_swap_conditional_step(uint64_t *a, uint64_t *b, uint64_t swap1, uint32_t ctr) { - uint32_t i = ctr - (uint32_t)1U; + uint32_t i = ctr - 1; uint64_t ai = a[i]; uint64_t bi = b[i]; uint64_t x = swap1 & (ai ^ bi); @@ -531,104 +467,115 @@ Hacl_EC_Point_swap_conditional_step(uint64_t *a, uint64_t *b, uint64_t swap1, ui static void Hacl_EC_Point_swap_conditional_(uint64_t *a, uint64_t *b, uint64_t swap1, uint32_t ctr) { - if (!(ctr == (uint32_t)0U)) + if (ctr) { - uint32_t i; Hacl_EC_Point_swap_conditional_step(a, b, swap1, ctr); - i = ctr - (uint32_t)1U; - Hacl_EC_Point_swap_conditional_(a, b, swap1, i); + Hacl_EC_Point_swap_conditional_(a, b, swap1, ctr - 1); } } -static void Hacl_EC_Point_swap_conditional(uint64_t *a, uint64_t *b, uint64_t iswap) +static void +Hacl_EC_Point_swap_conditional(uint64_t *a, uint64_t *b, uint64_t iswap) { - uint64_t swap1 = (uint64_t)0U - iswap; - Hacl_EC_Point_swap_conditional_(a, b, swap1, (uint32_t)5U); - Hacl_EC_Point_swap_conditional_(a + (uint32_t)5U, b + (uint32_t)5U, swap1, (uint32_t)5U); + uint64_t swap1 = 0 - iswap; + Hacl_EC_Point_swap_conditional_(a, b, swap1, 5); + Hacl_EC_Point_swap_conditional_(a + 5, b + 5, swap1, 5); } -static void Hacl_EC_Point_copy(uint64_t *output, uint64_t *input) +static void +Hacl_EC_Point_copy(uint64_t *output, uint64_t *input) { - memcpy(output, input, (uint32_t)5U * sizeof input[0U]); - memcpy(output + (uint32_t)5U, - input + (uint32_t)5U, - (uint32_t)5U * sizeof (input + (uint32_t)5U)[0U]); + output[0] = input[0]; + output[1] = input[1]; + output[2] = input[2]; + output[3] = input[3]; + output[4] = input[4]; + output[5] = input[5]; + output[6] = input[6]; + output[7] = input[7]; + output[8] = input[8]; + output[9] = input[9]; } -static void Hacl_EC_Format_fexpand(uint64_t *output, uint8_t *input) +static void +Hacl_EC_Format_fexpand(uint64_t *output, uint8_t *input) { uint64_t i0 = load64_le(input); - uint8_t *x00 = input + (uint32_t)6U; + uint8_t *x00 = input + 6; uint64_t i1 = load64_le(x00); - uint8_t *x01 = input + (uint32_t)12U; + uint8_t *x01 = input + 12; uint64_t i2 = load64_le(x01); - uint8_t *x02 = input + (uint32_t)19U; + uint8_t *x02 = input + 19; uint64_t i3 = load64_le(x02); - uint8_t *x0 = input + (uint32_t)24U; + uint8_t *x0 = input + 24; uint64_t i4 = load64_le(x0); - uint64_t output0 = i0 & (uint64_t)0x7ffffffffffffU; - uint64_t output1 = i1 >> (uint32_t)3U & (uint64_t)0x7ffffffffffffU; - uint64_t output2 = i2 >> (uint32_t)6U & (uint64_t)0x7ffffffffffffU; - uint64_t output3 = i3 >> (uint32_t)1U & (uint64_t)0x7ffffffffffffU; - uint64_t output4 = i4 >> (uint32_t)12U & (uint64_t)0x7ffffffffffffU; - output[0U] = output0; - output[1U] = output1; - output[2U] = output2; - output[3U] = output3; - output[4U] = output4; + uint64_t output0 = i0 & 0x7ffffffffffff; + uint64_t output1 = i1 >> 3 & 0x7ffffffffffff; + uint64_t output2 = i2 >> 6 & 0x7ffffffffffff; + uint64_t output3 = i3 >> 1 & 0x7ffffffffffff; + uint64_t output4 = i4 >> 12 & 0x7ffffffffffff; + output[0] = output0; + output[1] = output1; + output[2] = output2; + output[3] = output3; + output[4] = output4; } -static void Hacl_EC_Format_fcontract_first_carry_pass(uint64_t *input) +static void +Hacl_EC_Format_fcontract_first_carry_pass(uint64_t *input) { - uint64_t t0 = input[0U]; - uint64_t t1 = input[1U]; - uint64_t t2 = input[2U]; - uint64_t t3 = input[3U]; - uint64_t t4 = input[4U]; - uint64_t t1_ = t1 + (t0 >> (uint32_t)51U); - uint64_t t0_ = t0 & (uint64_t)0x7ffffffffffffU; - uint64_t t2_ = t2 + (t1_ >> (uint32_t)51U); - uint64_t t1__ = t1_ & (uint64_t)0x7ffffffffffffU; - uint64_t t3_ = t3 + (t2_ >> (uint32_t)51U); - uint64_t t2__ = t2_ & (uint64_t)0x7ffffffffffffU; - uint64_t t4_ = t4 + (t3_ >> (uint32_t)51U); - uint64_t t3__ = t3_ & (uint64_t)0x7ffffffffffffU; - input[0U] = t0_; - input[1U] = t1__; - input[2U] = t2__; - input[3U] = t3__; - input[4U] = t4_; + uint64_t t0 = input[0]; + uint64_t t1 = input[1]; + uint64_t t2 = input[2]; + uint64_t t3 = input[3]; + uint64_t t4 = input[4]; + uint64_t t1_ = t1 + (t0 >> 51); + uint64_t t0_ = t0 & 0x7ffffffffffff; + uint64_t t2_ = t2 + (t1_ >> 51); + uint64_t t1__ = t1_ & 0x7ffffffffffff; + uint64_t t3_ = t3 + (t2_ >> 51); + uint64_t t2__ = t2_ & 0x7ffffffffffff; + uint64_t t4_ = t4 + (t3_ >> 51); + uint64_t t3__ = t3_ & 0x7ffffffffffff; + input[0] = t0_; + input[1] = t1__; + input[2] = t2__; + input[3] = t3__; + input[4] = t4_; } -static void Hacl_EC_Format_fcontract_first_carry_full(uint64_t *input) +static void +Hacl_EC_Format_fcontract_first_carry_full(uint64_t *input) { Hacl_EC_Format_fcontract_first_carry_pass(input); Hacl_Bignum_Modulo_carry_top(input); } -static void Hacl_EC_Format_fcontract_second_carry_pass(uint64_t *input) +static void +Hacl_EC_Format_fcontract_second_carry_pass(uint64_t *input) { - uint64_t t0 = input[0U]; - uint64_t t1 = input[1U]; - uint64_t t2 = input[2U]; - uint64_t t3 = input[3U]; - uint64_t t4 = input[4U]; - uint64_t t1_ = t1 + (t0 >> (uint32_t)51U); - uint64_t t0_ = t0 & (uint64_t)0x7ffffffffffffU; - uint64_t t2_ = t2 + (t1_ >> (uint32_t)51U); - uint64_t t1__ = t1_ & (uint64_t)0x7ffffffffffffU; - uint64_t t3_ = t3 + (t2_ >> (uint32_t)51U); - uint64_t t2__ = t2_ & (uint64_t)0x7ffffffffffffU; - uint64_t t4_ = t4 + (t3_ >> (uint32_t)51U); - uint64_t t3__ = t3_ & (uint64_t)0x7ffffffffffffU; - input[0U] = t0_; - input[1U] = t1__; - input[2U] = t2__; - input[3U] = t3__; - input[4U] = t4_; + uint64_t t0 = input[0]; + uint64_t t1 = input[1]; + uint64_t t2 = input[2]; + uint64_t t3 = input[3]; + uint64_t t4 = input[4]; + uint64_t t1_ = t1 + (t0 >> 51); + uint64_t t0_ = t0 & 0x7ffffffffffff; + uint64_t t2_ = t2 + (t1_ >> 51); + uint64_t t1__ = t1_ & 0x7ffffffffffff; + uint64_t t3_ = t3 + (t2_ >> 51); + uint64_t t2__ = t2_ & 0x7ffffffffffff; + uint64_t t4_ = t4 + (t3_ >> 51); + uint64_t t3__ = t3_ & 0x7ffffffffffff; + input[0] = t0_; + input[1] = t1__; + input[2] = t2__; + input[3] = t3__; + input[4] = t4_; } -static void Hacl_EC_Format_fcontract_second_carry_full(uint64_t *input) +static void +Hacl_EC_Format_fcontract_second_carry_full(uint64_t *input) { uint64_t i0; uint64_t i1; @@ -636,61 +583,64 @@ static void Hacl_EC_Format_fcontract_second_carry_full(uint64_t *input) uint64_t i1_; Hacl_EC_Format_fcontract_second_carry_pass(input); Hacl_Bignum_Modulo_carry_top(input); - i0 = input[0U]; - i1 = input[1U]; - i0_ = i0 & (uint64_t)0x7ffffffffffffU; - i1_ = i1 + (i0 >> (uint32_t)51U); - input[0U] = i0_; - input[1U] = i1_; + i0 = input[0]; + i1 = input[1]; + i0_ = i0 & 0x7ffffffffffff; + i1_ = i1 + (i0 >> 51); + input[0] = i0_; + input[1] = i1_; } -static void Hacl_EC_Format_fcontract_trim(uint64_t *input) +static void +Hacl_EC_Format_fcontract_trim(uint64_t *input) { - uint64_t a0 = input[0U]; - uint64_t a1 = input[1U]; - uint64_t a2 = input[2U]; - uint64_t a3 = input[3U]; - uint64_t a4 = input[4U]; - uint64_t mask0 = FStar_UInt64_gte_mask(a0, (uint64_t)0x7ffffffffffedU); - uint64_t mask1 = FStar_UInt64_eq_mask(a1, (uint64_t)0x7ffffffffffffU); - uint64_t mask2 = FStar_UInt64_eq_mask(a2, (uint64_t)0x7ffffffffffffU); - uint64_t mask3 = FStar_UInt64_eq_mask(a3, (uint64_t)0x7ffffffffffffU); - uint64_t mask4 = FStar_UInt64_eq_mask(a4, (uint64_t)0x7ffffffffffffU); + uint64_t a0 = input[0]; + uint64_t a1 = input[1]; + uint64_t a2 = input[2]; + uint64_t a3 = input[3]; + uint64_t a4 = input[4]; + uint64_t mask0 = FStar_UInt64_gte_mask(a0, 0x7ffffffffffed); + uint64_t mask1 = FStar_UInt64_eq_mask( a1, 0x7ffffffffffff); + uint64_t mask2 = FStar_UInt64_eq_mask( a2, 0x7ffffffffffff); + uint64_t mask3 = FStar_UInt64_eq_mask( a3, 0x7ffffffffffff); + uint64_t mask4 = FStar_UInt64_eq_mask( a4, 0x7ffffffffffff); uint64_t mask = (((mask0 & mask1) & mask2) & mask3) & mask4; - uint64_t a0_ = a0 - ((uint64_t)0x7ffffffffffedU & mask); - uint64_t a1_ = a1 - ((uint64_t)0x7ffffffffffffU & mask); - uint64_t a2_ = a2 - ((uint64_t)0x7ffffffffffffU & mask); - uint64_t a3_ = a3 - ((uint64_t)0x7ffffffffffffU & mask); - uint64_t a4_ = a4 - ((uint64_t)0x7ffffffffffffU & mask); - input[0U] = a0_; - input[1U] = a1_; - input[2U] = a2_; - input[3U] = a3_; - input[4U] = a4_; + uint64_t a0_ = a0 - (0x7ffffffffffed & mask); + uint64_t a1_ = a1 - (0x7ffffffffffff & mask); + uint64_t a2_ = a2 - (0x7ffffffffffff & mask); + uint64_t a3_ = a3 - (0x7ffffffffffff & mask); + uint64_t a4_ = a4 - (0x7ffffffffffff & mask); + input[0] = a0_; + input[1] = a1_; + input[2] = a2_; + input[3] = a3_; + input[4] = a4_; } -static void Hacl_EC_Format_fcontract_store(uint8_t *output, uint64_t *input) +static void +Hacl_EC_Format_fcontract_store(uint8_t *output, uint64_t *input) { - uint64_t t0 = input[0U]; - uint64_t t1 = input[1U]; - uint64_t t2 = input[2U]; - uint64_t t3 = input[3U]; - uint64_t t4 = input[4U]; - uint64_t o0 = t1 << (uint32_t)51U | t0; - uint64_t o1 = t2 << (uint32_t)38U | t1 >> (uint32_t)13U; - uint64_t o2 = t3 << (uint32_t)25U | t2 >> (uint32_t)26U; - uint64_t o3 = t4 << (uint32_t)12U | t3 >> (uint32_t)39U; + uint64_t t0 = input[0]; + uint64_t t1 = input[1]; + uint64_t t2 = input[2]; + uint64_t t3 = input[3]; + uint64_t t4 = input[4]; + uint64_t o0 = t1 << 51 | t0; + uint64_t o1 = t2 << 38 | t1 >> 13; + uint64_t o2 = t3 << 25 | t2 >> 26; + uint64_t o3 = t4 << 12 | t3 >> 39; uint8_t *b0 = output; - uint8_t *b1 = output + (uint32_t)8U; - uint8_t *b2 = output + (uint32_t)16U; - uint8_t *b3 = output + (uint32_t)24U; + uint8_t *b1 = output + 8; + uint8_t *b2 = output + 16; + uint8_t *b3 = output + 24; store64_le(b0, o0); store64_le(b1, o1); store64_le(b2, o2); store64_le(b3, o3); } -static void Hacl_EC_Format_fcontract(uint8_t *output, uint64_t *input) +static void +Hacl_EC_Format_fcontract(uint8_t *output, uint64_t *input) { Hacl_EC_Format_fcontract_first_carry_full(input); Hacl_EC_Format_fcontract_second_carry_full(input); @@ -698,13 +648,16 @@ static void Hacl_EC_Format_fcontract(uint8_t *output, uint64_t *input) Hacl_EC_Format_fcontract_store(output, input); } -static void Hacl_EC_Format_scalar_of_point(uint8_t *scalar, uint64_t *point) +static void +Hacl_EC_Format_scalar_of_point(uint8_t *scalar, uint64_t *point) { + uint32_t i; uint64_t *x = point; - uint64_t *z = point + (uint32_t)5U; - uint64_t buf[10U] = { 0U }; + uint64_t *z = point + 5; + uint64_t buf[10]; uint64_t *zmone = buf; - uint64_t *sc = buf + (uint32_t)5U; + uint64_t *sc = buf + 5; + for (i = 0; i < 10; ++i) buf[i] = 0; Hacl_Bignum_crecip(zmone, z); Hacl_Bignum_fmul(sc, x, zmone); Hacl_EC_Format_fcontract(scalar, sc); @@ -719,20 +672,21 @@ Hacl_EC_AddAndDouble_fmonty( uint64_t *qmqp ) { + uint32_t i; uint64_t *qx = qmqp; uint64_t *x2 = pp; - uint64_t *z2 = pp + (uint32_t)5U; + uint64_t *z2 = pp + 5; uint64_t *x3 = ppq; - uint64_t *z3 = ppq + (uint32_t)5U; + uint64_t *z3 = ppq + 5; uint64_t *x = p; - uint64_t *z = p + (uint32_t)5U; + uint64_t *z = p + 5; uint64_t *xprime = pq; - uint64_t *zprime = pq + (uint32_t)5U; - uint64_t buf[40U] = { 0U }; + uint64_t *zprime = pq + 5; + uint64_t buf[40]; uint64_t *origx = buf; - uint64_t *origxprime0 = buf + (uint32_t)5U; - uint64_t *xxprime0 = buf + (uint32_t)25U; - uint64_t *zzprime0 = buf + (uint32_t)30U; + uint64_t *origxprime0 = buf + 5; + uint64_t *xxprime0 = buf + 25; + uint64_t *zzprime0 = buf + 30; uint64_t *origxprime; uint64_t *xx0; uint64_t *zz0; @@ -743,34 +697,47 @@ Hacl_EC_AddAndDouble_fmonty( uint64_t *xx; uint64_t *zz; uint64_t scalar; - memcpy(origx, x, (uint32_t)5U * sizeof x[0U]); + for (i = 0; i < 40; ++i) buf[i] = 0; + origx[0] = x[0]; + origx[1] = x[1]; + origx[2] = x[2]; + origx[3] = x[3]; + origx[4] = x[4]; Hacl_Bignum_fsum(x, z); Hacl_Bignum_fdifference(z, origx); - memcpy(origxprime0, xprime, (uint32_t)5U * sizeof xprime[0U]); + origxprime0[0] = xprime[0]; + origxprime0[1] = xprime[1]; + origxprime0[2] = xprime[2]; + origxprime0[3] = xprime[3]; + origxprime0[4] = xprime[4]; Hacl_Bignum_fsum(xprime, zprime); Hacl_Bignum_fdifference(zprime, origxprime0); Hacl_Bignum_fmul(xxprime0, xprime, z); Hacl_Bignum_fmul(zzprime0, x, zprime); - origxprime = buf + (uint32_t)5U; - xx0 = buf + (uint32_t)15U; - zz0 = buf + (uint32_t)20U; - xxprime = buf + (uint32_t)25U; - zzprime = buf + (uint32_t)30U; - zzzprime = buf + (uint32_t)35U; - memcpy(origxprime, xxprime, (uint32_t)5U * sizeof xxprime[0U]); + origxprime = buf + 5; + xx0 = buf + 15; + zz0 = buf + 20; + xxprime = buf + 25; + zzprime = buf + 30; + zzzprime = buf + 35; + origxprime[0] = xxprime[0]; + origxprime[1] = xxprime[1]; + origxprime[2] = xxprime[2]; + origxprime[3] = xxprime[3]; + origxprime[4] = xxprime[4]; Hacl_Bignum_fsum(xxprime, zzprime); Hacl_Bignum_fdifference(zzprime, origxprime); - Hacl_Bignum_Fsquare_fsquare_times(x3, xxprime, (uint32_t)1U); - Hacl_Bignum_Fsquare_fsquare_times(zzzprime, zzprime, (uint32_t)1U); + Hacl_Bignum_Fsquare_fsquare_times(x3, xxprime, 1); + Hacl_Bignum_Fsquare_fsquare_times(zzzprime, zzprime, 1); Hacl_Bignum_fmul(z3, zzzprime, qx); - Hacl_Bignum_Fsquare_fsquare_times(xx0, x, (uint32_t)1U); - Hacl_Bignum_Fsquare_fsquare_times(zz0, z, (uint32_t)1U); - zzz = buf + (uint32_t)10U; - xx = buf + (uint32_t)15U; - zz = buf + (uint32_t)20U; + Hacl_Bignum_Fsquare_fsquare_times(xx0, x, 1); + Hacl_Bignum_Fsquare_fsquare_times(zz0, z, 1); + zzz = buf + 10; + xx = buf + 15; + zz = buf + 20; Hacl_Bignum_fmul(x2, xx, zz); Hacl_Bignum_fdifference(zz, xx); - scalar = (uint64_t)121665U; + scalar = 121665; Hacl_Bignum_fscalar(zzz, zz, scalar); Hacl_Bignum_fsum(zzz, xx); Hacl_Bignum_fmul(z2, zzz, zz); @@ -786,11 +753,9 @@ Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step( uint8_t byt ) { - uint64_t bit0 = (uint64_t)(byt >> (uint32_t)7U); - uint64_t bit; - Hacl_EC_Point_swap_conditional(nq, nqpq, bit0); + uint64_t bit = byt >> 7; + Hacl_EC_Point_swap_conditional(nq, nqpq, bit); Hacl_EC_AddAndDouble_fmonty(nq2, nqpq2, nq, nqpq, q); - bit = (uint64_t)(byt >> (uint32_t)7U); Hacl_EC_Point_swap_conditional(nq2, nqpq2, bit); } @@ -804,10 +769,8 @@ Hacl_EC_Ladder_SmallLoop_cmult_small_loop_double_step( uint8_t byt ) { - uint8_t byt1; Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(nq, nqpq, nq2, nqpq2, q, byt); - byt1 = byt << (uint32_t)1U; - Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(nq2, nqpq2, nq, nqpq, q, byt1); + Hacl_EC_Ladder_SmallLoop_cmult_small_loop_step(nq2, nqpq2, nq, nqpq, q, byt<<1); } static void @@ -821,13 +784,11 @@ Hacl_EC_Ladder_SmallLoop_cmult_small_loop( uint32_t i ) { - if (!(i == (uint32_t)0U)) + if (i) { - uint32_t i_ = i - (uint32_t)1U; - uint8_t byt_; + uint32_t i_ = i - 1; Hacl_EC_Ladder_SmallLoop_cmult_small_loop_double_step(nq, nqpq, nq2, nqpq2, q, byt); - byt_ = byt << (uint32_t)2U; - Hacl_EC_Ladder_SmallLoop_cmult_small_loop(nq, nqpq, nq2, nqpq2, q, byt_, i_); + Hacl_EC_Ladder_SmallLoop_cmult_small_loop(nq, nqpq, nq2, nqpq2, q, byt << 2, i_); } } @@ -842,82 +803,89 @@ Hacl_EC_Ladder_BigLoop_cmult_big_loop( uint32_t i ) { - if (!(i == (uint32_t)0U)) + if (i) { - uint32_t i1 = i - (uint32_t)1U; + uint32_t i1 = i - 1; uint8_t byte = n1[i1]; - Hacl_EC_Ladder_SmallLoop_cmult_small_loop(nq, nqpq, nq2, nqpq2, q, byte, (uint32_t)4U); + Hacl_EC_Ladder_SmallLoop_cmult_small_loop(nq, nqpq, nq2, nqpq2, q, byte, 4); Hacl_EC_Ladder_BigLoop_cmult_big_loop(n1, nq, nqpq, nq2, nqpq2, q, i1); } } static void Hacl_EC_Ladder_cmult(uint64_t *result, uint8_t *n1, uint64_t *q) { - uint64_t point_buf[40U] = { 0U }; + uint32_t i; + uint64_t point_buf[40]; uint64_t *nq = point_buf; - uint64_t *nqpq = point_buf + (uint32_t)10U; - uint64_t *nq2 = point_buf + (uint32_t)20U; - uint64_t *nqpq2 = point_buf + (uint32_t)30U; + uint64_t *nqpq = point_buf + 10; + uint64_t *nq2 = point_buf + 20; + uint64_t *nqpq2 = point_buf + 30; + for (i = 0; i < 40; ++i) point_buf[i] = 0; Hacl_EC_Point_copy(nqpq, q); - nq[0U] = (uint64_t)1U; - Hacl_EC_Ladder_BigLoop_cmult_big_loop(n1, nq, nqpq, nq2, nqpq2, q, (uint32_t)32U); + nq[0] = 1; + Hacl_EC_Ladder_BigLoop_cmult_big_loop(n1, nq, nqpq, nq2, nqpq2, q, 32); Hacl_EC_Point_copy(result, nq); } -static void Hacl_Curve25519_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint) +static void +Hacl_Curve25519_crypto_scalarmult(uint8_t *mypublic, uint8_t *secret, uint8_t *basepoint) { - uint64_t buf0[10U] = { 0U }; + uint32_t i; + uint64_t buf0[10]; uint64_t *x0 = buf0; - uint64_t *z = buf0 + (uint32_t)5U; - uint64_t *q; + uint64_t *z = buf0 + 5; + for (i = 0; i < 10; ++i) buf0[i] = 0; Hacl_EC_Format_fexpand(x0, basepoint); - z[0U] = (uint64_t)1U; - q = buf0; + z[0] = 1; { - uint8_t e[32U] = { 0U }; + uint8_t e[32]; uint8_t e0; uint8_t e31; uint8_t e01; uint8_t e311; uint8_t e312; uint8_t *scalar; - memcpy(e, secret, (uint32_t)32U * sizeof secret[0U]); - e0 = e[0U]; - e31 = e[31U]; - e01 = e0 & (uint8_t)248U; - e311 = e31 & (uint8_t)127U; - e312 = e311 | (uint8_t)64U; - e[0U] = e01; - e[31U] = e312; + for (i = 0; i < 32; ++i) { + e[i] = secret[i]; + } + e0 = e[0]; + e31 = e[31]; + e01 = e0 & 248; + e311 = e31 & 127; + e312 = e311 | 64; + e[0] = e01; + e[31] = e312; scalar = e; { - uint64_t buf[15U] = { 0U }; - uint64_t *nq = buf; - uint64_t *x = nq; - x[0U] = (uint64_t)1U; - Hacl_EC_Ladder_cmult(nq, scalar, q); - Hacl_EC_Format_scalar_of_point(mypublic, nq); + uint64_t buf[15]; + buf[0] = 1; + for (i = 1; i < 15; ++i) buf[i] = 0; + Hacl_EC_Ladder_cmult(buf, scalar, buf0); + Hacl_EC_Format_scalar_of_point(mypublic, buf); } } } -static void mbedtls_x25519_init( mbedtls_x25519_context *ctx ) +static void +mbedtls_x25519_init( mbedtls_x25519_context *ctx ) { mbedtls_platform_zeroize( ctx, sizeof( mbedtls_x25519_context ) ); } -static void mbedtls_x25519_free( mbedtls_x25519_context *ctx ) +static void +mbedtls_x25519_free( mbedtls_x25519_context *ctx ) { - if( ctx == NULL ) + if( !ctx ) return; mbedtls_platform_zeroize( ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES ); mbedtls_platform_zeroize( ctx->peer_point, MBEDTLS_X25519_KEY_SIZE_BYTES ); } -static int mbedtls_x25519_make_params( mbedtls_x25519_context *ctx, size_t *olen, - unsigned char *buf, size_t blen, - int( *f_rng )(void *, unsigned char *, size_t), - void *p_rng ) +static int +mbedtls_x25519_make_params( mbedtls_x25519_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int( *f_rng )(void *, unsigned char *, size_t), + void *p_rng ) { int ret = 0; uint8_t base[MBEDTLS_X25519_KEY_SIZE_BYTES] = {0}; @@ -933,13 +901,14 @@ static int mbedtls_x25519_make_params( mbedtls_x25519_context *ctx, size_t *olen base[0] = 9; Hacl_Curve25519_crypto_scalarmult( buf, ctx->our_secret, base ); base[0] = 0; - if( memcmp( buf, base, MBEDTLS_X25519_KEY_SIZE_BYTES) == 0 ) + if( timingsafe_memcmp( buf, base, MBEDTLS_X25519_KEY_SIZE_BYTES) == 0 ) return MBEDTLS_ERR_ECP_RANDOM_FAILED; return( 0 ); } -static int mbedtls_x25519_read_params( mbedtls_x25519_context *ctx, - const unsigned char **buf, const unsigned char *end ) +static int +mbedtls_x25519_read_params( mbedtls_x25519_context *ctx, + const unsigned char **buf, const unsigned char *end ) { if( end - *buf < MBEDTLS_X25519_KEY_SIZE_BYTES + 1 ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); @@ -950,27 +919,33 @@ static int mbedtls_x25519_read_params( mbedtls_x25519_context *ctx, return( 0 ); } -static int mbedtls_x25519_get_params( mbedtls_x25519_context *ctx, const mbedtls_ecp_keypair *key, - mbedtls_x25519_ecdh_side side ) +static int +mbedtls_x25519_get_params( mbedtls_x25519_context *ctx, const mbedtls_ecp_keypair *key, + mbedtls_x25519_ecdh_side side ) { size_t olen = 0; switch( side ) { case MBEDTLS_X25519_ECDH_THEIRS: - return mbedtls_ecp_point_write_binary( &key->grp, &key->Q, MBEDTLS_ECP_PF_COMPRESSED, &olen, ctx->peer_point, MBEDTLS_X25519_KEY_SIZE_BYTES ); + return mbedtls_ecp_point_write_binary( &key->grp, &key->Q, + MBEDTLS_ECP_PF_COMPRESSED, + &olen, ctx->peer_point, + MBEDTLS_X25519_KEY_SIZE_BYTES ); case MBEDTLS_X25519_ECDH_OURS: - return mbedtls_mpi_write_binary_le( &key->d, ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES ); + return mbedtls_mpi_write_binary_le( &key->d, ctx->our_secret, + MBEDTLS_X25519_KEY_SIZE_BYTES ); default: return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); } } -static int mbedtls_x25519_calc_secret( mbedtls_x25519_context *ctx, size_t *olen, - unsigned char *buf, size_t blen, - int( *f_rng )(void *, unsigned char *, size_t), - void *p_rng ) +static int +mbedtls_x25519_calc_secret( mbedtls_x25519_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int( *f_rng )(void *, unsigned char *, size_t), + void *p_rng ) { /* f_rng and p_rng are not used here because this implementation does not - need blinding since it has constant trace. */ + need blinding since it has constant trace. (todo(jart): wut?) */ (( void )f_rng); (( void )p_rng); *olen = MBEDTLS_X25519_KEY_SIZE_BYTES; @@ -979,15 +954,16 @@ static int mbedtls_x25519_calc_secret( mbedtls_x25519_context *ctx, size_t *olen Hacl_Curve25519_crypto_scalarmult( buf, ctx->our_secret, ctx->peer_point); /* Wipe the DH secret and don't let the peer chose a small subgroup point */ mbedtls_platform_zeroize( ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES ); - if( memcmp( buf, ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES) == 0 ) + if( timingsafe_memcmp( buf, ctx->our_secret, MBEDTLS_X25519_KEY_SIZE_BYTES ) == 0 ) return MBEDTLS_ERR_ECP_RANDOM_FAILED; return( 0 ); } -static int mbedtls_x25519_make_public( mbedtls_x25519_context *ctx, size_t *olen, - unsigned char *buf, size_t blen, - int( *f_rng )(void *, unsigned char *, size_t), - void *p_rng ) +static int +mbedtls_x25519_make_public( mbedtls_x25519_context *ctx, size_t *olen, + unsigned char *buf, size_t blen, + int( *f_rng )(void *, unsigned char *, size_t), + void *p_rng ) { int ret = 0; unsigned char base[MBEDTLS_X25519_KEY_SIZE_BYTES] = { 0 }; @@ -1007,8 +983,9 @@ static int mbedtls_x25519_make_public( mbedtls_x25519_context *ctx, size_t *olen return( ret ); } -static int mbedtls_x25519_read_public( mbedtls_x25519_context *ctx, - const unsigned char *buf, size_t blen ) +static int +mbedtls_x25519_read_public( mbedtls_x25519_context *ctx, + const unsigned char *buf, size_t blen ) { if( blen < MBEDTLS_X25519_KEY_SIZE_BYTES + 1 ) return(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL); @@ -1187,7 +1164,7 @@ int mbedtls_everest_read_public( mbedtls_ecdh_context_everest *ctx, const unsigned char *buf, size_t blen ) { mbedtls_x25519_context *x25519_ctx = &ctx->ctx; - return mbedtls_x25519_read_public ( x25519_ctx, buf, blen ); + return mbedtls_x25519_read_public( x25519_ctx, buf, blen ); } /** diff --git a/third_party/mbedtls/fastdiv.h b/third_party/mbedtls/fastdiv.h new file mode 100644 index 000000000..9f50adfac --- /dev/null +++ b/third_party/mbedtls/fastdiv.h @@ -0,0 +1,34 @@ +#ifndef COSMOPOLITAN_THIRD_PARTY_MBEDTLS_FASTDIV_H_ +#define COSMOPOLITAN_THIRD_PARTY_MBEDTLS_FASTDIV_H_ +#include "libc/macros.internal.h" +#if !(__ASSEMBLER__ + __LINKER__ + 0) +COSMOPOLITAN_C_START_ + +struct Divisor { + uint64_t m; + uint8_t s; + uint8_t t; +}; + +static inline struct Divisor GetDivisor(uint64_t d) { + int b; + uint128_t x; + b = __builtin_clzll(d) ^ 63; + x = -d & (((1ull << b) - 1) | (1ull << b)); + return (struct Divisor){(x << 64) / d + 1, MIN(1, b + 1), MAX(0, b)}; +} + +forceinline uint64_t Divide(uint64_t x, struct Divisor d) { + uint128_t t; + uint64_t l, h; + t = d.m; + t *= x; + l = t; + h = t >> 64; + l = (x - h) >> d.s; + return (h + l) >> d.t; +} + +COSMOPOLITAN_C_END_ +#endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */ +#endif /* COSMOPOLITAN_THIRD_PARTY_MBEDTLS_FASTDIV_H_ */ diff --git a/third_party/mbedtls/gcm.c b/third_party/mbedtls/gcm.c index a28cf7308..9bb6342eb 100644 --- a/third_party/mbedtls/gcm.c +++ b/third_party/mbedtls/gcm.c @@ -1,10 +1,29 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "libc/bits/bits.h" #include "libc/bits/likely.h" +#include "libc/log/log.h" #include "libc/nexgen32e/x86feature.h" #include "libc/runtime/runtime.h" #include "libc/str/str.h" #include "third_party/mbedtls/aes.h" #include "third_party/mbedtls/aesni.h" +#include "third_party/mbedtls/cipher.h" #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/endian.h" #include "third_party/mbedtls/error.h" @@ -69,7 +88,7 @@ asm(".include \"libc/disclaimer.inc\""); void mbedtls_gcm_init( mbedtls_gcm_context *ctx ) { GCM_VALIDATE( ctx != NULL ); - memset( ctx, 0, sizeof( mbedtls_gcm_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_gcm_context ) ); } /* @@ -87,7 +106,7 @@ static int gcm_gen_table( mbedtls_gcm_context *ctx ) uint64_t vl, vh; unsigned char h[16]; size_t olen = 0; - memset( h, 0, 16 ); + mbedtls_platform_zeroize( h, 16 ); if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, h, 16, h, &olen ) ) != 0 ) return( ret ); vh = READ64BE( h + 0 ); @@ -146,7 +165,7 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx, const unsigned char *key, unsigned int keybits ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; const mbedtls_cipher_info_t *cipher_info; GCM_VALIDATE_RET( ctx != NULL ); GCM_VALIDATE_RET( key != NULL ); @@ -158,10 +177,11 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx, if( cipher_info->block_size != 16 ) return( MBEDTLS_ERR_GCM_BAD_INPUT ); mbedtls_cipher_free( &ctx->cipher_ctx ); + ctx->cipher = cipher; if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 ) return( ret ); if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits, - MBEDTLS_ENCRYPT ) ) != 0 ) { + MBEDTLS_ENCRYPT ) ) != 0 ) { return( ret ); } if( ( ret = gcm_gen_table( ctx ) ) != 0 ) @@ -250,7 +270,7 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, const unsigned char *p; size_t use_len, olen = 0; unsigned char work_buf[16]; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; GCM_VALIDATE_RET( ctx != NULL ); GCM_VALIDATE_RET( iv != NULL ); GCM_VALIDATE_RET( add_len == 0 || add != NULL ); @@ -261,8 +281,8 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, ( (uint64_t) add_len ) >> 61 != 0 ) { return( MBEDTLS_ERR_GCM_BAD_INPUT ); } - memset( ctx->y, 0x00, sizeof(ctx->y) ); - memset( ctx->buf, 0x00, sizeof(ctx->buf) ); + mbedtls_platform_zeroize( ctx->y, sizeof(ctx->y) ); + mbedtls_platform_zeroize( ctx->buf, sizeof(ctx->buf) ); ctx->mode = mode; ctx->len = 0; ctx->add_len = 0; @@ -270,7 +290,7 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, memcpy( ctx->y, iv, iv_len ); ctx->y[15] = 1; } else { - memset( work_buf, 0x00, 16 ); + mbedtls_platform_zeroize( work_buf, 16 ); PUT_UINT32_BE( iv_len * 8, work_buf, 12 ); p = iv; while( iv_len > 0 ) { @@ -334,14 +354,14 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx, { size_t i, j; uint64_t a, b; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char ectr[16]; const unsigned char *p; unsigned char *q, *out_p = output; size_t olen = 0; - GCM_VALIDATE_RET( ctx != NULL ); - GCM_VALIDATE_RET( length == 0 || input != NULL ); - GCM_VALIDATE_RET( length == 0 || output != NULL ); + GCM_VALIDATE_RET( ctx ); + GCM_VALIDATE_RET( !length || input ); + GCM_VALIDATE_RET( !length || output ); if( output > input && (size_t) ( output - input ) < length ) return( MBEDTLS_ERR_GCM_BAD_INPUT ); /* Total length is restricted to 2^39 - 256 bits, ie 2^36 - 2^5 bytes @@ -529,7 +549,7 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx, size_t tag_len, unsigned char *tag ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; GCM_VALIDATE_RET( ctx != NULL ); GCM_VALIDATE_RET( iv != NULL ); GCM_VALIDATE_RET( add_len == 0 || add != NULL ); @@ -589,7 +609,7 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx, const unsigned char *input, unsigned char *output ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char check_tag[16]; size_t i; int diff; diff --git a/third_party/mbedtls/gcm.h b/third_party/mbedtls/gcm.h index 181051f5d..a9ea4c1d9 100644 --- a/third_party/mbedtls/gcm.h +++ b/third_party/mbedtls/gcm.h @@ -22,6 +22,7 @@ typedef struct mbedtls_gcm_context { uint64_t H8[2]; /*!< For AES-NI. */ uint64_t HL[16]; /*!< Precalculated HTable low. */ uint64_t HH[16]; /*!< Precalculated HTable high. */ + mbedtls_cipher_id_t cipher; /*!< The cipher being used. */ } mbedtls_gcm_context; void mbedtls_gcm_init( mbedtls_gcm_context * ); diff --git a/third_party/mbedtls/getalertdescription.c b/third_party/mbedtls/getalertdescription.c index 641418494..fe1a15e8d 100644 --- a/third_party/mbedtls/getalertdescription.c +++ b/third_party/mbedtls/getalertdescription.c @@ -1,20 +1,19 @@ -/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ │vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ ╞══════════════════════════════════════════════════════════════════════════════╡ -│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ Copyright The Mbed TLS Contributors │ │ │ -│ Permission to use, copy, modify, and/or distribute this software for │ -│ any purpose with or without fee is hereby granted, provided that the │ -│ above copyright notice and this permission notice appear in all copies. │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ │ │ -│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ -│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ -│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ -│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ -│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ -│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ -│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ -│ PERFORMANCE OF THIS SOFTWARE. │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ ╚─────────────────────────────────────────────────────────────────────────────*/ #include "libc/fmt/itoa.h" #include "third_party/mbedtls/iana.h" diff --git a/third_party/mbedtls/getciphersuite.c b/third_party/mbedtls/getciphersuite.c new file mode 100644 index 000000000..eb08c7c54 --- /dev/null +++ b/third_party/mbedtls/getciphersuite.c @@ -0,0 +1,53 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ │ +│ Permission to use, copy, modify, and/or distribute this software for │ +│ any purpose with or without fee is hereby granted, provided that the │ +│ above copyright notice and this permission notice appear in all copies. │ +│ │ +│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ +│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ +│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ +│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ +│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ +│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ +│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ +│ PERFORMANCE OF THIS SOFTWARE. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "third_party/mbedtls/ssl_ciphersuites.h" + +#define S32(S) (S[0] << 24 | S[1] << 16 | S[2] << 8 | S[3]) + +/** + * Returns ciphersuite info by IANA name. + * + * This API provides some wiggle room for naming, e.g. + * + * - ECDHE-ECDSA-AES256-GCM-SHA384 (preferred) + * - ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 + * - TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 + * - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (canonical) + * + * All of the above are acceptable names for 0xC02C. + */ +const mbedtls_ssl_ciphersuite_t *GetCipherSuite(const char *s) { + int i, j; + char b[50]; + uint32_t w; + unsigned char c; + for (i = j = w = 0; (c = s[i++]);) { + if (c == '_') c = '-'; // _ → - + if ('a' <= c && c <= 'z') c -= 'a' - 'A'; // a-z → A-Z + if (c == '-' && w == S32("WITH")) j -= 5; // WITH- → - + if (w == S32("TLS-")) j -= 4; // TLS- → + w = w << 8 | c; // ------- ------ + if (w == S32("AES-")) continue; // AES-XXX → AESXXX + if (w == S32("SHA1")) continue; // SHA1 → SHA + if (!(0 <= j && j + 1 < sizeof(b))) return 0; + b[j++] = c; + } + b[j++] = 0; + return mbedtls_ssl_ciphersuite_from_string(b); +} diff --git a/third_party/mbedtls/getciphersuitename.c b/third_party/mbedtls/getciphersuitename.c index 1dac812c8..3b722d3e2 100644 --- a/third_party/mbedtls/getciphersuitename.c +++ b/third_party/mbedtls/getciphersuitename.c @@ -1,20 +1,19 @@ -/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ │vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ ╞══════════════════════════════════════════════════════════════════════════════╡ -│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ Copyright The Mbed TLS Contributors │ │ │ -│ Permission to use, copy, modify, and/or distribute this software for │ -│ any purpose with or without fee is hereby granted, provided that the │ -│ above copyright notice and this permission notice appear in all copies. │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ │ │ -│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ -│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ -│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ -│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ -│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ -│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ -│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ -│ PERFORMANCE OF THIS SOFTWARE. │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ ╚─────────────────────────────────────────────────────────────────────────────*/ #include "third_party/mbedtls/iana.h" diff --git a/third_party/mbedtls/getsslstatename.c b/third_party/mbedtls/getsslstatename.c new file mode 100644 index 000000000..7474b8fc3 --- /dev/null +++ b/third_party/mbedtls/getsslstatename.c @@ -0,0 +1,64 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ │ +│ Permission to use, copy, modify, and/or distribute this software for │ +│ any purpose with or without fee is hereby granted, provided that the │ +│ above copyright notice and this permission notice appear in all copies. │ +│ │ +│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ +│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ +│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ +│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ +│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ +│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ +│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ +│ PERFORMANCE OF THIS SOFTWARE. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "third_party/mbedtls/ssl.h" + +const char *GetSslStateName(mbedtls_ssl_states x) { + switch (x) { + case MBEDTLS_SSL_HELLO_REQUEST: + return "HELLO_REQUEST"; + case MBEDTLS_SSL_CLIENT_HELLO: + return "CLIENT_HELLO"; + case MBEDTLS_SSL_SERVER_HELLO: + return "SERVER_HELLO"; + case MBEDTLS_SSL_SERVER_CERTIFICATE: + return "SERVER_CERTIFICATE"; + case MBEDTLS_SSL_SERVER_KEY_EXCHANGE: + return "SERVER_KEY_EXCHANGE"; + case MBEDTLS_SSL_CERTIFICATE_REQUEST: + return "CERTIFICATE_REQUEST"; + case MBEDTLS_SSL_SERVER_HELLO_DONE: + return "SERVER_HELLO_DONE"; + case MBEDTLS_SSL_CLIENT_CERTIFICATE: + return "CLIENT_CERTIFICATE"; + case MBEDTLS_SSL_CLIENT_KEY_EXCHANGE: + return "CLIENT_KEY_EXCHANGE"; + case MBEDTLS_SSL_CERTIFICATE_VERIFY: + return "CERTIFICATE_VERIFY"; + case MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC: + return "CLIENT_CHANGE_CIPHER_SPEC"; + case MBEDTLS_SSL_CLIENT_FINISHED: + return "CLIENT_FINISHED"; + case MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC: + return "SERVER_CHANGE_CIPHER_SPEC"; + case MBEDTLS_SSL_SERVER_FINISHED: + return "SERVER_FINISHED"; + case MBEDTLS_SSL_FLUSH_BUFFERS: + return "FLUSH_BUFFERS"; + case MBEDTLS_SSL_HANDSHAKE_WRAPUP: + return "HANDSHAKE_WRAPUP"; + case MBEDTLS_SSL_HANDSHAKE_OVER: + return "HANDSHAKE_OVER"; + case MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET: + return "SERVER_NEW_SESSION_TICKET"; + case MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT: + return "SERVER_HELLO_VERIFY_REQUEST_SENT"; + default: + return NULL; + } +} diff --git a/third_party/mbedtls/hkdf.c b/third_party/mbedtls/hkdf.c index 171536022..4ad107194 100644 --- a/third_party/mbedtls/hkdf.c +++ b/third_party/mbedtls/hkdf.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "libc/str/str.h" #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/error.h" @@ -35,7 +52,7 @@ int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt, const unsigned char *info, size_t info_len, unsigned char *okm, size_t okm_len ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char prk[MBEDTLS_MD_MAX_SIZE]; ret = mbedtls_hkdf_extract( md, salt, salt_len, ikm, ikm_len, prk ); @@ -135,7 +152,7 @@ int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk, goto exit; } - memset( t, 0, hash_len ); + mbedtls_platform_zeroize( t, hash_len ); /* * Compute T = T(1) | T(2) | T(3) | ... | T(N) diff --git a/third_party/mbedtls/hmac_drbg.c b/third_party/mbedtls/hmac_drbg.c index 26316f4ef..3ad00a8ed 100644 --- a/third_party/mbedtls/hmac_drbg.c +++ b/third_party/mbedtls/hmac_drbg.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "libc/stdio/stdio.h" #include "libc/str/str.h" #include "third_party/mbedtls/common.h" @@ -53,7 +70,7 @@ asm(".include \"libc/disclaimer.inc\""); */ void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx ) { - memset( ctx, 0, sizeof( mbedtls_hmac_drbg_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_hmac_drbg_context ) ); ctx->reseed_interval = MBEDTLS_HMAC_DRBG_RESEED_INTERVAL; } @@ -141,7 +158,7 @@ int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx, const mbedtls_md_info_t * md_info, const unsigned char *data, size_t data_len ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 ) return( ret ); @@ -173,7 +190,7 @@ static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx, { unsigned char seed[MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT]; size_t seedlen = 0; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; { size_t total_entropy_len; @@ -191,7 +208,7 @@ static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx, } } - memset( seed, 0, MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT ); + mbedtls_platform_zeroize( seed, MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT ); /* IV. Gather entropy_len bytes of entropy for the seed */ if( ( ret = ctx->f_entropy( ctx->p_entropy, @@ -338,7 +355,7 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx, const unsigned char *custom, size_t len ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t md_size; if( ( ret = mbedtls_md_setup( &ctx->md_ctx, md_info, 1 ) ) != 0 ) @@ -466,7 +483,7 @@ int mbedtls_hmac_drbg_random_with_add( void *p_rng, unsigned char *output, size_t out_len, const unsigned char *additional, size_t add_len ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_hmac_drbg_context *ctx = (mbedtls_hmac_drbg_context *) p_rng; size_t md_len = mbedtls_md_get_size( ctx->md_ctx.md_info ); size_t left = out_len; @@ -584,7 +601,7 @@ void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx ) */ int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; FILE *f; unsigned char buf[ MBEDTLS_HMAC_DRBG_MAX_INPUT ]; diff --git a/third_party/mbedtls/isciphersuitegood.c b/third_party/mbedtls/isciphersuitegood.c index 8eee4429d..f429922d0 100644 --- a/third_party/mbedtls/isciphersuitegood.c +++ b/third_party/mbedtls/isciphersuitegood.c @@ -1,20 +1,19 @@ -/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ │vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ ╞══════════════════════════════════════════════════════════════════════════════╡ -│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ Copyright The Mbed TLS Contributors │ │ │ -│ Permission to use, copy, modify, and/or distribute this software for │ -│ any purpose with or without fee is hereby granted, provided that the │ -│ above copyright notice and this permission notice appear in all copies. │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ │ │ -│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ -│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ -│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ -│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ -│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ -│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ -│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ -│ PERFORMANCE OF THIS SOFTWARE. │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ ╚─────────────────────────────────────────────────────────────────────────────*/ #include "third_party/mbedtls/iana.h" diff --git a/third_party/mbedtls/karatsuba.c b/third_party/mbedtls/karatsuba.c new file mode 100644 index 000000000..8666c998e --- /dev/null +++ b/third_party/mbedtls/karatsuba.c @@ -0,0 +1,146 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ │ +│ Permission to use, copy, modify, and/or distribute this software for │ +│ any purpose with or without fee is hereby granted, provided that the │ +│ above copyright notice and this permission notice appear in all copies. │ +│ │ +│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ +│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ +│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ +│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ +│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ +│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ +│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ +│ PERFORMANCE OF THIS SOFTWARE. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/assert.h" +#include "libc/log/check.h" +#include "libc/runtime/runtime.h" +#include "libc/str/str.h" +#include "third_party/mbedtls/bignum_internal.h" +#include "third_party/mbedtls/platform.h" + +forceinline int Cmp(uint64_t *a, uint64_t *b, size_t n) { + size_t i; + uint64_t x, y; + while (n--) { + x = a[n]; + y = b[n]; + if (x != y) { + return x > y ? 1 : -1; + } + } + return 0; +} + +forceinline bool Sub(uint64_t *C, uint64_t *A, uint64_t *B, size_t n) { + bool cf; + uint64_t c, i; + asm volatile("xor\t%1,%1\n\t" + ".align\t16\n1:\t" + "mov\t(%5,%3,8),%1\n\t" + "sbb\t(%6,%3,8),%1\n\t" + "mov\t%1,(%4,%3,8)\n\t" + "lea\t1(%3),%3\n\t" + "dec\t%2\n\t" + "jnz\t1b" + : "=@ccb"(cf), "=&r"(c), "+c"(n), "=r"(i) + : "r"(C), "r"(A), "r"(B), "3"(0) + : "cc", "memory"); + return cf; +} + +forceinline bool Add(uint64_t *C, uint64_t *A, uint64_t *B, size_t n) { + bool cf; + uint64_t c, i; + asm volatile("xor\t%1,%1\n\t" + ".align\t16\n1:\t" + "mov\t(%5,%3,8),%1\n\t" + "adc\t(%6,%3,8),%1\n\t" + "mov\t%1,(%4,%3,8)\n\t" + "lea\t1(%3),%3\n\t" + "dec\t%2\n\t" + "jnz\t1b" + : "=@ccc"(cf), "=&r"(c), "+c"(n), "=r"(i) + : "r"(C), "r"(A), "r"(B), "3"(0) + : "cc", "memory"); + return cf; +} + +/** + * Multiplies huge numbers faster. + * + * For 4096 bit numbers it's twice as fast. + * For 16384 bit numbers it's thrice as fast. + */ +void Karatsuba(uint64_t *C, uint64_t *A, uint64_t *B, size_t n, uint64_t *K) { + int q, r; + size_t i; + uint64_t c, t; + uint64_t *x, *y; + if (n == 8) { + Mul8x8Adx(C, A, B); + return; + } + switch (Cmp(A, A + n / 2, n / 2) * 3 + Cmp(B + n / 2, B, n / 2)) { + case -1 * 3 + +0: + case +0 * 3 + -1: + case +0 * 3 + +0: + case +0 * 3 + +1: + case +1 * 3 + +0: + Karatsuba(C, A, B, n / 2, K + n * 2); + Karatsuba(C + n, A + n / 2, B + n / 2, n / 2, K + n * 2); + c = Add(K, C, C + n, n); + c += Add(C + n / 2, C + n / 2, K, n); + break; + case -1 * 3 + -1: + Sub(K, A + n / 2, A, n / 2); + Sub(K + n / 2, B, B + n / 2, n / 2); + Karatsuba(K + n, K, K + n / 2, n / 2, K + n * 2); + Karatsuba(C, A, B, n / 2, K + n * 2); + Karatsuba(C + n, A + n / 2, B + n / 2, n / 2, K + n * 2); + c = Add(K, C, C + n, n); + c += Add(K + n, K, K + n, n); + c += Add(C + n / 2, C + n / 2, K + n, n); + break; + case -1 * 3 + +1: + Sub(K, A + n / 2, A, n / 2); + Sub(K + n / 2, B + n / 2, B, n / 2); + Karatsuba(K + n, K, K + n / 2, n / 2, K + n * 2); + Karatsuba(C, A, B, n / 2, K + n * 2); + Karatsuba(C + n, A + n / 2, B + n / 2, n / 2, K + n * 2); + c = Add(K, C, C + n, n); + c -= Sub(K + n, K, K + n, n); + c += Add(C + n / 2, C + n / 2, K + n, n); + break; + case +1 * 3 + -1: + Sub(K, A, A + n / 2, n / 2); + Sub(K + n / 2, B, B + n / 2, n / 2); + Karatsuba(K + n, K, K + n / 2, n / 2, K + n * 2); + Karatsuba(C, A, B, n / 2, K + n * 2); + Karatsuba(C + n, A + n / 2, B + n / 2, n / 2, K + n * 2); + c = Add(K, C, C + n, n); + c -= Sub(K + n, K, K + n, n); + c += Add(C + n / 2, C + n / 2, K + n, n); + break; + case +1 * 3 + +1: + Sub(K, A, A + n / 2, n / 2); + Sub(K + n / 2, B + n / 2, B, n / 2); + Karatsuba(K + n, K, K + n / 2, n / 2, K + n * 2); + Karatsuba(C, A, B, n / 2, K + n * 2); + Karatsuba(C + n, A + n / 2, B + n / 2, n / 2, K + n * 2); + c = Add(K, C, C + n, n); + c += Add(K + n, K, K + n, n); + c += Add(C + n / 2, C + n / 2, K + n, n); + break; + default: + unreachable; + } + for (i = n / 2 + n; c && i < n + n; i++) { + t = C[i]; + c = (C[i] = t + c) < t; + } +} diff --git a/third_party/mbedtls/math.h b/third_party/mbedtls/math.h new file mode 100644 index 000000000..6b4d98c2d --- /dev/null +++ b/third_party/mbedtls/math.h @@ -0,0 +1,32 @@ +#ifndef COSMOPOLITAN_THIRD_PARTY_MBEDTLS_MATH_H_ +#define COSMOPOLITAN_THIRD_PARTY_MBEDTLS_MATH_H_ + +#define ADC(R, A, B, CI, CO) \ + do { \ + uint64_t Ta = A; \ + uint64_t Tb = B; \ + CO = (Ta += CI) < CI; \ + CO += (Ta += Tb) < Tb; \ + R = Ta; \ + } while (0) + +#define SBB(R, A, B, CI, CO) \ + do { \ + uint64_t Ta = A; \ + uint64_t Tb = B; \ + uint64_t Tc = Ta < CI; \ + Ta -= CI; \ + CO = (Ta < Tb) + Tc; \ + Ta -= Tb; \ + R = Ta; \ + } while (0) + +#define MADD(a, b, c0, c1, c2) \ + t = (uint128_t)a * b; \ + t += c0; \ + c0 = t; \ + h = t >> 64; \ + c1 += h; \ + if (c1 < h) c2++ + +#endif /* COSMOPOLITAN_THIRD_PARTY_MBEDTLS_MATH_H_ */ diff --git a/third_party/mbedtls/mbedtls.mk b/third_party/mbedtls/mbedtls.mk index a373902e6..6f3ea1b68 100644 --- a/third_party/mbedtls/mbedtls.mk +++ b/third_party/mbedtls/mbedtls.mk @@ -16,13 +16,16 @@ THIRD_PARTY_MBEDTLS_A_CHECKS = \ $(THIRD_PARTY_MBEDTLS_A_HDRS:%=o/$(MODE)/%.ok) THIRD_PARTY_MBEDTLS_A_DIRECTDEPS = \ + LIBC_BITS \ LIBC_CALLS \ + LIBC_DNS \ LIBC_FMT \ LIBC_INTRIN \ LIBC_MEM \ LIBC_NEXGEN32E \ LIBC_RAND \ LIBC_RUNTIME \ + LIBC_SOCK \ LIBC_LOG \ LIBC_STDIO \ LIBC_STR \ @@ -50,16 +53,23 @@ $(THIRD_PARTY_MBEDTLS_A_OBJS): \ -fdata-sections \ -ffunction-sections -o/$(MODE)/third_party/mbedtls/bignum.o \ -o/$(MODE)/third_party/mbedtls/ecp.o \ -o/$(MODE)/third_party/mbedtls/ecp_curves.o: \ - OVERRIDE_CFLAGS += \ - -O3 - o/$(MODE)/third_party/mbedtls/everest.o: \ OVERRIDE_CFLAGS += \ -Os +o/$(MODE)/third_party/mbedtls/bigmul4.o \ +o/$(MODE)/third_party/mbedtls/bigmul6.o: \ + OVERRIDE_CFLAGS += \ + -O2 + +o/$(MODE)/third_party/mbedtls/shiftright-avx.o: \ + OVERRIDE_CFLAGS += \ + -O3 -mavx + +o/$(MODE)/third_party/mbedtls/shiftright2-avx.o: \ + OVERRIDE_CFLAGS += \ + -O3 -mavx + # tail recursion is so important because everest was written in f* o/$(MODE)/third_party/mbedtls/everest.o: \ OVERRIDE_CFLAGS += \ diff --git a/third_party/mbedtls/md.c b/third_party/mbedtls/md.c index 0af970d50..51d8eceec 100644 --- a/third_party/mbedtls/md.c +++ b/third_party/mbedtls/md.c @@ -1,10 +1,26 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "libc/mem/mem.h" #include "libc/stdio/stdio.h" #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/error.h" #include "third_party/mbedtls/md.h" #include "third_party/mbedtls/md5.h" -#include "third_party/mbedtls/md_internal.h" #include "third_party/mbedtls/platform.h" #include "third_party/mbedtls/sha1.h" #include "third_party/mbedtls/sha256.h" @@ -42,109 +58,39 @@ asm(".include \"libc/disclaimer.inc\""); #if defined(MBEDTLS_MD_C) -#if defined(MBEDTLS_MD2_C) -const mbedtls_md_info_t mbedtls_md2_info = { - "MD2", - MBEDTLS_MD_MD2, - 16, - 16, -}; -#endif - -#if defined(MBEDTLS_MD4_C) -const mbedtls_md_info_t mbedtls_md4_info = { - "MD4", - MBEDTLS_MD_MD4, - 16, - 64, -}; -#endif - -#if defined(MBEDTLS_MD5_C) -const mbedtls_md_info_t mbedtls_md5_info = { - "MD5", - MBEDTLS_MD_MD5, - 16, - 64, -}; -#endif - -#if defined(MBEDTLS_SHA1_C) -const mbedtls_md_info_t mbedtls_sha1_info = { - "SHA1", - MBEDTLS_MD_SHA1, - 20, - 64, -}; -#endif - -#if defined(MBEDTLS_SHA256_C) -const mbedtls_md_info_t mbedtls_sha224_info = { - "SHA224", - MBEDTLS_MD_SHA224, - 28, - 64, -}; - -const mbedtls_md_info_t mbedtls_sha256_info = { - "SHA256", - MBEDTLS_MD_SHA256, - 32, - 64, -}; -#endif - -#if defined(MBEDTLS_SHA512_C) -#if !defined(MBEDTLS_SHA512_NO_SHA384) -const mbedtls_md_info_t mbedtls_sha384_info = { - "SHA384", - MBEDTLS_MD_SHA384, - 48, - 128, -}; -#endif - -const mbedtls_md_info_t mbedtls_sha512_info = { - "SHA512", - MBEDTLS_MD_SHA512, - 64, - 128, -}; -#endif +#define CHECK(f) \ + do \ + { \ + if( ( ret = (f) ) ) \ + goto cleanup; \ + } while( 0 ) /* * Reminder: update profiles in x509_crt.c when adding a new hash! */ static const uint8_t supported_digests[] = { - #if defined(MBEDTLS_SHA512_C) MBEDTLS_MD_SHA512, #if !defined(MBEDTLS_SHA512_NO_SHA384) MBEDTLS_MD_SHA384, #endif #endif - #if defined(MBEDTLS_SHA256_C) MBEDTLS_MD_SHA256, MBEDTLS_MD_SHA224, #endif - #if defined(MBEDTLS_SHA1_C) MBEDTLS_MD_SHA1, #endif - #if defined(MBEDTLS_MD5_C) MBEDTLS_MD_MD5, #endif - #if defined(MBEDTLS_MD4_C) MBEDTLS_MD_MD4, #endif - #if defined(MBEDTLS_MD2_C) MBEDTLS_MD_MD2, #endif - MBEDTLS_MD_NONE }; @@ -157,7 +103,6 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name ) { if( NULL == md_name ) return( NULL ); - /* Get the appropriate digest information */ #if defined(MBEDTLS_MD2_C) if( !strcmp( "MD2", md_name ) ) @@ -231,492 +176,199 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type ) } } +static int16_t GetMdContextSize(mbedtls_md_type_t t) +{ + switch( t ) + { +#if defined(MBEDTLS_MD2_C) + case MBEDTLS_MD_MD2: + return sizeof(mbedtls_md2_context); +#endif +#if defined(MBEDTLS_MD4_C) + case MBEDTLS_MD_MD4: + return sizeof(mbedtls_md4_context); +#endif +#if defined(MBEDTLS_MD5_C) + case MBEDTLS_MD_MD5: + return sizeof(mbedtls_md5_context); +#endif +#if defined(MBEDTLS_SHA1_C) + case MBEDTLS_MD_SHA1: + return sizeof(mbedtls_sha1_context); +#endif +#if defined(MBEDTLS_SHA256_C) + case MBEDTLS_MD_SHA224: + case MBEDTLS_MD_SHA256: + return sizeof(mbedtls_sha256_context); +#endif +#if defined(MBEDTLS_SHA512_C) +#if !defined(MBEDTLS_SHA512_NO_SHA384) + case MBEDTLS_MD_SHA384: +#endif + case MBEDTLS_MD_SHA512: + return sizeof(mbedtls_sha512_context); +#endif + default: + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + } +} + void mbedtls_md_init( mbedtls_md_context_t *ctx ) { - memset( ctx, 0, sizeof( mbedtls_md_context_t ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md_context_t ) ); } void mbedtls_md_free( mbedtls_md_context_t *ctx ) { - if( ctx == NULL || ctx->md_info == NULL ) + int16_t csize; + if( !ctx || !ctx->md_info ) return; - - if( ctx->md_ctx != NULL ) + if( ctx->md_ctx ) { - switch( ctx->md_info->type ) - { -#if defined(MBEDTLS_MD2_C) - case MBEDTLS_MD_MD2: - mbedtls_md2_free( ctx->md_ctx ); - break; -#endif -#if defined(MBEDTLS_MD4_C) - case MBEDTLS_MD_MD4: - mbedtls_md4_free( ctx->md_ctx ); - break; -#endif -#if defined(MBEDTLS_MD5_C) - case MBEDTLS_MD_MD5: - mbedtls_md5_free( ctx->md_ctx ); - break; -#endif -#if defined(MBEDTLS_SHA1_C) - case MBEDTLS_MD_SHA1: - mbedtls_sha1_free( ctx->md_ctx ); - break; -#endif -#if defined(MBEDTLS_SHA256_C) - case MBEDTLS_MD_SHA224: - case MBEDTLS_MD_SHA256: - mbedtls_sha256_free( ctx->md_ctx ); - break; -#endif -#if defined(MBEDTLS_SHA512_C) -#if !defined(MBEDTLS_SHA512_NO_SHA384) - case MBEDTLS_MD_SHA384: -#endif - case MBEDTLS_MD_SHA512: - mbedtls_sha512_free( ctx->md_ctx ); - break; -#endif - default: - /* Shouldn't happen */ - break; - } + if ( ( csize = GetMdContextSize( ctx->md_info->type ) ) > 0 ) + mbedtls_platform_zeroize( ctx->md_ctx, csize ); mbedtls_free( ctx->md_ctx ); } - - if( ctx->hmac_ctx != NULL ) + if( ctx->hmac_ctx ) { mbedtls_platform_zeroize( ctx->hmac_ctx, 2 * ctx->md_info->block_size ); mbedtls_free( ctx->hmac_ctx ); } - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md_context_t ) ); } int mbedtls_md_clone( mbedtls_md_context_t *dst, const mbedtls_md_context_t *src ) { - if( dst == NULL || dst->md_info == NULL || - src == NULL || src->md_info == NULL || - dst->md_info != src->md_info ) + int16_t csize; + if( !dst || !dst->md_info || + !src || !src->md_info || + dst->md_info != src->md_info || + ( csize = GetMdContextSize( src->md_info->type ) ) < 0) { return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); } - - switch( src->md_info->type ) - { -#if defined(MBEDTLS_MD2_C) - case MBEDTLS_MD_MD2: - mbedtls_md2_clone( dst->md_ctx, src->md_ctx ); - break; -#endif -#if defined(MBEDTLS_MD4_C) - case MBEDTLS_MD_MD4: - mbedtls_md4_clone( dst->md_ctx, src->md_ctx ); - break; -#endif -#if defined(MBEDTLS_MD5_C) - case MBEDTLS_MD_MD5: - mbedtls_md5_clone( dst->md_ctx, src->md_ctx ); - break; -#endif -#if defined(MBEDTLS_SHA1_C) - case MBEDTLS_MD_SHA1: - mbedtls_sha1_clone( dst->md_ctx, src->md_ctx ); - break; -#endif -#if defined(MBEDTLS_SHA256_C) - case MBEDTLS_MD_SHA224: - case MBEDTLS_MD_SHA256: - mbedtls_sha256_clone( dst->md_ctx, src->md_ctx ); - break; -#endif -#if defined(MBEDTLS_SHA512_C) -#if !defined(MBEDTLS_SHA512_NO_SHA384) - case MBEDTLS_MD_SHA384: -#endif - case MBEDTLS_MD_SHA512: - mbedtls_sha512_clone( dst->md_ctx, src->md_ctx ); - break; -#endif - default: - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - } - + memcpy( dst->md_ctx, src->md_ctx, csize ); return( 0 ); } #define ALLOC( type ) \ do { \ ctx->md_ctx = mbedtls_calloc( 1, sizeof( mbedtls_##type##_context ) ); \ - if( ctx->md_ctx == NULL ) \ + if( !ctx->md_ctx ) \ return( MBEDTLS_ERR_MD_ALLOC_FAILED ); \ - mbedtls_##type##_init( ctx->md_ctx ); \ } \ while( 0 ) int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac ) { - if( md_info == NULL || ctx == NULL ) + int16_t csize; + if( !md_info || !ctx ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - ctx->md_info = md_info; ctx->md_ctx = NULL; ctx->hmac_ctx = NULL; - - switch( md_info->type ) - { -#if defined(MBEDTLS_MD2_C) - case MBEDTLS_MD_MD2: - ALLOC( md2 ); - break; -#endif -#if defined(MBEDTLS_MD4_C) - case MBEDTLS_MD_MD4: - ALLOC( md4 ); - break; -#endif -#if defined(MBEDTLS_MD5_C) - case MBEDTLS_MD_MD5: - ALLOC( md5 ); - break; -#endif -#if defined(MBEDTLS_SHA1_C) - case MBEDTLS_MD_SHA1: - ALLOC( sha1 ); - break; -#endif -#if defined(MBEDTLS_SHA256_C) - case MBEDTLS_MD_SHA224: - case MBEDTLS_MD_SHA256: - ALLOC( sha256 ); - break; -#endif -#if defined(MBEDTLS_SHA512_C) -#if !defined(MBEDTLS_SHA512_NO_SHA384) - case MBEDTLS_MD_SHA384: -#endif - case MBEDTLS_MD_SHA512: - ALLOC( sha512 ); - break; -#endif - default: - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - } - - if( hmac != 0 ) + if ((csize = GetMdContextSize(md_info->type)) < 0) + return( csize ); + if( !( ctx->md_ctx = mbedtls_calloc( 1, csize ) ) ) + return( MBEDTLS_ERR_MD_ALLOC_FAILED ); + if( hmac ) { ctx->hmac_ctx = mbedtls_calloc( 2, md_info->block_size ); - if( ctx->hmac_ctx == NULL ) + if( !ctx->hmac_ctx ) { mbedtls_md_free( ctx ); return( MBEDTLS_ERR_MD_ALLOC_FAILED ); } } - return( 0 ); } -#undef ALLOC -int mbedtls_md_starts( mbedtls_md_context_t *ctx ) -{ - if( ctx == NULL || ctx->md_info == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - - switch( ctx->md_info->type ) - { -#if defined(MBEDTLS_MD2_C) - case MBEDTLS_MD_MD2: - return( mbedtls_md2_starts_ret( ctx->md_ctx ) ); -#endif -#if defined(MBEDTLS_MD4_C) - case MBEDTLS_MD_MD4: - return( mbedtls_md4_starts_ret( ctx->md_ctx ) ); -#endif -#if defined(MBEDTLS_MD5_C) - case MBEDTLS_MD_MD5: - return( mbedtls_md5_starts_ret( ctx->md_ctx ) ); -#endif -#if defined(MBEDTLS_SHA1_C) - case MBEDTLS_MD_SHA1: - return( mbedtls_sha1_starts_ret( ctx->md_ctx ) ); -#endif -#if defined(MBEDTLS_SHA256_C) - case MBEDTLS_MD_SHA224: - return( mbedtls_sha256_starts_ret( ctx->md_ctx, 1 ) ); - case MBEDTLS_MD_SHA256: - return( mbedtls_sha256_starts_ret( ctx->md_ctx, 0 ) ); -#endif -#if defined(MBEDTLS_SHA512_C) -#if !defined(MBEDTLS_SHA512_NO_SHA384) - case MBEDTLS_MD_SHA384: - return( mbedtls_sha512_starts_ret( ctx->md_ctx, 1 ) ); -#endif - case MBEDTLS_MD_SHA512: - return( mbedtls_sha512_starts_ret( ctx->md_ctx, 0 ) ); -#endif - default: - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - } -} - -int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ) -{ - if( ctx == NULL || ctx->md_info == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - - switch( ctx->md_info->type ) - { -#if defined(MBEDTLS_MD2_C) - case MBEDTLS_MD_MD2: - return( mbedtls_md2_update_ret( ctx->md_ctx, input, ilen ) ); -#endif -#if defined(MBEDTLS_MD4_C) - case MBEDTLS_MD_MD4: - return( mbedtls_md4_update_ret( ctx->md_ctx, input, ilen ) ); -#endif -#if defined(MBEDTLS_MD5_C) - case MBEDTLS_MD_MD5: - return( mbedtls_md5_update_ret( ctx->md_ctx, input, ilen ) ); -#endif -#if defined(MBEDTLS_SHA1_C) - case MBEDTLS_MD_SHA1: - return( mbedtls_sha1_update_ret( ctx->md_ctx, input, ilen ) ); -#endif -#if defined(MBEDTLS_SHA256_C) - case MBEDTLS_MD_SHA224: - case MBEDTLS_MD_SHA256: - return( mbedtls_sha256_update_ret( ctx->md_ctx, input, ilen ) ); -#endif -#if defined(MBEDTLS_SHA512_C) -#if !defined(MBEDTLS_SHA512_NO_SHA384) - case MBEDTLS_MD_SHA384: -#endif - case MBEDTLS_MD_SHA512: - return( mbedtls_sha512_update_ret( ctx->md_ctx, input, ilen ) ); -#endif - default: - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - } -} - -int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ) -{ - if( ctx == NULL || ctx->md_info == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - - switch( ctx->md_info->type ) - { -#if defined(MBEDTLS_MD2_C) - case MBEDTLS_MD_MD2: - return( mbedtls_md2_finish_ret( ctx->md_ctx, output ) ); -#endif -#if defined(MBEDTLS_MD4_C) - case MBEDTLS_MD_MD4: - return( mbedtls_md4_finish_ret( ctx->md_ctx, output ) ); -#endif -#if defined(MBEDTLS_MD5_C) - case MBEDTLS_MD_MD5: - return( mbedtls_md5_finish_ret( ctx->md_ctx, output ) ); -#endif -#if defined(MBEDTLS_SHA1_C) - case MBEDTLS_MD_SHA1: - return( mbedtls_sha1_finish_ret( ctx->md_ctx, output ) ); -#endif -#if defined(MBEDTLS_SHA256_C) - case MBEDTLS_MD_SHA224: - case MBEDTLS_MD_SHA256: - return( mbedtls_sha256_finish_ret( ctx->md_ctx, output ) ); -#endif -#if defined(MBEDTLS_SHA512_C) -#if !defined(MBEDTLS_SHA512_NO_SHA384) - case MBEDTLS_MD_SHA384: -#endif - case MBEDTLS_MD_SHA512: - return( mbedtls_sha512_finish_ret( ctx->md_ctx, output ) ); -#endif - default: - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - } -} - -int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, - unsigned char *output ) -{ - if( md_info == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - - switch( md_info->type ) - { -#if defined(MBEDTLS_MD2_C) - case MBEDTLS_MD_MD2: - return( mbedtls_md2_ret( input, ilen, output ) ); -#endif -#if defined(MBEDTLS_MD4_C) - case MBEDTLS_MD_MD4: - return( mbedtls_md4_ret( input, ilen, output ) ); -#endif -#if defined(MBEDTLS_MD5_C) - case MBEDTLS_MD_MD5: - return( mbedtls_md5_ret( input, ilen, output ) ); -#endif -#if defined(MBEDTLS_SHA1_C) - case MBEDTLS_MD_SHA1: - return( mbedtls_sha1_ret( input, ilen, output ) ); -#endif -#if defined(MBEDTLS_SHA256_C) - case MBEDTLS_MD_SHA224: - return( mbedtls_sha256_ret( input, ilen, output, 1 ) ); - case MBEDTLS_MD_SHA256: - return( mbedtls_sha256_ret( input, ilen, output, 0 ) ); -#endif -#if defined(MBEDTLS_SHA512_C) -#if !defined(MBEDTLS_SHA512_NO_SHA384) - case MBEDTLS_MD_SHA384: - return( mbedtls_sha512_ret( input, ilen, output, 1 ) ); -#endif - case MBEDTLS_MD_SHA512: - return( mbedtls_sha512_ret( input, ilen, output, 0 ) ); -#endif - default: - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - } -} - -#if defined(MBEDTLS_FS_IO) int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigned char *output ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; FILE *f; size_t n; mbedtls_md_context_t ctx; unsigned char buf[1024]; - - if( md_info == NULL ) + if( !md_info ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - - if( ( f = fopen( path, "rb" ) ) == NULL ) + if( !( f = fopen( path, "rb" ) ) ) return( MBEDTLS_ERR_MD_FILE_IO_ERROR ); - mbedtls_md_init( &ctx ); - - if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 ) - goto cleanup; - - if( ( ret = mbedtls_md_starts( &ctx ) ) != 0 ) - goto cleanup; - + CHECK( mbedtls_md_setup( &ctx, md_info, 0 ) ); + CHECK( mbedtls_md_starts( &ctx ) ); while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) - if( ( ret = mbedtls_md_update( &ctx, buf, n ) ) != 0 ) - goto cleanup; - - if( ferror( f ) != 0 ) + CHECK( mbedtls_md_update( &ctx, buf, n ) ); + if( ferror( f ) ) ret = MBEDTLS_ERR_MD_FILE_IO_ERROR; else ret = mbedtls_md_finish( &ctx, output ); - cleanup: mbedtls_platform_zeroize( buf, sizeof( buf ) ); - fclose( f ); mbedtls_md_free( &ctx ); - + fclose( f ); return( ret ); } -#endif /* MBEDTLS_FS_IO */ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char sum[MBEDTLS_MD_MAX_SIZE]; unsigned char *ipad, *opad; size_t i; - - if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL ) + if( !ctx || !ctx->md_info || !ctx->hmac_ctx ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - if( keylen > (size_t) ctx->md_info->block_size ) { - if( ( ret = mbedtls_md_starts( ctx ) ) != 0 ) - goto cleanup; - if( ( ret = mbedtls_md_update( ctx, key, keylen ) ) != 0 ) - goto cleanup; - if( ( ret = mbedtls_md_finish( ctx, sum ) ) != 0 ) - goto cleanup; - + CHECK( mbedtls_md_starts( ctx ) ); + CHECK( mbedtls_md_update( ctx, key, keylen ) ); + CHECK( mbedtls_md_finish( ctx, sum ) ); keylen = ctx->md_info->size; key = sum; } - ipad = (unsigned char *) ctx->hmac_ctx; opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size; - memset( ipad, 0x36, ctx->md_info->block_size ); memset( opad, 0x5C, ctx->md_info->block_size ); - for( i = 0; i < keylen; i++ ) { ipad[i] = (unsigned char)( ipad[i] ^ key[i] ); opad[i] = (unsigned char)( opad[i] ^ key[i] ); } - - if( ( ret = mbedtls_md_starts( ctx ) ) != 0 ) - goto cleanup; - if( ( ret = mbedtls_md_update( ctx, ipad, - ctx->md_info->block_size ) ) != 0 ) - goto cleanup; - + CHECK( mbedtls_md_starts( ctx ) ); + CHECK( mbedtls_md_update( ctx, ipad, ctx->md_info->block_size ) ); cleanup: mbedtls_platform_zeroize( sum, sizeof( sum ) ); - return( ret ); } -int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ) -{ - if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - - return( mbedtls_md_update( ctx, input, ilen ) ); -} - int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char tmp[MBEDTLS_MD_MAX_SIZE]; unsigned char *opad; - - if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL ) + if( !ctx || !ctx->md_info || !ctx->hmac_ctx ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size; - - if( ( ret = mbedtls_md_finish( ctx, tmp ) ) != 0 ) - return( ret ); - if( ( ret = mbedtls_md_starts( ctx ) ) != 0 ) - return( ret ); - if( ( ret = mbedtls_md_update( ctx, opad, - ctx->md_info->block_size ) ) != 0 ) - return( ret ); - if( ( ret = mbedtls_md_update( ctx, tmp, - ctx->md_info->size ) ) != 0 ) - return( ret ); + CHECK( mbedtls_md_finish( ctx, tmp ) ); + CHECK( mbedtls_md_starts( ctx ) ); + CHECK( mbedtls_md_update( ctx, opad, ctx->md_info->block_size ) ); + CHECK( mbedtls_md_update( ctx, tmp, ctx->md_info->size ) ); return( mbedtls_md_finish( ctx, output ) ); +cleanup: + return( ret ); } int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char *ipad; - - if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL ) + if( !ctx || !ctx->md_info || !ctx->hmac_ctx ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - ipad = (unsigned char *) ctx->hmac_ctx; - - if( ( ret = mbedtls_md_starts( ctx ) ) != 0 ) + if( ( ret = mbedtls_md_starts( ctx ) ) ) return( ret ); return( mbedtls_md_update( ctx, ipad, ctx->md_info->block_size ) ); } @@ -727,91 +379,35 @@ int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, unsigned char *output ) { mbedtls_md_context_t ctx; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if( md_info == NULL ) + int ret = MBEDTLS_ERR_THIS_CORRUPTION; + if( !md_info ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - mbedtls_md_init( &ctx ); - - if( ( ret = mbedtls_md_setup( &ctx, md_info, 1 ) ) != 0 ) - goto cleanup; - - if( ( ret = mbedtls_md_hmac_starts( &ctx, key, keylen ) ) != 0 ) - goto cleanup; - if( ( ret = mbedtls_md_hmac_update( &ctx, input, ilen ) ) != 0 ) - goto cleanup; - if( ( ret = mbedtls_md_hmac_finish( &ctx, output ) ) != 0 ) - goto cleanup; - + CHECK( mbedtls_md_setup( &ctx, md_info, 1 ) ); + CHECK( mbedtls_md_hmac_starts( &ctx, key, keylen ) ); + CHECK( mbedtls_md_hmac_update( &ctx, input, ilen ) ); + CHECK( mbedtls_md_hmac_finish( &ctx, output ) ); cleanup: mbedtls_md_free( &ctx ); - return( ret ); } -int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data ) -{ - if( ctx == NULL || ctx->md_info == NULL ) - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - - switch( ctx->md_info->type ) - { #if defined(MBEDTLS_MD2_C) - case MBEDTLS_MD_MD2: - return( mbedtls_internal_md2_process( ctx->md_ctx ) ); +const mbedtls_md_info_t mbedtls_md2_info = { + "MD2", + MBEDTLS_MD_MD2, + 16, + 16, +}; #endif + #if defined(MBEDTLS_MD4_C) - case MBEDTLS_MD_MD4: - return( mbedtls_internal_md4_process( ctx->md_ctx, data ) ); +const mbedtls_md_info_t mbedtls_md4_info = { + "MD4", + MBEDTLS_MD_MD4, + 16, + 64, +}; #endif -#if defined(MBEDTLS_MD5_C) - case MBEDTLS_MD_MD5: - return( mbedtls_internal_md5_process( ctx->md_ctx, data ) ); -#endif -#if defined(MBEDTLS_SHA1_C) - case MBEDTLS_MD_SHA1: - return( mbedtls_internal_sha1_process( ctx->md_ctx, data ) ); -#endif -#if defined(MBEDTLS_SHA256_C) - case MBEDTLS_MD_SHA224: - case MBEDTLS_MD_SHA256: - return( mbedtls_internal_sha256_process( ctx->md_ctx, data ) ); -#endif -#if defined(MBEDTLS_SHA512_C) -#if !defined(MBEDTLS_SHA512_NO_SHA384) - case MBEDTLS_MD_SHA384: -#endif - case MBEDTLS_MD_SHA512: - return( mbedtls_internal_sha512_process( ctx->md_ctx, data ) ); -#endif - default: - return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - } -} - -unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info ) -{ - if( md_info == NULL ) - return( 0 ); - - return md_info->size; -} - -mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info ) -{ - if( md_info == NULL ) - return( MBEDTLS_MD_NONE ); - - return md_info->type; -} - -const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info ) -{ - if( md_info == NULL ) - return( NULL ); - - return md_info->name; -} #endif /* MBEDTLS_MD_C */ diff --git a/third_party/mbedtls/md.h b/third_party/mbedtls/md.h index 1ae8e87bc..71cf7e170 100644 --- a/third_party/mbedtls/md.h +++ b/third_party/mbedtls/md.h @@ -22,15 +22,15 @@ COSMOPOLITAN_C_START_ */ typedef enum { MBEDTLS_MD_NONE=0, /**< None. */ - MBEDTLS_MD_MD2, /**< The MD2 message digest. */ - MBEDTLS_MD_MD4, /**< The MD4 message digest. */ - MBEDTLS_MD_MD5, /**< The MD5 message digest. */ MBEDTLS_MD_SHA1, /**< The SHA-1 message digest. */ MBEDTLS_MD_SHA224, /**< The SHA-224 message digest. */ MBEDTLS_MD_SHA256, /**< The SHA-256 message digest. */ MBEDTLS_MD_SHA384, /**< The SHA-384 message digest. */ MBEDTLS_MD_SHA512, /**< The SHA-512 message digest. */ MBEDTLS_MD_RIPEMD160, /**< The RIPEMD-160 message digest. */ + MBEDTLS_MD_MD2, /**< The MD2 message digest. */ + MBEDTLS_MD_MD4, /**< The MD4 message digest. */ + MBEDTLS_MD_MD5, /**< The MD5 message digest. */ } mbedtls_md_type_t; #if defined(MBEDTLS_SHA512_C) @@ -46,23 +46,28 @@ typedef enum { #endif /** - * Opaque struct defined in md_internal.h. + * Message digest information. + * Allows message digest functions to be called in a generic way. */ -typedef struct mbedtls_md_info_t mbedtls_md_info_t; +typedef struct mbedtls_md_info_t { + const char * name; /** Name of the message digest */ + mbedtls_md_type_t type; /** Digest identifier */ + unsigned char size; /** Output length of the digest function in bytes */ + unsigned char block_size; /** Block length of the digest function in bytes */ + int (*f_starts)(void *); + int (*f_update)(void *, const void *, size_t); + int (*f_process)(void *, const void *); + int (*f_finish)(void *, void *); + int (*f_md)(const void *, size_t, void *); +} mbedtls_md_info_t; /** * The generic message-digest context. */ -typedef struct mbedtls_md_context_t -{ - /** Information about the associated message digest. */ - const mbedtls_md_info_t *md_info; - - /** The digest-specific context. */ - void *md_ctx; - - /** The HMAC part of the context. */ - void *hmac_ctx; +typedef struct mbedtls_md_context_t { + const mbedtls_md_info_t *md_info; /** Information about the associated message digest. */ + void *md_ctx; /** The digest-specific context. */ + void *hmac_ctx; /** The HMAC part of the context. */ } mbedtls_md_context_t; /** @@ -177,7 +182,12 @@ int mbedtls_md_clone( mbedtls_md_context_t *dst, * * \return The size of the message-digest output in Bytes. */ -unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info ); +forceinline unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info ) +{ + if( !md_info ) + return( 0 ); + return md_info->size; +} /** * \brief This function extracts the message-digest type from the @@ -188,7 +198,12 @@ unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info ); * * \return The type of the message digest. */ -mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info ); +forceinline mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info ) +{ + if( !md_info ) + return( MBEDTLS_MD_NONE ); + return md_info->type; +} /** * \brief This function extracts the message-digest name from the @@ -199,7 +214,12 @@ mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info ); * * \return The name of the message digest. */ -const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info ); +forceinline const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info ) +{ + if( !md_info ) + return( NULL ); + return md_info->name; +} /** * \brief This function starts a message-digest computation. @@ -214,7 +234,12 @@ const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info ); * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification * failure. */ -int mbedtls_md_starts( mbedtls_md_context_t *ctx ); +forceinline int mbedtls_md_starts( mbedtls_md_context_t *ctx ) +{ + if( !ctx || !ctx->md_info ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + return ctx->md_info->f_starts( ctx->md_ctx ); +} /** * \brief This function feeds an input buffer into an ongoing @@ -232,7 +257,13 @@ int mbedtls_md_starts( mbedtls_md_context_t *ctx ); * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification * failure. */ -int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ); +forceinline int mbedtls_md_update( mbedtls_md_context_t *ctx, + const unsigned char *input, size_t ilen ) +{ + if( !ctx || !ctx->md_info ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + return ctx->md_info->f_update( ctx->md_ctx, input, ilen ); +} /** * \brief This function finishes the digest operation, @@ -252,7 +283,13 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, si * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification * failure. */ -int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ); +forceinline int mbedtls_md_finish( mbedtls_md_context_t *ctx, + unsigned char *output ) +{ + if( !ctx || !ctx->md_info ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + return ctx->md_info->f_finish( ctx->md_ctx, output ); +} /** * \brief This function calculates the message-digest of a buffer, @@ -272,10 +309,15 @@ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ); * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification * failure. */ -int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, - unsigned char *output ); +forceinline int mbedtls_md( const mbedtls_md_info_t *md_info, + const unsigned char *input, size_t ilen, + unsigned char *output ) +{ + if( !md_info ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + return md_info->f_md(input, ilen, output ); +} -#if defined(MBEDTLS_FS_IO) /** * \brief This function calculates the message-digest checksum * result of the contents of the provided file. @@ -295,7 +337,6 @@ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, si */ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigned char *output ); -#endif /* MBEDTLS_FS_IO */ /** * \brief This function sets the HMAC key and prepares to @@ -337,8 +378,14 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, * \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification * failure. */ -int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input, - size_t ilen ); +forceinline int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, + const unsigned char *input, + size_t ilen ) +{ + if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + return( mbedtls_md_update( ctx, input, ilen ) ); +} /** * \brief This function finishes the HMAC operation, and writes @@ -403,10 +450,23 @@ int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, const unsigned char *input, size_t ilen, unsigned char *output ); -/* Internal use */ -int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data ); +forceinline int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data ) +{ + if( !ctx || !ctx->md_info ) + return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); + return ctx->md_info->f_process( ctx->md_ctx, data ); +} const char *mbedtls_md_type_name(mbedtls_md_type_t); +extern const mbedtls_md_info_t mbedtls_md2_info; +extern const mbedtls_md_info_t mbedtls_md4_info; +extern const mbedtls_md_info_t mbedtls_md5_info; +extern const mbedtls_md_info_t mbedtls_sha1_info; +extern const mbedtls_md_info_t mbedtls_sha224_info; +extern const mbedtls_md_info_t mbedtls_sha256_info; +extern const mbedtls_md_info_t mbedtls_sha384_info; +extern const mbedtls_md_info_t mbedtls_sha512_info; + COSMOPOLITAN_C_END_ #endif /* COSMOPOLITAN_THIRD_PARTY_MBEDTLS_MD_H_ */ diff --git a/third_party/mbedtls/md5.c b/third_party/mbedtls/md5.c index 6f0ad79aa..a88907544 100644 --- a/third_party/mbedtls/md5.c +++ b/third_party/mbedtls/md5.c @@ -1,6 +1,24 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "libc/bits/bits.h" #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/error.h" +#include "third_party/mbedtls/md.h" #include "third_party/mbedtls/md5.h" #include "third_party/mbedtls/platform.h" @@ -40,35 +58,6 @@ asm(".include \"libc/disclaimer.inc\""); #define GET_UINT32_LE(n,b,i) (n) = READ32LE((b) + (i)) #define PUT_UINT32_LE(n,b,i) WRITE32LE((b) + (i), n) -/** - * \brief Initialize MD5 context - * - * \param ctx MD5 context to be initialized - * - * \warning MD5 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - */ -void mbedtls_md5_init( mbedtls_md5_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_md5_context ) ); -} - -/** - * \brief Clear MD5 context - * - * \param ctx MD5 context to be cleared - * - * \warning MD5 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - */ -void mbedtls_md5_free( mbedtls_md5_context *ctx ) -{ - if( !ctx ) return; - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md5_context ) ); -} - /** * \brief Clone (the state of) an MD5 context * @@ -250,7 +239,7 @@ int mbedtls_md5_update_ret( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t fill; uint32_t left; @@ -309,7 +298,7 @@ int mbedtls_md5_update_ret( mbedtls_md5_context *ctx, int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx, unsigned char output[16] ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; uint32_t used; uint32_t high, low; @@ -323,17 +312,17 @@ int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx, if( used <= 56 ) { /* Enough room for padding + length in current block */ - memset( ctx->buffer + used, 0, 56 - used ); + mbedtls_platform_zeroize( ctx->buffer + used, 56 - used ); } else { /* We'll need an extra block */ - memset( ctx->buffer + used, 0, 64 - used ); + mbedtls_platform_zeroize( ctx->buffer + used, 64 - used ); if( ( ret = mbedtls_internal_md5_process( ctx, ctx->buffer ) ) != 0 ) return( ret ); - memset( ctx->buffer, 0, 56 ); + mbedtls_platform_zeroize( ctx->buffer, 56 ); } /* @@ -379,7 +368,7 @@ int mbedtls_md5_ret( const void *input, size_t ilen, unsigned char output[16] ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_md5_context ctx; mbedtls_md5_init( &ctx ); @@ -399,6 +388,18 @@ exit: return( ret ); } +const mbedtls_md_info_t mbedtls_md5_info = { + "MD5", + MBEDTLS_MD_MD5, + 16, + 64, + (void *)mbedtls_md5_starts_ret, + (void *)mbedtls_md5_update_ret, + (void *)mbedtls_internal_md5_process, + (void *)mbedtls_md5_finish_ret, + (void *)mbedtls_md5_ret, +}; + #if defined(MBEDTLS_SELF_TEST) /* * RFC 1321 test vectors diff --git a/third_party/mbedtls/md5.h b/third_party/mbedtls/md5.h index 3f6b3748b..6a626ddd6 100644 --- a/third_party/mbedtls/md5.h +++ b/third_party/mbedtls/md5.h @@ -1,6 +1,7 @@ #ifndef MBEDTLS_MD5_H_ #define MBEDTLS_MD5_H_ #include "third_party/mbedtls/config.h" +#include "third_party/mbedtls/platform.h" COSMOPOLITAN_C_START_ /* clang-format off */ @@ -22,8 +23,6 @@ typedef struct mbedtls_md5_context } mbedtls_md5_context; -void mbedtls_md5_init( mbedtls_md5_context * ); -void mbedtls_md5_free( mbedtls_md5_context * ); void mbedtls_md5_clone( mbedtls_md5_context *, const mbedtls_md5_context * ); int mbedtls_md5_starts_ret( mbedtls_md5_context * ); int mbedtls_md5_update_ret( mbedtls_md5_context *, const unsigned char *, size_t ); @@ -32,5 +31,34 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *, const unsigned char[64] int mbedtls_md5_ret( const void *, size_t, unsigned char[16] ); int mbedtls_md5_self_test( int ); +/** + * \brief Initialize MD5 context + * + * \param ctx MD5 context to be initialized + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + */ +static inline void mbedtls_md5_init( mbedtls_md5_context *ctx ) +{ + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md5_context ) ); +} + +/** + * \brief Clear MD5 context + * + * \param ctx MD5 context to be cleared + * + * \warning MD5 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + */ +static inline void mbedtls_md5_free( mbedtls_md5_context *ctx ) +{ + if( !ctx ) return; + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md5_context ) ); +} + COSMOPOLITAN_C_END_ #endif /* MBEDTLS_MD5_H_ */ diff --git a/third_party/mbedtls/md_internal.h b/third_party/mbedtls/md_internal.h deleted file mode 100644 index db2a8fbd8..000000000 --- a/third_party/mbedtls/md_internal.h +++ /dev/null @@ -1,57 +0,0 @@ -#ifndef MBEDTLS_MD_WRAP_H -#define MBEDTLS_MD_WRAP_H -#include "third_party/mbedtls/config.h" -#include "third_party/mbedtls/md.h" -/* clang-format off */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * Message digest information. - * Allows message digest functions to be called in a generic way. - */ -struct mbedtls_md_info_t -{ - /** Name of the message digest */ - const char * name; - - /** Digest identifier */ - mbedtls_md_type_t type; - - /** Output length of the digest function in bytes */ - unsigned char size; - - /** Block length of the digest function in bytes */ - unsigned char block_size; -}; - -#if defined(MBEDTLS_MD2_C) -extern const mbedtls_md_info_t mbedtls_md2_info; -#endif -#if defined(MBEDTLS_MD4_C) -extern const mbedtls_md_info_t mbedtls_md4_info; -#endif -#if defined(MBEDTLS_MD5_C) -extern const mbedtls_md_info_t mbedtls_md5_info; -#endif -#if defined(MBEDTLS_SHA1_C) -extern const mbedtls_md_info_t mbedtls_sha1_info; -#endif -#if defined(MBEDTLS_SHA256_C) -extern const mbedtls_md_info_t mbedtls_sha224_info; -extern const mbedtls_md_info_t mbedtls_sha256_info; -#endif -#if defined(MBEDTLS_SHA512_C) -#if !defined(MBEDTLS_SHA512_NO_SHA384) -extern const mbedtls_md_info_t mbedtls_sha384_info; -#endif -extern const mbedtls_md_info_t mbedtls_sha512_info; -#endif - -#ifdef __cplusplus -} -#endif - -#endif /* MBEDTLS_MD_WRAP_H */ diff --git a/third_party/mbedtls/mdtype.c b/third_party/mbedtls/mdtype.c index 7e4aec004..78cfde37d 100644 --- a/third_party/mbedtls/mdtype.c +++ b/third_party/mbedtls/mdtype.c @@ -1,20 +1,19 @@ -/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ │vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ ╞══════════════════════════════════════════════════════════════════════════════╡ -│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ Copyright The Mbed TLS Contributors │ │ │ -│ Permission to use, copy, modify, and/or distribute this software for │ -│ any purpose with or without fee is hereby granted, provided that the │ -│ above copyright notice and this permission notice appear in all copies. │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ │ │ -│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ -│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ -│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ -│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ -│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ -│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ -│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ -│ PERFORMANCE OF THIS SOFTWARE. │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ ╚─────────────────────────────────────────────────────────────────────────────*/ #include "third_party/mbedtls/md.h" diff --git a/third_party/mbedtls/memory_buffer_alloc.c b/third_party/mbedtls/memory_buffer_alloc.c index 55bc9b2b2..53e4f06b0 100644 --- a/third_party/mbedtls/memory_buffer_alloc.c +++ b/third_party/mbedtls/memory_buffer_alloc.