mirror of
https://github.com/jart/cosmopolitan.git
synced 2025-02-07 06:53:33 +00:00
Restore Referer-Policy and wrap up MbedTLS changes
redbean will now set Referer-Policy to no-referrer-when-downgrade on text/html responses by default. There's better explanations on the bits of security redbean is offering. In short, it's 128+ for modern clients and 112+ for legacy. If the -B flag is used then it's 192+ for modern and 150+ for non-EC.
This commit is contained in:
Justine Tunney
parent
344d2dc356
commit
df8ab0aa0c
32 changed files with 679 additions and 663 deletions
|
|
@ -87,6 +87,14 @@ uint64_t knuth(void) {
|
|||
return a | b << 32;
|
||||
}
|
||||
|
||||
uint64_t vigna(void) {
|
||||
static uint64_t x;
|
||||
uint64_t z = (x += 0x9e3779b97f4a7c15);
|
||||
z = (z ^ (z >> 30)) * 0xbf58476d1ce4e5b9;
|
||||
z = (z ^ (z >> 27)) * 0x94d049bb133111eb;
|
||||
return z ^ (z >> 31);
|
||||
}
|
||||
|
||||
uint64_t libc(void) {
|
||||
uint64_t x;
|
||||
CHECK_EQ(8, getrandom(&x, 8, 0));
|
||||
|
|
@ -156,6 +164,7 @@ const struct Function {
|
|||
{"rdseed", rdseed}, //
|
||||
{"unixv6", unixv6}, //
|
||||
{"unixv7", unixv7}, //
|
||||
{"vigna", vigna}, //
|
||||
{"zero", zero}, //
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,9 @@
|
|||
#ifndef COSMOPOLITAN_LIBC_STDIO_APPEND_INTERNAL_H_
|
||||
#define COSMOPOLITAN_LIBC_STDIO_APPEND_INTERNAL_H_
|
||||
#include "libc/fmt/pflink.h"
|
||||
|
||||
#define APPEND_COOKIE 21578
|
||||
|
||||
#if !(__ASSEMBLER__ + __LINKER__ + 0)
|
||||
COSMOPOLITAN_C_START_
|
||||
|
||||
|
|
@ -13,6 +16,7 @@ int appendf(char **, const char *, ...);
|
|||
int vappendf(char **, const char *, va_list);
|
||||
int appends(char **, const char *);
|
||||
int appendd(char **, const void *, size_t);
|
||||
int appendw(char **, uint64_t);
|
||||
struct appendz appendz(char *);
|
||||
|
||||
#if defined(__GNUC__) && !defined(__STRICT_ANSI__)
|
||||
|
|
|
|||
|
|
@ -44,7 +44,7 @@ int appendd(char **b, const void *s, size_t l) {
|
|||
return -1;
|
||||
}
|
||||
}
|
||||
memcpy(p + z.i, s, l + 1);
|
||||
*(char *)mempcpy(p + z.i, s, l) = 0;
|
||||
z.i += l;
|
||||
if (!IsTiny() && W == 8) {
|
||||
z.i |= (size_t)APPEND_COOKIE << 48;
|
||||
|
|
|
|||
33
libc/stdio/appendw.c
Normal file
33
libc/stdio/appendw.c
Normal file
|
|
@ -0,0 +1,33 @@
|
|||
/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│
|
||||
│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│
|
||||
╞══════════════════════════════════════════════════════════════════════════════╡
|
||||
│ Copyright 2021 Justine Alexandra Roberts Tunney │
|
||||
│ │
|
||||
│ Permission to use, copy, modify, and/or distribute this software for │
|
||||
│ any purpose with or without fee is hereby granted, provided that the │
|
||||
│ above copyright notice and this permission notice appear in all copies. │
|
||||
│ │
|
||||
│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │
|
||||
│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │
|
||||
│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │
|
||||
│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │
|
||||
│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │
|
||||
│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │
|
||||
│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │
|
||||
│ PERFORMANCE OF THIS SOFTWARE. │
|
||||
╚─────────────────────────────────────────────────────────────────────────────*/
|
||||
#include "libc/bits/bits.h"
|
||||
#include "libc/nexgen32e/bsr.h"
|
||||
#include "libc/stdio/append.internal.h"
|
||||
#include "libc/stdio/stdio.h"
|
||||
|
||||
/**
|
||||
* Appends string to buffer.
|
||||
*/
|
||||
int appendw(char **b, uint64_t w) {
|
||||
char t[8];
|
||||
unsigned l;
|
||||
if (!w) return 0;
|
||||
WRITE64LE(t, w);
|
||||
return appendd(b, t, (bsrl(w) >> 3) + 1);
|
||||
}
|
||||
|
|
@ -1114,49 +1114,3 @@ BENCH(cmpint, bench) {
|
|||
EZBENCH2("cmpint 3.1", donothing, mbedtls_mpi_cmp_int(&z, 0));
|
||||
EZBENCH2("cmpint 3.2", donothing, mbedtls_mpi_cmp_int(&z, 1));
|
||||
}
|
||||
|
||||
mbedtls_mpi_uint F1(mbedtls_mpi_uint *d, const mbedtls_mpi_uint *a,
|
||||
const mbedtls_mpi_uint *b, size_t n) {
|
||||
size_t i;
|
||||
unsigned char cf;
|
||||
mbedtls_mpi_uint c, x;
|
||||
cf = c = i = 0;
|
||||
for (; i < n; ++i) SBB(d[i], a[i], b[i], c, c);
|
||||
return c;
|
||||
}
|
||||
|
||||
mbedtls_mpi_uint F2(mbedtls_mpi_uint *d, const mbedtls_mpi_uint *a,
|
||||
const mbedtls_mpi_uint *b, size_t n) {
|
||||
size_t i;
|
||||
unsigned char cf;
|
||||
mbedtls_mpi_uint c, x;
|
||||
cf = c = i = 0;
|
||||
asm volatile("xor\t%1,%1\n\t"
|
||||
".align\t16\n1:\t"
|
||||
"mov\t(%5,%3,8),%1\n\t"
|
||||
"sbb\t(%6,%3,8),%1\n\t"
|
||||
"mov\t%1,(%4,%3,8)\n\t"
|
||||
"lea\t1(%3),%3\n\t"
|
||||
"dec\t%2\n\t"
|
||||
"jnz\t1b"
|
||||
: "=@ccb"(cf), "=&r"(x), "+c"(n), "=r"(i)
|
||||
: "r"(d), "r"(a), "r"(b), "3"(0)
|
||||
: "cc", "memory");
|
||||
return cf;
|
||||
}
|
||||
|
||||
TEST(wut, wut) {
|
||||
uint64_t A[8];
|
||||
uint64_t B[8];
|
||||
uint64_t C[8];
|
||||
uint64_t D[8];
|
||||
int i;
|
||||
for (i = 0; i < 1000; ++i) {
|
||||
rngset(A, sizeof(A), rand64, -1);
|
||||
rngset(B, sizeof(B), rand64, -1);
|
||||
int x = F1(C, A, B, 8);
|
||||
int y = F2(D, A, B, 8);
|
||||
ASSERT_EQ(x, y);
|
||||
ASSERT_EQ(0, memcmp(C, D, sizeof(C)));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
3
third_party/mbedtls/README.cosmo
vendored
3
third_party/mbedtls/README.cosmo
vendored
|
|
@ -14,6 +14,9 @@ LICENSE
|
|||
|
||||
LOCAL CHANGES
|
||||
|
||||
- Strengthened server against DOS by removing expensive protections
|
||||
for old Internet Explorer against Lucky Thirteen timing attacks.
|
||||
|
||||
- Reduce build+test latency from 15 seconds to 5 seconds.
|
||||
|
||||
- Features have been added that enable this library to produce SSL
|
||||
|
|
|
|||
1
third_party/mbedtls/aes.c
vendored
1
third_party/mbedtls/aes.c
vendored
|
|
@ -34,6 +34,7 @@ asm(".include \"libc/disclaimer.inc\"");
|
|||
* @fileoverview FIPS-197 compliant AES implementation
|
||||
*
|
||||
* The AES block cipher was designed by Vincent Rijmen and Joan Daemen.
|
||||
* The true name of this algorithm is Rijndael.
|
||||
*
|
||||
* @see http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf
|
||||
* @see http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
|
||||
|
|
|
|||
184
third_party/mbedtls/bigmul.c
vendored
184
third_party/mbedtls/bigmul.c
vendored
|
|
@ -43,50 +43,64 @@ void mbedtls_mpi_mul_hlp1(size_t n, const uint64_t *s, uint64_t *d, uint64_t b)
|
|||
{
|
||||
size_t i;
|
||||
uint128_t x;
|
||||
uint64_t c, t;
|
||||
uint64_t c, t, t1, t2;
|
||||
i = c = 0;
|
||||
#ifdef __x86_64__
|
||||
#define MULXADOX(i) \
|
||||
"mulx\t" #i "*8(%2),%%rax,%%r9\n\t" \
|
||||
"adox\t%0,%%rax\n\t" \
|
||||
"mov\t%%rax," #i "*8(%1)\n\t" \
|
||||
"mov\t%%r9,%0\n\t"
|
||||
if (X86_HAVE(BMI2) && X86_HAVE(ADX))
|
||||
if( X86_HAVE(BMI2) )
|
||||
{
|
||||
for (; n >= 8; n -= 8, s += 8, d += 8)
|
||||
for( ; i + 8 <= n; i += 8 )
|
||||
{
|
||||
asm volatile("xor\t%%r8d,%%r8d\n\t" //
|
||||
MULXADOX(0) //
|
||||
MULXADOX(1) //
|
||||
MULXADOX(2) //
|
||||
MULXADOX(3) //
|
||||
MULXADOX(4) //
|
||||
MULXADOX(5) //
|
||||
MULXADOX(6) //
|
||||
MULXADOX(7) //
|
||||
"adcx\t%%r8,%0\n" //
|
||||
"adox\t%%r8,%0" //
|
||||
asm volatile("mulx\t(%2),%%rax,%%rbx\n\t"
|
||||
"add\t%0,%%rax\n\t"
|
||||
"mov\t%%rax,(%1)\n\t"
|
||||
"mulx\t8(%2),%%rax,%0\n\t"
|
||||
"adc\t%%rbx,%%rax\n\t"
|
||||
"mov\t%%rax,8(%1)\n\t"
|
||||
"mulx\t16(%2),%%rax,%%rbx\n\t"
|
||||
"adc\t%0,%%rax\n\t"
|
||||
"mov\t%%rax,16(%1)\n\t"
|
||||
"mulx\t24(%2),%%rax,%0\n\t"
|
||||
"adc\t%%rbx,%%rax\n\t"
|
||||
"mov\t%%rax,24(%1)\n\t"
|
||||
"mulx\t32(%2),%%rax,%%rbx\n\t"
|
||||
"adc\t%0,%%rax\n\t"
|
||||
"mov\t%%rax,32(%1)\n\t"
|
||||
"mulx\t40(%2),%%rax,%0\n\t"
|
||||
"adc\t%%rbx,%%rax\n\t"
|
||||
"mov\t%%rax,40(%1)\n\t"
|
||||
"mulx\t48(%2),%%rax,%%rbx\n\t"
|
||||
"adc\t%0,%%rax\n\t"
|
||||
"mov\t%%rax,48(%1)\n\t"
|
||||
"mulx\t56(%2),%%rax,%0\n\t"
|
||||
"adc\t%%rbx,%%rax\n\t"
|
||||
"mov\t%%rax,56(%1)\n\t"
|
||||
"adc\t$0,%0"
|
||||
: "+r"(c)
|
||||
: "r"(d), "S"(s), "d"(b)
|
||||
: "rax", "r8", "r9", "memory", "cc");
|
||||
: "r"(d + i), "r"(s + i), "d"(b)
|
||||
: "rax", "rbx", "memory", "cc");
|
||||
}
|
||||
for (; n >= 4; n -= 4, s += 4, d += 4)
|
||||
for( ; i + 4 <= n; i += 4 )
|
||||
{
|
||||
asm volatile("xor\t%%r8d,%%r8d\n\t" //
|
||||
MULXADOX(0) //
|
||||
MULXADOX(1) //
|
||||
MULXADOX(2) //
|
||||
MULXADOX(3) //
|
||||
"adcx\t%%r8,%0\n" //
|
||||
"adox\t%%r8,%0" //
|
||||
asm volatile("mulx\t(%2),%%rax,%%rbx\n\t"
|
||||
"add\t%0,%%rax\n\t"
|
||||
"mov\t%%rax,(%1)\n\t"
|
||||
"mulx\t8(%2),%%rax,%0\n\t"
|
||||
"adc\t%%rbx,%%rax\n\t"
|
||||
"mov\t%%rax,8(%1)\n\t"
|
||||
"mulx\t16(%2),%%rax,%%rbx\n\t"
|
||||
"adc\t%0,%%rax\n\t"
|
||||
"mov\t%%rax,16(%1)\n\t"
|
||||
"mulx\t24(%2),%%rax,%0\n\t"
|
||||
"adc\t%%rbx,%%rax\n\t"
|
||||
"mov\t%%rax,24(%1)\n\t"
|
||||
"adc\t$0,%0"
|
||||
: "+r"(c)
|
||||
: "r"(d), "S"(s), "d"(b)
|
||||
: "rax", "r8", "r9", "memory", "cc");
|
||||
: "r"(d + i), "r"(s + i), "d"(b)
|
||||
: "rax", "rbx", "memory", "cc");
|
||||
}
|
||||
}
|
||||
#undef MULXADOX
|
||||
#endif
|
||||
for (; i < n; ++i)
|
||||
for( ; i < n; ++i )
|
||||
{
|
||||
x = s[i];
|
||||
x *= b;
|
||||
|
|
@ -107,49 +121,77 @@ void mbedtls_mpi_mul_hlp(size_t n, uint64_t *s, uint64_t *d, uint64_t b)
|
|||
uint64_t c, l, h, t;
|
||||
i = c = 0;
|
||||
#ifdef __x86_64__
|
||||
#define MULADDC(i) \
|
||||
"mulx\t" #i "*8(%2),%%rax,%%r9\n\t" \
|
||||
"adcx\t" #i "*8(%1),%%rax\n\t" \
|
||||
"adox\t%0,%%rax\n\t" \
|
||||
"mov\t%%rax," #i "*8(%1)\n\t" \
|
||||
"mov\t%%r9,%0\n\t"
|
||||
if (X86_HAVE(BMI2) && X86_HAVE(ADX))
|
||||
{
|
||||
for (; n >= 8; n -= 8, s += 8, d += 8)
|
||||
for( ; i + 8 <= n; i += 8 )
|
||||
{
|
||||
asm volatile("xor\t%%r8d,%%r8d\n\t" //
|
||||
MULADDC(0) //
|
||||
MULADDC(1) //
|
||||
MULADDC(2) //
|
||||
MULADDC(3) //
|
||||
MULADDC(4) //
|
||||
MULADDC(5) //
|
||||
MULADDC(6) //
|
||||
MULADDC(7) //
|
||||
"adcx\t%%r8,%0\n" //
|
||||
"adox\t%%r8,%0" //
|
||||
asm volatile("xor\t%%r8d,%%r8d\n\t"
|
||||
"mulx\t(%2),%%rax,%%rbx\n\t"
|
||||
"adcx\t(%1),%%rax\n\t"
|
||||
"adox\t%0,%%rax\n\t"
|
||||
"mov\t%%rax,(%1)\n\t"
|
||||
"mulx\t8(%2),%%rax,%0\n\t"
|
||||
"adcx\t8(%1),%%rax\n\t"
|
||||
"adox\t%%rbx,%%rax\n\t"
|
||||
"mov\t%%rax,8(%1)\n\t"
|
||||
"mulx\t16(%2),%%rax,%%rbx\n\t"
|
||||
"adcx\t16(%1),%%rax\n\t"
|
||||
"adox\t%0,%%rax\n\t"
|
||||
"mov\t%%rax,16(%1)\n\t"
|
||||
"mulx\t24(%2),%%rax,%0\n\t"
|
||||
"adcx\t24(%1),%%rax\n\t"
|
||||
"adox\t%%rbx,%%rax\n\t"
|
||||
"mov\t%%rax,24(%1)\n\t"
|
||||
"mulx\t32(%2),%%rax,%%rbx\n\t"
|
||||
"adcx\t32(%1),%%rax\n\t"
|
||||
"adox\t%0,%%rax\n\t"