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/memory_buffer_alloc.h" #include "third_party/mbedtls/platform.h" @@ -299,7 +316,7 @@ static void *buffer_alloc_calloc( size_t n, size_t size ) mbedtls_exit( 1 ); ret = (unsigned char *) cur + sizeof( memory_header ); - memset( ret, 0, original_len ); + mbedtls_platform_zeroize( ret, original_len ); return( ret ); } @@ -357,7 +374,7 @@ static void *buffer_alloc_calloc( size_t n, size_t size ) mbedtls_exit( 1 ); ret = (unsigned char *) cur + sizeof( memory_header ); - memset( ret, 0, original_len ); + mbedtls_platform_zeroize( ret, original_len ); return( ret ); } @@ -422,7 +439,7 @@ static void buffer_alloc_free( void *ptr ) if( hdr->next != NULL ) hdr->next->prev = hdr; - memset( old, 0, sizeof(memory_header) ); + mbedtls_platform_zeroize( old, sizeof(memory_header) ); } // Regroup with block after @@ -461,7 +478,7 @@ static void buffer_alloc_free( void *ptr ) if( hdr->next != NULL ) hdr->next->prev = hdr; - memset( old, 0, sizeof(memory_header) ); + mbedtls_platform_zeroize( old, sizeof(memory_header) ); } // Prepend to free_list if we have not merged @@ -533,7 +550,7 @@ void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks ) void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len ) { - memset( &heap, 0, sizeof( buffer_alloc_ctx ) ); + mbedtls_platform_zeroize( &heap, sizeof( buffer_alloc_ctx ) ); mbedtls_platform_set_calloc_free( buffer_alloc_calloc, buffer_alloc_free ); if( len < sizeof( memory_header ) + MBEDTLS_MEMORY_ALIGN_MULTIPLE ) @@ -547,7 +564,7 @@ void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len ) - (size_t)buf % MBEDTLS_MEMORY_ALIGN_MULTIPLE; } - memset( buf, 0, len ); + mbedtls_platform_zeroize( buf, len ); heap.buf = buf; heap.len = len; diff --git a/third_party/mbedtls/net_sockets.c b/third_party/mbedtls/net_sockets.c new file mode 100644 index 000000000..a5c505e55 --- /dev/null +++ b/third_party/mbedtls/net_sockets.c @@ -0,0 +1,516 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/calls/calls.h" +#include "libc/calls/struct/sockaddr6.h" +#include "libc/dns/dns.h" +#include "libc/errno.h" +#include "libc/sock/select.h" +#include "libc/sysv/consts/af.h" +#include "libc/sysv/consts/f.h" +#include "libc/sysv/consts/ipproto.h" +#include "libc/sysv/consts/msg.h" +#include "libc/sysv/consts/o.h" +#include "libc/sysv/consts/so.h" +#include "libc/sysv/consts/sock.h" +#include "libc/sysv/consts/sol.h" +#include "third_party/mbedtls/error.h" +#include "third_party/mbedtls/net_sockets.h" +#include "third_party/mbedtls/ssl.h" + +#define IS_EINTR(ret) ((ret) == EINTR) + +static int net_prepare(void) { + signal(SIGPIPE, SIG_IGN); + return 0; +} + +/** + * \brief Initialize a context + * Just makes the context ready to be used or freed safely. + * + * \param ctx Context to initialize + */ +void mbedtls_net_init(mbedtls_net_context *ctx) { + ctx->fd = -1; +} + +/** + * \brief Initiate a connection with host:port in the given protocol + * + * \param ctx Socket to use + * \param host Host to connect to + * \param port Port to connect to + * \param proto Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP + * + * \return 0 if successful, or one of: + * MBEDTLS_ERR_NET_SOCKET_FAILED, + * MBEDTLS_ERR_NET_UNKNOWN_HOST, + * MBEDTLS_ERR_NET_CONNECT_FAILED + * + * \note Sets the socket in connected mode even with UDP. + */ +int mbedtls_net_connect(mbedtls_net_context *ctx, const char *host, + const char *port, int proto) { + int ret = MBEDTLS_ERR_THIS_CORRUPTION; + struct addrinfo hints, *addr_list, *cur; + if ((ret = net_prepare()) != 0) return ret; + /* Do name resolution with both IPv6 and IPv4 */ + mbedtls_platform_zeroize(&hints, sizeof(hints)); + hints.ai_family = AF_UNSPEC; + hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM; + hints.ai_protocol = + proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP; + if (getaddrinfo(host, port, &hints, &addr_list) != 0) + return MBEDTLS_ERR_NET_UNKNOWN_HOST; + /* Try the sockaddrs until a connection succeeds */ + ret = MBEDTLS_ERR_NET_UNKNOWN_HOST; + for (cur = addr_list; cur != NULL; cur = cur->ai_next) { + ctx->fd = (int)socket(cur->ai_family, cur->ai_socktype, cur->ai_protocol); + if (ctx->fd < 0) { + ret = MBEDTLS_ERR_NET_SOCKET_FAILED; + continue; + } + if (connect(ctx->fd, cur->ai_addr, cur->ai_addrlen) == 0) { + ret = 0; + break; + } + close(ctx->fd); + ret = MBEDTLS_ERR_NET_CONNECT_FAILED; + } + freeaddrinfo(addr_list); + return ret; +} + +/** + * \brief Create a receiving socket on bind_ip:port in the chosen + * protocol. If bind_ip == NULL, all interfaces are bound. + * + * \param ctx Socket to use + * \param bind_ip IP to bind to, can be NULL + * \param port Port number to use + * \param proto Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP + * + * \return 0 if successful, or one of: + * MBEDTLS_ERR_NET_SOCKET_FAILED, + * MBEDTLS_ERR_NET_UNKNOWN_HOST, + * MBEDTLS_ERR_NET_BIND_FAILED, + * MBEDTLS_ERR_NET_LISTEN_FAILED + * + * \note Regardless of the protocol, opens the sockets and binds it. + * In addition, make the socket listening if protocol is TCP. + */ +int mbedtls_net_bind(mbedtls_net_context *ctx, const char *bind_ip, + const char *port, int proto) { + int n, ret; + struct addrinfo hints, *addr_list, *cur; + if ((ret = net_prepare()) != 0) return ret; + /* Bind to IPv6 and/or IPv4, but only in the desired protocol */ + mbedtls_platform_zeroize(&hints, sizeof(hints)); + hints.ai_family = AF_UNSPEC; + hints.ai_socktype = proto == MBEDTLS_NET_PROTO_UDP ? SOCK_DGRAM : SOCK_STREAM; + hints.ai_protocol = + proto == MBEDTLS_NET_PROTO_UDP ? IPPROTO_UDP : IPPROTO_TCP; + if (bind_ip == NULL) hints.ai_flags = AI_PASSIVE; + if (getaddrinfo(bind_ip, port, &hints, &addr_list) != 0) + return MBEDTLS_ERR_NET_UNKNOWN_HOST; + /* Try the sockaddrs until a binding succeeds */ + ret = MBEDTLS_ERR_NET_UNKNOWN_HOST; + for (cur = addr_list; cur != NULL; cur = cur->ai_next) { + ctx->fd = (int)socket(cur->ai_family, cur->ai_socktype, cur->ai_protocol); + if (ctx->fd < 0) { + ret = MBEDTLS_ERR_NET_SOCKET_FAILED; + continue; + } + n = 1; + if (setsockopt(ctx->fd, SOL_SOCKET, SO_REUSEADDR, (const char *)&n, + sizeof(n)) != 0) { + close(ctx->fd); + ret = MBEDTLS_ERR_NET_SOCKET_FAILED; + continue; + } + if (bind(ctx->fd, cur->ai_addr, cur->ai_addrlen) != 0) { + close(ctx->fd); + ret = MBEDTLS_ERR_NET_BIND_FAILED; + continue; + } + /* Listen only makes sense for TCP */ + if (proto == MBEDTLS_NET_PROTO_TCP) { + if (listen(ctx->fd, MBEDTLS_NET_LISTEN_BACKLOG) != 0) { + close(ctx->fd); + ret = MBEDTLS_ERR_NET_LISTEN_FAILED; + continue; + } + } + /* Bind was successful */ + ret = 0; + break; + } + freeaddrinfo(addr_list); + return ret; +} + +/* + * Check if the requested operation would be blocking on a non-blocking socket + * and thus 'failed' with a negative return value. + * + * Note: on a blocking socket this function always returns 0! + */ +static int net_would_block(const mbedtls_net_context *ctx) { + int err = errno; + /* + * Never return 'WOULD BLOCK' on a blocking socket + */ + if ((fcntl(ctx->fd, F_GETFL) & O_NONBLOCK) != O_NONBLOCK) { + errno = err; + return 0; + } + errno = err; + if (err == EAGAIN || err == EWOULDBLOCK) return 1; + return 0; +} + +/** + * \brief Accept a connection from a remote client + * + * \param bind_ctx Relevant socket + * \param client_ctx Will contain the connected client socket + * \param client_ip Will contain the client IP address, can be NULL + * \param buf_size Size of the client_ip buffer + * \param ip_len Will receive the size of the client IP written, + * can be NULL if client_ip is null + * + * \return 0 if successful, or + * MBEDTLS_ERR_NET_SOCKET_FAILED, + * MBEDTLS_ERR_NET_BIND_FAILED, + * MBEDTLS_ERR_NET_ACCEPT_FAILED, or + * MBEDTLS_ERR_NET_BUFFER_TOO_SMALL if buf_size is too small, + * MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to + * non-blocking and accept() would block. + */ +int mbedtls_net_accept(mbedtls_net_context *bind_ctx, + mbedtls_net_context *client_ctx, void *client_ip, + size_t buf_size, size_t *ip_len) { + int ret = MBEDTLS_ERR_THIS_CORRUPTION; + int type; + struct sockaddr_storage client_addr; +#if defined(__socklen_t_defined) || defined(_SOCKLEN_T) || \ + defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t) || \ + defined(socklen_t) || \ + (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L) + socklen_t n = (socklen_t)sizeof(client_addr); + socklen_t type_len = (socklen_t)sizeof(type); +#else + int n = (int)sizeof(client_addr); + int type_len = (int)sizeof(type); +#endif + /* Is this a TCP or UDP socket? */ + if (getsockopt(bind_ctx->fd, SOL_SOCKET, SO_TYPE, (void *)&type, &type_len) != + 0 || + (type != SOCK_STREAM && type != SOCK_DGRAM)) { + return MBEDTLS_ERR_NET_ACCEPT_FAILED; + } + if (type == SOCK_STREAM) { + /* TCP: actual accept() */ + ret = client_ctx->fd = + (int)accept(bind_ctx->fd, (struct sockaddr *)&client_addr, &n); + } else { + /* UDP: wait for a message, but keep it in the queue */ + char buf[1] = {0}; + ret = (int)recvfrom(bind_ctx->fd, buf, sizeof(buf), MSG_PEEK, + (struct sockaddr *)&client_addr, &n); +#if defined(_WIN32) + if (ret == SOCKET_ERROR && WSAGetLastError() == WSAEMSGSIZE) { + /* We know buf is too small, thanks, just peeking here */ + ret = 0; + } +#endif + } + if (ret < 0) { + if (net_would_block(bind_ctx) != 0) return MBEDTLS_ERR_SSL_WANT_READ; + return MBEDTLS_ERR_NET_ACCEPT_FAILED; + } + /* UDP: hijack the listening socket to communicate with the client, + * then bind a new socket to accept new connections */ + if (type != SOCK_STREAM) { + struct sockaddr_storage local_addr; + int one = 1; + if (connect(bind_ctx->fd, (struct sockaddr *)&client_addr, n) != 0) + return MBEDTLS_ERR_NET_ACCEPT_FAILED; + client_ctx->fd = bind_ctx->fd; + bind_ctx->fd = -1; /* In case we exit early */ + n = sizeof(struct sockaddr_storage); + if (getsockname(client_ctx->fd, (struct sockaddr *)&local_addr, &n) != 0 || + (bind_ctx->fd = + (int)socket(local_addr.ss_family, SOCK_DGRAM, IPPROTO_UDP)) < 0 || + setsockopt(bind_ctx->fd, SOL_SOCKET, SO_REUSEADDR, (const char *)&one, + sizeof(one)) != 0) { + return MBEDTLS_ERR_NET_SOCKET_FAILED; + } + if (bind(bind_ctx->fd, (struct sockaddr *)&local_addr, n) != 0) { + return MBEDTLS_ERR_NET_BIND_FAILED; + } + } + if (client_ip != NULL) { + if (client_addr.ss_family == AF_INET) { + struct sockaddr_in *addr4 = (struct sockaddr_in *)&client_addr; + *ip_len = sizeof(addr4->sin_addr.s_addr); + if (buf_size < *ip_len) return MBEDTLS_ERR_NET_BUFFER_TOO_SMALL; + memcpy(client_ip, &addr4->sin_addr.s_addr, *ip_len); + } else { + struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *)&client_addr; + *ip_len = sizeof(addr6->sin6_addr.s6_addr); + if (buf_size < *ip_len) return MBEDTLS_ERR_NET_BUFFER_TOO_SMALL; + memcpy(client_ip, &addr6->sin6_addr.s6_addr, *ip_len); + } + } + return 0; +} + +/** + * \brief Set the socket blocking + * + * \param ctx Socket to set + * + * \return 0 if successful, or a non-zero error code + */ +int mbedtls_net_set_block(mbedtls_net_context *ctx) { + return fcntl(ctx->fd, F_SETFL, fcntl(ctx->fd, F_GETFL) & ~O_NONBLOCK); +} + +/** + * \brief Set the socket non-blocking + * + * \param ctx Socket to set + * + * \return 0 if successful, or a non-zero error code + */ +int mbedtls_net_set_nonblock(mbedtls_net_context *ctx) { + return fcntl(ctx->fd, F_SETFL, fcntl(ctx->fd, F_GETFL) | O_NONBLOCK); +} + +/** + * \brief Check and wait for the context to be ready for read/write + * + * \note The current implementation of this function uses + * select() and returns an error if the file descriptor + * is \c FD_SETSIZE or greater. + * + * \param ctx Socket to check + * \param rw Bitflag composed of MBEDTLS_NET_POLL_READ and + * MBEDTLS_NET_POLL_WRITE specifying the events + * to wait for: + * - If MBEDTLS_NET_POLL_READ is set, the function + * will return as soon as the net context is available + * for reading. + * - If MBEDTLS_NET_POLL_WRITE is set, the function + * will return as soon as the net context is available + * for writing. + * \param timeout Maximal amount of time to wait before returning, + * in milliseconds. If \c timeout is zero, the + * function returns immediately. If \c timeout is + * -1u, the function blocks potentially indefinitely. + * + * \return Bitmask composed of MBEDTLS_NET_POLL_READ/WRITE + * on success or timeout, or a negative return code otherwise. + */ +int mbedtls_net_poll(mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout) { + int ret = MBEDTLS_ERR_THIS_CORRUPTION; + struct timeval tv; + fd_set read_fds; + fd_set write_fds; + int fd = ctx->fd; + if (fd < 0) return MBEDTLS_ERR_NET_INVALID_CONTEXT; + /* A limitation of select() is that it only works with file descriptors + * that are strictly less than FD_SETSIZE. This is a limitation of the + * fd_set type. Error out early, because attempting to call FD_SET on a + * large file descriptor is a buffer overflow on typical platforms. */ + if (fd >= FD_SETSIZE) return MBEDTLS_ERR_NET_POLL_FAILED; +#if defined(__has_feature) +#if __has_feature(memory_sanitizer) + /* Ensure that memory sanitizers consider read_fds and write_fds as + * initialized even on platforms such as Glibc/x86_64 where FD_ZERO + * is implemented in assembly. */ + mbedtls_platform_zeroize(&read_fds, sizeof(read_fds)); + mbedtls_platform_zeroize(&write_fds, sizeof(write_fds)); +#endif +#endif + FD_ZERO(&read_fds); + if (rw & MBEDTLS_NET_POLL_READ) { + rw &= ~MBEDTLS_NET_POLL_READ; + FD_SET(fd, &read_fds); + } + FD_ZERO(&write_fds); + if (rw & MBEDTLS_NET_POLL_WRITE) { + rw &= ~MBEDTLS_NET_POLL_WRITE; + FD_SET(fd, &write_fds); + } + if (rw != 0) return MBEDTLS_ERR_NET_BAD_INPUT_DATA; + tv.tv_sec = timeout / 1000; + tv.tv_usec = (timeout % 1000) * 1000; + do { + ret = select(fd + 1, &read_fds, &write_fds, NULL, + timeout == (uint32_t)-1 ? NULL : &tv); + } while (IS_EINTR(ret)); + if (ret < 0) return MBEDTLS_ERR_NET_POLL_FAILED; + ret = 0; + if (FD_ISSET(fd, &read_fds)) ret |= MBEDTLS_NET_POLL_READ; + if (FD_ISSET(fd, &write_fds)) ret |= MBEDTLS_NET_POLL_WRITE; + return ret; +} + +/** + * \brief Portable usleep helper + * + * \param usec Amount of microseconds to sleep + * + * \note Real amount of time slept will not be less than + * select()'s timeout granularity (typically, 10ms). + */ +void mbedtls_net_usleep(unsigned long usec) { + usleep(usec); +} + +/** + * \brief Read at most 'len' characters. If no error occurs, + * the actual amount read is returned. + * + * \param ctx Socket + * \param buf The buffer to write to + * \param len Maximum length of the buffer + * + * \return the number of bytes received, + * or a non-zero error code; with a non-blocking socket, + * MBEDTLS_ERR_SSL_WANT_READ indicates read() would block. + */ +int mbedtls_net_recv(void *ctx, unsigned char *buf, size_t len) { + int ret = MBEDTLS_ERR_THIS_CORRUPTION; + int fd = ((mbedtls_net_context *)ctx)->fd; + if (fd < 0) return MBEDTLS_ERR_NET_INVALID_CONTEXT; + ret = (int)read(fd, buf, len); + if (ret < 0) { + if (net_would_block(ctx) != 0) return MBEDTLS_ERR_SSL_WANT_READ; + if (errno == EPIPE || errno == ECONNRESET) + return MBEDTLS_ERR_NET_CONN_RESET; + if (errno == EINTR) return MBEDTLS_ERR_SSL_WANT_READ; + return MBEDTLS_ERR_NET_RECV_FAILED; + } + return ret; +} + +/** + * \brief Read at most 'len' characters, blocking for at most + * 'timeout' seconds. If no error occurs, the actual amount + * read is returned. + * + * \note The current implementation of this function uses + * select() and returns an error if the file descriptor + * is \c FD_SETSIZE or greater. + * + * \param ctx Socket + * \param buf The buffer to write to + * \param len Maximum length of the buffer + * \param timeout Maximum number of milliseconds to wait for data + * 0 means no timeout (wait forever) + * + * \return The number of bytes received if successful. + * MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out. + * MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal. + * Another negative error code (MBEDTLS_ERR_NET_xxx) + * for other failures. + * + * \note This function will block (until data becomes available or + * timeout is reached) even if the socket is set to + * non-blocking. Handling timeouts with non-blocking reads + * requires a different strategy. + */ +int mbedtls_net_recv_timeout(void *ctx, unsigned char *buf, size_t len, + uint32_t timeout) { + int ret = MBEDTLS_ERR_THIS_CORRUPTION; + struct timeval tv; + fd_set read_fds; + int fd = ((mbedtls_net_context *)ctx)->fd; + if (fd < 0) return MBEDTLS_ERR_NET_INVALID_CONTEXT; + /* A limitation of select() is that it only works with file descriptors + * that are strictly less than FD_SETSIZE. This is a limitation of the + * fd_set type. Error out early, because attempting to call FD_SET on a + * large file descriptor is a buffer overflow on typical platforms. */ + if (fd >= FD_SETSIZE) return (MBEDTLS_ERR_NET_POLL_FAILED); + FD_ZERO(&read_fds); + FD_SET(fd, &read_fds); + tv.tv_sec = timeout / 1000; + tv.tv_usec = (timeout % 1000) * 1000; + ret = select(fd + 1, &read_fds, NULL, NULL, timeout == 0 ? NULL : &tv); + /* Zero fds ready means we timed out */ + if (ret == 0) return MBEDTLS_ERR_SSL_TIMEOUT; + if (ret < 0) { + if (errno == EINTR) return MBEDTLS_ERR_SSL_WANT_READ; + return MBEDTLS_ERR_NET_RECV_FAILED; + } + /* This call will not block */ + return mbedtls_net_recv(ctx, buf, len); +} + +/** + * \brief Write at most 'len' characters. If no error occurs, + * the actual amount read is returned. + * + * \param ctx Socket + * \param buf The buffer to read from + * \param len The length of the buffer + * + * \return the number of bytes sent, + * or a non-zero error code; with a non-blocking socket, + * MBEDTLS_ERR_SSL_WANT_WRITE indicates write() would block. + */ +int mbedtls_net_send(void *ctx, const unsigned char *buf, size_t len) { + int ret = MBEDTLS_ERR_THIS_CORRUPTION; + int fd = ((mbedtls_net_context *)ctx)->fd; + if (fd < 0) return MBEDTLS_ERR_NET_INVALID_CONTEXT; + ret = (int)write(fd, buf, len); + if (ret < 0) { + if (net_would_block(ctx) != 0) return MBEDTLS_ERR_SSL_WANT_WRITE; + if (errno == EPIPE || errno == ECONNRESET) + return MBEDTLS_ERR_NET_CONN_RESET; + if (errno == EINTR) return MBEDTLS_ERR_SSL_WANT_WRITE; + return MBEDTLS_ERR_NET_SEND_FAILED; + } + return ret; +} + +/** + * \brief Closes down the connection and free associated data + * + * \param ctx The context to close + */ +void mbedtls_net_close(mbedtls_net_context *ctx) { + if (ctx->fd == -1) return; + close(ctx->fd); + ctx->fd = -1; +} + +/** + * \brief Gracefully shutdown the connection and free associated data + * + * \param ctx The context to free + */ +void mbedtls_net_free(mbedtls_net_context *ctx) { + if (ctx->fd == -1) return; + shutdown(ctx->fd, 2); + close(ctx->fd); + ctx->fd = -1; +} diff --git a/third_party/mbedtls/net_sockets.h b/third_party/mbedtls/net_sockets.h new file mode 100644 index 000000000..8243d9452 --- /dev/null +++ b/third_party/mbedtls/net_sockets.h @@ -0,0 +1,58 @@ +#ifndef COSMOPOLITAN_THIRD_PARTY_MBEDTLS_NET_SOCKETS_H_ +#define COSMOPOLITAN_THIRD_PARTY_MBEDTLS_NET_SOCKETS_H_ +#if !(__ASSEMBLER__ + __LINKER__ + 0) +COSMOPOLITAN_C_START_ +/* clang-format off */ + +#define MBEDTLS_ERR_NET_SOCKET_FAILED -0x0042 /**< Failed to open a socket. */ +#define MBEDTLS_ERR_NET_CONNECT_FAILED -0x0044 /**< The connection to the given server / port failed. */ +#define MBEDTLS_ERR_NET_BIND_FAILED -0x0046 /**< Binding of the socket failed. */ +#define MBEDTLS_ERR_NET_LISTEN_FAILED -0x0048 /**< Could not listen on the socket. */ +#define MBEDTLS_ERR_NET_ACCEPT_FAILED -0x004A /**< Could not accept the incoming connection. */ +#define MBEDTLS_ERR_NET_RECV_FAILED -0x004C /**< Reading information from the socket failed. */ +#define MBEDTLS_ERR_NET_SEND_FAILED -0x004E /**< Sending information through the socket failed. */ +#define MBEDTLS_ERR_NET_CONN_RESET -0x0050 /**< Connection was reset by peer. */ +#define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052 /**< Failed to get an IP address for the given hostname. */ +#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL -0x0043 /**< Buffer is too small to hold the data. */ +#define MBEDTLS_ERR_NET_INVALID_CONTEXT -0x0045 /**< The context is invalid, eg because it was free()ed. */ +#define MBEDTLS_ERR_NET_POLL_FAILED -0x0047 /**< Polling the net context failed. */ +#define MBEDTLS_ERR_NET_BAD_INPUT_DATA -0x0049 /**< Input invalid. */ + +#define MBEDTLS_NET_LISTEN_BACKLOG 10 /**< The backlog that listen() should use. */ + +#define MBEDTLS_NET_PROTO_TCP 0 /**< The TCP transport protocol */ +#define MBEDTLS_NET_PROTO_UDP 1 /**< The UDP transport protocol */ + +#define MBEDTLS_NET_POLL_READ 1 /**< Used in \c mbedtls_net_poll to check for pending data */ +#define MBEDTLS_NET_POLL_WRITE 2 /**< Used in \c mbedtls_net_poll to check if write possible */ + +/** + * Wrapper type for sockets. + * + * Currently backed by just a file descriptor, but might be more in the future + * (eg two file descriptors for combined IPv4 + IPv6 support, or additional + * structures for hand-made UDP demultiplexing). + */ +typedef struct mbedtls_net_context +{ + int fd; /**< The underlying file descriptor */ +} +mbedtls_net_context; + +int mbedtls_net_accept( mbedtls_net_context *, mbedtls_net_context *, void *, size_t, size_t * ); +int mbedtls_net_bind( mbedtls_net_context *, const char *, const char *, int ); +int mbedtls_net_connect( mbedtls_net_context *, const char *, const char *, int ); +int mbedtls_net_poll( mbedtls_net_context *, uint32_t, uint32_t ); +int mbedtls_net_recv( void *, unsigned char *, size_t ); +int mbedtls_net_recv_timeout( void *, unsigned char *, size_t, uint32_t ); +int mbedtls_net_send( void *, const unsigned char *, size_t ); +int mbedtls_net_set_block( mbedtls_net_context * ); +int mbedtls_net_set_nonblock( mbedtls_net_context * ); +void mbedtls_net_close( mbedtls_net_context * ); +void mbedtls_net_free( mbedtls_net_context * ); +void mbedtls_net_init( mbedtls_net_context * ); +void mbedtls_net_usleep( unsigned long ); + +COSMOPOLITAN_C_END_ +#endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */ +#endif /* COSMOPOLITAN_THIRD_PARTY_MBEDTLS_NET_SOCKETS_H_ */ diff --git a/third_party/mbedtls/nist_kw.c b/third_party/mbedtls/nist_kw.c index f8e633c26..9f085745e 100644 --- a/third_party/mbedtls/nist_kw.c +++ b/third_party/mbedtls/nist_kw.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/endian.h" #include "third_party/mbedtls/error.h" @@ -75,7 +92,7 @@ static const unsigned char NIST_KW_ICV2[] = {0xA6, 0x59, 0x59, 0xA6}; */ void mbedtls_nist_kw_init( mbedtls_nist_kw_context *ctx ) { - memset( ctx, 0, sizeof( mbedtls_nist_kw_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_nist_kw_context ) ); } int mbedtls_nist_kw_setkey( mbedtls_nist_kw_context *ctx, @@ -84,7 +101,7 @@ int mbedtls_nist_kw_setkey( mbedtls_nist_kw_context *ctx, unsigned int keybits, const int is_wrap ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; const mbedtls_cipher_info_t *cipher_info; cipher_info = mbedtls_cipher_info_from_values( cipher, @@ -275,7 +292,7 @@ cleanup: if( ret != 0) { - memset( output, 0, semiblocks * KW_SEMIBLOCK_LENGTH ); + mbedtls_platform_zeroize( output, semiblocks * KW_SEMIBLOCK_LENGTH ); } mbedtls_platform_zeroize( inbuff, KW_SEMIBLOCK_LENGTH * 2 ); mbedtls_platform_zeroize( outbuff, KW_SEMIBLOCK_LENGTH * 2 ); @@ -341,7 +358,7 @@ static int unwrap( mbedtls_nist_kw_context *ctx, cleanup: if( ret != 0) - memset( output, 0, ( semiblocks - 1 ) * KW_SEMIBLOCK_LENGTH ); + mbedtls_platform_zeroize( output, ( semiblocks - 1 ) * KW_SEMIBLOCK_LENGTH ); mbedtls_platform_zeroize( inbuff, sizeof( inbuff ) ); mbedtls_platform_zeroize( outbuff, sizeof( outbuff ) ); @@ -477,7 +494,7 @@ int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx, { goto cleanup; } - memset( output + Plen, 0, padlen ); + mbedtls_platform_zeroize( output + Plen, padlen ); *out_len = Plen; } else @@ -489,7 +506,7 @@ int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx, cleanup: if( ret != 0 ) { - memset( output, 0, *out_len ); + mbedtls_platform_zeroize( output, *out_len ); *out_len = 0; } diff --git a/third_party/mbedtls/oid.c b/third_party/mbedtls/oid.c index c2dcd96cc..d02d87dec 100644 --- a/third_party/mbedtls/oid.c +++ b/third_party/mbedtls/oid.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "libc/fmt/fmt.h" #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/error.h" @@ -10,27 +27,10 @@ Mbed TLS (Apache 2.0)\\n\ Copyright ARM Limited\\n\ Copyright Mbed TLS Contributors\""); asm(".include \"libc/disclaimer.inc\""); - /* clang-format off */ + /** - * \file oid.c - * - * \brief Object Identifier (OID) database - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * @fileoverview Object Identifier (OID) database */ #if defined(MBEDTLS_OID_C) @@ -718,9 +718,9 @@ FN_OID_GET_ATTR2(mbedtls_oid_get_pkcs12_pbe_alg, oid_pkcs12_pbe_alg_t, pkcs12_pb /* Return the x.y.z.... style numeric string for the given OID */ int mbedtls_oid_get_numeric_string( char *buf, size_t size, - const mbedtls_asn1_buf *oid ) + const mbedtls_asn1_buf *oid ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t i, n; unsigned int value; char *p; diff --git a/third_party/mbedtls/pem.c b/third_party/mbedtls/pem.c index 9daf39c33..37025cf71 100644 --- a/third_party/mbedtls/pem.c +++ b/third_party/mbedtls/pem.c @@ -1,6 +1,24 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "libc/mem/mem.h" #include "third_party/mbedtls/aes.h" #include "third_party/mbedtls/base64.h" +#include "third_party/mbedtls/chk.h" #include "third_party/mbedtls/cipher.h" #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/des.h" @@ -16,30 +34,16 @@ Copyright ARM Limited\\n\ Copyright Mbed TLS Contributors\""); asm(".include \"libc/disclaimer.inc\""); -/* - * Privacy Enhanced Mail (PEM) decoding - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. +/** + * @fileoverview Privacy Enhanced Mail (PEM) decoding */ + #if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C) #if defined(MBEDTLS_PEM_PARSE_C) void mbedtls_pem_init( mbedtls_pem_context *ctx ) { - memset( ctx, 0, sizeof( mbedtls_pem_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pem_context ) ); } #if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \ @@ -51,21 +55,16 @@ static int pem_get_iv( const unsigned char *s, unsigned char *iv, size_t iv_len ) { size_t i, j, k; - - memset( iv, 0, iv_len ); - + mbedtls_platform_zeroize( iv, iv_len ); for( i = 0; i < iv_len * 2; i++, s++ ) { if( *s >= '0' && *s <= '9' ) j = *s - '0'; else if( *s >= 'A' && *s <= 'F' ) j = *s - '7'; else if( *s >= 'a' && *s <= 'f' ) j = *s - 'W'; else return( MBEDTLS_ERR_PEM_INVALID_ENC_IV ); - k = ( ( i & 1 ) != 0 ) ? j : j << 4; - iv[i >> 1] = (unsigned char)( iv[i >> 1] | k ); } - return( 0 ); } @@ -76,54 +75,36 @@ static int pem_pbkdf1( unsigned char *key, size_t keylen, mbedtls_md5_context md5_ctx; unsigned char md5sum[16]; size_t use_len; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_md5_init( &md5_ctx ); - /* * key[ 0..15] = MD5(pwd || IV) */ - if( ( ret = mbedtls_md5_starts_ret( &md5_ctx ) ) != 0 ) - goto exit; - if( ( ret = mbedtls_md5_update_ret( &md5_ctx, pwd, pwdlen ) ) != 0 ) - goto exit; - if( ( ret = mbedtls_md5_update_ret( &md5_ctx, iv, 8 ) ) != 0 ) - goto exit; - if( ( ret = mbedtls_md5_finish_ret( &md5_ctx, md5sum ) ) != 0 ) - goto exit; - + MBEDTLS_CHK( mbedtls_md5_starts_ret( &md5_ctx ) ); + MBEDTLS_CHK( mbedtls_md5_update_ret( &md5_ctx, pwd, pwdlen ) ); + MBEDTLS_CHK( mbedtls_md5_update_ret( &md5_ctx, iv, 8 ) ); + MBEDTLS_CHK( mbedtls_md5_finish_ret( &md5_ctx, md5sum ) ); if( keylen <= 16 ) { memcpy( key, md5sum, keylen ); - goto exit; + goto cleanup; } - memcpy( key, md5sum, 16 ); - /* * key[16..23] = MD5(key[ 0..15] || pwd || IV]) */ - if( ( ret = mbedtls_md5_starts_ret( &md5_ctx ) ) != 0 ) - goto exit; - if( ( ret = mbedtls_md5_update_ret( &md5_ctx, md5sum, 16 ) ) != 0 ) - goto exit; - if( ( ret = mbedtls_md5_update_ret( &md5_ctx, pwd, pwdlen ) ) != 0 ) - goto exit; - if( ( ret = mbedtls_md5_update_ret( &md5_ctx, iv, 8 ) ) != 0 ) - goto exit; - if( ( ret = mbedtls_md5_finish_ret( &md5_ctx, md5sum ) ) != 0 ) - goto exit; - + MBEDTLS_CHK( mbedtls_md5_starts_ret( &md5_ctx ) ); + MBEDTLS_CHK( mbedtls_md5_update_ret( &md5_ctx, md5sum, 16 ) ); + MBEDTLS_CHK( mbedtls_md5_update_ret( &md5_ctx, pwd, pwdlen ) ); + MBEDTLS_CHK( mbedtls_md5_update_ret( &md5_ctx, iv, 8 ) ); + MBEDTLS_CHK( mbedtls_md5_finish_ret( &md5_ctx, md5sum ) ); use_len = 16; if( keylen < 32 ) use_len = keylen - 16; - memcpy( key + 16, md5sum, use_len ); - -exit: +cleanup: mbedtls_md5_free( &md5_ctx ); mbedtls_platform_zeroize( md5sum, 16 ); - return( ret ); } @@ -137,22 +118,17 @@ static int pem_des_decrypt( unsigned char des_iv[8], { mbedtls_des_context des_ctx; unsigned char des_key[8]; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_des_init( &des_ctx ); - if( ( ret = pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_des_setkey_dec( &des_ctx, des_key ) ) != 0 ) goto exit; ret = mbedtls_des_crypt_cbc( &des_ctx, MBEDTLS_DES_DECRYPT, buflen, des_iv, buf, buf ); - exit: mbedtls_des_free( &des_ctx ); mbedtls_platform_zeroize( des_key, 8 ); - return( ret ); } @@ -165,22 +141,17 @@ static int pem_des3_decrypt( unsigned char des3_iv[8], { mbedtls_des3_context des3_ctx; unsigned char des3_key[24]; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_des3_init( &des3_ctx ); - if( ( ret = pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_des3_set3key_dec( &des3_ctx, des3_key ) ) != 0 ) goto exit; ret = mbedtls_des3_crypt_cbc( &des3_ctx, MBEDTLS_DES_DECRYPT, buflen, des3_iv, buf, buf ); - exit: mbedtls_des3_free( &des3_ctx ); mbedtls_platform_zeroize( des3_key, 24 ); - return( ret ); } #endif /* MBEDTLS_DES_C */ @@ -195,22 +166,17 @@ static int pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen, { mbedtls_aes_context aes_ctx; unsigned char aes_key[32]; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_aes_init( &aes_ctx ); - if( ( ret = pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 ) ) != 0 ) goto exit; ret = mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_DECRYPT, buflen, aes_iv, buf, buf ); - exit: mbedtls_aes_free( &aes_ctx ); mbedtls_platform_zeroize( aes_key, keylen ); - return( ret ); } #endif /* MBEDTLS_AES_C */ @@ -235,70 +201,54 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const ((void) pwdlen); #endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ - - if( ctx == NULL ) + if( !ctx ) return( MBEDTLS_ERR_PEM_BAD_INPUT_DATA ); - s1 = (unsigned char *) strstr( (const char *) data, header ); - - if( s1 == NULL ) + if( !s1 ) return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ); - s2 = (unsigned char *) strstr( (const char *) data, footer ); - - if( s2 == NULL || s2 <= s1 ) + if( !s2 || s2 <= s1 ) return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ); - s1 += strlen( header ); if( *s1 == ' ' ) s1++; if( *s1 == '\r' ) s1++; if( *s1 == '\n' ) s1++; else return( MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ); - end = s2; end += strlen( footer ); if( *end == ' ' ) end++; if( *end == '\r' ) end++; if( *end == '\n' ) end++; *use_len = end - data; - enc = 0; - if( s2 - s1 >= 22 && memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 ) { #if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \ ( defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) ) enc++; - s1 += 22; if( *s1 == '\r' ) s1++; if( *s1 == '\n' ) s1++; else return( MBEDTLS_ERR_PEM_INVALID_DATA ); - #if defined(MBEDTLS_DES_C) if( s2 - s1 >= 23 && memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 ) { enc_alg = MBEDTLS_CIPHER_DES_EDE3_CBC; - s1 += 23; if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8 ) != 0 ) return( MBEDTLS_ERR_PEM_INVALID_ENC_IV ); - s1 += 16; } else if( s2 - s1 >= 18 && memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 ) { enc_alg = MBEDTLS_CIPHER_DES_CBC; - s1 += 18; if( s2 - s1 < 16 || pem_get_iv( s1, pem_iv, 8) != 0 ) return( MBEDTLS_ERR_PEM_INVALID_ENC_IV ); - s1 += 16; } #endif /* MBEDTLS_DES_C */ - #if defined(MBEDTLS_AES_C) if( s2 - s1 >= 14 && memcmp( s1, "DEK-Info: AES-", 14 ) == 0 ) { @@ -312,18 +262,14 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const enc_alg = MBEDTLS_CIPHER_AES_256_CBC; else return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG ); - s1 += 22; if( s2 - s1 < 32 || pem_get_iv( s1, pem_iv, 16 ) != 0 ) return( MBEDTLS_ERR_PEM_INVALID_ENC_IV ); - s1 += 32; } #endif /* MBEDTLS_AES_C */ - if( enc_alg == MBEDTLS_CIPHER_NONE ) return( MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG ); - if( *s1 == '\r' ) s1++; if( *s1 == '\n' ) s1++; else return( MBEDTLS_ERR_PEM_INVALID_DATA ); @@ -332,25 +278,19 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const #endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ } - if( s1 >= s2 ) return( MBEDTLS_ERR_PEM_INVALID_DATA ); - ret = mbedtls_base64_decode( NULL, 0, &len, s1, s2 - s1 ); - if( ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER ) return( MBEDTLS_ERR_PEM_INVALID_DATA + ret ); - if( ( buf = mbedtls_calloc( 1, len ) ) == NULL ) return( MBEDTLS_ERR_PEM_ALLOC_FAILED ); - if( ( ret = mbedtls_base64_decode( buf, len, &len, s1, s2 - s1 ) ) != 0 ) { mbedtls_platform_zeroize( buf, len ); mbedtls_free( buf ); return( MBEDTLS_ERR_PEM_INVALID_DATA + ret ); } - if( enc != 0 ) { #if defined(MBEDTLS_MD5_C) && defined(MBEDTLS_CIPHER_MODE_CBC) && \ @@ -361,16 +301,13 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const mbedtls_free( buf ); return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED ); } - ret = 0; - #if defined(MBEDTLS_DES_C) if( enc_alg == MBEDTLS_CIPHER_DES_EDE3_CBC ) ret = pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen ); else if( enc_alg == MBEDTLS_CIPHER_DES_CBC ) ret = pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen ); #endif /* MBEDTLS_DES_C */ - #if defined(MBEDTLS_AES_C) if( enc_alg == MBEDTLS_CIPHER_AES_128_CBC ) ret = pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen ); @@ -379,13 +316,11 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const else if( enc_alg == MBEDTLS_CIPHER_AES_256_CBC ) ret = pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen ); #endif /* MBEDTLS_AES_C */ - if( ret != 0 ) { mbedtls_free( buf ); return( ret ); } - /* * The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3 * length bytes (allow 4 to be sure) in all known use cases. @@ -405,22 +340,19 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const #endif /* MBEDTLS_MD5_C && MBEDTLS_CIPHER_MODE_CBC && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ } - ctx->buf = buf; ctx->buflen = len; - return( 0 ); } void mbedtls_pem_free( mbedtls_pem_context *ctx ) { - if ( ctx->buf != NULL ) + if ( ctx->buf ) { mbedtls_platform_zeroize( ctx->buf, ctx->buflen ); mbedtls_free( ctx->buf ); } mbedtls_free( ctx->info ); - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pem_context ) ); } #endif /* MBEDTLS_PEM_PARSE_C */ @@ -430,34 +362,28 @@ int mbedtls_pem_write_buffer( const char *header, const char *footer, const unsigned char *der_data, size_t der_len, unsigned char *buf, size_t buf_len, size_t *olen ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char *encode_buf = NULL, *c, *p = buf; size_t len = 0, use_len, add_len = 0; - mbedtls_base64_encode( NULL, 0, &use_len, der_data, der_len ); add_len = strlen( header ) + strlen( footer ) + ( use_len / 64 ) + 1; - if( use_len + add_len > buf_len ) { *olen = use_len + add_len; return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); } - if( use_len != 0 && ( ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL ) ) return( MBEDTLS_ERR_PEM_ALLOC_FAILED ); - if( ( ret = mbedtls_base64_encode( encode_buf, use_len, &use_len, der_data, der_len ) ) != 0 ) { mbedtls_free( encode_buf ); return( ret ); } - memcpy( p, header, strlen( header ) ); p += strlen( header ); c = encode_buf; - while( use_len ) { len = ( use_len > 64 ) ? 64 : use_len; @@ -467,19 +393,16 @@ int mbedtls_pem_write_buffer( const char *header, const char *footer, c += len; *p++ = '\n'; } - memcpy( p, footer, strlen( footer ) ); p += strlen( footer ); - *p++ = '\0'; *olen = p - buf; - /* Clean any remaining data previously written to the buffer */ - memset( buf + *olen, 0, buf_len - *olen ); - + mbedtls_platform_zeroize( buf + *olen, buf_len - *olen ); mbedtls_free( encode_buf ); return( 0 ); } #endif /* MBEDTLS_PEM_WRITE_C */ + #endif /* MBEDTLS_PEM_PARSE_C || MBEDTLS_PEM_WRITE_C */ diff --git a/third_party/mbedtls/pk.c b/third_party/mbedtls/pk.c index 572c90a63..8accd0211 100644 --- a/third_party/mbedtls/pk.c +++ b/third_party/mbedtls/pk.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/ecdsa.h" #include "third_party/mbedtls/ecp.h" @@ -12,25 +29,10 @@ Mbed TLS (Apache 2.0)\\n\ Copyright ARM Limited\\n\ Copyright Mbed TLS Contributors\""); asm(".include \"libc/disclaimer.inc\""); - /* clang-format off */ -/* - * Public Key abstraction layer - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + +/** + * @fileoverview Public Key abstraction layer */ #if defined(MBEDTLS_PK_C) @@ -48,8 +50,7 @@ asm(".include \"libc/disclaimer.inc\""); */ void mbedtls_pk_init( mbedtls_pk_context *ctx ) { - PK_VALIDATE( ctx != NULL ); - + PK_VALIDATE( ctx ); ctx->pk_info = NULL; ctx->pk_ctx = NULL; } @@ -69,7 +70,7 @@ void mbedtls_pk_free( mbedtls_pk_context *ctx ) { if( ctx == NULL ) return; - if ( ctx->pk_info != NULL ) + if ( ctx->pk_info ) ctx->pk_info->ctx_free_func( ctx->pk_ctx ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_pk_context ) ); } @@ -83,7 +84,7 @@ void mbedtls_pk_free( mbedtls_pk_context *ctx ) */ void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx ) { - PK_VALIDATE( ctx != NULL ); + PK_VALIDATE( ctx ); ctx->pk_info = NULL; ctx->rs_ctx = NULL; } @@ -154,8 +155,8 @@ const mbedtls_pk_info_t * mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type ) */ int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info ) { - PK_VALIDATE_RET( ctx != NULL ); - if( info == NULL || ctx->pk_info != NULL ) + PK_VALIDATE_RET( ctx ); + if( info == NULL || ctx->pk_info ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL ) @@ -189,8 +190,8 @@ int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key, mbedtls_rsa_alt_context *rsa_alt; const mbedtls_pk_info_t *info = &mbedtls_rsa_alt_info; - PK_VALIDATE_RET( ctx != NULL ); - if( ctx->pk_info != NULL ) + PK_VALIDATE_RET( ctx ); + if( ctx->pk_info ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); if( ( ctx->pk_ctx = info->ctx_alloc_func() ) == NULL ) @@ -252,7 +253,7 @@ static int pk_restart_setup( mbedtls_pk_restart_ctx *ctx, const mbedtls_pk_info_t *info ) { /* Don't do anything if already set up or invalid */ - if( ctx == NULL || ctx->pk_info != NULL ) + if( ctx == NULL || ctx->pk_info ) return( 0 ); /* Should never happen when we're called */ @@ -294,10 +295,10 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx, const unsigned char *sig, size_t sig_len, mbedtls_pk_restart_ctx *rs_ctx ) { - PK_VALIDATE_RET( ctx != NULL ); + PK_VALIDATE_RET( ctx ); PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) || - hash != NULL ); - PK_VALIDATE_RET( sig != NULL ); + hash ); + PK_VALIDATE_RET( sig ); if( ctx->pk_info == NULL || pk_hashlen_helper( md_alg, &hash_len ) != 0 ) @@ -305,11 +306,11 @@ int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx, #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /* optimization: use non-restartable version if restart disabled */ - if( rs_ctx != NULL && + if( rs_ctx && mbedtls_ecp_restart_is_enabled() && - ctx->pk_info->verify_rs_func != NULL ) + ctx->pk_info->verify_rs_func ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 ) return( ret ); @@ -399,10 +400,10 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len ) { - PK_VALIDATE_RET( ctx != NULL ); + PK_VALIDATE_RET( ctx ); PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) || - hash != NULL ); - PK_VALIDATE_RET( sig != NULL ); + hash ); + PK_VALIDATE_RET( sig ); if( ctx->pk_info == NULL ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); if( ! mbedtls_pk_can_do( ctx, type ) ) @@ -410,7 +411,7 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, if( type == MBEDTLS_PK_RSASSA_PSS ) { #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; const mbedtls_pk_rsassa_pss_options *pss_opts; #if SIZE_MAX > UINT_MAX if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) @@ -437,7 +438,7 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, #endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */ } /* General case: no options */ - if( options != NULL ) + if( options ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); return( mbedtls_pk_verify( ctx, md_alg, hash, hash_len, sig, sig_len ) ); } @@ -471,47 +472,39 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, * operations was reached: see \c mbedtls_ecp_set_max_ops(). */ int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx, - mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - mbedtls_pk_restart_ctx *rs_ctx ) + mbedtls_md_type_t md_alg, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, mbedtls_pk_restart_ctx *rs_ctx ) { - PK_VALIDATE_RET( ctx != NULL ); + PK_VALIDATE_RET( ctx ); PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) || - hash != NULL ); - PK_VALIDATE_RET( sig != NULL ); - + hash ); + PK_VALIDATE_RET( sig ); if( ctx->pk_info == NULL || pk_hashlen_helper( md_alg, &hash_len ) != 0 ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /* optimization: use non-restartable version if restart disabled */ - if( rs_ctx != NULL && + if( rs_ctx && mbedtls_ecp_restart_is_enabled() && - ctx->pk_info->sign_rs_func != NULL ) + ctx->pk_info->sign_rs_func ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - + int ret = MBEDTLS_ERR_THIS_CORRUPTION; if( ( ret = pk_restart_setup( rs_ctx, ctx->pk_info ) ) != 0 ) return( ret ); - ret = ctx->pk_info->sign_rs_func( ctx->pk_ctx, md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng, rs_ctx->rs_ctx ); - if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) mbedtls_pk_restart_free( rs_ctx ); - return( ret ); } #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ (void) rs_ctx; #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ - if( ctx->pk_info->sign_func == NULL ) return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); - return( ctx->pk_info->sign_func( ctx->pk_ctx, md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng ) ); } @@ -577,17 +570,14 @@ int mbedtls_pk_decrypt( mbedtls_pk_context *ctx, unsigned char *output, size_t *olen, size_t osize, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - PK_VALIDATE_RET( ctx != NULL ); - PK_VALIDATE_RET( input != NULL || ilen == 0 ); - PK_VALIDATE_RET( output != NULL || osize == 0 ); - PK_VALIDATE_RET( olen != NULL ); - + PK_VALIDATE_RET( ctx ); + PK_VALIDATE_RET( input || ilen == 0 ); + PK_VALIDATE_RET( output || osize == 0 ); + PK_VALIDATE_RET( olen ); if( ctx->pk_info == NULL ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - if( ctx->pk_info->decrypt_func == NULL ) return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); - return( ctx->pk_info->decrypt_func( ctx->pk_ctx, input, ilen, output, olen, osize, f_rng, p_rng ) ); } @@ -613,17 +603,14 @@ int mbedtls_pk_encrypt( mbedtls_pk_context *ctx, unsigned char *output, size_t *olen, size_t osize, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - PK_VALIDATE_RET( ctx != NULL ); - PK_VALIDATE_RET( input != NULL || ilen == 0 ); - PK_VALIDATE_RET( output != NULL || osize == 0 ); - PK_VALIDATE_RET( olen != NULL ); - + PK_VALIDATE_RET( ctx ); + PK_VALIDATE_RET( input || ilen == 0 ); + PK_VALIDATE_RET( output || osize == 0 ); + PK_VALIDATE_RET( olen ); if( ctx->pk_info == NULL ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - if( ctx->pk_info->encrypt_func == NULL ) return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); - return( ctx->pk_info->encrypt_func( ctx->pk_ctx, input, ilen, output, olen, osize, f_rng, p_rng ) ); } @@ -643,18 +630,15 @@ int mbedtls_pk_encrypt( mbedtls_pk_context *ctx, */ int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv ) { - PK_VALIDATE_RET( pub != NULL ); - PK_VALIDATE_RET( prv != NULL ); - + PK_VALIDATE_RET( pub ); + PK_VALIDATE_RET( prv ); if( pub->pk_info == NULL || prv->pk_info == NULL ) { return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); } - if( prv->pk_info->check_pair_func == NULL ) return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); - if( prv->pk_info->type == MBEDTLS_PK_RSA_ALT ) { if( pub->pk_info->type != MBEDTLS_PK_RSA ) @@ -665,7 +649,6 @@ int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_conte if( pub->pk_info != prv->pk_info ) return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); } - return( prv->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx ) ); } @@ -695,13 +678,11 @@ size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx ) */ int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items ) { - PK_VALIDATE_RET( ctx != NULL ); + PK_VALIDATE_RET( ctx ); if( ctx->pk_info == NULL ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - if( ctx->pk_info->debug_func == NULL ) return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); - ctx->pk_info->debug_func( ctx->pk_ctx, items ); return( 0 ); } diff --git a/third_party/mbedtls/pk_wrap.c b/third_party/mbedtls/pk_wrap.c index 83a49567e..c3b8722ad 100644 --- a/third_party/mbedtls/pk_wrap.c +++ b/third_party/mbedtls/pk_wrap.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "third_party/mbedtls/asn1.h" #include "third_party/mbedtls/asn1write.h" #include "third_party/mbedtls/common.h" @@ -13,30 +30,16 @@ Mbed TLS (Apache 2.0)\\n\ Copyright ARM Limited\\n\ Copyright Mbed TLS Contributors\""); asm(".include \"libc/disclaimer.inc\""); - /* clang-format off */ -/* - * Public Key abstraction layer: wrapper functions - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + +/** + * @fileoverview Public Key abstraction layer: wrapper functions */ #if defined(MBEDTLS_PK_C) #if defined(MBEDTLS_RSA_C) + static int rsa_can_do( mbedtls_pk_type_t type ) { return( type == MBEDTLS_PK_RSA || @@ -53,7 +56,7 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; size_t rsa_len = mbedtls_rsa_get_len( rsa ); #if SIZE_MAX > UINT_MAX @@ -202,7 +205,7 @@ static int eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_ecdsa_context ecdsa; mbedtls_ecdsa_init( &ecdsa ); @@ -216,11 +219,11 @@ static int eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, } static int eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_ecdsa_context ecdsa; mbedtls_ecdsa_init( &ecdsa ); @@ -237,15 +240,15 @@ static int eckey_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, #if defined(MBEDTLS_ECP_RESTARTABLE) /* Forward declarations */ static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len, - void *rs_ctx ); + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len, + void *rs_ctx ); static int ecdsa_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - void *rs_ctx ); + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + void *rs_ctx ); /* * Restart context for ECDSA operations with ECKEY context @@ -262,74 +265,61 @@ typedef struct static void *eckey_rs_alloc( void ) { eckey_restart_ctx *rs_ctx; - void *ctx = mbedtls_calloc( 1, sizeof( eckey_restart_ctx ) ); - if( ctx != NULL ) { rs_ctx = ctx; mbedtls_ecdsa_restart_init( &rs_ctx->ecdsa_rs ); mbedtls_ecdsa_init( &rs_ctx->ecdsa_ctx ); } - return( ctx ); } static void eckey_rs_free( void *ctx ) { eckey_restart_ctx *rs_ctx; - if( ctx == NULL) return; - rs_ctx = ctx; mbedtls_ecdsa_restart_free( &rs_ctx->ecdsa_rs ); mbedtls_ecdsa_free( &rs_ctx->ecdsa_ctx ); - mbedtls_free( ctx ); } static int eckey_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - const unsigned char *sig, size_t sig_len, - void *rs_ctx ) + const unsigned char *hash, size_t hash_len, + const unsigned char *sig, size_t sig_len, + void *rs_ctx ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; eckey_restart_ctx *rs = rs_ctx; - /* Should never happen */ if( rs == NULL ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - /* set up our own sub-context if needed (that is, on first run) */ if( rs->ecdsa_ctx.grp.pbits == 0 ) MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) ); - MBEDTLS_MPI_CHK( ecdsa_verify_rs_wrap( &rs->ecdsa_ctx, md_alg, hash, hash_len, sig, sig_len, &rs->ecdsa_rs ) ); - cleanup: return( ret ); } static int eckey_sign_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - void *rs_ctx ) + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t *sig_len, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, void *rs_ctx ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; eckey_restart_ctx *rs = rs_ctx; - /* Should never happen */ - if( rs == NULL ) + if( !rs ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - /* set up our own sub-context if needed (that is, on first run) */ if( rs->ecdsa_ctx.grp.pbits == 0 ) MBEDTLS_MPI_CHK( mbedtls_ecdsa_from_keypair( &rs->ecdsa_ctx, ctx ) ); - MBEDTLS_MPI_CHK( ecdsa_sign_rs_wrap( &rs->ecdsa_ctx, md_alg, hash, hash_len, sig, sig_len, f_rng, p_rng, &rs->ecdsa_rs ) ); @@ -438,7 +428,7 @@ static int ecdsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, const unsigned char *sig, size_t sig_len ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; ((void) md_alg); ret = mbedtls_ecdsa_read_signature( (mbedtls_ecdsa_context *) ctx, hash, hash_len, sig, sig_len ); @@ -462,7 +452,7 @@ static int ecdsa_verify_rs_wrap( void *ctx, mbedtls_md_type_t md_alg, const unsigned char *sig, size_t sig_len, void *rs_ctx ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; ((void) md_alg); ret = mbedtls_ecdsa_read_signature_restartable( @@ -596,7 +586,7 @@ static int rsa_alt_check_pair( const void *pub, const void *prv ) unsigned char sig[MBEDTLS_MPI_MAX_SIZE]; unsigned char hash[32]; size_t sig_len = 0; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; if( rsa_alt_get_bitlen( prv ) != rsa_get_bitlen( pub ) ) return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); memset( hash, 0x2a, sizeof( hash ) ); @@ -619,7 +609,7 @@ static void *rsa_alt_alloc_wrap( void ) { void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_alt_context ) ); if( ctx != NULL ) - memset( ctx, 0, sizeof( mbedtls_rsa_alt_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_rsa_alt_context ) ); return( ctx ); } diff --git a/third_party/mbedtls/pkcs5.c b/third_party/mbedtls/pkcs5.c index dada0c77f..9f7007770 100644 --- a/third_party/mbedtls/pkcs5.c +++ b/third_party/mbedtls/pkcs5.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "third_party/mbedtls/asn1.h" #include "third_party/mbedtls/cipher.h" #include "third_party/mbedtls/common.h" @@ -49,7 +66,7 @@ static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params, mbedtls_asn1_buf *salt, int *iterations, int *keylen, mbedtls_md_type_t *md_type ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_asn1_buf prf_alg_oid; unsigned char *p = params->p; const unsigned char *end = params->p + params->len; @@ -216,7 +233,7 @@ int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, unsigned int iteration_count, uint32_t key_length, unsigned char *output ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; int j; unsigned int i; unsigned char md1[MBEDTLS_MD_MAX_SIZE]; diff --git a/third_party/mbedtls/pkparse.c b/third_party/mbedtls/pkparse.c index 028a526c9..ef2b2c7bb 100644 --- a/third_party/mbedtls/pkparse.c +++ b/third_party/mbedtls/pkparse.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "libc/calls/calls.h" #include "third_party/mbedtls/asn1.h" #include "third_party/mbedtls/common.h" @@ -125,7 +142,7 @@ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n ) int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, const char *path, const char *pwd ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t n; unsigned char *buf; PK_VALIDATE_RET( ctx != NULL ); @@ -160,7 +177,7 @@ int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, */ int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t n; unsigned char *buf; PK_VALIDATE_RET( ctx != NULL ); @@ -186,7 +203,7 @@ int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path ) static int pk_get_ecparams( unsigned char **p, const unsigned char *end, mbedtls_asn1_buf *params ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; if ( end - *p < 1 ) return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA ); @@ -235,7 +252,7 @@ static int pk_get_ecparams( unsigned char **p, const unsigned char *end, */ static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char *p = params->p; const unsigned char * const end = params->p + params->len; const unsigned char *end_field, *end_curve; @@ -392,7 +409,7 @@ cleanup: static int pk_group_id_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_group_id *grp_id ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_ecp_group grp; mbedtls_ecp_group_init( &grp ); @@ -419,7 +436,7 @@ cleanup: */ static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_ecp_group_id grp_id; if( params->tag == MBEDTLS_ASN1_OID ) @@ -459,7 +476,7 @@ static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *g static int pk_get_ecpubkey( unsigned char **p, const unsigned char *end, mbedtls_ecp_keypair *key ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; if( ( ret = mbedtls_ecp_point_read_binary( &key->grp, &key->Q, (const unsigned char *) *p, end - *p ) ) == 0 ) @@ -487,7 +504,7 @@ static int pk_get_rsapubkey( unsigned char **p, const unsigned char *end, mbedtls_rsa_context *rsa ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len; if( ( ret = mbedtls_asn1_get_tag( p, end, &len, @@ -542,10 +559,10 @@ static int pk_get_pk_alg( unsigned char **p, const unsigned char *end, mbedtls_pk_type_t *pk_alg, mbedtls_asn1_buf *params ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_asn1_buf alg_oid; - memset( params, 0, sizeof(mbedtls_asn1_buf) ); + mbedtls_platform_zeroize( params, sizeof(mbedtls_asn1_buf) ); if( ( ret = mbedtls_asn1_get_alg( p, end, &alg_oid, params ) ) != 0 ) return( MBEDTLS_ERR_PK_INVALID_ALG + ret ); @@ -583,7 +600,7 @@ static int pk_get_pk_alg( unsigned char **p, int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end, mbedtls_pk_context *pk ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len; mbedtls_asn1_buf alg_params; mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; @@ -835,7 +852,7 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck, const unsigned char *key, size_t keylen ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; int version, pubkey_done; size_t len; mbedtls_asn1_buf params; @@ -1213,7 +1230,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, const unsigned char *key, size_t keylen, const unsigned char *pwd, size_t pwdlen ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; const mbedtls_pk_info_t *pk_info; #if defined(MBEDTLS_PEM_PARSE_C) size_t len; @@ -1443,7 +1460,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, const unsigned char *key, size_t keylen ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char *p; #if defined(MBEDTLS_RSA_C) const mbedtls_pk_info_t *pk_info; diff --git a/third_party/mbedtls/pkwrite.c b/third_party/mbedtls/pkwrite.c index 130f2d857..0e3d1783e 100644 --- a/third_party/mbedtls/pkwrite.c +++ b/third_party/mbedtls/pkwrite.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "third_party/mbedtls/asn1write.h" #include "third_party/mbedtls/bignum.h" #include "third_party/mbedtls/common.h" @@ -54,7 +71,7 @@ asm(".include \"libc/disclaimer.inc\""); static int pk_write_rsa_pubkey( unsigned char **p, unsigned char *start, mbedtls_rsa_context *rsa ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len = 0; mbedtls_mpi T; @@ -93,7 +110,7 @@ end_of_export: static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start, mbedtls_ecp_keypair *ec ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len = 0; unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN]; @@ -121,7 +138,7 @@ static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start, static int pk_write_ec_param( unsigned char **p, unsigned char *start, mbedtls_ecp_keypair *ec ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len = 0; const char *oid; size_t oid_len; @@ -140,7 +157,7 @@ static int pk_write_ec_param( unsigned char **p, unsigned char *start, static int pk_write_ec_private( unsigned char **p, unsigned char *start, mbedtls_ecp_keypair *ec ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t byte_length = ( ec->grp.pbits + 7 ) / 8; unsigned char tmp[MBEDTLS_ECP_MAX_BYTES]; @@ -168,7 +185,7 @@ exit: int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start, const mbedtls_pk_context *key ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len = 0; PK_VALIDATE_RET( p != NULL ); @@ -229,7 +246,7 @@ int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start, */ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, size_t size ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char *c; size_t len = 0, par_len = 0, oid_len; mbedtls_pk_type_t pk_type; @@ -330,7 +347,7 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, si */ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_t size ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char *c; size_t len = 0; @@ -583,7 +600,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_ */ int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *key, unsigned char *buf, size_t size ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char output_buf[PUB_DER_MAX_BYTES]; size_t olen = 0; @@ -618,7 +635,7 @@ int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *key, unsigned char *buf, si */ int mbedtls_pk_write_key_pem( mbedtls_pk_context *key, unsigned char *buf, size_t size ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char *output_buf; const char *begin, *end; size_t olen = 0; diff --git a/third_party/mbedtls/platform.c b/third_party/mbedtls/platform.c index ebd4590ba..53d6504c1 100644 --- a/third_party/mbedtls/platform.c +++ b/third_party/mbedtls/platform.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "third_party/mbedtls/platform.h" int mbedtls_platform_setup(mbedtls_platform_context *ctx) { diff --git a/third_party/mbedtls/platform.h b/third_party/mbedtls/platform.h index 236f3c7e9..1dd97bd63 100644 --- a/third_party/mbedtls/platform.h +++ b/third_party/mbedtls/platform.h @@ -49,6 +49,13 @@ COSMOPOLITAN_C_START_ } \ } while (0) +#if IsModeDbg() +#define MBEDTLS_ASSERT(EXPR) \ + ((void)((EXPR) || (__assert_fail(#EXPR, __FILE__, __LINE__), 0))) +#else +#define MBEDTLS_ASSERT(EXPR) (void)0 +#endif + typedef struct mbedtls_platform_context { char dummy; } mbedtls_platform_context; diff --git a/third_party/mbedtls/poly1305.c b/third_party/mbedtls/poly1305.c index bb4fa574a..fe5786172 100644 --- a/third_party/mbedtls/poly1305.c +++ b/third_party/mbedtls/poly1305.