|
||||
"mov\t%%rax,32(%1)\n\t"
|
||||
"mulx\t40(%2),%%rax,%0\n\t"
|
||||
"adcx\t40(%1),%%rax\n\t"
|
||||
"adox\t%%rbx,%%rax\n\t"
|
||||
"mov\t%%rax,40(%1)\n\t"
|
||||
"mulx\t48(%2),%%rax,%%rbx\n\t"
|
||||
"adcx\t48(%1),%%rax\n\t"
|
||||
"adox\t%0,%%rax\n\t"
|
||||
"mov\t%%rax,48(%1)\n\t"
|
||||
"mulx\t56(%2),%%rax,%0\n\t"
|
||||
"adcx\t56(%1),%%rax\n\t"
|
||||
"adox\t%%rbx,%%rax\n\t"
|
||||
"mov\t%%rax,56(%1)\n\t"
|
||||
"adcx\t%%r8,%0\n\t"
|
||||
"adox\t%%r8,%0"
|
||||
: "+r"(c)
|
||||
: "r"(d), "S"(s), "d"(b)
|
||||
: "rax", "r8", "r9", "memory", "cc");
|
||||
: "r"(d + i), "r"(s + i), "d"(b)
|
||||
: "rax", "rbx", "r8", "memory", "cc");
|
||||
}
|
||||
|
||||
for (; n >= 4; n -= 4, s += 4, d += 4)
|
||||
for( ; i + 4 <= n; i += 4 )
|
||||
{
|
||||
asm volatile("xor\t%%r8d,%%r8d\n\t" //
|
||||
MULADDC(0) //
|
||||
MULADDC(1) //
|
||||
MULADDC(2) //
|
||||
MULADDC(3) //
|
||||
"adcx\t%%r8,%0\n" //
|
||||
"adox\t%%r8,%0" //
|
||||
asm volatile("xor\t%%r8d,%%r8d\n\t"
|
||||
"mulx\t(%2),%%rax,%%rbx\n\t"
|
||||
"adcx\t(%1),%%rax\n\t"
|
||||
"adox\t%0,%%rax\n\t"
|
||||
"mov\t%%rax,(%1)\n\t"
|
||||
"mulx\t8(%2),%%rax,%0\n\t"
|
||||
"adcx\t8(%1),%%rax\n\t"
|
||||
"adox\t%%rbx,%%rax\n\t"
|
||||
"mov\t%%rax,8(%1)\n\t"
|
||||
"mulx\t16(%2),%%rax,%%rbx\n\t"
|
||||
"adcx\t16(%1),%%rax\n\t"
|
||||
"adox\t%0,%%rax\n\t"
|
||||
"mov\t%%rax,16(%1)\n\t"
|
||||
"mulx\t24(%2),%%rax,%0\n\t"
|
||||
"adcx\t24(%1),%%rax\n\t"
|
||||
"adox\t%%rbx,%%rax\n\t"
|
||||
"mov\t%%rax,24(%1)\n\t"
|
||||
"adcx\t%%r8,%0\n\t"
|
||||
"adox\t%%r8,%0"
|
||||
: "+r"(c)
|
||||
: "r"(d), "S"(s), "d"(b)
|
||||
: "rax", "r8", "r9", "memory", "cc");
|
||||
: "r"(d + i), "r"(s + i), "d"(b)
|
||||
: "rax", "rbx", "r8", "memory", "cc");
|
||||
}
|
||||
}
|
||||
#undef MULADDC
|
||||
#endif
|
||||
for (; i < n; ++i)
|
||||
for( ; i < n; ++i )
|
||||
{
|
||||
x = s[i];
|
||||
x *= b;
|
||||
|
|
@ -222,20 +264,22 @@ int mbedtls_mpi_mul_mpi(mbedtls_mpi *X, const mbedtls_mpi *A,
|
|||
j = t;
|
||||
|
||||
if (!IsTiny() && j == 1) {
|
||||
if (X->n < i + 1)
|
||||
if (X->n < i + 1) {
|
||||
if ((ret = mbedtls_mpi_grow(X, i + 1))) return ret;
|
||||
else if (X->n > i + 1)
|
||||
} else if (X->n > i + 1) {
|
||||
mbedtls_platform_zeroize(X->p + i + 1, (X->n - (i + 1)) * ciL);
|
||||
}
|
||||
mbedtls_mpi_mul_hlp1(i, A->p, X->p, B->p[0]);
|
||||
X->s = A->s * B->s;
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!IsTiny() && i == j) {
|
||||
if (X->n < i * 2)
|
||||
if (X->n < i * 2) {
|
||||
if ((ret = mbedtls_mpi_grow(X, i * 2))) return ret;
|
||||
else if (X->n > i * 2)
|
||||
} else if (X->n > i * 2) {
|
||||
mbedtls_platform_zeroize(X->p + i * 2, (X->n - (i * 2)) * ciL);
|
||||
}
|
||||
if (i == 4) {
|
||||
Mul4x4(X->p, A->p, B->p);
|
||||
X->s = A->s * B->s;
|
||||
|
|
|
|||
2
third_party/mbedtls/bignum.c
vendored
2
third_party/mbedtls/bignum.c
vendored
|
|
@ -65,7 +65,7 @@ asm(".include \"libc/disclaimer.inc\"");
|
|||
#if defined(MBEDTLS_BIGNUM_C)
|
||||
|
||||
/* Implementation that should never be optimized out by the compiler */
|
||||
static void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n )
|
||||
static inline void mbedtls_mpi_zeroize( mbedtls_mpi_uint *v, size_t n )
|
||||
{
|
||||
mbedtls_platform_zeroize( v, ciL * n );
|
||||
}
|
||||
|
|
|
|||
8
third_party/mbedtls/config.h
vendored
8
third_party/mbedtls/config.h
vendored
|
|
@ -78,18 +78,18 @@
|
|||
|
||||
/* eliptic curves */
|
||||
#ifndef TINY
|
||||
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
|
||||
#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
#define MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||
#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
/*#define MBEDTLS_ECP_DP_SECP521R1_ENABLED*/
|
||||
/*#define MBEDTLS_ECP_DP_BP384R1_ENABLED*/
|
||||
/*#define MBEDTLS_ECP_DP_SECP192R1_ENABLED*/
|
||||
/*#define MBEDTLS_ECP_DP_SECP224R1_ENABLED*/
|
||||
/*#define MBEDTLS_ECP_DP_SECP192K1_ENABLED*/
|
||||
/*#define MBEDTLS_ECP_DP_SECP224K1_ENABLED*/
|
||||
/*#define MBEDTLS_ECP_DP_SECP256K1_ENABLED*/
|
||||
/*#define MBEDTLS_ECP_DP_BP256R1_ENABLED*/
|
||||
/*#define MBEDTLS_ECP_DP_BP384R1_ENABLED*/
|
||||
/*#define MBEDTLS_ECP_DP_BP512R1_ENABLED*/
|
||||
#endif
|
||||
|
||||
|
|
|
|||
1
third_party/mbedtls/des.c
vendored
1
third_party/mbedtls/des.c
vendored
|
|
@ -34,6 +34,7 @@ asm(".include \"libc/disclaimer.inc\"");
|
|||
*
|
||||
* DES, on which TDES is based, was originally designed by Horst Feistel
|
||||
* at IBM in 1974, and was adopted as a standard by NIST (formerly NBS).
|
||||
* NIST calls this DEA. The true name of this algorithm is Lucifer.
|
||||
*
|
||||
* http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf
|
||||
*/
|
||||
|
|
|
|||
25
third_party/mbedtls/ecp.c
vendored
25
third_party/mbedtls/ecp.c
vendored
|
|
@ -504,12 +504,25 @@ int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp,
|
|||
* - size in bits
|
||||
* - readable name
|
||||
*
|
||||
* ELLIPTIC CURVES 101
|
||||
*
|
||||
* CURVE SECURITY RECOMMENDED BY
|
||||
* ---------- --------- --------------------------------
|
||||
* SECP256R1 128 IANA, NIST, FRANCE, GERMANY
|
||||
* SECP384R1 192 IANA, NIST, FRANCE, GERMANY, NSA
|
||||
* X25519 112-128 IANA
|
||||
* X448 224 IANA
|
||||
* BP384R1 GERMANY
|
||||
* SECP521R1 FRANCE
|
||||
* GC512A RUSSIA
|
||||
* SM2 CHINA
|
||||
*
|
||||
* Reminder: update profiles in x509_crt.c when adding a new curves!
|
||||
*/
|
||||
static const mbedtls_ecp_curve_info ecp_supported_curves[] =
|
||||
{
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
|
||||
{ MBEDTLS_ECP_DP_CURVE25519, 29, 256, "x25519" },
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
||||
{ MBEDTLS_ECP_DP_SECP256R1, 23, 256, "secp256r1" },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
|
||||
{ MBEDTLS_ECP_DP_SECP384R1, 24, 384, "secp384r1" },
|
||||
|
|
@ -517,8 +530,8 @@ static const mbedtls_ecp_curve_info ecp_supported_curves[] =
|
|||
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
|
||||
{ MBEDTLS_ECP_DP_CURVE448, 30, 448, "x448" },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
||||
{ MBEDTLS_ECP_DP_SECP256R1, 23, 256, "secp256r1" },
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
|
||||
{ MBEDTLS_ECP_DP_CURVE25519, 29, 256, "x25519" },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
|
||||
{ MBEDTLS_ECP_DP_SECP521R1, 25, 521, "secp521r1" },
|
||||
|
|
@ -1439,6 +1452,10 @@ static int ecp_normalize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *p
|
|||
#if defined(MBEDTLS_ECP_NO_FALLBACK) && defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT)
|
||||
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
|
||||
#else
|
||||
#ifdef MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
if ( grp->modp == ecp_mod_p384 )
|
||||
return mbedtls_p384_normalize_jac(grp, pt);
|
||||
#endif
|
||||
#ifdef MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
if ( grp->modp == ecp_mod_p256 )
|
||||
return mbedtls_p256_normalize_jac(grp, pt);
|
||||
|
|
|
|||
350
third_party/mbedtls/ecp256.c
vendored
350
third_party/mbedtls/ecp256.c
vendored
|
|
@ -29,27 +29,45 @@
|
|||
#include "third_party/mbedtls/traceme.h"
|
||||
/* clang-format off */
|
||||
|
||||
static inline bool
|
||||
static bool
|
||||
mbedtls_p256_isz( uint64_t p[4] )
|
||||
{
|
||||
return( !p[0] & !p[1] & !p[2] & !p[3] );
|
||||
}
|
||||
|
||||
static inline bool
|
||||
static bool
|
||||
mbedtls_p256_gte( uint64_t p[5] )
|
||||
{
|
||||
return( ((int64_t)p[4] > 0 ||
|
||||
(p[3] > 0xffffffff00000001 ||
|
||||
(p[3] == 0xffffffff00000001 &&
|
||||
(p[2] > 0x0000000000000000 ||
|
||||
(p[2] == 0x0000000000000000 &&
|
||||
(p[1] > 0x00000000ffffffff ||
|
||||
(p[1] == 0x00000000ffffffff &&
|
||||
(p[0] > 0xffffffffffffffff ||
|
||||
(p[0] == 0xffffffffffffffff))))))))) );
|
||||
return( (((int64_t)p[4] > 0) |
|
||||
(!p[4] &
|
||||
((p[3] > 0xffffffff00000001) |
|
||||
((p[3] == 0xffffffff00000001) &
|
||||
((p[2] > 0x0000000000000000) |
|
||||
((p[2] == 0x0000000000000000) &
|
||||
((p[1] > 0x00000000ffffffff) |
|
||||
((p[1] == 0x00000000ffffffff) &
|
||||
((p[0] > 0xffffffffffffffff) |
|
||||
(p[0] == 0xffffffffffffffff)))))))))) );
|
||||
}
|
||||
|
||||
static inline void
|
||||
static int
|
||||
mbedtls_p256_cmp( const uint64_t a[5],
|
||||
const uint64_t b[5] )
|
||||
{
|
||||
if ( (int64_t)a[4] < (int64_t)b[4] ) return -1;
|
||||
if ( (int64_t)a[4] > (int64_t)b[4] ) return +1;
|
||||
if ( a[3] < b[3] ) return -1;
|
||||
if ( a[3] > b[3] ) return +1;
|
||||
if ( a[2] < b[2] ) return -1;
|
||||
if ( a[2] > b[2] ) return +1;
|
||||
if ( a[1] < b[1] ) return -1;
|
||||
if ( a[1] > b[1] ) return +1;
|
||||
if ( a[0] < b[0] ) return -1;
|
||||
if ( a[0] > b[0] ) return +1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void
|
||||
mbedtls_p256_red( uint64_t p[5] )
|
||||
{
|
||||
#if defined(__x86_64__) && !defined(__STRICT_ANSI__)
|
||||
|
|
@ -72,7 +90,7 @@ mbedtls_p256_red( uint64_t p[5] )
|
|||
#endif
|
||||
}
|
||||
|
||||
static noinline void
|
||||
static void
|
||||
mbedtls_p256_gro( uint64_t p[5] )
|
||||
{
|
||||
#if defined(__x86_64__) && !defined(__STRICT_ANSI__)
|
||||
|
|
@ -117,7 +135,7 @@ mbedtls_p256_mod(uint64_t X[8])
|
|||
}
|
||||
}
|
||||
|
||||
static inline void
|
||||
static void
|
||||
mbedtls_p256_sar( uint64_t p[5] )
|
||||
{
|
||||
p[0] = p[0] >> 1 | p[1] << 63;
|
||||
|
|
@ -127,7 +145,7 @@ mbedtls_p256_sar( uint64_t p[5] )
|
|||
p[4] = (int64_t)p[4] >> 1;
|
||||
}
|
||||
|
||||
static inline void
|
||||
static void
|
||||
mbedtls_p256_shl( uint64_t p[5] )
|
||||
{
|
||||
p[4] = p[3] >> 63;
|
||||
|
|
@ -147,6 +165,62 @@ mbedtls_p256_mul( uint64_t X[8],
|
|||
mbedtls_p256_mod( X );
|
||||
}
|
||||
|
||||
static void
|
||||
mbedtls_p256_plu( uint64_t A[5],
|
||||
const uint64_t B[5] )
|
||||
{
|
||||
#if defined(__x86_64__) && !defined(__STRICT_ANSI__)
|
||||
asm("mov\t%1,%%rax\n\t"
|
||||
"add\t%%rax,%0\n\t"
|
||||
"mov\t8+%1,%%rax\n\t"
|
||||
"adc\t%%rax,8+%0\n\t"
|
||||
"mov\t16+%1,%%rax\n\t"
|
||||
"adc\t%%rax,16+%0\n\t"
|
||||
"mov\t24+%1,%%rax\n\t"
|
||||
"adc\t%%rax,24+%0\n\t"
|
||||
"mov\t32+%1,%%rax\n\t"
|
||||
"adc\t%%rax,32+%0"
|
||||