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "libc/bits/bits.h" #include "libc/str/str.h" #include "third_party/mbedtls/common.h" @@ -411,7 +428,7 @@ int mbedtls_poly1305_mac( const unsigned char key[32], unsigned char mac[16] ) { mbedtls_poly1305_context ctx; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; POLY1305_VALIDATE_RET( key != NULL ); POLY1305_VALIDATE_RET( mac != NULL ); POLY1305_VALIDATE_RET( ilen == 0 || input != NULL ); @@ -520,7 +537,7 @@ int mbedtls_poly1305_self_test( int verbose ) { unsigned char mac[16]; unsigned i; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; for( i = 0U; i < 2U; i++ ) { diff --git a/third_party/mbedtls/profile.h b/third_party/mbedtls/profile.h new file mode 100644 index 000000000..75899a34a --- /dev/null +++ b/third_party/mbedtls/profile.h @@ -0,0 +1,44 @@ +#ifndef COSMOPOLITAN_THIRD_PARTY_MBEDTLS_PROFILE_H_ +#define COSMOPOLITAN_THIRD_PARTY_MBEDTLS_PROFILE_H_ +#include "libc/bits/safemacros.internal.h" +#include "libc/log/log.h" +#include "libc/nexgen32e/bench.h" +#include "libc/nexgen32e/rdtsc.h" +#include "libc/time/time.h" +#if 1 + +#define START() \ + { \ + volatile uint64_t Time = __startbench() +#define STOP(x) \ + fprintf(stderr, "PROFILE %,10ldc %s\n", \ + unsignedsubtract(__endbench(), Time), #x); \ + } + +#define PROFILE(x) \ + ({ \ + typeof(x) Res; \ + START(); \ + Res = (x); \ + STOP(x); \ + Res; \ + }) +#define PROFILS(x) \ + do { \ + START(); \ + x; \ + STOP(x); \ + } while (0) +#define PRINT() \ + fprintf(stderr, "PRINT %s called by %s\n", __FUNCTION__, GetCallerName(0)) + +#else + +#define PRINT() ((void)0) +#define PROFILE(x) x +#define PROFILS(x) x +#define START() ((void)0) +#define STOP(x) ((void)0) + +#endif +#endif /* COSMOPOLITAN_THIRD_PARTY_MBEDTLS_PROFILE_H_ */ diff --git a/third_party/mbedtls/rando.c b/third_party/mbedtls/rando.c index 96f1cc444..77f5b07bd 100644 --- a/third_party/mbedtls/rando.c +++ b/third_party/mbedtls/rando.c @@ -16,6 +16,7 @@ │ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ │ PERFORMANCE OF THIS SOFTWARE. │ ╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/nexgen32e/x86feature.h" #include "libc/rand/rand.h" #include "libc/sysv/consts/grnd.h" #include "third_party/mbedtls/entropy_poll.h" diff --git a/third_party/mbedtls/rsa.c b/third_party/mbedtls/rsa.c index 61064fd42..c4a75b0d9 100644 --- a/third_party/mbedtls/rsa.c +++ b/third_party/mbedtls/rsa.c @@ -1,9 +1,28 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "libc/rand/rand.h" +#include "libc/runtime/runtime.h" #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/error.h" #include "third_party/mbedtls/md.h" #include "third_party/mbedtls/oid.h" #include "third_party/mbedtls/platform.h" +#include "third_party/mbedtls/profile.h" #include "third_party/mbedtls/rsa.h" #include "third_party/mbedtls/rsa_internal.h" #include "third_party/mbedtls/sha1.h" @@ -83,7 +102,7 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx, const mbedtls_mpi *P, const mbedtls_mpi *Q, const mbedtls_mpi *D, const mbedtls_mpi *E ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; RSA_VALIDATE_RET( ctx != NULL ); if( ( N != NULL && ( ret = mbedtls_mpi_copy( &ctx->N, N ) ) != 0 ) || @@ -386,7 +405,7 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, mbedtls_mpi *D, mbedtls_mpi *E ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; int is_priv; RSA_VALIDATE_RET( ctx != NULL ); @@ -430,7 +449,7 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; int is_priv; RSA_VALIDATE_RET( ctx != NULL ); @@ -474,7 +493,7 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx, RSA_VALIDATE( ctx != NULL ); RSA_VALIDATE( padding == MBEDTLS_RSA_PKCS_V15 || padding == MBEDTLS_RSA_PKCS_V21 ); - memset( ctx, 0, sizeof( mbedtls_rsa_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_rsa_context ) ); mbedtls_rsa_set_padding( ctx, padding, hash_id ); } @@ -511,11 +530,11 @@ size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ) * FIPS 186-4 if 2^16 < exponent < 2^256 and nbits = 2048 or nbits = 3072. */ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - unsigned int nbits, int exponent ) + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + unsigned int nbits, int exponent ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_mpi H, G, L; int prime_quality = 0; RSA_VALIDATE_RET( ctx != NULL ); @@ -571,7 +590,7 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, /* check GCD( E, (P-1)*(Q-1) ) == 1 (FIPS 186-4 §B.3.1 criterion 2(a)) */ MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->E, &H ) ); - if( mbedtls_mpi_cmp_int( &G, 1 ) != 0 ) + if( !mbedtls_mpi_is_one( &G ) ) continue; /* compute smallest possible D = E^-1 mod LCM(P-1, Q-1) (FIPS 186-4 §B.3.1 criterion 3(b)) */ @@ -709,15 +728,15 @@ int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, * Do an RSA public key operation */ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, - const unsigned char *input, - unsigned char *output ) + const unsigned char *input, + unsigned char *output ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t olen; mbedtls_mpi T; - RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( input != NULL ); - RSA_VALIDATE_RET( output != NULL ); + RSA_VALIDATE_RET( ctx ); + RSA_VALIDATE_RET( input ); + RSA_VALIDATE_RET( output ); if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -745,6 +764,10 @@ cleanup: return( 0 ); } +/* + * TODO(jart): Why is MbedTLS release source so different from Git source? + * This function takes 806us to execute. + */ /* * Generate or update blinding values, see section 10 of: * KOCHER, Paul C. Timing attacks on implementations of Diffie-Hellman, RSA, @@ -752,13 +775,12 @@ cleanup: * Berlin Heidelberg, 1996. p. 104-113. */ static int rsa_prepare_blinding( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) { int ret, count = 0; mbedtls_mpi R; - mbedtls_mpi_init( &R ); - if( ctx->Vf.p != NULL ) { /* We already have blinding values, just update them by squaring */ @@ -766,10 +788,8 @@ static int rsa_prepare_blinding( mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &ctx->Vf ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->N ) ); - goto cleanup; } - /* Unblinding value: Vf = random number, invertible mod N */ do { if( count++ > 10 ) @@ -777,14 +797,11 @@ static int rsa_prepare_blinding( mbedtls_rsa_context *ctx, ret = MBEDTLS_ERR_RSA_RNG_FAILED; goto cleanup; } - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->Vf, ctx->len - 1, f_rng, p_rng ) ); - /* Compute Vf^-1 as R * (R Vf)^-1 to avoid leaks from inv_mod. */ MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, ctx->len - 1, f_rng, p_rng ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vf, &R ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) ); - /* At this point, Vi is invertible mod N if and only if both Vf and R * are invertible mod N. If one of them isn't, we don't need to know * which one, we just loop and choose new values for both of them. @@ -792,21 +809,15 @@ static int rsa_prepare_blinding( mbedtls_rsa_context *ctx, ret = mbedtls_mpi_inv_mod( &ctx->Vi, &ctx->Vi, &ctx->N ); if( ret != 0 && ret != MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ) goto cleanup; - } while( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE ); - /* Finish the computation of Vf^-1 = R * (R Vf)^-1 */ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &R ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) ); - /* Blinding value: Vi = Vf^(-e) mod N * (Vi already contains Vf^-1 at this point) */ MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->Vi, &ctx->Vi, &ctx->E, &ctx->N, &ctx->RN ) ); - - cleanup: mbedtls_mpi_free( &R ); - return( ret ); } @@ -840,7 +851,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, const unsigned char *input, unsigned char *output ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t olen; /* Temporary holding the result */ @@ -922,6 +933,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, if( f_rng != NULL ) { + /* * Blinding * T = T * Vi mod N @@ -947,6 +959,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &D_blind, &D_blind, &ctx->D ) ); D = &D_blind; + #else /* * DP_blind = ( P - 1 ) * R + DP @@ -956,7 +969,6 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DP_blind, &P1, &R ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &DP_blind, &DP_blind, &ctx->DP ) ); - DP = &DP_blind; /* @@ -969,19 +981,20 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, &ctx->DQ ) ); DQ = &DQ_blind; + #endif /* MBEDTLS_RSA_NO_CRT */ } #if defined(MBEDTLS_RSA_NO_CRT) MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T, &T, D, &ctx->N, &ctx->RN ) ); #else + /* * Faster decryption using the CRT * * TP = input ^ dP mod P * TQ = input ^ dQ mod Q */ - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &TP, &T, DP, &ctx->P, &ctx->RP ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &TQ, &T, DQ, &ctx->Q, &ctx->RQ ) ); @@ -1071,7 +1084,7 @@ static int mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, size_t i, use_len; int ret = 0; - memset( mask, 0, MBEDTLS_MD_MAX_SIZE ); + mbedtls_platform_zeroize( mask, MBEDTLS_MD_MAX_SIZE ); memset( counter, 0, 4 ); hlen = mbedtls_md_get_size( md_ctx->md_info ); @@ -1121,7 +1134,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, unsigned char *output ) { size_t olen; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char *p = output; unsigned int hlen; const mbedtls_md_info_t *md_info; @@ -1151,7 +1164,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, if( ilen + 2 * hlen + 2 < ilen || olen < ilen + 2 * hlen + 2 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - memset( output, 0, olen ); + mbedtls_platform_zeroize( output, olen ); *p++ = 0; @@ -1207,7 +1220,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, unsigned char *output ) { size_t nb_pad, olen; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char *p = output; RSA_VALIDATE_RET( ctx != NULL ); @@ -1316,7 +1329,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, unsigned char *output, size_t output_max_len ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t ilen, i, pad_len; unsigned char *p, bad, pad_done; unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; @@ -1449,12 +1462,13 @@ cleanup: } #if defined(MBEDTLS_PKCS1_V15) -/** Turn zero-or-nonzero into zero-or-all-bits-one, without branches. +/** + * Does -!!value without branches. * * \param value The value to analyze. * \return Zero if \p value is zero, otherwise all-bits-one. */ -static unsigned all_or_nothing_int( unsigned value ) +forceinline unsigned all_or_nothing_int( unsigned value ) { /* MSVC has a warning about unary minus on unsigned, but this is * well-defined and precisely what we want to do here */ @@ -1478,7 +1492,7 @@ static unsigned all_or_nothing_int( unsigned value ) * \return \c 0 if `size <= max`. * \return \c 1 if `size > max`. */ -static unsigned size_greater_than( size_t size, size_t max ) +forceinline unsigned size_greater_than( size_t size, size_t max ) { /* Return the sign bit (1 for negative) of (max - size). */ return( ( max - size ) >> ( sizeof( size_t ) * 8 - 1 ) ); @@ -1494,13 +1508,15 @@ static unsigned size_greater_than( size_t size, size_t max ) * \param if0 Value to use if \p cond is zero. * \return \c if1 if \p cond is nonzero, otherwise \c if0. */ -static unsigned if_int( unsigned cond, unsigned if1, unsigned if0 ) +forceinline unsigned if_int( unsigned cond, unsigned if1, unsigned if0 ) { unsigned mask = all_or_nothing_int( cond ); - return( ( mask & if1 ) | (~mask & if0 ) ); + return( ( CONCEAL( "r", mask ) & if1 ) | + ( CONCEAL( "r", ~mask ) & if0 ) ); } -/** Shift some data towards the left inside a buffer without leaking +/** + * Shift some data towards the left inside a buffer without leaking * the length of the data through side channels. * * `mem_move_to_left(start, total, offset)` is functionally equivalent to @@ -1551,7 +1567,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, unsigned char *output, size_t output_max_len ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t ilen, i, plaintext_max_size; unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; /* The following variables take sensitive values: their value must @@ -1766,7 +1782,7 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, unsigned char *p = sig; unsigned char salt[MBEDTLS_MD_MAX_SIZE]; size_t slen, min_slen, hlen, offset = 0; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t msb; const mbedtls_md_info_t *md_info; mbedtls_md_context_t md_ctx; @@ -1816,7 +1832,7 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, else slen = olen - hlen - 2; - memset( sig, 0, olen ); + mbedtls_platform_zeroize( sig, olen ); /* Generate salt of length slen */ if( ( ret = f_rng( p_rng, salt, slen ) ) != 0 ) @@ -2020,7 +2036,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, const unsigned char *hash, unsigned char *sig ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char *sig_try = NULL, *verif = NULL; RSA_VALIDATE_RET( ctx != NULL ); @@ -2141,7 +2157,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, int expected_salt_len, const unsigned char *sig ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t siglen; unsigned char *p; unsigned char *hash_start; @@ -2437,7 +2453,7 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, */ int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; RSA_VALIDATE_RET( dst != NULL ); RSA_VALIDATE_RET( src != NULL ); diff --git a/third_party/mbedtls/rsa_internal.c b/third_party/mbedtls/rsa_internal.c index 9edab3c81..396f8f59f 100644 --- a/third_party/mbedtls/rsa_internal.c +++ b/third_party/mbedtls/rsa_internal.c @@ -1,5 +1,23 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "third_party/mbedtls/bignum.h" #include "third_party/mbedtls/common.h" +#include "third_party/mbedtls/profile.h" #include "third_party/mbedtls/rsa.h" #include "third_party/mbedtls/rsa_internal.h" @@ -138,7 +156,7 @@ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, /* Check if gcd(K,N) = 1 */ MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) ); - if( mbedtls_mpi_cmp_int( P, 1 ) != 0 ) + if( !mbedtls_mpi_is_one( P ) ) continue; /* Go through K^T + 1, K^(2T) + 1, K^(4T) + 1, ... @@ -151,7 +169,7 @@ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, { /* If we reach 1 prematurely, there's no point * in continuing to square K */ - if( mbedtls_mpi_cmp_int( &K, 1 ) == 0 ) + if( mbedtls_mpi_is_one( &K ) ) break; MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &K, &K, 1 ) ); @@ -181,7 +199,7 @@ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, * Check if that's the case and abort if not, to avoid very long, * yet eventually failing, computations if N,D,E were not sane. */ - if( mbedtls_mpi_cmp_int( &K, 1 ) != 0 ) + if( !mbedtls_mpi_is_one( &K ) ) { break; } diff --git a/third_party/mbedtls/secp256r1.c b/third_party/mbedtls/secp256r1.c new file mode 100644 index 000000000..53ad1f62d --- /dev/null +++ b/third_party/mbedtls/secp256r1.c @@ -0,0 +1,211 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ │ +│ Permission to use, copy, modify, and/or distribute this software for │ +│ any purpose with or without fee is hereby granted, provided that the │ +│ above copyright notice and this permission notice appear in all copies. │ +│ │ +│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ +│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ +│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ +│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ +│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ +│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ +│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ +│ PERFORMANCE OF THIS SOFTWARE. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/log/check.h" +#include "third_party/mbedtls/bignum.h" +#include "third_party/mbedtls/math.h" +#include "third_party/mbedtls/platform.h" + +#define Q(i) p[i >> 1] +#define L(w) (w & 0x00000000ffffffff) +#define H(w) (w & 0xffffffff00000000) + +/** + * Fastest quasi-reduction modulo NIST P-256. + * + * p = 2²⁵⁶ - 2²²⁴ + 2¹⁹² + 2⁹⁶ - 1 + * B = T + 2×S₁ + 2×S₂ + S₃ + S₄ – D₁ – D₂ – D₃ – D₄ mod p + * T = ( A₇ ‖ A₆ ‖ A₅ ‖ A₄ ‖ A₃ ‖ A₂ ‖ A₁ ‖ A₀ ) + * S₁ = ( A₁₅ ‖ A₁₄ ‖ A₁₃ ‖ A₁₂ ‖ A₁₁ ‖ 0 ‖ 0 ‖ 0 ) + * S₂ = ( 0 ‖ A₁₅ ‖ A₁₄‖ A₁₃ ‖ A₁₂ ‖ 0 ‖ 0 ‖ 0 ) + * S₃ = ( A₁₅ ‖ A₁₄ ‖ 0 ‖ 0 ‖ 0 ‖ A₁₀ ‖ A₉ ‖ A₈ ) + * S₄ = ( A₈ ‖ A₁₃ ‖ A₁₅ ‖ A₁₄ ‖ A₁₃ ‖ A₁₁ ‖ A₁₀ ‖ A₉ ) + * D₁ = ( A₁₀ ‖ A₈ ‖ 0 ‖ 0 ‖ 0 ‖ A₁₃ ‖ A₁₂ ‖ A₁₁ ) + * D₂ = ( A₁₁ ‖ A₉ ‖ 0 ‖ 0 ‖ A₁₅ ‖ A₁₄ ‖ A₁₃ ‖ A₁₂ ) + * D₃ = ( A₁₂ ‖ 0 ‖ A₁₀ ‖ A₉ ‖ A₈ ‖ A₁₅ ‖ A₁₄ ‖ A₁₃ ) + * D₄ = ( A₁₃ ‖ 0 ‖ A₁₁ ‖ A₁₀ ‖ A₉ ‖ 0 ‖ A₁₅ ‖ A₁₄ ) + * + * @see FIPS 186-3 §D.2.3 + */ +void secp256r1(uint64_t p[8]) { + int r; + char o; + signed char E; + uint64_t A, B, C, D, a, b, c, d, e; + A = Q(0); + B = Q(2); + C = Q(4); + D = Q(6); + E = 0; +#if !defined(__x86_64__) || defined(__STRICT_ANSI__) + ADC(B, B, H(Q(10)) << 1, 0, o); + ADC(C, C, Q(12) << 1 | Q(10) >> 63, o, o); + ADC(D, D, Q(14) << 1 | Q(12) >> 63, o, o); + E += o + (Q(14) >> 63); + ADC(B, B, Q(12) << 33, 0, o); + ADC(C, C, Q(14) << 33 | Q(12) >> 31, o, o); + ADC(D, D, Q(14) >> 31, o, o); + E += o; + ADC(A, A, Q(8), 0, o); + ADC(B, B, L(Q(10)), o, o); + ADC(C, C, 0, o, o); + ADC(D, D, Q(14), o, o); + E += o; + ADC(A, A, Q(10) << 32 | Q(8) >> 32, 0, o); + ADC(B, B, H(Q(12)) | Q(10) >> 32, o, o); + ADC(C, C, Q(14), o, o); + ADC(D, D, Q(8) << 32 | Q(12) >> 32, o, o); + E += o; + SBB(A, A, Q(12) << 32 | Q(10) >> 32, 0, o); + SBB(B, B, Q(12) >> 32, o, o); + SBB(C, C, 0, o, o); + SBB(D, D, Q(10) << 32 | L(Q(8)), o, o); + E -= o; + SBB(A, A, Q(12), 0, o); + SBB(B, B, Q(14), o, o); + SBB(C, C, 0, o, o); + SBB(D, D, H(Q(10)) | Q(8) >> 32, o, o); + E -= o; + SBB(A, A, Q(14) << 32 | Q(12) >> 32, 0, o); + SBB(B, B, Q(8) << 32 | Q(14) >> 32, o, o); + SBB(C, C, Q(10) << 32 | Q(8) >> 32, o, o); + SBB(D, D, Q(12) << 32, o, o); + E -= o; + SBB(A, A, Q(14), 0, o); + SBB(B, B, H(Q(8)), o, o); + SBB(C, C, Q(10), o, o); + SBB(D, D, H(Q(12)), o, o); + E -= o; +#else + asm volatile(/* x += 2 × ( A₁₅ ‖ A₁₄ ‖ A₁₃ ‖ A₁₂ ‖ A₁₁ ‖ 0 ‖ 0 ‖ 0 ) */ + "mov\t11*4(%8),%k5\n\t" + "mov\t12*4(%8),%6\n\t" + "mov\t14*4(%8),%7\n\t" + "shl\t$33,%5\n\t" + "rcl\t%6\n\t" + "rcl\t%7\n\t" + "adc\t$0,%b4\n\t" + "add\t%5,%1\n\t" + "adc\t%6,%2\n\t" + "adc\t%7,%3\n\t" + "adc\t$0,%b4\n\t" + /* x += 2 × ( 0 ‖ A₁₅ ‖ A₁₄‖ A₁₃ ‖ A₁₂ ‖ 0 ‖ 0 ‖ 0 ) */ + "mov\t12*4(%8),%k5\n\t" + "mov\t13*4(%8),%6\n\t" + "mov\t15*4(%8),%k7\n\t" + "shl\t$33,%5\n\t" + "rcl\t%6\n\t" + "rcl\t%7\n\t" + "add\t%5,%1\n\t" + "adc\t%6,%2\n\t" + "adc\t%7,%3\n\t" + /* x += ( A₁₅ ‖ A₁₄ ‖ 0 ‖ 0 ‖ 0 ‖ A₁₀ ‖ A₉ ‖ A₈ ) */ + "mov\t10*4(%8),%k5\n\t" + "add\t8*4(%8),%0\n\t" + "adc\t%5,%1\n\t" + "adc\t$0,%2\n\t" + "adc\t14*4(%8),%3\n\t" + "adc\t$0,%b4\n\t" + /* x += ( A₈ ‖ A₁₃ ‖ A₁₅ ‖ A₁₄ ‖ A₁₃ ‖ A₁₁ ‖ A₁₀ ‖ A₉ ) */ + "mov\t8*4(%8),%k7\n\t" /* A₈ ‖ A₁₃ */ + "mov\t13*4(%8),%k5\n\t" /* ... */ + "shl\t$32,%7\n\t" /* ... */ + "or\t%5,%7\n\t" /* ... */ + "shl\t$32,%5\n\t" /* A₁₃ ‖ A₁₁ */ + "mov\t11*4(%8),%k6\n\t" /* ... */ + "or\t%6,%5\n\t" /* ... */ + "add\t9*4(%8),%0\n\t" /* A₁₀ ‖ A₉ */ + "adc\t%5,%1\n\t" /* ... */ + "adc\t14*4(%8),%2\n\t" /* A₁₅ ‖ A₁₄ */ + "adc\t%7,%3\n\t" + "adc\t$0,%b4\n\t" + /* x -= ( A₁₀ ‖ A₈ ‖ 0 ‖ 0 ‖ 0 ‖ A₁₃ ‖ A₁₂ ‖ A₁₁ ) */ + "mov\t10*4(%8),%k6\n\t" + "mov\t8*4(%8),%k7\n\t" + "shl\t$32,%6\n\t" + "or\t%6,%7\n\t" + "mov\t13*4(%8),%k5\n\t" + "sub\t11*4(%8),%0\n\t" + "sbb\t%5,%1\n\t" + "sbb\t$0,%2\n\t" + "sbb\t%7,%3\n\t" + "sbb\t$0,%b4\n\t" + /* x -= ( A₁₁ ‖ A₉ ‖ 0 ‖ 0 ‖ A₁₅ ‖ A₁₄ ‖ A₁₃ ‖ A₁₂ ) */ + "mov\t11*4(%8),%k6\n\t" + "mov\t9*4(%8),%k7\n\t" + "shl\t$32,%6\n\t" + "or\t%6,%7\n\t" + "sub\t12*4(%8),%0\n\t" + "sbb\t14*4(%8),%1\n\t" + "sbb\t$0,%2\n\t" + "sbb\t%7,%3\n\t" + "sbb\t$0,%b4\n\t" + /* x -= ( A₁₂ ‖ 0 ‖ A₁₀ ‖ A₉ ‖ A₈ ‖ A₁₅ ‖ A₁₄ ‖ A₁₃ ) */ + "mov\t12*4(%8),%k7\n\t" + "shl\t$32,%7\n\t" + "mov\t15*4(%8),%k6\n\t" + "mov\t8*4(%8),%k5\n\t" + "shl\t$32,%5\n\t" + "or\t%5,%6\n\t" + "sub\t13*4(%8),%0\n\t" + "sbb\t%6,%1\n\t" + "sbb\t9*4(%8),%2\n\t" + "sbb\t%7,%3\n\t" + "sbb\t$0,%b4\n\t" + /* x -= ( A₁₃ ‖ 0 ‖ A₁₁ ‖ A₁₀ ‖ A₉ ‖ 0 ‖ A₁₅ ‖ A₁₄ ) */ + "mov\t9*4(%8),%k6\n\t" + "shl\t$32,%6\n\t" + "mov\t13*4(%8),%k5\n\t" + "shl\t$32,%5\n\t" + "sub\t14*4(%8),%0\n\t" + "sbb\t%6,%1\n\t" + "sbb\t10*4(%8),%2\n\t" + "sbb\t%5,%3\n\t" + "sbb\t$0,%b4\n\t" + : "+r"(A), "+r"(B), "+r"(C), "+r"(D), "+&q"(E), "=&r"(b), + "=&r"(c), "=&r"(d) + : "r"(p) + : "memory"); +#endif + p[0] = A; + p[1] = B; + p[2] = C; + p[3] = D; + p[4] = E; + p[5] = 0; + p[6] = 0; + p[7] = 0; +} + +int ecp_mod_p256(mbedtls_mpi *N) { + int r; + char o; + if (N->n < 8 && (r = mbedtls_mpi_grow(N, 8))) return r; + secp256r1(N->p); + if ((int64_t)N->p[4] < 0) { + N->s = -1; + SBB(N->p[0], 0, N->p[0], 0, o); + SBB(N->p[1], 0, N->p[1], o, o); + SBB(N->p[2], 0, N->p[2], o, o); + SBB(N->p[3], 0, N->p[3], o, o); + N->p[4] = 0 - (N->p[4] + o); + } else { + N->s = 1; + } + return 0; +} diff --git a/third_party/mbedtls/secp384r1.c b/third_party/mbedtls/secp384r1.c new file mode 100644 index 000000000..96652c43e --- /dev/null +++ b/third_party/mbedtls/secp384r1.c @@ -0,0 +1,251 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ │ +│ Permission to use, copy, modify, and/or distribute this software for │ +│ any purpose with or without fee is hereby granted, provided that the │ +│ above copyright notice and this permission notice appear in all copies. │ +│ │ +│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ +│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ +│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ +│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ +│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ +│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ +│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ +│ PERFORMANCE OF THIS SOFTWARE. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/log/check.h" +#include "third_party/mbedtls/bignum.h" +#include "third_party/mbedtls/ecp_internal.h" +#include "third_party/mbedtls/math.h" + +#define Q(i) p[i >> 1] + +/** + * Fastest quasi-reduction modulo Prime 384. + * + * p = 2³⁸⁴ – 2¹²⁸ – 2⁶ + 2³² – 1 + * B = T + 2×S₁ + S₂ + S₃ + S₄ + S₅ + S₆ – D₁ – D₂ – D₃ mod p + * T = (A₁₁‖A₁₀‖A₉ ‖A₈ ‖A₇ ‖A₆ ‖A₅ ‖A₄ ‖A₃ ‖A₂ ‖A₁ ‖A₀ ) + * S₁ = (0 ‖0 ‖0 ‖0 ‖0 ‖A₂₃‖A₂₂‖A₂₁‖0 ‖0 ‖0 ‖0 ) + * S₂ = (A₂₃‖A₂₂‖A₂₁‖A₂₀‖A₁₉‖A₁₈‖A₁₇‖A₁₆‖A₁₅‖A₁₄‖A₁₃‖A₁₂) + * S₃ = (A₂₀‖A₁₉‖A₁₈‖A₁₇‖A₁₆‖A₁₅‖A₁₄‖A₁₃‖A₁₂‖A₂₃‖A₂₂‖A₂₁) + * S₄ = (A₁₉‖A₁₈‖A₁₇‖A₁₆‖A₁₅‖A₁₄‖A₁₃‖A₁₂‖A₂₀‖0 ‖A₂₃‖0 ) + * S₅ = (0 ‖0 ‖0 ‖0 ‖A₂₃‖A₂₂‖A₂₁‖A₂₀‖0 ‖0 ‖0 ‖0 ) + * S₆ = (0 ‖0 ‖0 ‖0 ‖0 ‖0 ‖A₂₃‖A₂₂‖A₂₁‖0 ‖0 ‖A₂₀) + * D₁ = (A₂₂‖A₂₁‖A₂₀‖A₁₉‖A₁₈‖A₁₇‖A₁₆‖A₁₅‖A₁₄‖A₁₃‖A₁₂‖A₂₃) + * D₂ = (0 ‖0 ‖0 ‖0 ‖0 ‖0 ‖0 ‖A₂₃‖A₂₂‖A₂₁‖A₂₀‖0 ) + * D₃ = (0 ‖0 ‖0 ‖0 ‖0 ‖0 ‖0 ‖A₂₃‖A₂₃‖0 ‖0 ‖0 ) + * + * @see FIPS 186-3 §D.2.4 + */ +void secp384r1(uint64_t p[12]) { + int r; + char o; + signed char G; + uint64_t A, B, C, D, E, F, a, b, c; + A = Q(0); + B = Q(2); + C = Q(4); + D = Q(6); + E = Q(8); + F = Q(10); + G = 0; +#if !defined(__x86_64__) || defined(__STRICT_ANSI__) + a = Q(22) << 32 | Q(21) >> 32; + b = Q(23) >> 32; + ADC(C, C, a << 1, 0, o); + ADC(D, D, (b << 1 | a >> 63), o, o); + ADC(E, E, (b >> 63), o, o); + ADC(F, F, o, o, o); + G += o; + ADC(A, A, Q(12), 0, o); + ADC(B, B, Q(14), o, o); + ADC(C, C, Q(16), o, o); + ADC(D, D, Q(18), o, o); + ADC(E, E, Q(20), o, o); + ADC(F, F, Q(22), o, o); + G += o; + ADC(A, A, Q(22) << 32 | Q(21) >> 32, 0, o); + ADC(B, B, Q(12) << 32 | Q(23) >> 32, o, o); + ADC(C, C, Q(14) << 32 | Q(13) >> 32, o, o); + ADC(D, D, Q(16) << 32 | Q(15) >> 32, o, o); + ADC(E, E, Q(18) << 32 | Q(17) >> 32, o, o); + ADC(F, F, Q(20) << 32 | Q(19) >> 32, o, o); + G += o; + ADC(A, A, Q(23) >> 32 << 32, 0, o); + ADC(B, B, Q(20) << 32, o, o); + ADC(C, C, Q(12), o, o); + ADC(D, D, Q(14), o, o); + ADC(E, E, Q(16), o, o); + ADC(F, F, Q(18), o, o); + G += o; + ADC(C, C, Q(20), 0, o); + ADC(D, D, Q(22), o, o); + ADC(E, E, 0, o, o); + ADC(F, F, 0, o, o); + G += o; + ADC(A, A, Q(20) & 0xffffffff, 0, o); + ADC(B, B, Q(21) >> 32 << 32, o, o); + ADC(C, C, Q(22), o, o); + ADC(D, D, 0, o, o); + ADC(E, E, 0, o, o); + ADC(F, F, 0, o, o); + G += o; + SBB(A, A, Q(12) << 32 | Q(23) >> 32, 0, o); + SBB(B, B, Q(14) << 32 | Q(13) >> 32, o, o); + SBB(C, C, Q(16) << 32 | Q(15) >> 32, o, o); + SBB(D, D, Q(18) << 32 | Q(17) >> 32, o, o); + SBB(E, E, Q(20) << 32 | Q(19) >> 32, o, o); + SBB(F, F, Q(22) << 32 | Q(21) >> 32, o, o); + G -= o; + SBB(A, A, Q(20) << 32, 0, o); + SBB(B, B, Q(22) << 32 | Q(21) >> 32, o, o); + SBB(C, C, Q(23) >> 32, o, o); + SBB(D, D, 0, o, o); + SBB(E, E, 0, o, o); + SBB(F, F, 0, o, o); + G -= o; + SBB(B, B, Q(23) >> 32 << 32, 0, o); + SBB(C, C, Q(23) >> 32, o, o); + SBB(D, D, 0, o, o); + SBB(E, E, 0, o, o); + SBB(F, F, 0, o, o); + G -= o; +#else + asm volatile(/* S₁ = (0 ‖0 ‖0 ‖0 ‖0 ‖A₂₃‖A₂₂‖A₂₁‖0 ‖0 ‖0 ‖0 ) */ + "mov\t21*4(%9),%7\n\t" + "mov\t23*4(%9),%k8\n\t" + "shl\t%7\n\t" + "rcl\t%8\n\t" + "add\t%7,%2\n\t" + "adc\t%8,%3\n\t" + "adc\t$0,%4\n\t" + "adc\t$0,%5\n\t" + "adc\t$0,%b6\n\t" + /* S₂ = (A₂₃‖A₂₂‖A₂₁‖A₂₀‖A₁₉‖A₁₈‖A₁₇‖A₁₆‖A₁₅‖A₁₄‖A₁₃‖A₁₂) */ + "add\t12*4(%9),%0\n\t" + "adc\t14*4(%9),%1\n\t" + "adc\t16*4(%9),%2\n\t" + "adc\t18*4(%9),%3\n\t" + "adc\t20*4(%9),%4\n\t" + "adc\t22*4(%9),%5\n\t" + "adc\t$0,%b6\n\t" + /* S₃ = (A₂₀‖A₁₉‖A₁₈‖A₁₇‖A₁₆‖A₁₅‖A₁₄‖A₁₃‖A₁₂‖A₂₃‖A₂₂‖A₂₁) */ + "mov\t12*4(%9),%k7\n\t" + "mov\t23*4(%9),%k8\n\t" + "shl\t$32,%7\n\t" + "or\t%7,%8\n\t" + "add\t21*4(%9),%0\n\t" + "adc\t%8,%1\n\t" + "adc\t13*4(%9),%2\n\t" + "adc\t15*4(%9),%3\n\t" + "adc\t17*4(%9),%4\n\t" + "adc\t19*4(%9),%5\n\t" + "adc\t$0,%b6\n\t" + /* S₄ = (A₁₉‖A₁₈‖A₁₇‖A₁₆‖A₁₅‖A₁₄‖A₁₃‖A₁₂‖A₂₀‖0 ‖A₂₃‖0 ) */ + "mov\t23*4(%9),%k7\n\t" + "mov\t20*4(%9),%k8\n\t" + "shl\t$32,%7\n\t" + "shl\t$32,%8\n\t" + "add\t%7,%0\n\t" + "adc\t%8,%1\n\t" + "adc\t12*4(%9),%2\n\t" + "adc\t14*4(%9),%3\n\t" + "adc\t16*4(%9),%4\n\t" + "adc\t18*4(%9),%5\n\t" + "adc\t$0,%b6\n\t" + /* S₅ = (0 ‖0 ‖0 ‖0 ‖A₂₃‖A₂₂‖A₂₁‖A₂₀‖0 ‖0 ‖0 ‖0 ) */ + "mov\t23*4(%9),%k7\n\t" + "mov\t20*4(%9),%k8\n\t" + "shl\t$32,%7\n\t" + "shl\t$32,%8\n\t" + "add\t20*4(%9),%2\n\t" + "adc\t22*4(%9),%3\n\t" + "adc\t$0,%4\n\t" + "adc\t$0,%5\n\t" + "adc\t$0,%b6\n\t" + /* S₆ = (0 ‖0 ‖0 ‖0 ‖0 ‖0 ‖A₂₃‖A₂₂‖A₂₁‖0 ‖0 ‖A₂₀) */ + "mov\t20*4(%9),%k7\n\t" + "mov\t21*4(%9),%k8\n\t" + "shl\t$32,%8\n\t" + "add\t%7,%0\n\t" + "adc\t%8,%1\n\t" + "adc\t22*4(%9),%2\n\t" + "adc\t$0,%3\n\t" + "adc\t$0,%4\n\t" + "adc\t$0,%5\n\t" + "adc\t$0,%b6\n\t" + /* D₁ = (A₂₂‖A₂₁‖A₂₀‖A₁₉‖A₁₈‖A₁₇‖A₁₆‖A₁₅‖A₁₄‖A₁₃‖A₁₂‖A₂₃) */ + "mov\t23*4(%9),%k7\n\t" + "mov\t12*4(%9),%k8\n\t" + "shl\t$32,%8\n\t" + "or\t%8,%7\n\t" + "sub\t%7,%0\n\t" + "sbb\t13*4(%9),%1\n\t" + "sbb\t15*4(%9),%2\n\t" + "sbb\t17*4(%9),%3\n\t" + "sbb\t19*4(%9),%4\n\t" + "sbb\t21*4(%9),%5\n\t" + "sbb\t$0,%b6\n\t" + /* D₂ = (0 ‖0 ‖0 ‖0 ‖0 ‖0 ‖0 ‖A₂₃‖A₂₂‖A₂₁‖A₂₀‖0 ) */ + "mov\t20*4(%9),%k7\n\t" + "mov\t23*4(%9),%k8\n\t" + "shl\t$32,%7\n\t" + "sub\t%7,%0\n\t" + "sbb\t21*4(%9),%1\n\t" + "sbb\t%8,%2\n\t" + "sbb\t$0,%3\n\t" + "sbb\t$0,%4\n\t" + "sbb\t$0,%5\n\t" + "sbb\t$0,%b6\n\t" + /* D₃ = (0 ‖0 ‖0 ‖0 ‖0 ‖0 ‖0 ‖A₂₃‖A₂₃‖0 ‖0 ‖0 ) */ + "mov\t23*4(%9),%k7\n\t" + "mov\t%k7,%k8\n\t" + "shl\t$32,%7\n\t" + "sub\t%7,%1\n\t" + "sbb\t%8,%2\n\t" + "sbb\t$0,%3\n\t" + "sbb\t$0,%4\n\t" + "sbb\t$0,%5\n\t" + "sbb\t$0,%b6\n\t" + : "+r"(A), "+r"(B), "+r"(C), "+r"(D), "+r"(E), "+r"(F), "+q"(G), + "=&r"(a), "=&r"(b) + : "r"(p) + : "memory"); +#endif + p[0] = A; + p[1] = B; + p[2] = C; + p[3] = D; + p[4] = E; + p[5] = F; + p[6] = G; + p[7] = 0; + p[8] = 0; + p[9] = 0; + p[10] = 0; + p[11] = 0; +} + +int ecp_mod_p384(mbedtls_mpi *N) { + int r; + char o; + if (N->n < 12 && (r = mbedtls_mpi_grow(N, 12))) return r; + secp384r1(N->p); + if ((int64_t)N->p[6] < 0) { + N->s = -1; + SBB(N->p[0], 0, N->p[0], 0, o); + SBB(N->p[1], 0, N->p[1], o, o); + SBB(N->p[2], 0, N->p[2], o, o); + SBB(N->p[3], 0, N->p[3], o, o); + SBB(N->p[4], 0, N->p[4], o, o); + SBB(N->p[5], 0, N->p[5], o, o); + N->p[6] = 0 - (N->p[6] + o); + } else { + N->s = 1; + } + return 0; +} diff --git a/third_party/mbedtls/select.h b/third_party/mbedtls/select.h new file mode 100644 index 000000000..ea467500b --- /dev/null +++ b/third_party/mbedtls/select.h @@ -0,0 +1,12 @@ +#ifndef COSMOPOLITAN_THIRD_PARTY_MBEDTLS_SELECT_H_ +#define COSMOPOLITAN_THIRD_PARTY_MBEDTLS_SELECT_H_ +#if !(__ASSEMBLER__ + __LINKER__ + 0) +COSMOPOLITAN_C_START_ + +static inline uint64_t Select(uint64_t a, uint64_t b, uint64_t mask) { + return (CONCEAL("r", mask) & a) | (CONCEAL("r", ~mask) & b); +} + +COSMOPOLITAN_C_END_ +#endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */ +#endif /* COSMOPOLITAN_THIRD_PARTY_MBEDTLS_SELECT_H_ */ diff --git a/third_party/mbedtls/sha1.c b/third_party/mbedtls/sha1.c index 14866676a..100fb55fd 100644 --- a/third_party/mbedtls/sha1.c +++ b/third_party/mbedtls/sha1.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "libc/bits/bits.h" #include "libc/macros.internal.h" #include "libc/nexgen32e/x86feature.h" @@ -5,6 +22,7 @@ #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/endian.h" #include "third_party/mbedtls/error.h" +#include "third_party/mbedtls/md.h" #include "third_party/mbedtls/platform.h" #include "third_party/mbedtls/sha1.h" @@ -46,42 +64,6 @@ void sha1_transform_avx2(mbedtls_sha1_context *, const uint8_t *, int); #define SHA1_VALIDATE(cond) MBEDTLS_INTERNAL_VALIDATE( cond ) -/** - * \brief This function initializes a SHA-1 context. - * - * \warning SHA-1 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - * \param ctx The SHA-1 context to initialize. - * This must not be \c NULL. - * - */ -void mbedtls_sha1_init( mbedtls_sha1_context *ctx ) -{ - SHA1_VALIDATE( ctx != NULL ); - memset( ctx, 0, sizeof( mbedtls_sha1_context ) ); -} - -/** - * \brief This function clears a SHA-1 context. - * - * \warning SHA-1 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - * \param ctx The SHA-1 context to clear. This may be \c NULL, - * in which case this function does nothing. If it is - * not \c NULL, it must point to an initialized - * SHA-1 context. - * - */ -void mbedtls_sha1_free( mbedtls_sha1_context *ctx ) -{ - if( !ctx ) return; - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha1_context ) ); -} - /** * \brief This function clones the state of a SHA-1 context. * @@ -395,7 +377,7 @@ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; uint32_t left; size_t n, fill; @@ -466,7 +448,7 @@ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, unsigned char output[20] ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; uint32_t used; uint32_t high, low; @@ -483,17 +465,17 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, if( used <= 56 ) { /* Enough room for padding + length in current block */ - memset( ctx->buffer + used, 0, 56 - used ); + mbedtls_platform_zeroize( ctx->buffer + used, 56 - used ); } else { /* We'll need an extra block */ - memset( ctx->buffer + used, 0, 64 - used ); + mbedtls_platform_zeroize( ctx->buffer + used, 64 - used ); if( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 ) return( ret ); - memset( ctx->buffer, 0, 56 ); + mbedtls_platform_zeroize( ctx->buffer, 56 ); } /* @@ -548,7 +530,7 @@ int mbedtls_sha1_ret( const void *input, size_t ilen, unsigned char output[20] ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_sha1_context ctx; SHA1_VALIDATE_RET( ilen == 0 || input != NULL ); @@ -571,6 +553,18 @@ exit: return( ret ); } +const mbedtls_md_info_t mbedtls_sha1_info = { + "SHA1", + MBEDTLS_MD_SHA1, + 20, + 64, + (void *)mbedtls_sha1_starts_ret, + (void *)mbedtls_sha1_update_ret, + (void *)mbedtls_internal_sha1_process, + (void *)mbedtls_sha1_finish_ret, + (void *)mbedtls_sha1_ret, +}; + #if defined(MBEDTLS_SELF_TEST) /* * FIPS-180-1 test vectors diff --git a/third_party/mbedtls/sha1.h b/third_party/mbedtls/sha1.h index 7a2194a7f..67ffa0cc5 100644 --- a/third_party/mbedtls/sha1.h +++ b/third_party/mbedtls/sha1.h @@ -1,6 +1,7 @@ #ifndef MBEDTLS_SHA1_H_ #define MBEDTLS_SHA1_H_ #include "third_party/mbedtls/config.h" +#include "third_party/mbedtls/platform.h" COSMOPOLITAN_C_START_ /* clang-format off */ @@ -24,8 +25,6 @@ typedef struct mbedtls_sha1_context } mbedtls_sha1_context; -void mbedtls_sha1_init( mbedtls_sha1_context * ); -void mbedtls_sha1_free( mbedtls_sha1_context * ); void mbedtls_sha1_clone( mbedtls_sha1_context *, const mbedtls_sha1_context * ); int mbedtls_sha1_starts_ret( mbedtls_sha1_context * ); int mbedtls_sha1_update_ret( mbedtls_sha1_context *, const unsigned char *, size_t ); @@ -34,5 +33,39 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *, const unsigned char[6 int mbedtls_sha1_ret( const void *, size_t, unsigned char[20] ); int mbedtls_sha1_self_test( int ); +/** + * \brief This function initializes a SHA-1 context. + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * + * \param ctx The SHA-1 context to initialize. + * This must not be \c NULL. + * + */ +static inline void mbedtls_sha1_init( mbedtls_sha1_context *ctx ) +{ + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha1_context ) ); +} + +/** + * \brief This function clears a SHA-1 context. + * + * \warning SHA-1 is considered a weak message digest and its use + * constitutes a security risk. We recommend considering + * stronger message digests instead. + * + * \param ctx The SHA-1 context to clear. This may be \c NULL, + * in which case this function does nothing. If it is + * not \c NULL, it must point to an initialized + * SHA-1 context. + */ +static inline void mbedtls_sha1_free( mbedtls_sha1_context *ctx ) +{ + if( !ctx ) return; + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha1_context ) ); +} + COSMOPOLITAN_C_END_ #endif /* MBEDTLS_SHA1_H_ */ diff --git a/third_party/mbedtls/sha256.c b/third_party/mbedtls/sha256.c index 27a69f280..337947797 100644 --- a/third_party/mbedtls/sha256.c +++ b/third_party/mbedtls/sha256.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "libc/dce.h" #include "libc/macros.internal.h" #include "libc/nexgen32e/x86feature.h" @@ -5,6 +22,7 @@ #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/endian.h" #include "third_party/mbedtls/error.h" +#include "third_party/mbedtls/md.h" #include "third_party/mbedtls/platform.h" #include "third_party/mbedtls/sha256.h" @@ -13,30 +31,14 @@ Mbed TLS (Apache 2.0)\\n\ Copyright ARM Limited\\n\ Copyright Mbed TLS Contributors\""); asm(".include \"libc/disclaimer.inc\""); - /* clang-format off */ -/* - * FIPS-180-2 compliant SHA-256 implementation + +/** + * @fileoverview FIPS-180-2 compliant SHA-256 implementation * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 + * The SHA-256 Secure Hash Standard was published by NIST in 2002. * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * The SHA-256 Secure Hash Standard was published by NIST in 2002. - * - * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf + * @see http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf */ #define SHA256_VALIDATE_RET(cond) \ @@ -47,30 +49,6 @@ void sha256_transform_rorx(mbedtls_sha256_context *, const uint8_t *, int); #if !defined(MBEDTLS_SHA256_ALT) -/** - * \brief This function initializes a SHA-256 context. - * - * \param ctx The SHA-256 context to initialize. This must not be \c NULL. - */ -void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) -{ - SHA256_VALIDATE( ctx != NULL ); - memset( ctx, 0, sizeof( mbedtls_sha256_context ) ); -} - -/** - * \brief This function clears a SHA-256 context. - * - * \param ctx The SHA-256 context to clear. This may be \c NULL, in which - * case this function returns immediately. If it is not \c NULL, - * it must point to an initialized SHA-256 context. - */ -void mbedtls_sha256_free( mbedtls_sha256_context *ctx ) -{ - if( ctx == NULL ) return; - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha256_context ) ); -} - /** * \brief This function clones the state of a SHA-256 context. * @@ -80,11 +58,45 @@ void mbedtls_sha256_free( mbedtls_sha256_context *ctx ) void mbedtls_sha256_clone( mbedtls_sha256_context *dst, const mbedtls_sha256_context *src ) { - SHA256_VALIDATE( dst != NULL ); - SHA256_VALIDATE( src != NULL ); + SHA256_VALIDATE( dst ); + SHA256_VALIDATE( src ); *dst = *src; } +int mbedtls_sha256_starts_224( mbedtls_sha256_context *ctx ) +{ + SHA256_VALIDATE_RET( ctx ); + ctx->total[0] = 0; + ctx->total[1] = 0; + ctx->state[0] = 0xC1059ED8; + ctx->state[1] = 0x367CD507; + ctx->state[2] = 0x3070DD17; + ctx->state[3] = 0xF70E5939; + ctx->state[4] = 0xFFC00B31; + ctx->state[5] = 0x68581511; + ctx->state[6] = 0x64F98FA7; + ctx->state[7] = 0xBEFA4FA4; + ctx->is224 = true; + return( 0 ); +} + +int mbedtls_sha256_starts_256( mbedtls_sha256_context *ctx ) +{ + SHA256_VALIDATE_RET( ctx ); + ctx->total[0] = 0; + ctx->total[1] = 0; + ctx->state[0] = 0x6A09E667; + ctx->state[1] = 0xBB67AE85; + ctx->state[2] = 0x3C6EF372; + ctx->state[3] = 0xA54FF53A; + ctx->state[4] = 0x510E527F; + ctx->state[5] = 0x9B05688C; + ctx->state[6] = 0x1F83D9AB; + ctx->state[7] = 0x5BE0CD19; + ctx->is224 = false; + return( 0 ); +} + /** * \brief This function starts a SHA-224 or SHA-256 checksum * calculation. @@ -98,40 +110,12 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, */ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) { - SHA256_VALIDATE_RET( ctx != NULL ); + SHA256_VALIDATE_RET( ctx ); SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 ); - - ctx->total[0] = 0; - ctx->total[1] = 0; - - if( is224 == 0 ) - { - /* SHA-256 */ - ctx->state[0] = 0x6A09E667; - ctx->state[1] = 0xBB67AE85; - ctx->state[2] = 0x3C6EF372; - ctx->state[3] = 0xA54FF53A; - ctx->state[4] = 0x510E527F; - ctx->state[5] = 0x9B05688C; - ctx->state[6] = 0x1F83D9AB; - ctx->state[7] = 0x5BE0CD19; - } + if( !is224 ) + return mbedtls_sha256_starts_256( ctx ); else - { - /* SHA-224 */ - ctx->state[0] = 0xC1059ED8; - ctx->state[1] = 0x367CD507; - ctx->state[2] = 0x3070DD17; - ctx->state[3] = 0xF70E5939; - ctx->state[4] = 0xFFC00B31; - ctx->state[5] = 0x68581511; - ctx->state[6] = 0x64F98FA7; - ctx->state[7] = 0xBEFA4FA4; - } - - ctx->is224 = is224; - - return( 0 ); + return mbedtls_sha256_starts_224( ctx ); } #if !defined(MBEDTLS_SHA256_PROCESS_ALT) @@ -298,7 +282,7 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, const unsigned char *input, size_t ilen ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t fill; uint32_t left; @@ -365,7 +349,7 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output[32] ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; uint32_t used; uint32_t high, low; @@ -382,17 +366,17 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, if( used <= 56 ) { /* Enough room for padding + length in current block */ - memset( ctx->buffer + used, 0, 56 - used ); + mbedtls_platform_zeroize( ctx->buffer + used, 56 - used ); } else { /* We'll need an extra block */ - memset( ctx->buffer + used, 0, 64 - used ); + mbedtls_platform_zeroize( ctx->buffer + used, 64 - used ); if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 ) return( ret ); - memset( ctx->buffer, 0, 56 ); + mbedtls_platform_zeroize( ctx->buffer, 56 ); } /* @@ -450,7 +434,7 @@ int mbedtls_sha256_ret( const void *input, unsigned char output[32], int is224 ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_sha256_context ctx; SHA256_VALIDATE_RET( is224 == 0 || is224 == 1 ); @@ -474,6 +458,40 @@ exit: return( ret ); } +noinstrument int mbedtls_sha256_ret_224( const void *input, size_t ilen, void *output ) +{ + return mbedtls_sha256_ret( input, ilen, output, true ); +} + +noinstrument int mbedtls_sha256_ret_256( const void *input, size_t ilen, void *output ) +{ + return mbedtls_sha256_ret( input, ilen, output, false ); +} + +const mbedtls_md_info_t mbedtls_sha224_info = { + "SHA224", + MBEDTLS_MD_SHA224, + 28, + 64, + (void *)mbedtls_sha256_starts_224, + (void *)mbedtls_sha256_update_ret, + (void *)mbedtls_internal_sha256_process, + (void *)mbedtls_sha256_finish_ret, + mbedtls_sha256_ret_224, +}; + +const mbedtls_md_info_t mbedtls_sha256_info = { + "SHA256", + MBEDTLS_MD_SHA256, + 32, + 64, + (void *)mbedtls_sha256_starts_256, + (void *)mbedtls_sha256_update_ret, + (void *)mbedtls_internal_sha256_process, + (void *)mbedtls_sha256_finish_ret, + mbedtls_sha256_ret_256, +}; + #if defined(MBEDTLS_SELF_TEST) /* * FIPS-180-2 test vectors @@ -537,40 +555,31 @@ int mbedtls_sha256_self_test( int verbose ) unsigned char *buf; unsigned char sha256sum[32]; mbedtls_sha256_context ctx; - buf = mbedtls_calloc( 1024, sizeof(unsigned char) ); if( NULL == buf ) { if( verbose != 0 ) mbedtls_printf( "Buffer allocation failed\n" ); - return( 1 ); } - mbedtls_sha256_init( &ctx ); - for( i = 0; i < 6; i++ ) { j = i % 3; k = i < 3; - if( verbose != 0 ) mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 ); - if( ( ret = mbedtls_sha256_starts_ret( &ctx, k ) ) != 0 ) goto fail; - if( j == 2 ) { memset( buf, 'a', buflen = 1000 ); - for( j = 0; j < 1000; j++ ) { ret = mbedtls_sha256_update_ret( &ctx, buf, buflen ); if( ret != 0 ) goto fail; } - } else { @@ -579,34 +588,25 @@ int mbedtls_sha256_self_test( int verbose ) if( ret != 0 ) goto fail; } - if( ( ret = mbedtls_sha256_finish_ret( &ctx, sha256sum ) ) != 0 ) goto fail; - - if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 ) { ret = 1; goto fail; } - if( verbose != 0 ) mbedtls_printf( "passed\n" ); } - if( verbose != 0 ) mbedtls_printf( "\n" ); - goto exit; - fail: if( verbose != 0 ) mbedtls_printf( "failed\n" ); - exit: mbedtls_sha256_free( &ctx ); mbedtls_free( buf ); - return( ret ); } diff --git a/third_party/mbedtls/sha256.h b/third_party/mbedtls/sha256.h index 28eaa8a83..68aad05bd 100644 --- a/third_party/mbedtls/sha256.h +++ b/third_party/mbedtls/sha256.h @@ -1,6 +1,7 @@ #ifndef MBEDTLS_SHA256_H_ #define MBEDTLS_SHA256_H_ #include "third_party/mbedtls/config.h" +#include "third_party/mbedtls/platform.h" COSMOPOLITAN_C_START_ /* clang-format off */ @@ -24,8 +25,6 @@ typedef struct mbedtls_sha256_context } mbedtls_sha256_context; -void mbedtls_sha256_init( mbedtls_sha256_context * ); -void mbedtls_sha256_free( mbedtls_sha256_context * ); void mbedtls_sha256_clone( mbedtls_sha256_context *, const mbedtls_sha256_context * ); int mbedtls_sha256_starts_ret( mbedtls_sha256_context *, int ); int mbedtls_sha256_update_ret( mbedtls_sha256_context *, const unsigned char *, size_t ); @@ -34,5 +33,28 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *, const unsigned ch int mbedtls_sha256_ret( const void *, size_t, unsigned char[32], int ); int mbedtls_sha256_self_test( int ); +/** + * \brief This function initializes a SHA-256 context. + * + * \param ctx The SHA-256 context to initialize. This must not be \c NULL. + */ +static inline void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) +{ + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha256_context ) ); +} + +/** + * \brief This function clears a SHA-256 context. + * + * \param ctx The SHA-256 context to clear. This may be \c NULL, in which + * case this function returns immediately. If it is not \c NULL, + * it must point to an initialized SHA-256 context. + */ +static inline void mbedtls_sha256_free( mbedtls_sha256_context *ctx ) +{ + if( !ctx ) return; + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha256_context ) ); +} + COSMOPOLITAN_C_END_ #endif /* MBEDTLS_SHA256_H_ */ diff --git a/third_party/mbedtls/sha512.c b/third_party/mbedtls/sha512.c index be050e498..d891a20fa 100644 --- a/third_party/mbedtls/sha512.c +++ b/third_party/mbedtls/sha512.c @@ -1,10 +1,29 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "libc/literal.h" #include "libc/macros.internal.h" #include "libc/nexgen32e/x86feature.h" #include "libc/str/str.h" +#include "third_party/mbedtls/chk.h" #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/endian.h" #include "third_party/mbedtls/error.h" +#include "third_party/mbedtls/md.h" #include "third_party/mbedtls/platform.h" #include "third_party/mbedtls/sha512.h" @@ -13,30 +32,14 @@ Mbed TLS (Apache 2.0)\\n\ Copyright ARM Limited\\n\ Copyright Mbed TLS Contributors\""); asm(".include \"libc/disclaimer.inc\""); - /* clang-format off */ -/* - * FIPS-180-2 compliant SHA-384/512 implementation + +/** + * @fileoverview FIPS-180-2 compliant SHA-384/512 implementation * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 + * The SHA-512 Secure Hash Standard was published by NIST in 2002. * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * The SHA-512 Secure Hash Standard was published by NIST in 2002. - * - * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf + * @see http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf */ void sha512_transform_rorx(mbedtls_sha512_context *, const uint8_t *, int); @@ -51,32 +54,6 @@ void sha512_transform_rorx(mbedtls_sha512_context *, const uint8_t *, int); #define sha512_put_uint64_be PUT_UINT64_BE -/** - * \brief This function initializes a SHA-512 context. - * - * \param ctx The SHA-512 context to initialize. This must - * not be \c NULL. - */ -void mbedtls_sha512_init( mbedtls_sha512_context *ctx ) -{ - SHA512_VALIDATE( ctx != NULL ); - memset( ctx, 0, sizeof( mbedtls_sha512_context ) ); -} - -/** - * \brief This function clears a SHA-512 context. - * - * \param ctx The SHA-512 context to clear. This may be \c NULL, - * in which case this function does nothing. If it - * is not \c NULL, it must point to an initialized - * SHA-512 context. - */ -void mbedtls_sha512_free( mbedtls_sha512_context *ctx ) -{ - if( !ctx ) return; - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha512_context ) ); -} - /** * \brief This function clones the state of a SHA-512 context. * @@ -86,11 +63,45 @@ void mbedtls_sha512_free( mbedtls_sha512_context *ctx ) void mbedtls_sha512_clone( mbedtls_sha512_context *dst, const mbedtls_sha512_context *src ) { - SHA512_VALIDATE( dst != NULL ); - SHA512_VALIDATE( src != NULL ); + SHA512_VALIDATE( dst ); + SHA512_VALIDATE( src ); *dst = *src; } +int mbedtls_sha512_starts_384( mbedtls_sha512_context *ctx ) +{ + SHA512_VALIDATE_RET( ctx ); + ctx->total[0] = 0; + ctx->total[1] = 0; + ctx->state[0] = UINT64_C(0xCBBB9D5DC1059ED8); + ctx->state[1] = UINT64_C(0x629A292A367CD507); + ctx->state[2] = UINT64_C(0x9159015A3070DD17); + ctx->state[3] = UINT64_C(0x152FECD8F70E5939); + ctx->state[4] = UINT64_C(0x67332667FFC00B31); + ctx->state[5] = UINT64_C(0x8EB44A8768581511); + ctx->state[6] = UINT64_C(0xDB0C2E0D64F98FA7); + ctx->state[7] = UINT64_C(0x47B5481DBEFA4FA4); + ctx->is384 = true; + return( 0 ); +} + +int mbedtls_sha512_starts_512( mbedtls_sha512_context *ctx ) +{ + SHA512_VALIDATE_RET( ctx ); + ctx->total[0] = 0; + ctx->total[1] = 0; + ctx->state[0] = UINT64_C(0x6A09E667F3BCC908); + ctx->state[1] = UINT64_C(0xBB67AE8584CAA73B); + ctx->state[2] = UINT64_C(0x3C6EF372FE94F82B); + ctx->state[3] = UINT64_C(0xA54FF53A5F1D36F1); + ctx->state[4] = UINT64_C(0x510E527FADE682D1); + ctx->state[5] = UINT64_C(0x9B05688C2B3E6C1F); + ctx->state[6] = UINT64_C(0x1F83D9ABFB41BD6B); + ctx->state[7] = UINT64_C(0x5BE0CD19137E2179); + ctx->is384 = false; + return( 0 ); +} + /** * \brief This function starts a SHA-384 or SHA-512 checksum * calculation. @@ -108,50 +119,12 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst, */ int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ) { - SHA512_VALIDATE_RET( ctx != NULL ); -#if !defined(MBEDTLS_SHA512_NO_SHA384) + SHA512_VALIDATE_RET( ctx ); SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 ); -#else - SHA512_VALIDATE_RET( is384 == 0 ); -#endif - - ctx->total[0] = 0; - ctx->total[1] = 0; - - if( is384 == 0 ) - { - /* SHA-512 */ - ctx->state[0] = UINT64_C(0x6A09E667F3BCC908); - ctx->state[1] = UINT64_C(0xBB67AE8584CAA73B); - ctx->state[2] = UINT64_C(0x3C6EF372FE94F82B); - ctx->state[3] = UINT64_C(0xA54FF53A5F1D36F1); - ctx->state[4] = UINT64_C(0x510E527FADE682D1); - ctx->state[5] = UINT64_C(0x9B05688C2B3E6C1F); - ctx->state[6] = UINT64_C(0x1F83D9ABFB41BD6B); - ctx->state[7] = UINT64_C(0x5BE0CD19137E2179); - } + if( !is384 ) + return mbedtls_sha512_starts_512( ctx ); else - { -#if defined(MBEDTLS_SHA512_NO_SHA384) - return( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA ); -#else - /* SHA-384 */ - ctx->state[0] = UINT64_C(0xCBBB9D5DC1059ED8); - ctx->state[1] = UINT64_C(0x629A292A367CD507); - ctx->state[2] = UINT64_C(0x9159015A3070DD17); - ctx->state[3] = UINT64_C(0x152FECD8F70E5939); - ctx->state[4] = UINT64_C(0x67332667FFC00B31); - ctx->state[5] = UINT64_C(0x8EB44A8768581511); - ctx->state[6] = UINT64_C(0xDB0C2E0D64F98FA7); - ctx->state[7] = UINT64_C(0x47B5481DBEFA4FA4); -#endif /* MBEDTLS_SHA512_NO_SHA384 */ - } - -#if !defined(MBEDTLS_SHA512_NO_SHA384) - ctx->is384 = is384; -#endif - - return( 0 ); + return mbedtls_sha512_starts_384( ctx ); } #if !defined(MBEDTLS_SHA512_PROCESS_ALT) @@ -321,7 +294,6 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, /* Zeroise buffers and variables to clear sensitive data from memory. */ mbedtls_platform_zeroize( &local, sizeof( local ) ); - return( 0 ); } @@ -344,54 +316,41 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, const unsigned char *input, size_t ilen ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t fill; unsigned int left; - SHA512_VALIDATE_RET( ctx != NULL ); SHA512_VALIDATE_RET( ilen == 0 || input != NULL ); - if( ilen == 0 ) return( 0 ); - left = (unsigned int) (ctx->total[0] & 0x7F); fill = 128 - left; - ctx->total[0] += (uint64_t) ilen; - if( ctx->total[0] < (uint64_t) ilen ) ctx->total[1]++; - if( left && ilen >= fill ) { memcpy( (void *) (ctx->buffer + left), input, fill ); - if( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 ) return( ret ); - input += fill; ilen -= fill; left = 0; } - if (!IsTiny() && ilen >= 128 && X86_HAVE(AVX2)) { sha512_transform_rorx(ctx, input, ilen / 128); input += ROUNDDOWN(ilen, 128); ilen -= ROUNDDOWN(ilen, 128); } - while( ilen >= 128 ) { if( ( ret = mbedtls_internal_sha512_process( ctx, input ) ) != 0 ) return( ret ); - input += 128; ilen -= 128; } - if( ilen > 0 ) memcpy( (void *) (ctx->buffer + left), input, ilen ); - return( 0 ); } @@ -410,49 +369,39 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, unsigned char output[64] ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned used; uint64_t high, low; - SHA512_VALIDATE_RET( ctx != NULL ); SHA512_VALIDATE_RET( (unsigned char *)output != NULL ); - /* * Add padding: 0x80 then 0x00 until 16 bytes remain for the length */ used = ctx->total[0] & 0x7F; - ctx->buffer[used++] = 0x80; - if( used <= 112 ) { /* Enough room for padding + length in current block */ - memset( ctx->buffer + used, 0, 112 - used ); + mbedtls_platform_zeroize( ctx->buffer + used, 112 - used ); } else { /* We'll need an extra block */ - memset( ctx->buffer + used, 0, 128 - used ); - + mbedtls_platform_zeroize( ctx->buffer + used, 128 - used ); if( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 ) return( ret ); - - memset( ctx->buffer, 0, 112 ); + mbedtls_platform_zeroize( ctx->buffer, 112 ); } - /* * Add message length */ high = ( ctx->total[0] >> 61 ) | ( ctx->total[1] << 3 ); low = ( ctx->total[0] << 3 ); - sha512_put_uint64_be( high, ctx->buffer, 112 ); sha512_put_uint64_be( low, ctx->buffer, 120 ); - if( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 ) return( ret ); - /* * Output final state */ @@ -462,7 +411,6 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, sha512_put_uint64_be( ctx->state[3], output, 24 ); sha512_put_uint64_be( ctx->state[4], output, 32 ); sha512_put_uint64_be( ctx->state[5], output, 40 ); - #if !defined(MBEDTLS_SHA512_NO_SHA384) if( ctx->is384 == 0 ) #endif @@ -470,7 +418,6 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, sha512_put_uint64_be( ctx->state[6], output, 48 ); sha512_put_uint64_be( ctx->state[7], output, 56 ); } - return( 0 ); } @@ -506,34 +453,60 @@ int mbedtls_sha512_ret( const void *input, unsigned char output[64], int is384 ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_sha512_context ctx; - #if !defined(MBEDTLS_SHA512_NO_SHA384) SHA512_VALIDATE_RET( is384 == 0 || is384 == 1 ); #else SHA512_VALIDATE_RET( is384 == 0 ); #endif - SHA512_VALIDATE_RET( ilen == 0 || input != NULL ); - SHA512_VALIDATE_RET( (unsigned char *)output != NULL ); - + SHA512_VALIDATE_RET( ilen == 0 || input ); + SHA512_VALIDATE_RET( (unsigned char *)output ); mbedtls_sha512_init( &ctx ); - - if( ( ret = mbedtls_sha512_starts_ret( &ctx, is384 ) ) != 0 ) - goto exit; - - if( ( ret = mbedtls_sha512_update_ret( &ctx, input, ilen ) ) != 0 ) - goto exit; - - if( ( ret = mbedtls_sha512_finish_ret( &ctx, output ) ) != 0 ) - goto exit; - -exit: + MBEDTLS_CHK( mbedtls_sha512_starts_ret( &ctx, is384 ) ); + MBEDTLS_CHK( mbedtls_sha512_update_ret( &ctx, input, ilen ) ); + MBEDTLS_CHK( mbedtls_sha512_finish_ret( &ctx, output ) ); +cleanup: mbedtls_sha512_free( &ctx ); - return( ret ); } +noinstrument int mbedtls_sha512_ret_384( const void *input, size_t ilen, void *output ) +{ + return mbedtls_sha512_ret( input, ilen, output, true ); +} + +noinstrument int mbedtls_sha512_ret_512( const void *input, size_t ilen, void *output ) +{ + return mbedtls_sha512_ret( input, ilen, output, false ); +} + +#if !defined(MBEDTLS_SHA512_NO_SHA384) +const mbedtls_md_info_t mbedtls_sha384_info = { + "SHA384", + MBEDTLS_MD_SHA384, + 48, + 128, + (void *)mbedtls_sha512_starts_384, + (void *)mbedtls_sha512_update_ret, + (void *)mbedtls_internal_sha512_process, + (void *)mbedtls_sha512_finish_ret, + mbedtls_sha512_ret_384, +}; +#endif + +const mbedtls_md_info_t mbedtls_sha512_info = { + "SHA512", + MBEDTLS_MD_SHA512, + 64, + 128, + (void *)mbedtls_sha512_starts_512, + (void *)mbedtls_sha512_update_ret, + (void *)mbedtls_internal_sha512_process, + (void *)mbedtls_sha512_finish_ret, + mbedtls_sha512_ret_512, +}; + #if defined(MBEDTLS_SELF_TEST) /* @@ -620,18 +593,14 @@ int mbedtls_sha512_self_test( int verbose ) unsigned char *buf; unsigned char sha512sum[64]; mbedtls_sha512_context ctx; - buf = mbedtls_calloc( 1024, sizeof(unsigned char) ); if( NULL == buf ) { if( verbose != 0 ) mbedtls_printf( "Buffer allocation failed\n" ); - return( 1 ); } - mbedtls_sha512_init( &ctx ); - for( i = 0; i < (int) ARRAY_LENGTH(sha512_test_sum); i++ ) { j = i % 3; @@ -640,17 +609,13 @@ int mbedtls_sha512_self_test( int verbose ) #else k = 0; #endif - if( verbose != 0 ) mbedtls_printf( " SHA-%d test #%d: ", 512 - k * 128, j + 1 ); - if( ( ret = mbedtls_sha512_starts_ret( &ctx, k ) ) != 0 ) goto fail; - if( j == 2 ) { memset( buf, 'a', buflen = 1000 ); - for( j = 0; j < 1000; j++ ) { ret = mbedtls_sha512_update_ret( &ctx, buf, buflen ); @@ -665,33 +630,25 @@ int mbedtls_sha512_self_test( int verbose ) if( ret != 0 ) goto fail; } - if( ( ret = mbedtls_sha512_finish_ret( &ctx, sha512sum ) ) != 0 ) goto fail; - if( memcmp( sha512sum, sha512_test_sum[i], 64 - k * 16 ) != 0 ) { ret = 1; goto fail; } - if( verbose != 0 ) mbedtls_printf( "passed\n" ); } - if( verbose != 0 ) mbedtls_printf( "\n" ); - goto exit; - fail: if( verbose != 0 ) mbedtls_printf( "failed\n" ); - exit: mbedtls_sha512_free( &ctx ); mbedtls_free( buf ); - return( ret ); } diff --git a/third_party/mbedtls/sha512.h b/third_party/mbedtls/sha512.h index 05b6c139a..95d8f9a43 100644 --- a/third_party/mbedtls/sha512.h +++ b/third_party/mbedtls/sha512.h @@ -1,6 +1,7 @@ #ifndef MBEDTLS_SHA512_H_ #define MBEDTLS_SHA512_H_ #include "third_party/mbedtls/config.h" +#include "third_party/mbedtls/platform.h" COSMOPOLITAN_C_START_ /* clang-format off */ @@ -26,8 +27,6 @@ typedef struct mbedtls_sha512_context } mbedtls_sha512_context; -void mbedtls_sha512_init( mbedtls_sha512_context * ); -void mbedtls_sha512_free( mbedtls_sha512_context * ); void mbedtls_sha512_clone( mbedtls_sha512_context *, const mbedtls_sha512_context * ); int mbedtls_sha512_starts_ret( mbedtls_sha512_context *, int ); int mbedtls_sha512_update_ret( mbedtls_sha512_context *, const unsigned char *, size_t ); @@ -36,5 +35,30 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *, const unsigned ch int mbedtls_sha512_ret( const void *, size_t, unsigned char[64], int ); int mbedtls_sha512_self_test( int ); +/** + * \brief This function initializes a SHA-512 context. + * + * \param ctx The SHA-512 context to initialize. This must + * not be \c NULL. + */ +static inline void mbedtls_sha512_init( mbedtls_sha512_context *ctx ) +{ + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha512_context ) ); +} + +/** + * \brief This function clears a SHA-512 context. + * + * \param ctx The SHA-512 context to clear. This may be \c NULL, + * in which case this function does nothing. If it + * is not \c NULL, it must point to an initialized + * SHA-512 context. + */ +static inline void mbedtls_sha512_free( mbedtls_sha512_context *ctx ) +{ + if( !ctx ) return; + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha512_context ) ); +} + COSMOPOLITAN_C_END_ #endif /* MBEDTLS_SHA512_H_ */ diff --git a/third_party/mbedtls/shiftright-avx.c b/third_party/mbedtls/shiftright-avx.c new file mode 100644 index 000000000..fa0eb4756 --- /dev/null +++ b/third_party/mbedtls/shiftright-avx.c @@ -0,0 +1,51 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ │ +│ Permission to use, copy, modify, and/or distribute this software for │ +│ any purpose with or without fee is hereby granted, provided that the │ +│ above copyright notice and this permission notice appear in all copies. │ +│ │ +│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ +│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ +│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ +│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ +│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ +│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ +│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ +│ PERFORMANCE OF THIS SOFTWARE. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "third_party/mbedtls/bignum_internal.h" +#include "third_party/mbedtls/platform.h" + +typedef uint64_t xmm_t __attribute__((__vector_size__(16), __aligned__(1))); + +void ShiftRightAvx(uint64_t *p, size_t n, unsigned char k) { + uint64_t p1; + xmm_t cv = {0}; + xmm_t i0, i1, i2, i3; + xmm_t o0, o1, o2, o3; + MBEDTLS_ASSERT(!(k & ~63)); + p1 = n > 1 ? p[1] : 0; + while (n >= 4) { + n -= 4; + i0 = *(xmm_t *)(p + n + 2); + i1 = *(xmm_t *)(p + n + 0); + o0 = i0 >> k | (xmm_t){i0[1], cv[0]} << (64 - k); + o1 = i1 >> k | (xmm_t){i1[1], i0[0]} << (64 - k); + cv = i1; + *(xmm_t *)(p + n + 2) = o0; + *(xmm_t *)(p + n + 0) = o1; + } + if (n >= 2) { + n -= 2; + i0 = *(xmm_t *)(p + n); + o0 = i0 >> k | (xmm_t){i0[1], cv[0]} << (64 - k); + cv = i0; + *(xmm_t *)(p + n) = o0; + } + if (n) { + p[0] = p[0] >> k | p1 << (64 - k); + } +} diff --git a/third_party/mbedtls/shiftright-pure.c b/third_party/mbedtls/shiftright-pure.c new file mode 100644 index 000000000..d5a7b353a --- /dev/null +++ b/third_party/mbedtls/shiftright-pure.c @@ -0,0 +1,39 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ │ +│ Permission to use, copy, modify, and/or distribute this software for │ +│ any purpose with or without fee is hereby granted, provided that the │ +│ above copyright notice and this permission notice appear in all copies. │ +│ │ +│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ +│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ +│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ +│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ +│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ +│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ +│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ +│ PERFORMANCE OF THIS SOFTWARE. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "third_party/mbedtls/bignum_internal.h" +#include "third_party/mbedtls/platform.h" + +void ShiftRightPure(mbedtls_mpi_uint *p, size_t n, unsigned char k) { + mbedtls_mpi_uint x, y, *e, *f; + MBEDTLS_ASSERT(!(k & ~63)); + f = p; + if (n) { + y = 0; + x = p[0]; + e = p + n; + for (; ++p < e; x = y) { + y = p[0]; + p[-1] = x >> 1 | y << (64 - 1); + } + p[-1] = x >> 1; + } + while (p < f) { + *p++ = 0; + } +} diff --git a/third_party/mbedtls/shiftright.c b/third_party/mbedtls/shiftright.c new file mode 100644 index 000000000..38cd9a2bd --- /dev/null +++ b/third_party/mbedtls/shiftright.c @@ -0,0 +1,28 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ │ +│ Permission to use, copy, modify, and/or distribute this software for │ +│ any purpose with or without fee is hereby granted, provided that the │ +│ above copyright notice and this permission notice appear in all copies. │ +│ │ +│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ +│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ +│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ +│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ +│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ +│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ +│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ +│ PERFORMANCE OF THIS SOFTWARE. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/nexgen32e/x86feature.h" +#include "third_party/mbedtls/bignum_internal.h" + +void (*ShiftRight)(uint64_t *, size_t, unsigned char); + +static textstartup void ShiftRightInit(void) { + ShiftRight = X86_HAVE(AVX) ? ShiftRightAvx : ShiftRightPure; +} + +const void *const ShiftRightCtor[] initarray = {ShiftRightInit}; diff --git a/third_party/mbedtls/speed.sh b/third_party/mbedtls/speed.sh new file mode 100755 index 000000000..04a4faae8 --- /dev/null +++ b/third_party/mbedtls/speed.sh @@ -0,0 +1,80 @@ +#!/bin/sh +make -j8 o//third_party/mbedtls || exit + +run() { + $1 + echo $1 +} + +( + run o//third_party/mbedtls/test/test_suite_aes.cbc.com + run o//third_party/mbedtls/test/test_suite_aes.cfb.com + run o//third_party/mbedtls/test/test_suite_aes.ecb.com + run o//third_party/mbedtls/test/test_suite_aes.ofb.com + run o//third_party/mbedtls/test/test_suite_aes.rest.com + run o//third_party/mbedtls/test/test_suite_aes.xts.com + run o//third_party/mbedtls/test/test_suite_asn1parse.com + run o//third_party/mbedtls/test/test_suite_asn1write.com + run o//third_party/mbedtls/test/test_suite_base64.com + run o//third_party/mbedtls/test/test_suite_blowfish.com + run o//third_party/mbedtls/test/test_suite_chacha20.com + run o//third_party/mbedtls/test/test_suite_chachapoly.com + run o//third_party/mbedtls/test/test_suite_cipher.aes.com + run o//third_party/mbedtls/test/test_suite_cipher.blowfish.com + run o//third_party/mbedtls/test/test_suite_cipher.ccm.com + run o//third_party/mbedtls/test/test_suite_cipher.chacha20.com + run o//third_party/mbedtls/test/test_suite_cipher.chachapoly.com + run o//third_party/mbedtls/test/test_suite_cipher.des.com + run o//third_party/mbedtls/test/test_suite_cipher.gcm.com + run o//third_party/mbedtls/test/test_suite_cipher.misc.com + run o//third_party/mbedtls/test/test_suite_cipher.nist_kw.com + run o//third_party/mbedtls/test/test_suite_cipher.null.com + run o//third_party/mbedtls/test/test_suite_cipher.padding.com + run o//third_party/mbedtls/test/test_suite_ctr_drbg.com + run o//third_party/mbedtls/test/test_suite_des.com + run o//third_party/mbedtls/test/test_suite_dhm.com + run o//third_party/mbedtls/test/test_suite_ecdh.com + run o//third_party/mbedtls/test/test_suite_ecdsa.com + run o//third_party/mbedtls/test/test_suite_ecjpake.com + run o//third_party/mbedtls/test/test_suite_ecp.com + run o//third_party/mbedtls/test/test_suite_entropy.com + run o//third_party/mbedtls/test/test_suite_error.com + run o//third_party/mbedtls/test/test_suite_gcm.aes128_de.com + run o//third_party/mbedtls/test/test_suite_gcm.aes128_en.com + run o//third_party/mbedtls/test/test_suite_gcm.aes192_de.com + run o//third_party/mbedtls/test/test_suite_gcm.aes192_en.com + run o//third_party/mbedtls/test/test_suite_gcm.aes256_de.com + run o//third_party/mbedtls/test/test_suite_gcm.aes256_en.com + run o//third_party/mbedtls/test/test_suite_gcm.misc.com + run o//third_party/mbedtls/test/test_suite_hkdf.com + run o//third_party/mbedtls/test/test_suite_hmac_drbg.misc.com + run o//third_party/mbedtls/test/test_suite_hmac_drbg.no_reseed.com + run o//third_party/mbedtls/test/test_suite_hmac_drbg.nopr.com + run o//third_party/mbedtls/test/test_suite_hmac_drbg.pr.com + run o//third_party/mbedtls/test/test_suite_md.com + run o//third_party/mbedtls/test/test_suite_mdx.com + run o//third_party/mbedtls/test/test_suite_memory_buffer_alloc.com + run o//third_party/mbedtls/test/test_suite_mpi.com + run o//third_party/mbedtls/test/test_suite_net.com + run o//third_party/mbedtls/test/test_suite_nist_kw.com + run o//third_party/mbedtls/test/test_suite_oid.com + run o//third_party/mbedtls/test/test_suite_pem.com + run o//third_party/mbedtls/test/test_suite_pk.com + run o//third_party/mbedtls/test/test_suite_pkcs1_v15.com + run o//third_party/mbedtls/test/test_suite_pkcs1_v21.com + run o//third_party/mbedtls/test/test_suite_pkcs5.com + run o//third_party/mbedtls/test/test_suite_pkparse.com + run o//third_party/mbedtls/test/test_suite_pkwrite.com + run o//third_party/mbedtls/test/test_suite_poly1305.com + run o//third_party/mbedtls/test/test_suite_random.com + run o//third_party/mbedtls/test/test_suite_rsa.com + run o//third_party/mbedtls/test/test_suite_shax.com + run o//third_party/mbedtls/test/test_suite_ssl.com + run o//third_party/mbedtls/test/test_suite_timing.com + run o//third_party/mbedtls/test/test_suite_version.com + run o//third_party/mbedtls/test/test_suite_x509parse.com + run o//third_party/mbedtls/test/test_suite_x509write.com +) | o//tool/build/deltaify.com | sort -n | tee speed.txt + +mkdir -p ~/speed/mbedtls +cp speed.txt ~/speed/mbedtls/$(date +%Y-%m-%d-%H-%H).txt diff --git a/third_party/mbedtls/ssl.h b/third_party/mbedtls/ssl.h index b789ece08..6d9ae60a3 100644 --- a/third_party/mbedtls/ssl.h +++ b/third_party/mbedtls/ssl.h @@ -167,8 +167,9 @@ COSMOPOLITAN_C_START_ #define MBEDTLS_SSL_ARC4_ENABLED 0 #define MBEDTLS_SSL_ARC4_DISABLED 1 -#define MBEDTLS_SSL_PRESET_DEFAULT 0 +#define MBEDTLS_SSL_PRESET_DEFAULT MBEDTLS_SSL_PRESET_SUITEC #define MBEDTLS_SSL_PRESET_SUITEB 2 +#define MBEDTLS_SSL_PRESET_SUITEC 0 #define MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED 1 #define MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED 0 @@ -1546,5 +1547,7 @@ forceinline int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, } } +const char *GetSslStateName(mbedtls_ssl_states ); + COSMOPOLITAN_C_END_ #endif /* COSMOPOLITAN_THIRD_PARTY_MBEDTLS_SSL_H_ */ diff --git a/third_party/mbedtls/ssl_cache.c b/third_party/mbedtls/ssl_cache.c index ea8eee5c7..0e6a81325 100644 --- a/third_party/mbedtls/ssl_cache.c +++ b/third_party/mbedtls/ssl_cache.