: /* no outputs */
|
||||
: "o"(*A), "o"(*B)
|
||||
: "rax", "memory", "cc");
|
||||
#else
|
||||
uint64_t c;
|
||||
ADC( X[0], A[0], B[0], 0, c );
|
||||
ADC( X[1], A[1], B[1], c, c );
|
||||
ADC( X[2], A[2], B[2], c, c );
|
||||
ADC( X[3], A[3], B[3], c, c );
|
||||
ADC( X[4], A[4], B[4], c, c );
|
||||
#endif
|
||||
}
|
||||
|
||||
static void
|
||||
mbedtls_p256_slu( uint64_t A[5],
|
||||
const uint64_t B[5] )
|
||||
{
|
||||
#if defined(__x86_64__) && !defined(__STRICT_ANSI__)
|
||||
asm("mov\t%1,%%rax\n\t"
|
||||
"sub\t%%rax,%0\n\t"
|
||||
"mov\t8+%1,%%rax\n\t"
|
||||
"sbb\t%%rax,8+%0\n\t"
|
||||
"mov\t16+%1,%%rax\n\t"
|
||||
"sbb\t%%rax,16+%0\n\t"
|
||||
"mov\t24+%1,%%rax\n\t"
|
||||
"sbb\t%%rax,24+%0\n\t"
|
||||
"mov\t32+%1,%%rax\n\t"
|
||||
"sbb\t%%rax,32+%0"
|
||||
: /* no outputs */
|
||||
: "o"(*A), "o"(*B)
|
||||
: "rax", "memory", "cc");
|
||||
#else
|
||||
uint64_t c;
|
||||
SBB( X[0], A[0], B[0], 0, c );
|
||||
SBB( X[1], A[1], B[1], c, c );
|
||||
SBB( X[2], A[2], B[2], c, c );
|
||||
SBB( X[3], A[3], B[3], c, c );
|
||||
SBB( X[4], A[4], B[4], c, c );
|
||||
#endif
|
||||
}
|
||||
|
||||
static void
|
||||
mbedtls_p256_add( uint64_t X[5],
|
||||
const uint64_t A[4],
|
||||
|
|
@ -383,198 +457,100 @@ int mbedtls_p256_add_mixed( const mbedtls_ecp_group *G,
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int mbedtls_p256_inv(mbedtls_mpi *X,
|
||||
const mbedtls_mpi *A,
|
||||
const mbedtls_mpi *B)
|
||||
static void
|
||||
mbedtls_p256_inv( uint64_t X[4],
|
||||
const uint64_t A[4],
|
||||
const uint64_t N[4] )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_THIS_CORRUPTION;
|
||||
mbedtls_mpi G, TA, TU, U1, U2, TB, TV, V1, V2;
|
||||
MBEDTLS_ASSERT( A->s == 1 );
|
||||
MBEDTLS_ASSERT( B->s == 1 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs(X) <= 4 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs(A) <= 4 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs(B) <= 4 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_cmp_int(B, 1) > 0 );
|
||||
mbedtls_mpi_init( &TA );
|
||||
mbedtls_mpi_init( &TU );
|
||||
mbedtls_mpi_init( &U1 );
|
||||
mbedtls_mpi_init( &U2 );
|
||||
mbedtls_mpi_init( &G );
|
||||
mbedtls_mpi_init( &TB );
|
||||
mbedtls_mpi_init( &TV );
|
||||
mbedtls_mpi_init( &V1 );
|
||||
mbedtls_mpi_init( &V2 );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &TA, 5 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &TU, 5 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &U1, 5 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &U2, 5 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &G, 5 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &TB, 5 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &TV, 5 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &V1, 5 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &V2, 5 ) );
|
||||
MBEDTLS_MPI_CHK(mbedtls_mpi_gcd( &G, A, B ));
|
||||
if (!mbedtls_mpi_is_one( &G ))
|
||||
{
|
||||
ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
|
||||
goto cleanup;
|
||||
}
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &TA, A, B ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TU, &TA ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TV, B ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &U1, 1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &U2, 0 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &V1, 0 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &V2, 1 ) );
|
||||
do
|
||||
{
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &TU ) <= 5 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &U1 ) <= 5 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &U2 ) <= 5 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &TV ) <= 5 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &V2 ) <= 5 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &V1 ) <= 5 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &G ) <= 5 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &TA ) <= 5 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &TB ) <= 5 );
|
||||
while (!(TU.p[0] & 1))
|
||||
{
|
||||
mbedtls_p256_sar(TU.p);
|
||||
if ((U1.p[0] & 1) || (U2.p[0] & 1))
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi(&U1, &U1, &TB) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi(&U2, &U2, &TA) );
|
||||
uint64_t TA[5], TU[5], TV[5], UV[4][5];
|
||||
mbedtls_platform_zeroize( UV, sizeof( UV ) );
|
||||
*(uint64_t *)mempcpy( TA, A, 4*8 ) = 0;
|
||||
*(uint64_t *)mempcpy( TU, A, 4*8 ) = 0;
|
||||
*(uint64_t *)mempcpy( TV, N, 4*8 ) = 0;
|
||||
UV[0][0] = 1;
|
||||
UV[3][0] = 1;
|
||||
do {
|
||||
while( ~TU[0] & 1 ){
|
||||
mbedtls_p256_sar( TU );
|
||||
if( ( UV[0][0] | UV[1][0] ) & 1 ){
|
||||
mbedtls_p256_gro( UV[0] );
|
||||
mbedtls_p256_slu( UV[1], TA );
|
||||
}
|
||||
mbedtls_p256_sar(U1.p);
|
||||
mbedtls_p256_sar(U2.p);
|
||||
mbedtls_p256_sar( UV[0] );
|
||||
mbedtls_p256_sar( UV[1] );
|
||||
}
|
||||
while (!(TV.p[0] & 1))
|
||||
{
|
||||
mbedtls_p256_sar(TV.p);
|
||||
if ((V1.p[0] & 1) || (V2.p[0] & 1))
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi(&V1, &V1, &TB) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi(&V2, &V2, &TA) );
|
||||
while( ~TV[0] & 1 ){
|
||||
mbedtls_p256_sar( TV );
|
||||
if( ( UV[2][0] | UV[3][0] ) & 1 ){
|
||||
mbedtls_p256_gro( UV[2] );
|
||||
mbedtls_p256_slu( UV[3], TA );
|
||||
}
|
||||
mbedtls_p256_sar( V1.p );
|
||||
mbedtls_p256_sar( V2.p );
|
||||
mbedtls_p256_sar( UV[2] );
|
||||
mbedtls_p256_sar( UV[3] );
|
||||
}
|
||||