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "libc/log/log.h" #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/platform.h" @@ -38,7 +55,7 @@ asm(".include \"libc/disclaimer.inc\""); void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache ) { - memset( cache, 0, sizeof( mbedtls_ssl_cache_context ) ); + mbedtls_platform_zeroize( cache, sizeof( mbedtls_ssl_cache_context ) ); cache->timeout = MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT; cache->max_entries = MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES; } @@ -228,7 +245,7 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session ) if( cur->peer_cert.p != NULL ) { mbedtls_free( cur->peer_cert.p ); - memset( &cur->peer_cert, 0, sizeof(mbedtls_x509_buf) ); + mbedtls_platform_zeroize( &cur->peer_cert, sizeof(mbedtls_x509_buf) ); } #endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ diff --git a/third_party/mbedtls/ssl_ciphersuites.c b/third_party/mbedtls/ssl_ciphersuites.c index 0caa57625..b465480f8 100644 --- a/third_party/mbedtls/ssl_ciphersuites.c +++ b/third_party/mbedtls/ssl_ciphersuites.c @@ -1,3 +1,21 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "third_party/mbedtls/cipher.h" #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/platform.h" #include "third_party/mbedtls/ssl.h" @@ -10,27 +28,6 @@ Copyright Mbed TLS Contributors\""); asm(".include \"libc/disclaimer.inc\""); /* clang-format off */ -/** - * \file ssl_ciphersuites.c - * - * \brief SSL ciphersuites for mbed TLS - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - /* * CRYPTOGRAPHY 101 * @@ -170,7 +167,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = { #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && defined(MBEDTLS_AES_C) && defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", + { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "ECDHE-ECDSA-AES128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -178,7 +175,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && defined(MBEDTLS_AES_C) && defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", + { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "ECDHE-ECDSA-AES256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -186,7 +183,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && defined(MBEDTLS_AES_C) && defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", + { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "ECDHE-RSA-AES128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -194,7 +191,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && defined(MBEDTLS_AES_C) && defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", + { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "ECDHE-RSA-AES256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -206,7 +203,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) { MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", + "ECDHE-RSA-CHACHA20-POLY1305-SHA256", MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -215,7 +212,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, - "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", + "ECDHE-ECDSA-CHACHA20-POLY1305-SHA256", MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -224,7 +221,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) { MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, - "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", + "DHE-RSA-CHACHA20-POLY1305-SHA256", MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -233,7 +230,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) { MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256, - "TLS-PSK-WITH-CHACHA20-POLY1305-SHA256", + "PSK-CHACHA20-POLY1305-SHA256", MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -242,7 +239,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) { MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256, - "TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256", + "ECDHE-PSK-CHACHA20-POLY1305-SHA256", MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -251,7 +248,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) { MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256, - "TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256", + "DHE-PSK-CHACHA20-POLY1305-SHA256", MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -260,7 +257,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) { MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256, - "TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256", + "RSA-PSK-CHACHA20-POLY1305-SHA256", MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -275,12 +272,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_SHA1_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", + { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "ECDHE-ECDSA-AES128-CBC-SHA", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA", + { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "ECDHE-ECDSA-AES256-CBC-SHA", MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -289,7 +286,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", + { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "ECDHE-ECDSA-AES128-CBC-SHA256", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -298,7 +295,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", + { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "ECDHE-ECDSA-AES256-CBC-SHA384", MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -306,22 +303,22 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* MBEDTLS_SHA512_C */ #if defined(MBEDTLS_CCM_C) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM", + { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "ECDHE-ECDSA-AES256-CCM", MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8", + { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, "ECDHE-ECDSA-AES256-CCM8", MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_CIPHERSUITE_SHORT_TAG }, - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM", + { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, "ECDHE-ECDSA-AES128-CCM", MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8", + { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, "ECDHE-ECDSA-AES128-CCM8", MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -331,7 +328,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_DES_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-ECDSA-WITH-3DES-EDE-CBC-SHA", + { MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, "ECDHE-ECDSA-3DES-EDE-CBC-SHA", MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -341,7 +338,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_ARC4_C) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS-ECDHE-ECDSA-WITH-RC4-128-SHA", + { MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "ECDHE-ECDSA-RC4-128-SHA", MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -350,7 +347,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_ARC4_C */ #if defined(MBEDTLS_CIPHER_NULL_CIPHER) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "TLS-ECDHE-ECDSA-WITH-NULL-SHA", + { MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA, "ECDHE-ECDSA-NULL-SHA", MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -363,12 +360,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_SHA1_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) - { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", + { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "ECDHE-RSA-AES128-CBC-SHA", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, - { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", + { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "ECDHE-RSA-AES256-CBC-SHA", MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -377,7 +374,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) - { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", + { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "ECDHE-RSA-AES128-CBC-SHA256", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -386,7 +383,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) - { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", + { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "ECDHE-RSA-AES256-CBC-SHA384", MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -398,7 +395,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_DES_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", + { MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "ECDHE-RSA-3DES-EDE-CBC-SHA", MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -409,7 +406,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_ARC4_C) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS-ECDHE-RSA-WITH-RC4-128-SHA", + { MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA, "ECDHE-RSA-RC4-128-SHA", MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -419,7 +416,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_CIPHER_NULL_CIPHER) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "TLS-ECDHE-RSA-WITH-NULL-SHA", + { MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA, "ECDHE-RSA-NULL-SHA", MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -431,7 +428,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) #if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_GCM_C) - { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", + { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "DHE-RSA-AES256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -440,7 +437,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_GCM_C) - { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", + { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "DHE-RSA-AES128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -448,13 +445,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_GCM_C */ #if defined(MBEDTLS_CIPHER_MODE_CBC) - { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", + { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "DHE-RSA-AES128-CBC-SHA256", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, - { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", + { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, "DHE-RSA-AES256-CBC-SHA256", MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -464,13 +461,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", + { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA, "DHE-RSA-AES128-CBC-SHA", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, - { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", + { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA, "DHE-RSA-AES256-CBC-SHA", MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -478,22 +475,22 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CCM_C) - { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM", + { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "DHE-RSA-AES256-CCM", MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, - { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, "TLS-DHE-RSA-WITH-AES-256-CCM-8", + { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8, "DHE-RSA-AES256-CCM8", MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_CIPHERSUITE_SHORT_TAG }, - { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, "TLS-DHE-RSA-WITH-AES-128-CCM", + { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM, "DHE-RSA-AES128-CCM", MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, - { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, "TLS-DHE-RSA-WITH-AES-128-CCM-8", + { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8, "DHE-RSA-AES128-CCM8", MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -504,7 +501,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_DES_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", + { MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, "DHE-RSA-3DES-EDE-CBC-SHA", MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -517,7 +514,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) #if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_GCM_C) - { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384", + { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "RSA-AES256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -526,7 +523,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_GCM_C) - { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256", + { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "RSA-AES128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -534,13 +531,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_GCM_C */ #if defined(MBEDTLS_CIPHER_MODE_CBC) - { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256", + { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "RSA-AES128-CBC-SHA256", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, - { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "TLS-RSA-WITH-AES-256-CBC-SHA256", + { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256, "RSA-AES256-CBC-SHA256", MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -550,13 +547,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_SHA1_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) - { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "TLS-RSA-WITH-AES-128-CBC-SHA", + { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA, "RSA-AES128-CBC-SHA", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, - { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "TLS-RSA-WITH-AES-256-CBC-SHA", + { MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA, "RSA-AES256-CBC-SHA", MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -564,22 +561,22 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_CCM_C) - { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM", + { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "RSA-AES256-CCM", MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, - { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "TLS-RSA-WITH-AES-256-CCM-8", + { MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8, "RSA-AES256-CCM8", MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_CIPHERSUITE_SHORT_TAG }, - { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "TLS-RSA-WITH-AES-128-CCM", + { MBEDTLS_TLS_RSA_WITH_AES_128_CCM, "RSA-AES128-CCM", MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, - { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "TLS-RSA-WITH-AES-128-CCM-8", + { MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8, "RSA-AES128-CCM8", MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -590,7 +587,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_DES_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-WITH-3DES-EDE-CBC-SHA", + { MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA, "RSA-3DES-EDE-CBC-SHA", MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -601,7 +598,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_ARC4_C) #if defined(MBEDTLS_MD5_C) - { MBEDTLS_TLS_RSA_WITH_RC4_128_MD5, "TLS-RSA-WITH-RC4-128-MD5", + { MBEDTLS_TLS_RSA_WITH_RC4_128_MD5, "RSA-RC4-128-MD5", MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -609,7 +606,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_RSA_WITH_RC4_128_SHA, "TLS-RSA-WITH-RC4-128-SHA", + { MBEDTLS_TLS_RSA_WITH_RC4_128_SHA, "RSA-RC4-128-SHA", MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -622,12 +619,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_SHA1_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA", + { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "ECDH-RSA-AES128-CBC-SHA", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA", + { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "ECDH-RSA-AES256-CBC-SHA", MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -636,14 +633,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256", + { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "ECDH-RSA-AES128-CBC-SHA256", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_GCM_C) - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256", + { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "ECDH-RSA-AES128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -652,14 +649,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384", + { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "ECDH-RSA-AES256-CBC-SHA384", MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_GCM_C) - { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384", + { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "ECDH-RSA-AES256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -671,7 +668,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_DES_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDH-RSA-WITH-3DES-EDE-CBC-SHA", + { MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, "ECDH-RSA-3DES-EDE-CBC-SHA", MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -682,7 +679,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_ARC4_C) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA, "TLS-ECDH-RSA-WITH-RC4-128-SHA", + { MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA, "ECDH-RSA-RC4-128-SHA", MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -692,7 +689,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_CIPHER_NULL_CIPHER) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA", + { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "ECDH-RSA-NULL-SHA", MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -705,12 +702,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_SHA1_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA", + { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "ECDH-ECDSA-AES128-CBC-SHA", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA", + { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "ECDH-ECDSA-AES256-CBC-SHA", MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -719,14 +716,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256", + { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "ECDH-ECDSA-AES128-CBC-SHA256", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_GCM_C) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", + { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "ECDH-ECDSA-AES128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -735,14 +732,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384", + { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "ECDH-ECDSA-AES256-CBC-SHA384", MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_GCM_C) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", + { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "ECDH-ECDSA-AES256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -754,7 +751,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_DES_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, "TLS-ECDH-ECDSA-WITH-3DES-EDE-CBC-SHA", + { MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, "ECDH-ECDSA-3DES-EDE-CBC-SHA", MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -765,7 +762,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_ARC4_C) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA, "TLS-ECDH-ECDSA-WITH-RC4-128-SHA", + { MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA, "ECDH-ECDSA-RC4-128-SHA", MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -775,7 +772,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_CIPHER_NULL_CIPHER) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA", + { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "ECDH-ECDSA-NULL-SHA", MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -788,7 +785,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_GCM_C) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256", + { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "PSK-AES128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -796,7 +793,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384", + { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "PSK-AES256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -806,7 +803,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "TLS-PSK-WITH-AES-128-CBC-SHA256", + { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256, "PSK-AES128-CBC-SHA256", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -814,7 +811,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384", + { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "PSK-AES256-CBC-SHA384", MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -822,13 +819,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_SHA512_C */ #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA", + { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "PSK-AES128-CBC-SHA", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, - { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "TLS-PSK-WITH-AES-256-CBC-SHA", + { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA, "PSK-AES256-CBC-SHA", MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -836,22 +833,22 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CCM_C) - { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM", + { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "PSK-AES256-CCM", MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, - { MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "TLS-PSK-WITH-AES-256-CCM-8", + { MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8, "PSK-AES256-CCM8", MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_CIPHERSUITE_SHORT_TAG }, - { MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "TLS-PSK-WITH-AES-128-CCM", + { MBEDTLS_TLS_PSK_WITH_AES_128_CCM, "PSK-AES128-CCM", MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, - { MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "TLS-PSK-WITH-AES-128-CCM-8", + { MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8, "PSK-AES128-CCM8", MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -862,7 +859,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_DES_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-PSK-WITH-3DES-EDE-CBC-SHA", + { MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA, "PSK-3DES-EDE-CBC-SHA", MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -873,7 +870,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_ARC4_C) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_PSK_WITH_RC4_128_SHA, "TLS-PSK-WITH-RC4-128-SHA", + { MBEDTLS_TLS_PSK_WITH_RC4_128_SHA, "PSK-RC4-128-SHA", MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -886,7 +883,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_GCM_C) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256", + { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "DHE-PSK-AES128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -894,7 +891,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384", + { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "DHE-PSK-AES256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -904,7 +901,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA256", + { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, "DHE-PSK-AES128-CBC-SHA256", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -912,7 +909,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384", + { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "DHE-PSK-AES256-CBC-SHA384", MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -920,13 +917,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_SHA512_C */ #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA", + { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "DHE-PSK-AES128-CBC-SHA", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, - { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA", + { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA, "DHE-PSK-AES256-CBC-SHA", MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -934,22 +931,22 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_SHA1_C */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CCM_C) - { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM", + { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "DHE-PSK-AES256-CCM", MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, - { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, "TLS-DHE-PSK-WITH-AES-256-CCM-8", + { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8, "DHE-PSK-AES256-CCM8", MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_CIPHERSUITE_SHORT_TAG }, - { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, "TLS-DHE-PSK-WITH-AES-128-CCM", + { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM, "DHE-PSK-AES128-CCM", MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, - { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, "TLS-DHE-PSK-WITH-AES-128-CCM-8", + { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8, "DHE-PSK-AES128-CCM8", MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -960,7 +957,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_DES_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA", + { MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, "DHE-PSK-3DES-EDE-CBC-SHA", MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -971,7 +968,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_ARC4_C) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA, "TLS-DHE-PSK-WITH-RC4-128-SHA", + { MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA, "DHE-PSK-RC4-128-SHA", MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -985,7 +982,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256", + { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, "ECDHE-PSK-AES128-CBC-SHA256", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -993,7 +990,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384", + { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "ECDHE-PSK-AES256-CBC-SHA384", MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1001,13 +998,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_SHA512_C */ #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA", + { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "ECDHE-PSK-AES128-CBC-SHA", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, - { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA", + { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, "ECDHE-PSK-AES256-CBC-SHA", MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1019,7 +1016,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_DES_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA", + { MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, "ECDHE-PSK-3DES-EDE-CBC-SHA", MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1030,7 +1027,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_ARC4_C) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA, "TLS-ECDHE-PSK-WITH-RC4-128-SHA", + { MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA, "ECDHE-PSK-RC4-128-SHA", MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1043,7 +1040,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_GCM_C) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256", + { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "RSA-PSK-AES128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1051,7 +1048,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384", + { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "RSA-PSK-AES256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1061,7 +1058,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA256", + { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, "RSA-PSK-AES128-CBC-SHA256", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1069,7 +1066,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384", + { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "RSA-PSK-AES256-CBC-SHA384", MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1077,13 +1074,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_SHA512_C */ #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA", + { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "RSA-PSK-AES128-CBC-SHA", MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, 0 }, - { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA", + { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "RSA-PSK-AES256-CBC-SHA", MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1095,7 +1092,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_DES_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA", + { MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, "RSA-PSK-3DES-EDE-CBC-SHA", MBEDTLS_CIPHER_DES_EDE3_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1106,7 +1103,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_ARC4_C) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA, "TLS-RSA-PSK-WITH-RC4-128-SHA", + { MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA, "RSA-PSK-RC4-128-SHA", MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1118,7 +1115,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) #if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_CCM_C) - { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8", + { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "ECJPAKE-AES128-CCM8", MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1131,7 +1128,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_CIPHER_NULL_CIPHER) #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) #if defined(MBEDTLS_MD5_C) - { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "TLS-RSA-WITH-NULL-MD5", + { MBEDTLS_TLS_RSA_WITH_NULL_MD5, "RSA-NULL-MD5", MBEDTLS_CIPHER_NULL, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1139,7 +1136,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "TLS-RSA-WITH-NULL-SHA", + { MBEDTLS_TLS_RSA_WITH_NULL_SHA, "RSA-NULL-SHA", MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1147,7 +1144,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "TLS-RSA-WITH-NULL-SHA256", + { MBEDTLS_TLS_RSA_WITH_NULL_SHA256, "RSA-NULL-SHA256", MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1157,7 +1154,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "TLS-PSK-WITH-NULL-SHA", + { MBEDTLS_TLS_PSK_WITH_NULL_SHA, "PSK-NULL-SHA", MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1165,7 +1162,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "TLS-PSK-WITH-NULL-SHA256", + { MBEDTLS_TLS_PSK_WITH_NULL_SHA256, "PSK-NULL-SHA256", MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1173,7 +1170,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384", + { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "PSK-NULL-SHA384", MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1183,7 +1180,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "TLS-DHE-PSK-WITH-NULL-SHA", + { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA, "DHE-PSK-NULL-SHA", MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1191,7 +1188,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, "TLS-DHE-PSK-WITH-NULL-SHA256", + { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256, "DHE-PSK-NULL-SHA256", MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1199,7 +1196,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384", + { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "DHE-PSK-NULL-SHA384", MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1209,7 +1206,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "TLS-ECDHE-PSK-WITH-NULL-SHA", + { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA, "ECDHE-PSK-NULL-SHA", MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1217,7 +1214,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "TLS-ECDHE-PSK-WITH-NULL-SHA256", + { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256, "ECDHE-PSK-NULL-SHA256", MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1225,7 +1222,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384", + { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "ECDHE-PSK-NULL-SHA384", MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1235,7 +1232,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA", + { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA, "RSA-PSK-NULL-SHA", MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1243,7 +1240,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) - { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, "TLS-RSA-PSK-WITH-NULL-SHA256", + { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256, "RSA-PSK-NULL-SHA256", MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1251,7 +1248,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif #if defined(MBEDTLS_SHA512_C) - { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384", + { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, "RSA-PSK-NULL-SHA384", MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1264,7 +1261,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA, "TLS-DHE-RSA-WITH-DES-CBC-SHA", + { MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA, "DHE-RSA-DES-CBC-SHA", MBEDTLS_CIPHER_DES_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_DHE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1274,7 +1271,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) #if defined(MBEDTLS_SHA1_C) - { MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA, "TLS-RSA-WITH-DES-CBC-SHA", + { MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA, "RSA-DES-CBC-SHA", MBEDTLS_CIPHER_DES_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, @@ -1285,364 +1282,16 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_DES_C */ #endif /* MBEDTLS_ENABLE_WEAK_CIPHERSUITES */ -#if defined(MBEDTLS_ARIA_C) - -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384, - "TLS-RSA-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, + { MBEDTLS_TLS_RSA_WITH_RC4_128_SHA, "RSA-RC4-128-SHA", + MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, + MBEDTLS_CIPHERSUITE_NODTLS }, + { MBEDTLS_TLS_RSA_WITH_RC4_128_MD5, "RSA-RC4-128-MD5", + MBEDTLS_CIPHER_ARC4_128, MBEDTLS_MD_MD5, MBEDTLS_KEY_EXCHANGE_RSA, + MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384, - "TLS-RSA-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256, - "TLS-RSA-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256, - "TLS-RSA-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) - -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384, - "TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384, - "TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256, - "TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256, - "TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384, - "TLS-PSK-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384,MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384, - "TLS-PSK-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256, - "TLS-PSK-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256, - "TLS-PSK-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) - -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, - "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, - "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, - "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, - "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) - -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, - "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, - "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, - "TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, - "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) - -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, - "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, - "TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) - -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, - "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, - "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, - "TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256, - "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) - -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, - "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, - "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, - "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, - "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) - -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384, - "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, - "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256, - "TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, - "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) - -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384, - "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384", - MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C)) - { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, - "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384", - MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256, - "TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256", - MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif -#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA256_C)) - { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, - "TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256", - MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3, - 0 }, -#endif - -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ - -#endif /* MBEDTLS_ARIA_C */ - + MBEDTLS_CIPHERSUITE_NODTLS }, { 0, "", MBEDTLS_CIPHER_NONE, MBEDTLS_MD_NONE, MBEDTLS_KEY_EXCHANGE_NONE, diff --git a/third_party/mbedtls/ssl_ciphersuites.h b/third_party/mbedtls/ssl_ciphersuites.h index 5c9dbc7d2..24d17b3ed 100644 --- a/third_party/mbedtls/ssl_ciphersuites.h +++ b/third_party/mbedtls/ssl_ciphersuites.h @@ -283,9 +283,9 @@ typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t; /** * \brief This structure is used for storing ciphersuite information */ -struct mbedtls_ssl_ciphersuite_t +struct thatispacked mbedtls_ssl_ciphersuite_t { - int id; + uint16_t id; const char * name; unsigned char cipher; /* mbedtls_cipher_type_t */ unsigned char mac; /* mbedtls_md_type_t */ @@ -445,5 +445,7 @@ static inline int mbedtls_ssl_ciphersuite_uses_server_signature( const mbedtls_s } #endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */ +const mbedtls_ssl_ciphersuite_t *GetCipherSuite(const char *); + COSMOPOLITAN_C_END_ #endif /* COSMOPOLITAN_THIRD_PARTY_MBEDTLS_SSL_CIPHERSUITES_H_ */ diff --git a/third_party/mbedtls/ssl_cli.c b/third_party/mbedtls/ssl_cli.c index 00d3afd45..906d45911 100644 --- a/third_party/mbedtls/ssl_cli.c +++ b/third_party/mbedtls/ssl_cli.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/debug.h" #include "third_party/mbedtls/error.h" @@ -372,7 +389,7 @@ static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, const unsigned char *end, size_t *olen ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char *p = buf; size_t kkpp_len; @@ -767,7 +784,7 @@ static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, "illegal DTLS-SRTP protection profile %d", ssl->conf->dtls_srtp_profile_list[protection_profiles_index] ) ); - return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); + return( MBEDTLS_ERR_THIS_CORRUPTION ); } } @@ -803,7 +820,7 @@ static int ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, */ static int ssl_generate_random( mbedtls_ssl_context *ssl ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char *p = ssl->handshake->randbytes; #if defined(MBEDTLS_HAVE_TIME) mbedtls_time_t t; @@ -897,7 +914,7 @@ static int ssl_validate_ciphersuite( static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t i, n, olen, ext_len = 0; unsigned char *buf; @@ -1629,7 +1646,7 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; if( ssl->handshake->ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_ECJPAKE ) @@ -2653,7 +2670,7 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl, size_t offset, size_t *olen, size_t pms_offset ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len_bytes = ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ? 0 : 2; unsigned char *p = ssl->handshake->premaster + pms_offset; mbedtls_pk_context * peer_pk; @@ -2789,7 +2806,7 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; const mbedtls_ecp_keypair *peer_key; mbedtls_pk_context * peer_pk; #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) @@ -2833,7 +2850,7 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; unsigned char *p = NULL, *end = NULL; @@ -3199,7 +3216,7 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char *buf; size_t n = 0; size_t cert_type_len = 0, dn_len = 0; @@ -3352,7 +3369,7 @@ exit: static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server hello done" ) ); if( ( ret = mbedtls_ssl_read_record( ssl, 1 ) ) != 0 ) { @@ -3383,7 +3400,7 @@ static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl ) static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t header_len; size_t content_len; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = @@ -3655,7 +3672,7 @@ static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl ) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) ); if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 ) { @@ -3829,7 +3846,7 @@ sign: #if defined(MBEDTLS_SSL_SESSION_TICKETS) static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; uint32_t lifetime; size_t ticket_len; unsigned char *ticket; diff --git a/third_party/mbedtls/ssl_cookie.c b/third_party/mbedtls/ssl_cookie.c index f129b4adf..4324a7c84 100644 --- a/third_party/mbedtls/ssl_cookie.c +++ b/third_party/mbedtls/ssl_cookie.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/error.h" #include "third_party/mbedtls/platform.h" @@ -87,7 +104,7 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char key[COOKIE_MD_OUTLEN]; if( ( ret = f_rng( p_rng, key, sizeof( key ) ) ) != 0 ) @@ -139,7 +156,7 @@ int mbedtls_ssl_cookie_write( void *p_ctx, unsigned char **p, unsigned char *end, const unsigned char *cli_id, size_t cli_id_len ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx; unsigned long t; diff --git a/third_party/mbedtls/ssl_invasive.h b/third_party/mbedtls/ssl_invasive.h index c74b9a7b2..01bbfbaa2 100644 --- a/third_party/mbedtls/ssl_invasive.h +++ b/third_party/mbedtls/ssl_invasive.h @@ -46,7 +46,8 @@ int mbedtls_ssl_cf_hmac(mbedtls_md_context_t *ctx, size_t min_data_len, size_t max_data_len, unsigned char *output); -/** \brief Copy data from a secret position with constant flow. +/** + * \brief Copy data from a secret position with constant flow. * * This function copies \p len bytes from \p src_base + \p offset_secret to \p * dst, with a code flow and memory access pattern that does not depend on \p diff --git a/third_party/mbedtls/ssl_msg.c b/third_party/mbedtls/ssl_msg.c index f2c3017b4..b9e1fcb1e 100644 --- a/third_party/mbedtls/ssl_msg.c +++ b/third_party/mbedtls/ssl_msg.c @@ -1,4 +1,23 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "libc/limits.h" +#include "libc/log/check.h" +#include "libc/log/log.h" #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/debug.h" #include "third_party/mbedtls/error.h" @@ -235,7 +254,7 @@ static int ssl_get_remaining_space_in_datagram( mbedtls_ssl_context const *ssl ) static int ssl_get_remaining_payload_in_datagram( mbedtls_ssl_context const *ssl ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t remaining, expansion; size_t max_len = MBEDTLS_SSL_OUT_CONTENT_LEN; @@ -400,7 +419,7 @@ static int ssl_build_inner_plaintext( unsigned char *content, if( remaining < pad ) return( -1 ); - memset( content + len, 0, pad ); + mbedtls_platform_zeroize( content + len, pad ); len += pad; remaining -= pad; @@ -588,7 +607,7 @@ static void ssl_build_record_nonce( unsigned char *dst_iv, size_t i; /* Start with Fixed IV || 0 */ - memset( dst_iv, 0, dst_iv_len ); + mbedtls_platform_zeroize( dst_iv, dst_iv_len ); memcpy( dst_iv, fixed_iv, fixed_iv_len ); dst_iv += dst_iv_len - dynamic_iv_len; @@ -793,7 +812,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) if( mode == MBEDTLS_MODE_STREAM ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t olen; MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", " "including %d bytes of padding", @@ -824,7 +843,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, mode == MBEDTLS_MODE_CCM || mode == MBEDTLS_MODE_CHACHAPOLY ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char iv[12]; unsigned char *dynamic_iv; size_t dynamic_iv_len; @@ -921,7 +940,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) if( mode == MBEDTLS_MODE_CBC ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t padlen, i; size_t olen; @@ -1088,7 +1107,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, * This function is implemented without using comparison operators, as those * might be translated to branches by some compilers on some platforms. */ -static size_t mbedtls_ssl_cf_mask_from_bit( size_t bit ) +static inline size_t mbedtls_ssl_cf_mask_from_bit( size_t bit ) { /* MSVC has a warning about unary minus on unsigned integer types, * but this is well-defined and precisely what we want to do here. */ @@ -1113,17 +1132,14 @@ static size_t mbedtls_ssl_cf_mask_from_bit( size_t bit ) * This function is implemented without using comparison operators, as those * might be translated to branches by some compilers on some platforms. */ -static size_t mbedtls_ssl_cf_mask_lt( size_t x, size_t y ) +static inline size_t mbedtls_ssl_cf_mask_lt( size_t x, size_t y ) { /* This has the most significant bit set if and only if x < y */ const size_t sub = x - y; - /* sub1 = (x < y) ? 1 : 0 */ const size_t sub1 = sub >> ( sizeof( sub ) * 8 - 1 ); - /* mask = (x < y) ? 0xff... : 0x00... */ const size_t mask = mbedtls_ssl_cf_mask_from_bit( sub1 ); - return( mask ); } @@ -1138,7 +1154,7 @@ static size_t mbedtls_ssl_cf_mask_lt( size_t x, size_t y ) * This function is implemented without using comparison operators, as those * might be translated to branches by some compilers on some platforms. */ -static size_t mbedtls_ssl_cf_mask_ge( size_t x, size_t y ) +static inline size_t mbedtls_ssl_cf_mask_ge( size_t x, size_t y ) { return( ~mbedtls_ssl_cf_mask_lt( x, y ) ); } @@ -1154,28 +1170,23 @@ static size_t mbedtls_ssl_cf_mask_ge( size_t x, size_t y ) * This function is implemented without using comparison operators, as those * might be translated to branches by some compilers on some platforms. */ -static size_t mbedtls_ssl_cf_bool_eq( size_t x, size_t y ) +static inline size_t mbedtls_ssl_cf_bool_eq( size_t x, size_t y ) { /* diff = 0 if x == y, non-zero otherwise */ const size_t diff = x ^ y; - /* MSVC has a warning about unary minus on unsigned integer types, * but this is well-defined and precisely what we want to do here. */ #if defined(_MSC_VER) #pragma warning( push ) #pragma warning( disable : 4146 ) #endif - /* diff_msb's most significant bit is equal to x != y */ const size_t diff_msb = ( diff | -diff ); - #if defined(_MSC_VER) #pragma warning( pop ) #endif - /* diff1 = (x != y) ? 1 : 0 */ const size_t diff1 = diff_msb >> ( sizeof( diff_msb ) * 8 - 1 ); - return( 1 ^ diff1 ); } @@ -1193,12 +1204,17 @@ static void mbedtls_ssl_cf_memcpy_if_eq( unsigned char *dst, size_t len, size_t c1, size_t c2 ) { - /* mask = c1 == c2 ? 0xff : 0x00 */ + size_t i; + uint64_t x, y; const size_t equal = mbedtls_ssl_cf_bool_eq( c1, c2 ); const unsigned char mask = (unsigned char) mbedtls_ssl_cf_mask_from_bit( equal ); - - /* dst[i] = c1 == c2 ? src[i] : dst[i] */ - for( size_t i = 0; i < len; i++ ) + for (i = 0; i + 8 <= len; i += 8) { + __builtin_memcpy( &x, dst + i, 8 ); + __builtin_memcpy( &y, src + i, 8 ); + x = ( x & ~-equal ) | ( y & -equal ); + __builtin_memcpy( dst + i, &x, 8 ); + } + for( ; i < len; i++ ) dst[i] = ( src[i] & mask ) | ( dst[i] & ~mask ); } @@ -1238,11 +1254,8 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_ssl_cf_hmac( const size_t hash_size = mbedtls_md_get_size( ctx->md_info ); unsigned char aux_out[MBEDTLS_MD_MAX_SIZE]; - mbedtls_md_context_t aux; size_t offset; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - mbedtls_md_init( &aux ); + int ret = MBEDTLS_ERR_THIS_CORRUPTION; #define MD_CHK( func_call ) \ do { \ @@ -1251,13 +1264,18 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_ssl_cf_hmac( goto cleanup; \ } while( 0 ) - MD_CHK( mbedtls_md_setup( &aux, ctx->md_info, 0 ) ); - /* After hmac_start() of hmac_reset(), ikey has already been hashed, * so we can start directly with the message */ MD_CHK( mbedtls_md_update( ctx, add_data, add_data_len ) ); MD_CHK( mbedtls_md_update( ctx, data, min_data_len ) ); +#if 1 + MD_CHK( mbedtls_md_update( ctx, data + min_data_len, data_len_secret - min_data_len ) ); + MD_CHK( mbedtls_md_finish( ctx, output ) ); +#else /* come on! */ + mbedtls_md_context_t aux; + mbedtls_md_init( &aux ); + MD_CHK( mbedtls_md_setup( &aux, ctx->md_info, 0 ) ); /* For each possible length, compute the hash up to that point */ for( offset = min_data_len; offset <= max_data_len; offset++ ) { @@ -1266,10 +1284,11 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_ssl_cf_hmac( /* Keep only the correct inner_hash in the output buffer */ mbedtls_ssl_cf_memcpy_if_eq( output, aux_out, hash_size, offset, data_len_secret ); - if( offset < max_data_len ) MD_CHK( mbedtls_md_update( ctx, data + offset, 1 ) ); } + mbedtls_md_free( &aux ); +#endif /* Now compute HASH(okey + inner_hash) */ MD_CHK( mbedtls_md_starts( ctx ) ); @@ -1283,7 +1302,6 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_ssl_cf_hmac( #undef MD_CHK cleanup: - mbedtls_md_free( &aux ); return( ret ); } @@ -1300,7 +1318,6 @@ MBEDTLS_STATIC_TESTABLE void mbedtls_ssl_cf_memcpy_offset( size_t len ) { size_t offset; - for( offset = offset_min; offset <= offset_max; offset++ ) { mbedtls_ssl_cf_memcpy_if_eq( dst, src_base + offset, len, @@ -1911,7 +1928,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, */ static int ssl_compress_buf( mbedtls_ssl_context *ssl ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char *msg_post = ssl->out_msg; ptrdiff_t bytes_written = ssl->out_msg - ssl->out_buf; size_t len_pre = ssl->out_msglen; @@ -1963,7 +1980,7 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl ) static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char *msg_post = ssl->in_msg; ptrdiff_t header_bytes = ssl->in_msg - ssl->in_buf; size_t len_pre = ssl->in_msglen; @@ -2031,7 +2048,7 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl ) */ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len; #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) size_t in_buf_len = ssl->in_buf_len; @@ -2252,7 +2269,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) */ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char *buf; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> flush output" ) ); @@ -2452,7 +2469,7 @@ int mbedtls_ssl_resend( mbedtls_ssl_context *ssl ) */ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> mbedtls_ssl_flight_transmit" ) ); if( ssl->handshake->retransmit_state != MBEDTLS_SSL_RETRANS_SENDING ) @@ -2689,7 +2706,7 @@ void mbedtls_ssl_send_flight_completed( mbedtls_ssl_context *ssl ) */ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; const size_t hs_len = ssl->out_msglen - 4; const unsigned char hs_type = ssl->out_msg[0]; @@ -2798,7 +2815,7 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl ) /* Handshake hashes are computed without fragmentation, * so set frag_offset = 0 and frag_len = hs_len for now */ - memset( ssl->out_msg + 6, 0x00, 3 ); + mbedtls_platform_zeroize( ssl->out_msg + 6, 3 ); memcpy( ssl->out_msg + 9, ssl->out_msg + 1, 3 ); } #endif /* MBEDTLS_SSL_PROTO_DTLS */ @@ -3179,7 +3196,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_PROTO_DTLS) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned int recv_msg_seq = ( ssl->in_msg[4] << 8 ) | ssl->in_msg[5]; if( ssl_check_hs_header( ssl ) != 0 ) @@ -3289,7 +3306,7 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ) } /* Create a fresh last entry */ - memset( hs_buf, 0, sizeof( mbedtls_ssl_hs_buffer ) ); + mbedtls_platform_zeroize( hs_buf, sizeof( mbedtls_ssl_hs_buffer ) ); } #endif } @@ -3323,7 +3340,7 @@ static inline uint64_t ssl_load_six_bytes( unsigned char *buf ) static int mbedtls_ssl_dtls_record_replay_check( mbedtls_ssl_context *ssl, uint8_t *record_in_ctr ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char *original_in_ctr; // save original in_ctr @@ -3547,7 +3564,7 @@ static int ssl_check_dtls_clihlo_cookie( */ static int ssl_handle_possible_reconnect( mbedtls_ssl_context *ssl ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len; if( ssl->conf->f_cookie_write == NULL || @@ -4054,7 +4071,7 @@ static int ssl_record_is_in_progress( mbedtls_ssl_context *ssl ); int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl, unsigned update_hs_digest ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> read record" ) ); @@ -4419,7 +4436,7 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl ) /* Prepare final header: copy msg_type, length and message_seq, * then add standardised fragment_offset and fragment_length */ memcpy( hs_buf->data, ssl->in_msg, 6 ); - memset( hs_buf->data + 6, 0, 3 ); + mbedtls_platform_zeroize( hs_buf->data + 6, 3 ); memcpy( hs_buf->data + 9, hs_buf->data + 1, 3 ); hs_buf->is_valid = 1; @@ -4717,7 +4734,7 @@ static int ssl_buffer_future_record( mbedtls_ssl_context *ssl, static int ssl_get_next_record( mbedtls_ssl_context *ssl ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_record rec; #if defined(MBEDTLS_SSL_PROTO_DTLS) @@ -4946,7 +4963,7 @@ static int ssl_get_next_record( mbedtls_ssl_context *ssl ) int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; /* * Handle particular types of records @@ -5106,7 +5123,7 @@ int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl, unsigned char level, unsigned char message ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; if( ssl == NULL || ssl->conf == NULL ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -5131,7 +5148,7 @@ int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl, int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write change cipher spec" ) ); @@ -5154,7 +5171,7 @@ int mbedtls_ssl_write_change_cipher_spec( mbedtls_ssl_context *ssl ) int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse change cipher spec" ) ); @@ -5201,7 +5218,7 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ) } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ - memset( ssl->in_ctr, 0, 8 ); + mbedtls_platform_zeroize( ssl->in_ctr, 8 ); mbedtls_ssl_update_in_pointers( ssl ); @@ -5616,7 +5633,7 @@ static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl ) */ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, void *buf, size_t len ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t n; if( ssl == NULL || ssl->conf == NULL ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -5968,7 +5985,7 @@ static int ssl_write_real( mbedtls_ssl_context *ssl, static int ssl_write_split( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; if( ssl->conf->cbc_record_splitting == MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED || len <= 1 || @@ -6053,7 +6070,7 @@ static int ssl_write_split( mbedtls_ssl_context *ssl, */ int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const void *buf, size_t len ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write" ) ); if( ssl == NULL || ssl->conf == NULL ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -6096,7 +6113,7 @@ int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const void *buf, size_t len ) */ int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; if( ssl == NULL || ssl->conf == NULL ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write close notify" ) ); @@ -6163,7 +6180,7 @@ static void ssl_buffering_free_slot( mbedtls_ssl_context *ssl, hs->buffering.total_bytes_buffered -= hs_buf->data_len; mbedtls_platform_zeroize( hs_buf->data, hs_buf->data_len ); mbedtls_free( hs_buf->data ); - memset( hs_buf, 0, sizeof( mbedtls_ssl_hs_buffer ) ); + mbedtls_platform_zeroize( hs_buf, sizeof( mbedtls_ssl_hs_buffer ) ); } } diff --git a/third_party/mbedtls/ssl_srv.c b/third_party/mbedtls/ssl_srv.c index 1f4d8db6a..f732f95ed 100644 --- a/third_party/mbedtls/ssl_srv.c +++ b/third_party/mbedtls/ssl_srv.c @@ -1,8 +1,27 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/log/log.h" #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/debug.h" #include "third_party/mbedtls/ecp.h" #include "third_party/mbedtls/error.h" #include "third_party/mbedtls/platform.h" +#include "third_party/mbedtls/profile.h" #include "third_party/mbedtls/ssl.h" #include "third_party/mbedtls/ssl_internal.h" @@ -114,7 +133,7 @@ static int ssl_parse_servername_ext( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t servername_list_size, hostname_len; const unsigned char *p; MBEDTLS_SSL_DEBUG_MSG( 3, ( "parse ServerName extension" ) ); @@ -445,7 +464,7 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) { @@ -612,7 +631,7 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_ssl_session session; mbedtls_ssl_session_init( &session ); @@ -1284,7 +1303,7 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl ) memcpy( ssl->session_negotiate->id, p, ssl->session_negotiate->id_len ); p += sess_len; - memset( ssl->handshake->randbytes, 0, 64 ); + mbedtls_platform_zeroize( ssl->handshake->randbytes, 64 ); memcpy( ssl->handshake->randbytes + 32 - chal_len, p, chal_len ); /* @@ -1736,8 +1755,8 @@ read_record_header: MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", buf + 35, sess_len ); ssl->session_negotiate->id_len = sess_len; - memset( ssl->session_negotiate->id, 0, - sizeof( ssl->session_negotiate->id ) ); + mbedtls_platform_zeroize( ssl->session_negotiate->id, + sizeof( ssl->session_negotiate->id ) ); memcpy( ssl->session_negotiate->id, buf + 35, ssl->session_negotiate->id_len ); @@ -2508,7 +2527,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char *p = buf; const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; size_t kkpp_len; @@ -2658,7 +2677,7 @@ static void ssl_write_use_srtp_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char *p = ssl->out_msg + 4; unsigned char *cookie_len_byte; @@ -2732,7 +2751,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_HAVE_TIME) mbedtls_time_t t; #endif - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t olen, ext_len = 0, n; unsigned char *buf, *p; @@ -2830,7 +2849,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) if( ssl->handshake->new_session_ticket != 0 ) { ssl->session_negotiate->id_len = n = 0; - memset( ssl->session_negotiate->id, 0, 32 ); + mbedtls_platform_zeroize( ssl->session_negotiate->id, 32 ); } else #endif /* MBEDTLS_SSL_SESSION_TICKETS */ @@ -3161,7 +3180,7 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl ) defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; if( ! mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECKEY ) ) { @@ -3237,7 +3256,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len = 0; ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx, @@ -3273,7 +3292,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) if( mbedtls_ssl_ciphersuite_uses_dhe( ciphersuite_info ) ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len = 0; if( ssl->conf->dhm_P.p == NULL || ssl->conf->dhm_G.p == NULL ) { @@ -3331,7 +3350,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, */ const mbedtls_ecp_curve_info **curve = NULL; const mbedtls_ecp_group_id *gid; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len = 0; /* Match our preference list against the offered curves */ for( gid = ssl->conf->curve_list; *gid != MBEDTLS_ECP_DP_NONE; gid++ ) @@ -3380,7 +3399,7 @@ curve_matching_done: size_t dig_signed_len = ssl->out_msg + ssl->out_msglen - dig_signed; size_t hashlen = 0; unsigned char hash[MBEDTLS_MD_MAX_SIZE]; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; /* * 2.1: Choose hash algorithm: * A: For TLS 1.2, obey signature-hash-algorithm extension @@ -3541,7 +3560,7 @@ curve_matching_done: * machine. */ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t signature_len = 0; #if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) const mbedtls_ssl_ciphersuite_t *ciphersuite_info = @@ -3626,7 +3645,7 @@ static int ssl_write_server_key_exchange( mbedtls_ssl_context *ssl ) static int ssl_write_server_hello_done( mbedtls_ssl_context *ssl ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server hello done" ) ); ssl->out_msglen = 4; ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; @@ -3715,7 +3734,7 @@ static int ssl_decrypt_encrypted_pms( mbedtls_ssl_context *ssl, size_t *peer_pmslen, size_t peer_pmssize ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_pk_context *private_key = mbedtls_ssl_own_key( ssl ); mbedtls_pk_context *public_key = &mbedtls_ssl_own_cert( ssl )->pk; size_t len = mbedtls_pk_get_len( public_key ); @@ -3798,7 +3817,7 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl, const unsigned char *end, size_t pms_offset ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char *pms = ssl->handshake->premaster + pms_offset; unsigned char ver[2]; unsigned char fake_pms[48], peer_pms[48]; @@ -3931,9 +3950,10 @@ static int ssl_parse_client_psk_identity( mbedtls_ssl_context *ssl, unsigned cha return( 0 ); } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ + static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; const mbedtls_ssl_ciphersuite_t *ciphersuite_info; unsigned char *p, *end; ciphersuite_info = ssl->handshake->ciphersuite_info; @@ -4004,8 +4024,8 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA || ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA ) { - if( ( ret = mbedtls_ecdh_read_public( &ssl->handshake->ecdh_ctx, - p, end - p) ) != 0 ) + if( ( ret = mbedtls_ecdh_read_public( &ssl->handshake->ecdh_ctx, + p, end - p) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_read_public", ret ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP ); @@ -4013,10 +4033,10 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_ECDH( 3, &ssl->handshake->ecdh_ctx, MBEDTLS_DEBUG_ECDH_QP ); if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, - &ssl->handshake->pmslen, - ssl->handshake->premaster, - MBEDTLS_MPI_MAX_SIZE, - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) + &ssl->handshake->pmslen, + ssl->handshake->premaster, + MBEDTLS_MPI_MAX_SIZE, + ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS ); @@ -4184,9 +4204,9 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) return( 0 ); } -#if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) { +#if !defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->handshake->ciphersuite_info; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) ); @@ -4198,10 +4218,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) } MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); -} #else /* !MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ -static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) -{ int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; size_t i, sig_len; unsigned char hash[48]; @@ -4363,13 +4380,13 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) mbedtls_ssl_update_handshake_status( ssl ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate verify" ) ); return( ret ); -} #endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ +} #if defined(MBEDTLS_SSL_SESSION_TICKETS) static int ssl_write_new_session_ticket( mbedtls_ssl_context *ssl ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t tlen; uint32_t lifetime; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write new session ticket" ) ); @@ -4452,6 +4469,7 @@ int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ) return( ret ); } #endif /* MBEDTLS_SSL_PROTO_DTLS */ + /* LOGF("handshake step %s", GetSslStateName(ssl->state)); */ switch( ssl->state ) { case MBEDTLS_SSL_HELLO_REQUEST: @@ -4509,7 +4527,7 @@ int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ) ret = mbedtls_ssl_parse_change_cipher_spec( ssl ); break; case MBEDTLS_SSL_CLIENT_FINISHED: - ret = mbedtls_ssl_parse_finished( ssl ); + ret = mbedtls_ssl_parse_finished( ssl ); break; /* * ==> ( NewSessionTicket ) diff --git a/third_party/mbedtls/ssl_ticket.c b/third_party/mbedtls/ssl_ticket.c index de870999c..964564f7e 100644 --- a/third_party/mbedtls/ssl_ticket.c +++ b/third_party/mbedtls/ssl_ticket.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/error.h" #include "third_party/mbedtls/platform.h" @@ -37,7 +54,7 @@ asm(".include \"libc/disclaimer.inc\""); */ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx ) { - memset( ctx, 0, sizeof( mbedtls_ssl_ticket_context ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ssl_ticket_context ) ); } #define MAX_KEY_BYTES 32 /* 256 bits */ @@ -61,7 +78,7 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx ) static int ssl_ticket_gen_key( mbedtls_ssl_ticket_context *ctx, unsigned char index ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char buf[MAX_KEY_BYTES]; mbedtls_ssl_ticket_key *key = ctx->keys + index; @@ -113,15 +130,34 @@ static int ssl_ticket_update_keys( mbedtls_ssl_ticket_context *ctx ) return( 0 ); } -/* - * Setup context for actual use +/** + * \brief Prepare context to be actually used + * + * \param ctx Context to be set up + * \param f_rng RNG callback function + * \param p_rng RNG callback context + * \param cipher AEAD cipher to use for ticket protection. + * Recommended value: MBEDTLS_CIPHER_AES_256_GCM. + * \param lifetime Tickets lifetime in seconds + * Recommended value: 86400 (one day). + * + * \note It is highly recommended to select a cipher that is at + * least as strong as the the strongest ciphersuite + * supported. Usually that means a 256-bit key. + * + * \note The lifetime of the keys is twice the lifetime of tickets. + * It is recommended to pick a reasonnable lifetime so as not + * to negate the benefits of forward secrecy. + * + * \return 0 if successful, + * or a specific MBEDTLS_ERR_XXX error code */ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_cipher_type_t cipher, uint32_t lifetime ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; const mbedtls_cipher_info_t *cipher_info; ctx->f_rng = f_rng; @@ -194,7 +230,7 @@ int mbedtls_ssl_ticket_write( void *p_ticket, size_t *tlen, uint32_t *ticket_lifetime ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_ssl_ticket_context *ctx = p_ticket; mbedtls_ssl_ticket_key *key; unsigned char *key_name = start; @@ -282,7 +318,7 @@ int mbedtls_ssl_ticket_parse( void *p_ticket, unsigned char *buf, size_t len ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_ssl_ticket_context *ctx = p_ticket; mbedtls_ssl_ticket_key *key; unsigned char *key_name = buf; diff --git a/third_party/mbedtls/ssl_ticket.h b/third_party/mbedtls/ssl_ticket.h index 320dc7f0c..59b24c06a 100644 --- a/third_party/mbedtls/ssl_ticket.h +++ b/third_party/mbedtls/ssl_ticket.h @@ -51,28 +51,6 @@ mbedtls_ssl_ticket_context; */ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx ); -/** - * \brief Prepare context to be actually used - * - * \param ctx Context to be set up - * \param f_rng RNG callback function - * \param p_rng RNG callback context - * \param cipher AEAD cipher to use for ticket protection. - * Recommended value: MBEDTLS_CIPHER_AES_256_GCM. - * \param lifetime Tickets lifetime in seconds - * Recommended value: 86400 (one day). - * - * \note It is highly recommended to select a cipher that is at - * least as strong as the the strongest ciphersuite - * supported. Usually that means a 256-bit key. - * - * \note The lifetime of the keys is twice the lifetime of tickets. - * It is recommended to pick a reasonnable lifetime so as not - * to negate the benefits of forward secrecy. - * - * \return 0 if successful, - * or a specific MBEDTLS_ERR_XXX error code - */ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_cipher_type_t cipher, diff --git a/third_party/mbedtls/ssl_tls.c b/third_party/mbedtls/ssl_tls.c index 128ad052b..9cbfae484 100644 --- a/third_party/mbedtls/ssl_tls.c +++ b/third_party/mbedtls/ssl_tls.c @@ -1,7 +1,26 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "libc/log/log.h" +#include "third_party/mbedtls/chk.h" #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/config.h" #include "third_party/mbedtls/debug.h" +#include "third_party/mbedtls/endian.h" #include "third_party/mbedtls/error.h" #include "third_party/mbedtls/oid.h" #include "third_party/mbedtls/platform.h" @@ -15,33 +34,17 @@ Mbed TLS (Apache 2.0)\\n\ Copyright ARM Limited\\n\ Copyright Mbed TLS Contributors\""); asm(".include \"libc/disclaimer.inc\""); - /* clang-format off */ -/* - * SSLv3/TLSv1 shared functions + +/** + * @fileoverview SSLv3/TLSv1 shared functions * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 + * The SSL 3.0 specification was drafted by Netscape in 1996, + * and became an IETF standard in 1999. * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * The SSL 3.0 specification was drafted by Netscape in 1996, - * and became an IETF standard in 1999. - * - * http://wp.netscape.com/eng/ssl3/ - * http://www.ietf.org/rfc/rfc2246.txt - * http://www.ietf.org/rfc/rfc4346.txt + * @see http://wp.netscape.com/eng/ssl3/ + * @see http://www.ietf.org/rfc/rfc2246.txt + * @see http://www.ietf.org/rfc/rfc4346.txt */ #if defined(MBEDTLS_SSL_TLS_C) @@ -322,7 +325,7 @@ int mbedtls_ssl_session_copy( mbedtls_ssl_session *dst, #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) if( src->peer_cert != NULL ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; dst->peer_cert = mbedtls_calloc( 1, sizeof(mbedtls_x509_crt) ); if( dst->peer_cert == NULL ) return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); @@ -460,7 +463,6 @@ static int ssl3_prf( const unsigned char *secret, size_t slen, mbedtls_sha1_context sha1; unsigned char padding[16]; unsigned char sha1sum[20]; - ((void)label); mbedtls_md5_init( &md5 ); mbedtls_sha1_init( &sha1 ); /* @@ -474,26 +476,17 @@ static int ssl3_prf( const unsigned char *secret, size_t slen, for( i = 0; i < dlen / 16; i++ ) { memset( padding, (unsigned char) ('A' + i), 1 + i ); - if( ( ret = mbedtls_sha1_starts_ret( &sha1 ) ) != 0 ) - goto exit; - if( ( ret = mbedtls_sha1_update_ret( &sha1, padding, 1 + i ) ) != 0 ) - goto exit; - if( ( ret = mbedtls_sha1_update_ret( &sha1, secret, slen ) ) != 0 ) - goto exit; - if( ( ret = mbedtls_sha1_update_ret( &sha1, random, rlen ) ) != 0 ) - goto exit; - if( ( ret = mbedtls_sha1_finish_ret( &sha1, sha1sum ) ) != 0 ) - goto exit; - if( ( ret = mbedtls_md5_starts_ret( &md5 ) ) != 0 ) - goto exit; - if( ( ret = mbedtls_md5_update_ret( &md5, secret, slen ) ) != 0 ) - goto exit; - if( ( ret = mbedtls_md5_update_ret( &md5, sha1sum, 20 ) ) != 0 ) - goto exit; - if( ( ret = mbedtls_md5_finish_ret( &md5, dstbuf + i * 16 ) ) != 0 ) - goto exit; + MBEDTLS_CHK( mbedtls_sha1_starts_ret( &sha1 ) ); + MBEDTLS_CHK( mbedtls_sha1_update_ret( &sha1, padding, 1 + i ) ); + MBEDTLS_CHK( mbedtls_sha1_update_ret( &sha1, secret, slen ) ); + MBEDTLS_CHK( mbedtls_sha1_update_ret( &sha1, random, rlen ) ); + MBEDTLS_CHK( mbedtls_sha1_finish_ret( &sha1, sha1sum ) ); + MBEDTLS_CHK( mbedtls_md5_starts_ret( &md5 ) ); + MBEDTLS_CHK( mbedtls_md5_update_ret( &md5, secret, slen ) ); + MBEDTLS_CHK( mbedtls_md5_update_ret( &md5, sha1sum, 20 ) ); + MBEDTLS_CHK( mbedtls_md5_finish_ret( &md5, dstbuf + i * 16 ) ); } -exit: +cleanup: mbedtls_md5_free( &md5 ); mbedtls_sha1_free( &sha1 ); mbedtls_platform_zeroize( padding, sizeof( padding ) ); @@ -516,11 +509,10 @@ static int tls1_prf( const unsigned char *secret, size_t slen, unsigned char h_i[20]; const mbedtls_md_info_t *md_info; mbedtls_md_context_t md_ctx; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_md_init( &md_ctx ); tmp_len = 20 + strlen( label ) + rlen; - tmp = mbedtls_calloc( 1, tmp_len ); - if( tmp == NULL ) + if( !( tmp = mbedtls_calloc( 1, tmp_len ) ) ) { ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto exit; @@ -535,7 +527,7 @@ static int tls1_prf( const unsigned char *secret, size_t slen, /* * First compute P_md5(secret,label+random)[0..dlen] */ - if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_MD5 ) ) == NULL ) + if( !( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_MD5 ) ) ) { ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; goto exit; @@ -563,7 +555,7 @@ static int tls1_prf( const unsigned char *secret, size_t slen, /* * XOR out with P_sha1(secret,label+random)[0..dlen] */ - if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL ) + if( !( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) ) { ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; goto exit; @@ -611,7 +603,7 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, unsigned char h_i[MBEDTLS_MD_MAX_SIZE]; const mbedtls_md_info_t *md_info; mbedtls_md_context_t md_ctx; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_md_init( &md_ctx ); @@ -1272,8 +1264,8 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, { MBEDTLS_SSL_DEBUG_MSG( 3, ( "Initializing zlib states" ) ); - memset( &transform->ctx_deflate, 0, sizeof( transform->ctx_deflate ) ); - memset( &transform->ctx_inflate, 0, sizeof( transform->ctx_inflate ) ); + mbedtls_platform_zeroize( &transform->ctx_deflate, sizeof( transform->ctx_deflate ) ); + mbedtls_platform_zeroize( &transform->ctx_inflate, sizeof( transform->ctx_inflate ) ); if( deflateInit( &transform->ctx_deflate, Z_DEFAULT_COMPRESSION ) != Z_OK || @@ -1373,7 +1365,7 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, unsigned char *master, const mbedtls_ssl_context *ssl ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; /* cf. RFC 5246, Section 8.1: * "The master secret is always exactly 48 bytes in length." */ @@ -1447,7 +1439,7 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; const mbedtls_ssl_ciphersuite_t * const ciphersuite_info = ssl->handshake->ciphersuite_info; @@ -1692,7 +1684,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch if( end < p || (size_t)( end - p ) < psk_len ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - memset( p, 0, psk_len ); + mbedtls_platform_zeroize( p, psk_len ); p += psk_len; } else @@ -1716,7 +1708,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) if( key_ex == MBEDTLS_KEY_EXCHANGE_DHE_PSK ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len; /* Write length only when we know the actual value */ @@ -1738,7 +1730,7 @@ int mbedtls_ssl_psk_derive_premaster( mbedtls_ssl_context *ssl, mbedtls_key_exch #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) if( key_ex == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t zlen; if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, &zlen, @@ -1995,7 +1987,7 @@ static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl, unsigned char *crt_buf, size_t crt_buf_len ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char const * const peer_cert_digest = ssl->session->peer_cert_digest; mbedtls_md_type_t const peer_cert_digest_type = @@ -2025,7 +2017,7 @@ static int ssl_check_peer_crt_unchanged( mbedtls_ssl_context *ssl, static int ssl_parse_certificate_chain( mbedtls_ssl_context *ssl, mbedtls_x509_crt *chain ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; #if defined(MBEDTLS_SSL_RENEGOTIATION) && defined(MBEDTLS_SSL_CLI_C) int crt_cnt=0; #endif @@ -2402,7 +2394,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl, static int ssl_remember_peer_crt_digest( mbedtls_ssl_context *ssl, unsigned char *start, size_t len ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; /* Remember digest of the peer's end-CRT. */ ssl->session_negotiate->peer_cert_digest = mbedtls_calloc( 1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN ); @@ -2430,7 +2422,7 @@ static int ssl_remember_peer_pubkey( mbedtls_ssl_context *ssl, unsigned char *start, size_t len ) { unsigned char *end = start + len; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; /* Make a copy of the peer's raw public key. */ mbedtls_pk_init( &ssl->handshake->peer_pubkey ); ret = mbedtls_pk_parse_subpubkey( &start, end, @@ -2875,6 +2867,7 @@ void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ) ssl->transform_negotiate = NULL; MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup: final free" ) ); } + void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) { int resume = ssl->handshake->resume; @@ -2978,7 +2971,7 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) ssl->handshake->alt_transform_out = ssl->transform_out; memcpy( ssl->handshake->alt_out_ctr, ssl->cur_out_ctr, 8 ); /* Set sequence_number to zero */ - memset( ssl->cur_out_ctr + 2, 0, 6 ); + mbedtls_platform_zeroize( ssl->cur_out_ctr + 2, 6 ); /* Increment epoch */ for( i = 2; i > 0; i-- ) if( ++ssl->cur_out_ctr[i - 1] != 0 ) @@ -2992,7 +2985,7 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) } else #endif /* MBEDTLS_SSL_PROTO_DTLS */ - memset( ssl->cur_out_ctr, 0, 8 ); + mbedtls_platform_zeroize( ssl->cur_out_ctr, 8 ); ssl->transform_out = ssl->transform_negotiate; ssl->session_out = ssl->session_negotiate; #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) @@ -3034,7 +3027,7 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl ) int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned int hash_len; unsigned char buf[SSL_MAX_HASH_LEN]; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse finished" ) ); @@ -3101,7 +3094,7 @@ int mbedtls_ssl_parse_finished( mbedtls_ssl_context *ssl ) static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) { - memset( handshake, 0, sizeof( mbedtls_ssl_handshake_params ) ); + mbedtls_platform_zeroize( handshake, sizeof( mbedtls_ssl_handshake_params ) ); #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) mbedtls_md5_init( &handshake->fin_md5 ); @@ -3151,7 +3144,7 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform ) { - memset( transform, 0, sizeof(mbedtls_ssl_transform) ); + mbedtls_platform_zeroize( transform, sizeof(mbedtls_ssl_transform) ); mbedtls_cipher_init( &transform->cipher_ctx_enc ); mbedtls_cipher_init( &transform->cipher_ctx_dec ); #if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) @@ -3167,7 +3160,7 @@ void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform ) */ void mbedtls_ssl_session_init( mbedtls_ssl_session *session ) { - memset( session, 0, sizeof(mbedtls_ssl_session) ); + mbedtls_platform_zeroize( session, sizeof(mbedtls_ssl_session) ); } static int ssl_handshake_init( mbedtls_ssl_context *ssl ) @@ -3268,7 +3261,7 @@ static int ssl_cookie_check_dummy( void *ctx, */ void mbedtls_ssl_init( mbedtls_ssl_context *ssl ) { - memset( ssl, 0, sizeof( mbedtls_ssl_context ) ); + mbedtls_platform_zeroize( ssl, sizeof( mbedtls_ssl_context ) ); } /** @@ -3294,7 +3287,7 @@ void mbedtls_ssl_init( mbedtls_ssl_context *ssl ) int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, const mbedtls_ssl_config *conf ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t in_buf_len = MBEDTLS_SSL_IN_BUFFER_LEN; size_t out_buf_len = MBEDTLS_SSL_OUT_BUFFER_LEN; ssl->conf = conf; @@ -3325,7 +3318,7 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl, } mbedtls_ssl_reset_in_out_pointers( ssl ); #if defined(MBEDTLS_SSL_DTLS_SRTP) - memset( &ssl->dtls_srtp_info, 0, sizeof(ssl->dtls_srtp_info) ); + mbedtls_platform_zeroize( &ssl->dtls_srtp_info, sizeof(ssl->dtls_srtp_info) ); #endif if( ( ret = ssl_handshake_init( ssl ) ) != 0 ) goto error; @@ -3362,7 +3355,7 @@ error: */ int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) size_t in_buf_len = ssl->in_buf_len; size_t out_buf_len = ssl->out_buf_len; @@ -3386,8 +3379,8 @@ int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) ssl->renego_records_seen = 0; ssl->verify_data_len = 0; - memset( ssl->own_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN ); - memset( ssl->peer_verify_data, 0, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN ); + mbedtls_platform_zeroize( ssl->own_verify_data, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN ); + mbedtls_platform_zeroize( ssl->peer_verify_data, MBEDTLS_SSL_VERIFY_DATA_MAX_LEN ); #endif ssl->secure_renegotiation = MBEDTLS_SSL_LEGACY_RENEGOTIATION; @@ -3417,7 +3410,7 @@ int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) ssl->split_done = 0; #endif - memset( ssl->cur_out_ctr, 0, sizeof( ssl->cur_out_ctr ) ); + mbedtls_platform_zeroize( ssl->cur_out_ctr, sizeof( ssl->cur_out_ctr ) ); ssl->transform_in = NULL; ssl->transform_out = NULL; @@ -3425,14 +3418,14 @@ int mbedtls_ssl_session_reset_int( mbedtls_ssl_context *ssl, int partial ) ssl->session_in = NULL; ssl->session_out = NULL; - memset( ssl->out_buf, 0, out_buf_len ); + mbedtls_platform_zeroize( ssl->out_buf, out_buf_len ); #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && defined(MBEDTLS_SSL_SRV_C) if( partial == 0 ) #endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE && MBEDTLS_SSL_SRV_C */ { ssl->in_left = 0; - memset( ssl->in_buf, 0, in_buf_len ); + mbedtls_platform_zeroize( ssl->in_buf, in_buf_len ); } #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) @@ -3959,7 +3952,7 @@ void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf, */ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; if( ssl == NULL || session == NULL || @@ -4426,7 +4419,7 @@ int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf, const unsigned char *psk_identity, size_t psk_identity_len ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; /* Remove opaque/raw PSK + PSK Identity */ ssl_conf_remove_psk( conf ); /* Check and set raw PSK */ @@ -4561,7 +4554,7 @@ int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf, const unsigned char *dhm_P, size_t P_len, const unsigned char *dhm_G, size_t G_len ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; if( ( ret = mbedtls_mpi_read_binary( &conf->dhm_P, dhm_P, P_len ) ) != 0 || ( ret = mbedtls_mpi_read_binary( &conf->dhm_G, dhm_G, G_len ) ) != 0 ) @@ -4585,7 +4578,7 @@ int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf, */ int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; if( ( ret = mbedtls_mpi_copy( &conf->dhm_P, &dhm_ctx->P ) ) != 0 || ( ret = mbedtls_mpi_copy( &conf->dhm_G, &dhm_ctx->G ) ) != 0 ) @@ -5930,9 +5923,6 @@ static int ssl_session_save( const mbedtls_ssl_session *session, { unsigned char *p = buf; size_t used = 0; -#if defined(MBEDTLS_HAVE_TIME) - uint64_t start; -#endif #if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) size_t cert_len; @@ -5957,17 +5947,7 @@ static int ssl_session_save( const mbedtls_ssl_session *session, #if defined(MBEDTLS_HAVE_TIME) used += 8; if( used <= buf_len ) - { - start = (uint64_t) session->start; - *p++ = (unsigned char)( ( start >> 56 ) & 0xFF ); - *p++ = (unsigned char)( ( start >> 48 ) & 0xFF ); - *p++ = (unsigned char)( ( start >> 40 ) & 0xFF ); - *p++ = (unsigned char)( ( start >> 32 ) & 0xFF ); - *p++ = (unsigned char)( ( start >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( start >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( start >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( start ) & 0xFF ); - } + p = Write64be(p, session->start); #endif /* MBEDTLS_HAVE_TIME */ /* * Basic mandatory fields @@ -6159,14 +6139,7 @@ static int ssl_session_load( mbedtls_ssl_session *session, if( 8 > (size_t)( end - p ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - start = ( (uint64_t) p[0] << 56 ) | - ( (uint64_t) p[1] << 48 ) | - ( (uint64_t) p[2] << 40 ) | - ( (uint64_t) p[3] << 32 ) | - ( (uint64_t) p[4] << 24 ) | - ( (uint64_t) p[5] << 16 ) | - ( (uint64_t) p[6] << 8 ) | - ( (uint64_t) p[7] ); + start = Read64be(p); p += 8; session->start = (time_t) start; @@ -6190,10 +6163,7 @@ static int ssl_session_load( mbedtls_ssl_session *session, memcpy( session->master, p, 48 ); p += 48; - session->verify_result = ( (uint32_t) p[0] << 24 ) | - ( (uint32_t) p[1] << 16 ) | - ( (uint32_t) p[2] << 8 ) | - ( (uint32_t) p[3] ); + session->verify_result = Read32be(p); p += 4; /* Immediately clear invalid pointer values that have been read, in case @@ -6223,7 +6193,7 @@ static int ssl_session_load( mbedtls_ssl_session *session, if( cert_len != 0 ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; if( cert_len > (size_t)( end - p ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -6304,10 +6274,7 @@ static int ssl_session_load( mbedtls_ssl_session *session, if( 4 > (size_t)( end - p ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - session->ticket_lifetime = ( (uint32_t) p[0] << 24 ) | - ( (uint32_t) p[1] << 16 ) | - ( (uint32_t) p[2] << 8 ) | - ( (uint32_t) p[3] ); + session->ticket_lifetime = Read32be(p); p += 4; #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ @@ -6498,7 +6465,7 @@ int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl ) */ static int ssl_write_hello_request( mbedtls_ssl_context *ssl ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write hello request" ) ); @@ -6529,7 +6496,7 @@ static int ssl_write_hello_request( mbedtls_ssl_context *ssl ) */ int mbedtls_ssl_start_renegotiation( mbedtls_ssl_context *ssl ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> renegotiate" ) ); @@ -6818,8 +6785,8 @@ static unsigned char ssl_serialized_context_header[] = { MBEDTLS_VERSION_MAJOR, MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_PATCH, - ( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG >> 8 ) & 0xFF, - ( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG >> 0 ) & 0xFF, + ( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG >> 8 ) & 0xFF, + ( SSL_SERIALIZED_SESSION_CONFIG_BITFLAG >> 0 ) & 0xFF, ( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG >> 16 ) & 0xFF, ( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG >> 8 ) & 0xFF, ( SSL_SERIALIZED_CONTEXT_CONFIG_BITFLAG >> 0 ) & 0xFF, @@ -6995,9 +6962,8 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, if( used <= buf_len ) { - memcpy( p, ssl_serialized_context_header, - sizeof( ssl_serialized_context_header ) ); - p += sizeof( ssl_serialized_context_header ); + p = mempcpy( p, ssl_serialized_context_header, + sizeof( ssl_serialized_context_header ) ); } /* @@ -7010,16 +6976,11 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, used += 4 + session_len; if( used <= buf_len ) { - *p++ = (unsigned char)( ( session_len >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( session_len >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( session_len >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( session_len ) & 0xFF ); - + p = Write32be(p, session_len); ret = ssl_session_save( ssl->session, 1, p, session_len, &session_len ); if( ret != 0 ) return( ret ); - p += session_len; } @@ -7055,10 +7016,7 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, used += 4; if( used <= buf_len ) { - *p++ = (unsigned char)( ( ssl->badmac_seen >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->badmac_seen >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->badmac_seen >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->badmac_seen ) & 0xFF ); + p = Write32be(p, ssl->badmac_seen); } #endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */ @@ -7066,23 +7024,8 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, used += 16; if( used <= buf_len ) { - *p++ = (unsigned char)( ( ssl->in_window_top >> 56 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window_top >> 48 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window_top >> 40 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window_top >> 32 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window_top >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window_top >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window_top >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window_top ) & 0xFF ); - - *p++ = (unsigned char)( ( ssl->in_window >> 56 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window >> 48 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window >> 40 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window >> 32 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window >> 24 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window >> 16 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( ssl->in_window ) & 0xFF ); + p = Write64be(p, ssl->in_window_top); + p = Write64be(p, ssl->in_window); } #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ @@ -7178,7 +7121,7 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, const unsigned char *p = buf; const unsigned char * const end = buf + len; size_t session_len; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; /* * The context should have been freshly setup or reset. @@ -7632,7 +7575,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) */ void mbedtls_ssl_config_init( mbedtls_ssl_config *conf ) { - memset( conf, 0, sizeof( mbedtls_ssl_config ) ); + mbedtls_platform_zeroize( conf, sizeof( mbedtls_ssl_config ) ); } #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) @@ -7692,7 +7635,7 @@ int mbedtls_ssl_config_defaults_impl( mbedtls_ssl_config *conf, int ssl_handshake_step(mbedtls_ssl_context *) ) { #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; #endif conf->f_step = ssl_handshake_step; /* Use the functions here so that they are covered in tests, diff --git a/third_party/mbedtls/ssl_tls13_keys.c b/third_party/mbedtls/ssl_tls13_keys.c index 330c690dd..ecd527dbd 100644 --- a/third_party/mbedtls/ssl_tls13_keys.c +++ b/third_party/mbedtls/ssl_tls13_keys.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/hkdf.h" #include "third_party/mbedtls/ssl_internal.h" diff --git a/third_party/mbedtls/test/lib.c b/third_party/mbedtls/test/lib.c index 0fd99448e..e0b7d2e19 100644 --- a/third_party/mbedtls/test/lib.c +++ b/third_party/mbedtls/test/lib.c @@ -15,17 +15,21 @@ * limitations under the License. */ #include "libc/assert.h" +#include "libc/bits/bits.h" #include "libc/calls/calls.h" #include "libc/fmt/conv.h" #include "libc/fmt/fmt.h" #include "libc/log/log.h" +#include "libc/mem/mem.h" #include "libc/rand/rand.h" #include "libc/runtime/internal.h" +#include "libc/stdio/append.internal.h" #include "libc/stdio/stdio.h" #include "libc/str/str.h" #include "libc/sysv/consts/exit.h" #include "third_party/mbedtls/config.h" #include "third_party/mbedtls/endian.h" +#include "third_party/mbedtls/error.h" #include "third_party/mbedtls/platform.h" #include "third_party/mbedtls/test/lib.h" @@ -49,14 +53,29 @@ typedef struct { static param_failed_ctx_t param_failed_ctx; #endif +struct Buffer { + size_t i, n; + char *p; +}; + +char *output; jmp_buf jmp_tmp; int option_verbose; -struct Buffer output; mbedtls_test_info_t mbedtls_test_info; +static uint64_t Rando(void) { + static uint64_t x = 0x18abac12f3191aed; + uint64_t z = (x += 0x9e3779b97f4a7c15); + z = (z ^ (z >> 30)) * 0xbf58476d1ce4e5b9; + z = (z ^ (z >> 27)) * 0x94d049bb133111eb; + return z ^ (z >> 31); +} + int mbedtls_test_platform_setup(void) { int ret = 0; showcrashreports(); + setvbuf(stdout, malloc(BUFSIZ), _IOLBF, BUFSIZ); + setvbuf(stderr, malloc(BUFSIZ), _IOLBF, BUFSIZ); #if defined(MBEDTLS_PLATFORM_C) ret = mbedtls_platform_setup(&platform_ctx); #endif /* MBEDTLS_PLATFORM_C */ @@ -70,36 +89,45 @@ void mbedtls_test_platform_teardown(void) { } wontreturn void exit(int rc) { - if (rc != EXIT_SUCCESS) { - fwrite(output.p, 1, output.i, stderr); - } + if (rc) fwrite(output, 1, appendz(output).i, stderr); __cxa_finalize(0); _Exit(rc); } -int AppendFmt(struct Buffer *b, const char *fmt, ...) { +char *GetTlsError(long r) { + char s[128]; + if (-0x10000 < r && r < 0) { + mbedtls_strerror(r, s, sizeof(s)); + return xasprintf("-0x%04lx %s", -r, s); + } else { + return xasprintf("%#lx", r); + } +} + +int mbedtls_hardware_poll(void *wut, unsigned char *p, size_t n, size_t *olen) { + uint64_t x; + size_t i, j; + unsigned char b[8]; + for (i = 0; i < n; ++i) { + x = Rando(); + WRITE64LE(b, x); + for (j = 0; j < 8 && i + j < n; ++j) { + p[i + j] = b[j]; + } + } + *olen = n; + return 0; +} + +int mbedtls_test_write(const char *fmt, ...) { char *p; int i, n; - va_list va, vb; + va_list va; va_start(va, fmt); if (option_verbose) { n = vfprintf(stderr, fmt, va); } else { - va_copy(vb, va); - n = vsnprintf(b->p + b->i, b->n - b->i, fmt, va); - if (n >= b->n - b->i) { - do { - if (b->n) { - b->n += b->n >> 1; - } else { - b->n = 16; - } - } while (b->i + n > b->n); - b->p = realloc(b->p, b->n); - vsnprintf(b->p + b->i, b->n - b->i, fmt, vb); - } - va_end(vb); - b->i += n; + n = vappendf(&output, fmt, va); } va_end(va); return n; @@ -264,14 +292,16 @@ void mbedtls_test_hexify(unsigned char *obuf, const unsigned char *ibuf, while (len != 0) { h = *ibuf / 16; l = *ibuf % 16; - if (h < 10) + if (h < 10) { *obuf++ = '0' + h; - else + } else { *obuf++ = 'a' + h - 10; - if (l < 10) + } + if (l < 10) { *obuf++ = '0' + l; - else + } else { *obuf++ = 'a' + l - 10; + } ++ibuf; len--; } @@ -1037,7 +1067,7 @@ int execute_tests(int argc, const char **argv, const char *default_filename) { if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_SUCCESS) { WRITE("PASS (%,ldus)\n", (int64_t)((t2 - t1) * 1e6)); } else if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_SKIPPED) { - WRITE("----\n"); + WRITE("----"); total_skipped++; } else { total_errors++; diff --git a/third_party/mbedtls/test/lib.h b/third_party/mbedtls/test/lib.h index f897b6da9..9edc2925d 100644 --- a/third_party/mbedtls/test/lib.h +++ b/third_party/mbedtls/test/lib.h @@ -1,5 +1,8 @@ #ifndef COSMOPOLITAN_THIRD_PARTY_MBEDTLS_TEST_LIB_H_ #define COSMOPOLITAN_THIRD_PARTY_MBEDTLS_TEST_LIB_H_ +#include "libc/runtime/gc.internal.h" +#include "libc/str/str.h" +#include "libc/x/x.h" #include "third_party/mbedtls/config.h" #include "third_party/mbedtls/platform.h" @@ -42,7 +45,7 @@ #if !(__ASSEMBLER__ + __LINKER__ + 0) COSMOPOLITAN_C_START_ -#define WRITE(...) AppendFmt(&output, __VA_ARGS__) +#define WRITE mbedtls_test_write #define TEST_ASSERT(TEST) \ do { \ @@ -52,7 +55,32 @@ COSMOPOLITAN_C_START_ } \ } while (0) -#define TEST_EQUAL(expr1, expr2) TEST_ASSERT((expr1) == (expr2)) +#define TEST_ASSERT_STREQ(A, B) \ + do { \ + const char *StrA = (A); \ + const char *StrB = (B); \ + if (strcmp(StrA, StrB)) { \ + mbedtls_test_fail( \ + xasprintf("!strcmp(%`'s,\n %`'s)", StrA, StrB), __LINE__, \ + __FILE__); \ + goto exit; \ + } \ + } while (0) + +#define TEST_EQUAL(A, B) \ + do { \ + long Ax = (long)(A); \ + long Bx = (long)(B); \ + if (Ax != Bx) { \ + mbedtls_test_fail(xasprintf("TEST_EQUAL(%s, %s)\n" \ + " Wanted: %,ld (-0x%04lx %s)\n" \ + " Got: %,ld (-0x%04lx %s)", \ + #A, #B, Ax, -Ax, GetTlsError(Ax), Bx, -Bx, \ + GetTlsError(Bx)), \ + __LINE__, __FILE__); \ + goto exit; \ + } \ + } while (0) #define ASSERT_ALLOC(pointer, length) \ do { \ @@ -189,13 +217,7 @@ typedef struct { uint32_t v0, v1; } mbedtls_test_rnd_pseudo_info; -struct Buffer { - size_t i, n; - char *p; -}; - extern jmp_buf jmp_tmp; -extern struct Buffer output; int mbedtls_test_platform_setup(void); void mbedtls_test_platform_teardown(void); @@ -218,12 +240,13 @@ int mbedtls_test_rnd_std_rand(void *, unsigned char *, size_t); int mbedtls_test_rnd_zero_rand(void *, unsigned char *, size_t); int mbedtls_test_rnd_buffer_rand(void *, unsigned char *, size_t); int mbedtls_test_rnd_pseudo_rand(void *, unsigned char *, size_t); +int mbedtls_test_write(const char *, ...); int execute_tests(int, const char **, const char *); int get_expression(int32_t, int32_t *); int dispatch_test(size_t, void **); int dep_check(int); int check_test(size_t); -int AppendFmt(struct Buffer *, const char *, ...); +char *GetTlsError(long); COSMOPOLITAN_C_END_ #endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */ diff --git a/third_party/mbedtls/test/test.mk b/third_party/mbedtls/test/test.mk index e33da40a1..51b64adc3 100644 --- a/third_party/mbedtls/test/test.mk +++ b/third_party/mbedtls/test/test.mk @@ -6,6 +6,7 @@ PKGS += THIRD_PARTY_MBEDTLS_TEST THIRD_PARTY_MBEDTLS_TEST_FILES := $(wildcard third_party/mbedtls/test/*) THIRD_PARTY_MBEDTLS_TEST_SRCS = $(filter %.c,$(THIRD_PARTY_MBEDTLS_TEST_FILES)) THIRD_PARTY_MBEDTLS_TEST_HDRS = $(filter %.h,$(THIRD_PARTY_MBEDTLS_TEST_FILES)) +THIRD_PARTY_MBEDTLS_TEST_INCS = $(filter %.inc,$(THIRD_PARTY_MBEDTLS_TEST_FILES)) THIRD_PARTY_MBEDTLS_TEST_OBJS = \ $(THIRD_PARTY_MBEDTLS_TEST_SRCS:%.c=o/$(MODE)/%.o) @@ -106,6 +107,7 @@ THIRD_PARTY_MBEDTLS_TEST_DIRECTDEPS = \ LIBC_TIME \ LIBC_TESTLIB \ LIBC_UNICODE \ + LIBC_X \ LIBC_ZIPOS \ THIRD_PARTY_COMPILER_RT \ THIRD_PARTY_GDTOA \ @@ -118,6 +120,8 @@ o/$(MODE)/third_party/mbedtls/test/test.pkg: \ $(THIRD_PARTY_MBEDTLS_TEST_OBJS) \ $(foreach x,$(THIRD_PARTY_MBEDTLS_TEST_DIRECTDEPS),$($(x)_A).pkg) +o/$(MODE)/third_party/mbedtls/test/lib.o: third_party/mbedtls/test/lib.c + o/$(MODE)/third_party/mbedtls/test/%.com.dbg: \ $(THIRD_PARTY_MBEDTLS_TEST_DEPS) \ o/$(MODE)/third_party/mbedtls/test/lib.o \ diff --git a/third_party/mbedtls/test/test_suite_cipher.aes.c b/third_party/mbedtls/test/test_suite_cipher.aes.c index 1a0f0a2c8..41d059e91 100644 --- a/third_party/mbedtls/test/test_suite_cipher.aes.c +++ b/third_party/mbedtls/test/test_suite_cipher.aes.c @@ -781,7 +781,7 @@ void test_enc_dec_buf( int cipher_id, char * cipher_string, int key_len, /* Check and get info structures */ cipher_info = mbedtls_cipher_info_from_type( cipher_id ); TEST_ASSERT( NULL != cipher_info ); - TEST_ASSERT( mbedtls_cipher_info_from_string( cipher_string ) == cipher_info ); + TEST_EQUAL( cipher_info, mbedtls_cipher_info_from_string( cipher_string ) ); /* Initialise enc and dec contexts */ TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) ); diff --git a/third_party/mbedtls/test/test_suite_cipher.des.c b/third_party/mbedtls/test/test_suite_cipher.des.c index 0e28241e8..4b0419ca2 100644 --- a/third_party/mbedtls/test/test_suite_cipher.des.c +++ b/third_party/mbedtls/test/test_suite_cipher.des.c @@ -692,8 +692,8 @@ void test_cipher_special_behaviours( ) size_t olen = 0; mbedtls_cipher_init( &ctx ); - memset( input, 0, sizeof( input ) ); - memset( output, 0, sizeof( output ) ); + mbedtls_platform_zeroize( input, sizeof( input ) ); + mbedtls_platform_zeroize( output, sizeof( output ) ); #if defined(MBEDTLS_CIPHER_MODE_CBC) memset( iv, 0, sizeof( iv ) ); diff --git a/third_party/mbedtls/test/test_suite_ecdh.c b/third_party/mbedtls/test/test_suite_ecdh.c index c7aa71d49..095d095ca 100644 --- a/third_party/mbedtls/test/test_suite_ecdh.c +++ b/third_party/mbedtls/test/test_suite_ecdh.c @@ -244,9 +244,9 @@ void test_ecdh_primitive_random( int id ) TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); - TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA, - &mbedtls_test_rnd_pseudo_rand, - &rnd_info ) == 0 ); + TEST_EQUAL( 0, mbedtls_ecdh_gen_public( &grp, &dA, &qA, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) ); TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); @@ -321,7 +321,7 @@ void test_ecdh_primitive_testvec( int id, data_t * rnd_buf_A, char * xA_str, TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA, mbedtls_test_rnd_buffer_rand, &rnd_info_A ) == 0 ); - TEST_ASSERT( ! mbedtls_ecp_is_zero( &qA ) ); + TEST_ASSERT( !mbedtls_ecp_is_zero( &qA ) ); TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, xA_str ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qA.X, &check ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, yA_str ) == 0 ); @@ -330,7 +330,7 @@ void test_ecdh_primitive_testvec( int id, data_t * rnd_buf_A, char * xA_str, TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB, mbedtls_test_rnd_buffer_rand, &rnd_info_B ) == 0 ); - TEST_ASSERT( ! mbedtls_ecp_is_zero( &qB ) ); + TEST_ASSERT( !mbedtls_ecp_is_zero( &qB ) ); TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, xB_str ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qB.X, &check ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, yB_str ) == 0 ); diff --git a/third_party/mbedtls/test/test_suite_ecp.c b/third_party/mbedtls/test/test_suite_ecp.c index 79b8a6530..b9b426d0c 100644 --- a/third_party/mbedtls/test/test_suite_ecp.c +++ b/third_party/mbedtls/test/test_suite_ecp.c @@ -15,6 +15,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ +#include "libc/log/log.h" #include "third_party/mbedtls/test/test.inc" /* * *** THIS FILE WAS MACHINE GENERATED *** @@ -428,23 +429,19 @@ void test_mbedtls_ecp_curve_info_wrapper( void ** params ) test_mbedtls_ecp_curve_info( *( (int *) params[0] ), *( (int *) params[1] ), *( (int *) params[2] ), (char *) params[3] ); } + void test_ecp_check_pub( int grp_id, char * x_hex, char * y_hex, char * z_hex, - int ret ) + int ret ) { mbedtls_ecp_group grp; mbedtls_ecp_point P; - mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &P ); - TEST_ASSERT( mbedtls_ecp_group_load( &grp, grp_id ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &P.X, 16, x_hex ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &P.Y, 16, y_hex ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &P.Z, 16, z_hex ) == 0 ); - TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &P ) == ret ); - exit: mbedtls_ecp_group_free( &grp ); mbedtls_ecp_point_free( &P ); @@ -457,9 +454,9 @@ void test_ecp_check_pub_wrapper( void ** params ) } #if defined(MBEDTLS_ECP_RESTARTABLE) void test_ecp_test_vect_restart( int id, - char *dA_str, char *xA_str, char *yA_str, - char *dB_str, char *xZ_str, char *yZ_str, - int max_ops, int min_restarts, int max_restarts ) + char *dA_str, char *xA_str, char *yA_str, + char *dB_str, char *xZ_str, char *yZ_str, + int max_ops, int min_restarts, int max_restarts ) { /* * Test for early restart. Based on test vectors like ecp_test_vect(), @@ -632,6 +629,7 @@ void test_ecp_muladd_restart_wrapper( void ** params ) test_ecp_muladd_restart( *( (int *) params[0] ), (char *) params[1], (char *) params[2], (char *) params[3], (char *) params[4], (char *) params[5], (char *) params[6], *( (int *) params[7] ), *( (int *) params[8] ), *( (int *) params[9] ) ); } #endif /* MBEDTLS_ECP_RESTARTABLE */ + void test_ecp_test_vect( int id, char * dA_str, char * xA_str, char * yA_str, char * dB_str, char * xB_str, char * yB_str, char * xZ_str, char * yZ_str ) @@ -867,7 +865,6 @@ exit: void test_ecp_fast_mod_wrapper( void ** params ) { - test_ecp_fast_mod( *( (int *) params[0] ), (char *) params[1] ); } void test_ecp_write_binary( int id, char * x, char * y, char * z, int format, @@ -930,10 +927,10 @@ void test_ecp_read_binary( int id, data_t * buf, char * x, char * y, char * z, TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.X, &X ) == 0 ); if( mbedtls_ecp_get_type( &grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY ) { - TEST_ASSERT( mbedtls_mpi_cmp_int( &Y, 0 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_is_zero( &Y ) ); TEST_ASSERT( P.Y.p == NULL ); - TEST_ASSERT( mbedtls_mpi_cmp_int( &Z, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_cmp_int( &P.Z, 1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_is_one( &Z ) ); + TEST_ASSERT( mbedtls_mpi_is_one( &P.Z ) ); } else { @@ -1132,9 +1129,10 @@ void test_mbedtls_ecp_check_privkey_wrapper( void ** params ) test_mbedtls_ecp_check_privkey( *( (int *) params[0] ), (char *) params[1], *( (int *) params[2] ) ); } + void test_mbedtls_ecp_check_pub_priv( int id_pub, char * Qx_pub, char * Qy_pub, - int id, char * d, char * Qx, char * Qy, - int ret ) + int id, char * d, char * Qx, char * Qy, + int ret ) { mbedtls_ecp_keypair pub, prv; @@ -1896,6 +1894,8 @@ int check_test( size_t func_idx ) int main( int argc, const char *argv[] ) { int ret; + /* ++ftrace; */ + /* ftrace_install(); */ mbedtls_test_platform_setup(); ret = execute_tests( argc, argv, "zip:third_party/mbedtls/test/test_suite_ecp.datax" ); mbedtls_test_platform_teardown(); diff --git a/third_party/mbedtls/test/test_suite_hkdf.c b/third_party/mbedtls/test/test_suite_hkdf.c index ed0450554..7d6fa20d9 100644 --- a/third_party/mbedtls/test/test_suite_hkdf.c +++ b/third_party/mbedtls/test/test_suite_hkdf.c @@ -39,7 +39,6 @@ #if defined(MBEDTLS_HKDF_C) #include "third_party/mbedtls/hkdf.h" -#include "third_party/mbedtls/md_internal.h" void test_test_hkdf( int md_alg, data_t *ikm, data_t *salt, data_t *info, data_t *expected_okm ) { diff --git a/third_party/mbedtls/test/test_suite_mpi.c b/third_party/mbedtls/test/test_suite_mpi.c index 66dbe9ca5..705799d1b 100644 --- a/third_party/mbedtls/test/test_suite_mpi.c +++ b/third_party/mbedtls/test/test_suite_mpi.c @@ -466,12 +466,12 @@ exit: void test_mbedtls_mpi_write_binary_wrapper( void ** params ) { data_t data2 = {(uint8_t *) params[2], *( (uint32_t *) params[3] )}; - test_mbedtls_mpi_write_binary( *( (int *) params[0] ), (char *) params[1], &data2, *( (int *) params[4] ), *( (int *) params[5] ) ); } + void test_mbedtls_mpi_write_binary_le( int radix_X, char * input_X, - data_t * input_A, int output_size, - int result ) + data_t * input_A, int output_size, + int result ) { mbedtls_mpi X; unsigned char buf[1000]; @@ -1115,6 +1115,7 @@ void test_mbedtls_mpi_sub_mpi_wrapper( void ** params ) test_mbedtls_mpi_sub_mpi( *( (int *) params[0] ), (char *) params[1], *( (int *) params[2] ), (char *) params[3], *( (int *) params[4] ), (char *) params[5] ); } + void test_mbedtls_mpi_sub_abs( int radix_X, char * input_X, int radix_Y, char * input_Y, int radix_A, char * input_A, int sub_result ) diff --git a/third_party/mbedtls/test/test_suite_ssl.c b/third_party/mbedtls/test/test_suite_ssl.c index 3d3618115..aa9fd2cd1 100644 --- a/third_party/mbedtls/test/test_suite_ssl.c +++ b/third_party/mbedtls/test/test_suite_ssl.c @@ -18,6 +18,9 @@ #include "third_party/mbedtls/test/test.inc" #include "third_party/mbedtls/ssl_invasive.h" #include "libc/testlib/testlib.h" +#include "libc/log/log.h" +#include "libc/rand/rand.h" +#include "libc/bits/safemacros.internal.h" #include "third_party/mbedtls/test/test.inc" /* * *** THIS FILE WAS MACHINE GENERATED *** @@ -1035,7 +1038,7 @@ int mbedtls_move_handshake_to_state( mbedtls_ssl_context *ssl, enum { BUFFSIZE = 1024 }; int max_steps = 1000; int ret = 0; - + if( ssl == NULL || second_ssl == NULL ) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; @@ -3358,8 +3361,7 @@ void test_ssl_crypt_record( int cipher_type, int hash_id, #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ /* Decrypt record with t_dec */ - ret = mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ); - TEST_ASSERT( ret == 0 ); + TEST_EQUAL( 0, mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) ); /* Compare results */ TEST_ASSERT( rec.type == rec_backup.type ); @@ -3525,7 +3527,7 @@ void test_ssl_crypt_record_small( int cipher_type, int hash_id, #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ /* Decrypt record with t_dec */ - TEST_ASSERT( mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) == 0 ); + TEST_EQUAL( 0, mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) ); /* Compare results */ TEST_ASSERT( rec.type == rec_backup.type ); @@ -3700,19 +3702,21 @@ void test_ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac, /* * Modify each byte of the pre-encryption record before encrypting and * decrypting it, expecting failure every time. + * + * We use RANDOMMNESS because this loop runs hundreds of times and this + * function runs hundreds of times. So it can very easily contribute to + * hundreds of milliseconds of latency, which we can't have in our pure + * testing infrastructure. */ - for( i = block_size; i < buflen; i++ ) + for( i = block_size; i < buflen; i += max( 1, rand64() & 31 ) ) { mbedtls_test_set_step( i ); - /* Restore correct pre-encryption record */ rec = rec_save; rec.buf = buf; memcpy( buf, buf_save, buflen ); - /* Corrupt one byte of the data (could be plaintext, MAC or padding) */ rec.buf[i] ^= 0x01; - /* Encrypt */ TEST_EQUAL( 0, mbedtls_cipher_crypt( &t0.cipher_ctx_enc, t0.iv_enc, t0.ivlen, @@ -3720,7 +3724,6 @@ void test_ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac, rec.buf + rec.data_offset, &olen ) ); rec.data_offset -= t0.ivlen; rec.data_len += t0.ivlen; - /* Decrypt and expect failure */ TEST_EQUAL( MBEDTLS_ERR_SSL_INVALID_MAC, mbedtls_ssl_decrypt_buf( &ssl, &t1, &rec ) ); @@ -3737,19 +3740,21 @@ void test_ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac, * * (Start the loop with correct padding, just to double-check that record * saving did work, and that we're overwriting the correct bytes.) + * + * We use RANDOMMNESS because this loop runs hundreds of times and this + * function runs hundreds of times. So it can very easily contribute to + * hundreds of milliseconds of latency, which we can't have in our pure + * testing infrastructure. */ - for( i = padlen; i <= pad_max_len; i++ ) + for( i = padlen; i <= pad_max_len; i += max( 1, rand64() & 31 ) ) { mbedtls_test_set_step( i ); - /* Restore correct pre-encryption record */ rec = rec_save; rec.buf = buf; memcpy( buf, buf_save, buflen ); - /* Set padding bytes to new value */ memset( buf + buflen - padlen - 1, i, padlen + 1 ); - /* Encrypt */ TEST_EQUAL( 0, mbedtls_cipher_crypt( &t0.cipher_ctx_enc, t0.iv_enc, t0.ivlen, @@ -3757,7 +3762,6 @@ void test_ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac, rec.buf + rec.data_offset, &olen ) ); rec.data_offset -= t0.ivlen; rec.data_len += t0.ivlen; - /* Decrypt and expect failure except the first time */ exp_ret = ( i == padlen ) ? 0 : MBEDTLS_ERR_SSL_INVALID_MAC; TEST_EQUAL( exp_ret, mbedtls_ssl_decrypt_buf( &ssl, &t1, &rec ) ); @@ -4696,7 +4700,7 @@ void test_handshake_fragmentation( int mfl, int expected_srv_hs_fragmentation, i options.dtls = 1; options.mfl = mfl; /* Set cipher to one using CBC so that record splitting can be tested */ - options.cipher = "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"; + options.cipher = "DHE-RSA-AES256-CBC-SHA256"; options.srv_auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED; options.srv_log_obj = &srv_pattern; options.cli_log_obj = &cli_pattern; diff --git a/third_party/mbedtls/test/test_suite_ssl.datax b/third_party/mbedtls/test/test_suite_ssl.datax index 027fc4185..a4fca9868 100644 --- a/third_party/mbedtls/test/test_suite_ssl.datax +++ b/third_party/mbedtls/test/test_suite_ssl.datax @@ -215,29 +215,29 @@ Handshake, tls1_2 depends_on:6 35:int:0:exp:24:exp:24:exp:24:exp:24:exp:24 -Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +Handshake, ECDHE-RSA-AES256-GCM-SHA384 depends_on:7:8:9:10:1:2:11 -37:char*:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":exp:25:int:0 +37:char*:"ECDHE-RSA-AES256-GCM-SHA384":exp:25:int:0 -Handshake, RSA-WITH-AES-128-CCM +Handshake, RSA-AES128-CCM depends_on:12:9:1:2 -37:char*:"TLS-RSA-WITH-AES-128-CCM":exp:25:int:0 +37:char*:"RSA-AES128-CCM":exp:25:int:0 -Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256 +Handshake, DHE-RSA-AES256-CBC-SHA256 depends_on:4:9:13:1:2:40 -37:char*:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":exp:25:int:0 +37:char*:"DHE-RSA-AES256-CBC-SHA256":exp:25:int:0 -Handshake, ECDHE-ECDSA-WITH-AES-256-CCM +Handshake, ECDHE-ECDSA-AES256-CCM depends_on:9:12:14:15:2 -37:char*:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":exp:26:int:0 +37:char*:"ECDHE-ECDSA-AES256-CCM":exp:26:int:0 -Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 +Handshake, ECDH-ECDSA-CAMELLIA-256-CBC-SHA384 depends_on:7:8:4:14:15:2:16 -37:char*:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":exp:26:int:0 +37:char*:"ECDH-ECDSA-CAMELLIA-256-CBC-SHA384":exp:26:int:0 -Handshake, PSK-WITH-AES-128-CBC-SHA +Handshake, PSK-AES128-CBC-SHA depends_on:9:4:1:2:41 -36:char*:"TLS-PSK-WITH-AES-128-CBC-SHA":exp:25:hex:"abc123":int:0 +36:char*:"PSK-AES128-CBC-SHA":exp:25:hex:"abc123":int:0 DTLS Handshake, tls1_1 depends_on:5:4:17 @@ -247,29 +247,29 @@ DTLS Handshake, tls1_2 depends_on:6:17 35:int:1:exp:24:exp:24:exp:24:exp:24:exp:24 -DTLS Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +DTLS Handshake, ECDHE-RSA-AES256-GCM-SHA384 depends_on:7:8:9:10:1:2:11:17 -37:char*:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":exp:25:int:1 +37:char*:"ECDHE-RSA-AES256-GCM-SHA384":exp:25:int:1 -DTLS Handshake, RSA-WITH-AES-128-CCM +DTLS Handshake, RSA-AES128-CCM depends_on:12:9:1:2:17 -37:char*:"TLS-RSA-WITH-AES-128-CCM":exp:25:int:1 +37:char*:"RSA-AES128-CCM":exp:25:int:1 -DTLS Handshake, DHE-RSA-WITH-AES-256-CBC-SHA256 +DTLS Handshake, DHE-RSA-AES256-CBC-SHA256 depends_on:4:9:13:1:2:17:40 -37:char*:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":exp:25:int:1 +37:char*:"DHE-RSA-AES256-CBC-SHA256":exp:25:int:1 -DTLS Handshake, ECDHE-ECDSA-WITH-AES-256-CCM +DTLS Handshake, ECDHE-ECDSA-AES256-CCM depends_on:9:12:14:15:2:17 -37:char*:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":exp:26:int:1 +37:char*:"ECDHE-ECDSA-AES256-CCM":exp:26:int:1 -DTLS Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 +DTLS Handshake, ECDH-ECDSA-CAMELLIA-256-CBC-SHA384 depends_on:7:8:4:14:15:2:16:17 -37:char*:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":exp:26:int:1 +37:char*:"ECDH-ECDSA-CAMELLIA-256-CBC-SHA384":exp:26:int:1 -DTLS Handshake, PSK-WITH-AES-128-CBC-SHA +DTLS Handshake, PSK-AES128-CBC-SHA depends_on:9:4:1:2:17:41 -36:char*:"TLS-PSK-WITH-AES-128-CBC-SHA":exp:25:hex:"abc123":int:1 +36:char*:"PSK-AES128-CBC-SHA":exp:25:hex:"abc123":int:1 DTLS Handshake with serialization, tls1_2 depends_on:1:2:17 @@ -448,149 +448,149 @@ DTLS legacy break handshake renegotiation with MFL=2048 DTLS legacy break handshake renegotiation with MFL=4096 46:exp:31:exp:35:char*:"" -DTLS no legacy renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +DTLS no legacy renegotiation with MFL=512, ECDHE-RSA-AES256-GCM-SHA384 depends_on:7:8:9:10:11 -46:exp:27:exp:33:char*:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" +46:exp:27:exp:33:char*:"ECDHE-RSA-AES256-GCM-SHA384" -DTLS no legacy renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +DTLS no legacy renegotiation with MFL=1024, ECDHE-RSA-AES256-GCM-SHA384 depends_on:7:8:9:10:11 -46:exp:28:exp:33:char*:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" +46:exp:28:exp:33:char*:"ECDHE-RSA-AES256-GCM-SHA384" -DTLS no legacy renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +DTLS no legacy renegotiation with MFL=2048, ECDHE-RSA-AES256-GCM-SHA384 depends_on:7:8:9:10:11 -46:exp:30:exp:33:char*:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" +46:exp:30:exp:33:char*:"ECDHE-RSA-AES256-GCM-SHA384" -DTLS no legacy renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +DTLS no legacy renegotiation with MFL=4096, ECDHE-RSA-AES256-GCM-SHA384 depends_on:7:8:9:10:11 -46:exp:31:exp:33:char*:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" +46:exp:31:exp:33:char*:"ECDHE-RSA-AES256-GCM-SHA384" -DTLS legacy allow renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +DTLS legacy allow renegotiation with MFL=512, ECDHE-RSA-AES256-GCM-SHA384 depends_on:7:8:9:10:11 -46:exp:27:exp:34:char*:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" +46:exp:27:exp:34:char*:"ECDHE-RSA-AES256-GCM-SHA384" -DTLS legacy allow renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +DTLS legacy allow renegotiation with MFL=1024, ECDHE-RSA-AES256-GCM-SHA384 depends_on:7:8:9:10:11 -46:exp:28:exp:34:char*:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" +46:exp:28:exp:34:char*:"ECDHE-RSA-AES256-GCM-SHA384" -DTLS legacy allow renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +DTLS legacy allow renegotiation with MFL=2048, ECDHE-RSA-AES256-GCM-SHA384 depends_on:7:8:9:10:11 -46:exp:30:exp:34:char*:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" +46:exp:30:exp:34:char*:"ECDHE-RSA-AES256-GCM-SHA384" -DTLS legacy allow renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +DTLS legacy allow renegotiation with MFL=4096, ECDHE-RSA-AES256-GCM-SHA384 depends_on:7:8:9:10:11 -46:exp:31:exp:34:char*:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" +46:exp:31:exp:34:char*:"ECDHE-RSA-AES256-GCM-SHA384" -DTLS legacy break handshake renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +DTLS legacy break handshake renegotiation with MFL=512, ECDHE-RSA-AES256-GCM-SHA384 depends_on:7:8:9:10:11 -46:exp:27:exp:35:char*:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" +46:exp:27:exp:35:char*:"ECDHE-RSA-AES256-GCM-SHA384" -DTLS legacy break handshake renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +DTLS legacy break handshake renegotiation with MFL=1024, ECDHE-RSA-AES256-GCM-SHA384 depends_on:7:8:9:10:11 -46:exp:28:exp:35:char*:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" +46:exp:28:exp:35:char*:"ECDHE-RSA-AES256-GCM-SHA384" -DTLS legacy break handshake renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +DTLS legacy break handshake renegotiation with MFL=2048, ECDHE-RSA-AES256-GCM-SHA384 depends_on:7:8:9:10:11 -46:exp:30:exp:35:char*:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" +46:exp:30:exp:35:char*:"ECDHE-RSA-AES256-GCM-SHA384" -DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384 +DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-RSA-AES256-GCM-SHA384 depends_on:7:8:9:10:11 -46:exp:31:exp:35:char*:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" +46:exp:31:exp:35:char*:"ECDHE-RSA-AES256-GCM-SHA384" -DTLS no legacy renegotiation with MFL=512, RSA-WITH-AES-128-CCM +DTLS no legacy renegotiation with MFL=512, RSA-AES128-CCM depends_on:12:9 -46:exp:27:exp:33:char*:"TLS-RSA-WITH-AES-128-CCM" +46:exp:27:exp:33:char*:"RSA-AES128-CCM" -DTLS no legacy renegotiation with MFL=1024, RSA-WITH-AES-128-CCM +DTLS no legacy renegotiation with MFL=1024, RSA-AES128-CCM depends_on:12:9 -46:exp:28:exp:33:char*:"TLS-RSA-WITH-AES-128-CCM" +46:exp:28:exp:33:char*:"RSA-AES128-CCM" -DTLS no legacy renegotiation with MFL=2048, RSA-WITH-AES-128-CCM +DTLS no legacy renegotiation with MFL=2048, RSA-AES128-CCM depends_on:12:9 -46:exp:30:exp:33:char*:"TLS-RSA-WITH-AES-128-CCM" +46:exp:30:exp:33:char*:"RSA-AES128-CCM" -DTLS no legacy renegotiation with MFL=4096, RSA-WITH-AES-128-CCM +DTLS no legacy renegotiation with MFL=4096, RSA-AES128-CCM depends_on:12:9 -46:exp:31:exp:33:char*:"TLS-RSA-WITH-AES-128-CCM" +46:exp:31:exp:33:char*:"RSA-AES128-CCM" -DTLS legacy allow renegotiation with MFL=512, RSA-WITH-AES-128-CCM +DTLS legacy allow renegotiation with MFL=512, RSA-AES128-CCM depends_on:12:9 -46:exp:27:exp:34:char*:"TLS-RSA-WITH-AES-128-CCM" +46:exp:27:exp:34:char*:"RSA-AES128-CCM" -DTLS legacy allow renegotiation with MFL=1024, RSA-WITH-AES-128-CCM +DTLS legacy allow renegotiation with MFL=1024, RSA-AES128-CCM depends_on:12:9 -46:exp:28:exp:34:char*:"TLS-RSA-WITH-AES-128-CCM" +46:exp:28:exp:34:char*:"RSA-AES128-CCM" -DTLS legacy allow renegotiation with MFL=2048, RSA-WITH-AES-128-CCM +DTLS legacy allow renegotiation with MFL=2048, RSA-AES128-CCM depends_on:12:9 -46:exp:30:exp:34:char*:"TLS-RSA-WITH-AES-128-CCM" +46:exp:30:exp:34:char*:"RSA-AES128-CCM" -DTLS legacy allow renegotiation with MFL=4096, RSA-WITH-AES-128-CCM +DTLS legacy allow renegotiation with MFL=4096, RSA-AES128-CCM depends_on:12:9 -46:exp:31:exp:34:char*:"TLS-RSA-WITH-AES-128-CCM" +46:exp:31:exp:34:char*:"RSA-AES128-CCM" -DTLS legacy break handshake renegotiation with MFL=512, RSA-WITH-AES-128-CCM +DTLS legacy break handshake renegotiation with MFL=512, RSA-AES128-CCM depends_on:12:9 -46:exp:27:exp:35:char*:"TLS-RSA-WITH-AES-128-CCM" +46:exp:27:exp:35:char*:"RSA-AES128-CCM" -DTLS legacy break handshake renegotiation with MFL=1024, RSA-WITH-AES-128-CCM +DTLS legacy break handshake renegotiation with MFL=1024, RSA-AES128-CCM depends_on:12:9 -46:exp:28:exp:35:char*:"TLS-RSA-WITH-AES-128-CCM" +46:exp:28:exp:35:char*:"RSA-AES128-CCM" -DTLS legacy break handshake renegotiation with MFL=2048, RSA-WITH-AES-128-CCM +DTLS legacy break handshake renegotiation with MFL=2048, RSA-AES128-CCM depends_on:12:9 -46:exp:30:exp:35:char*:"TLS-RSA-WITH-AES-128-CCM" +46:exp:30:exp:35:char*:"RSA-AES128-CCM" -DTLS legacy break handshake renegotiation with MFL=4096, RSA-WITH-AES-128-CCM +DTLS legacy break handshake renegotiation with MFL=4096, RSA-AES128-CCM depends_on:12:9 -46:exp:31:exp:35:char*:"TLS-RSA-WITH-AES-128-CCM" +46:exp:31:exp:35:char*:"RSA-AES128-CCM" -DTLS no legacy renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256 +DTLS no legacy renegotiation with MFL=512, DHE-RSA-AES256-CBC-SHA256 depends_on:4:9:13 -46:exp:27:exp:33:char*:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" +46:exp:27:exp:33:char*:"DHE-RSA-AES256-CBC-SHA256" -DTLS no legacy renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256 +DTLS no legacy renegotiation with MFL=1024, DHE-RSA-AES256-CBC-SHA256 depends_on:4:9:13 -46:exp:28:exp:33:char*:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" +46:exp:28:exp:33:char*:"DHE-RSA-AES256-CBC-SHA256" -DTLS no legacy renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256 +DTLS no legacy renegotiation with MFL=2048, DHE-RSA-AES256-CBC-SHA256 depends_on:4:9:13 -46:exp:30:exp:33:char*:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" +46:exp:30:exp:33:char*:"DHE-RSA-AES256-CBC-SHA256" -DTLS no legacy renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256 +DTLS no legacy renegotiation with MFL=4096, DHE-RSA-AES256-CBC-SHA256 depends_on:4:9:13 -46:exp:31:exp:33:char*:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" +46:exp:31:exp:33:char*:"DHE-RSA-AES256-CBC-SHA256" -DTLS legacy allow renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256 +DTLS legacy allow renegotiation with MFL=512, DHE-RSA-AES256-CBC-SHA256 depends_on:4:9:13 -46:exp:27:exp:34:char*:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" +46:exp:27:exp:34:char*:"DHE-RSA-AES256-CBC-SHA256" -DTLS legacy allow renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256 +DTLS legacy allow renegotiation with MFL=1024, DHE-RSA-AES256-CBC-SHA256 depends_on:4:9:13 -46:exp:28:exp:34:char*:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" +46:exp:28:exp:34:char*:"DHE-RSA-AES256-CBC-SHA256" -DTLS legacy allow renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256 +DTLS legacy allow renegotiation with MFL=2048, DHE-RSA-AES256-CBC-SHA256 depends_on:4:9:13 -46:exp:30:exp:34:char*:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" +46:exp:30:exp:34:char*:"DHE-RSA-AES256-CBC-SHA256" -DTLS legacy allow renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256 +DTLS legacy allow renegotiation with MFL=4096, DHE-RSA-AES256-CBC-SHA256 depends_on:4:9:13 -46:exp:31:exp:34:char*:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" +46:exp:31:exp:34:char*:"DHE-RSA-AES256-CBC-SHA256" -DTLS legacy break handshake renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256 +DTLS legacy break handshake renegotiation with MFL=512, DHE-RSA-AES256-CBC-SHA256 depends_on:4:9:13 -46:exp:27:exp:35:char*:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" +46:exp:27:exp:35:char*:"DHE-RSA-AES256-CBC-SHA256" -DTLS legacy break handshake renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256 +DTLS legacy break handshake renegotiation with MFL=1024, DHE-RSA-AES256-CBC-SHA256 depends_on:4:9:13 -46:exp:28:exp:35:char*:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" +46:exp:28:exp:35:char*:"DHE-RSA-AES256-CBC-SHA256" -DTLS legacy break handshake renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256 +DTLS legacy break handshake renegotiation with MFL=2048, DHE-RSA-AES256-CBC-SHA256 depends_on:4:9:13 -46:exp:30:exp:35:char*:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" +46:exp:30:exp:35:char*:"DHE-RSA-AES256-CBC-SHA256" -DTLS legacy break handshake renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256 +DTLS legacy break handshake renegotiation with MFL=4096, DHE-RSA-AES256-CBC-SHA256 depends_on:4:9:13 -46:exp:31:exp:35:char*:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" +46:exp:31:exp:35:char*:"DHE-RSA-AES256-CBC-SHA256" SSL DTLS replay: initial state, seqnum 0 18:hex:"":hex:"000000000000":int:0 @@ -664,355 +664,355 @@ SSL session serialization: Wrong patch version SSL session serialization: Wrong config 32:int:0:int:0:int:0:int:1 -Record crypt, AES-128-CBC, 1.2, SHA-384 +Record crypt, AES128-CBC, 1.2, SHA-384 depends_on:4:9:6:7:8 20:exp:37:exp:38:int:0:int:0:exp:24:int:0:int:0 -Record crypt, AES-128-CBC, 1.2, SHA-384, CID 4+4 +Record crypt, AES128-CBC, 1.2, SHA-384, CID 4+4 depends_on:19:4:9:6:7:8 20:exp:37:exp:38:int:0:int:0:exp:24:int:4:int:4 -Record crypt, AES-128-CBC, 1.2, SHA-384, CID 4+0 +Record crypt, AES128-CBC, 1.2, SHA-384, CID 4+0 depends_on:19:4:9:6:7:8 20:exp:37:exp:38:int:0:int:0:exp:24:int:4:int:0 -Record crypt, AES-128-CBC, 1.2, SHA-384, EtM +Record crypt, AES128-CBC, 1.2, SHA-384, EtM depends_on:4:9:6:7:8:20 20:exp:37:exp:38:int:1:int:0:exp:24:int:0:int:0 -Record crypt, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+4 +Record crypt, AES128-CBC, 1.2, SHA-384, EtM, CID 4+4 depends_on:19:4:9:6:7:8:20 20:exp:37:exp:38:int:1:int:0:exp:24:int:4:int:4 -Record crypt, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+0 +Record crypt, AES128-CBC, 1.2, SHA-384, EtM, CID 4+0 depends_on:19:4:9:6:7:8:20 20:exp:37:exp:38:int:1:int:0:exp:24:int:4:int:0 -Record crypt, AES-128-CBC, 1.2, SHA-384, short tag +Record crypt, AES128-CBC, 1.2, SHA-384, short tag depends_on:4:9:6:7:8 20:exp:37:exp:38:int:0:int:1:exp:24:int:0:int:0 -Record crypt, AES-128-CBC, 1.2, SHA-384, short tag, CID 4+4 +Record crypt, AES128-CBC, 1.2, SHA-384, short tag, CID 4+4 depends_on:19:4:9:6:7:8 20:exp:37:exp:38:int:0:int:1:exp:24:int:4:int:4 -Record crypt, AES-128-CBC, 1.2, SHA-384, short tag, CID 4+0 +Record crypt, AES128-CBC, 1.2, SHA-384, short tag, CID 4+0 depends_on:19:4:9:6:7:8 20:exp:37:exp:38:int:0:int:1:exp:24:int:4:int:0 -Record crypt, AES-128-CBC, 1.2, SHA-384, short tag, EtM +Record crypt, AES128-CBC, 1.2, SHA-384, short tag, EtM depends_on:4:9:6:7:8:20 20:exp:37:exp:38:int:1:int:1:exp:24:int:0:int:0 -Record crypt, AES-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4 +Record crypt, AES128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4 depends_on:19:4:9:6:7:8:20 20:exp:37:exp:38:int:1:int:1:exp:24:int:4:int:4 -Record crypt, AES-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0 +Record crypt, AES128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0 depends_on:19:4:9:6:7:8:20 20:exp:37:exp:38:int:1:int:1:exp:24:int:4:int:0 -Record crypt, AES-128-CBC, 1.2, SHA-256 +Record crypt, AES128-CBC, 1.2, SHA-256 depends_on:4:9:6:13 20:exp:37:exp:39:int:0:int:0:exp:24:int:0:int:0 -Record crypt, AES-128-CBC, 1.2, SHA-256, CID 4+4 +Record crypt, AES128-CBC, 1.2, SHA-256, CID 4+4 depends_on:19:4:9:6:13 20:exp:37:exp:39:int:0:int:0:exp:24:int:4:int:4 -Record crypt, AES-128-CBC, 1.2, SHA-256, CID 4+0 +Record crypt, AES128-CBC, 1.2, SHA-256, CID 4+0 depends_on:19:4:9:6:13 20:exp:37:exp:39:int:0:int:0:exp:24:int:4:int:0 -Record crypt, AES-128-CBC, 1.2, SHA-256, EtM +Record crypt, AES128-CBC, 1.2, SHA-256, EtM depends_on:4:9:6:13:20 20:exp:37:exp:39:int:1:int:0:exp:24:int:0:int:0 -Record crypt, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+4 +Record crypt, AES128-CBC, 1.2, SHA-256, EtM, CID 4+4 depends_on:19:4:9:6:13:20 20:exp:37:exp:39:int:1:int:0:exp:24:int:4:int:4 -Record crypt, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+0 +Record crypt, AES128-CBC, 1.2, SHA-256, EtM, CID 4+0 depends_on:19:4:9:6:13:20 20:exp:37:exp:39:int:1:int:0:exp:24:int:4:int:0 -Record crypt, AES-128-CBC, 1.2, SHA-256, short tag +Record crypt, AES128-CBC, 1.2, SHA-256, short tag depends_on:4:9:6:13 20:exp:37:exp:39:int:0:int:1:exp:24:int:0:int:0 -Record crypt, AES-128-CBC, 1.2, SHA-256, short tag, CID 4+4 +Record crypt, AES128-CBC, 1.2, SHA-256, short tag, CID 4+4 depends_on:19:4:9:6:13 20:exp:37:exp:39:int:0:int:1:exp:24:int:4:int:4 -Record crypt, AES-128-CBC, 1.2, SHA-256, short tag, CID 4+0 +Record crypt, AES128-CBC, 1.2, SHA-256, short tag, CID 4+0 depends_on:19:4:9:6:13 20:exp:37:exp:39:int:0:int:1:exp:24:int:4:int:0 -Record crypt, AES-128-CBC, 1.2, SHA-256, short tag, EtM +Record crypt, AES128-CBC, 1.2, SHA-256, short tag, EtM depends_on:4:9:6:13:20 20:exp:37:exp:39:int:1:int:1:exp:24:int:0:int:0 -Record crypt, AES-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4 +Record crypt, AES128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4 depends_on:19:4:9:6:13:20 20:exp:37:exp:39:int:1:int:1:exp:24:int:4:int:4 -Record crypt, AES-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0 +Record crypt, AES128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0 depends_on:19:4:9:6:13:20 20:exp:37:exp:39:int:1:int:1:exp:24:int:4:int:0 -Record crypt, AES-128-CBC, 1.2, SHA-1 +Record crypt, AES128-CBC, 1.2, SHA-1 depends_on:4:9:6:21 20:exp:37:exp:40:int:0:int:0:exp:24:int:0:int:0 -Record crypt, AES-128-CBC, 1.2, SHA-1, CID 4+4 +Record crypt, AES128-CBC, 1.2, SHA-1, CID 4+4 depends_on:19:4:9:6:21 20:exp:37:exp:40:int:0:int:0:exp:24:int:4:int:4 -Record crypt, AES-128-CBC, 1.2, SHA-1, CID 4+0 +Record crypt, AES128-CBC, 1.2, SHA-1, CID 4+0 depends_on:19:4:9:6:21 20:exp:37:exp:40:int:0:int:0:exp:24:int:4:int:0 -Record crypt, AES-128-CBC, 1.2, SHA-1, EtM +Record crypt, AES128-CBC, 1.2, SHA-1, EtM depends_on:4:9:6:21:20 20:exp:37:exp:40:int:1:int:0:exp:24:int:0:int:0 -Record crypt, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+4 +Record crypt, AES128-CBC, 1.2, SHA-1, EtM, CID 4+4 depends_on:19:4:9:6:21:20 20:exp:37:exp:40:int:1:int:0:exp:24:int:4:int:4 -Record crypt, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+0 +Record crypt, AES128-CBC, 1.2, SHA-1, EtM, CID 4+0 depends_on:19:4:9:6:21:20 20:exp:37:exp:40:int:1:int:0:exp:24:int:4:int:0 -Record crypt, AES-128-CBC, 1.2, SHA-1, short tag +Record crypt, AES128-CBC, 1.2, SHA-1, short tag depends_on:4:9:6:21 20:exp:37:exp:40:int:0:int:1:exp:24:int:0:int:0 -Record crypt, AES-128-CBC, 1.2, SHA-1, short tag, CID 4+4 +Record crypt, AES128-CBC, 1.2, SHA-1, short tag, CID 4+4 depends_on:19:4:9:6:21 20:exp:37:exp:40:int:0:int:1:exp:24:int:4:int:4 -Record crypt, AES-128-CBC, 1.2, SHA-1, short tag, CID 4+0 +Record crypt, AES128-CBC, 1.2, SHA-1, short tag, CID 4+0 depends_on:19:4:9:6:21 20:exp:37:exp:40:int:0:int:1:exp:24:int:4:int:0 -Record crypt, AES-128-CBC, 1.2, SHA-1, short tag, EtM +Record crypt, AES128-CBC, 1.2, SHA-1, short tag, EtM depends_on:4:9:6:21:20 20:exp:37:exp:40:int:1:int:1:exp:24:int:0:int:0 -Record crypt, AES-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4 +Record crypt, AES128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4 depends_on:19:4:9:6:21:20 20:exp:37:exp:40:int:1:int:1:exp:24:int:4:int:4 -Record crypt, AES-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0 +Record crypt, AES128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0 depends_on:19:4:9:6:21:20 20:exp:37:exp:40:int:1:int:1:exp:24:int:4:int:0 -Record crypt, AES-128-CBC, 1.2, MD5 +Record crypt, AES128-CBC, 1.2, MD5 depends_on:4:9:6:22 20:exp:37:exp:41:int:0:int:0:exp:24:int:0:int:0 -Record crypt, AES-128-CBC, 1.2, MD5, CID 4+4 +Record crypt, AES128-CBC, 1.2, MD5, CID 4+4 depends_on:19:4:9:6:22 20:exp:37:exp:41:int:0:int:0:exp:24:int:4:int:4 -Record crypt, AES-128-CBC, 1.2, MD5, CID 4+0 +Record crypt, AES128-CBC, 1.2, MD5, CID 4+0 depends_on:19:4:9:6:22 20:exp:37:exp:41:int:0:int:0:exp:24:int:4:int:0 -Record crypt, AES-128-CBC, 1.2, MD5, EtM +Record crypt, AES128-CBC, 1.2, MD5, EtM depends_on:4:9:6:22:20 20:exp:37:exp:41:int:1:int:0:exp:24:int:0:int:0 -Record crypt, AES-128-CBC, 1.2, MD5, EtM, CID 4+4 +Record crypt, AES128-CBC, 1.2, MD5, EtM, CID 4+4 depends_on:19:4:9:6:22:20 20:exp:37:exp:41:int:1:int:0:exp:24:int:4:int:4 -Record crypt, AES-128-CBC, 1.2, MD5, EtM, CID 4+0 +Record crypt, AES128-CBC, 1.2, MD5, EtM, CID 4+0 depends_on:19:4:9:6:22:20 20:exp:37:exp:41:int:1:int:0:exp:24:int:4:int:0 -Record crypt, AES-128-CBC, 1.2, MD5, short tag +Record crypt, AES128-CBC, 1.2, MD5, short tag depends_on:4:9:6:22 20:exp:37:exp:41:int:0:int:1:exp:24:int:0:int:0 -Record crypt, AES-128-CBC, 1.2, MD5, short tag, CID 4+4 +Record crypt, AES128-CBC, 1.2, MD5, short tag, CID 4+4 depends_on:19:4:9:6:22 20:exp:37:exp:41:int:0:int:1:exp:24:int:4:int:4 -Record crypt, AES-128-CBC, 1.2, MD5, short tag, CID 4+0 +Record crypt, AES128-CBC, 1.2, MD5, short tag, CID 4+0 depends_on:19:4:9:6:22 20:exp:37:exp:41:int:0:int:1:exp:24:int:4:int:0 -Record crypt, AES-128-CBC, 1.2, MD5, short tag, EtM +Record crypt, AES128-CBC, 1.2, MD5, short tag, EtM depends_on:4:9:6:22:20 20:exp:37:exp:41:int:1:int:1:exp:24:int:0:int:0 -Record crypt, AES-128-CBC, 1.2, MD5, short tag, EtM, CID 4+4 +Record crypt, AES128-CBC, 1.2, MD5, short tag, EtM, CID 4+4 depends_on:19:4:9:6:22:20 20:exp:37:exp:41:int:1:int:1:exp:24:int:4:int:4 -Record crypt, AES-128-CBC, 1.2, MD5, short tag, EtM, CID 4+0 +Record crypt, AES128-CBC, 1.2, MD5, short tag, EtM, CID 4+0 depends_on:19:4:9:6:22:20 20:exp:37:exp:41:int:1:int:1:exp:24:int:4:int:0 -Record crypt, AES-128-CBC, 1.1, SHA-384 +Record crypt, AES128-CBC, 1.1, SHA-384 depends_on:4:9:5:7:8 20:exp:37:exp:38:int:0:int:0:exp:23:int:0:int:0 -Record crypt, AES-128-CBC, 1.1, SHA-384, EtM +Record crypt, AES128-CBC, 1.1, SHA-384, EtM depends_on:4:9:5:7:8:20 20:exp:37:exp:38:int:1:int:0:exp:23:int:0:int:0 -Record crypt, AES-128-CBC, 1.1, SHA-384, short tag +Record crypt, AES128-CBC, 1.1, SHA-384, short tag depends_on:4:9:5:7:8 20:exp:37:exp:38:int:0:int:1:exp:23:int:0:int:0 -Record crypt, AES-128-CBC, 1.1, SHA-384, short tag, EtM +Record crypt, AES128-CBC, 1.1, SHA-384, short tag, EtM depends_on:4:9:5:7:8:20 20:exp:37:exp:38:int:1:int:1:exp:23:int:0:int:0 -Record crypt, AES-128-CBC, 1.1, SHA-256 +Record crypt, AES128-CBC, 1.1, SHA-256 depends_on:4:9:5:13 20:exp:37:exp:39:int:0:int:0:exp:23:int:0:int:0 -Record crypt, AES-128-CBC, 1.1, SHA-256, EtM +Record crypt, AES128-CBC, 1.1, SHA-256, EtM depends_on:4:9:5:13:20 20:exp:37:exp:39:int:1:int:0:exp:23:int:0:int:0 -Record crypt, AES-128-CBC, 1.1, SHA-256, short tag +Record crypt, AES128-CBC, 1.1, SHA-256, short tag depends_on:4:9:5:13 20:exp:37:exp:39:int:0:int:1:exp:23:int:0:int:0 -Record crypt, AES-128-CBC, 1.1, SHA-256, short tag, EtM +Record crypt, AES128-CBC, 1.1, SHA-256, short tag, EtM depends_on:4:9:5:13:20 20:exp:37:exp:39:int:1:int:1:exp:23:int:0:int:0 -Record crypt, AES-128-CBC, 1.1, SHA-1 +Record crypt, AES128-CBC, 1.1, SHA-1 depends_on:4:9:5:21 20:exp:37:exp:40:int:0:int:0:exp:23:int:0:int:0 -Record crypt, AES-128-CBC, 1.1, SHA-1, EtM +Record crypt, AES128-CBC, 1.1, SHA-1, EtM depends_on:4:9:5:21:20 20:exp:37:exp:40:int:1:int:0:exp:23:int:0:int:0 -Record crypt, AES-128-CBC, 1.1, SHA-1, short tag +Record crypt, AES128-CBC, 1.1, SHA-1, short tag depends_on:4:9:5:21 20:exp:37:exp:40:int:0:int:1:exp:23:int:0:int:0 -Record crypt, AES-128-CBC, 1.1, SHA-1, short tag, EtM +Record crypt, AES128-CBC, 1.1, SHA-1, short tag, EtM depends_on:4:9:5:21:20 20:exp:37:exp:40:int:1:int:1:exp:23:int:0:int:0 -Record crypt, AES-128-CBC, 1.1, MD5 +Record crypt, AES128-CBC, 1.1, MD5 depends_on:4:9:5:22 20:exp:37:exp:41:int:0:int:0:exp:23:int:0:int:0 -Record crypt, AES-128-CBC, 1.1, MD5, EtM +Record crypt, AES128-CBC, 1.1, MD5, EtM depends_on:4:9:5:22:20 20:exp:37:exp:41:int:1:int:0:exp:23:int:0:int:0 -Record crypt, AES-128-CBC, 1.1, MD5, short tag +Record crypt, AES128-CBC, 1.1, MD5, short tag depends_on:4:9:5:22 20:exp:37:exp:41:int:0:int:1:exp:23:int:0:int:0 -Record crypt, AES-128-CBC, 1.1, MD5, short tag, EtM +Record crypt, AES128-CBC, 1.1, MD5, short tag, EtM depends_on:4:9:5:22:20 20:exp:37:exp:41:int:1:int:1:exp:23:int:0:int:0 -Record crypt, AES-128-CBC, 1.0, SHA-384 +Record crypt, AES128-CBC, 1.0, SHA-384 depends_on:4:9:3:7:8 20:exp:37:exp:38:int:0:int:0:exp:22:int:0:int:0 -Record crypt, AES-128-CBC, 1.0, SHA-384, EtM +Record crypt, AES128-CBC, 1.0, SHA-384, EtM depends_on:4:9:3:7:8:20 20:exp:37:exp:38:int:1:int:0:exp:22:int:0:int:0 -Record crypt, AES-128-CBC, 1.0, SHA-384, short tag +Record crypt, AES128-CBC, 1.0, SHA-384, short tag depends_on:4:9:3:7:8 20:exp:37:exp:38:int:0:int:1:exp:22:int:0:int:0 -Record crypt, AES-128-CBC, 1.0, SHA-384, short tag, EtM +Record crypt, AES128-CBC, 1.0, SHA-384, short tag, EtM depends_on:4:9:3:7:8:20 20:exp:37:exp:38:int:1:int:1:exp:22:int:0:int:0 -Record crypt, AES-128-CBC, 1.0, SHA-256 +Record crypt, AES128-CBC, 1.0, SHA-256 depends_on:4:9:3:13 20:exp:37:exp:39:int:0:int:0:exp:22:int:0:int:0 -Record crypt, AES-128-CBC, 1.0, SHA-256, EtM +Record crypt, AES128-CBC, 1.0, SHA-256, EtM depends_on:4:9:3:13:20 20:exp:37:exp:39:int:1:int:0:exp:22:int:0:int:0 -Record crypt, AES-128-CBC, 1.0, SHA-256, short tag +Record crypt, AES128-CBC, 1.0, SHA-256, short tag depends_on:4:9:3:13 20:exp:37:exp:39:int:0:int:1:exp:22:int:0:int:0 -Record crypt, AES-128-CBC, 1.0, SHA-256, short tag, EtM +Record crypt, AES128-CBC, 1.0, SHA-256, short tag, EtM depends_on:4:9:3:13:20 20:exp:37:exp:39:int:1:int:1:exp:22:int:0:int:0 -Record crypt, AES-128-CBC, 1.0, SHA-1 +Record crypt, AES128-CBC, 1.0, SHA-1 depends_on:4:9:3:21 20:exp:37:exp:40:int:0:int:0:exp:22:int:0:int:0 -Record crypt, AES-128-CBC, 1.0, SHA-1, EtM +Record crypt, AES128-CBC, 1.0, SHA-1, EtM depends_on:4:9:3:21:20 20:exp:37:exp:40:int:1:int:0:exp:22:int:0:int:0 -Record crypt, AES-128-CBC, 1.0, SHA-1, short tag +Record crypt, AES128-CBC, 1.0, SHA-1, short tag depends_on:4:9:3:21 20:exp:37:exp:40:int:0:int:1:exp:22:int:0:int:0 -Record crypt, AES-128-CBC, 1.0, SHA-1, short tag, EtM +Record crypt, AES128-CBC, 1.0, SHA-1, short tag, EtM depends_on:4:9:3:21:20 20:exp:37:exp:40:int:1:int:1:exp:22:int:0:int:0 -Record crypt, AES-128-CBC, 1.0, MD5 +Record crypt, AES128-CBC, 1.0, MD5 depends_on:4:9:3:22 20:exp:37:exp:41:int:0:int:0:exp:22:int:0:int:0 -Record crypt, AES-128-CBC, 1.0, MD5, EtM +Record crypt, AES128-CBC, 1.0, MD5, EtM depends_on:4:9:3:22:20 20:exp:37:exp:41:int:1:int:0:exp:22:int:0:int:0 -Record crypt, AES-128-CBC, 1.0, MD5, short tag +Record crypt, AES128-CBC, 1.0, MD5, short tag depends_on:4:9:3:22 20:exp:37:exp:41:int:0:int:1:exp:22:int:0:int:0 -Record crypt, AES-128-CBC, 1.0, MD5, short tag, EtM +Record crypt, AES128-CBC, 1.0, MD5, short tag, EtM depends_on:4:9:3:22:20 20:exp:37:exp:41:int:1:int:1:exp:22:int:0:int:0 -Record crypt, AES-128-CBC, SSL3, SHA-1 +Record crypt, AES128-CBC, SSL3, SHA-1 depends_on:4:9:0:21 20:exp:37:exp:40:int:0:int:0:exp:21:int:0:int:0 -Record crypt, AES-128-CBC, SSL3, SHA-1, EtM +Record crypt, AES128-CBC, SSL3, SHA-1, EtM depends_on:4:9:0:21:20 20:exp:37:exp:40:int:1:int:0:exp:21:int:0:int:0 -Record crypt, AES-128-CBC, SSL3, SHA-1, short tag +Record crypt, AES128-CBC, SSL3, SHA-1, short tag depends_on:4:9:0:21 20:exp:37:exp:40:int:0:int:1:exp:21:int:0:int:0 -Record crypt, AES-128-CBC, SSL3, SHA-1, short tag, EtM +Record crypt, AES128-CBC, SSL3, SHA-1, short tag, EtM depends_on:4:9:0:21:20 20:exp:37:exp:40:int:1:int:1:exp:21:int:0:int:0 -Record crypt, AES-128-CBC, SSL3, MD5 +Record crypt, AES128-CBC, SSL3, MD5 depends_on:4:9:0:22 20:exp:37:exp:41:int:0:int:0:exp:21:int:0:int:0 -Record crypt, AES-128-CBC, SSL3, MD5, EtM +Record crypt, AES128-CBC, SSL3, MD5, EtM depends_on:4:9:0:22:20 20:exp:37:exp:41:int:1:int:0:exp:21:int:0:int:0 -Record crypt, AES-128-CBC, SSL3, MD5, short tag +Record crypt, AES128-CBC, SSL3, MD5, short tag depends_on:4:9:0:22 20:exp:37:exp:41:int:0:int:1:exp:21:int:0:int:0 -Record crypt, AES-128-CBC, SSL3, MD5, short tag, EtM +Record crypt, AES128-CBC, SSL3, MD5, short tag, EtM depends_on:4:9:0:22:20 20:exp:37:exp:41:int:1:int:1:exp:21:int:0:int:0 @@ -1368,355 +1368,355 @@ Record crypt, AES-192-CBC, SSL3, MD5, short tag, EtM depends_on:4:9:0:22:20 20:exp:42:exp:41:int:1:int:1:exp:21:int:0:int:0 -Record crypt, AES-256-CBC, 1.2, SHA-384 +Record crypt, AES256-CBC, 1.2, SHA-384 depends_on:4:9:6:7:8 20:exp:43:exp:38:int:0:int:0:exp:24:int:0:int:0 -Record crypt, AES-256-CBC, 1.2, SHA-384, CID 4+4 +Record crypt, AES256-CBC, 1.2, SHA-384, CID 4+4 depends_on:19:4:9:6:7:8 20:exp:43:exp:38:int:0:int:0:exp:24:int:4:int:4 -Record crypt, AES-256-CBC, 1.2, SHA-384, CID 4+0 +Record crypt, AES256-CBC, 1.2, SHA-384, CID 4+0 depends_on:19:4:9:6:7:8 20:exp:43:exp:38:int:0:int:0:exp:24:int:4:int:0 -Record crypt, AES-256-CBC, 1.2, SHA-384, EtM +Record crypt, AES256-CBC, 1.2, SHA-384, EtM depends_on:4:9:6:7:8:20 20:exp:43:exp:38:int:1:int:0:exp:24:int:0:int:0 -Record crypt, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+4 +Record crypt, AES256-CBC, 1.2, SHA-384, EtM, CID 4+4 depends_on:19:4:9:6:7:8:20 20:exp:43:exp:38:int:1:int:0:exp:24:int:4:int:4 -Record crypt, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+0 +Record crypt, AES256-CBC, 1.2, SHA-384, EtM, CID 4+0 depends_on:19:4:9:6:7:8:20 20:exp:43:exp:38:int:1:int:0:exp:24:int:4:int:0 -Record crypt, AES-256-CBC, 1.2, SHA-384, short tag +Record crypt, AES256-CBC, 1.2, SHA-384, short tag depends_on:4:9:6:7:8 20:exp:43:exp:38:int:0:int:1:exp:24:int:0:int:0 -Record crypt, AES-256-CBC, 1.2, SHA-384, short tag, CID 4+4 +Record crypt, AES256-CBC, 1.2, SHA-384, short tag, CID 4+4 depends_on:19:4:9:6:7:8 20:exp:43:exp:38:int:0:int:1:exp:24:int:4:int:4 -Record crypt, AES-256-CBC, 1.2, SHA-384, short tag, CID 4+0 +Record crypt, AES256-CBC, 1.2, SHA-384, short tag, CID 4+0 depends_on:19:4:9:6:7:8 20:exp:43:exp:38:int:0:int:1:exp:24:int:4:int:0 -Record crypt, AES-256-CBC, 1.2, SHA-384, short tag, EtM +Record crypt, AES256-CBC, 1.2, SHA-384, short tag, EtM depends_on:4:9:6:7:8:20 20:exp:43:exp:38:int:1:int:1:exp:24:int:0:int:0 -Record crypt, AES-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4 +Record crypt, AES256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4 depends_on:19:4:9:6:7:8:20 20:exp:43:exp:38:int:1:int:1:exp:24:int:4:int:4 -Record crypt, AES-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0 +Record crypt, AES256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0 depends_on:19:4:9:6:7:8:20 20:exp:43:exp:38:int:1:int:1:exp:24:int:4:int:0 -Record crypt, AES-256-CBC, 1.2, SHA-256 +Record crypt, AES256-CBC, 1.2, SHA-256 depends_on:4:9:6:13 20:exp:43:exp:39:int:0:int:0:exp:24:int:0:int:0 -Record crypt, AES-256-CBC, 1.2, SHA-256, CID 4+4 +Record crypt, AES256-CBC, 1.2, SHA-256, CID 4+4 depends_on:19:4:9:6:13 20:exp:43:exp:39:int:0:int:0:exp:24:int:4:int:4 -Record crypt, AES-256-CBC, 1.2, SHA-256, CID 4+0 +Record crypt, AES256-CBC, 1.2, SHA-256, CID 4+0 depends_on:19:4:9:6:13 20:exp:43:exp:39:int:0:int:0:exp:24:int:4:int:0 -Record crypt, AES-256-CBC, 1.2, SHA-256, EtM +Record crypt, AES256-CBC, 1.2, SHA-256, EtM depends_on:4:9:6:13:20 20:exp:43:exp:39:int:1:int:0:exp:24:int:0:int:0 -Record crypt, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+4 +Record crypt, AES256-CBC, 1.2, SHA-256, EtM, CID 4+4 depends_on:19:4:9:6:13:20 20:exp:43:exp:39:int:1:int:0:exp:24:int:4:int:4 -Record crypt, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+0 +Record crypt, AES256-CBC, 1.2, SHA-256, EtM, CID 4+0 depends_on:19:4:9:6:13:20 20:exp:43:exp:39:int:1:int:0:exp:24:int:4:int:0 -Record crypt, AES-256-CBC, 1.2, SHA-256, short tag +Record crypt, AES256-CBC, 1.2, SHA-256, short tag depends_on:4:9:6:13 20:exp:43:exp:39:int:0:int:1:exp:24:int:0:int:0 -Record crypt, AES-256-CBC, 1.2, SHA-256, short tag, CID 4+4 +Record crypt, AES256-CBC, 1.2, SHA-256, short tag, CID 4+4 depends_on:19:4:9:6:13 20:exp:43:exp:39:int:0:int:1:exp:24:int:4:int:4 -Record crypt, AES-256-CBC, 1.2, SHA-256, short tag, CID 4+0 +Record crypt, AES256-CBC, 1.2, SHA-256, short tag, CID 4+0 depends_on:19:4:9:6:13 20:exp:43:exp:39:int:0:int:1:exp:24:int:4:int:0 -Record crypt, AES-256-CBC, 1.2, SHA-256, short tag, EtM +Record crypt, AES256-CBC, 1.2, SHA-256, short tag, EtM depends_on:4:9:6:13:20 20:exp:43:exp:39:int:1:int:1:exp:24:int:0:int:0 -Record crypt, AES-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4 +Record crypt, AES256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4 depends_on:19:4:9:6:13:20 20:exp:43:exp:39:int:1:int:1:exp:24:int:4:int:4 -Record crypt, AES-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0 +Record crypt, AES256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0 depends_on:19:4:9:6:13:20 20:exp:43:exp:39:int:1:int:1:exp:24:int:4:int:0 -Record crypt, AES-256-CBC, 1.2, SHA-1 +Record crypt, AES256-CBC, 1.2, SHA-1 depends_on:4:9:6:21 20:exp:43:exp:40:int:0:int:0:exp:24:int:0:int:0 -Record crypt, AES-256-CBC, 1.2, SHA-1, CID 4+4 +Record crypt, AES256-CBC, 1.2, SHA-1, CID 4+4 depends_on:19:4:9:6:21 20:exp:43:exp:40:int:0:int:0:exp:24:int:4:int:4 -Record crypt, AES-256-CBC, 1.2, SHA-1, CID 4+0 +Record crypt, AES256-CBC, 1.2, SHA-1, CID 4+0 depends_on:19:4:9:6:21 20:exp:43:exp:40:int:0:int:0:exp:24:int:4:int:0 -Record crypt, AES-256-CBC, 1.2, SHA-1, EtM +Record crypt, AES256-CBC, 1.2, SHA-1, EtM depends_on:4:9:6:21:20 20:exp:43:exp:40:int:1:int:0:exp:24:int:0:int:0 -Record crypt, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+4 +Record crypt, AES256-CBC, 1.2, SHA-1, EtM, CID 4+4 depends_on:19:4:9:6:21:20 20:exp:43:exp:40:int:1:int:0:exp:24:int:4:int:4 -Record crypt, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+0 +Record crypt, AES256-CBC, 1.2, SHA-1, EtM, CID 4+0 depends_on:19:4:9:6:21:20 20:exp:43:exp:40:int:1:int:0:exp:24:int:4:int:0 -Record crypt, AES-256-CBC, 1.2, SHA-1, short tag +Record crypt, AES256-CBC, 1.2, SHA-1, short tag depends_on:4:9:6:21 20:exp:43:exp:40:int:0:int:1:exp:24:int:0:int:0 -Record crypt, AES-256-CBC, 1.2, SHA-1, short tag, CID 4+4 +Record crypt, AES256-CBC, 1.2, SHA-1, short tag, CID 4+4 depends_on:19:4:9:6:21 20:exp:43:exp:40:int:0:int:1:exp:24:int:4:int:4 -Record crypt, AES-256-CBC, 1.2, SHA-1, short tag, CID 4+0 +Record crypt, AES256-CBC, 1.2, SHA-1, short tag, CID 4+0 depends_on:19:4:9:6:21 20:exp:43:exp:40:int:0:int:1:exp:24:int:4:int:0 -Record crypt, AES-256-CBC, 1.2, SHA-1, short tag, EtM +Record crypt, AES256-CBC, 1.2, SHA-1, short tag, EtM depends_on:4:9:6:21:20 20:exp:43:exp:40:int:1:int:1:exp:24:int:0:int:0 -Record crypt, AES-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4 +Record crypt, AES256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4 depends_on:19:4:9:6:21:20 20:exp:43:exp:40:int:1:int:1:exp:24:int:4:int:4 -Record crypt, AES-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0 +Record crypt, AES256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0 depends_on:19:4:9:6:21:20 20:exp:43:exp:40:int:1:int:1:exp:24:int:4:int:0 -Record crypt, AES-256-CBC, 1.2, MD5 +Record crypt, AES256-CBC, 1.2, MD5 depends_on:4:9:6:22 20:exp:43:exp:41:int:0:int:0:exp:24:int:0:int:0 -Record crypt, AES-256-CBC, 1.2, MD5, CID 4+4 +Record crypt, AES256-CBC, 1.2, MD5, CID 4+4 depends_on:19:4:9:6:22 20:exp:43:exp:41:int:0:int:0:exp:24:int:4:int:4 -Record crypt, AES-256-CBC, 1.2, MD5, CID 4+0 +Record crypt, AES256-CBC, 1.2, MD5, CID 4+0 depends_on:19:4:9:6:22 20:exp:43:exp:41:int:0:int:0:exp:24:int:4:int:0 -Record crypt, AES-256-CBC, 1.2, MD5, EtM +Record crypt, AES256-CBC, 1.2, MD5, EtM depends_on:4:9:6:22:20 20:exp:43:exp:41:int:1:int:0:exp:24:int:0:int:0 -Record crypt, AES-256-CBC, 1.2, MD5, EtM, CID 4+4 +Record crypt, AES256-CBC, 1.2, MD5, EtM, CID 4+4 depends_on:19:4:9:6:22:20 20:exp:43:exp:41:int:1:int:0:exp:24:int:4:int:4 -Record crypt, AES-256-CBC, 1.2, MD5, EtM, CID 4+0 +Record crypt, AES256-CBC, 1.2, MD5, EtM, CID 4+0 depends_on:19:4:9:6:22:20 20:exp:43:exp:41:int:1:int:0:exp:24:int:4:int:0 -Record crypt, AES-256-CBC, 1.2, MD5, short tag +Record crypt, AES256-CBC, 1.2, MD5, short tag depends_on:4:9:6:22 20:exp:43:exp:41:int:0:int:1:exp:24:int:0:int:0 -Record crypt, AES-256-CBC, 1.2, MD5, short tag, CID 4+4 +Record crypt, AES256-CBC, 1.2, MD5, short tag, CID 4+4 depends_on:19:4:9:6:22 20:exp:43:exp:41:int:0:int:1:exp:24:int:4:int:4 -Record crypt, AES-256-CBC, 1.2, MD5, short tag, CID 4+0 +Record crypt, AES256-CBC, 1.2, MD5, short tag, CID 4+0 depends_on:19:4:9:6:22 20:exp:43:exp:41:int:0:int:1:exp:24:int:4:int:0 -Record crypt, AES-256-CBC, 1.2, MD5, short tag, EtM +Record crypt, AES256-CBC, 1.2, MD5, short tag, EtM depends_on:4:9:6:22:20 20:exp:43:exp:41:int:1:int:1:exp:24:int:0:int:0 -Record crypt, AES-256-CBC, 1.2, MD5, short tag, EtM, CID 4+4 +Record crypt, AES256-CBC, 1.2, MD5, short tag, EtM, CID 4+4 depends_on:19:4:9:6:22:20 20:exp:43:exp:41:int:1:int:1:exp:24:int:4:int:4 -Record crypt, AES-256-CBC, 1.2, MD5, short tag, EtM, CID 4+0 +Record crypt, AES256-CBC, 1.2, MD5, short tag, EtM, CID 4+0 depends_on:19:4:9:6:22:20 20:exp:43:exp:41:int:1:int:1:exp:24:int:4:int:0 -Record crypt, AES-256-CBC, 1.1, SHA-384 +Record crypt, AES256-CBC, 1.1, SHA-384 depends_on:4:9:5:7:8 20:exp:43:exp:38:int:0:int:0:exp:23:int:0:int:0 -Record crypt, AES-256-CBC, 1.1, SHA-384, EtM +Record crypt, AES256-CBC, 1.1, SHA-384, EtM depends_on:4:9:5:7:8:20 20:exp:43:exp:38:int:1:int:0:exp:23:int:0:int:0 -Record crypt, AES-256-CBC, 1.1, SHA-384, short tag +Record crypt, AES256-CBC, 1.1, SHA-384, short tag depends_on:4:9:5:7:8 20:exp:43:exp:38:int:0:int:1:exp:23:int:0:int:0 -Record crypt, AES-256-CBC, 1.1, SHA-384, short tag, EtM +Record crypt, AES256-CBC, 1.1, SHA-384, short tag, EtM depends_on:4:9:5:7:8:20 20:exp:43:exp:38:int:1:int:1:exp:23:int:0:int:0 -Record crypt, AES-256-CBC, 1.1, SHA-256 +Record crypt, AES256-CBC, 1.1, SHA-256 depends_on:4:9:5:13 20:exp:43:exp:39:int:0:int:0:exp:23:int:0:int:0 -Record crypt, AES-256-CBC, 1.1, SHA-256, EtM +Record crypt, AES256-CBC, 1.1, SHA-256, EtM depends_on:4:9:5:13:20 20:exp:43:exp:39:int:1:int:0:exp:23:int:0:int:0 -Record crypt, AES-256-CBC, 1.1, SHA-256, short tag +Record crypt, AES256-CBC, 1.1, SHA-256, short tag depends_on:4:9:5:13 20:exp:43:exp:39:int:0:int:1:exp:23:int:0:int:0 -Record crypt, AES-256-CBC, 1.1, SHA-256, short tag, EtM +Record crypt, AES256-CBC, 1.1, SHA-256, short tag, EtM depends_on:4:9:5:13:20 20:exp:43:exp:39:int:1:int:1:exp:23:int:0:int:0 -Record crypt, AES-256-CBC, 1.1, SHA-1 +Record crypt, AES256-CBC, 1.1, SHA-1 depends_on:4:9:5:21 20:exp:43:exp:40:int:0:int:0:exp:23:int:0:int:0 -Record crypt, AES-256-CBC, 1.1, SHA-1, EtM +Record crypt, AES256-CBC, 1.1, SHA-1, EtM depends_on:4:9:5:21:20 20:exp:43:exp:40:int:1:int:0:exp:23:int:0:int:0 -Record crypt, AES-256-CBC, 1.1, SHA-1, short tag +Record crypt, AES256-CBC, 1.1, SHA-1, short tag depends_on:4:9:5:21 20:exp:43:exp:40:int:0:int:1:exp:23:int:0:int:0 -Record crypt, AES-256-CBC, 1.1, SHA-1, short tag, EtM +Record crypt, AES256-CBC, 1.1, SHA-1, short tag, EtM depends_on:4:9:5:21:20 20:exp:43:exp:40:int:1:int:1:exp:23:int:0:int:0 -Record crypt, AES-256-CBC, 1.1, MD5 +Record crypt, AES256-CBC, 1.1, MD5 depends_on:4:9:5:22 20:exp:43:exp:41:int:0:int:0:exp:23:int:0:int:0 -Record crypt, AES-256-CBC, 1.1, MD5, EtM +Record crypt, AES256-CBC, 1.1, MD5, EtM depends_on:4:9:5:22:20 20:exp:43:exp:41:int:1:int:0:exp:23:int:0:int:0 -Record crypt, AES-256-CBC, 1.1, MD5, short tag +Record crypt, AES256-CBC, 1.1, MD5, short tag depends_on:4:9:5:22 20:exp:43:exp:41:int:0:int:1:exp:23:int:0:int:0 -Record crypt, AES-256-CBC, 1.1, MD5, short tag, EtM +Record crypt, AES256-CBC, 1.1, MD5, short tag, EtM depends_on:4:9:5:22:20 20:exp:43:exp:41:int:1:int:1:exp:23:int:0:int:0 -Record crypt, AES-256-CBC, 1.0, SHA-384 +Record crypt, AES256-CBC, 1.0, SHA-384 depends_on:4:9:3:7:8 20:exp:43:exp:38:int:0:int:0:exp:22:int:0:int:0 -Record crypt, AES-256-CBC, 1.0, SHA-384, EtM +Record crypt, AES256-CBC, 1.0, SHA-384, EtM depends_on:4:9:3:7:8:20 20:exp:43:exp:38:int:1:int:0:exp:22:int:0:int:0 -Record crypt, AES-256-CBC, 1.0, SHA-384, short tag +Record crypt, AES256-CBC, 1.0, SHA-384, short tag depends_on:4:9:3:7:8 20:exp:43:exp:38:int:0:int:1:exp:22:int:0:int:0 -Record crypt, AES-256-CBC, 1.0, SHA-384, short tag, EtM +Record crypt, AES256-CBC, 1.0, SHA-384, short tag, EtM depends_on:4:9:3:7:8:20 20:exp:43:exp:38:int:1:int:1:exp:22:int:0:int:0 -Record crypt, AES-256-CBC, 1.0, SHA-256 +Record crypt, AES256-CBC, 1.0, SHA-256 depends_on:4:9:3:13 20:exp:43:exp:39:int:0:int:0:exp:22:int:0:int:0 -Record crypt, AES-256-CBC, 1.0, SHA-256, EtM +Record crypt, AES256-CBC, 1.0, SHA-256, EtM depends_on:4:9:3:13:20 20:exp:43:exp:39:int:1:int:0:exp:22:int:0:int:0 -Record crypt, AES-256-CBC, 1.0, SHA-256, short tag +Record crypt, AES256-CBC, 1.0, SHA-256, short tag depends_on:4:9:3:13 20:exp:43:exp:39:int:0:int:1:exp:22:int:0:int:0 -Record crypt, AES-256-CBC, 1.0, SHA-256, short tag, EtM +Record crypt, AES256-CBC, 1.0, SHA-256, short tag, EtM depends_on:4:9:3:13:20 20:exp:43:exp:39:int:1:int:1:exp:22:int:0:int:0 -Record crypt, AES-256-CBC, 1.0, SHA-1 +Record crypt, AES256-CBC, 1.0, SHA-1 depends_on:4:9:3:21 20:exp:43:exp:40:int:0:int:0:exp:22:int:0:int:0 -Record crypt, AES-256-CBC, 1.0, SHA-1, EtM +Record crypt, AES256-CBC, 1.0, SHA-1, EtM depends_on:4:9:3:21:20 20:exp:43:exp:40:int:1:int:0:exp:22:int:0:int:0 -Record crypt, AES-256-CBC, 1.0, SHA-1, short tag +Record crypt, AES256-CBC, 1.0, SHA-1, short tag depends_on:4:9:3:21 20:exp:43:exp:40:int:0:int:1:exp:22:int:0:int:0 -Record crypt, AES-256-CBC, 1.0, SHA-1, short tag, EtM +Record crypt, AES256-CBC, 1.0, SHA-1, short tag, EtM depends_on:4:9:3:21:20 20:exp:43:exp:40:int:1:int:1:exp:22:int:0:int:0 -Record crypt, AES-256-CBC, 1.0, MD5 +Record crypt, AES256-CBC, 1.0, MD5 depends_on:4:9:3:22 20:exp:43:exp:41:int:0:int:0:exp:22:int:0:int:0 -Record crypt, AES-256-CBC, 1.0, MD5, EtM +Record crypt, AES256-CBC, 1.0, MD5, EtM depends_on:4:9:3:22:20 20:exp:43:exp:41:int:1:int:0:exp:22:int:0:int:0 -Record crypt, AES-256-CBC, 1.0, MD5, short tag +Record crypt, AES256-CBC, 1.0, MD5, short tag depends_on:4:9:3:22 20:exp:43:exp:41:int:0:int:1:exp:22:int:0:int:0 -Record crypt, AES-256-CBC, 1.0, MD5, short tag, EtM +Record crypt, AES256-CBC, 1.0, MD5, short tag, EtM depends_on:4:9:3:22:20 20:exp:43:exp:41:int:1:int:1:exp:22:int:0:int:0 -Record crypt, AES-256-CBC, SSL3, SHA-1 +Record crypt, AES256-CBC, SSL3, SHA-1 depends_on:4:9:0:21 20:exp:43:exp:40:int:0:int:0:exp:21:int:0:int:0 -Record crypt, AES-256-CBC, SSL3, SHA-1, EtM +Record crypt, AES256-CBC, SSL3, SHA-1, EtM depends_on:4:9:0:21:20 20:exp:43:exp:40:int:1:int:0:exp:21:int:0:int:0 -Record crypt, AES-256-CBC, SSL3, SHA-1, short tag +Record crypt, AES256-CBC, SSL3, SHA-1, short tag depends_on:4:9:0:21 20:exp:43:exp:40:int:0:int:1:exp:21:int:0:int:0 -Record crypt, AES-256-CBC, SSL3, SHA-1, short tag, EtM +Record crypt, AES256-CBC, SSL3, SHA-1, short tag, EtM depends_on:4:9:0:21:20 20:exp:43:exp:40:int:1:int:1:exp:21:int:0:int:0 -Record crypt, AES-256-CBC, SSL3, MD5 +Record crypt, AES256-CBC, SSL3, MD5 depends_on:4:9:0:22 20:exp:43:exp:41:int:0:int:0:exp:21:int:0:int:0 -Record crypt, AES-256-CBC, SSL3, MD5, EtM +Record crypt, AES256-CBC, SSL3, MD5, EtM depends_on:4:9:0:22:20 20:exp:43:exp:41:int:1:int:0:exp:21:int:0:int:0 -Record crypt, AES-256-CBC, SSL3, MD5, short tag +Record crypt, AES256-CBC, SSL3, MD5, short tag depends_on:4:9:0:22 20:exp:43:exp:41:int:0:int:1:exp:21:int:0:int:0 -Record crypt, AES-256-CBC, SSL3, MD5, short tag, EtM +Record crypt, AES256-CBC, SSL3, MD5, short tag, EtM depends_on:4:9:0:22:20 20:exp:43:exp:41:int:1:int:1:exp:21:int:0:int:0 @@ -4184,31 +4184,31 @@ Record crypt, BLOWFISH-CBC, SSL3, MD5, short tag, EtM depends_on:4:24:0:22:20 20:exp:50:exp:41:int:1:int:1:exp:21:int:0:int:0 -Record crypt, AES-128-GCM, 1.2 +Record crypt, AES128-GCM, 1.2 depends_on:9:6:10 20:exp:51:exp:41:int:0:int:0:exp:24:int:0:int:0 -Record crypt, AES-128-GCM, 1.3 +Record crypt, AES128-GCM, 1.3 depends_on:9:25:10 20:exp:51:exp:41:int:0:int:0:exp:52:int:0:int:0 -Record crypt, AES-128-GCM, 1.2, CID 4+4 +Record crypt, AES128-GCM, 1.2, CID 4+4 depends_on:19:9:6:10 20:exp:51:exp:41:int:0:int:0:exp:24:int:4:int:4 -Record crypt, AES-128-GCM, 1.2, CID 4+0 +Record crypt, AES128-GCM, 1.2, CID 4+0 depends_on:19:9:6:10 20:exp:51:exp:41:int:0:int:0:exp:24:int:4:int:0 -Record crypt, AES-128-GCM, 1.2, short tag +Record crypt, AES128-GCM, 1.2, short tag depends_on:9:6:10 20:exp:51:exp:41:int:0:int:1:exp:24:int:0:int:0 -Record crypt, AES-128-GCM, 1.2, short tag, CID 4+4 +Record crypt, AES128-GCM, 1.2, short tag, CID 4+4 depends_on:19:9:6:10 20:exp:51:exp:41:int:0:int:1:exp:24:int:4:int:4 -Record crypt, AES-128-GCM, 1.2, short tag, CID 4+0 +Record crypt, AES128-GCM, 1.2, short tag, CID 4+0 depends_on:19:9:6:10 20:exp:51:exp:41:int:0:int:1:exp:24:int:4:int:0 @@ -4240,31 +4240,31 @@ Record crypt, AES-192-GCM, 1.2, short tag, CID 4+0 depends_on:19:9:6:10 20:exp:53:exp:41:int:0:int:1:exp:24:int:4:int:0 -Record crypt, AES-256-GCM, 1.2 +Record crypt, AES256-GCM, 1.2 depends_on:9:6:10 20:exp:54:exp:41:int:0:int:0:exp:24:int:0:int:0 -Record crypt, AES-256-GCM, 1.3 +Record crypt, AES256-GCM, 1.3 depends_on:9:25:10 20:exp:54:exp:41:int:0:int:0:exp:52:int:0:int:0 -Record crypt, AES-256-GCM, 1.2, CID 4+4 +Record crypt, AES256-GCM, 1.2, CID 4+4 depends_on:19:9:6:10 20:exp:54:exp:41:int:0:int:0:exp:24:int:4:int:4 -Record crypt, AES-256-GCM, 1.2, CID 4+0 +Record crypt, AES256-GCM, 1.2, CID 4+0 depends_on:19:9:6:10 20:exp:54:exp:41:int:0:int:0:exp:24:int:4:int:0 -Record crypt, AES-256-GCM, 1.2, short tag +Record crypt, AES256-GCM, 1.2, short tag depends_on:9:6:10 20:exp:54:exp:41:int:0:int:1:exp:24:int:0:int:0 -Record crypt, AES-256-GCM, 1.2, short tag, CID 4+4 +Record crypt, AES256-GCM, 1.2, short tag, CID 4+4 depends_on:19:9:6:10 20:exp:54:exp:41:int:0:int:1:exp:24:int:4:int:4 -Record crypt, AES-256-GCM, 1.2, short tag, CID 4+0 +Record crypt, AES256-GCM, 1.2, short tag, CID 4+0 depends_on:19:9:6:10 20:exp:54:exp:41:int:0:int:1:exp:24:int:4:int:0 @@ -4340,31 +4340,31 @@ Record crypt, CAMELLIA-256-GCM, 1.2, short tag, CID 4+0 depends_on:19:16:6:10 20:exp:57:exp:41:int:0:int:1:exp:24:int:4:int:0 -Record crypt, AES-128-CCM, 1.2 +Record crypt, AES128-CCM, 1.2 depends_on:9:6:12 20:exp:58:exp:41:int:0:int:0:exp:24:int:0:int:0 -Record crypt, AES-128-CCM, 1.3 +Record crypt, AES128-CCM, 1.3 depends_on:9:25:12 20:exp:58:exp:41:int:0:int:0:exp:52:int:0:int:0 -Record crypt, AES-128-CCM, 1.2, CID 4+4 +Record crypt, AES128-CCM, 1.2, CID 4+4 depends_on:19:9:6:12 20:exp:58:exp:41:int:0:int:0:exp:24:int:4:int:4 -Record crypt, AES-128-CCM, 1.2, CID 4+0 +Record crypt, AES128-CCM, 1.2, CID 4+0 depends_on:19:9:6:12 20:exp:58:exp:41:int:0:int:0:exp:24:int:4:int:0 -Record crypt, AES-128-CCM, 1.2, short tag +Record crypt, AES128-CCM, 1.2, short tag depends_on:9:6:12 20:exp:58:exp:41:int:0:int:1:exp:24:int:0:int:0 -Record crypt, AES-128-CCM, 1.2, short tag, CID 4+4 +Record crypt, AES128-CCM, 1.2, short tag, CID 4+4 depends_on:19:9:6:12 20:exp:58:exp:41:int:0:int:1:exp:24:int:4:int:4 -Record crypt, AES-128-CCM, 1.2, short tag, CID 4+0 +Record crypt, AES128-CCM, 1.2, short tag, CID 4+0 depends_on:19:9:6:12 20:exp:58:exp:41:int:0:int:1:exp:24:int:4:int:0 @@ -4396,31 +4396,31 @@ Record crypt, AES-192-CCM, 1.2, short tag, CID 4+0 depends_on:19:9:6:12 20:exp:59:exp:41:int:0:int:1:exp:24:int:4:int:0 -Record crypt, AES-256-CCM, 1.2 +Record crypt, AES256-CCM, 1.2 depends_on:9:6:12 20:exp:60:exp:41:int:0:int:0:exp:24:int:0:int:0 -Record crypt, AES-256-CCM, 1.3 +Record crypt, AES256-CCM, 1.3 depends_on:9:25:12 20:exp:60:exp:41:int:0:int:0:exp:52:int:0:int:0 -Record crypt, AES-256-CCM, 1.2, CID 4+4 +Record crypt, AES256-CCM, 1.2, CID 4+4 depends_on:19:9:6:12 20:exp:60:exp:41:int:0:int:0:exp:24:int:4:int:4 -Record crypt, AES-256-CCM, 1.2, CID 4+0 +Record crypt, AES256-CCM, 1.2, CID 4+0 depends_on:19:9:6:12 20:exp:60:exp:41:int:0:int:0:exp:24:int:4:int:0 -Record crypt, AES-256-CCM, 1.2, short tag +Record crypt, AES256-CCM, 1.2, short tag depends_on:9:6:12 20:exp:60:exp:41:int:0:int:1:exp:24:int:0:int:0 -Record crypt, AES-256-CCM, 1.2, short tag, CID 4+4 +Record crypt, AES256-CCM, 1.2, short tag, CID 4+4 depends_on:19:9:6:12 20:exp:60:exp:41:int:0:int:1:exp:24:int:4:int:4 -Record crypt, AES-256-CCM, 1.2, short tag, CID 4+0 +Record crypt, AES256-CCM, 1.2, short tag, CID 4+0 depends_on:19:9:6:12 20:exp:60:exp:41:int:0:int:1:exp:24:int:4:int:0 @@ -5096,355 +5096,355 @@ Record crypt, little space, ChachaPoly, CID 4+0 depends_on:19:28:6 21:exp:66:exp:41:int:0:int:0:exp:24:int:4:int:0 -Record crypt, little space, AES-128-CBC, 1.2, SHA-384 +Record crypt, little space, AES128-CBC, 1.2, SHA-384 depends_on:4:9:6:7:8 21:exp:37:exp:38:int:0:int:0:exp:24:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.2, SHA-384, CID 4+4 +Record crypt, little space, AES128-CBC, 1.2, SHA-384, CID 4+4 depends_on:19:4:9:6:7:8 21:exp:37:exp:38:int:0:int:0:exp:24:int:4:int:4 -Record crypt, little space, AES-128-CBC, 1.2, SHA-384, CID 4+0 +Record crypt, little space, AES128-CBC, 1.2, SHA-384, CID 4+0 depends_on:19:4:9:6:7:8 21:exp:37:exp:38:int:0:int:0:exp:24:int:4:int:0 -Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM +Record crypt, little space, AES128-CBC, 1.2, SHA-384, EtM depends_on:4:9:6:7:8:20 21:exp:37:exp:38:int:1:int:0:exp:24:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+4 +Record crypt, little space, AES128-CBC, 1.2, SHA-384, EtM, CID 4+4 depends_on:19:4:9:6:7:8:20 21:exp:37:exp:38:int:1:int:0:exp:24:int:4:int:4 -Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+0 +Record crypt, little space, AES128-CBC, 1.2, SHA-384, EtM, CID 4+0 depends_on:19:4:9:6:7:8:20 21:exp:37:exp:38:int:1:int:0:exp:24:int:4:int:0 -Record crypt, little space, AES-128-CBC, 1.2, SHA-384, short tag +Record crypt, little space, AES128-CBC, 1.2, SHA-384, short tag depends_on:4:9:6:7:8 21:exp:37:exp:38:int:0:int:1:exp:24:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.2, SHA-384, short tag, CID 4+4 +Record crypt, little space, AES128-CBC, 1.2, SHA-384, short tag, CID 4+4 depends_on:19:4:9:6:7:8 21:exp:37:exp:38:int:0:int:1:exp:24:int:4:int:4 -Record crypt, little space, AES-128-CBC, 1.2, SHA-384, short tag, CID 4+0 +Record crypt, little space, AES128-CBC, 1.2, SHA-384, short tag, CID 4+0 depends_on:19:4:9:6:7:8 21:exp:37:exp:38:int:0:int:1:exp:24:int:4:int:0 -Record crypt, little space, AES-128-CBC, 1.2, SHA-384, short tag, EtM +Record crypt, little space, AES128-CBC, 1.2, SHA-384, short tag, EtM depends_on:4:9:6:7:8:20 21:exp:37:exp:38:int:1:int:1:exp:24:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4 +Record crypt, little space, AES128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4 depends_on:19:4:9:6:7:8:20 21:exp:37:exp:38:int:1:int:1:exp:24:int:4:int:4 -Record crypt, little space, AES-128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0 +Record crypt, little space, AES128-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0 depends_on:19:4:9:6:7:8:20 21:exp:37:exp:38:int:1:int:1:exp:24:int:4:int:0 -Record crypt, little space, AES-128-CBC, 1.2, SHA-256 +Record crypt, little space, AES128-CBC, 1.2, SHA-256 depends_on:4:9:6:13 21:exp:37:exp:39:int:0:int:0:exp:24:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.2, SHA-256, CID 4+4 +Record crypt, little space, AES128-CBC, 1.2, SHA-256, CID 4+4 depends_on:19:4:9:6:13 21:exp:37:exp:39:int:0:int:0:exp:24:int:4:int:4 -Record crypt, little space, AES-128-CBC, 1.2, SHA-256, CID 4+0 +Record crypt, little space, AES128-CBC, 1.2, SHA-256, CID 4+0 depends_on:19:4:9:6:13 21:exp:37:exp:39:int:0:int:0:exp:24:int:4:int:0 -Record crypt, little space, AES-128-CBC, 1.2, SHA-256, EtM +Record crypt, little space, AES128-CBC, 1.2, SHA-256, EtM depends_on:4:9:6:13:20 21:exp:37:exp:39:int:1:int:0:exp:24:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+4 +Record crypt, little space, AES128-CBC, 1.2, SHA-256, EtM, CID 4+4 depends_on:19:4:9:6:13:20 21:exp:37:exp:39:int:1:int:0:exp:24:int:4:int:4 -Record crypt, little space, AES-128-CBC, 1.2, SHA-256, EtM, CID 4+0 +Record crypt, little space, AES128-CBC, 1.2, SHA-256, EtM, CID 4+0 depends_on:19:4:9:6:13:20 21:exp:37:exp:39:int:1:int:0:exp:24:int:4:int:0 -Record crypt, little space, AES-128-CBC, 1.2, SHA-256, short tag +Record crypt, little space, AES128-CBC, 1.2, SHA-256, short tag depends_on:4:9:6:13 21:exp:37:exp:39:int:0:int:1:exp:24:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.2, SHA-256, short tag, CID 4+4 +Record crypt, little space, AES128-CBC, 1.2, SHA-256, short tag, CID 4+4 depends_on:19:4:9:6:13 21:exp:37:exp:39:int:0:int:1:exp:24:int:4:int:4 -Record crypt, little space, AES-128-CBC, 1.2, SHA-256, short tag, CID 4+0 +Record crypt, little space, AES128-CBC, 1.2, SHA-256, short tag, CID 4+0 depends_on:19:4:9:6:13 21:exp:37:exp:39:int:0:int:1:exp:24:int:4:int:0 -Record crypt, little space, AES-128-CBC, 1.2, SHA-256, short tag, EtM +Record crypt, little space, AES128-CBC, 1.2, SHA-256, short tag, EtM depends_on:4:9:6:13:20 21:exp:37:exp:39:int:1:int:1:exp:24:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4 +Record crypt, little space, AES128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4 depends_on:19:4:9:6:13:20 21:exp:37:exp:39:int:1:int:1:exp:24:int:4:int:4 -Record crypt, little space, AES-128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0 +Record crypt, little space, AES128-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0 depends_on:19:4:9:6:13:20 21:exp:37:exp:39:int:1:int:1:exp:24:int:4:int:0 -Record crypt, little space, AES-128-CBC, 1.2, SHA-1 +Record crypt, little space, AES128-CBC, 1.2, SHA-1 depends_on:4:9:6:21 21:exp:37:exp:40:int:0:int:0:exp:24:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.2, SHA-1, CID 4+4 +Record crypt, little space, AES128-CBC, 1.2, SHA-1, CID 4+4 depends_on:19:4:9:6:21 21:exp:37:exp:40:int:0:int:0:exp:24:int:4:int:4 -Record crypt, little space, AES-128-CBC, 1.2, SHA-1, CID 4+0 +Record crypt, little space, AES128-CBC, 1.2, SHA-1, CID 4+0 depends_on:19:4:9:6:21 21:exp:37:exp:40:int:0:int:0:exp:24:int:4:int:0 -Record crypt, little space, AES-128-CBC, 1.2, SHA-1, EtM +Record crypt, little space, AES128-CBC, 1.2, SHA-1, EtM depends_on:4:9:6:21:20 21:exp:37:exp:40:int:1:int:0:exp:24:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+4 +Record crypt, little space, AES128-CBC, 1.2, SHA-1, EtM, CID 4+4 depends_on:19:4:9:6:21:20 21:exp:37:exp:40:int:1:int:0:exp:24:int:4:int:4 -Record crypt, little space, AES-128-CBC, 1.2, SHA-1, EtM, CID 4+0 +Record crypt, little space, AES128-CBC, 1.2, SHA-1, EtM, CID 4+0 depends_on:19:4:9:6:21:20 21:exp:37:exp:40:int:1:int:0:exp:24:int:4:int:0 -Record crypt, little space, AES-128-CBC, 1.2, SHA-1, short tag +Record crypt, little space, AES128-CBC, 1.2, SHA-1, short tag depends_on:4:9:6:21 21:exp:37:exp:40:int:0:int:1:exp:24:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.2, SHA-1, short tag, CID 4+4 +Record crypt, little space, AES128-CBC, 1.2, SHA-1, short tag, CID 4+4 depends_on:19:4:9:6:21 21:exp:37:exp:40:int:0:int:1:exp:24:int:4:int:4 -Record crypt, little space, AES-128-CBC, 1.2, SHA-1, short tag, CID 4+0 +Record crypt, little space, AES128-CBC, 1.2, SHA-1, short tag, CID 4+0 depends_on:19:4:9:6:21 21:exp:37:exp:40:int:0:int:1:exp:24:int:4:int:0 -Record crypt, little space, AES-128-CBC, 1.2, SHA-1, short tag, EtM +Record crypt, little space, AES128-CBC, 1.2, SHA-1, short tag, EtM depends_on:4:9:6:21:20 21:exp:37:exp:40:int:1:int:1:exp:24:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4 +Record crypt, little space, AES128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4 depends_on:19:4:9:6:21:20 21:exp:37:exp:40:int:1:int:1:exp:24:int:4:int:4 -Record crypt, little space, AES-128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0 +Record crypt, little space, AES128-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0 depends_on:19:4:9:6:21:20 21:exp:37:exp:40:int:1:int:1:exp:24:int:4:int:0 -Record crypt, little space, AES-128-CBC, 1.2, MD5 +Record crypt, little space, AES128-CBC, 1.2, MD5 depends_on:4:9:6:22 21:exp:37:exp:41:int:0:int:0:exp:24:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.2, MD5, CID 4+4 +Record crypt, little space, AES128-CBC, 1.2, MD5, CID 4+4 depends_on:19:4:9:6:22 21:exp:37:exp:41:int:0:int:0:exp:24:int:4:int:4 -Record crypt, little space, AES-128-CBC, 1.2, MD5, CID 4+0 +Record crypt, little space, AES128-CBC, 1.2, MD5, CID 4+0 depends_on:19:4:9:6:22 21:exp:37:exp:41:int:0:int:0:exp:24:int:4:int:0 -Record crypt, little space, AES-128-CBC, 1.2, MD5, EtM +Record crypt, little space, AES128-CBC, 1.2, MD5, EtM depends_on:4:9:6:22:20 21:exp:37:exp:41:int:1:int:0:exp:24:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.2, MD5, EtM, CID 4+4 +Record crypt, little space, AES128-CBC, 1.2, MD5, EtM, CID 4+4 depends_on:19:4:9:6:22:20 21:exp:37:exp:41:int:1:int:0:exp:24:int:4:int:4 -Record crypt, little space, AES-128-CBC, 1.2, MD5, EtM, CID 4+0 +Record crypt, little space, AES128-CBC, 1.2, MD5, EtM, CID 4+0 depends_on:19:4:9:6:22:20 21:exp:37:exp:41:int:1:int:0:exp:24:int:4:int:0 -Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag +Record crypt, little space, AES128-CBC, 1.2, MD5, short tag depends_on:4:9:6:22 21:exp:37:exp:41:int:0:int:1:exp:24:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag, CID 4+4 +Record crypt, little space, AES128-CBC, 1.2, MD5, short tag, CID 4+4 depends_on:19:4:9:6:22 21:exp:37:exp:41:int:0:int:1:exp:24:int:4:int:4 -Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag, CID 4+0 +Record crypt, little space, AES128-CBC, 1.2, MD5, short tag, CID 4+0 depends_on:19:4:9:6:22 21:exp:37:exp:41:int:0:int:1:exp:24:int:4:int:0 -Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag, EtM +Record crypt, little space, AES128-CBC, 1.2, MD5, short tag, EtM depends_on:4:9:6:22:20 21:exp:37:exp:41:int:1:int:1:exp:24:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag, EtM, CID 4+4 +Record crypt, little space, AES128-CBC, 1.2, MD5, short tag, EtM, CID 4+4 depends_on:19:4:9:6:22:20 21:exp:37:exp:41:int:1:int:1:exp:24:int:4:int:4 -Record crypt, little space, AES-128-CBC, 1.2, MD5, short tag, EtM, CID 4+0 +Record crypt, little space, AES128-CBC, 1.2, MD5, short tag, EtM, CID 4+0 depends_on:19:4:9:6:22:20 21:exp:37:exp:41:int:1:int:1:exp:24:int:4:int:0 -Record crypt, little space, AES-128-CBC, 1.1, SHA-384 +Record crypt, little space, AES128-CBC, 1.1, SHA-384 depends_on:4:9:5:7:8 21:exp:37:exp:38:int:0:int:0:exp:23:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.1, SHA-384, EtM +Record crypt, little space, AES128-CBC, 1.1, SHA-384, EtM depends_on:4:9:5:7:8:20 21:exp:37:exp:38:int:1:int:0:exp:23:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.1, SHA-384, short tag +Record crypt, little space, AES128-CBC, 1.1, SHA-384, short tag depends_on:4:9:5:7:8 21:exp:37:exp:38:int:0:int:1:exp:23:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.1, SHA-384, short tag, EtM +Record crypt, little space, AES128-CBC, 1.1, SHA-384, short tag, EtM depends_on:4:9:5:7:8:20 21:exp:37:exp:38:int:1:int:1:exp:23:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.1, SHA-256 +Record crypt, little space, AES128-CBC, 1.1, SHA-256 depends_on:4:9:5:13 21:exp:37:exp:39:int:0:int:0:exp:23:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.1, SHA-256, EtM +Record crypt, little space, AES128-CBC, 1.1, SHA-256, EtM depends_on:4:9:5:13:20 21:exp:37:exp:39:int:1:int:0:exp:23:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.1, SHA-256, short tag +Record crypt, little space, AES128-CBC, 1.1, SHA-256, short tag depends_on:4:9:5:13 21:exp:37:exp:39:int:0:int:1:exp:23:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.1, SHA-256, short tag, EtM +Record crypt, little space, AES128-CBC, 1.1, SHA-256, short tag, EtM depends_on:4:9:5:13:20 21:exp:37:exp:39:int:1:int:1:exp:23:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.1, SHA-1 +Record crypt, little space, AES128-CBC, 1.1, SHA-1 depends_on:4:9:5:21 21:exp:37:exp:40:int:0:int:0:exp:23:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.1, SHA-1, EtM +Record crypt, little space, AES128-CBC, 1.1, SHA-1, EtM depends_on:4:9:5:21:20 21:exp:37:exp:40:int:1:int:0:exp:23:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.1, SHA-1, short tag +Record crypt, little space, AES128-CBC, 1.1, SHA-1, short tag depends_on:4:9:5:21 21:exp:37:exp:40:int:0:int:1:exp:23:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.1, SHA-1, short tag, EtM +Record crypt, little space, AES128-CBC, 1.1, SHA-1, short tag, EtM depends_on:4:9:5:21:20 21:exp:37:exp:40:int:1:int:1:exp:23:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.1, MD5 +Record crypt, little space, AES128-CBC, 1.1, MD5 depends_on:4:9:5:22 21:exp:37:exp:41:int:0:int:0:exp:23:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.1, MD5, EtM +Record crypt, little space, AES128-CBC, 1.1, MD5, EtM depends_on:4:9:5:22:20 21:exp:37:exp:41:int:1:int:0:exp:23:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.1, MD5, short tag +Record crypt, little space, AES128-CBC, 1.1, MD5, short tag depends_on:4:9:5:22 21:exp:37:exp:41:int:0:int:1:exp:23:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.1, MD5, short tag, EtM +Record crypt, little space, AES128-CBC, 1.1, MD5, short tag, EtM depends_on:4:9:5:22:20 21:exp:37:exp:41:int:1:int:1:exp:23:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.0, SHA-384 +Record crypt, little space, AES128-CBC, 1.0, SHA-384 depends_on:4:9:3:7:8 21:exp:37:exp:38:int:0:int:0:exp:22:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.0, SHA-384, EtM +Record crypt, little space, AES128-CBC, 1.0, SHA-384, EtM depends_on:4:9:3:7:8:20 21:exp:37:exp:38:int:1:int:0:exp:22:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.0, SHA-384, short tag +Record crypt, little space, AES128-CBC, 1.0, SHA-384, short tag depends_on:4:9:3:7:8 21:exp:37:exp:38:int:0:int:1:exp:22:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.0, SHA-384, short tag, EtM +Record crypt, little space, AES128-CBC, 1.0, SHA-384, short tag, EtM depends_on:4:9:3:7:8:20 21:exp:37:exp:38:int:1:int:1:exp:22:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.0, SHA-256 +Record crypt, little space, AES128-CBC, 1.0, SHA-256 depends_on:4:9:3:13 21:exp:37:exp:39:int:0:int:0:exp:22:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.0, SHA-256, EtM +Record crypt, little space, AES128-CBC, 1.0, SHA-256, EtM depends_on:4:9:3:13:20 21:exp:37:exp:39:int:1:int:0:exp:22:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.0, SHA-256, short tag +Record crypt, little space, AES128-CBC, 1.0, SHA-256, short tag depends_on:4:9:3:13 21:exp:37:exp:39:int:0:int:1:exp:22:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.0, SHA-256, short tag, EtM +Record crypt, little space, AES128-CBC, 1.0, SHA-256, short tag, EtM depends_on:4:9:3:13:20 21:exp:37:exp:39:int:1:int:1:exp:22:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.0, SHA-1 +Record crypt, little space, AES128-CBC, 1.0, SHA-1 depends_on:4:9:3:21 21:exp:37:exp:40:int:0:int:0:exp:22:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.0, SHA-1, EtM +Record crypt, little space, AES128-CBC, 1.0, SHA-1, EtM depends_on:4:9:3:21:20 21:exp:37:exp:40:int:1:int:0:exp:22:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.0, SHA-1, short tag +Record crypt, little space, AES128-CBC, 1.0, SHA-1, short tag depends_on:4:9:3:21 21:exp:37:exp:40:int:0:int:1:exp:22:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.0, SHA-1, short tag, EtM +Record crypt, little space, AES128-CBC, 1.0, SHA-1, short tag, EtM depends_on:4:9:3:21:20 21:exp:37:exp:40:int:1:int:1:exp:22:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.0, MD5 +Record crypt, little space, AES128-CBC, 1.0, MD5 depends_on:4:9:3:22 21:exp:37:exp:41:int:0:int:0:exp:22:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.0, MD5, EtM +Record crypt, little space, AES128-CBC, 1.0, MD5, EtM depends_on:4:9:3:22:20 21:exp:37:exp:41:int:1:int:0:exp:22:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.0, MD5, short tag +Record crypt, little space, AES128-CBC, 1.0, MD5, short tag depends_on:4:9:3:22 21:exp:37:exp:41:int:0:int:1:exp:22:int:0:int:0 -Record crypt, little space, AES-128-CBC, 1.0, MD5, short tag, EtM +Record crypt, little space, AES128-CBC, 1.0, MD5, short tag, EtM depends_on:4:9:3:22:20 21:exp:37:exp:41:int:1:int:1:exp:22:int:0:int:0 -Record crypt, little space, AES-128-CBC, SSL3, SHA-1 +Record crypt, little space, AES128-CBC, SSL3, SHA-1 depends_on:4:9:0:21 21:exp:37:exp:40:int:0:int:0:exp:21:int:0:int:0 -Record crypt, little space, AES-128-CBC, SSL3, SHA-1, EtM +Record crypt, little space, AES128-CBC, SSL3, SHA-1, EtM depends_on:4:9:0:21:20 21:exp:37:exp:40:int:1:int:0:exp:21:int:0:int:0 -Record crypt, little space, AES-128-CBC, SSL3, SHA-1, short tag +Record crypt, little space, AES128-CBC, SSL3, SHA-1, short tag depends_on:4:9:0:21 21:exp:37:exp:40:int:0:int:1:exp:21:int:0:int:0 -Record crypt, little space, AES-128-CBC, SSL3, SHA-1, short tag, EtM +Record crypt, little space, AES128-CBC, SSL3, SHA-1, short tag, EtM depends_on:4:9:0:21:20 21:exp:37:exp:40:int:1:int:1:exp:21:int:0:int:0 -Record crypt, little space, AES-128-CBC, SSL3, MD5 +Record crypt, little space, AES128-CBC, SSL3, MD5 depends_on:4:9:0:22 21:exp:37:exp:41:int:0:int:0:exp:21:int:0:int:0 -Record crypt, little space, AES-128-CBC, SSL3, MD5, EtM +Record crypt, little space, AES128-CBC, SSL3, MD5, EtM depends_on:4:9:0:22:20 21:exp:37:exp:41:int:1:int:0:exp:21:int:0:int:0 -Record crypt, little space, AES-128-CBC, SSL3, MD5, short tag +Record crypt, little space, AES128-CBC, SSL3, MD5, short tag depends_on:4:9:0:22 21:exp:37:exp:41:int:0:int:1:exp:21:int:0:int:0 -Record crypt, little space, AES-128-CBC, SSL3, MD5, short tag, EtM +Record crypt, little space, AES128-CBC, SSL3, MD5, short tag, EtM depends_on:4:9:0:22:20 21:exp:37:exp:41:int:1:int:1:exp:21:int:0:int:0 @@ -5800,355 +5800,355 @@ Record crypt, little space, AES-192-CBC, SSL3, MD5, short tag, EtM depends_on:4:9:0:22:20 21:exp:42:exp:41:int:1:int:1:exp:21:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.2, SHA-384 +Record crypt, little space, AES256-CBC, 1.2, SHA-384 depends_on:4:9:6:7:8 21:exp:43:exp:38:int:0:int:0:exp:24:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.2, SHA-384, CID 4+4 +Record crypt, little space, AES256-CBC, 1.2, SHA-384, CID 4+4 depends_on:19:4:9:6:7:8 21:exp:43:exp:38:int:0:int:0:exp:24:int:4:int:4 -Record crypt, little space, AES-256-CBC, 1.2, SHA-384, CID 4+0 +Record crypt, little space, AES256-CBC, 1.2, SHA-384, CID 4+0 depends_on:19:4:9:6:7:8 21:exp:43:exp:38:int:0:int:0:exp:24:int:4:int:0 -Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM +Record crypt, little space, AES256-CBC, 1.2, SHA-384, EtM depends_on:4:9:6:7:8:20 21:exp:43:exp:38:int:1:int:0:exp:24:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+4 +Record crypt, little space, AES256-CBC, 1.2, SHA-384, EtM, CID 4+4 depends_on:19:4:9:6:7:8:20 21:exp:43:exp:38:int:1:int:0:exp:24:int:4:int:4 -Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+0 +Record crypt, little space, AES256-CBC, 1.2, SHA-384, EtM, CID 4+0 depends_on:19:4:9:6:7:8:20 21:exp:43:exp:38:int:1:int:0:exp:24:int:4:int:0 -Record crypt, little space, AES-256-CBC, 1.2, SHA-384, short tag +Record crypt, little space, AES256-CBC, 1.2, SHA-384, short tag depends_on:4:9:6:7:8 21:exp:43:exp:38:int:0:int:1:exp:24:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.2, SHA-384, short tag, CID 4+4 +Record crypt, little space, AES256-CBC, 1.2, SHA-384, short tag, CID 4+4 depends_on:19:4:9:6:7:8 21:exp:43:exp:38:int:0:int:1:exp:24:int:4:int:4 -Record crypt, little space, AES-256-CBC, 1.2, SHA-384, short tag, CID 4+0 +Record crypt, little space, AES256-CBC, 1.2, SHA-384, short tag, CID 4+0 depends_on:19:4:9:6:7:8 21:exp:43:exp:38:int:0:int:1:exp:24:int:4:int:0 -Record crypt, little space, AES-256-CBC, 1.2, SHA-384, short tag, EtM +Record crypt, little space, AES256-CBC, 1.2, SHA-384, short tag, EtM depends_on:4:9:6:7:8:20 21:exp:43:exp:38:int:1:int:1:exp:24:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4 +Record crypt, little space, AES256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4 depends_on:19:4:9:6:7:8:20 21:exp:43:exp:38:int:1:int:1:exp:24:int:4:int:4 -Record crypt, little space, AES-256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0 +Record crypt, little space, AES256-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0 depends_on:19:4:9:6:7:8:20 21:exp:43:exp:38:int:1:int:1:exp:24:int:4:int:0 -Record crypt, little space, AES-256-CBC, 1.2, SHA-256 +Record crypt, little space, AES256-CBC, 1.2, SHA-256 depends_on:4:9:6:13 21:exp:43:exp:39:int:0:int:0:exp:24:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.2, SHA-256, CID 4+4 +Record crypt, little space, AES256-CBC, 1.2, SHA-256, CID 4+4 depends_on:19:4:9:6:13 21:exp:43:exp:39:int:0:int:0:exp:24:int:4:int:4 -Record crypt, little space, AES-256-CBC, 1.2, SHA-256, CID 4+0 +Record crypt, little space, AES256-CBC, 1.2, SHA-256, CID 4+0 depends_on:19:4:9:6:13 21:exp:43:exp:39:int:0:int:0:exp:24:int:4:int:0 -Record crypt, little space, AES-256-CBC, 1.2, SHA-256, EtM +Record crypt, little space, AES256-CBC, 1.2, SHA-256, EtM depends_on:4:9:6:13:20 21:exp:43:exp:39:int:1:int:0:exp:24:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+4 +Record crypt, little space, AES256-CBC, 1.2, SHA-256, EtM, CID 4+4 depends_on:19:4:9:6:13:20 21:exp:43:exp:39:int:1:int:0:exp:24:int:4:int:4 -Record crypt, little space, AES-256-CBC, 1.2, SHA-256, EtM, CID 4+0 +Record crypt, little space, AES256-CBC, 1.2, SHA-256, EtM, CID 4+0 depends_on:19:4:9:6:13:20 21:exp:43:exp:39:int:1:int:0:exp:24:int:4:int:0 -Record crypt, little space, AES-256-CBC, 1.2, SHA-256, short tag +Record crypt, little space, AES256-CBC, 1.2, SHA-256, short tag depends_on:4:9:6:13 21:exp:43:exp:39:int:0:int:1:exp:24:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.2, SHA-256, short tag, CID 4+4 +Record crypt, little space, AES256-CBC, 1.2, SHA-256, short tag, CID 4+4 depends_on:19:4:9:6:13 21:exp:43:exp:39:int:0:int:1:exp:24:int:4:int:4 -Record crypt, little space, AES-256-CBC, 1.2, SHA-256, short tag, CID 4+0 +Record crypt, little space, AES256-CBC, 1.2, SHA-256, short tag, CID 4+0 depends_on:19:4:9:6:13 21:exp:43:exp:39:int:0:int:1:exp:24:int:4:int:0 -Record crypt, little space, AES-256-CBC, 1.2, SHA-256, short tag, EtM +Record crypt, little space, AES256-CBC, 1.2, SHA-256, short tag, EtM depends_on:4:9:6:13:20 21:exp:43:exp:39:int:1:int:1:exp:24:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4 +Record crypt, little space, AES256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4 depends_on:19:4:9:6:13:20 21:exp:43:exp:39:int:1:int:1:exp:24:int:4:int:4 -Record crypt, little space, AES-256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0 +Record crypt, little space, AES256-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0 depends_on:19:4:9:6:13:20 21:exp:43:exp:39:int:1:int:1:exp:24:int:4:int:0 -Record crypt, little space, AES-256-CBC, 1.2, SHA-1 +Record crypt, little space, AES256-CBC, 1.2, SHA-1 depends_on:4:9:6:21 21:exp:43:exp:40:int:0:int:0:exp:24:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.2, SHA-1, CID 4+4 +Record crypt, little space, AES256-CBC, 1.2, SHA-1, CID 4+4 depends_on:19:4:9:6:21 21:exp:43:exp:40:int:0:int:0:exp:24:int:4:int:4 -Record crypt, little space, AES-256-CBC, 1.2, SHA-1, CID 4+0 +Record crypt, little space, AES256-CBC, 1.2, SHA-1, CID 4+0 depends_on:19:4:9:6:21 21:exp:43:exp:40:int:0:int:0:exp:24:int:4:int:0 -Record crypt, little space, AES-256-CBC, 1.2, SHA-1, EtM +Record crypt, little space, AES256-CBC, 1.2, SHA-1, EtM depends_on:4:9:6:21:20 21:exp:43:exp:40:int:1:int:0:exp:24:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+4 +Record crypt, little space, AES256-CBC, 1.2, SHA-1, EtM, CID 4+4 depends_on:19:4:9:6:21:20 21:exp:43:exp:40:int:1:int:0:exp:24:int:4:int:4 -Record crypt, little space, AES-256-CBC, 1.2, SHA-1, EtM, CID 4+0 +Record crypt, little space, AES256-CBC, 1.2, SHA-1, EtM, CID 4+0 depends_on:19:4:9:6:21:20 21:exp:43:exp:40:int:1:int:0:exp:24:int:4:int:0 -Record crypt, little space, AES-256-CBC, 1.2, SHA-1, short tag +Record crypt, little space, AES256-CBC, 1.2, SHA-1, short tag depends_on:4:9:6:21 21:exp:43:exp:40:int:0:int:1:exp:24:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.2, SHA-1, short tag, CID 4+4 +Record crypt, little space, AES256-CBC, 1.2, SHA-1, short tag, CID 4+4 depends_on:19:4:9:6:21 21:exp:43:exp:40:int:0:int:1:exp:24:int:4:int:4 -Record crypt, little space, AES-256-CBC, 1.2, SHA-1, short tag, CID 4+0 +Record crypt, little space, AES256-CBC, 1.2, SHA-1, short tag, CID 4+0 depends_on:19:4:9:6:21 21:exp:43:exp:40:int:0:int:1:exp:24:int:4:int:0 -Record crypt, little space, AES-256-CBC, 1.2, SHA-1, short tag, EtM +Record crypt, little space, AES256-CBC, 1.2, SHA-1, short tag, EtM depends_on:4:9:6:21:20 21:exp:43:exp:40:int:1:int:1:exp:24:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4 +Record crypt, little space, AES256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4 depends_on:19:4:9:6:21:20 21:exp:43:exp:40:int:1:int:1:exp:24:int:4:int:4 -Record crypt, little space, AES-256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0 +Record crypt, little space, AES256-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0 depends_on:19:4:9:6:21:20 21:exp:43:exp:40:int:1:int:1:exp:24:int:4:int:0 -Record crypt, little space, AES-256-CBC, 1.2, MD5 +Record crypt, little space, AES256-CBC, 1.2, MD5 depends_on:4:9:6:22 21:exp:43:exp:41:int:0:int:0:exp:24:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.2, MD5, CID 4+4 +Record crypt, little space, AES256-CBC, 1.2, MD5, CID 4+4 depends_on:19:4:9:6:22 21:exp:43:exp:41:int:0:int:0:exp:24:int:4:int:4 -Record crypt, little space, AES-256-CBC, 1.2, MD5, CID 4+0 +Record crypt, little space, AES256-CBC, 1.2, MD5, CID 4+0 depends_on:19:4:9:6:22 21:exp:43:exp:41:int:0:int:0:exp:24:int:4:int:0 -Record crypt, little space, AES-256-CBC, 1.2, MD5, EtM +Record crypt, little space, AES256-CBC, 1.2, MD5, EtM depends_on:4:9:6:22:20 21:exp:43:exp:41:int:1:int:0:exp:24:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.2, MD5, EtM, CID 4+4 +Record crypt, little space, AES256-CBC, 1.2, MD5, EtM, CID 4+4 depends_on:19:4:9:6:22:20 21:exp:43:exp:41:int:1:int:0:exp:24:int:4:int:4 -Record crypt, little space, AES-256-CBC, 1.2, MD5, EtM, CID 4+0 +Record crypt, little space, AES256-CBC, 1.2, MD5, EtM, CID 4+0 depends_on:19:4:9:6:22:20 21:exp:43:exp:41:int:1:int:0:exp:24:int:4:int:0 -Record crypt, little space, AES-256-CBC, 1.2, MD5, short tag +Record crypt, little space, AES256-CBC, 1.2, MD5, short tag depends_on:4:9:6:22 21:exp:43:exp:41:int:0:int:1:exp:24:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.2, MD5, short tag, CID 4+4 +Record crypt, little space, AES256-CBC, 1.2, MD5, short tag, CID 4+4 depends_on:19:4:9:6:22 21:exp:43:exp:41:int:0:int:1:exp:24:int:4:int:4 -Record crypt, little space, AES-256-CBC, 1.2, MD5, short tag, CID 4+0 +Record crypt, little space, AES256-CBC, 1.2, MD5, short tag, CID 4+0 depends_on:19:4:9:6:22 21:exp:43:exp:41:int:0:int:1:exp:24:int:4:int:0 -Record crypt, little space, AES-256-CBC, 1.2, MD5, short tag, EtM +Record crypt, little space, AES256-CBC, 1.2, MD5, short tag, EtM depends_on:4:9:6:22:20 21:exp:43:exp:41:int:1:int:1:exp:24:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.2, MD5, short tag, EtM, CID 4+4 +Record crypt, little space, AES256-CBC, 1.2, MD5, short tag, EtM, CID 4+4 depends_on:19:4:9:6:22:20 21:exp:43:exp:41:int:1:int:1:exp:24:int:4:int:4 -Record crypt, little space, AES-256-CBC, 1.2, MD5, short tag, EtM, CID 4+0 +Record crypt, little space, AES256-CBC, 1.2, MD5, short tag, EtM, CID 4+0 depends_on:19:4:9:6:22:20 21:exp:43:exp:41:int:1:int:1:exp:24:int:4:int:0 -Record crypt, little space, AES-256-CBC, 1.1, SHA-384 +Record crypt, little space, AES256-CBC, 1.1, SHA-384 depends_on:4:9:5:7:8 21:exp:43:exp:38:int:0:int:0:exp:23:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.1, SHA-384, EtM +Record crypt, little space, AES256-CBC, 1.1, SHA-384, EtM depends_on:4:9:5:7:8:20 21:exp:43:exp:38:int:1:int:0:exp:23:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.1, SHA-384, short tag +Record crypt, little space, AES256-CBC, 1.1, SHA-384, short tag depends_on:4:9:5:7:8 21:exp:43:exp:38:int:0:int:1:exp:23:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.1, SHA-384, short tag, EtM +Record crypt, little space, AES256-CBC, 1.1, SHA-384, short tag, EtM depends_on:4:9:5:7:8:20 21:exp:43:exp:38:int:1:int:1:exp:23:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.1, SHA-256 +Record crypt, little space, AES256-CBC, 1.1, SHA-256 depends_on:4:9:5:13 21:exp:43:exp:39:int:0:int:0:exp:23:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.1, SHA-256, EtM +Record crypt, little space, AES256-CBC, 1.1, SHA-256, EtM depends_on:4:9:5:13:20 21:exp:43:exp:39:int:1:int:0:exp:23:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.1, SHA-256, short tag +Record crypt, little space, AES256-CBC, 1.1, SHA-256, short tag depends_on:4:9:5:13 21:exp:43:exp:39:int:0:int:1:exp:23:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.1, SHA-256, short tag, EtM +Record crypt, little space, AES256-CBC, 1.1, SHA-256, short tag, EtM depends_on:4:9:5:13:20 21:exp:43:exp:39:int:1:int:1:exp:23:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.1, SHA-1 +Record crypt, little space, AES256-CBC, 1.1, SHA-1 depends_on:4:9:5:21 21:exp:43:exp:40:int:0:int:0:exp:23:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.1, SHA-1, EtM +Record crypt, little space, AES256-CBC, 1.1, SHA-1, EtM depends_on:4:9:5:21:20 21:exp:43:exp:40:int:1:int:0:exp:23:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.1, SHA-1, short tag +Record crypt, little space, AES256-CBC, 1.1, SHA-1, short tag depends_on:4:9:5:21 21:exp:43:exp:40:int:0:int:1:exp:23:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.1, SHA-1, short tag, EtM +Record crypt, little space, AES256-CBC, 1.1, SHA-1, short tag, EtM depends_on:4:9:5:21:20 21:exp:43:exp:40:int:1:int:1:exp:23:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.1, MD5 +Record crypt, little space, AES256-CBC, 1.1, MD5 depends_on:4:9:5:22 21:exp:43:exp:41:int:0:int:0:exp:23:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.1, MD5, EtM +Record crypt, little space, AES256-CBC, 1.1, MD5, EtM depends_on:4:9:5:22:20 21:exp:43:exp:41:int:1:int:0:exp:23:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.1, MD5, short tag +Record crypt, little space, AES256-CBC, 1.1, MD5, short tag depends_on:4:9:5:22 21:exp:43:exp:41:int:0:int:1:exp:23:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.1, MD5, short tag, EtM +Record crypt, little space, AES256-CBC, 1.1, MD5, short tag, EtM depends_on:4:9:5:22:20 21:exp:43:exp:41:int:1:int:1:exp:23:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.0, SHA-384 +Record crypt, little space, AES256-CBC, 1.0, SHA-384 depends_on:4:9:3:7:8 21:exp:43:exp:38:int:0:int:0:exp:22:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.0, SHA-384, EtM +Record crypt, little space, AES256-CBC, 1.0, SHA-384, EtM depends_on:4:9:3:7:8:20 21:exp:43:exp:38:int:1:int:0:exp:22:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.0, SHA-384, short tag +Record crypt, little space, AES256-CBC, 1.0, SHA-384, short tag depends_on:4:9:3:7:8 21:exp:43:exp:38:int:0:int:1:exp:22:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.0, SHA-384, short tag, EtM +Record crypt, little space, AES256-CBC, 1.0, SHA-384, short tag, EtM depends_on:4:9:3:7:8:20 21:exp:43:exp:38:int:1:int:1:exp:22:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.0, SHA-256 +Record crypt, little space, AES256-CBC, 1.0, SHA-256 depends_on:4:9:3:13 21:exp:43:exp:39:int:0:int:0:exp:22:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.0, SHA-256, EtM +Record crypt, little space, AES256-CBC, 1.0, SHA-256, EtM depends_on:4:9:3:13:20 21:exp:43:exp:39:int:1:int:0:exp:22:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.0, SHA-256, short tag +Record crypt, little space, AES256-CBC, 1.0, SHA-256, short tag depends_on:4:9:3:13 21:exp:43:exp:39:int:0:int:1:exp:22:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.0, SHA-256, short tag, EtM +Record crypt, little space, AES256-CBC, 1.0, SHA-256, short tag, EtM depends_on:4:9:3:13:20 21:exp:43:exp:39:int:1:int:1:exp:22:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.0, SHA-1 +Record crypt, little space, AES256-CBC, 1.0, SHA-1 depends_on:4:9:3:21 21:exp:43:exp:40:int:0:int:0:exp:22:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.0, SHA-1, EtM +Record crypt, little space, AES256-CBC, 1.0, SHA-1, EtM depends_on:4:9:3:21:20 21:exp:43:exp:40:int:1:int:0:exp:22:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.0, SHA-1, short tag +Record crypt, little space, AES256-CBC, 1.0, SHA-1, short tag depends_on:4:9:3:21 21:exp:43:exp:40:int:0:int:1:exp:22:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.0, SHA-1, short tag, EtM +Record crypt, little space, AES256-CBC, 1.0, SHA-1, short tag, EtM depends_on:4:9:3:21:20 21:exp:43:exp:40:int:1:int:1:exp:22:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.0, MD5 +Record crypt, little space, AES256-CBC, 1.0, MD5 depends_on:4:9:3:22 21:exp:43:exp:41:int:0:int:0:exp:22:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.0, MD5, EtM +Record crypt, little space, AES256-CBC, 1.0, MD5, EtM depends_on:4:9:3:22:20 21:exp:43:exp:41:int:1:int:0:exp:22:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.0, MD5, short tag +Record crypt, little space, AES256-CBC, 1.0, MD5, short tag depends_on:4:9:3:22 21:exp:43:exp:41:int:0:int:1:exp:22:int:0:int:0 -Record crypt, little space, AES-256-CBC, 1.0, MD5, short tag, EtM +Record crypt, little space, AES256-CBC, 1.0, MD5, short tag, EtM depends_on:4:9:3:22:20 21:exp:43:exp:41:int:1:int:1:exp:22:int:0:int:0 -Record crypt, little space, AES-256-CBC, SSL3, SHA-1 +Record crypt, little space, AES256-CBC, SSL3, SHA-1 depends_on:4:9:0:21 21:exp:43:exp:40:int:0:int:0:exp:21:int:0:int:0 -Record crypt, little space, AES-256-CBC, SSL3, SHA-1, EtM +Record crypt, little space, AES256-CBC, SSL3, SHA-1, EtM depends_on:4:9:0:21:20 21:exp:43:exp:40:int:1:int:0:exp:21:int:0:int:0 -Record crypt, little space, AES-256-CBC, SSL3, SHA-1, short tag +Record crypt, little space, AES256-CBC, SSL3, SHA-1, short tag depends_on:4:9:0:21 21:exp:43:exp:40:int:0:int:1:exp:21:int:0:int:0 -Record crypt, little space, AES-256-CBC, SSL3, SHA-1, short tag, EtM +Record crypt, little space, AES256-CBC, SSL3, SHA-1, short tag, EtM depends_on:4:9:0:21:20 21:exp:43:exp:40:int:1:int:1:exp:21:int:0:int:0 -Record crypt, little space, AES-256-CBC, SSL3, MD5 +Record crypt, little space, AES256-CBC, SSL3, MD5 depends_on:4:9:0:22 21:exp:43:exp:41:int:0:int:0:exp:21:int:0:int:0 -Record crypt, little space, AES-256-CBC, SSL3, MD5, EtM +Record crypt, little space, AES256-CBC, SSL3, MD5, EtM depends_on:4:9:0:22:20 21:exp:43:exp:41:int:1:int:0:exp:21:int:0:int:0 -Record crypt, little space, AES-256-CBC, SSL3, MD5, short tag +Record crypt, little space, AES256-CBC, SSL3, MD5, short tag depends_on:4:9:0:22 21:exp:43:exp:41:int:0:int:1:exp:21:int:0:int:0 -Record crypt, little space, AES-256-CBC, SSL3, MD5, short tag, EtM +Record crypt, little space, AES256-CBC, SSL3, MD5, short tag, EtM depends_on:4:9:0:22:20 21:exp:43:exp:41:int:1:int:1:exp:21:int:0:int:0 @@ -8616,31 +8616,31 @@ Record crypt, little space, BLOWFISH-CBC, SSL3, MD5, short tag, EtM depends_on:4:24:0:22:20 21:exp:50:exp:41:int:1:int:1:exp:21:int:0:int:0 -Record crypt, little space, AES-128-GCM, 1.2 +Record crypt, little space, AES128-GCM, 1.2 depends_on:9:6:10 21:exp:51:exp:41:int:0:int:0:exp:24:int:0:int:0 -Record crypt, little space, AES-128-GCM, 1.3 +Record crypt, little space, AES128-GCM, 1.3 depends_on:9:25:10 21:exp:51:exp:41:int:0:int:0:exp:52:int:0:int:0 -Record crypt, little space, AES-128-GCM, 1.2, CID 4+4 +Record crypt, little space, AES128-GCM, 1.2, CID 4+4 depends_on:19:9:6:10 21:exp:51:exp:41:int:0:int:0:exp:24:int:4:int:4 -Record crypt, little space, AES-128-GCM, 1.2, CID 4+0 +Record crypt, little space, AES128-GCM, 1.2, CID 4+0 depends_on:19:9:6:10 21:exp:51:exp:41:int:0:int:0:exp:24:int:4:int:0 -Record crypt, little space, AES-128-GCM, 1.2, short tag +Record crypt, little space, AES128-GCM, 1.2, short tag depends_on:9:6:10 21:exp:51:exp:41:int:0:int:1:exp:24:int:0:int:0 -Record crypt, little space, AES-128-GCM, 1.2, short tag, CID 4+4 +Record crypt, little space, AES128-GCM, 1.2, short tag, CID 4+4 depends_on:19:9:6:10 21:exp:51:exp:41:int:0:int:1:exp:24:int:4:int:4 -Record crypt, little space, AES-128-GCM, 1.2, short tag, CID 4+0 +Record crypt, little space, AES128-GCM, 1.2, short tag, CID 4+0 depends_on:19:9:6:10 21:exp:51:exp:41:int:0:int:1:exp:24:int:4:int:0 @@ -8672,31 +8672,31 @@ Record crypt, little space, AES-192-GCM, 1.2, short tag, CID 4+0 depends_on:19:9:6:10 21:exp:53:exp:41:int:0:int:1:exp:24:int:4:int:0 -Record crypt, little space, AES-256-GCM, 1.2 +Record crypt, little space, AES256-GCM, 1.2 depends_on:9:6:10 21:exp:54:exp:41:int:0:int:0:exp:24:int:0:int:0 -Record crypt, little space, AES-256-GCM, 1.3 +Record crypt, little space, AES256-GCM, 1.3 depends_on:9:25:10 21:exp:54:exp:41:int:0:int:0:exp:52:int:0:int:0 -Record crypt, little space, AES-256-GCM, 1.2, CID 4+4 +Record crypt, little space, AES256-GCM, 1.2, CID 4+4 depends_on:19:9:6:10 21:exp:54:exp:41:int:0:int:0:exp:24:int:4:int:4 -Record crypt, little space, AES-256-GCM, 1.2, CID 4+0 +Record crypt, little space, AES256-GCM, 1.2, CID 4+0 depends_on:19:9:6:10 21:exp:54:exp:41:int:0:int:0:exp:24:int:4:int:0 -Record crypt, little space, AES-256-GCM, 1.2, short tag +Record crypt, little space, AES256-GCM, 1.2, short tag depends_on:9:6:10 21:exp:54:exp:41:int:0:int:1:exp:24:int:0:int:0 -Record crypt, little space, AES-256-GCM, 1.2, short tag, CID 4+4 +Record crypt, little space, AES256-GCM, 1.2, short tag, CID 4+4 depends_on:19:9:6:10 21:exp:54:exp:41:int:0:int:1:exp:24:int:4:int:4 -Record crypt, little space, AES-256-GCM, 1.2, short tag, CID 4+0 +Record crypt, little space, AES256-GCM, 1.2, short tag, CID 4+0 depends_on:19:9:6:10 21:exp:54:exp:41:int:0:int:1:exp:24:int:4:int:0 @@ -8772,31 +8772,31 @@ Record crypt, little space, CAMELLIA-256-GCM, 1.2, short tag, CID 4+0 depends_on:19:16:6:10 21:exp:57:exp:41:int:0:int:1:exp:24:int:4:int:0 -Record crypt, little space, AES-128-CCM, 1.2 +Record crypt, little space, AES128-CCM, 1.2 depends_on:9:6:12 21:exp:58:exp:41:int:0:int:0:exp:24:int:0:int:0 -Record crypt, little space, AES-128-CCM, 1.3 +Record crypt, little space, AES128-CCM, 1.3 depends_on:9:25:12 21:exp:58:exp:41:int:0:int:0:exp:52:int:0:int:0 -Record crypt, little space, AES-128-CCM, 1.2, CID 4+4 +Record crypt, little space, AES128-CCM, 1.2, CID 4+4 depends_on:19:9:6:12 21:exp:58:exp:41:int:0:int:0:exp:24:int:4:int:4 -Record crypt, little space, AES-128-CCM, 1.2, CID 4+0 +Record crypt, little space, AES128-CCM, 1.2, CID 4+0 depends_on:19:9:6:12 21:exp:58:exp:41:int:0:int:0:exp:24:int:4:int:0 -Record crypt, little space, AES-128-CCM, 1.2, short tag +Record crypt, little space, AES128-CCM, 1.2, short tag depends_on:9:6:12 21:exp:58:exp:41:int:0:int:1:exp:24:int:0:int:0 -Record crypt, little space, AES-128-CCM, 1.2, short tag, CID 4+4 +Record crypt, little space, AES128-CCM, 1.2, short tag, CID 4+4 depends_on:19:9:6:12 21:exp:58:exp:41:int:0:int:1:exp:24:int:4:int:4 -Record crypt, little space, AES-128-CCM, 1.2, short tag, CID 4+0 +Record crypt, little space, AES128-CCM, 1.2, short tag, CID 4+0 depends_on:19:9:6:12 21:exp:58:exp:41:int:0:int:1:exp:24:int:4:int:0 @@ -8828,31 +8828,31 @@ Record crypt, little space, AES-192-CCM, 1.2, short tag, CID 4+0 depends_on:19:9:6:12 21:exp:59:exp:41:int:0:int:1:exp:24:int:4:int:0 -Record crypt, little space, AES-256-CCM, 1.2 +Record crypt, little space, AES256-CCM, 1.2 depends_on:9:6:12 21:exp:60:exp:41:int:0:int:0:exp:24:int:0:int:0 -Record crypt, little space, AES-256-CCM, 1.3 +Record crypt, little space, AES256-CCM, 1.3 depends_on:9:25:12 21:exp:60:exp:41:int:0:int:0:exp:52:int:0:int:0 -Record crypt, little space, AES-256-CCM, 1.2, CID 4+4 +Record crypt, little space, AES256-CCM, 1.2, CID 4+4 depends_on:19:9:6:12 21:exp:60:exp:41:int:0:int:0:exp:24:int:4:int:4 -Record crypt, little space, AES-256-CCM, 1.2, CID 4+0 +Record crypt, little space, AES256-CCM, 1.2, CID 4+0 depends_on:19:9:6:12 21:exp:60:exp:41:int:0:int:0:exp:24:int:4:int:0 -Record crypt, little space, AES-256-CCM, 1.2, short tag +Record crypt, little space, AES256-CCM, 1.2, short tag depends_on:9:6:12 21:exp:60:exp:41:int:0:int:1:exp:24:int:0:int:0 -Record crypt, little space, AES-256-CCM, 1.2, short tag, CID 4+4 +Record crypt, little space, AES256-CCM, 1.2, short tag, CID 4+4 depends_on:19:9:6:12 21:exp:60:exp:41:int:0:int:1:exp:24:int:4:int:4 -Record crypt, little space, AES-256-CCM, 1.2, short tag, CID 4+0 +Record crypt, little space, AES256-CCM, 1.2, short tag, CID 4+0 depends_on:19:9:6:12 21:exp:60:exp:41:int:0:int:1:exp:24:int:4:int:0 diff --git a/third_party/mbedtls/test/test_suite_x509parse.c b/third_party/mbedtls/test/test_suite_x509parse.c index 5e42af53b..643b8430c 100644 --- a/third_party/mbedtls/test/test_suite_x509parse.c +++ b/third_party/mbedtls/test/test_suite_x509parse.c @@ -465,7 +465,7 @@ void test_x509_parse_san( char * crt_file, char * result_str ) } } - TEST_ASSERT( strcmp( buf, result_str ) == 0 ); + TEST_ASSERT_STREQ( buf, result_str ); exit: @@ -497,7 +497,7 @@ void test_x509_cert_info( char * crt_file, char * result_str ) TEST_ASSERT( res != -1 ); TEST_ASSERT( res != -2 ); - TEST_ASSERT( strcmp( buf, result_str ) == 0 ); + TEST_ASSERT_STREQ( buf, result_str ); exit: mbedtls_x509_crt_free( &crt ); @@ -527,7 +527,7 @@ void test_mbedtls_x509_crl_info( char * crl_file, char * result_str ) TEST_ASSERT( res != -1 ); TEST_ASSERT( res != -2 ); - TEST_ASSERT( strcmp( buf, result_str ) == 0 ); + TEST_ASSERT_STREQ( buf, result_str ); exit: mbedtls_x509_crl_free( &crl ); @@ -580,7 +580,7 @@ void test_mbedtls_x509_csr_info( char * csr_file, char * result_str ) TEST_ASSERT( res != -1 ); TEST_ASSERT( res != -2 ); - TEST_ASSERT( strcmp( buf, result_str ) == 0 ); + TEST_ASSERT_STREQ( buf, result_str ); exit: mbedtls_x509_csr_free( &csr ); @@ -605,7 +605,7 @@ void test_x509_verify_info( int flags, char * prefix, char * result_str ) TEST_ASSERT( res >= 0 ); - TEST_ASSERT( strcmp( buf, result_str ) == 0 ); + TEST_ASSERT_STREQ( buf, result_str ); exit: ; } @@ -739,7 +739,7 @@ void test_x509_verify( char *crt_file, char *ca_file, char *crl_file, res = mbedtls_x509_crt_verify_with_profile( &crt, &ca, &crl, profile, cn_name, &flags, f_vrfy, NULL ); - TEST_ASSERT( res == ( result ) ); + TEST_EQUAL( res, result ); TEST_ASSERT( flags == (uint32_t)( flags_result ) ); #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) @@ -879,7 +879,7 @@ void test_mbedtls_x509_dn_gets( char * crt_file, char * entity, char * result_st TEST_ASSERT( res != -1 ); TEST_ASSERT( res != -2 ); - TEST_ASSERT( strcmp( buf, result_str ) == 0 ); + TEST_ASSERT_STREQ( buf, result_str ); exit: mbedtls_x509_crt_free( &crt ); @@ -987,7 +987,7 @@ void test_x509parse_crt( data_t * buf, char * result_str, int result ) TEST_ASSERT( res != -1 ); TEST_ASSERT( res != -2 ); - TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); + TEST_ASSERT_STREQ( (char *) output, result_str ); } mbedtls_x509_crt_free( &crt ); @@ -1002,7 +1002,7 @@ void test_x509parse_crt( data_t * buf, char * result_str, int result ) TEST_ASSERT( res != -1 ); TEST_ASSERT( res != -2 ); - TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); + TEST_ASSERT_STREQ( (char *) output, result_str ); } mbedtls_x509_crt_free( &crt ); @@ -1017,7 +1017,7 @@ void test_x509parse_crt( data_t * buf, char * result_str, int result ) TEST_ASSERT( res != -1 ); TEST_ASSERT( res != -2 ); - TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); + TEST_ASSERT_STREQ( (char *) output, result_str ); } mbedtls_x509_crt_free( &crt ); @@ -1032,7 +1032,7 @@ void test_x509parse_crt( data_t * buf, char * result_str, int result ) TEST_ASSERT( res != -1 ); TEST_ASSERT( res != -2 ); - TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); + TEST_ASSERT_STREQ( (char *) output, result_str ); } exit: @@ -1069,7 +1069,7 @@ void test_x509parse_crt_cb( data_t * buf, char * result_str, int result ) TEST_ASSERT( res != -1 ); TEST_ASSERT( res != -2 ); - TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); + TEST_ASSERT_STREQ( (char *) output, result_str ); } mbedtls_x509_crt_free( &crt ); @@ -1084,7 +1084,7 @@ void test_x509parse_crt_cb( data_t * buf, char * result_str, int result ) TEST_ASSERT( res != -1 ); TEST_ASSERT( res != -2 ); - TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); + TEST_ASSERT_STREQ( (char *) output, result_str ); } exit: @@ -1117,7 +1117,7 @@ void test_x509parse_crl( data_t * buf, char * result_str, int result ) TEST_ASSERT( res != -1 ); TEST_ASSERT( res != -2 ); - TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); + TEST_ASSERT_STREQ( (char *) output, result_str ); } exit: diff --git a/third_party/mbedtls/test/test_suite_x509parse.datax b/third_party/mbedtls/test/test_suite_x509parse.datax index 7eea79002..791ea6a94 100644 --- a/third_party/mbedtls/test/test_suite_x509parse.datax +++ b/third_party/mbedtls/test/test_suite_x509parse.datax @@ -128,35 +128,35 @@ depends_on:0:1:2 X509 CRT information, RSA Certificate Policy any depends_on:0:1:6 -1:char*:"zip:third_party/mbedtls/test/data/test-ca-any_policy.crt":char*:"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-03-21 16\:40\:59\nexpires on \: 2029-03-21 16\:40\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" +1:char*:"zip:third_party/mbedtls/test/data/test-ca-any_policy.crt":char*:"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-03-21 16\:40\:59\nexpires on \: 2029-03-21 16\:40\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncert policies \: Any Policy\n" X509 CRT information, ECDSA Certificate Policy any depends_on:0:10:12:6 -1:char*:"zip:third_party/mbedtls/test/data/test-ca-any_policy_ec.crt":char*:"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-03-25 09\:02\:45\nexpires on \: 2029-03-25 09\:02\:45\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" +1:char*:"zip:third_party/mbedtls/test/data/test-ca-any_policy_ec.crt":char*:"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-03-25 09\:02\:45\nexpires on \: 2029-03-25 09\:02\:45\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncert policies \: Any Policy\n" X509 CRT information, RSA Certificate Policy any with qualifier depends_on:0:1:6 -1:char*:"zip:third_party/mbedtls/test/data/test-ca-any_policy_with_qualifier.crt":char*:"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:14\:31\nexpires on \: 2029-04-28 13\:14\:31\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" +1:char*:"zip:third_party/mbedtls/test/data/test-ca-any_policy_with_qualifier.crt":char*:"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:14\:31\nexpires on \: 2029-04-28 13\:14\:31\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncert policies \: Any Policy\n" X509 CRT information, ECDSA Certificate Policy any with qualifier depends_on:0:10:12:6 -1:char*:"zip:third_party/mbedtls/test/data/test-ca-any_policy_with_qualifier_ec.crt":char*:"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 10\:16\:05\nexpires on \: 2029-04-28 10\:16\:05\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" +1:char*:"zip:third_party/mbedtls/test/data/test-ca-any_policy_with_qualifier_ec.crt":char*:"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 10\:16\:05\nexpires on \: 2029-04-28 10\:16\:05\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncert policies \: Any Policy\n" X509 CRT information, RSA Certificate multiple Policies depends_on:0:1:6 -1:char*:"zip:third_party/mbedtls/test/data/test-ca-multi_policy.crt":char*:"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 12\:59\:19\nexpires on \: 2029-04-28 12\:59\:19\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n" +1:char*:"zip:third_party/mbedtls/test/data/test-ca-multi_policy.crt":char*:"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 12\:59\:19\nexpires on \: 2029-04-28 12\:59\:19\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncert policies \: 1.2.3.4, Any Policy\n" X509 CRT information, ECDSA Certificate multiple Policies depends_on:0:10:12:6 -1:char*:"zip:third_party/mbedtls/test/data/test-ca-multi_policy_ec.crt":char*:"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 12\:59\:51\nexpires on \: 2029-04-28 12\:59\:51\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n" +1:char*:"zip:third_party/mbedtls/test/data/test-ca-multi_policy_ec.crt":char*:"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 12\:59\:51\nexpires on \: 2029-04-28 12\:59\:51\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncert policies \: 1.2.3.4, Any Policy\n" X509 CRT information, RSA Certificate unsupported policy depends_on:0:1:6 -1:char*:"zip:third_party/mbedtls/test/data/test-ca-unsupported_policy.crt":char*:"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:00\:13\nexpires on \: 2029-04-28 13\:00\:13\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n" +1:char*:"zip:third_party/mbedtls/test/data/test-ca-unsupported_policy.crt":char*:"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:00\:13\nexpires on \: 2029-04-28 13\:00\:13\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncert policies \: 1.2.3.4\n" X509 CRT information, ECDSA Certificate unsupported policy depends_on:0:10:12:6 -1:char*:"zip:third_party/mbedtls/test/data/test-ca-unsupported_policy_ec.crt":char*:"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 13\:00\:19\nexpires on \: 2029-04-28 13\:00\:19\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n" +1:char*:"zip:third_party/mbedtls/test/data/test-ca-unsupported_policy_ec.crt":char*:"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 13\:00\:19\nexpires on \: 2029-04-28 13\:00\:19\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncert policies \: 1.2.3.4\n" X509 CRT information, Key Usage + Extended Key Usage depends_on:0:1:6 @@ -2038,7 +2038,7 @@ depends_on:1:6 X509 CRT ASN1 (Unsupported critical policy recognized by callback) depends_on:1:6 -15:hex:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010101040730053003060101300d06092a864886f70d01010b0500030200ff":char*:"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":int:0 +15:hex:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010101040730053003060101300d06092a864886f70d01010b0500030200ff":char*:"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncert policies \: 0.1\n":int:0 X509 CRT ASN1 (Unsupported critical policy not recognized by callback) depends_on:1:6 @@ -2046,11 +2046,11 @@ depends_on:1:6 X509 CRT ASN1 (Unsupported non critical policy recognized by callback) depends_on:1:6 -15:hex:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010100040730053003060101300d06092a864886f70d01010b0500030200ff":char*:"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":int:0 +15:hex:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010100040730053003060101300d06092a864886f70d01010b0500030200ff":char*:"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncert policies \: 0.1\n":int:0 X509 CRT ASN1 (Unsupported non critical policy not recognized by callback) depends_on:1:6 -15:hex:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010100040730053003060100300d06092a864886f70d01010b0500030200ff":char*:"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":int:0 +15:hex:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010100040730053003060100300d06092a864886f70d01010b0500030200ff":char*:"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncert policies \: 0.0\n":int:0 X509 CRL ASN1 (Incorrect first tag) 16:hex:"":char*:"":exp:28 diff --git a/third_party/mbedtls/traceme.c b/third_party/mbedtls/traceme.c new file mode 100644 index 000000000..ceebf3024 --- /dev/null +++ b/third_party/mbedtls/traceme.c @@ -0,0 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ │ +│ Permission to use, copy, modify, and/or distribute this software for │ +│ any purpose with or without fee is hereby granted, provided that the │ +│ above copyright notice and this permission notice appear in all copies. │ +│ │ +│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ +│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ +│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ +│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ +│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ +│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ +│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ +│ PERFORMANCE OF THIS SOFTWARE. │ +╚─────────────────────────────────────────────────────────────────────────────*/ + +int traceme; diff --git a/third_party/mbedtls/traceme.h b/third_party/mbedtls/traceme.h new file mode 100644 index 000000000..7fb91b80a --- /dev/null +++ b/third_party/mbedtls/traceme.h @@ -0,0 +1,10 @@ +#ifndef COSMOPOLITAN_THIRD_PARTY_MBEDTLS_TRACEME_H_ +#define COSMOPOLITAN_THIRD_PARTY_MBEDTLS_TRACEME_H_ +#if !(__ASSEMBLER__ + __LINKER__ + 0) +COSMOPOLITAN_C_START_ + +extern int traceme; + +COSMOPOLITAN_C_END_ +#endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */ +#endif /* COSMOPOLITAN_THIRD_PARTY_MBEDTLS_TRACEME_H_ */ diff --git a/third_party/mbedtls/x509.c b/third_party/mbedtls/x509.c index dc5c5fac2..15ffadfe8 100644 --- a/third_party/mbedtls/x509.c +++ b/third_party/mbedtls/x509.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "libc/fmt/fmt.h" #include "libc/mem/mem.h" #include "libc/stdio/stdio.h" @@ -66,7 +83,7 @@ asm(".include \"libc/disclaimer.inc\""); int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *serial ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; if( ( end - *p ) < 1 ) return( MBEDTLS_ERR_X509_INVALID_SERIAL + @@ -97,7 +114,7 @@ int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end, int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *alg ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; if( ( ret = mbedtls_asn1_get_alg_null( p, end, alg ) ) != 0 ) return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); @@ -111,7 +128,7 @@ int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end, int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *alg, mbedtls_x509_buf *params ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; if( ( ret = mbedtls_asn1_get_alg( p, end, alg, params ) ) != 0 ) return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); @@ -132,7 +149,7 @@ static int x509_get_attr_type_value( unsigned char **p, const unsigned char *end, mbedtls_x509_name *cur ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len; mbedtls_x509_buf *oid; mbedtls_x509_buf *val; @@ -213,7 +230,7 @@ static int x509_get_attr_type_value( unsigned char **p, int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end, mbedtls_x509_name *cur ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t set_len; const unsigned char *end_set; @@ -263,7 +280,7 @@ int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end, } } -static int x509_parse_int( unsigned char **p, size_t n, int *res ) +forceinline int x509_parse_int( unsigned char **p, size_t n, int *res ) { *res = 0; @@ -319,7 +336,7 @@ static int x509_date_is_valid(const mbedtls_x509_time *t ) static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen, mbedtls_x509_time *tm ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; /* * Minimum length is 10 or 12 depending on yearlen @@ -384,7 +401,7 @@ static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen, int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end, mbedtls_x509_time *tm ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len, year_len; unsigned char tag; @@ -413,7 +430,7 @@ int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end, int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len; int tag_type; @@ -442,7 +459,7 @@ int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x50 mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, void **sig_opts ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; if( *sig_opts != NULL ) return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); @@ -465,7 +482,7 @@ int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x50 int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *ext, int tag ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len; /* Extension structure use EXPLICIT tagging. That is, the actual @@ -507,14 +524,14 @@ int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end, */ int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t i, n; unsigned char c, merge = 0; const mbedtls_x509_name *name; const char *short_name = NULL; char s[MBEDTLS_X509_MAX_DN_NAME_SIZE], *p; - memset( s, 0, sizeof( s ) ); + mbedtls_platform_zeroize( s, sizeof( s ) ); name = dn; p = buf; @@ -576,7 +593,7 @@ int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn ) */ int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t i, n, nr; char *p; @@ -612,7 +629,7 @@ int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *s mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, const void *sig_opts ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; char *p = buf; size_t n = size; const char *desc = NULL; @@ -634,7 +651,7 @@ int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name ) { char *p = buf; size_t n = buf_size; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; ret = mbedtls_snprintf( p, n, "%s key size", name ); MBEDTLS_X509_SAFE_SNPRINTF; diff --git a/third_party/mbedtls/x509_create.c b/third_party/mbedtls/x509_create.c index b6c1d747f..4b1c9c4dc 100644 --- a/third_party/mbedtls/x509_create.c +++ b/third_party/mbedtls/x509_create.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "third_party/mbedtls/asn1write.h" #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/error.h" @@ -240,7 +257,7 @@ int mbedtls_x509_set_extension( mbedtls_asn1_named_data **head, const char *oid, */ static int x509_write_name( unsigned char **p, unsigned char *start, mbedtls_asn1_named_data* cur_name) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len = 0; const char *oid = (const char*)cur_name->oid.p; size_t oid_len = cur_name->oid.len; @@ -273,7 +290,7 @@ static int x509_write_name( unsigned char **p, unsigned char *start, mbedtls_asn int mbedtls_x509_write_names( unsigned char **p, unsigned char *start, mbedtls_asn1_named_data *first ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len = 0; mbedtls_asn1_named_data *cur = first; @@ -294,7 +311,7 @@ int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start, const char *oid, size_t oid_len, unsigned char *sig, size_t size ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len = 0; if( *p < start || (size_t)( *p - start ) < size ) @@ -324,7 +341,7 @@ int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start, static int x509_write_extension( unsigned char **p, unsigned char *start, mbedtls_asn1_named_data *ext ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len = 0; MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, ext->val.p + 1, @@ -362,7 +379,7 @@ static int x509_write_extension( unsigned char **p, unsigned char *start, int mbedtls_x509_write_extensions( unsigned char **p, unsigned char *start, mbedtls_asn1_named_data *first ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len = 0; mbedtls_asn1_named_data *cur_ext = first; diff --git a/third_party/mbedtls/x509_crl.c b/third_party/mbedtls/x509_crl.c index 9e70ff0d7..b37f48929 100644 --- a/third_party/mbedtls/x509_crl.c +++ b/third_party/mbedtls/x509_crl.