if (mbedtls_mpi_cmp_mpi( &TU, &TV ) >= 0)
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &TU, &TU, &TV ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U1, &U1, &V1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U2, &U2, &V2 ) );
|
||||
if( mbedtls_p256_cmp( TU, TV ) >= 0 ){
|
||||
mbedtls_p256_slu( TU, TV );
|
||||
mbedtls_p256_slu( UV[0], UV[2] );
|
||||
mbedtls_p256_slu( UV[1], UV[3] );
|
||||
} else {
|
||||
mbedtls_p256_slu( TV, TU );
|
||||
mbedtls_p256_slu( UV[2], UV[0] );
|
||||
mbedtls_p256_slu( UV[3], UV[1] );
|
||||
}
|
||||
else
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &TV, &TV, &TU ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V1, &V1, &U1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V2, &V2, &U2 ) );
|
||||
}
|
||||
} while ( TU.p[0] | TU.p[1] | TU.p[2] | TU.p[3] );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &TU ) <= 5 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &U1 ) <= 5 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &U2 ) <= 5 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &TV ) <= 5 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &V2 ) <= 5 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &V1 ) <= 5 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &G ) <= 5 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &TA ) <= 5 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &TB ) <= 5 );
|
||||
while (V1.s < 0)
|
||||
MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi( &V1, &V1, B ));
|
||||
while (mbedtls_mpi_cmp_mpi( &V1, B ) >= 0)
|
||||
MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi( &V1, &V1, B ));
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &V1 ) );
|
||||
cleanup:
|
||||
mbedtls_mpi_free( &TA );
|
||||
mbedtls_mpi_free( &TU );
|
||||
mbedtls_mpi_free( &U1 );
|
||||
mbedtls_mpi_free( &U2 );
|
||||
mbedtls_mpi_free( &G );
|
||||
mbedtls_mpi_free( &TB );
|
||||
mbedtls_mpi_free( &TV );
|
||||
mbedtls_mpi_free( &V1 );
|
||||
mbedtls_mpi_free( &V2 );
|
||||
return ret;
|
||||
} while( TU[0] | TU[1] | TU[2] | TU[3] | TU[4] );
|
||||
while( (int64_t)UV[2][4] < 0 )
|
||||
mbedtls_p256_gro( UV[2] );
|
||||
while( mbedtls_p256_gte( UV[2] ) )
|
||||
mbedtls_p256_red( UV[2] );
|
||||
mbedtls_p256_cop( X, UV[2] );
|
||||
}
|
||||
|
||||
int mbedtls_p256_normalize_jac_many( const mbedtls_ecp_group *grp,
|
||||
mbedtls_ecp_point *T[], size_t T_size )
|
||||
mbedtls_ecp_point *T[], size_t n )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_THIS_CORRUPTION;
|
||||
size_t i;
|
||||
uint64_t ta[8];
|
||||
mbedtls_mpi *c, u, Zi, ZZi;
|
||||
if( !( c = mbedtls_calloc( T_size, sizeof( mbedtls_mpi ) ) ) )
|
||||
uint64_t *c, u[8], ta[8], Zi[8], ZZi[8];
|
||||
if( !( c = mbedtls_calloc( n, 8*8 ) ) )
|
||||
return( MBEDTLS_ERR_ECP_ALLOC_FAILED );
|
||||
mbedtls_mpi_init( &u );
|
||||
mbedtls_mpi_init( &Zi );
|
||||
mbedtls_mpi_init( &ZZi );
|
||||
for( i = 0; i < T_size; i++ )
|
||||
{
|
||||
CHECK_EQ( 4, T[i]->X.n );
|
||||
CHECK_EQ( 4, T[i]->Y.n );
|
||||
CHECK_EQ( 4, T[i]->Z.n );
|
||||
mbedtls_mpi_init( c + i );
|
||||
}
|
||||
for( i = 0; i < T_size; i++ )
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( c + i, 8 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &u, 8 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &Zi, 8 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &ZZi, 8 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( c, &T[0]->Z ) );
|
||||
for( i = 1; i < T_size; i++ )
|
||||
mbedtls_p256_mul( c[i].p, c[i-1].p, 4, T[i]->Z.p, 4 );
|
||||
/* mbedtls_mpi_inv_mod( &u, &c[T_size-1], &grp->P ); */
|
||||
MBEDTLS_MPI_CHK( mbedtls_p256_inv( &u, c + T_size - 1, &grp->P ) );
|
||||
for( i = T_size - 1; ; i-- )
|
||||
{
|
||||
if( !i )
|
||||
memcpy( Zi.p, u.p, 4 * 8 );
|
||||
else
|
||||
{
|
||||
mbedtls_p256_mul( Zi.p, u.p, 4, c[i-1].p, 4 );
|
||||
mbedtls_p256_mul( u.p, u.p, 4, T[i]->Z.p, 4 );
|
||||
memcpy( c, T[0]->Z.p, T[0]->Z.n*8 );
|
||||
for( i = 1; i < n; i++ )
|
||||
mbedtls_p256_mul( c+i*8, c+(i-1)*8, 4, T[i]->Z.p, 4 );
|
||||
mbedtls_p256_inv( u, c+(n-1)*8, grp->P.p );
|
||||
for( i = n - 1; ; i-- ){
|
||||
if( !i ){
|
||||
mbedtls_p256_cop( Zi, u );
|
||||
} else {
|
||||
mbedtls_p256_mul( Zi, u, 4, c+(i-1)*8, 4 );
|
||||
mbedtls_p256_mul( u, u, 4, T[i]->Z.p, 4 );
|
||||
}
|
||||
mbedtls_p256_mul( ZZi.p, Zi.p, 4, Zi.p, 4 );
|
||||
mbedtls_p256_mul( ta, T[i]->X.p, 4, ZZi.p, 4 );
|
||||
memcpy( T[i]->X.p, ta, 4 * 8 );
|
||||
mbedtls_p256_mul( ta, T[i]->Y.p, 4, ZZi.p, 4 );
|
||||
mbedtls_p256_mul( ta, ta, 4, Zi.p, 4 );
|
||||
memcpy( T[i]->Y.p, ta, 4 * 8 );
|
||||
mbedtls_p256_mul( ZZi, Zi, 4, Zi, 4 );
|
||||
mbedtls_p256_mul( ta, T[i]->X.p, 4, ZZi, 4 );
|
||||
mbedtls_p256_cop( T[i]->X.p, ta );
|
||||
mbedtls_p256_mul( ta, T[i]->Y.p, 4, ZZi, 4 );
|
||||
mbedtls_p256_mul( ta, ta, 4, Zi, 4 );
|
||||
mbedtls_p256_cop( T[i]->Y.p, ta );
|
||||
mbedtls_mpi_free( &T[i]->Z );
|
||||
if( !i ) break;
|
||||
}
|
||||
cleanup:
|
||||
mbedtls_platform_zeroize( ta, sizeof(ta) );
|
||||
for( i = 0; i < T_size; i++ )
|
||||
mbedtls_mpi_free( c + i );
|
||||
mbedtls_mpi_free( &ZZi );
|
||||
mbedtls_mpi_free( &Zi );
|
||||
mbedtls_mpi_free( &u );
|
||||
mbedtls_platform_zeroize( ta, sizeof( ta ) );
|
||||
mbedtls_platform_zeroize( c, n*8*8 );
|
||||
mbedtls_free( c );
|
||||
return( ret );
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int mbedtls_p256_normalize_jac( const mbedtls_ecp_group *grp,
|
||||
mbedtls_ecp_point *pt )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_THIS_CORRUPTION;
|
||||
mbedtls_mpi Zi, ZZi;
|
||||
mbedtls_mpi_init( &Zi );
|
||||
mbedtls_mpi_init( &ZZi );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &Zi, 8 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &ZZi, 8 ) );
|
||||
mbedtls_p256_inv( &Zi, &pt->Z, &grp->P );
|
||||
mbedtls_p256_mul( ZZi.p, Zi.p, 4, Zi.p, 4 );
|
||||
mbedtls_p256_mul( pt->X.p, pt->X.p, 4, ZZi.p, 4 );
|
||||
mbedtls_p256_mul( pt->Y.p, pt->Y.p, 4, ZZi.p, 4 );
|
||||
mbedtls_p256_mul( pt->Y.p, pt->Y.p, 4, Zi.p, 4 );
|
||||
mbedtls_mpi_lset( &pt->Z, 1 );
|
||||
cleanup:
|
||||
mbedtls_mpi_free( &ZZi );
|
||||
mbedtls_mpi_free( &Zi );
|
||||
return( ret );
|
||||
int ret;
|
||||
uint64_t t[8], Zi[8], ZZi[8];
|
||||
if ((ret = mbedtls_p256_dim(pt))) return ret;
|
||||
mbedtls_p256_inv( Zi, pt->Z.p, grp->P.p );
|
||||
mbedtls_p256_mul( ZZi, Zi, 4, Zi, 4 );
|
||||
mbedtls_p256_mul( t, pt->X.p, 4, ZZi, 4 );
|
||||
mbedtls_p256_cop( pt->X.p, t );
|
||||
mbedtls_p256_mul( t, pt->Y.p, 4, ZZi, 4 );
|
||||
mbedtls_p256_mul( t, t, 4, Zi, 4 );
|
||||
mbedtls_p256_cop( pt->Y.p, t );
|
||||
mbedtls_mpi_lset( &pt->Z, 1 );
|
||||
return( 0 );
|
||||
}
|
||||
|
|
|
|||
451
third_party/mbedtls/ecp384.c
vendored
451
third_party/mbedtls/ecp384.c
vendored
|
|
@ -29,27 +29,50 @@
|
|||
#include "third_party/mbedtls/traceme.h"
|
||||
/* clang-format off */
|
||||
|
||||
static inline bool
|
||||
static bool
|
||||
mbedtls_p384_isz( uint64_t p[6] )
|
||||
{
|
||||
return( !p[0] & !p[1] & !p[2] & !p[3] & !p[4] & !p[5] );
|
||||
}
|
||||
|
||||
static inline bool
|
||||
mbedtls_p384_gte( uint64_t p[7] ) {
|
||||
return( ((int64_t)p[6] > 0 ||
|
||||
(p[5] > 0xffffffffffffffff ||
|
||||
(p[5] == 0xffffffffffffffff &&
|
||||
(p[4] > 0xffffffffffffffff ||
|
||||
(p[4] == 0xffffffffffffffff &&
|
||||
(p[3] > 0xffffffffffffffff ||
|
||||
(p[3] == 0xffffffffffffffff &&
|
||||
(p[2] > 0xfffffffffffffffe ||
|
||||
(p[2] == 0xfffffffffffffffe &&
|
||||
(p[1] > 0xffffffff00000000 ||
|
||||
(p[1] == 0xffffffff00000000 &&
|
||||
(p[0] > 0x00000000ffffffff ||
|
||||
(p[0] == 0x00000000ffffffff))))))))))))) );
|
||||
static bool
|
||||
mbedtls_p384_gte( uint64_t p[7] )
|
||||
{
|
||||
return( (((int64_t)p[6] > 0) |
|
||||
(!p[6] &
|
||||
(p[5] > 0xffffffffffffffff |
|
||||
(p[5] == 0xffffffffffffffff &
|
||||
(p[4] > 0xffffffffffffffff |
|
||||
(p[4] == 0xffffffffffffffff &
|
||||
(p[3] > 0xffffffffffffffff |
|
||||
(p[3] == 0xffffffffffffffff &
|
||||
(p[2] > 0xfffffffffffffffe |
|
||||
(p[2] == 0xfffffffffffffffe &
|
||||
(p[1] > 0xffffffff00000000 |
|
||||
(p[1] == 0xffffffff00000000 &
|
||||
(p[0] > 0x00000000ffffffff |
|
||||
(p[0] == 0x00000000ffffffff)))))))))))))) );
|
||||
}
|
||||
|
||||
static int
|
||||
mbedtls_p384_cmp( const uint64_t a[7],
|
||||
const uint64_t b[7] )
|
||||
{
|
||||
if ( (int64_t)a[6] < (int64_t)b[6] ) return -1;
|
||||
if ( (int64_t)a[6] > (int64_t)b[6] ) return +1;
|
||||
if ( a[5] < b[5] ) return -1;
|
||||
if ( a[5] > b[5] ) return +1;
|
||||
if ( a[4] < b[4] ) return -1;
|
||||
if ( a[4] > b[4] ) return +1;
|
||||
if ( a[3] < b[3] ) return -1;
|
||||
if ( a[3] > b[3] ) return +1;
|
||||
if ( a[2] < b[2] ) return -1;
|
||||
if ( a[2] > b[2] ) return +1;
|
||||
if ( a[1] < b[1] ) return -1;
|
||||
if ( a[1] > b[1] ) return +1;
|
||||
if ( a[0] < b[0] ) return -1;
|
||||
if ( a[0] > b[0] ) return +1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static inline void
|
||||
|
|
@ -114,15 +137,15 @@ mbedtls_p384_rum( uint64_t p[7] )
|
|||
}
|
||||
|
||||
static inline void
|
||||
mbedtls_p384_mod(uint64_t X[12])
|
||||
mbedtls_p384_mod( uint64_t X[12] )
|
||||
{
|
||||
secp384r1(X);
|
||||
if ((int64_t)X[6] < 0) {
|
||||
if( (int64_t)X[6] < 0 ){
|
||||
do {
|
||||
mbedtls_p384_gro(X);
|
||||
} while ((int64_t)X[6] < 0);
|
||||
} while( (int64_t)X[6] < 0 );
|
||||
} else {
|
||||
while (mbedtls_p384_gte(X)) {
|
||||
while( mbedtls_p384_gte(X) ){
|
||||
mbedtls_p384_red(X);
|
||||
}
|
||||
}
|
||||
|
|
@ -158,7 +181,7 @@ mbedtls_p384_mul( uint64_t X[12],
|
|||
const uint64_t A[6], size_t n,
|
||||
const uint64_t B[6], size_t m )
|
||||
{
|
||||
if( X86_HAVE(ADX) && X86_HAVE(BMI2) )
|
||||
if( n == 6 && m == 6 && X86_HAVE(ADX) && X86_HAVE(BMI2) )
|
||||
Mul6x6Adx( X, A, B );
|
||||
else
|
||||
{
|
||||
|
|
@ -170,6 +193,74 @@ mbedtls_p384_mul( uint64_t X[12],
|
|||
mbedtls_p384_mod( X );
|
||||
}
|
||||
|
||||
static void
|
||||
mbedtls_p384_plu( uint64_t A[7],
|
||||
const uint64_t B[7] )
|
||||
{
|
||||
#if defined(__x86_64__) && !defined(__STRICT_ANSI__)
|
||||
asm("mov\t%1,%%rax\n\t"
|
||||
"add\t%%rax,%0\n\t"
|
||||
"mov\t8+%1,%%rax\n\t"
|
||||
"adc\t%%rax,8+%0\n\t"
|
||||
"mov\t16+%1,%%rax\n\t"
|
||||
"adc\t%%rax,16+%0\n\t"
|
||||
"mov\t24+%1,%%rax\n\t"
|
||||
"adc\t%%rax,24+%0\n\t"
|
||||
"mov\t32+%1,%%rax\n\t"
|
||||
"adc\t%%rax,32+%0\n\t"
|
||||
"mov\t40+%1,%%rax\n\t"
|
||||
"adc\t%%rax,40+%0\n\t"
|
||||
"mov\t48+%1,%%rax\n\t"
|
||||
"adc\t%%rax,48+%0"
|
||||
: /* no outputs */
|
||||
: "o"(*A), "o"(*B)
|
||||
: "rax", "memory", "cc");
|
||||
#else
|
||||
uint64_t c;
|
||||
ADC( X[0], A[0], B[0], 0, c );
|
||||
ADC( X[1], A[1], B[1], c, c );
|
||||
ADC( X[2], A[2], B[2], c, c );
|
||||
ADC( X[3], A[3], B[3], c, c );
|
||||
ADC( X[4], A[4], B[4], c, c );
|
||||
ADC( X[5], A[5], B[5], c, c );
|
||||
ADC( X[6], A[6], B[6], c, c );
|
||||
#endif
|
||||
}
|
||||
|
||||
static void
|
||||
mbedtls_p384_slu( uint64_t A[7],
|
||||
const uint64_t B[7] )
|
||||
{
|
||||
#if defined(__x86_64__) && !defined(__STRICT_ANSI__)
|
||||
asm("mov\t%1,%%rax\n\t"
|
||||
"sub\t%%rax,%0\n\t"
|
||||