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/error.h" #include "third_party/mbedtls/oid.h" @@ -10,35 +27,18 @@ Mbed TLS (Apache 2.0)\\n\ Copyright ARM Limited\\n\ Copyright Mbed TLS Contributors\""); asm(".include \"libc/disclaimer.inc\""); - /* clang-format off */ -/* - * X.509 Certidicate Revocation List (CRL) parsing + +/** + * @fileoverview X.509 Certidicate Revocation List (CRL) parsing * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 + * The ITU-T X.509 standard defines a certificate format for PKI. * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * The ITU-T X.509 standard defines a certificate format for PKI. - * - * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs) - * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs) - * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10) - * - * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf - * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf + * @see http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs) + * @see http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs) + * @see http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10) + * @see http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf + * @see http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf */ #if defined(MBEDTLS_X509_CRL_PARSE_C) @@ -50,7 +50,7 @@ static int x509_crl_get_version( unsigned char **p, const unsigned char *end, int *ver ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 ) { @@ -77,7 +77,7 @@ static int x509_get_crl_ext( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *ext ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; if( *p == end ) return( 0 ); @@ -157,7 +157,7 @@ static int x509_get_crl_entry_ext( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *ext ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len = 0; /* OPTIONAL */ @@ -211,7 +211,7 @@ static int x509_get_entries( unsigned char **p, const unsigned char *end, mbedtls_x509_crl_entry *entry ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t entry_len; mbedtls_x509_crl_entry *cur_entry = entry; @@ -276,7 +276,7 @@ static int x509_get_entries( unsigned char **p, int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len; unsigned char *p = NULL, *end = NULL; mbedtls_x509_buf sig_params1, sig_params2, sig_oid2; @@ -288,9 +288,9 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, if( crl == NULL || buf == NULL ) return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); - memset( &sig_params1, 0, sizeof( mbedtls_x509_buf ) ); - memset( &sig_params2, 0, sizeof( mbedtls_x509_buf ) ); - memset( &sig_oid2, 0, sizeof( mbedtls_x509_buf ) ); + mbedtls_platform_zeroize( &sig_params1, sizeof( mbedtls_x509_buf ) ); + mbedtls_platform_zeroize( &sig_params2, sizeof( mbedtls_x509_buf ) ); + mbedtls_platform_zeroize( &sig_oid2, sizeof( mbedtls_x509_buf ) ); /* * Add new CRL on the end of the chain if needed. @@ -515,7 +515,7 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen ) { #if defined(MBEDTLS_PEM_PARSE_C) - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t use_len = 0; mbedtls_pem_context pem; int is_pem = 0; @@ -578,7 +578,7 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s */ int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t n; unsigned char *buf; @@ -604,7 +604,7 @@ int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path ) int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix, const mbedtls_x509_crl *crl ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t n; char *p; const mbedtls_x509_crl_entry *entry; @@ -678,7 +678,7 @@ int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix, */ void mbedtls_x509_crl_init( mbedtls_x509_crl *crl ) { - memset( crl, 0, sizeof(mbedtls_x509_crl) ); + mbedtls_platform_zeroize( crl, sizeof(mbedtls_x509_crl) ); } /* diff --git a/third_party/mbedtls/x509_crt.c b/third_party/mbedtls/x509_crt.c index 5045d7cac..f74195568 100644 --- a/third_party/mbedtls/x509_crt.c +++ b/third_party/mbedtls/x509_crt.c @@ -1,9 +1,27 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "libc/bits/bits.h" #include "libc/calls/calls.h" #include "libc/calls/struct/dirent.h" #include "libc/calls/struct/stat.h" #include "libc/fmt/fmt.h" #include "libc/limits.h" +#include "libc/log/log.h" #include "libc/mem/mem.h" #include "libc/stdio/stdio.h" #include "net/http/http.h" @@ -189,30 +207,6 @@ static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile, return -1; } -/* - * Like memcmp, but case-insensitive and always returns -1 if different - */ -static int x509_memcasecmp( const void *s1, const void *s2, size_t len ) -{ - size_t i; - unsigned char diff; - const unsigned char *n1 = s1, *n2 = s2; - for( i = 0; i < len; i++ ) - { - diff = n1[i] ^ n2[i]; - if( diff == 0 ) - continue; - if( diff == 32 && - ( ( n1[i] >= 'a' && n1[i] <= 'z' ) || - ( n1[i] >= 'A' && n1[i] <= 'Z' ) ) ) - { - continue; - } - return -1; - } - return 0; -} - /* * Return 0 if name matches wildcard, -1 otherwise */ @@ -234,7 +228,7 @@ static int x509_check_wildcard( const char *cn, const mbedtls_x509_buf *name ) if( cn_idx == 0 ) return -1; if( cn_len - cn_idx == name->len - 1 && - x509_memcasecmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 ) + memcasecmp( name->p + 1, cn + cn_idx, name->len - 1 ) == 0 ) { return 0; } @@ -258,7 +252,7 @@ static int x509_string_cmp( const mbedtls_x509_buf *a, const mbedtls_x509_buf *b if( ( a->tag == MBEDTLS_ASN1_UTF8_STRING || a->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) && ( b->tag == MBEDTLS_ASN1_UTF8_STRING || b->tag == MBEDTLS_ASN1_PRINTABLE_STRING ) && a->len == b->len && - x509_memcasecmp( a->p, b->p, b->len ) == 0 ) + memcasecmp( a->p, b->p, b->len ) == 0 ) { return 0; } @@ -327,7 +321,7 @@ static int x509_get_version( unsigned char **p, const unsigned char *end, int *ver ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len; if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) ) @@ -358,7 +352,7 @@ static int x509_get_dates( unsigned char **p, mbedtls_x509_time *from, mbedtls_x509_time *to ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len; if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) ) @@ -381,7 +375,7 @@ static int x509_get_uid( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *uid, int n ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; if( *p == end ) return 0; uid->tag = **p; @@ -402,7 +396,7 @@ static int x509_get_basic_constraints( unsigned char **p, int *ca_istrue, int *max_pathlen ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len; /* * BasicConstraints ::= SEQUENCE { @@ -445,7 +439,7 @@ static int x509_get_ns_cert_type( unsigned char **p, const unsigned char *end, unsigned char *ns_cert_type) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_x509_bitstring bs = { 0, 0, NULL }; if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) ) return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); @@ -461,7 +455,7 @@ static int x509_get_key_usage( unsigned char **p, const unsigned char *end, unsigned int *key_usage) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t i; mbedtls_x509_bitstring bs = { 0, 0, NULL }; if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) ) @@ -487,7 +481,7 @@ static int x509_get_ext_key_usage( unsigned char **p, const unsigned char *end, mbedtls_x509_sequence *ext_key_usage) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; if( ( ret = mbedtls_asn1_get_sequence_of( p, end, ext_key_usage, MBEDTLS_ASN1_OID ) ) ) return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); /* Sequence length must be >= 1 */ @@ -528,7 +522,7 @@ static int x509_get_subject_alt_name( unsigned char **p, const unsigned char *end, mbedtls_x509_sequence *subject_alt_name ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len, tag_len; mbedtls_asn1_buf *buf; unsigned char tag; @@ -543,7 +537,7 @@ static int x509_get_subject_alt_name( unsigned char **p, while( *p < end ) { mbedtls_x509_subject_alternative_name dummy_san_buf; - memset( &dummy_san_buf, 0, sizeof( dummy_san_buf ) ); + mbedtls_platform_zeroize( &dummy_san_buf, sizeof( dummy_san_buf ) ); tag = **p; (*p)++; if( ( ret = mbedtls_asn1_get_len( p, end, &tag_len ) ) ) @@ -753,7 +747,7 @@ static int x509_get_crt_ext( unsigned char **p, mbedtls_x509_crt_ext_cb_t cb, void *p_ctx ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len; unsigned char *end_ext_data, *start_ext_octet, *end_ext_octet; if( *p == end ) @@ -915,13 +909,13 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, mbedtls_x509_crt_ext_cb_t cb, void *p_ctx ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len; unsigned char *p, *end, *crt_end; mbedtls_x509_buf sig_params1, sig_params2, sig_oid2; - memset( &sig_params1, 0, sizeof( mbedtls_x509_buf ) ); - memset( &sig_params2, 0, sizeof( mbedtls_x509_buf ) ); - memset( &sig_oid2, 0, sizeof( mbedtls_x509_buf ) ); + mbedtls_platform_zeroize( &sig_params1, sizeof( mbedtls_x509_buf ) ); + mbedtls_platform_zeroize( &sig_params2, sizeof( mbedtls_x509_buf ) ); + mbedtls_platform_zeroize( &sig_oid2, sizeof( mbedtls_x509_buf ) ); /* * Check for valid input */ @@ -1146,7 +1140,7 @@ static int mbedtls_x509_crt_parse_der_internal( mbedtls_x509_crt *chain, mbedtls_x509_crt_ext_cb_t cb, void *p_ctx ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_x509_crt *crt = chain, *prev = NULL; /* * Check for valid input @@ -1354,7 +1348,7 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, #if defined(MBEDTLS_PEM_PARSE_C) if( buf_format == MBEDTLS_X509_FORMAT_PEM ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_pem_context pem; /* 1 rather than 0 since the terminating NULL byte is counted in */ while( buflen > 1 ) @@ -1434,7 +1428,7 @@ int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, */ int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t n; unsigned char *buf; if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) ) @@ -1469,7 +1463,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) DIR *dir = opendir( path ); if( dir == NULL ) return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); - memset( &sb, 0, sizeof( sb ) ); + mbedtls_platform_zeroize( &sb, sizeof( sb ) ); while( ( entry = readdir( dir ) ) != NULL ) { snp_ret = mbedtls_snprintf( entry_name, sizeof entry_name, @@ -1588,7 +1582,7 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, *subject_alt_name, const char *prefix ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t n = *size; char *p = *buf; const mbedtls_x509_sequence *cur = subject_alt_name; @@ -1596,7 +1590,7 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, int parse_ret; while( cur != NULL ) { - memset( &san, 0, sizeof( san ) ); + mbedtls_platform_zeroize( &san, sizeof( san ) ); parse_ret = mbedtls_x509_parse_subject_alt_name( &cur->buf, &san ); if( parse_ret ) { @@ -1750,7 +1744,7 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, mbedtls_x509_subject_alternative_name *san ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; switch( san_buf->tag & ( MBEDTLS_ASN1_TAG_CLASS_MASK | MBEDTLS_ASN1_TAG_VALUE_MASK ) ) @@ -1764,7 +1758,7 @@ int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, ret = x509_get_other_name( san_buf, &other_name ); if( ret ) return ret; - memset( san, 0, sizeof( mbedtls_x509_subject_alternative_name ) ); + mbedtls_platform_zeroize( san, sizeof( mbedtls_x509_subject_alternative_name ) ); san->type = MBEDTLS_X509_SAN_OTHER_NAME; memcpy( &san->san.other_name, &other_name, sizeof( other_name ) ); @@ -1775,7 +1769,7 @@ int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, */ case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME ): { - memset( san, 0, sizeof( mbedtls_x509_subject_alternative_name ) ); + mbedtls_platform_zeroize( san, sizeof( mbedtls_x509_subject_alternative_name ) ); san->type = MBEDTLS_X509_SAN_DNS_NAME; memcpy( &san->san.unstructured_name, san_buf, sizeof( *san_buf ) ); } @@ -1785,7 +1779,7 @@ int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, */ case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER ): { - memset( san, 0, sizeof( mbedtls_x509_subject_alternative_name ) ); + mbedtls_platform_zeroize( san, sizeof( mbedtls_x509_subject_alternative_name ) ); san->type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER; memcpy( &san->san.unstructured_name, san_buf, sizeof( *san_buf ) ); } @@ -1795,7 +1789,7 @@ int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, */ case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_RFC822_NAME ): { - memset( san, 0, sizeof( mbedtls_x509_subject_alternative_name ) ); + mbedtls_platform_zeroize( san, sizeof( mbedtls_x509_subject_alternative_name ) ); san->type = MBEDTLS_X509_SAN_RFC822_NAME; memcpy( &san->san.unstructured_name, san_buf, sizeof( *san_buf ) ); } @@ -1805,7 +1799,7 @@ int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, */ case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_IP_ADDRESS ): { - memset( san, 0, sizeof( mbedtls_x509_subject_alternative_name ) ); + mbedtls_platform_zeroize( san, sizeof( mbedtls_x509_subject_alternative_name ) ); san->type = MBEDTLS_X509_SAN_IP_ADDRESS; san->san.ip = READ32BE(san_buf->p); } @@ -1833,7 +1827,7 @@ int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, static int x509_info_cert_type( char **buf, size_t *size, unsigned char ns_cert_type ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t n = *size; char *p = *buf; const char *sep = ""; @@ -1857,7 +1851,7 @@ static int x509_info_cert_type( char **buf, size_t *size, static int x509_info_key_usage( char **buf, size_t *size, unsigned int key_usage ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t n = *size; char *p = *buf; const char *sep = ""; @@ -1878,16 +1872,20 @@ static int x509_info_key_usage( char **buf, size_t *size, static int x509_info_ext_key_usage( char **buf, size_t *size, const mbedtls_x509_sequence *extended_key_usage ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; const char *desc; size_t n = *size; char *p = *buf; + char tmp[48]; const mbedtls_x509_sequence *cur = extended_key_usage; const char *sep = ""; while( cur ) { if( mbedtls_oid_get_extended_key_usage( &cur->buf, &desc ) ) - desc = "???"; + { + mbedtls_oid_get_numeric_string(tmp, sizeof(tmp), &cur->buf); + desc = tmp; + } ret = mbedtls_snprintf( p, n, "%s%s", sep, desc ); MBEDTLS_X509_SAFE_SNPRINTF; sep = ", "; @@ -1901,15 +1899,19 @@ static int x509_info_ext_key_usage( char **buf, size_t *size, static int x509_info_cert_policies( char **buf, size_t *size, const mbedtls_x509_sequence *certificate_policies ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; const char *desc; size_t n = *size; char *p = *buf; + char tmp[48]; const mbedtls_x509_sequence *cur = certificate_policies; const char *sep = ""; while( cur ) { if( mbedtls_oid_get_certificate_policies( &cur->buf, &desc ) ) - desc = "???"; + { + mbedtls_oid_get_numeric_string(tmp, sizeof(tmp), &cur->buf); + desc = tmp; + } ret = mbedtls_snprintf( p, n, "%s%s", sep, desc ); MBEDTLS_X509_SAFE_SNPRINTF; sep = ", "; @@ -1938,7 +1940,7 @@ static int x509_info_cert_policies( char **buf, size_t *size, int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, const mbedtls_x509_crt *crt ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t n; char *p; char key_size_str[BEFORE_COLON]; @@ -1984,7 +1986,7 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, MBEDTLS_X509_SAFE_SNPRINTF; /* Key size */ if( ( ret = mbedtls_x509_key_size_helper( key_size_str, BEFORE_COLON, - mbedtls_pk_get_name( &crt->pk ) ) ) ) + mbedtls_pk_get_name( &crt->pk ) ) ) ) { return ret; } @@ -2038,7 +2040,7 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, } if( crt->ext_types & MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES ) { - ret = mbedtls_snprintf( p, n, "\n%scertificate policies : ", prefix ); + ret = mbedtls_snprintf( p, n, "\n%scert policies : ", prefix ); MBEDTLS_X509_SAFE_SNPRINTF; if( ( ret = x509_info_cert_policies( &p, &n, &crt->certificate_policies ) ) ) @@ -2093,7 +2095,7 @@ static const struct x509_crt_verify_string x509_crt_verify_strings[] = { int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, uint32_t flags ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; const struct x509_crt_verify_string *cur; char *p = buf; size_t n = size; @@ -2406,7 +2408,7 @@ static int x509_crt_find_parent_in( unsigned self_cnt, mbedtls_x509_crt_restart_ctx *rs_ctx ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_x509_crt *parent, *fallback_parent; int signature_is_good = 0, fallback_signature_is_good; #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) @@ -2513,7 +2515,7 @@ static int x509_crt_find_parent( unsigned self_cnt, mbedtls_x509_crt_restart_ctx *rs_ctx ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_x509_crt *search_list; *parent_is_trusted = 1; #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) @@ -2634,7 +2636,7 @@ static int x509_crt_verify_chain( { /* Don't initialize any of those variables here, so that the compiler can * catch potential issues with jumping ahead when restarting */ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; uint32_t *flags; mbedtls_x509_crt_verify_chain_item *cur; mbedtls_x509_crt *child; @@ -2777,7 +2779,7 @@ static int x509_crt_check_cn( const mbedtls_x509_buf *name, { /* try exact match */ if( name->len == cn_len && - x509_memcasecmp( cn, name->p, cn_len ) == 0 ) + memcasecmp( cn, name->p, cn_len ) == 0 ) { return 0; } @@ -2855,7 +2857,7 @@ static int x509_crt_merge_flags_with_cb( int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *), void *p_vrfy ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned i; uint32_t cur_flags; const mbedtls_x509_crt_verify_chain_item *cur; @@ -2899,7 +2901,7 @@ static int x509_crt_verify_restartable_ca_cb( mbedtls_x509_crt *crt, void *p_vrfy, mbedtls_x509_crt_restart_ctx *rs_ctx ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; mbedtls_pk_type_t pk_type; mbedtls_x509_crt_verify_chain ver_chain; uint32_t ee_flags; @@ -3169,7 +3171,7 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, */ void mbedtls_x509_crt_init( mbedtls_x509_crt *crt ) { - memset( crt, 0, sizeof(mbedtls_x509_crt) ); + mbedtls_platform_zeroize( crt, sizeof(mbedtls_x509_crt) ); } /** diff --git a/third_party/mbedtls/x509_csr.c b/third_party/mbedtls/x509_csr.c index 38588ac75..c4971b84d 100644 --- a/third_party/mbedtls/x509_csr.c +++ b/third_party/mbedtls/x509_csr.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/error.h" #include "third_party/mbedtls/oid.h" @@ -12,33 +29,17 @@ Copyright ARM Limited\\n\ Copyright Mbed TLS Contributors\""); asm(".include \"libc/disclaimer.inc\""); -/* - * X.509 Certificate Signing Request (CSR) parsing +/** + * @fileoverview X.509 Certificate Signing Request (CSR) parsing * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 + * The ITU-T X.509 standard defines a certificate format for PKI. * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at + * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs) + * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs) + * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10) * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * The ITU-T X.509 standard defines a certificate format for PKI. - * - * http://www.ietf.org/rfc/rfc5280.txt (Certificates and CRLs) - * http://www.ietf.org/rfc/rfc3279.txt (Alg IDs for CRLs) - * http://www.ietf.org/rfc/rfc2986.txt (CSRs, aka PKCS#10) - * - * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf - * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf + * http://www.itu.int/ITU-T/studygroups/com17/languages/X.680-0207.pdf + * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf */ #if defined(MBEDTLS_X509_CSR_PARSE_C) @@ -50,7 +51,7 @@ static int x509_csr_get_version( unsigned char **p, const unsigned char *end, int *ver ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 ) { @@ -80,12 +81,12 @@ static int x509_csr_get_version( unsigned char **p, int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len; unsigned char *p, *end; mbedtls_x509_buf sig_params; - memset( &sig_params, 0, sizeof( mbedtls_x509_buf ) ); + mbedtls_platform_zeroize( &sig_params, sizeof( mbedtls_x509_buf ) ); /* * Check for valid input @@ -261,7 +262,7 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen ) { #if defined(MBEDTLS_PEM_PARSE_C) - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t use_len; mbedtls_pem_context pem; #endif @@ -317,7 +318,7 @@ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, siz */ int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t n; unsigned char *buf; if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 ) @@ -346,7 +347,7 @@ int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path ) int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix, const mbedtls_x509_csr *csr ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t n; char *p; char key_size_str[BEFORE_COLON]; @@ -390,7 +391,7 @@ int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix, */ void mbedtls_x509_csr_init( mbedtls_x509_csr *csr ) { - memset( csr, 0, sizeof(mbedtls_x509_csr) ); + mbedtls_platform_zeroize( csr, sizeof(mbedtls_x509_csr) ); } /** diff --git a/third_party/mbedtls/x509write_crt.c b/third_party/mbedtls/x509write_crt.c index 73dbaac3b..7c79bf0b4 100644 --- a/third_party/mbedtls/x509write_crt.c +++ b/third_party/mbedtls/x509write_crt.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "third_party/mbedtls/asn1write.h" #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/error.h" @@ -48,8 +65,7 @@ asm(".include \"libc/disclaimer.inc\""); */ void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx ) { - memset( ctx, 0, sizeof( mbedtls_x509write_cert ) ); - + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_x509write_cert ) ); mbedtls_mpi_init( &ctx->serial ); ctx->version = MBEDTLS_X509_CRT_VERSION_3; } @@ -168,7 +184,7 @@ int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx, int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; if( ( ret = mbedtls_mpi_copy( &ctx->serial, serial ) ) != 0 ) return( ret ); @@ -242,11 +258,11 @@ int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx, int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx, int is_ca, int max_pathlen ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char buf[9]; unsigned char *c = buf + sizeof(buf); size_t len = 0; - memset( buf, 0, sizeof(buf) ); + mbedtls_platform_zeroize( buf, sizeof(buf) ); if( is_ca && max_pathlen > 127 ) return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); if( is_ca ) @@ -280,11 +296,11 @@ int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx, */ int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */ unsigned char *c = buf + sizeof(buf); size_t len = 0; - memset( buf, 0, sizeof(buf) ); + mbedtls_platform_zeroize( buf, sizeof(buf) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, ctx->subject_key ) ); ret = mbedtls_sha1_ret( buf + sizeof( buf ) - len, len, @@ -313,11 +329,11 @@ int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ct */ int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */ unsigned char *c = buf + sizeof( buf ); size_t len = 0; - memset( buf, 0, sizeof(buf) ); + mbedtls_platform_zeroize( buf, sizeof(buf) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, ctx->issuer_key ) ); ret = mbedtls_sha1_ret( buf + sizeof( buf ) - len, len, @@ -355,7 +371,7 @@ int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx, { unsigned char buf[5], ku[2]; unsigned char *c; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; const unsigned int allowed_bits = MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT | @@ -398,7 +414,7 @@ int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx, { unsigned char buf[4]; unsigned char *c; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; c = buf + 4; ret = mbedtls_asn1_write_named_bitstring( &c, buf, &ns_cert_type, 8 ); if( ret < 3 || ret > 4 ) @@ -431,7 +447,7 @@ int mbedtls_x509write_crt_set_ext_key_usage(mbedtls_x509write_cert *ctx, } len = 0; c = buf + sizeof(buf); - memset(buf, 0, sizeof(buf)); + mbedtls_platform_zeroize(buf, sizeof(buf)); if (ns_cert_type & MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT) { MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid(&c, buf, MBEDTLS_OID_CLIENT_AUTH, @@ -461,7 +477,7 @@ int mbedtls_x509write_crt_set_ext_key_usage(mbedtls_x509write_cert *ctx, static int x509_write_time( unsigned char **p, unsigned char *start, const char *t, size_t size ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t len = 0; /* * write MBEDTLS_ASN1_UTC_TIME if year < 2050 (2 bytes shorter) @@ -512,7 +528,7 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; const char *sig_oid; size_t sig_oid_len = 0; unsigned char *c, *c2; @@ -694,7 +710,7 @@ int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *crt, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t olen; if( ( ret = mbedtls_x509write_crt_der( crt, buf, size, f_rng, p_rng ) ) < 0 ) diff --git a/third_party/mbedtls/x509write_csr.c b/third_party/mbedtls/x509write_csr.c index a8112ec52..5a3dcf2aa 100644 --- a/third_party/mbedtls/x509write_csr.c +++ b/third_party/mbedtls/x509write_csr.c @@ -1,3 +1,20 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:4;tab-width:4;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright The Mbed TLS Contributors │ +│ │ +│ Licensed under the Apache License, Version 2.0 (the "License"); │ +│ you may not use this file except in compliance with the License. │ +│ You may obtain a copy of the License at │ +│ │ +│ http://www.apache.org/licenses/LICENSE-2.0 │ +│ │ +│ Unless required by applicable law or agreed to in writing, software │ +│ distributed under the License is distributed on an "AS IS" BASIS, │ +│ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. │ +│ See the License for the specific language governing permissions and │ +│ limitations under the License. │ +╚─────────────────────────────────────────────────────────────────────────────*/ #include "third_party/mbedtls/asn1write.h" #include "third_party/mbedtls/common.h" #include "third_party/mbedtls/error.h" @@ -46,7 +63,7 @@ asm(".include \"libc/disclaimer.inc\""); */ void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx ) { - memset( ctx, 0, sizeof( mbedtls_x509write_csr ) ); + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_x509write_csr ) ); } /** @@ -145,7 +162,7 @@ int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned ch { unsigned char buf[4]; unsigned char *c; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; c = buf + 4; ret = mbedtls_asn1_write_named_bitstring( &c, buf, &key_usage, 8 ); if( ret < 3 || ret > 4 ) @@ -172,7 +189,7 @@ int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx, { unsigned char buf[4]; unsigned char *c; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; c = buf + 4; ret = mbedtls_asn1_write_named_bitstring( &c, buf, &ns_cert_type, 8 ); if( ret < 3 || ret > 4 ) @@ -192,7 +209,7 @@ static int x509write_csr_der_internal( mbedtls_x509write_csr *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; const char *sig_oid; size_t sig_oid_len = 0; unsigned char *c, *c2; @@ -300,7 +317,7 @@ static int x509write_csr_der_internal( mbedtls_x509write_csr *ctx, &c2, buf, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); /* Zero the unused bytes at the start of buf */ - memset( buf, 0, c2 - buf); + mbedtls_platform_zeroize( buf, c2 - buf); return( (int) len ); } @@ -365,7 +382,7 @@ int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, s int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = MBEDTLS_ERR_THIS_CORRUPTION; size_t olen = 0; if( ( ret = mbedtls_x509write_csr_der( ctx, buf, size, f_rng, p_rng ) ) < 0 ) diff --git a/third_party/mbedtls/zeroize.c b/third_party/mbedtls/zeroize.c index 87fffacae..3119f7322 100644 --- a/third_party/mbedtls/zeroize.c +++ b/third_party/mbedtls/zeroize.c @@ -19,75 +19,52 @@ #include "libc/str/str.h" #include "third_party/mbedtls/platform.h" +typedef long long xmm_t __attribute__((__vector_size__(16), __aligned__(1))); + void mbedtls_platform_zeroize(void *p, size_t n) { - MBEDTLS_INTERNAL_VALIDATE(!n || p); char *b; uint64_t x; + MBEDTLS_INTERNAL_VALIDATE(!n || p); x = 0; b = p; switch (n) { case 0: - return; + break; case 1: __builtin_memcpy(b, &x, 1); - return; + break; case 2: __builtin_memcpy(b, &x, 2); - return; + break; case 3: __builtin_memcpy(b, &x, 2); __builtin_memcpy(b + 1, &x, 2); - return; + break; case 4: __builtin_memcpy(b, &x, 4); - return; + break; case 5 ... 7: __builtin_memcpy(b, &x, 4); __builtin_memcpy(b + n - 4, &x, 4); - return; + break; case 8: __builtin_memcpy(b, &x, 8); - return; - case 9 ... 16: + break; + case 9 ... 15: __builtin_memcpy(b, &x, 8); __builtin_memcpy(b + n - 8, &x, 8); - return; + break; + case 16: + *(xmm_t *)b = (xmm_t){0}; + break; default: - do { - n -= 16; - __builtin_memcpy(b + n, &x, 8); - asm volatile("" ::: "memory"); - __builtin_memcpy(b + n + 8, &x, 8); - } while (n >= 16); - switch (n) { - case 0: - return; - case 1: - __builtin_memcpy(b, &x, 1); - return; - case 2: - __builtin_memcpy(b, &x, 2); - return; - case 3: - __builtin_memcpy(b, &x, 2); - __builtin_memcpy(b + 1, &x, 2); - return; - case 4: - __builtin_memcpy(b, &x, 4); - return; - case 5 ... 7: - __builtin_memcpy(b, &x, 4); - __builtin_memcpy(b + n - 4, &x, 4); - return; - case 8: - __builtin_memcpy(b, &x, 8); - return; - case 9 ... 15: - __builtin_memcpy(b, &x, 8); - __builtin_memcpy(b + n - 8, &x, 8); - return; - default: - unreachable; + while (n > 32) { + *(xmm_t *)(b + n - 16) = (xmm_t){0}; + *(xmm_t *)(b + n - 32) = (xmm_t){0}; + n -= 32; } + if (n > 16) *(xmm_t *)(b + n - 16) = (xmm_t){0}; + *(xmm_t *)b = (xmm_t){0}; + break; } } diff --git a/third_party/quickjs/libbf.c b/third_party/quickjs/libbf.c index d2e2f84de..4400b3f5a 100644 --- a/third_party/quickjs/libbf.c +++ b/third_party/quickjs/libbf.c @@ -22,6 +22,7 @@ * THE SOFTWARE. */ #include "libc/assert.h" +#include "libc/bits/avxintrin.internal.h" #include "libc/inttypes.h" #include "libc/stdio/stdio.h" #include "libc/str/str.h" @@ -35,9 +36,9 @@ Copyright (c) 2017-2021 Charlie Gordon\""); asm(".include \"libc/disclaimer.inc\""); /* TODO(jart): let's use asm() instead of intel's strange and unusual veneer */ -#ifdef __AVX2__ -#undef __AVX2__ -#endif +/* #ifdef __AVX2__ */ +/* #undef __AVX2__ */ +/* #endif */ /* clang-format off */ @@ -50,19 +51,15 @@ asm(".include \"libc/disclaimer.inc\""); //#define inline __attribute__((always_inline)) -#ifdef __AVX2__ #define FFT_MUL_THRESHOLD 100 /* in limbs of the smallest factor */ -#else -#define FFT_MUL_THRESHOLD 100 /* in limbs of the smallest factor */ -#endif /* XXX: adjust */ #define DIVNORM_LARGE_THRESHOLD 50 #define UDIV1NORM_THRESHOLD 3 #if LIMB_BITS == 64 -#define FMT_LIMB1 "%" PRIx64 -#define FMT_LIMB "%016" PRIx64 +#define FMT_LIMB1 "%" PRIx64 +#define FMT_LIMB "%016" PRIx64 #define PRId_LIMB PRId64 #define PRIu_LIMB PRIu64 @@ -200,7 +197,7 @@ void bf_init(bf_context_t *s, bf_t *r) int bf_resize(bf_t *r, limb_t len) { limb_t *tab; - + if (len != r->len) { tab = bf_realloc(r->ctx, r->tab, len * sizeof(limb_t)); if (!tab && len != 0) @@ -218,7 +215,7 @@ int bf_set_ui(bf_t *r, uint64_t a) if (a == 0) { r->expn = BF_EXP_ZERO; bf_resize(r, 0); /* cannot fail */ - } + } #if LIMB_BITS == 32 else if (a <= 0xffffffff) #else @@ -380,7 +377,7 @@ static inline limb_t scan_bit_nz(const bf_t *r, slimb_t bit_pos) { slimb_t pos; limb_t v; - + pos = bit_pos >> LIMB_LOG2_BITS; if (pos < 0) return 0; @@ -403,7 +400,7 @@ static int bf_get_rnd_add(int *pret, const bf_t *r, limb_t l, { int add_one, inexact; limb_t bit1, bit0; - + if (rnd_mode == BF_RNDF) { bit0 = 1; /* faithful rounding does not honor the INEXACT flag */ } else { @@ -414,7 +411,7 @@ static int bf_get_rnd_add(int *pret, const bf_t *r, limb_t l, /* get the bit at 'prec' */ bit1 = get_bit(r->tab, l, l * LIMB_BITS - 1 - prec); inexact = (bit1 | bit0) != 0; - + add_one = 0; switch(rnd_mode) { case BF_RNDZ: @@ -445,7 +442,7 @@ static int bf_get_rnd_add(int *pret, const bf_t *r, limb_t l, default: abort(); } - + if (inexact) *pret |= BF_ST_INEXACT; return add_one; @@ -455,7 +452,7 @@ static int bf_set_overflow(bf_t *r, int sign, limb_t prec, bf_flags_t flags) { slimb_t i, l, e_max; int rnd_mode; - + rnd_mode = flags & BF_RND_MASK; if (prec == BF_PREC_INF || rnd_mode == BF_RNDN || @@ -498,7 +495,7 @@ static int __bf_round(bf_t *r, limb_t prec1, bf_flags_t flags, limb_t l, e_range = (limb_t)1 << (bf_get_exp_bits(flags) - 1); e_min = -e_range + 3; e_max = e_range; - + if (flags & BF_FLAG_RADPNT_PREC) { /* 'prec' is the precision after the radix point */ if (prec1 != BF_PREC_INF) @@ -517,7 +514,7 @@ static int __bf_round(bf_t *r, limb_t prec1, bf_flags_t flags, limb_t l, /* round to prec bits */ rnd_mode = flags & BF_RND_MASK; add_one = bf_get_rnd_add(&ret, r, l, prec, rnd_mode); - + if (prec <= 0) { if (add_one) { bf_resize(r, 1); /* cannot fail */ @@ -530,12 +527,12 @@ static int __bf_round(bf_t *r, limb_t prec1, bf_flags_t flags, limb_t l, } } else if (add_one) { limb_t carry; - + /* add one starting at digit 'prec - 1' */ bit_pos = l * LIMB_BITS - 1 - (prec - 1); pos = bit_pos >> LIMB_LOG2_BITS; carry = (limb_t)1 << (bit_pos & (LIMB_BITS - 1)); - + for(i = pos; i < l; i++) { v = r->tab[i] + carry; carry = (v < carry); @@ -554,7 +551,7 @@ static int __bf_round(bf_t *r, limb_t prec1, bf_flags_t flags, limb_t l, r->expn++; } } - + /* check underflow */ if (unlikely(r->expn < e_min)) { if (flags & BF_FLAG_SUBNORMAL) { @@ -568,11 +565,11 @@ static int __bf_round(bf_t *r, limb_t prec1, bf_flags_t flags, limb_t l, return ret; } } - + /* check overflow */ if (unlikely(r->expn > e_max)) return bf_set_overflow(r, r->sign, prec1, flags); - + /* keep the bits starting at 'prec - 1' */ bit_pos = l * LIMB_BITS - 1 - (prec - 1); i = bit_pos >> LIMB_LOG2_BITS; @@ -600,7 +597,7 @@ int bf_normalize_and_round(bf_t *r, limb_t prec1, bf_flags_t flags) limb_t l, v, a; int shift, ret; slimb_t i; - + // bf_print_str("bf_renorm", r); l = r->len; while (l > 0 && r->tab[l - 1] == 0) @@ -639,7 +636,7 @@ int bf_can_round(const bf_t *a, slimb_t prec, bf_rnd_t rnd_mode, slimb_t k) BOOL is_rndn; slimb_t bit_pos, n; limb_t bit; - + if (a->expn == BF_EXP_INF || a->expn == BF_EXP_NAN) return FALSE; if (rnd_mode == BF_RNDF) { @@ -653,7 +650,7 @@ int bf_can_round(const bf_t *a, slimb_t prec, bf_rnd_t rnd_mode, slimb_t k) bit_pos = a->len * LIMB_BITS - 1 - prec; n = k - prec; /* bit pattern for RNDN or RNDNA: 0111.. or 1000... - for other rounding modes: 000... or 111... + for other rounding modes: 000... or 111... */ bit = get_bit(a->tab, a->len, bit_pos); bit_pos--; @@ -745,7 +742,7 @@ int bf_cmpu(const bf_t *a, const bf_t *b) { slimb_t i; limb_t len, v1, v2; - + if (a->expn != b->expn) { if (a->expn < b->expn) return -1; @@ -770,7 +767,7 @@ int bf_cmpu(const bf_t *a, const bf_t *b) int bf_cmp_full(const bf_t *a, const bf_t *b) { int res; - + if (a->expn == BF_EXP_NAN || b->expn == BF_EXP_NAN) { if (a->expn == b->expn) res = 0; @@ -794,7 +791,7 @@ int bf_cmp_full(const bf_t *a, const bf_t *b) int bf_cmp(const bf_t *a, const bf_t *b) { int res; - + if (a->expn == BF_EXP_NAN || b->expn == BF_EXP_NAN) { res = 2; } else if (a->sign != b->sign) { @@ -813,7 +810,7 @@ int bf_cmp(const bf_t *a, const bf_t *b) /* Compute the number of bits 'n' matching the pattern: a= X1000..0 b= X0111..1 - + When computing a-b, the result will have at least n leading zero bits. @@ -928,7 +925,7 @@ static int bf_add_internal(bf_t *r, const bf_t *a, const bf_t *b, limb_t prec, } else { cancelled_bits = 0; } - + /* add two extra bits for rounding */ precl = (cancelled_bits + prec + 2 + LIMB_BITS - 1) / LIMB_BITS; tot_len = bf_max(a->len, b->len + (d + LIMB_BITS - 1) / LIMB_BITS); @@ -946,7 +943,7 @@ static int bf_add_internal(bf_t *r, const bf_t *a, const bf_t *b, limb_t prec, while (i < 0) { slimb_t ap, bp; BOOL inflag; - + ap = a_offset + i; bp = b_bit_offset + i * LIMB_BITS; inflag = FALSE; @@ -970,7 +967,7 @@ static int bf_add_internal(bf_t *r, const bf_t *a, const bf_t *b, limb_t prec, if (ap < 0) i = bf_min(i, -a_offset); /* b_bit_offset + i * LIMB_BITS + LIMB_BITS >= 1 - equivalent to + equivalent to i >= ceil(-b_bit_offset + 1 - LIMB_BITS) / LIMB_BITS) */ if (bp + LIMB_BITS <= 0) @@ -1027,12 +1024,12 @@ static int __bf_sub(bf_t *r, const bf_t *a, const bf_t *b, limb_t prec, return bf_add_internal(r, a, b, prec, flags, 1); } -limb_t mp_add(limb_t *res, const limb_t *op1, const limb_t *op2, +limb_t mp_add(limb_t *res, const limb_t *op1, const limb_t *op2, limb_t n, limb_t carry) { slimb_t i; limb_t k, a, v, k1; - + k = carry; for(i=0;i> shift. Return the remainder r (0 <= r < 2^shift). +/* r = (a + high*B^n) >> shift. Return the remainder r (0 <= r < 2^shift). 1 <= shift <= LIMB_BITS - 1 */ -static limb_t mp_shr(limb_t *tab_r, const limb_t *tab, mp_size_t n, +static limb_t mp_shr(limb_t *tab_r, const limb_t *tab, mp_size_t n, int shift, limb_t high) { mp_size_t i; @@ -1133,7 +1130,7 @@ static limb_t mp_shr(limb_t *tab_r, const limb_t *tab, mp_size_t n, } /* tabr[] = taba[] * b + l. Return the high carry */ -static limb_t mp_mul1(limb_t *tabr, const limb_t *taba, limb_t n, +static limb_t mp_mul1(limb_t *tabr, const limb_t *taba, limb_t n, limb_t b, limb_t l) { limb_t i; @@ -1153,7 +1150,7 @@ static limb_t mp_add_mul1(limb_t *tabr, const limb_t *taba, limb_t n, { limb_t i, l; dlimb_t t; - + l = 0; for(i = 0; i < n; i++) { t = (dlimb_t)taba[i] * (dlimb_t)b + l + tabr[i]; @@ -1164,12 +1161,12 @@ static limb_t mp_add_mul1(limb_t *tabr, const limb_t *taba, limb_t n, } /* size of the result : op1_size + op2_size. */ -static void mp_mul_basecase(limb_t *result, - const limb_t *op1, limb_t op1_size, - const limb_t *op2, limb_t op2_size) +static void mp_mul_basecase(limb_t *result, + const limb_t *op1, limb_t op1_size, + const limb_t *op2, limb_t op2_size) { limb_t i, r; - + result[op1_size] = mp_mul1(result, op1, op1_size, op2[0], 0); for(i=1;i= FFT_MUL_THRESHOLD)) { @@ -1206,7 +1203,7 @@ static limb_t mp_sub_mul1(limb_t *tabr, const limb_t *taba, limb_t n, { limb_t i, l; dlimb_t t; - + l = 0; for(i = 0; i < n; i++) { t = tabr[i] - (dlimb_t)taba[i] * (dlimb_t)b - l; @@ -1270,15 +1267,15 @@ static limb_t mp_div1norm(limb_t *tabr, const limb_t *taba, limb_t n, return r; } -static int mp_divnorm_large(bf_context_t *s, - limb_t *tabq, limb_t *taba, limb_t na, +static int mp_divnorm_large(bf_context_t *s, + limb_t *tabq, limb_t *taba, limb_t na, const limb_t *tabb, limb_t nb); /* base case division: divides taba[0..na-1] by tabb[0..nb-1]. tabb[nb - 1] must be >= 1 << (LIMB_BITS - 1). na - nb must be >= 0. 'taba' is modified and contains the remainder (nb limbs). tabq[0..na-nb] contains the quotient with tabq[na - nb] <= 1. */ -static int mp_divnorm(bf_context_t *s, limb_t *tabq, limb_t *taba, limb_t na, +static int mp_divnorm(bf_context_t *s, limb_t *tabq, limb_t *taba, limb_t na, const limb_t *tabb, limb_t nb) { limb_t r, a, c, q, v, b1, b1_inv, n, dummy_r; @@ -1293,7 +1290,7 @@ static int mp_divnorm(bf_context_t *s, limb_t *tabq, limb_t *taba, limb_t na, if (bf_min(n, nb) >= DIVNORM_LARGE_THRESHOLD) { return mp_divnorm_large(s, tabq, taba, na, tabb, nb); } - + if (n >= UDIV1NORM_THRESHOLD) b1_inv = udiv1norm_init(b1); else @@ -1312,7 +1309,7 @@ static int mp_divnorm(bf_context_t *s, limb_t *tabq, limb_t *taba, limb_t na, if (q) { mp_sub(taba + n, taba + n, tabb, nb, 0); } - + for(i = n - 1; i >= 0; i--) { if (unlikely(taba[i + nb] >= b1)) { q = -1; @@ -1351,14 +1348,14 @@ static int mp_divnorm(bf_context_t *s, limb_t *tabq, limb_t *taba, limb_t na, /* compute r=B^(2*n)/a such as a*r < B^(2*n) < a*r + 2 with n >= 1. 'a' has n limbs with a[n-1] >= B/2 and 'r' has n+1 limbs with r[n] = 1. - + See Modern Computer Arithmetic by Richard P. Brent and Paul Zimmermann, algorithm 3.5 */ int mp_recip(bf_context_t *s, limb_t *tabr, const limb_t *taba, limb_t n) { mp_size_t l, h, k, i; limb_t *tabxh, *tabt, c, *tabu; - + if (n <= 2) { /* return ceil(B^(2*n)/a) - 1 */ /* XXX: could avoid allocation */ @@ -1436,8 +1433,8 @@ static int mp_cmp(const limb_t *taba, const limb_t *tabb, mp_size_t n) //#define DEBUG_DIVNORM_LARGE2 /* subquadratic divnorm */ -static int mp_divnorm_large(bf_context_t *s, - limb_t *tabq, limb_t *taba, limb_t na, +static int mp_divnorm_large(bf_context_t *s, + limb_t *tabq, limb_t *taba, limb_t na, const limb_t *tabb, limb_t nb) { limb_t *tabb_inv, nq, *tabt, i, n; @@ -1450,7 +1447,7 @@ static int mp_divnorm_large(bf_context_t *s, assert(nq >= 1); n = nq; if (nq < nb) - n++; + n++; tabb_inv = bf_malloc(s, sizeof(limb_t) * (n + 1)); tabt = bf_malloc(s, sizeof(limb_t) * 2 * (n + 1)); if (!tabb_inv || !tabt) @@ -1479,7 +1476,7 @@ static int mp_divnorm_large(bf_context_t *s, /* Q=A*B^-1 */ if (mp_mul(s, tabt, tabb_inv, n + 1, taba + na - (n + 1), n + 1)) goto fail; - + for(i = 0; i < nq + 1; i++) tabq[i] = tabt[i + 2 * (n + 1) - (nq + 1)]; #ifdef DEBUG_DIVNORM_LARGE @@ -1489,7 +1486,7 @@ static int mp_divnorm_large(bf_context_t *s, bf_free(s, tabt); bf_free(s, tabb_inv); tabb_inv = NULL; - + /* R=A-B*Q */ tabt = bf_malloc(s, sizeof(limb_t) * (na + 1)); if (!tabt) @@ -1560,10 +1557,10 @@ int bf_mul(bf_t *r, const bf_t *a, const bf_t *b, limb_t prec, bf_t tmp, *r1 = NULL; limb_t a_len, b_len, precl; limb_t *a_tab, *b_tab; - + a_len = a->len; b_len = b->len; - + if ((flags & BF_RND_MASK) == BF_RNDF) { /* faithful rounding does not require using the full inputs */ precl = (prec + 2 + LIMB_BITS - 1) / LIMB_BITS; @@ -1572,7 +1569,7 @@ int bf_mul(bf_t *r, const bf_t *a, const bf_t *b, limb_t prec, } a_tab = a->tab + a->len - a_len; b_tab = b->tab + b->len - b_len; - + #ifdef USE_FFT_MUL if (b_len >= FFT_MUL_THRESHOLD) { int mul_flags = 0; @@ -1628,7 +1625,7 @@ slimb_t bf_get_exp_min(const bf_t *a) slimb_t i; limb_t v; int k; - + for(i = 0; i < a->len; i++) { v = a->tab[i]; if (v != 0) { @@ -1661,7 +1658,7 @@ static int __bf_div(bf_t *r, const bf_t *a, const bf_t *b, limb_t prec, bf_context_t *s = r->ctx; int ret, r_sign; limb_t n, nb, precl; - + r_sign = a->sign ^ b->sign; if (a->expn >= BF_EXP_INF || b->expn >= BF_EXP_INF) { if (a->expn == BF_EXP_NAN || b->expn == BF_EXP_NAN) { @@ -1694,11 +1691,11 @@ static int __bf_div(bf_t *r, const bf_t *a, const bf_t *b, limb_t prec, precl = (prec + 2 + LIMB_BITS - 1) / LIMB_BITS; nb = b->len; n = bf_max(a->len, precl); - + { limb_t *taba, na; slimb_t d; - + na = n + nb; taba = bf_malloc(s, (na + 1) * sizeof(limb_t)); if (!taba) @@ -1727,8 +1724,8 @@ static int __bf_div(bf_t *r, const bf_t *a, const bf_t *b, limb_t prec, return BF_ST_MEM_ERROR; } -/* division and remainder. - +/* division and remainder. + rnd_mode is the rounding mode for the quotient. The additional rounding mode BF_RND_EUCLIDIAN is supported. @@ -1742,11 +1739,11 @@ int bf_divrem(bf_t *q, bf_t *r, const bf_t *a, const bf_t *b, bf_t b1_s, *b1 = &b1_s; int q_sign, ret; BOOL is_ceil, is_rndn; - + assert(q != a && q != b); assert(r != a && r != b); assert(q != r); - + if (a->len == 0 || b->len == 0) { bf_set_zero(q, 0); if (a->expn == BF_EXP_NAN || b->expn == BF_EXP_NAN) { @@ -1788,7 +1785,7 @@ int bf_divrem(bf_t *q, bf_t *r, const bf_t *a, const bf_t *b, a1->tab = a->tab; a1->len = a->len; a1->sign = 0; - + b1->expn = b->expn; b1->tab = b->tab; b1->len = b->len; @@ -1834,7 +1831,7 @@ int bf_rem(bf_t *r, const bf_t *a, const bf_t *b, limb_t prec, { bf_t q_s, *q = &q_s; int ret; - + bf_init(r->ctx, q); ret = bf_divrem(q, r, a, b, prec, flags, rnd_mode); bf_delete(q); @@ -1855,7 +1852,7 @@ int bf_remquo(slimb_t *pq, bf_t *r, const bf_t *a, const bf_t *b, limb_t prec, { bf_t q_s, *q = &q_s; int ret; - + bf_init(r->ctx, q); ret = bf_divrem(q, r, a, b, prec, flags, rnd_mode); bf_get_limb(pq, q, BF_GET_INT_MOD); @@ -1893,7 +1890,7 @@ static const uint16_t sqrt_table[192] = { static limb_t mp_sqrtrem1(limb_t *pr, limb_t a) { limb_t s1, r1, s, r, q, u, num; - + /* use a table for the 16 -> 8 bit sqrt */ s1 = sqrt_table[(a >> (LIMB_BITS - 8)) - 64]; r1 = (a >> (LIMB_BITS - 16)) - s1 * s1; @@ -1901,7 +1898,7 @@ static limb_t mp_sqrtrem1(limb_t *pr, limb_t a) r1 -= 2 * s1 + 1; s1++; } - + /* one iteration to get a 32 -> 16 bit sqrt */ num = (r1 << 8) | ((a >> (LIMB_BITS - 32 + 8)) & 0xff); q = num / (2 * s1); /* q <= 2^8 */ @@ -1983,7 +1980,7 @@ static int mp_sqrtrem_rec(bf_context_t *s, limb_t *tabs, limb_t *taba, limb_t n, limb_t *tmp_buf, limb_t *prh) { limb_t l, h, rh, ql, qh, c, i; - + if (n == 1) { *prh = mp_sqrtrem2(tabs, taba); return 0; @@ -2000,7 +1997,7 @@ static int mp_sqrtrem_rec(bf_context_t *s, limb_t *tabs, limb_t *taba, limb_t n, mp_print_str_h("r1", taba + 2 * l, h, qh); mp_print_str_h("r2", taba + l, n, qh); #endif - + /* the remainder is in taba + 2 * l. Its high bit is in qh */ if (qh) { mp_sub(taba + 2 * l, taba + 2 * l, tabs + l, h, 0); @@ -2022,12 +2019,12 @@ static int mp_sqrtrem_rec(bf_context_t *s, limb_t *tabs, limb_t *taba, limb_t n, mp_print_str_h("q", tabs, l, qh); mp_print_str_h("u", taba + l, h, rh); #endif - + mp_add_ui(tabs + l, qh, h); #ifdef DEBUG_SQRTREM mp_print_str_h("s2", tabs, n, sh); #endif - + /* q = qh, tabs[l - 1 ... 0], r = taba[n - 1 ... l] */ /* subtract q^2. if qh = 1 then q = B^l, so we can take shortcuts */ if (qh) { @@ -2079,7 +2076,7 @@ int mp_sqrtrem(bf_context_t *s, limb_t *tabs, limb_t *taba, limb_t n) int bf_sqrtrem(bf_t *r, bf_t *rem1, const bf_t *a) { int ret; - + if (a->len == 0) { if (a->expn == BF_EXP_NAN) { bf_set_nan(r); @@ -2099,7 +2096,7 @@ int bf_sqrtrem(bf_t *r, bf_t *rem1, const bf_t *a) ret = BF_ST_INVALID_OP; } else { bf_t rem_s, *rem; - + bf_sqrt(r, a, (a->expn + 1) / 2, BF_RNDZ); bf_rint(r, BF_RNDZ); /* see if the result is exact by computing the remainder */ @@ -2153,7 +2150,7 @@ int bf_sqrt(bf_t *r, const bf_t *a, limb_t prec, bf_flags_t flags) limb_t *a1; slimb_t n, n1; limb_t res; - + /* convert the mantissa to an integer with at least 2 * prec + 4 bits */ n = (2 * (prec + 2) + 2 * LIMB_BITS - 1) / (2 * LIMB_BITS); @@ -2198,7 +2195,7 @@ static no_inline int bf_op2(bf_t *r, const bf_t *a, const bf_t *b, limb_t prec, { bf_t tmp; int ret; - + if (r == a || r == b) { bf_init(r->ctx, &tmp); ret = func(&tmp, a, b, prec, flags); @@ -2256,7 +2253,7 @@ int bf_add_si(bf_t *r, const bf_t *a, int64_t b1, limb_t prec, { bf_t b; int ret; - + bf_init(r->ctx, &b); ret = bf_set_si(&b, b1); ret |= bf_add(r, a, &b, prec, flags); @@ -2268,7 +2265,7 @@ static int bf_pow_ui(bf_t *r, const bf_t *a, limb_t b, limb_t prec, bf_flags_t flags) { int ret, n_bits, i; - + assert(r != a); if (b == 0) return bf_set_ui(r, 1); @@ -2287,7 +2284,7 @@ static int bf_pow_ui_ui(bf_t *r, limb_t a1, limb_t b, { bf_t a; int ret; - + if (a1 == 10 && b <= LIMB_DIGITS) { /* use precomputed powers. We do not round at this point because we expect the caller to do it */ @@ -2332,7 +2329,7 @@ static int bf_logic_op(bf_t *r, const bf_t *a1, const bf_t *b1, int op) slimb_t l, i, a_bit_offset, b_bit_offset; limb_t v1, v2, v1_mask, v2_mask, r_mask; int ret; - + assert(r != a1 && r != b1); if (a1->expn <= 0) @@ -2344,7 +2341,7 @@ static int bf_logic_op(bf_t *r, const bf_t *a1, const bf_t *b1, int op) b_sign = 0; /* minus zero is considered as positive */ else b_sign = b1->sign; - + if (a_sign) { a = &a1_s; bf_init(r->ctx, a); @@ -2364,7 +2361,7 @@ static int bf_logic_op(bf_t *r, const bf_t *a1, const bf_t *b1, int op) } else { b = (bf_t *)b1; } - + r_sign = bf_logic_op1(a_sign, b_sign, op); if (op == BF_LOGIC_AND && r_sign == 0) { /* no need to compute extra zeros for and */ @@ -2441,13 +2438,13 @@ int bf_get_float64(const bf_t *a, double *pres, bf_rnd_t rnd_mode) Float64Union u; int e, ret; uint64_t m; - + ret = 0; if (a->expn == BF_EXP_NAN) { u.u = 0x7ff8000000000000; /* quiet nan */ } else { bf_t b_s, *b = &b_s; - + bf_init(a->ctx, b); bf_set(b, a); if (bf_is_finite(b)) { @@ -2490,7 +2487,7 @@ int bf_set_float64(bf_t *a, double d) Float64Union u; uint64_t m; int shift, e, sgn; - + u.d = d; sgn = u.u >> 63; e = (u.u >> 52) & ((1 << 11) - 1); @@ -2561,7 +2558,7 @@ int bf_get_int32(int *pres, const bf_t *a, int flags) ret = BF_ST_INVALID_OP; if (a->sign) { v = (uint32_t)INT32_MAX + 1; - if (a->expn == 32 && + if (a->expn == 32 && (a->tab[a->len - 1] >> (LIMB_BITS - 32)) == v) { ret = 0; } @@ -2569,7 +2566,7 @@ int bf_get_int32(int *pres, const bf_t *a, int flags) v = INT32_MAX; } } else { - v = get_bits(a->tab, a->len, a->len * LIMB_BITS - a->expn); + v = get_bits(a->tab, a->len, a->len * LIMB_BITS - a->expn); if (a->sign) v = -v; ret = 0; @@ -2627,7 +2624,7 @@ int bf_get_int64(int64_t *pres, const bf_t *a, int flags) } } else { slimb_t bit_pos = a->len * LIMB_BITS - a->expn; - v = get_bits(a->tab, a->len, bit_pos); + v = get_bits(a->tab, a->len, bit_pos); #if LIMB_BITS == 32 v |= (uint64_t)get_bits(a->tab, a->len, bit_pos + 32) << 32; #endif @@ -2687,7 +2684,7 @@ static limb_t get_limb_radix(int radix) { int i, k; limb_t radixl; - + k = digits_per_limb_table[radix - 2]; radixl = radix; for(i = 1; i < k; i++) @@ -2706,7 +2703,7 @@ static int bf_integer_from_radix_rec(bf_t *r, const limb_t *tab, } else { bf_t T_s, *T = &T_s, *B; limb_t n1, n2; - + n2 = (((n0 * 2) >> (level + 1)) + 1) / 2; n1 = n - n2; // printf("level=%d n0=%ld n1=%ld n2=%ld\n", level, n0, n1, n2); @@ -2742,7 +2739,7 @@ static int bf_integer_from_radix(bf_t *r, const limb_t *tab, int pow_tab_len, i, ret; limb_t radixl; bf_t *pow_tab; - + radixl = get_limb_radix(radix); pow_tab_len = ceil_log2(n) + 2; /* XXX: check */ pow_tab = bf_malloc(s, sizeof(pow_tab[0]) * pow_tab_len); @@ -2891,7 +2888,7 @@ static int bf_atof_internal(bf_t *r, slimb_t *pexponent, slimb_t pos, expn, int_len, digit_count; BOOL has_decpt, is_bin_exp; bf_t a_s, *a; - + *pexponent = 0; p = str; if (!(flags & BF_ATOF_NO_NAN_INF) && radix <= 16 && @@ -2901,7 +2898,7 @@ static int bf_atof_internal(bf_t *r, slimb_t *pexponent, goto done; } is_neg = 0; - + if (p[0] == '+') { p++; p_start = p; @@ -2944,7 +2941,7 @@ static int bf_atof_internal(bf_t *r, slimb_t *pexponent, goto done; } } - + if (radix == 0) radix = 10; if (is_dec) { @@ -3035,7 +3032,7 @@ static int bf_atof_internal(bf_t *r, slimb_t *pexponent, goto done; } } - + /* reset the next limbs to zero (we prefer to reallocate in the renormalization) */ memset(a->tab, 0, (pos + 1) * sizeof(limb_t)); @@ -3093,7 +3090,7 @@ static int bf_atof_internal(bf_t *r, slimb_t *pexponent, } else if (radix_bits) { /* XXX: may overflow */ if (!is_bin_exp) - expn *= radix_bits; + expn *= radix_bits; a->expn = expn + (int_len * radix_bits); a->sign = is_neg; ret = bf_normalize_and_round(a, prec, flags); @@ -3132,9 +3129,9 @@ static int bf_atof_internal(bf_t *r, slimb_t *pexponent, return ret; } -/* +/* Return (status, n, exp). 'status' is the floating point status. 'n' - is the parsed number. + is the parsed number. If (flags & BF_ATOF_EXPONENT) and if the radix is not a power of two, the parsed number is equal to r * @@ -3349,7 +3346,7 @@ slimb_t bf_mul_log2_radix(slimb_t a1, unsigned int radix, int is_inv, const uint32_t *tab; limb_t b0, b1; dlimb_t t; - + if (is_inv) { tab = inv_log2_radix[radix - 2]; #if LIMB_BITS == 32 @@ -3383,7 +3380,7 @@ static int bf_integer_to_radix_rec(bf_t *pow_tab, { limb_t n1, n2, q_prec; int ret; - + assert(n >= 1); if (n == 1) { out[0] = get_bits(a->tab, a->len, a->len * LIMB_BITS - a->expn); @@ -3423,7 +3420,7 @@ static int bf_integer_to_radix_rec(bf_t *pow_tab, q_prec = n1 * radixl_bits; ret |= bf_mul(&Q, a, B_inv, q_prec, BF_RNDN); ret |= bf_rint(&Q, BF_RNDZ); - + ret |= bf_mul(&R, &Q, B, BF_PREC_INF, BF_RNDZ); ret |= bf_sub(&R, a, &R, BF_PREC_INF, BF_RNDZ); @@ -3468,7 +3465,7 @@ static int bf_integer_to_radix(bf_t *r, const bf_t *a, limb_t radixl) limb_t r_len; bf_t *pow_tab; int i, pow_tab_len, ret; - + r_len = r->len; pow_tab_len = (ceil_log2(r_len) + 2) * 2; /* XXX: check */ pow_tab = bf_malloc(s, sizeof(pow_tab[0]) * pow_tab_len); @@ -3498,7 +3495,7 @@ static int bf_convert_to_radix(bf_t *r, slimb_t *pE, slimb_t E, e, prec, extra_bits, ziv_extra_bits, prec0; bf_t B_s, *B = &B_s; int e_sign, ret, res; - + if (a->len == 0) { /* zero case */ *pE = 0; @@ -3513,7 +3510,7 @@ static int bf_convert_to_radix(bf_t *r, slimb_t *pE, } // bf_print_str("a", a); // printf("E=%ld P=%ld radix=%d\n", E, P, radix); - + for(;;) { e = P - E; e_sign = 0; @@ -3709,7 +3706,7 @@ static char *bf_ftoa_internal(size_t *plen, const bf_t *a2, int radix, bf_context_t *ctx = a2->ctx; DynBuf s_s, *s = &s_s; int radix_bits; - + // bf_print_str("ftoa", a2); // printf("radix=%d\n", radix); dbuf_init2(s, ctx, bf_dbuf_realloc); @@ -3791,7 +3788,7 @@ static char *bf_ftoa_internal(size_t *plen, const bf_t *a2, int radix, a->len = a2->len; a->expn = a2->expn; a->sign = 0; - + /* one more digit for the rounding */ n = 1 + bf_mul_log2_radix(bf_max(a->expn, 0), radix, TRUE, TRUE); n_digits = n + prec; @@ -3866,19 +3863,19 @@ static char *bf_ftoa_internal(size_t *plen, const bf_t *a2, int radix, n = ceil_div(a1->expn, radix_bits); } else { bf_t a_s, *a = &a_s; - + /* make a positive number */ a->tab = a2->tab; a->len = a2->len; a->expn = a2->expn; a->sign = 0; - + if (fmt == BF_FTOA_FORMAT_FIXED) { n_digits = prec; n_max = n_digits; } else { slimb_t n_digits_max, n_digits_min; - + assert(prec != BF_PREC_INF); n_digits = 1 + bf_mul_log2_radix(prec, radix, TRUE, TRUE); /* max number of digits for non exponential @@ -3887,7 +3884,7 @@ static char *bf_ftoa_internal(size_t *plen, const bf_t *a2, int radix, n_max = n_digits + 4; if (fmt == BF_FTOA_FORMAT_FREE_MIN) { bf_t b_s, *b = &b_s; - + /* find the minimum number of digits by dichotomy. */ /* XXX: inefficient */ @@ -4026,7 +4023,7 @@ static void bf_const_log2_rec(bf_t *T, bf_t *P, bf_t *Q, limb_t n1, bf_t T1_s, *T1 = &T1_s; bf_t P1_s, *P1 = &P1_s; bf_t Q1_s, *Q1 = &Q1_s; - + m = n1 + ((n2 - n1) >> 1); bf_const_log2_rec(T, P, Q, n1, m, TRUE); bf_init(s, T1); @@ -4077,7 +4074,7 @@ static void chud_bs(bf_t *P, bf_t *Q, bf_t *G, int64_t a, int64_t b, int need_g, if (a == (b - 1)) { bf_t T0, T1; - + bf_init(s, &T0); bf_init(s, &T1); bf_set_ui(G, 2 * b - 1); @@ -4098,7 +4095,7 @@ static void chud_bs(bf_t *P, bf_t *Q, bf_t *G, int64_t a, int64_t b, int need_g, bf_delete(&T1); } else { bf_t P2, Q2, G2; - + bf_init(s, &P2); bf_init(s, &Q2); bf_init(s, &G2); @@ -4106,7 +4103,7 @@ static void chud_bs(bf_t *P, bf_t *Q, bf_t *G, int64_t a, int64_t b, int need_g, c = (a + b) / 2; chud_bs(P, Q, G, a, c, 1, prec); chud_bs(&P2, &Q2, &G2, c, b, need_g, prec); - + /* Q = Q1 * Q2 */ /* G = G1 * G2 */ /* P = P1 * Q2 + P2 * G1 */ @@ -4142,11 +4139,11 @@ static void bf_const_pi_internal(bf_t *Q, limb_t prec) bf_init(s, &G); chud_bs(&P, Q, &G, 0, n, 0, BF_PREC_INF); - + bf_mul_ui(&G, Q, CHUD_A, prec1, BF_RNDN); bf_add(&P, &G, &P, prec1, BF_RNDN); bf_div(Q, Q, &P, prec1, BF_RNDF); - + bf_set_ui(&P, CHUD_C); bf_sqrt(&G, &P, prec1, BF_RNDF); bf_mul_ui(&G, &G, (uint64_t)CHUD_C / 12, prec1, BF_RNDF); @@ -4229,7 +4226,7 @@ static int bf_ziv_rounding(bf_t *r, const bf_t *a, { int rnd_mode, ret; slimb_t prec1, ziv_extra_bits; - + rnd_mode = flags & BF_RND_MASK; if (rnd_mode == BF_RNDF) { /* no need to iterate */ @@ -4288,7 +4285,7 @@ static int bf_exp_internal(bf_t *r, const bf_t *a, limb_t prec, void *opaque) bf_context_t *s = r->ctx; bf_t T_s, *T = &T_s; slimb_t n, K, l, i, prec1; - + assert(r != a); /* argument reduction: @@ -4321,14 +4318,14 @@ static int bf_exp_internal(bf_t *r, const bf_t *a, limb_t prec, void *opaque) /* reduce the range of T */ bf_mul_2exp(T, -K, BF_PREC_INF, BF_RNDZ); - + /* Taylor expansion around zero : - 1 + x + x^2/2 + ... + x^n/n! + 1 + x + x^2/2 + ... + x^n/n! = (1 + x * (1 + x/2 * (1 + ... (x/n)))) */ { bf_t U_s, *U = &U_s; - + bf_init(s, U); bf_set_ui(r, 1); for(i = l ; i >= 1; i--) { @@ -4340,7 +4337,7 @@ static int bf_exp_internal(bf_t *r, const bf_t *a, limb_t prec, void *opaque) bf_delete(U); } bf_delete(T); - + /* undo the range reduction */ for(i = 0; i < K; i++) { bf_mul(r, r, r, prec1, BF_RNDN | BF_FLAG_EXT_EXP); @@ -4360,7 +4357,7 @@ static int check_exp_underflow_overflow(bf_context_t *s, bf_t *r, bf_t T_s, *T = &T_s; bf_t log2_s, *log2 = &log2_s; slimb_t e_min, e_max; - + if (a_high->expn <= 0) return 0; @@ -4368,7 +4365,7 @@ static int check_exp_underflow_overflow(bf_context_t *s, bf_t *r, e_min = -e_max + 3; if (flags & BF_FLAG_SUBNORMAL) e_min -= (prec - 1); - + bf_init(s, T); bf_init(s, log2); bf_const_log2(log2, LIMB_BITS, BF_RNDU); @@ -4385,7 +4382,7 @@ static int check_exp_underflow_overflow(bf_context_t *s, bf_t *r, bf_mul_si(T, log2, e_min - 2, LIMB_BITS, BF_RNDD); if (bf_cmp_lt(a_high, T)) { int rnd_mode = flags & BF_RND_MASK; - + /* underflow */ bf_delete(T); bf_delete(log2); @@ -4425,12 +4422,12 @@ int bf_exp(bf_t *r, const bf_t *a, limb_t prec, bf_flags_t flags) ret = check_exp_underflow_overflow(s, r, a, a, prec, flags); if (ret) return ret; - if (a->expn < 0 && (-a->expn) >= (prec + 2)) { + if (a->expn < 0 && (-a->expn) >= (prec + 2)) { /* small argument case: result = 1 + epsilon * sign(x) */ bf_set_ui(r, 1); return bf_add_epsilon(r, r, -(prec + 2), a->sign, prec, flags); } - + return bf_ziv_rounding(r, a, prec, flags, bf_exp_internal, NULL); } @@ -4441,7 +4438,7 @@ static int bf_log_internal(bf_t *r, const bf_t *a, limb_t prec, void *opaque) bf_t U_s, *U = &U_s; bf_t V_s, *V = &V_s; slimb_t n, prec1, l, i, K; - + assert(r != a); bf_init(s, T); @@ -4454,7 +4451,7 @@ static int bf_log_internal(bf_t *r, const bf_t *a, limb_t prec, void *opaque) T->expn = 0; /* U= ~ 2/3 */ bf_init(s, U); - bf_set_ui(U, 0xaaaaaaaa); + bf_set_ui(U, 0xaaaaaaaa); U->expn = 0; if (bf_cmp_lt(T, U)) { T->expn++; @@ -4467,18 +4464,18 @@ static int bf_log_internal(bf_t *r, const bf_t *a, limb_t prec, void *opaque) /* XXX: precision analysis */ /* number of iterations for argument reduction 2 */ - K = bf_isqrt((prec + 1) / 2); + K = bf_isqrt((prec + 1) / 2); /* order of Taylor expansion */ - l = prec / (2 * K) + 1; + l = prec / (2 * K) + 1; /* precision of the intermediate computations */ prec1 = prec + K + 2 * l + 32; bf_init(s, U); bf_init(s, V); - + /* Note: cancellation occurs here, so we use more precision (XXX: reduce the precision by computing the exact cancellation) */ - bf_add_si(T, T, -1, BF_PREC_INF, BF_RNDN); + bf_add_si(T, T, -1, BF_PREC_INF, BF_RNDN); /* argument reduction 2 */ for(i = 0; i < K; i++) { @@ -4496,7 +4493,7 @@ static int bf_log_internal(bf_t *r, const bf_t *a, limb_t prec, void *opaque) bf_init(s, Y2); /* compute ln(1+x) = ln((1+y)/(1-y)) with y=x/(2+x) - = y + y^3/3 + ... + y^(2*l + 1) / (2*l+1) + = y + y^3/3 + ... + y^(2*l + 1) / (2*l+1) with Y=Y^2 = y*(1+Y/3+Y^2/5+...) = y*(1+Y*(1/3+Y*(1/5 + ...))) */ @@ -4523,12 +4520,12 @@ static int bf_log_internal(bf_t *r, const bf_t *a, limb_t prec, void *opaque) /* multiplication by 2 for the Taylor expansion and undo the argument reduction 2*/ bf_mul_2exp(r, K + 1, BF_PREC_INF, BF_RNDZ); - + /* undo the argument reduction 1 */ bf_const_log2(T, prec1, BF_RNDF); bf_mul_si(T, T, n, prec1, BF_RNDN); bf_add(r, r, T, prec1, BF_RNDN); - + bf_delete(T); return BF_ST_INEXACT; } @@ -4537,7 +4534,7 @@ int bf_log(bf_t *r, const bf_t *a, limb_t prec, bf_flags_t flags) { bf_context_t *s = r->ctx; bf_t T_s, *T = &T_s; - + assert(r != a); if (a->len == 0) { if (a->expn == BF_EXP_NAN) { @@ -4602,7 +4599,7 @@ static int bf_pow_int(bf_t *r, const bf_t *x, limb_t prec, void *opaque) limb_t prec1; int ret; slimb_t y1; - + bf_get_limb(&y1, y, 0); if (y1 < 0) y1 = -y1; @@ -4627,7 +4624,7 @@ static BOOL check_exact_power2n(bf_t *r, const bf_t *x, slimb_t n) bf_t T_s, *T = &T_s; slimb_t e, i, er; limb_t v; - + /* x = m*2^e with m odd integer */ e = bf_get_exp_min(x); /* fast check on the exponent */ @@ -4667,7 +4664,7 @@ int bf_pow(bf_t *r, const bf_t *x, const bf_t *y, limb_t prec, bf_flags_t flags) BOOL y_is_int, y_is_odd; int r_sign, ret, rnd_mode; slimb_t y_emin; - + if (x->len == 0 || y->len == 0) { if (y->expn == BF_EXP_ZERO) { /* pow(x, 0) = 1 */ @@ -4741,7 +4738,7 @@ int bf_pow(bf_t *r, const bf_t *x, const bf_t *y, limb_t prec, bf_flags_t flags) bf_t al_s, *al = &al_s; bf_t ah_s, *ah = &ah_s; limb_t precl = LIMB_BITS; - + bf_init(s, al); bf_init(s, ah); /* compute bounds of log(abs(x)) * y with a low precision */ @@ -4757,7 +4754,7 @@ int bf_pow(bf_t *r, const bf_t *x, const bf_t *y, limb_t prec, bf_flags_t flags) if (ret) goto done; } - + if (y_is_int) { slimb_t T_bits, e; int_pow: @@ -4852,18 +4849,18 @@ static int bf_sincos(bf_t *s, bf_t *c, const bf_t *a, limb_t prec) bf_t r_s, *r = &r_s; slimb_t K, prec1, i, l, mod, prec2; int is_neg; - + assert(c != a && s != a); bf_init(s1, T); bf_init(s1, U); bf_init(s1, r); - + /* XXX: precision analysis */ K = bf_isqrt(prec / 2); l = prec / (2 * K) + 1; prec1 = prec + 2 * K + l + 8; - + /* after the modulo reduction, -pi/4 <= T <= pi/4 */ if (a->expn <= -1) { /* abs(a) <= 0.25: no modulo reduction needed */ @@ -4886,13 +4883,13 @@ static int bf_sincos(bf_t *s, bf_t *c, const bf_t *a, limb_t prec) } mod &= 3; } - + is_neg = T->sign; - + /* compute cosm1(x) = cos(x) - 1 */ bf_mul(T, T, T, prec1, BF_RNDN); bf_mul_2exp(T, -2 * K, BF_PREC_INF, BF_RNDZ); - + /* Taylor expansion: -x^2/2 + x^4/4! - x^6/6! + ... */ @@ -4971,7 +4968,7 @@ int bf_cos(bf_t *r, const bf_t *a, limb_t prec, bf_flags_t flags) return bf_add_epsilon(r, r, e, 1, prec, flags); } } - + return bf_ziv_rounding(r, a, prec, flags, bf_cos_internal, NULL); } @@ -5014,7 +5011,7 @@ static int bf_tan_internal(bf_t *r, const bf_t *a, limb_t prec, void *opaque) bf_context_t *s = r->ctx; bf_t T_s, *T = &T_s; limb_t prec1; - + /* XXX: precision analysis */ prec1 = prec + 8; bf_init(s, T); @@ -5050,7 +5047,7 @@ int bf_tan(bf_t *r, const bf_t *a, limb_t prec, bf_flags_t flags) return bf_add_epsilon(r, r, e, a->sign, prec, flags); } } - + return bf_ziv_rounding(r, a, prec, flags, bf_tan_internal, NULL); } @@ -5067,13 +5064,13 @@ static int bf_atan_internal(bf_t *r, const bf_t *a, limb_t prec, bf_t X2_s, *X2 = &X2_s; int cmp_1; slimb_t prec1, i, K, l; - + /* XXX: precision analysis */ K = bf_isqrt((prec + 1) / 2); l = prec / (2 * K) + 1; prec1 = prec + K + 2 * l + 32; // printf("prec=%d K=%d l=%d prec1=%d\n", (int)prec, (int)K, (int)l, (int)prec1); - + bf_init(s, T); cmp_1 = (a->expn >= 1); /* a >= 1 */ if (cmp_1) { @@ -5099,8 +5096,8 @@ static int bf_atan_internal(bf_t *r, const bf_t *a, limb_t prec, bf_div(T, T, V, prec1, BF_RNDN); } - /* Taylor series: - x - x^3/3 + ... + (-1)^ l * y^(2*l + 1) / (2*l+1) + /* Taylor series: + x - x^3/3 + ... + (-1)^ l * y^(2*l + 1) / (2*l+1) */ bf_mul(X2, T, T, prec1, BF_RNDN); bf_set_ui(r, 0); @@ -5118,7 +5115,7 @@ static int bf_atan_internal(bf_t *r, const bf_t *a, limb_t prec, /* undo the argument reduction */ bf_mul_2exp(r, K, BF_PREC_INF, BF_RNDZ); - + bf_delete(U); bf_delete(V); bf_delete(X2); @@ -5137,7 +5134,7 @@ static int bf_atan_internal(bf_t *r, const bf_t *a, limb_t prec, T->sign = (i < 0); bf_add(r, T, r, prec1, BF_RNDN); } - + bf_delete(T); return BF_ST_INEXACT; } @@ -5147,7 +5144,7 @@ int bf_atan(bf_t *r, const bf_t *a, limb_t prec, bf_flags_t flags) bf_context_t *s = r->ctx; bf_t T_s, *T = &T_s; int res; - + if (a->len == 0) { if (a->expn == BF_EXP_NAN) { bf_set_nan(r); @@ -5162,7 +5159,7 @@ int bf_atan(bf_t *r, const bf_t *a, limb_t prec, bf_flags_t flags) return 0; } } - + bf_init(s, T); bf_set_ui(T, 1); res = bf_cmpu(a, T); @@ -5184,7 +5181,7 @@ int bf_atan(bf_t *r, const bf_t *a, limb_t prec, bf_flags_t flags) return bf_add_epsilon(r, r, e, 1 - a->sign, prec, flags); } } - + return bf_ziv_rounding(r, a, prec, flags, bf_atan_internal, (void *)FALSE); } @@ -5195,7 +5192,7 @@ static int bf_atan2_internal(bf_t *r, const bf_t *y, limb_t prec, void *opaque) bf_t T_s, *T = &T_s; limb_t prec1; int ret; - + if (y->expn == BF_EXP_NAN || x->expn == BF_EXP_NAN) { bf_set_nan(r); return 0; @@ -5238,8 +5235,8 @@ static int bf_asin_internal(bf_t *r, const bf_t *a, limb_t prec, void *opaque) BOOL is_acos = (BOOL)(intptr_t)opaque; bf_t T_s, *T = &T_s; limb_t prec1, prec2; - - /* asin(x) = atan(x/sqrt(1-x^2)) + + /* asin(x) = atan(x/sqrt(1-x^2)) acos(x) = pi/2 - asin(x) */ prec1 = prec + 8; /* increase the precision in x^2 to compensate the cancellation in @@ -5289,7 +5286,7 @@ int bf_asin(bf_t *r, const bf_t *a, limb_t prec, bf_flags_t flags) bf_set_nan(r); return BF_ST_INVALID_OP; } - + /* small argument case: result = x+r(x) with r(x) = x^3/6 + O(X^5). We assume r(x) < 2^(3*EXP(x) - 2). */ if (a->expn < 0) { @@ -5334,7 +5331,7 @@ int bf_acos(bf_t *r, const bf_t *a, limb_t prec, bf_flags_t flags) bf_set_zero(r, 0); return 0; } - + return bf_ziv_rounding(r, a, prec, flags, bf_asin_internal, (void *)TRUE); } @@ -5567,8 +5564,8 @@ static inline limb_t fast_shr_dec(limb_t a, int shift) /* division and remainder by 10^shift */ #define fast_shr_rem_dec(q, r, a, shift) q = fast_shr_dec(a, shift), r = a - q * mp_pow_dec[shift] - -limb_t mp_add_dec(limb_t *res, const limb_t *op1, const limb_t *op2, + +limb_t mp_add_dec(limb_t *res, const limb_t *op1, const limb_t *op2, mp_size_t n, limb_t carry) { limb_t base = BF_DEC_BASE; @@ -5581,7 +5578,7 @@ limb_t mp_add_dec(limb_t *res, const limb_t *op1, const limb_t *op2, v = op1[i]; a = v + op2[i] + k - base; k = a <= v; - if (!k) + if (!k) a += base; res[i]=a; } @@ -5599,7 +5596,7 @@ limb_t mp_add_ui_dec(limb_t *tab, limb_t b, mp_size_t n) v = tab[i]; a = v + k - base; k = a <= v; - if (!k) + if (!k) a += base; tab[i] = a; if (k == 0) @@ -5608,7 +5605,7 @@ limb_t mp_add_ui_dec(limb_t *tab, limb_t b, mp_size_t n) return k; } -limb_t mp_sub_dec(limb_t *res, const limb_t *op1, const limb_t *op2, +limb_t mp_sub_dec(limb_t *res, const limb_t *op1, const limb_t *op2, mp_size_t n, limb_t carry) { limb_t base = BF_DEC_BASE; @@ -5632,7 +5629,7 @@ limb_t mp_sub_ui_dec(limb_t *tab, limb_t b, mp_size_t n) limb_t base = BF_DEC_BASE; mp_size_t i; limb_t k, v, a; - + k=b; for(i=0;i= UDIV1NORM_THRESHOLD) { shift = clz(b); @@ -5821,7 +5818,7 @@ static __maybe_unused void mp_print_str_h_dec(const char *str, #define DIV_STATIC_ALLOC_LEN 16 -/* return q = a / b and r = a % b. +/* return q = a / b and r = a % b. taba[na] must be allocated if tabb1[nb - 1] < B / 2. tabb1[nb - 1] must be != zero. na must be >= nb. 's' can be NULL if tabb1[nb - 1] @@ -5835,14 +5832,14 @@ static __maybe_unused void mp_print_str_h_dec(const char *str, */ /* XXX: optimize */ static int mp_div_dec(bf_context_t *s, limb_t *tabq, - limb_t *taba, mp_size_t na, + limb_t *taba, mp_size_t na, const limb_t *tabb1, mp_size_t nb) { limb_t base = BF_DEC_BASE; limb_t r, mult, t0, t1, a, c, q, v, *tabb; mp_size_t i, j; limb_t static_tabb[DIV_STATIC_ALLOC_LEN]; - + #ifdef DEBUG_DIV_SLOW mp_print_str_dec("a", taba, na); mp_print_str_dec("b", tabb1, nb); @@ -5940,7 +5937,7 @@ static int mp_div_dec(bf_context_t *s, limb_t *tabq, } /* divide by 10^shift */ -static limb_t mp_shr_dec(limb_t *tab_r, const limb_t *tab, mp_size_t n, +static limb_t mp_shr_dec(limb_t *tab_r, const limb_t *tab, mp_size_t n, limb_t shift, limb_t high) { mp_size_t i; @@ -5958,7 +5955,7 @@ static limb_t mp_shr_dec(limb_t *tab_r, const limb_t *tab, mp_size_t n, } /* multiply by 10^shift */ -static limb_t mp_shl_dec(limb_t *tab_r, const limb_t *tab, mp_size_t n, +static limb_t mp_shl_dec(limb_t *tab_r, const limb_t *tab, mp_size_t n, limb_t shift, limb_t low) { mp_size_t i; @@ -6004,7 +6001,7 @@ static limb_t mp_sqrtrem_rec_dec(limb_t *tabs, limb_t *taba, limb_t n, limb_t *tmp_buf) { limb_t l, h, rh, ql, qh, c, i; - + if (n == 1) return mp_sqrtrem2_dec(tabs, taba); #ifdef DEBUG_SQRTREM_DEC @@ -6018,7 +6015,7 @@ static limb_t mp_sqrtrem_rec_dec(limb_t *tabs, limb_t *taba, limb_t n, mp_print_str_h_dec("r1", taba + 2 * l, h, qh); mp_print_str_h_dec("r2", taba + l, n, qh); #endif - + /* the remainder is in taba + 2 * l. Its high bit is in qh */ if (qh) { mp_sub_dec(taba + 2 * l, taba + 2 * l, tabs + l, h, 0); @@ -6039,12 +6036,12 @@ static limb_t mp_sqrtrem_rec_dec(limb_t *tabs, limb_t *taba, limb_t n, mp_print_str_h_dec("q", tabs, l, qh); mp_print_str_h_dec("u", taba + l, h, rh); #endif - + mp_add_ui_dec(tabs + l, qh, h); #ifdef DEBUG_SQRTREM_DEC mp_print_str_dec("s2", tabs, n); #endif - + /* q = qh, tabs[l - 1 ... 0], r = taba[n - 1 ... l] */ /* subtract q^2. if qh = 1 then q = B^l, so we can take shortcuts */ if (qh) { @@ -6338,7 +6335,7 @@ static limb_t get_digits(const limb_t *tab, limb_t len, slimb_t pos) limb_t a0, a1; int shift; slimb_t i; - + i = floor_div(pos, LIMB_DIGITS); shift = pos - i * LIMB_DIGITS; if (i >= 0 && i < len) @@ -6366,7 +6363,7 @@ static int bfdec_get_rnd_add(int *pret, const bfdec_t *r, limb_t l, { int add_one, inexact; limb_t digit1, digit0; - + // bfdec_print_str("get_rnd_add", r); if (rnd_mode == BF_RNDF) { digit0 = 1; /* faithful rounding does not honor the INEXACT flag */ @@ -6378,7 +6375,7 @@ static int bfdec_get_rnd_add(int *pret, const bfdec_t *r, limb_t l, /* get the digit at 'prec' */ digit1 = get_digit(r->tab, l, l * LIMB_DIGITS - 1 - prec); inexact = (digit1 | digit0) != 0; - + add_one = 0; switch(rnd_mode) { case BF_RNDZ: @@ -6411,7 +6408,7 @@ static int bfdec_get_rnd_add(int *pret, const bfdec_t *r, limb_t l, default: abort(); } - + if (inexact) *pret |= BF_ST_INEXACT; return add_one; @@ -6431,7 +6428,7 @@ static int __bfdec_round(bfdec_t *r, limb_t prec1, bf_flags_t flags, limb_t l) e_range = (limb_t)1 << (bf_get_exp_bits(flags) - 1); e_min = -e_range + 3; e_max = e_range; - + if (flags & BF_FLAG_RADPNT_PREC) { /* 'prec' is the precision after the decimal point */ if (prec1 != BF_PREC_INF) @@ -6446,12 +6443,12 @@ static int __bfdec_round(bfdec_t *r, limb_t prec1, bf_flags_t flags, limb_t l) } else { prec = prec1; } - + /* round to prec bits */ rnd_mode = flags & BF_RND_MASK; ret = 0; add_one = bfdec_get_rnd_add(&ret, r, l, prec, rnd_mode); - + if (prec <= 0) { if (add_one) { bfdec_resize(r, 1); /* cannot fail because r is non zero */ @@ -6464,7 +6461,7 @@ static int __bfdec_round(bfdec_t *r, limb_t prec1, bf_flags_t flags, limb_t l) } } else if (add_one) { limb_t carry; - + /* add one starting at digit 'prec - 1' */ bit_pos = l * LIMB_DIGITS - 1 - (prec - 1); pos = bit_pos / LIMB_DIGITS; @@ -6476,7 +6473,7 @@ static int __bfdec_round(bfdec_t *r, limb_t prec1, bf_flags_t flags, limb_t l) r->expn++; } } - + /* check underflow */ if (unlikely(r->expn < e_min)) { if (flags & BF_FLAG_SUBNORMAL) { @@ -6490,14 +6487,14 @@ static int __bfdec_round(bfdec_t *r, limb_t prec1, bf_flags_t flags, limb_t l) return ret; } } - + /* check overflow */ if (unlikely(r->expn > e_max)) { bfdec_set_inf(r, r->sign); ret |= BF_ST_OVERFLOW | BF_ST_INEXACT; return ret; } - + /* keep the bits starting at 'prec - 1' */ bit_pos = l * LIMB_DIGITS - 1 - (prec - 1); i = floor_div(bit_pos, LIMB_DIGITS); @@ -6534,7 +6531,7 @@ int bfdec_normalize_and_round(bfdec_t *r, limb_t prec1, bf_flags_t flags) { limb_t l, v; int shift, ret; - + // bfdec_print_str("bf_renorm", r); l = r->len; while (l > 0 && r->tab[l - 1] == 0) @@ -6651,7 +6648,7 @@ static int bfdec_add_internal(bfdec_t *r, const bfdec_t *a, const bfdec_t *b, li limb_t *b1_tab; int b_shift; mp_size_t b1_len; - + d = a->expn - b->expn; /* XXX: not efficient in time and memory if the precision is @@ -6667,7 +6664,7 @@ static int bfdec_add_internal(bfdec_t *r, const bfdec_t *a, const bfdec_t *b, li r->tab[i] = 0; for(i = 0; i < a->len; i++) r->tab[a_offset + i] = a->tab[i]; - + b_shift = d % LIMB_DIGITS; if (b_shift == 0) { b1_len = b->len; @@ -6681,7 +6678,7 @@ static int bfdec_add_internal(bfdec_t *r, const bfdec_t *a, const bfdec_t *b, li mp_pow_dec[LIMB_DIGITS - b_shift]; } b_offset = r_len - (b->len + (d + LIMB_DIGITS - 1) / LIMB_DIGITS); - + if (is_sub) { carry = mp_sub_dec(r->tab + b_offset, r->tab + b_offset, b1_tab, b1_len, 0); @@ -6777,12 +6774,12 @@ int bfdec_mul(bfdec_t *r, const bfdec_t *a, const bfdec_t *b, limb_t prec, bfdec_t tmp, *r1 = NULL; limb_t a_len, b_len; limb_t *a_tab, *b_tab; - + a_len = a->len; b_len = b->len; a_tab = a->tab; b_tab = b->tab; - + if (r == a || r == b) { bfdec_init(r->ctx, &tmp); r1 = r; @@ -6821,7 +6818,7 @@ int bfdec_add_si(bfdec_t *r, const bfdec_t *a, int64_t b1, limb_t prec, { bfdec_t b; int ret; - + bfdec_init(r->ctx, &b); ret = bfdec_set_si(&b, b1); ret |= bfdec_add(r, a, &b, prec, flags); @@ -6834,7 +6831,7 @@ static int __bfdec_div(bfdec_t *r, const bfdec_t *a, const bfdec_t *b, { int ret, r_sign; limb_t n, nb, precl; - + r_sign = a->sign ^ b->sign; if (a->expn >= BF_EXP_INF || b->expn >= BF_EXP_INF) { if (a->expn == BF_EXP_NAN || b->expn == BF_EXP_NAN) { @@ -6879,11 +6876,11 @@ static int __bfdec_div(bfdec_t *r, const bfdec_t *a, const bfdec_t *b, precl = (prec + 2 + LIMB_DIGITS - 1) / LIMB_DIGITS; } n = bf_max(a->len, precl); - + { limb_t *taba, na, i; slimb_t d; - + na = n + nb; taba = bf_malloc(r->ctx, (na + 1) * sizeof(limb_t)); if (!taba) @@ -6944,8 +6941,8 @@ static void bfdec_tdivremu(bf_context_t *s, bfdec_t *q, bfdec_t *r, } } -/* division and remainder. - +/* division and remainder. + rnd_mode is the rounding mode for the quotient. The additional rounding mode BF_RND_EUCLIDIAN is supported. @@ -6961,11 +6958,11 @@ int bfdec_divrem(bfdec_t *q, bfdec_t *r, const bfdec_t *a, const bfdec_t *b, bfdec_t r1_s, *r1 = &r1_s; int q_sign, res; BOOL is_ceil, is_rndn; - + assert(q != a && q != b); assert(r != a && r != b); assert(q != r); - + if (a->len == 0 || b->len == 0) { bfdec_set_zero(q, 0); if (a->expn == BF_EXP_NAN || b->expn == BF_EXP_NAN) { @@ -7007,7 +7004,7 @@ int bfdec_divrem(bfdec_t *q, bfdec_t *r, const bfdec_t *a, const bfdec_t *b, a1->tab = a->tab; a1->len = a->len; a1->sign = 0; - + b1->expn = b->expn; b1->tab = b->tab; b1->len = b->len; @@ -7021,7 +7018,7 @@ int bfdec_divrem(bfdec_t *q, bfdec_t *r, const bfdec_t *a, const bfdec_t *b, goto fail; // bfdec_print_str("q", q); // bfdec_print_str("r", r); - + if (r->len != 0) { if (is_rndn) { bfdec_init(s, r1); @@ -7062,7 +7059,7 @@ int bfdec_rem(bfdec_t *r, const bfdec_t *a, const bfdec_t *b, limb_t prec, { bfdec_t q_s, *q = &q_s; int ret; - + bfdec_init(r->ctx, q); ret = bfdec_divrem(q, r, a, b, prec, flags, rnd_mode); bfdec_delete(q); @@ -7210,7 +7207,7 @@ int bfdec_get_int32(int *pres, const bfdec_t *a) int bfdec_pow_ui(bfdec_t *r, const bfdec_t *a, limb_t b) { int ret, n_bits, i; - + assert(r != a); if (b == 0) return bfdec_set_ui(r, 1); @@ -7263,6 +7260,46 @@ static inline void put_bits(limb_t *tab, limb_t len, slimb_t pos, limb_t val) #if defined(__AVX2__) +forceinline __m256d _mm256_set_pd(double __A, double __B, double __C, double __D) { + return (__m256d){ __D, __C, __B, __A }; +} + +forceinline __m256d _mm256_set1_pd(double x) { + return (__m256d){x, x, x, x}; +} + +forceinline __m256d _mm256_setr_pd(double __A, double __B, double __C, double __D) { + return _mm256_set_pd(__D, __C, __B, __A); +} + +forceinline __m256d _mm256_blendv_pd(__m256d __X, __m256d __Y, __m256d __M) { + return (__m256d) __builtin_ia32_blendvpd256((__v4df)__X, (__v4df)__Y, (__v4df)__M); +} + +forceinline __m256d _mm256_round_pd(__m256d __V, const int __M) { + return (__m256d) __builtin_ia32_roundpd256((__v4df)__V, __M); +} + +forceinline __m256d _mm256_fmsub_pd(__m256d __A, __m256d __B, __m256d __C) { + return (__m256d)__builtin_ia32_vfmsubpd256((__v4df)__A, (__v4df)__B, (__v4df)__C); +} + +forceinline __m256d _mm256_load_pd(double const *__P) { + return *(__m256d *)__P; +} + +forceinline void _mm256_store_pd(double *__P, __m256d __A) { + *(__m256d *)__P = __A; +} + +forceinline __m256d _mm256_permute2f128_pd(__m256d __X, __m256d __Y, const int __C) { + return (__m256d) __builtin_ia32_vperm2f128_pd256((__v4df)__X, (__v4df)__Y, __C); +} + +forceinline __m256d _mm256_permute4x64_pd(__m256d __X, const int __M) { + return (__m256d) __builtin_ia32_permdf256((__v4df)__X, __M); +} + typedef double NTTLimb; /* we must have: modulo >= 1 << NTT_MOD_LOG2_MIN */ @@ -7350,7 +7387,7 @@ static const limb_t ntt_mods_cr[NB_MODS * (NB_MODS - 1) / 2] = { typedef struct BFNTTState { bf_context_t *ctx; - + /* used for mul_mod_fast() */ limb_t ntt_mods_div[NB_MODS]; @@ -7390,16 +7427,16 @@ static inline limb_t sub_mod(limb_t a, limb_t b, limb_t m) return r; } -/* return (r0+r1*B) mod m - precondition: 0 <= r0+r1*B < 2^(64+NTT_MOD_LOG2_MIN) +/* return (r0+r1*B) mod m + precondition: 0 <= r0+r1*B < 2^(64+NTT_MOD_LOG2_MIN) */ -static inline limb_t mod_fast(dlimb_t r, +static inline limb_t mod_fast(dlimb_t r, limb_t m, limb_t m_inv) { limb_t a1, q, t0, r1, r0; - + a1 = r >> NTT_MOD_LOG2_MIN; - + q = ((dlimb_t)a1 * m_inv) >> LIMB_BITS; r = r - (dlimb_t)q * m - m * 2; r1 = r >> LIMB_BITS; @@ -7411,9 +7448,9 @@ static inline limb_t mod_fast(dlimb_t r, return r0; } -/* faster version using precomputed modulo inverse. +/* faster version using precomputed modulo inverse. precondition: 0 <= a * b < 2^(64+NTT_MOD_LOG2_MIN) */ -static inline limb_t mul_mod_fast(limb_t a, limb_t b, +static inline limb_t mul_mod_fast(limb_t a, limb_t b, limb_t m, limb_t m_inv) { dlimb_t r; @@ -7432,7 +7469,7 @@ static inline limb_t init_mul_mod_fast(limb_t m) /* Faster version used when the multiplier is constant. 0 <= a < 2^64, 0 <= b < m. */ -static inline limb_t mul_mod_fast2(limb_t a, limb_t b, +static inline limb_t mul_mod_fast2(limb_t a, limb_t b, limb_t m, limb_t b_inv) { limb_t r, q; @@ -7447,7 +7484,7 @@ static inline limb_t mul_mod_fast2(limb_t a, limb_t b, /* Faster version used when the multiplier is constant. 0 <= a < 2^64, 0 <= b < m. Let r = a * b mod m. The return value is 'r' or 'r + m'. */ -static inline limb_t mul_mod_fast3(limb_t a, limb_t b, +static inline limb_t mul_mod_fast3(limb_t a, limb_t b, limb_t m, limb_t b_inv) { limb_t r, q; @@ -7553,9 +7590,9 @@ static no_inline int ntt_fft(BFNTTState *s, __m256d m_inv, mf, m2f, c, a0, a1, b0, b1; limb_t m; int l; - + m = ntt_mods[m_idx]; - + m_inv = _mm256_set1_pd(1.0 / (double)m); mf = _mm256_set1_pd(m); m2f = _mm256_set1_pd(m * 2); @@ -7609,7 +7646,7 @@ static no_inline int ntt_fft(BFNTTState *s, tmp = tab_in; tab_in = tab_out; tab_out = tmp; - + nb_blocks = n / 4; fft_per_block = 4; @@ -7660,7 +7697,7 @@ static void ntt_vec_mul(BFNTTState *s, { limb_t i, c_inv, n, m; __m256d m_inv, mf, a, b, c; - + m = ntt_mods[m_idx]; c_inv = s->ntt_len_inv[m_idx][k_tot][0]; m_inv = _mm256_set1_pd(1.0 / (double)m); @@ -7682,7 +7719,7 @@ static no_inline void mul_trig(NTTLimb *buf, limb_t i, c2, c3, c4; __m256d c, c_mul, a0, mf, m_inv; assert(n >= 2); - + mf = _mm256_set1_pd(m); m_inv = _mm256_set1_pd(1.0 / (double)m); @@ -7693,9 +7730,9 @@ static no_inline void mul_trig(NTTLimb *buf, int_to_ntt_limb(c2, m), int_to_ntt_limb(c3, m)); c_mul = _mm256_set1_pd(int_to_ntt_limb(c4, m)); for(i = 0; i < n; i += 4) { - a0 = _mm256_load_pd(&buf[i]); + a0 = *(__m256d *)(buf + i); a0 = ntt_mul_mod(a0, c, mf, m_inv); - _mm256_store_pd(&buf[i], a0); + *(__m256d *)(buf+i) = a0; c = ntt_mul_mod(c, c_mul, mf, m_inv); } } @@ -7731,7 +7768,7 @@ static no_inline int ntt_fft(BFNTTState *s, NTTLimb *out_buf, NTTLimb *in_buf, limb_t nb_blocks, fft_per_block, p, k, n, stride_in, i, j, m, m2; NTTLimb *tab_in, *tab_out, *tmp, a0, a1, b0, b1, c, *trig, c_inv; int l; - + m = ntt_mods[m_idx]; m2 = 2 * m; n = (limb_t)1 << fft_len_log2; @@ -7771,7 +7808,7 @@ static no_inline int ntt_fft(BFNTTState *s, NTTLimb *out_buf, NTTLimb *in_buf, tab_out = tmp; } /* no twiddle in last step */ - tab_out = out_buf; + tab_out = out_buf; for(k = 0; k < stride_in; k++) { a0 = tab_in[k]; a1 = tab_in[k + stride_in]; @@ -7788,7 +7825,7 @@ static void ntt_vec_mul(BFNTTState *s, int k_tot, int m_idx) { limb_t i, norm, norm_inv, a, n, m, m_inv; - + m = ntt_mods[m_idx]; m_inv = s->ntt_mods_div[m_idx]; norm = s->ntt_len_inv[m_idx][k_tot][0]; @@ -7810,7 +7847,7 @@ static no_inline void mul_trig(NTTLimb *buf, limb_t n, limb_t c_mul, limb_t m, limb_t m_inv) { limb_t i, c0, c_mul_inv; - + c0 = 1; c_mul_inv = init_mul_mod_fast2(c_mul, m); for(i = 0; i < n; i++) { @@ -7826,7 +7863,7 @@ static no_inline NTTLimb *get_trig(BFNTTState *s, { NTTLimb *tab; limb_t i, n2, c, c_mul, m, c_mul_inv; - + if (k > NTT_TRIG_K_MAX) return NULL; @@ -7891,7 +7928,7 @@ static int ntt_fft_partial(BFNTTState *s, NTTLimb *buf1, { limb_t i, j, c_mul, c0, m, m_inv, strip_len, l; NTTLimb *buf2, *buf3; - + buf2 = NULL; buf3 = ntt_malloc(s, sizeof(NTTLimb) * n1); if (!buf3) @@ -7924,7 +7961,7 @@ static int ntt_fft_partial(BFNTTState *s, NTTLimb *buf1, mul_trig(buf2 + l * n1, n1, c_mul, m, m_inv); c_mul = mul_mod_fast(c_mul, c0, m, m_inv); } - + for(i = 0; i < n1; i++) { for(l = 0; l < strip_len; l++) { buf1[i * n2 + (j + l)] = buf2[i + l *n1]; @@ -7948,7 +7985,7 @@ static int ntt_conv(BFNTTState *s, NTTLimb *buf1, NTTLimb *buf2, { limb_t n1, n2, i; int k1, k2; - + if (k <= NTT_TRIG_K_MAX) { k1 = k; } else { @@ -7958,7 +7995,7 @@ static int ntt_conv(BFNTTState *s, NTTLimb *buf1, NTTLimb *buf2, k2 = k - k1; n1 = (limb_t)1 << k1; n2 = (limb_t)1 << k2; - + if (ntt_fft_partial(s, buf1, k1, k2, n1, n2, 0, m_idx)) return -1; if (ntt_fft_partial(s, buf2, k1, k2, n1, n2, 0, m_idx)) @@ -7985,13 +8022,13 @@ static no_inline void limb_to_ntt(BFNTTState *s, dlimb_t a, b; int j, shift; limb_t base_mask1, a0, a1, a2, r, m, m_inv; - + #if 0 for(i = 0; i < a_len; i++) { printf("%" PRId64 ": " FMT_LIMB "\n", (int64_t)i, taba[i]); } -#endif +#endif memset(tabr, 0, sizeof(NTTLimb) * fft_len * nb_mods); shift = dpl & (LIMB_BITS - 1); if (shift == 0) @@ -8056,21 +8093,21 @@ static no_inline void ntt_to_limb(BFNTTState *s, limb_t *tabr, limb_t r_len, slimb_t i, len, pos; int j, k, l, shift, n_limb1, p; dlimb_t t; - + j = NB_MODS * (NB_MODS - 1) / 2 - nb_mods * (nb_mods - 1) / 2; mods_cr_vec = s->ntt_mods_cr_vec + j; mf = s->ntt_mods_vec + NB_MODS - nb_mods; m_inv = s->ntt_mods_inv_vec + NB_MODS - nb_mods; - + shift = dpl & (LIMB_BITS - 1); if (shift == 0) base_mask1 = -1; else base_mask1 = ((limb_t)1 << shift) - 1; n_limb1 = ((unsigned)dpl - 1) / LIMB_BITS; - for(j = 0; j < NB_MODS; j++) + for(j = 0; j < NB_MODS; j++) carry[j] = 0; - for(j = 0; j < NB_MODS; j++) + for(j = 0; j < NB_MODS; j++) u[j] = 0; /* avoid warnings */ memset(tabr, 0, sizeof(limb_t) * r_len); fft_len = (limb_t)1 << fft_len_log2; @@ -8092,7 +8129,7 @@ static no_inline void ntt_to_limb(BFNTTState *s, limb_t *tabr, limb_t r_len, } } y[j].v = ntt_mod1(y[j].v, mf[j]); - + for(p = 0; p < VEC_LEN; p++) { /* back to normal representation */ u[0] = (int64_t)y[nb_mods - 1].d[p]; @@ -8108,7 +8145,7 @@ static no_inline void ntt_to_limb(BFNTTState *s, limb_t *tabr, limb_t r_len, l++; } /* XXX: for nb_mods = 5, l should be 4 */ - + /* last step adds the carry */ r = (int64_t)y[0].d[p]; for(k = 0; k < l; k++) { @@ -8125,7 +8162,7 @@ static no_inline void ntt_to_limb(BFNTTState *s, limb_t *tabr, limb_t r_len, } printf("\n"); #endif - + /* write the digits */ pos = i * dpl; for(j = 0; j < n_limb1; j++) { @@ -8159,7 +8196,7 @@ static no_inline void ntt_to_limb(BFNTTState *s, limb_t *tabr, limb_t r_len, slimb_t i, len, pos; int j, k, l, shift, n_limb1; dlimb_t t; - + j = NB_MODS * (NB_MODS - 1) / 2 - nb_mods * (nb_mods - 1) / 2; mods_cr = ntt_mods_cr + j; mods_cr_inv = s->ntt_mods_cr_inv + j; @@ -8170,9 +8207,9 @@ static no_inline void ntt_to_limb(BFNTTState *s, limb_t *tabr, limb_t r_len, else base_mask1 = ((limb_t)1 << shift) - 1; n_limb1 = ((unsigned)dpl - 1) / LIMB_BITS; - for(j = 0; j < NB_MODS; j++) + for(j = 0; j < NB_MODS; j++) carry[j] = 0; - for(j = 0; j < NB_MODS; j++) + for(j = 0; j < NB_MODS; j++) u[j] = 0; /* avoid warnings */ memset(tabr, 0, sizeof(limb_t) * r_len); fft_len = (limb_t)1 << fft_len_log2; @@ -8190,12 +8227,12 @@ static no_inline void ntt_to_limb(BFNTTState *s, limb_t *tabr, limb_t r_len, m = mods[k]; /* Note: there is no overflow in the sub_mod() because the modulos are sorted by increasing order */ - y[k] = mul_mod_fast2(y[k] - y[j] + m, + y[k] = mul_mod_fast2(y[k] - y[j] + m, mods_cr[l], m, mods_cr_inv[l]); l++; } } - + /* back to normal representation */ u[0] = y[nb_mods - 1]; l = 1; @@ -8209,7 +8246,7 @@ static no_inline void ntt_to_limb(BFNTTState *s, limb_t *tabr, limb_t r_len, u[l] = r; l++; } - + /* last step adds the carry */ r = y[0]; for(k = 0; k < l; k++) { @@ -8226,7 +8263,7 @@ static no_inline void ntt_to_limb(BFNTTState *s, limb_t *tabr, limb_t r_len, } printf("\n"); #endif - + /* write the digits */ pos = i * dpl; for(j = 0; j < n_limb1; j++) { @@ -8267,14 +8304,14 @@ static int ntt_static_init(bf_context_t *s1) memset(s, 0, sizeof(*s)); s1->ntt_state = s; s->ctx = s1; - + for(j = 0; j < NB_MODS; j++) { m = ntt_mods[j]; m_inv = init_mul_mod_fast(m); s->ntt_mods_div[j] = m_inv; #if defined(__AVX2__) - s->ntt_mods_vec[j] = _mm256_set1_pd(m); - s->ntt_mods_inv_vec[j] = _mm256_set1_pd(1.0 / (double)m); + s->ntt_mods_vec[j] = (__m256d){m, m, m, m}; + s->ntt_mods_inv_vec[j] = (__m256d){1./m, 1./m, 1./m, 1./m}; #endif c_inv2 = (m + 1) / 2; /* 1/2 */ c_inv = 1; @@ -8299,8 +8336,9 @@ static int ntt_static_init(bf_context_t *s1) for(j = 0; j < NB_MODS - 1; j++) { for(k = j + 1; k < NB_MODS; k++) { #if defined(__AVX2__) - s->ntt_mods_cr_vec[l] = _mm256_set1_pd(int_to_ntt_limb2(ntt_mods_cr[l], - ntt_mods[k])); + NTTLimb x = int_to_ntt_limb2(ntt_mods_cr[l], + ntt_mods[k]); + s->ntt_mods_cr_vec[l] = (__m256d){x, x, x, x}; #else s->ntt_mods_cr_inv[l] = init_mul_mod_fast2(ntt_mods_cr[l], ntt_mods[k]); @@ -8316,7 +8354,7 @@ int bf_get_fft_size(int *pdpl, int *pnb_mods, limb_t len) int dpl, fft_len_log2, n_bits, nb_mods, dpl_found, fft_len_log2_found; int int_bits, nb_mods_found; limb_t cost, min_cost; - + min_cost = -1; dpl_found = 0; nb_mods_found = 4; @@ -8372,11 +8410,11 @@ static no_inline int fft_mul(bf_context_t *s1, #if defined(USE_MUL_CHECK) limb_t ha, hb, hr, h_ref; #endif - + if (ntt_static_init(s1)) return -1; s = s1->ntt_state; - + /* find the optimal number of digits per limb (dpl) */ len = a_len + b_len; fft_len_log2 = bf_get_fft_size(&dpl, &nb_mods, len); @@ -8404,7 +8442,7 @@ static no_inline int fft_mul(bf_context_t *s1, return -1; limb_to_ntt(s, buf1, fft_len, a_tab, a_len, dpl, NB_MODS - nb_mods, nb_mods); - if ((mul_flags & (FFT_MUL_R_OVERLAP_A | FFT_MUL_R_OVERLAP_B)) == + if ((mul_flags & (FFT_MUL_R_OVERLAP_A | FFT_MUL_R_OVERLAP_B)) == FFT_MUL_R_OVERLAP_A) { if (!(mul_flags & FFT_MUL_R_NORESIZE)) bf_resize(res, 0); @@ -8454,7 +8492,7 @@ static no_inline int fft_mul(bf_context_t *s1, // printf("ha=0x" FMT_LIMB" hb=0x" FMT_LIMB " hr=0x" FMT_LIMB " expected=0x" FMT_LIMB "\n", ha, hb, hr, h_ref); exit(1); } -#endif +#endif return 0; fail: ntt_free(s, buf1); diff --git a/third_party/quickjs/qjs.c b/third_party/quickjs/qjs.c index 39f541f81..9deaa5299 100644 --- a/third_party/quickjs/qjs.c +++ b/third_party/quickjs/qjs.c @@ -83,7 +83,7 @@ static int eval_file(JSContext *ctx, const char *filename, int module) uint8_t *buf; int ret, eval_flags; size_t buf_len; - + buf = js_load_file(ctx, &buf_len, filename); if (!buf) { perror(filename); @@ -326,7 +326,7 @@ int main(int argc, char **argv) int load_jscalc; #endif size_t stack_size = 0; - + #ifdef CONFIG_BIGNUM /* load jscalc runtime if invoked as 'qjscalc' */ { @@ -338,7 +338,7 @@ int main(int argc, char **argv) load_jscalc = !strcmp(exename, "qjscalc"); } #endif - + /* cannot use getopt because we want to pass the command line to the script */ optind = 1; @@ -489,7 +489,7 @@ int main(int argc, char **argv) JS_SetHostPromiseRejectionTracker(rt, js_std_promise_rejection_tracker, NULL); } - + if (!empty_run) { #ifdef CONFIG_BIGNUM if (load_jscalc) { @@ -513,24 +513,21 @@ int main(int argc, char **argv) } if (expr) { - if (eval_buf(ctx, expr, strlen(expr), "", 0)) - goto fail; - } else - if (optind >= argc) { - /* interactive mode */ - interactive = 1; + if (eval_buf(ctx, expr, strlen(expr), "", 0)) goto fail; + } else if (optind >= argc) { + /* interactive mode */ + interactive = 1; } else { - const char *filename; - filename = argv[optind]; - if (eval_file(ctx, filename, module)) - goto fail; + const char *filename; + filename = argv[optind]; + if (eval_file(ctx, filename, module)) goto fail; } if (interactive) { - js_std_eval_binary(ctx, qjsc_repl, qjsc_repl_size, 0); + js_std_eval_binary(ctx, qjsc_repl, qjsc_repl_size, 0); } js_std_loop(ctx); } - + if (dump_memory) { JSMemoryUsage stats; JS_ComputeMemoryUsage(rt, &stats); diff --git a/tool/build/bigmul.c b/tool/build/bigmul.c new file mode 100644 index 000000000..07cfb78a3 --- /dev/null +++ b/tool/build/bigmul.c @@ -0,0 +1,185 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ │ +│ Permission to use, copy, modify, and/or distribute this software for │ +│ any purpose with or without fee is hereby granted, provided that the │ +│ above copyright notice and this permission notice appear in all copies. │ +│ │ +│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ +│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ +│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ +│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ +│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ +│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ +│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ +│ PERFORMANCE OF THIS SOFTWARE. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/assert.h" +#include "libc/fmt/conv.h" +#include "libc/log/log.h" +#include "libc/macros.internal.h" +#include "libc/mem/mem.h" +#include "libc/runtime/gc.internal.h" +#include "libc/stdio/stdio.h" +#include "libc/str/str.h" + +/** + * @fileoverview cryptographic multiplication kernel generator + */ + +void PrintMultiplyKernel(int n, int m) { + bool cf, of; + uint128_t x; + bool *Rs, *Ra; + int j, i, k1, k2, g; + uint64_t *R, *H; + printf("\ +/**\n\ + * Computes %d-bit product of %d-bit and %d-bit numbers.\n\ + *\n\ + * @param C receives %d quadword result\n\ + * @param A is left hand side which must have %d quadwords\n\ + * @param B is right hand side which must have %d quadwords\n\ + * @note words are host endian while array is little endian\n\ + * @mayalias\n\ + */\n\ +void Multiply%dx%d(uint64_t C[%d], const uint64_t A[%d], const uint64_t B[%d]) {\n\ + static bool cf,of;\n\ + uint64_t z,h,l;\n\ + uint64_t ", + (n + m) * 64, n * 64, m * 64, n + m, n, m, n, m, n + m, n, m); + Rs = gc(calloc(sizeof(*Rs), n + m + 1)); + Ra = gc(calloc(sizeof(*Ra), n + m + 1)); + for (j = 0; j < n; ++j) { + if (j) printf(", "); + printf("H%d", j); + } + printf(";\n"); + printf(" uint64_t "); + for (j = 0; j < n + m; ++j) { + if (j) printf(", "); + printf("R%d", j); + } + printf(";\n"); + for (j = 0; j < m; ++j) { + (printf)("\ + asm(\"xorl\\t%%k0,%%k0\" : \"=r\"(z), \"+m\"(cf), \"+m\"(of));\n", + j); + for (cf = of = i = 0; i < n; ++i) { + if (!i) { + if (!Rs[i + j] && !Rs[i + j + 1]) { + assert(!cf); + assert(!of); + Rs[i + j + 0] = true; + Rs[i + j + 1] = true; + (printf)("\ + asm(\"mulx\\t%%2,%%1,%%0\" : \"=r\"(R%d), \"=r\"(R%d) : \"rm\"(A[%d]), \"d\"(B[%d]));\n", + i + j + 1, i + j, i, j); + } else if (!Rs[i + j + 1]) { + of = true; + assert(!cf); + Ra[i + j + 0] = true; + Rs[i + j + 1] = true; + (printf)("\ + asm(\"mulx\\t%%2,%%1,%%0\" : \"=r\"(R%d), \"=r\"(l) : \"rm\"(A[%d]), \"d\"(B[%d]));\n\ + asm(\"adox\\t%%2,%%0\" : \"+r\"(R%d), \"+m\"(of) : \"r\"(l));\n", + i + j + 1, i, j, i + j); + } else { + cf = true; + of = true; + assert(Rs[i + j]); + Ra[i + j + 0] = true; + Ra[i + j + 1] = true; + (printf)("\ + asm(\"mulx\\t%%2,%%1,%%0\" : \"=r\"(h), \"=r\"(l) : \"rm\"(A[%d]), \"d\"(B[%d]));\n\ + asm(\"adox\\t%%2,%%0\" : \"+r\"(R%d), \"+m\"(of) : \"r\"(l));\n\ + asm(\"adcx\\t%%2,%%0\" : \"+r\"(R%d), \"+m\"(cf) : \"r\"(h));\n", + i, j, i + j, i + j + 1); + } + } else { + assert(Rs[i + j]); + if (!Rs[i + j + 1]) { + if (cf) { + of = true; + cf = false; + Ra[i + j + 0] = true; + Rs[i + j + 1] = true; + Ra[i + j + 1] = false; + (printf)("\ + asm(\"mulx\\t%%2,%%1,%%0\" : \"=r\"(R%d), \"=r\"(l) : \"rm\"(A[%d]), \"d\"(B[%d]));\n\ + asm(\"adox\\t%%2,%%0\" : \"+r\"(R%d), \"+m\"(of) : \"r\"(l));\n\ + asm(\"adcx\\t%%2,%%0\" : \"+r\"(R%d), \"+m\"(cf) : \"r\"(z));\n", + i + j + 1, i, j, i + j, i + j + 1); + } else { + of = true; + Ra[i + j + 0] = true; + Rs[i + j + 1] = true; + Ra[i + j + 1] = false; + (printf)("\ + asm(\"mulx\\t%%2,%%1,%%0\" : \"=r\"(R%d), \"=r\"(l) : \"rm\"(A[%d]), \"d\"(B[%d]));\n\ + asm(\"adox\\t%%2,%%0\" : \"+r\"(R%d), \"+m\"(of) : \"r\"(l));\n", + i + j + 1, i, j, i + j); + } + } else { + of = true; + cf = true; + Ra[i + j + 0] = true; + Ra[i + j + 1] = true; + (printf)("\ + asm(\"mulx\\t%%2,%%1,%%0\" : \"=r\"(h), \"=r\"(l) : \"rm\"(A[%d]), \"d\"(B[%d]));\n\ + asm(\"adox\\t%%2,%%0\" : \"+r\"(R%d), \"+m\"(of) : \"r\"(l));\n\ + asm(\"adcx\\t%%2,%%0\" : \"+r\"(R%d), \"+m\"(cf) : \"rm\"(h));\n", + i, j, i + j, i + j + 1); + } + } + } + k1 = 0; + if (of) { + for (;; ++k1) { + (printf)("\ + asm(\"adox\\t%%2,%%0\" : \"+r\"(R%d), \"+m\"(of) : \"r\"(z));\n", + i + j + k1); + if (!Rs[i + j + k1]) { + break; + } + if (!Ra[i + j + k1]) { + break; + } + } + } + k2 = 0; + if (cf) { + for (;; ++k2) { + (printf)("\ + asm(\"adcx\\t%%2,%%0\" : \"+r\"(R%d), \"+m\"(cf) : \"r\"(z));\n", + i + j + k2); + if (!Rs[i + j + k2]) { + break; + } + if (!Ra[i + j + k2]) { + break; + } + } + } + for (g = 0; g < MAX(k1, k2); ++g) { + Rs[i + j + g] = true; + } + } + for (j = 0; j < n + m; ++j) { + printf(" C[%d] = R%d;\n", j, j); + } + printf("}\n"); + fflush(stdout); +} + +int main(int argc, char *argv[]) { + int n, m; + if (argc != 3 || (n = atoi(argv[1])) <= 0 || (m = atoi(argv[2])) <= 0) { + fprintf(stderr, "Usage: %s LHS-LIMBS RHS-LIMBS\n", argv[0]); + return 1; + } + PrintMultiplyKernel(n, m); + return 0; +} diff --git a/tool/build/deltaify.c b/tool/build/deltaify.c index c3194a804..c2b93db8b 100644 --- a/tool/build/deltaify.c +++ b/tool/build/deltaify.c @@ -44,6 +44,8 @@ int main(int argc, char *argv[]) { int64_t micros; long double t1, t2; int ws, pipefds[2]; + setvbuf(stdout, malloc(BUFSIZ), _IOLBF, BUFSIZ); + setvbuf(stderr, malloc(BUFSIZ), _IOLBF, BUFSIZ); t1 = nowl(); if (argc < 2) { f = stdin; @@ -85,7 +87,7 @@ int main(int argc, char *argv[]) { t2 = nowl(); micros = (t2 - t1) * 1e6; t1 = t2; - printf("%,16ld %s", micros, s); + printf("%16ld %s", micros, s); free(s); } ok = !ferror(f); diff --git a/tool/build/lib/pty.c b/tool/build/lib/pty.c index 99cf8b731..169c2d906 100644 --- a/tool/build/lib/pty.c +++ b/tool/build/lib/pty.c @@ -141,6 +141,7 @@ * \e[?25l HIDE CURSOR * \e[s SAVE CURSOR POSITION * \e[u RESTORE CURSOR POSITION + * \e[?5h ... \e[?5l REVERSE VIDEO EPILEPSY * \e[0q RESET LEDS * \e[1q TURN ON FIRST LED * \e[2q TURN ON SECOND LED diff --git a/tool/emacs/cosmo-asm-mode.el b/tool/emacs/cosmo-asm-mode.el index 32bf6dcfb..3a9922746 100644 --- a/tool/emacs/cosmo-asm-mode.el +++ b/tool/emacs/cosmo-asm-mode.el @@ -112,6 +112,7 @@ "asyncsignalsafe" "notasyncsignalsafe" "isa" + "mayalias" "sideffect") "\\>"])) "Assembly docstring highlighting in Google Java Style.") diff --git a/tool/net/help.txt b/tool/net/help.txt index 5f618c5e1..9e98ad489 100644 --- a/tool/net/help.txt +++ b/tool/net/help.txt @@ -231,6 +231,27 @@ SECURITY redbean.com -dD /var/www/html + You can load as many public and private keys as you want. They can be + specified as pem, der, concatenated ascii, bundles, or chains. If you + don't specify specific chains then redbean will automatically infer it + based on SUBJECT → ISSUER relationships. Your redbean won't serve the + self-signed root certificate at the end of the chain where self-signed + is defined as SUBJECT == ISSUER. Otherwise you can control when chains + terminate by setting the max length constraint to zero. + + Your redbean supports SSL virtual hosting. 99.76% of TLS clients send + a Server Name Indicator (SNI), which is matched against DNS or IPs in + Subject Alternative Names (SAN) or the Common Name (CN) of subject if + SAN isn't used. This means you don't need to reveal your whole domain + portfolio to each client just to have ssl. You can just use different + certificates for each domain if you choose to do so. + + Your redbean has been secured with algorithms so strong that, until a + few decades ago, it was illegal to share them with with those outside + the United States. By default, your redbean uses Suite C cryptography + since it goes a little bit faster. If you want stronger Suite B stuff + then you can pass the -B flag. + SSL verbosity is controlled as follows for troubleshooting: -V log ssl errors @@ -785,6 +806,15 @@ FUNCTIONS ProgramPrivateKey(Slurp("/etc/letsencrypt/fullchain.pem")) for local file system only. + ProgramSslTicketLifetime(seconds:int) + Defaults to 86400 (24 hours). This may be set to ≤0 to disable + SSL tickets. It's a good idea to use these since it increases + handshake performance 10x and eliminates a network round trip. + + EvadeDragnetSurveillance(bool) + If this option is programmed then redbean will not transmit a + Server Name Indicator (SNI) when performing Fetch() requests. + IsDaemon() → bool Returns true if -d flag was passed to redbean. diff --git a/tool/net/net.mk b/tool/net/net.mk index ad69fd625..90f4d4783 100644 --- a/tool/net/net.mk +++ b/tool/net/net.mk @@ -22,7 +22,8 @@ TOOL_NET_COMS = \ o/$(MODE)/tool/net/redbean-static.com \ o/$(MODE)/tool/net/redbean-unsecure.com \ o/$(MODE)/tool/net/redbean-original.com \ - o/$(MODE)/tool/net/echoserver.com + o/$(MODE)/tool/net/echoserver.com \ + o/$(MODE)/tool/net/wb.com TOOL_NET_DIRECTDEPS = \ LIBC_ALG \ diff --git a/tool/net/redbean.c b/tool/net/redbean.c index 88a03098b..9446f68f6 100644 --- a/tool/net/redbean.c +++ b/tool/net/redbean.c @@ -60,6 +60,7 @@ #include "libc/sysv/consts/ex.h" #include "libc/sysv/consts/exit.h" #include "libc/sysv/consts/f.h" +#include "libc/sysv/consts/grnd.h" #include "libc/sysv/consts/inaddr.h" #include "libc/sysv/consts/ipproto.h" #include "libc/sysv/consts/lock.h" @@ -110,6 +111,7 @@ #include "third_party/mbedtls/sha1.h" #include "third_party/mbedtls/ssl.h" #include "third_party/mbedtls/ssl_ticket.h" +#include "third_party/mbedtls/traceme.h" #include "third_party/mbedtls/x509.h" #include "third_party/mbedtls/x509_crt.h" #include "third_party/regex/regex.h" @@ -140,7 +142,6 @@ #define REDBEAN "redbean" #endif -#define CHUNK (128 * 1024) #define HASH_LOAD_FACTOR /* 1. / */ 4 #define read(F, P, N) readv(F, &(struct iovec){P, N}, 1) #define write(F, P, N) writev(F, &(struct iovec){P, N}, 1) @@ -207,6 +208,7 @@ struct DeflateGenerator { void *b; size_t i; uint32_t c; + uint32_t z; z_stream s; struct Asset *a; }; @@ -332,6 +334,7 @@ static bool hasonprocesscreate; static bool hasonprocessdestroy; static bool loggednetworkorigin; static bool hasonclientconnection; +static bool evadedragnetsurveillance; static int zfd; static int frags; @@ -343,6 +346,7 @@ static int statuscode; static int oldloglevel; static int maxpayloadsize; static int messageshandled; +static int sslticketlifetime; static uint32_t clientaddrsize; static lua_State *L; @@ -456,7 +460,7 @@ forceinline bool SlicesEqual(const char *a, size_t n, const char *b, size_t m) { return n == m && !memcmp(a, b, n); } -forceinline bool SlicesEqualCase(const char *a, size_t n, const char *b, +forceinline bool SlicesEqualCase(const void *a, size_t n, const void *b, size_t m) { return n == m && !memcasecmp(a, b, n); } @@ -699,7 +703,7 @@ static void InternCertificate(mbedtls_x509_crt *cert, mbedtls_x509_crt *prev) { } } LogCertificate("loaded certificate", cert); - if (!cert->next && !IsSelfSigned(cert)) { + if (!cert->next && !IsSelfSigned(cert) && cert->max_pathlen) { for (i = 0; i < certs.n; ++i) { if (!certs.p[i].cert) continue; if (mbedtls_pk_can_do(&cert->pk, certs.p[i].cert->sig_pk) && @@ -713,7 +717,8 @@ static void InternCertificate(mbedtls_x509_crt *cert, mbedtls_x509_crt *prev) { for (i = 0; i < certs.n; ++i) { if (!certs.p[i].cert) continue; if (certs.p[i].cert->next) continue; - if (mbedtls_pk_can_do(&certs.p[i].cert->pk, cert->sig_pk) && + if (certs.p[i].cert->max_pathlen && + mbedtls_pk_can_do(&certs.p[i].cert->pk, cert->sig_pk) && !mbedtls_x509_crt_check_parent(certs.p[i].cert, cert, 1)) { ChainCertificate(certs.p[i].cert, cert); } @@ -734,7 +739,7 @@ static void ProgramCertificate(const char *p, size_t n) { mbedtls_platform_zeroize(waqapi, n); free(waqapi); if (rc < 0) { - WARNF("failed to load certificate (grep -0x%04x)\n", rc); + WARNF("failed to load certificate (grep -0x%04x)", rc); return; } else if (rc > 0) { VERBOSEF("certificate bundle partially loaded"); @@ -754,10 +759,7 @@ static void ProgramPrivateKey(const char *p, size_t n) { rc = mbedtls_pk_parse_key(key, waqapi, n + 1, 0, 0); mbedtls_platform_zeroize(waqapi, n); free(waqapi); - if (rc != 0) { - fprintf(stderr, "error: load key (grep -0x%04x)\n", -rc); - exit(1); - } + if (rc != 0) FATALF("error: load key (grep -0x%04x)", -rc); for (i = 0; i < certs.n; ++i) { if (certs.p[i].cert && !certs.p[i].key && !mbedtls_pk_check_pair(&certs.p[i].cert->pk, key)) { @@ -778,8 +780,7 @@ static void ProgramFile(const char *path, void program(const char *, size_t)) { mbedtls_platform_zeroize(p, n); free(p); } else { - fprintf(stderr, "error: failed to read file: %s\n", path); - exit(1); + FATALF("error: failed to read file: %s", path); } } @@ -797,6 +798,10 @@ static void ProgramMaxPayloadSize(long x) { maxpayloadsize = MAX(1450, x); } +static void ProgramSslTicketLifetime(long x) { + sslticketlifetime = x; +} + static uint32_t ResolveIp(const char *addr) { ssize_t rc; uint32_t ip; @@ -960,6 +965,7 @@ static void SetDefaults(void) { maxpayloadsize = 64 * 1024; ProgramCache(-1); ProgramTimeout(60 * 1000); + ProgramSslTicketLifetime(24 * 60 * 60); sslfetchverify = true; if (IsWindows()) uniprocess = true; } @@ -1486,6 +1492,7 @@ static void NotifyClose(void) { static void WipeKeySigningKeys(void) { size_t i; + if (uniprocess) return; for (i = 0; i < certs.n; ++i) { if (!certs.p[i].key) continue; if (!certs.p[i].cert) continue; @@ -1496,8 +1503,74 @@ static void WipeKeySigningKeys(void) { } static void WipeServingKeys(void) { - mbedtls_ssl_ticket_free(&ssltick); - mbedtls_ssl_key_cert_free(conf.key_cert); + if (uniprocess) return; + /* TODO(jart): We need to figure out MbedTLS ownership semantics here. */ + /* mbedtls_ssl_ticket_free(&ssltick); */ + /* mbedtls_ssl_key_cert_free(conf.key_cert); */ +} + +static int TlsRouteCertificate(mbedtls_ssl_context *ssl, int i, + const unsigned char *host, size_t size) { + int rc; + if (!(rc = mbedtls_ssl_set_hs_own_cert(ssl, certs.p[i].cert, + certs.p[i].key))) { + DEBUGF("TlsRoute(%`'.*s) %s %`'s", size, host, + mbedtls_pk_get_name(&certs.p[i].cert->pk), + gc(FormatX509Name(&certs.p[i].cert->subject))); + return 0; + } else { + return -1; + } +} + +static int TlsRoute(void *ctx, mbedtls_ssl_context *ssl, + const unsigned char *host, size_t size) { + int rc; + size_t i; + int64_t ip; + int santype; + const mbedtls_x509_name *name; + const mbedtls_x509_sequence *cur; + ip = ParseIp((const char *)host, size); + for (rc = -1, i = 0; i < certs.n; ++i) { + if (!certs.p[i].key || !certs.p[i].cert || certs.p[i].cert->ca_istrue || + mbedtls_x509_crt_check_extended_key_usage( + certs.p[i].cert, MBEDTLS_OID_SERVER_AUTH, + MBEDTLS_OID_SIZE(MBEDTLS_OID_SERVER_AUTH))) { + continue; + } + if (ip == -1) { + if (certs.p[i].cert->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { + for (cur = &certs.p[i].cert->subject_alt_names; cur; cur = cur->next) { + if ((cur->buf.tag & MBEDTLS_ASN1_TAG_VALUE_MASK) == + MBEDTLS_X509_SAN_DNS_NAME && + SlicesEqualCase(host, size, cur->buf.p, cur->buf.len)) { + if (!TlsRouteCertificate(ssl, i, host, size)) rc = 0; + break; + } + } + } else { + for (name = &certs.p[i].cert->subject; name; name = name->next) { + if (!MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &name->oid) && + SlicesEqualCase(host, size, name->val.p, name->val.len)) { + if (!TlsRouteCertificate(ssl, i, host, size)) rc = 0; + break; + } + } + } + } else if (certs.p[i].cert->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { + for (cur = &certs.p[i].cert->subject_alt_names; cur; cur = cur->next) { + if ((cur->buf.tag & MBEDTLS_ASN1_TAG_VALUE_MASK) == + MBEDTLS_X509_SAN_IP_ADDRESS && + cur->buf.len == 4 && ip == READ32BE(cur->buf.p)) { + if (!TlsRouteCertificate(ssl, i, host, size)) rc = 0; + break; + } + } + } + } + if (rc) VERBOSEF("TlsRoute(%`'.*s) not found", size, host); + return rc; } static bool TlsSetup(void) { @@ -1693,7 +1766,7 @@ static void ConfigureCertificate(mbedtls_x509write_cert *cw, struct Cert *ca, free(san); } -static struct Cert *GetKeySigningKey(void) { +static struct Cert GetKeySigningKey(void) { size_t i; for (i = 0; i < certs.n; ++i) { if (!certs.p[i].key) continue; @@ -1703,9 +1776,9 @@ static struct Cert *GetKeySigningKey(void) { MBEDTLS_X509_KU_KEY_CERT_SIGN)) { continue; } - return certs.p + i; + return certs.p[i]; } - return NULL; + return (struct Cert){0}; } static mbedtls_pk_context *InitializeKey(struct Cert *ca, @@ -1784,7 +1857,7 @@ static struct Cert GenerateRsaCertificate(struct Cert *ca) { static void LoadCertificates(void) { size_t i; - struct Cert *ksk, ecp, rsa; + struct Cert ksk, ecp, rsa; bool havecert, haveclientcert; havecert = false; haveclientcert = false; @@ -1809,9 +1882,9 @@ static void LoadCertificates(void) { } } if (!havecert || !haveclientcert) { - if ((ksk = GetKeySigningKey())) { + if ((ksk = GetKeySigningKey()).key) { DEBUGF("generating ssl certificates using %`'s", - gc(FormatX509Name(&ksk->cert->subject))); + gc(FormatX509Name(&ksk.cert->subject))); } else { VERBOSEF("could not find non-CA SSL certificate key pair with" " -addext keyUsage=digitalSignature" @@ -1821,14 +1894,16 @@ static void LoadCertificates(void) { LOGF("generating self-signed ssl certificates"); } #ifdef MBEDTLS_ECP_C - ecp = GenerateEcpCertificate(ksk); + ecp = GenerateEcpCertificate(ksk.key ? &ksk : 0); if (!havecert) UseCertificate(&conf, &ecp); if (!haveclientcert) UseCertificate(&confcli, &ecp); + AppendCert(ecp.cert, ecp.key); #endif #ifdef MBEDTLS_RSA_C - rsa = GenerateRsaCertificate(ksk); + rsa = GenerateRsaCertificate(ksk.key ? &ksk : 0); if (!havecert) UseCertificate(&conf, &rsa); if (!haveclientcert) UseCertificate(&confcli, &rsa); + AppendCert(rsa.cert, rsa.key); #endif } WipeKeySigningKeys(); @@ -2171,14 +2246,14 @@ static bool Inflate(void *dp, size_t dn, const void *sp, size_t sn) { if (IsTiny()) { return undeflate(dp, dn, sp, sn, &ds) != -1; } else { + zs.zfree = 0; + zs.zalloc = 0; zs.next_in = sp; zs.avail_in = sn; zs.total_in = sn; zs.next_out = dp; zs.avail_out = dn; zs.total_out = dn; - zs.zfree = Z_NULL; - zs.zalloc = Z_NULL; CHECK_EQ(Z_OK, inflateInit2(&zs, -MAX_WBITS)); switch ((rc = inflate(&zs, Z_NO_FLUSH))) { case Z_STREAM_END: @@ -2220,8 +2295,10 @@ static void *Deflate(const void *data, size_t size, size_t *out_size) { void *res; z_stream zs; LockInc(&shared->c.deflates); - CHECK_EQ(Z_OK, deflateInit2(memset(&zs, 0, sizeof(zs)), 4, Z_DEFLATED, - -MAX_WBITS, DEF_MEM_LEVEL, Z_DEFAULT_STRATEGY)); + zs.zfree = 0; + zs.zalloc = 0; + CHECK_EQ(Z_OK, deflateInit2(&zs, 4, Z_DEFLATED, -MAX_WBITS, DEF_MEM_LEVEL, + Z_DEFAULT_STRATEGY)); zs.next_in = data; zs.avail_in = size; zs.avail_out = compressBound(size); @@ -2280,7 +2357,7 @@ static void GetOpts(int argc, char *argv[]) { int opt; while ((opt = getopt(argc, argv, "jkazhdugvVsmbfB" - "l:p:r:R:H:c:L:P:U:G:D:t:M:C:K:F:")) != -1) { + "l:p:r:R:H:c:L:P:U:G:D:t:M:C:K:F:T:")) != -1) { switch (opt) { CASE('v', ++__log_level); CASE('s', --__log_level); @@ -2309,6 +2386,7 @@ static void GetOpts(int argc, char *argv[]) { CASE('r', ProgramRedirectArg(307, optarg)); CASE('t', ProgramTimeout(ParseInt(optarg))); CASE('h', PrintUsage(stdout, EXIT_SUCCESS)); + CASE('T', ProgramSslTicketLifetime(ParseInt(optarg))); CASE('M', ProgramMaxPayloadSize(ParseInt(optarg))); #ifndef UNSECURE CASE('C', ProgramFile(optarg, ProgramCertificate)); @@ -2452,6 +2530,7 @@ static ssize_t DeflateGenerator(struct iovec v[3]) { int i, rc; size_t no; void *res; + int level; i = 0; if (!dg.t) { v[0].iov_base = kGzipHeader; @@ -2464,15 +2543,22 @@ static ssize_t DeflateGenerator(struct iovec v[3]) { if (dg.t != 2) { CHECK_EQ(0, dg.s.avail_in); dg.s.next_in = (void *)(content + dg.i); - dg.s.avail_in = MIN(CHUNK, contentlength - dg.i); + dg.s.avail_in = MIN(dg.z, contentlength - dg.i); dg.c = crc32_z(dg.c, dg.s.next_in, dg.s.avail_in); dg.i += dg.s.avail_in; } dg.s.next_out = dg.b; - dg.s.avail_out = CHUNK; + dg.s.avail_out = dg.z; + no = dg.s.avail_in; rc = deflate(&dg.s, dg.i < contentlength ? Z_SYNC_FLUSH : Z_FINISH); - if (rc != Z_OK && rc != Z_STREAM_END) FATALF("deflate()→%d", rc); - no = CHUNK - dg.s.avail_out; + if (rc != Z_OK && rc != Z_STREAM_END) { + FATALF("deflate()→%d oldin:%,zu/%,zu in:%,zu/%,zu out:%,zu/%,zu", rc, no, + dg.z, dg.s.avail_in, dg.z, dg.s.avail_out, dg.z); + } else { + NOISEF("deflate()→%d oldin:%,zu/%,zu in:%,zu/%,zu out:%,zu/%,zu", rc, no, + dg.z, dg.s.avail_in, dg.z, dg.s.avail_out, dg.z); + } + no = dg.z - dg.s.avail_out; if (no) { v[i].iov_base = dg.b; v[i].iov_len = no; @@ -2480,7 +2566,11 @@ static ssize_t DeflateGenerator(struct iovec v[3]) { } if (rc == Z_OK) { CHECK_GT(no, 0); - dg.t = dg.s.avail_out ? 1 : 2; + if (dg.s.avail_out) { + dg.t = 1; + } else { + dg.t = 2; + } } else if (rc == Z_STREAM_END) { CHECK_EQ(contentlength, dg.i); CHECK_EQ(Z_OK, deflateEnd(&dg.s)); @@ -2496,17 +2586,24 @@ static ssize_t DeflateGenerator(struct iovec v[3]) { static char *ServeAssetCompressed(struct Asset *a) { char *p; uint32_t crc; + uint8_t rando[2]; LockInc(&shared->c.deflates); LockInc(&shared->c.compressedresponses); DEBUGF("ServeAssetCompressed()"); dg.t = 0; dg.i = 0; dg.c = 0; + if (usessl) { + mbedtls_ctr_drbg_random(&rng, rando, sizeof(rando)); + dg.z = 512 + (READ16LE(rando) & 1023); + } else { + dg.z = 65536; + } gzipped = true; generator = DeflateGenerator; CHECK_EQ(Z_OK, deflateInit2(memset(&dg.s, 0, sizeof(dg.s)), 4, Z_DEFLATED, -MAX_WBITS, DEF_MEM_LEVEL, Z_DEFAULT_STRATEGY)); - dg.b = FreeLater(malloc(CHUNK)); + dg.b = FreeLater(malloc(dg.z)); p = SetStatus(200, "OK"); p = stpcpy(p, "Content-Encoding: gzip\r\n"); return p; @@ -2525,14 +2622,14 @@ static ssize_t InflateGenerator(struct iovec v[3]) { if (dg.t != 2) { CHECK_EQ(0, dg.s.avail_in); dg.s.next_in = (void *)(content + dg.i); - dg.s.avail_in = MIN(CHUNK, contentlength - dg.i); + dg.s.avail_in = MIN(dg.z, contentlength - dg.i); dg.i += dg.s.avail_in; } dg.s.next_out = dg.b; - dg.s.avail_out = CHUNK; + dg.s.avail_out = dg.z; rc = inflate(&dg.s, Z_NO_FLUSH); if (rc != Z_OK && rc != Z_STREAM_END) FATALF("inflate()→%d", rc); - no = CHUNK - dg.s.avail_out; + no = dg.z - dg.s.avail_out; if (no) { v[i].iov_base = dg.b; v[i].iov_len = no; @@ -2567,9 +2664,10 @@ static char *ServeAssetDecompressed(struct Asset *a) { dg.i = 0; dg.c = 0; dg.a = a; + dg.z = 65536; + CHECK_EQ(Z_OK, inflateInit2(&dg.s, -MAX_WBITS)); generator = InflateGenerator; - CHECK_EQ(Z_OK, inflateInit2(memset(&dg.s, 0, sizeof(dg.s)), -MAX_WBITS)); - dg.b = FreeLater(malloc(CHUNK)); + dg.b = FreeLater(malloc(dg.z)); return SetStatus(200, "OK"); } else if ((p = FreeLater(malloc(size))) && Inflate(p, size, content, contentlength) && @@ -3705,7 +3803,9 @@ static int LuaFetch(lua_State *L) { } sslcliused = true; DEBUGF("client handshaking %`'s", host); - mbedtls_ssl_set_hostname(&sslcli, host); + if (!evadedragnetsurveillance) { + mbedtls_ssl_set_hostname(&sslcli, host); + } bio = gc(malloc(sizeof(struct TlsBio))); bio->fd = sock; bio->a = 0; @@ -3759,7 +3859,7 @@ static int LuaFetch(lua_State *L) { inbuf.c += inbuf.c >> 1; inbuf.p = realloc(inbuf.p, inbuf.c); } - DEBUGF("client reading"); + NOISEF("client reading"); if (usessl) { if ((rc = mbedtls_ssl_read(&sslcli, inbuf.p + inbuf.n, inbuf.c - inbuf.n)) < 0) { @@ -3783,9 +3883,15 @@ static int LuaFetch(lua_State *L) { inbuf.n += g; switch (t) { case kHttpClientStateHeaders: - if (!g) goto TransportError; + if (!g) { + WARNF("HTTP client %s error", "EOF headers"); + goto TransportError; + } rc = ParseHttpMessage(&msg, inbuf.p, inbuf.n); - if (rc == -1) goto TransportError; + if (rc == -1) { + WARNF("HTTP client %s error", "ParseHttpMessage"); + goto TransportError; + } if (rc) { hdrsize = rc; if (logmessages) { @@ -3796,6 +3902,7 @@ static int LuaFetch(lua_State *L) { !HeaderEqualCase(kHttpContentLength, "0")) || (HasHeader(kHttpTransferEncoding) && !HeaderEqualCase(kHttpTransferEncoding, "identity"))) { + WARNF("HTTP client %s error", "Content-Length #1"); goto TransportError; } DestroyHttpMessage(&msg); @@ -3814,12 +3921,16 @@ static int LuaFetch(lua_State *L) { memset(&u, 0, sizeof(u)); goto Chunked; } else { + WARNF("HTTP client %s error", "Transfer-Encoding"); goto TransportError; } } else if (HasHeader(kHttpContentLength)) { rc = ParseContentLength(HeaderData(kHttpContentLength), HeaderLength(kHttpContentLength)); - if (rc == -1) goto TransportError; + if (rc == -1) { + WARNF("HTTP client %s error", "Content-Length #2"); + goto TransportError; + } if ((paylen = rc) <= inbuf.n - hdrsize) { goto Finished; } else { @@ -3837,13 +3948,21 @@ static int LuaFetch(lua_State *L) { } break; case kHttpClientStateBodyLengthed: - if (!g) goto TransportError; - if (inbuf.n - hdrsize >= paylen) goto Finished; + if (!g) { + WARNF("HTTP client %s error", "EOF body"); + goto TransportError; + } + if (inbuf.n - hdrsize >= paylen) { + goto Finished; + } break; case kHttpClientStateBodyChunked: Chunked: rc = Unchunk(&u, inbuf.p + hdrsize, inbuf.n - hdrsize, &paylen); - if (rc == -1) goto TransportError; + if (rc == -1) { + WARNF("HTTP client %s error", "Unchunk"); + goto TransportError; + } if (rc) goto Finished; break; default: @@ -4614,6 +4733,10 @@ static int LuaProgramGid(lua_State *L) { return LuaProgramInt(L, ProgramGid); } +static int LuaProgramSslTicketLifetime(lua_State *L) { + return LuaProgramInt(L, ProgramSslTicketLifetime); +} + static noinline int LuaProgramString(lua_State *L, void P(const char *)) { P(luaL_checkstring(L, 1)); return 0; @@ -4696,6 +4819,10 @@ static int LuaProgramLogBodies(lua_State *L) { return LuaProgramBool(L, &logbodies); } +static int LuaEvadeDragnetSurveillance(lua_State *L) { + return LuaProgramBool(L, &evadedragnetsurveillance); +} + static int LuaGetLogLevel(lua_State *L) { lua_pushinteger(L, __log_level); return 1; @@ -5004,126 +5131,128 @@ static bool LuaRun(const char *path) { } static const luaL_Reg kLuaFuncs[] = { - {"Bsf", LuaBsf}, // - {"Bsr", LuaBsr}, // - {"CategorizeIp", LuaCategorizeIp}, // - {"Crc32", LuaCrc32}, // - {"Crc32c", LuaCrc32c}, // - {"DecodeBase64", LuaDecodeBase64}, // - {"DecodeLatin1", LuaDecodeLatin1}, // - {"EncodeBase64", LuaEncodeBase64}, // - {"EncodeLatin1", LuaEncodeLatin1}, // - {"EncodeUrl", LuaEncodeUrl}, // - {"EscapeFragment", LuaEscapeFragment}, // - {"EscapeHost", LuaEscapeHost}, // - {"EscapeHtml", LuaEscapeHtml}, // - {"EscapeIp", LuaEscapeIp}, // - {"EscapeLiteral", LuaEscapeLiteral}, // - {"EscapeParam", LuaEscapeParam}, // - {"EscapePass", LuaEscapePass}, // - {"EscapePath", LuaEscapePath}, // - {"EscapeSegment", LuaEscapeSegment}, // - {"EscapeUser", LuaEscapeUser}, // - {"Fetch", LuaFetch}, // - {"FormatHttpDateTime", LuaFormatHttpDateTime}, // - {"FormatIp", LuaFormatIp}, // - {"GetAssetMode", LuaGetAssetMode}, // - {"GetAssetSize", LuaGetAssetSize}, // - {"GetClientAddr", LuaGetClientAddr}, // - {"GetComment", LuaGetComment}, // - {"GetDate", LuaGetDate}, // - {"GetEffectivePath", LuaGetEffectivePath}, // - {"GetFragment", LuaGetFragment}, // - {"GetHeader", LuaGetHeader}, // - {"GetHeaders", LuaGetHeaders}, // - {"GetHost", LuaGetHost}, // - {"GetHttpReason", LuaGetHttpReason}, // - {"GetLastModifiedTime", LuaGetLastModifiedTime}, // - {"GetLogLevel", LuaGetLogLevel}, // - {"GetMethod", LuaGetMethod}, // - {"GetMonospaceWidth", LuaGetMonospaceWidth}, // - {"GetParam", LuaGetParam}, // - {"GetParams", LuaGetParams}, // - {"GetPass", LuaGetPass}, // - {"GetPath", LuaGetPath}, // - {"GetPayload", LuaGetPayload}, // - {"GetPort", LuaGetPort}, // - {"GetRemoteAddr", LuaGetRemoteAddr}, // - {"GetScheme", LuaGetScheme}, // - {"GetServerAddr", LuaGetServerAddr}, // - {"GetUrl", LuaGetUrl}, // - {"GetUser", LuaGetUser}, // - {"GetVersion", LuaGetVersion}, // - {"GetZipPaths", LuaGetZipPaths}, // - {"HasControlCodes", LuaHasControlCodes}, // - {"HasParam", LuaHasParam}, // - {"HidePath", LuaHidePath}, // - {"IndentLines", LuaIndentLines}, // - {"IsAcceptableHost", LuaIsAcceptableHost}, // - {"IsAcceptablePath", LuaIsAcceptablePath}, // - {"IsAcceptablePort", LuaIsAcceptablePort}, // - {"IsCompressed", LuaIsCompressed}, // - {"IsDaemon", LuaIsDaemon}, // - {"IsHiddenPath", LuaIsHiddenPath}, // - {"IsLoopbackIp", LuaIsLoopbackIp}, // - {"IsPrivateIp", LuaIsPrivateIp}, // - {"IsPublicIp", LuaIsPublicIp}, // - {"IsReasonablePath", LuaIsReasonablePath}, // - {"IsValidHttpToken", LuaIsValidHttpToken}, // - {"LaunchBrowser", LuaLaunchBrowser}, // - {"LoadAsset", LuaLoadAsset}, // - {"Log", LuaLog}, // - {"Md5", LuaMd5}, // - {"ParseHost", LuaParseHost}, // - {"ParseHttpDateTime", LuaParseHttpDateTime}, // - {"ParseIp", LuaParseIp}, // - {"ParseParams", LuaParseParams}, // - {"ParseUrl", LuaParseUrl}, // - {"Popcnt", LuaPopcnt}, // - {"ProgramAddr", LuaProgramAddr}, // - {"ProgramBrand", LuaProgramBrand}, // - {"ProgramCache", LuaProgramCache}, // - {"ProgramCertificate", LuaProgramCertificate}, // - {"ProgramDirectory", LuaProgramDirectory}, // - {"ProgramGid", LuaProgramGid}, // - {"ProgramHeader", LuaProgramHeader}, // - {"ProgramLogBodies", LuaProgramLogBodies}, // - {"ProgramLogMessages", LuaProgramLogMessages}, // - {"ProgramLogPath", LuaProgramLogPath}, // - {"ProgramPidPath", LuaProgramPidPath}, // - {"ProgramPort", LuaProgramPort}, // - {"ProgramPrivateKey", LuaProgramPrivateKey}, // - {"ProgramRedirect", LuaProgramRedirect}, // - {"ProgramSslClientVerify", LuaProgramSslClientVerify}, // - {"ProgramSslFetchVerify", LuaProgramSslFetchVerify}, // - {"ProgramTimeout", LuaProgramTimeout}, // - {"ProgramUid", LuaProgramUid}, // - {"Route", LuaRoute}, // - {"RouteHost", LuaRouteHost}, // - {"RoutePath", LuaRoutePath}, // - {"ServeAsset", LuaServeAsset}, // - {"ServeError", LuaServeError}, // - {"ServeIndex", LuaServeIndex}, // - {"ServeListing", LuaServeListing}, // - {"ServeStatusz", LuaServeStatusz}, // - {"SetHeader", LuaSetHeader}, // - {"SetLogLevel", LuaSetLogLevel}, // - {"SetStatus", LuaSetStatus}, // - {"Sha1", LuaSha1}, // - {"Sha224", LuaSha224}, // - {"Sha256", LuaSha256}, // - {"Sha384", LuaSha384}, // - {"Sha512", LuaSha512}, // - {"Slurp", LuaSlurp}, // - {"StoreAsset", LuaStoreAsset}, // - {"Underlong", LuaUnderlong}, // - {"VisualizeControlCodes", LuaVisualizeControlCodes}, // - {"Write", LuaWrite}, // - {"bsf", LuaBsf}, // - {"bsr", LuaBsr}, // - {"crc32", LuaCrc32}, // - {"crc32c", LuaCrc32c}, // - {"popcnt", LuaPopcnt}, // + {"Bsf", LuaBsf}, // + {"Bsr", LuaBsr}, // + {"CategorizeIp", LuaCategorizeIp}, // + {"Crc32", LuaCrc32}, // + {"Crc32c", LuaCrc32c}, // + {"DecodeBase64", LuaDecodeBase64}, // + {"DecodeLatin1", LuaDecodeLatin1}, // + {"EncodeBase64", LuaEncodeBase64}, // + {"EncodeLatin1", LuaEncodeLatin1}, // + {"EncodeUrl", LuaEncodeUrl}, // + {"EscapeFragment", LuaEscapeFragment}, // + {"EscapeHost", LuaEscapeHost}, // + {"EscapeHtml", LuaEscapeHtml}, // + {"EscapeIp", LuaEscapeIp}, // + {"EscapeLiteral", LuaEscapeLiteral}, // + {"EscapeParam", LuaEscapeParam}, // + {"EscapePass", LuaEscapePass}, // + {"EscapePath", LuaEscapePath}, // + {"EscapeSegment", LuaEscapeSegment}, // + {"EscapeUser", LuaEscapeUser}, // + {"EvadeDragnetSurveillance", LuaEvadeDragnetSurveillance}, // + {"Fetch", LuaFetch}, // + {"FormatHttpDateTime", LuaFormatHttpDateTime}, // + {"FormatIp", LuaFormatIp}, // + {"GetAssetMode", LuaGetAssetMode}, // + {"GetAssetSize", LuaGetAssetSize}, // + {"GetClientAddr", LuaGetClientAddr}, // + {"GetComment", LuaGetComment}, // + {"GetDate", LuaGetDate}, // + {"GetEffectivePath", LuaGetEffectivePath}, // + {"GetFragment", LuaGetFragment}, // + {"GetHeader", LuaGetHeader}, // + {"GetHeaders", LuaGetHeaders}, // + {"GetHost", LuaGetHost}, // + {"GetHttpReason", LuaGetHttpReason}, // + {"GetLastModifiedTime", LuaGetLastModifiedTime}, // + {"GetLogLevel", LuaGetLogLevel}, // + {"GetMethod", LuaGetMethod}, // + {"GetMonospaceWidth", LuaGetMonospaceWidth}, // + {"GetParam", LuaGetParam}, // + {"GetParams", LuaGetParams}, // + {"GetPass", LuaGetPass}, // + {"GetPath", LuaGetPath}, // + {"GetPayload", LuaGetPayload}, // + {"GetPort", LuaGetPort}, // + {"GetRemoteAddr", LuaGetRemoteAddr}, // + {"GetScheme", LuaGetScheme}, // + {"GetServerAddr", LuaGetServerAddr}, // + {"GetUrl", LuaGetUrl}, // + {"GetUser", LuaGetUser}, // + {"GetVersion", LuaGetVersion}, // + {"GetZipPaths", LuaGetZipPaths}, // + {"HasControlCodes", LuaHasControlCodes}, // + {"HasParam", LuaHasParam}, // + {"HidePath", LuaHidePath}, // + {"IndentLines", LuaIndentLines}, // + {"IsAcceptableHost", LuaIsAcceptableHost}, // + {"IsAcceptablePath", LuaIsAcceptablePath}, // + {"IsAcceptablePort", LuaIsAcceptablePort}, // + {"IsCompressed", LuaIsCompressed}, // + {"IsDaemon", LuaIsDaemon}, // + {"IsHiddenPath", LuaIsHiddenPath}, // + {"IsLoopbackIp", LuaIsLoopbackIp}, // + {"IsPrivateIp", LuaIsPrivateIp}, // + {"IsPublicIp", LuaIsPublicIp}, // + {"IsReasonablePath", LuaIsReasonablePath}, // + {"IsValidHttpToken", LuaIsValidHttpToken}, // + {"LaunchBrowser", LuaLaunchBrowser}, // + {"LoadAsset", LuaLoadAsset}, // + {"Log", LuaLog}, // + {"Md5", LuaMd5}, // + {"ParseHost", LuaParseHost}, // + {"ParseHttpDateTime", LuaParseHttpDateTime}, // + {"ParseIp", LuaParseIp}, // + {"ParseParams", LuaParseParams}, // + {"ParseUrl", LuaParseUrl}, // + {"Popcnt", LuaPopcnt}, // + {"ProgramAddr", LuaProgramAddr}, // + {"ProgramBrand", LuaProgramBrand}, // + {"ProgramCache", LuaProgramCache}, // + {"ProgramCertificate", LuaProgramCertificate}, // + {"ProgramDirectory", LuaProgramDirectory}, // + {"ProgramGid", LuaProgramGid}, // + {"ProgramHeader", LuaProgramHeader}, // + {"ProgramLogBodies", LuaProgramLogBodies}, // + {"ProgramLogMessages", LuaProgramLogMessages}, // + {"ProgramLogPath", LuaProgramLogPath}, // + {"ProgramPidPath", LuaProgramPidPath}, // + {"ProgramPort", LuaProgramPort}, // + {"ProgramPrivateKey", LuaProgramPrivateKey}, // + {"ProgramRedirect", LuaProgramRedirect}, // + {"ProgramSslClientVerify", LuaProgramSslClientVerify}, // + {"ProgramSslFetchVerify", LuaProgramSslFetchVerify}, // + {"ProgramSslTicketLifetime", LuaProgramSslTicketLifetime}, // + {"ProgramTimeout", LuaProgramTimeout}, // + {"ProgramUid", LuaProgramUid}, // + {"Route", LuaRoute}, // + {"RouteHost", LuaRouteHost}, // + {"RoutePath", LuaRoutePath}, // + {"ServeAsset", LuaServeAsset}, // + {"ServeError", LuaServeError}, // + {"ServeIndex", LuaServeIndex}, // + {"ServeListing", LuaServeListing}, // + {"ServeStatusz", LuaServeStatusz}, // + {"SetHeader", LuaSetHeader}, // + {"SetLogLevel", LuaSetLogLevel}, // + {"SetStatus", LuaSetStatus}, // + {"Sha1", LuaSha1}, // + {"Sha224", LuaSha224}, // + {"Sha256", LuaSha256}, // + {"Sha384", LuaSha384}, // + {"Sha512", LuaSha512}, // + {"Slurp", LuaSlurp}, // + {"StoreAsset", LuaStoreAsset}, // + {"Underlong", LuaUnderlong}, // + {"VisualizeControlCodes", LuaVisualizeControlCodes}, // + {"Write", LuaWrite}, // + {"bsf", LuaBsf}, // + {"bsr", LuaBsr}, // + {"crc32", LuaCrc32}, // + {"crc32c", LuaCrc32c}, // + {"popcnt", LuaPopcnt}, // }; extern int luaopen_lsqlite3(lua_State *); @@ -5498,7 +5627,7 @@ static char *SynchronizeChunked(void) { return NULL; } -char *SynchronizeStream(void) { +static char *SynchronizeStream(void) { int64_t cl; if (HasHeader(kHttpTransferEncoding) && !HeaderEqualCase(kHttpTransferEncoding, "identity")) { @@ -5945,9 +6074,8 @@ static bool HandleMessage(void) { } } if (loglatency || LOGGABLE(kLogDebug)) { - flogf(kLogDebug, __FILE__, __LINE__, NULL, "%`'.*s latency %,ldµs", - msg.uri.b - msg.uri.a, inbuf.p + msg.uri.a, - (long)((nowl() - startrequest) * 1e6L)); + DEBUGF("%`'.*s latency %,ldµs", msg.uri.b - msg.uri.a, inbuf.p + msg.uri.a, + (long)((nowl() - startrequest) * 1e6L)); } LockInc(&shared->c.messageshandled); ++messageshandled; @@ -6109,6 +6237,7 @@ static void HandleConnection(size_t i) { if (funtrace && !IsTiny()) { ftrace_install(); } + ++traceme; if (hasonworkerstart) { CallSimpleHook("OnWorkerStart"); } @@ -6150,7 +6279,6 @@ static void HandleConnection(size_t i) { usessl = false; reader = read; writer = WritevAll; - LOGF("reset"); mbedtls_ssl_session_reset(&ssl); } #endif @@ -6349,28 +6477,37 @@ static void SigInit(void) { static void TlsInit(void) { #ifndef UNSECURE - mbedtls_ssl_config_defaults( - &conf, MBEDTLS_SSL_IS_SERVER, MBEDTLS_SSL_TRANSPORT_STREAM, - suiteb ? MBEDTLS_SSL_PRESET_SUITEB : MBEDTLS_SSL_PRESET_DEFAULT); - mbedtls_ssl_config_defaults( - &confcli, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, - suiteb ? MBEDTLS_SSL_PRESET_SUITEB : MBEDTLS_SSL_PRESET_DEFAULT); - DCHECK_EQ(0, - mbedtls_ssl_ticket_setup(&ssltick, mbedtls_ctr_drbg_random, &rng, - MBEDTLS_CIPHER_AES_256_GCM, 24 * 60 * 60)); - mbedtls_ssl_conf_session_tickets_cb(&conf, mbedtls_ssl_ticket_write, - mbedtls_ssl_ticket_parse, &ssltick); + int suite; + InitializeRng(&rng); + InitializeRng(&rngcli); + cachain = GetSslRoots(); + suite = suiteb ? MBEDTLS_SSL_PRESET_SUITEB : MBEDTLS_SSL_PRESET_SUITEC; + mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_SERVER, + MBEDTLS_SSL_TRANSPORT_STREAM, suite); + mbedtls_ssl_config_defaults(&confcli, MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_STREAM, suite); + if (sslticketlifetime > 0) { + mbedtls_ssl_ticket_setup(&ssltick, mbedtls_ctr_drbg_random, &rng, + MBEDTLS_CIPHER_AES_256_GCM, sslticketlifetime); + mbedtls_ssl_conf_session_tickets_cb(&conf, mbedtls_ssl_ticket_write, + mbedtls_ssl_ticket_parse, &ssltick); + } LoadCertificates(); + mbedtls_ssl_conf_sni(&conf, TlsRoute, 0); mbedtls_ssl_conf_dbg(&conf, TlsDebug, 0); mbedtls_ssl_conf_dbg(&confcli, TlsDebug, 0); mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &rng); mbedtls_ssl_conf_rng(&confcli, mbedtls_ctr_drbg_random, &rngcli); - mbedtls_ssl_conf_authmode(&conf, sslclientverify ? MBEDTLS_SSL_VERIFY_REQUIRED - : MBEDTLS_SSL_VERIFY_NONE); - mbedtls_ssl_conf_authmode(&confcli, sslfetchverify - ? MBEDTLS_SSL_VERIFY_REQUIRED - : MBEDTLS_SSL_VERIFY_NONE); - mbedtls_ssl_conf_ca_chain(&confcli, (cachain = GetSslRoots()), 0); + if (sslclientverify) { + mbedtls_ssl_conf_ca_chain(&conf, cachain, 0); + mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED); + } + if (sslfetchverify) { + mbedtls_ssl_conf_ca_chain(&confcli, cachain, 0); + mbedtls_ssl_conf_authmode(&confcli, MBEDTLS_SSL_VERIFY_REQUIRED); + } else { + mbedtls_ssl_conf_authmode(&confcli, MBEDTLS_SSL_VERIFY_NONE); + } mbedtls_ssl_set_bio(&ssl, &g_bio, TlsSend, 0, TlsRecv); DCHECK_EQ(0, mbedtls_ssl_conf_alpn_protocols(&conf, kAlpn)); DCHECK_EQ(0, mbedtls_ssl_conf_alpn_protocols(&confcli, kAlpn)); @@ -6390,10 +6527,11 @@ static void TlsDestroy(void) { mbedtls_ssl_config_free(&conf); mbedtls_ssl_config_free(&confcli); mbedtls_ssl_ticket_free(&ssltick); - for (i = 0; i < certs.n; ++i) { - mbedtls_x509_crt_free(certs.p[i].cert); - mbedtls_pk_free(certs.p[i].key); - } + /* TODO(jart): We need to learn more about ownership of this memory. */ + /* for (i = 0; i < certs.n; ++i) { */ + /* mbedtls_x509_crt_free(certs.p[i].cert); */ + /* mbedtls_pk_free(certs.p[i].key); */ + /* } */ free(certs.p), certs.p = 0, certs.n = 0; free(ports.p), ports.p = 0, ports.n = 0; free(ips.p), ips.p = 0, ips.n = 0; @@ -6421,10 +6559,6 @@ static void MemDestroy(void) { } void RedBean(int argc, char *argv[]) { -#ifndef UNSECURE - InitializeRng(&rng); - InitializeRng(&rngcli); -#endif reader = read; writer = WritevAll; gmtoff = GetGmtOffset((lastrefresh = startserver = nowl())); diff --git a/tool/net/wb.c b/tool/net/wb.c new file mode 100644 index 000000000..2ae4cd5d0 --- /dev/null +++ b/tool/net/wb.c @@ -0,0 +1,512 @@ +/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│ +│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│ +╞══════════════════════════════════════════════════════════════════════════════╡ +│ Copyright 2021 Justine Alexandra Roberts Tunney │ +│ │ +│ Permission to use, copy, modify, and/or distribute this software for │ +│ any purpose with or without fee is hereby granted, provided that the │ +│ above copyright notice and this permission notice appear in all copies. │ +│ │ +│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │ +│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │ +│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │ +│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │ +│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │ +│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │ +│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │ +│ PERFORMANCE OF THIS SOFTWARE. │ +╚─────────────────────────────────────────────────────────────────────────────*/ +#include "libc/assert.h" +#include "libc/calls/calls.h" +#include "libc/dns/dns.h" +#include "libc/errno.h" +#include "libc/log/check.h" +#include "libc/log/log.h" +#include "libc/macros.internal.h" +#include "libc/math.h" +#include "libc/mem/mem.h" +#include "libc/rand/rand.h" +#include "libc/runtime/gc.internal.h" +#include "libc/sock/sock.h" +#include "libc/stdio/append.internal.h" +#include "libc/stdio/stdio.h" +#include "libc/str/str.h" +#include "libc/sysv/consts/af.h" +#include "libc/sysv/consts/ex.h" +#include "libc/sysv/consts/exit.h" +#include "libc/sysv/consts/ipproto.h" +#include "libc/sysv/consts/sig.h" +#include "libc/sysv/consts/so.h" +#include "libc/sysv/consts/sock.h" +#include "libc/sysv/consts/sol.h" +#include "libc/sysv/consts/tcp.h" +#include "libc/time/time.h" +#include "libc/x/x.h" +#include "net/http/http.h" +#include "net/http/url.h" +#include "net/https/https.h" +#include "third_party/getopt/getopt.h" +#include "third_party/mbedtls/ctr_drbg.h" +#include "third_party/mbedtls/debug.h" +#include "third_party/mbedtls/error.h" +#include "third_party/mbedtls/ssl.h" + +#define Micros(t) ((int64_t)((t)*1e6)) +#define HasHeader(H) (!!msg.headers[H].a) +#define HeaderData(H) (inbuf.p + msg.headers[H].a) +#define HeaderLength(H) (msg.headers[H].b - msg.headers[H].a) +#define HeaderEqualCase(H, S) \ + SlicesEqualCase(S, strlen(S), HeaderData(H), HeaderLength(H)) + +struct Buffer { + size_t n, c; + char *p; +}; + +struct Headers { + size_t n; + char **p; +} headers; + +bool suiteb; +char *request; +bool isdone; +char *urlarg; +int method = kHttpGet; +bool authmode = MBEDTLS_SSL_VERIFY_NONE; + +char *host; +char *port; +bool usessl; +uint32_t ip; +struct Url url; +struct addrinfo *addr; +struct Buffer inbuf; + +long fetch_count; +long error_count; +long failure_count; +long response_count; +double *latencies; +size_t latencies_n; +size_t latencies_c; +long double start_run; +long double end_run; +long double start_fetch; +long double end_fetch; + +mbedtls_x509_crt *cachain; +mbedtls_ssl_config conf; +mbedtls_ssl_context ssl; +mbedtls_ctr_drbg_context drbg; + +struct addrinfo hints = {.ai_family = AF_INET, + .ai_socktype = SOCK_STREAM, + .ai_protocol = IPPROTO_TCP, + .ai_flags = AI_NUMERICSERV}; + +void OnInt(int sig) { + isdone = true; +} + +static inline bool SlicesEqualCase(const char *a, size_t n, const char *b, + size_t m) { + return n == m && !memcasecmp(a, b, n); +} + +static int GetEntropy(void *c, unsigned char *p, size_t n) { + rngset(p, n, rand64, -1); + return 0; +} + +static bool TuneSocket(int fd, int a, int b, int x) { + if (!b) return false; + return setsockopt(fd, a, b, &x, sizeof(x)) != -1; +} + +static int Socket(int family, int type, int protocol) { + int fd; + if ((fd = socket(family, type, protocol)) != -1) { + /* TuneSocket(fd, SOL_SOCKET, SO_KEEPALIVE, 1); */ + /* if (protocol == SOL_TCP) { */ + /* TuneSocket(fd, SOL_TCP, TCP_KEEPIDLE, 60); */ + /* TuneSocket(fd, SOL_TCP, TCP_KEEPINTVL, 60); */ + /* TuneSocket(fd, SOL_TCP, TCP_FASTOPEN_CONNECT, 1); */ + /* if (!TuneSocket(fd, SOL_TCP, TCP_QUICKACK, 1)) { */ + /* TuneSocket(fd, SOL_TCP, TCP_NODELAY, 1); */ + /* } */ + /* } */ + } + return fd; +} + +static int TlsSend(void *c, const unsigned char *p, size_t n) { + int rc; + if ((rc = write(*(int *)c, p, n)) == -1) { + if (errno == EINTR) { + return MBEDTLS_ERR_SSL_WANT_WRITE; + } else if (errno == EAGAIN) { + return MBEDTLS_ERR_SSL_TIMEOUT; + } else if (errno == EPIPE || errno == ECONNRESET || errno == ENETRESET) { + return MBEDTLS_ERR_NET_CONN_RESET; + } else { + VERBOSEF("tls write() error %s", strerror(errno)); + return MBEDTLS_ERR_NET_RECV_FAILED; + } + } + return rc; +} + +static int TlsRecv(void *c, unsigned char *p, size_t n, uint32_t o) { + int r; + if ((r = read(*(int *)c, p, n)) == -1) { + if (errno == EINTR) { + return MBEDTLS_ERR_SSL_WANT_READ; + } else if (errno == EAGAIN) { + return MBEDTLS_ERR_SSL_TIMEOUT; + } else if (errno == EPIPE || errno == ECONNRESET || errno == ENETRESET) { + return MBEDTLS_ERR_NET_CONN_RESET; + } else { + VERBOSEF("tls read() error %s", strerror(errno)); + return MBEDTLS_ERR_NET_RECV_FAILED; + } + } + return r; +} + +static char *TlsError(int r) { + static char b[128]; + mbedtls_strerror(r, b, sizeof(b)); + return b; +} + +static wontreturn void TlsDie(const char *s, int r) { + if (IsTiny()) { + fprintf(stderr, "error: %s (-0x%04x %s)\n", s, -r, TlsError(r)); + } else { + fprintf(stderr, "error: %s (grep -0x%04x)\n", s, -r); + } + exit(1); +} + +static wontreturn void PrintUsage(FILE *f, int rc) { + fprintf(f, "usage: %s [-ksvV] URL\n", program_invocation_name); + exit(rc); +} + +int fetch(void) { + char *p; + int status; + ssize_t rc; + const char *body; + int t, ret, sock; + struct TlsBio *bio; + struct HttpMessage msg; + struct HttpUnchunker u; + size_t urlarglen, requestlen; + size_t g, i, n, hdrsize, paylen; + + /* + * Setup crypto. + */ + if (usessl) { + -mbedtls_ssl_session_reset(&ssl); + CHECK_EQ(0, mbedtls_ssl_set_hostname(&ssl, host)); + } + + /* + * Connect to server. + */ + InitHttpMessage(&msg, kHttpResponse); + ip = ntohl(((struct sockaddr_in *)addr->ai_addr)->sin_addr.s_addr); + CHECK_NE(-1, (sock = Socket(addr->ai_family, addr->ai_socktype, + addr->ai_protocol))); + if (connect(sock, addr->ai_addr, addr->ai_addrlen) == -1) { + goto TransportError; + } + if (usessl) { + mbedtls_ssl_set_bio(&ssl, &sock, TlsSend, 0, TlsRecv); + if ((ret = mbedtls_ssl_handshake(&ssl))) { + goto TransportError; + } + } + +SendAnother: + + /* + * Send HTTP Message. + */ + n = appendz(request).i; + if (usessl) { + ret = mbedtls_ssl_write(&ssl, request, n); + if (ret != n) goto TransportError; + } else if (write(sock, request, n) != n) { + goto TransportError; + } + + /* + * Handle response. + */ + InitHttpMessage(&msg, kHttpResponse); + for (hdrsize = paylen = t = 0;;) { + if (inbuf.n == inbuf.c) { + inbuf.c += 1000; + inbuf.c += inbuf.c >> 1; + inbuf.p = realloc(inbuf.p, inbuf.c); + } + if (usessl) { + if ((rc = mbedtls_ssl_read(&ssl, inbuf.p + inbuf.n, inbuf.c - inbuf.n)) < + 0) { + if (rc == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) { + rc = 0; + } else { + goto TransportError; + } + } + } else if ((rc = read(sock, inbuf.p + inbuf.n, inbuf.c - inbuf.n)) == -1) { + goto TransportError; + } + g = rc; + inbuf.n += g; + switch (t) { + case kHttpClientStateHeaders: + if (!g) goto TransportError; + rc = ParseHttpMessage(&msg, inbuf.p, inbuf.n); + if (rc == -1) goto TransportError; + if (rc) { + hdrsize = rc; + if (100 <= msg.status && msg.status <= 199) { + if ((HasHeader(kHttpContentLength) && + !HeaderEqualCase(kHttpContentLength, "0")) || + (HasHeader(kHttpTransferEncoding) && + !HeaderEqualCase(kHttpTransferEncoding, "identity"))) { + goto TransportError; + } + DestroyHttpMessage(&msg); + InitHttpMessage(&msg, kHttpResponse); + memmove(inbuf.p, inbuf.p + hdrsize, inbuf.n - hdrsize); + inbuf.n -= hdrsize; + break; + } + if (msg.status == 204 || msg.status == 304) { + goto Finished; + } + if (HasHeader(kHttpTransferEncoding) && + !HeaderEqualCase(kHttpTransferEncoding, "identity")) { + if (HeaderEqualCase(kHttpTransferEncoding, "chunked")) { + t = kHttpClientStateBodyChunked; + memset(&u, 0, sizeof(u)); + goto Chunked; + } else { + goto TransportError; + } + } else if (HasHeader(kHttpContentLength)) { + rc = ParseContentLength(HeaderData(kHttpContentLength), + HeaderLength(kHttpContentLength)); + if (rc == -1) goto TransportError; + if ((paylen = rc) <= inbuf.n - hdrsize) { + goto Finished; + } else { + t = kHttpClientStateBodyLengthed; + } + } else { + t = kHttpClientStateBody; + } + } + break; + case kHttpClientStateBody: + if (!g) { + paylen = inbuf.n; + goto Finished; + } + break; + case kHttpClientStateBodyLengthed: + if (!g) goto TransportError; + if (inbuf.n - hdrsize >= paylen) goto Finished; + break; + case kHttpClientStateBodyChunked: + Chunked: + rc = Unchunk(&u, inbuf.p + hdrsize, inbuf.n - hdrsize, &paylen); + if (rc == -1) goto TransportError; + if (rc) goto Finished; + break; + default: + unreachable; + } + } + +Finished: + status = msg.status; + DestroyHttpMessage(&msg); + if (!isdone && status == 200) { + long double now = nowl(); + end_fetch = now; + ++response_count; + latencies = realloc(latencies, ++latencies_n * sizeof(*latencies)); + latencies[latencies_n - 1] = end_fetch - start_fetch; + ++fetch_count; + start_fetch = now; + goto SendAnother; + } + close(sock); + return status; +TransportError: + close(sock); + DestroyHttpMessage(&msg); + return 900; +} + +int main(int argc, char *argv[]) { + xsigaction(SIGPIPE, SIG_IGN, 0, 0, 0); + xsigaction(SIGINT, OnInt, 0, 0, 0); + + /* + * Read flags. + */ + int opt; + __log_level = kLogWarn; + while ((opt = getopt(argc, argv, "BqksvIX:H:")) != -1) { + switch (opt) { + case 's': + case 'q': + break; + case 'B': + suiteb = true; + break; + case 'v': + ++__log_level; + break; + case 'I': + method = kHttpHead; + break; + case 'H': + headers.p = realloc(headers.p, ++headers.n * sizeof(*headers.p)); + headers.p[headers.n - 1] = optarg; + break; + case 'X': + CHECK((method = GetHttpMethod(optarg, strlen(optarg)))); + break; + case 'k': + authmode = MBEDTLS_SSL_VERIFY_REQUIRED; + break; + case 'h': + PrintUsage(stdout, EXIT_SUCCESS); + default: + PrintUsage(stderr, EX_USAGE); + } + } + + if (optind == argc) PrintUsage(stdout, EXIT_SUCCESS); + urlarg = argv[optind]; + cachain = GetSslRoots(); + + /* + * Parse URL. + */ + gc(ParseUrl(urlarg, -1, &url)); + gc(url.params.p); + usessl = false; + if (url.scheme.n) { + if (url.scheme.n == 5 && !memcasecmp(url.scheme.p, "https", 5)) { + usessl = true; + } else if (!(url.scheme.n == 4 && !memcasecmp(url.scheme.p, "http", 4))) { + FATALF("bad scheme"); + } + } + if (url.host.n) { + host = gc(strndup(url.host.p, url.host.n)); + if (url.port.n) { + port = gc(strndup(url.port.p, url.port.n)); + } else { + port = usessl ? "443" : "80"; + } + } else { + host = "127.0.0.1"; + port = "80"; + } + CHECK(IsAcceptableHost(host, -1)); + url.fragment.p = 0, url.fragment.n = 0; + url.scheme.p = 0, url.scheme.n = 0; + url.user.p = 0, url.user.n = 0; + url.pass.p = 0, url.pass.n = 0; + url.host.p = 0, url.host.n = 0; + url.port.p = 0, url.port.n = 0; + if (!url.path.n || url.path.p[0] != '/') { + char *p = gc(xmalloc(1 + url.path.n)); + mempcpy(mempcpy(p, "/", 1), url.path.p, url.path.n); + url.path.p = p; + ++url.path.n; + } + + /* + * Create HTTP message. + */ + appendf(&request, + "%s %s HTTP/1.1\r\n" + "Host: %s:%s\r\n", + kHttpMethod[method], _gc(EncodeUrl(&url, 0)), host, port); + for (int i = 0; i < headers.n; ++i) { + appendf(&request, "%s\r\n", headers.p[i]); + } + appendf(&request, "\r\n"); + + /* + * Perform DNS lookup. + */ + int rc; + if ((rc = getaddrinfo(host, port, &hints, &addr)) != EAI_SUCCESS) { + FATALF("getaddrinfo(%s:%s) failed", host, port); + } + + /* + * Setup SSL crypto. + */ + mbedtls_ssl_init(&ssl); + mbedtls_ctr_drbg_init(&drbg); + mbedtls_ssl_config_init(&conf); + CHECK_EQ(0, mbedtls_ctr_drbg_seed(&drbg, GetEntropy, 0, "justine", 7)); + CHECK_EQ(0, + mbedtls_ssl_config_defaults( + &conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, + suiteb ? MBEDTLS_SSL_PRESET_SUITEB : MBEDTLS_SSL_PRESET_SUITEC)); + mbedtls_ssl_conf_authmode(&conf, authmode); + mbedtls_ssl_conf_ca_chain(&conf, cachain, 0); + mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &drbg); + CHECK_EQ(0, mbedtls_ssl_setup(&ssl, &conf)); + + int status; + latencies_c = 1024; + latencies = malloc(latencies_c * sizeof(*latencies)); + start_run = nowl(); + while (!isdone) { + ++fetch_count; + start_fetch = nowl(); + status = fetch(); + end_fetch = nowl(); + if (status == 200) { + ++response_count; + latencies = realloc(latencies, ++latencies_n * sizeof(*latencies)); + latencies[latencies_n - 1] = end_fetch - start_fetch; + } else if (status == 900) { + ++failure_count; + } else { + ++error_count; + } + } + end_run = nowl(); + + double latencies_sum = fsum(latencies, latencies_n); + double avg_latency = latencies_sum / response_count; + + printf("\n"); + printf("run time: %,ldµs\n", Micros(end_run - start_run)); + printf("per second: %,ld\n", + (int64_t)(response_count / (end_run - start_run))); + printf("avg latency: %,ldµs\n", Micros(avg_latency)); + printf("response count: %,ld\n", response_count); + printf("fetch count: %,ld\n", fetch_count - failure_count); + printf("error count: %,ld (non-200 responses)\n", error_count); + printf("failure count: %,ld (transport error)\n", failure_count); + + return 0; +}