"mov\t8+%1,%%rax\n\t"
|
||||
"sbb\t%%rax,8+%0\n\t"
|
||||
"mov\t16+%1,%%rax\n\t"
|
||||
"sbb\t%%rax,16+%0\n\t"
|
||||
"mov\t24+%1,%%rax\n\t"
|
||||
"sbb\t%%rax,24+%0\n\t"
|
||||
"mov\t32+%1,%%rax\n\t"
|
||||
"sbb\t%%rax,32+%0\n\t"
|
||||
"mov\t40+%1,%%rax\n\t"
|
||||
"sbb\t%%rax,40+%0\n\t"
|
||||
"mov\t48+%1,%%rax\n\t"
|
||||
"sbb\t%%rax,48+%0"
|
||||
: /* no outputs */
|
||||
: "o"(*A), "o"(*B)
|
||||
: "rax", "memory", "cc");
|
||||
#else
|
||||
uint64_t c;
|
||||
SBB( X[0], A[0], B[0], 0, c );
|
||||
SBB( X[1], A[1], B[1], c, c );
|
||||
SBB( X[2], A[2], B[2], c, c );
|
||||
SBB( X[3], A[3], B[3], c, c );
|
||||
SBB( X[4], A[4], B[4], c, c );
|
||||
SBB( X[5], A[5], B[5], c, c );
|
||||
SBB( X[6], A[6], B[6], c, c );
|
||||
#endif
|
||||
}
|
||||
|
||||
static void
|
||||
mbedtls_p384_add( uint64_t X[7],
|
||||
const uint64_t A[6],
|
||||
|
|
@ -293,7 +384,7 @@ static inline void
|
|||
mbedtls_p384_cop( uint64_t X[6],
|
||||
const uint64_t Y[6] )
|
||||
{
|
||||
memcpy( X, Y, 6 * 8 );
|
||||
memcpy( X, Y, 6*8 );
|
||||
}
|
||||
|
||||
static int
|
||||
|
|
@ -311,56 +402,33 @@ int mbedtls_p384_double_jac( const mbedtls_ecp_group *G,
|
|||
mbedtls_ecp_point *R )
|
||||
{
|
||||
int ret;
|
||||
struct {
|
||||
uint64_t X[6], Y[6], Z[6];
|
||||
uint64_t M[12], S[12], T[12], U[12];
|
||||
size_t Xn, Yn, Zn;
|
||||
} s;
|
||||
MBEDTLS_ASSERT( G->A.p == 0 );
|
||||
MBEDTLS_ASSERT( P->X.s == 1 );
|
||||
MBEDTLS_ASSERT( P->Y.s == 1 );
|
||||
MBEDTLS_ASSERT( P->Z.s == 1 );
|
||||
MBEDTLS_ASSERT( G->P.p[0] == 0x00000000ffffffff );
|
||||
MBEDTLS_ASSERT( G->P.p[1] == 0xffffffff00000000 );
|
||||
MBEDTLS_ASSERT( G->P.p[2] == 0xfffffffffffffffe );
|
||||
MBEDTLS_ASSERT( G->P.p[3] == 0xffffffffffffffff );
|
||||
MBEDTLS_ASSERT( G->P.p[4] == 0xffffffffffffffff );
|
||||
MBEDTLS_ASSERT( G->P.p[5] == 0xffffffffffffffff );
|
||||
uint64_t T[4][12];
|
||||
if ( ( ret = mbedtls_p384_dim( R ) ) ) return ret;
|
||||
mbedtls_platform_zeroize( &s, sizeof( s ) );
|
||||
s.Xn = mbedtls_mpi_limbs( &P->X );
|
||||
s.Yn = mbedtls_mpi_limbs( &P->Y );
|
||||
s.Zn = mbedtls_mpi_limbs( &P->Z );
|
||||
CHECK_LE( s.Xn, 6 );
|
||||
CHECK_LE( s.Yn, 6 );
|
||||
CHECK_LE( s.Zn, 6 );
|
||||
memcpy( s.X, P->X.p, s.Xn * 8 );
|
||||
memcpy( s.Y, P->Y.p, s.Yn * 8 );
|
||||
memcpy( s.Z, P->Z.p, s.Zn * 8 );
|
||||
mbedtls_p384_mul( s.S, s.Z, s.Zn, s.Z, s.Zn );
|
||||
mbedtls_p384_add( s.T, s.X, s.S );
|
||||
mbedtls_p384_sub( s.U, s.X, s.S );
|
||||
mbedtls_p384_mul( s.S, s.T, 6, s.U, 6 );
|
||||
mbedtls_mpi_mul_hlp1( 6, s.S, s.M, 3 );
|
||||
mbedtls_p384_rum( s.M );
|
||||
mbedtls_p384_mul( s.T, s.Y, s.Yn, s.Y, s.Yn );
|
||||
mbedtls_p384_shl( s.T );
|
||||
mbedtls_p384_mul( s.S, s.X, s.Xn, s.T, 6 );
|
||||
mbedtls_p384_shl( s.S );
|
||||
mbedtls_p384_mul( s.U, s.T, 6, s.T, 6 );
|
||||
mbedtls_p384_shl( s.U );
|
||||
mbedtls_p384_mul( s.T, s.M, 6, s.M, 6 );
|
||||
mbedtls_p384_hub( s.T, s.S );
|
||||
mbedtls_p384_hub( s.T, s.S );
|
||||
mbedtls_p384_hub( s.S, s.T );
|
||||
mbedtls_p384_mul( s.S, s.S, 6, s.M, 6 );
|
||||
mbedtls_p384_hub( s.S, s.U );
|
||||
mbedtls_p384_mul( s.U, s.Y, s.Yn, s.Z, s.Zn );
|
||||
mbedtls_p384_shl( s.U );
|
||||
mbedtls_p384_cop( R->X.p, s.T );
|
||||
mbedtls_p384_cop( R->Y.p, s.S );
|
||||
mbedtls_p384_cop( R->Z.p, s.U );
|
||||
mbedtls_platform_zeroize( &s, sizeof(s) );
|
||||
if ( ( ret = mbedtls_p384_dim( P ) ) ) return ret;
|
||||
mbedtls_platform_zeroize( T, sizeof( T ) );
|
||||
mbedtls_p384_mul( T[1], P->Z.p, 6, P->Z.p, 6 );
|
||||
mbedtls_p384_add( T[2], P->X.p, T[1] );
|
||||
mbedtls_p384_sub( T[3], P->X.p, T[1] );
|
||||
mbedtls_p384_mul( T[1], T[2], 6, T[3], 6 );
|
||||
mbedtls_mpi_mul_hlp1( 6, T[1], T[0], 3 );
|
||||
mbedtls_p384_rum( T[0] );
|
||||
mbedtls_p384_mul( T[2], P->Y.p, 6, P->Y.p, 6 );
|
||||
mbedtls_p384_shl( T[2] );
|
||||
mbedtls_p384_mul( T[1], P->X.p, 6, T[2], 6 );
|
||||
mbedtls_p384_shl( T[1] );
|
||||
mbedtls_p384_mul( T[3], T[2], 6, T[2], 6 );
|
||||
mbedtls_p384_shl( T[3] );
|
||||
mbedtls_p384_mul( T[2], T[0], 6, T[0], 6 );
|
||||
mbedtls_p384_hub( T[2], T[1] );
|
||||
mbedtls_p384_hub( T[2], T[1] );
|
||||
mbedtls_p384_hub( T[1], T[2] );
|
||||
mbedtls_p384_mul( T[1], T[1], 6, T[0], 6 );
|
||||
mbedtls_p384_hub( T[1], T[3] );
|
||||
mbedtls_p384_mul( T[3], P->Y.p, 6, P->Z.p, 6 );
|
||||
mbedtls_p384_shl( T[3] );
|
||||
mbedtls_p384_cop( R->X.p, T[2] );
|
||||
mbedtls_p384_cop( R->Y.p, T[1] );
|
||||
mbedtls_p384_cop( R->Z.p, T[3] );
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
@ -375,13 +443,8 @@ int mbedtls_p384_add_mixed( const mbedtls_ecp_group *G,
|
|||
uint64_t T1[12], T2[12], T3[12], T4[12];
|
||||
size_t Xn, Yn, Zn, QXn, QYn;
|
||||
} s;
|
||||
MBEDTLS_ASSERT( P->X.s == 1 );
|
||||
MBEDTLS_ASSERT( P->Y.s == 1 );
|
||||
MBEDTLS_ASSERT( P->Z.s == 1 );
|
||||
MBEDTLS_ASSERT( Q->X.s == 1 );
|
||||
MBEDTLS_ASSERT( Q->Y.s == 1 );
|
||||
if ( ( ret = mbedtls_p384_dim( R ) ) ) return ret;
|
||||
mbedtls_platform_zeroize(&s, sizeof(s));
|
||||
if( ( ret = mbedtls_p384_dim( R ) ) ) return ret;
|
||||
mbedtls_platform_zeroize( &s, sizeof( s ) );
|
||||
s.Xn = mbedtls_mpi_limbs( &P->X );
|
||||
s.Yn = mbedtls_mpi_limbs( &P->Y );
|
||||
s.Zn = mbedtls_mpi_limbs( &P->Z );
|
||||
|
|
@ -428,176 +491,100 @@ int mbedtls_p384_add_mixed( const mbedtls_ecp_group *G,
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int mbedtls_p384_inv_mod(mbedtls_mpi *X,
|
||||
const mbedtls_mpi *A,
|
||||
const mbedtls_mpi *N)
|
||||
static void
|
||||
mbedtls_p384_inv( uint64_t X[6],
|
||||
const uint64_t A[6],
|
||||
const uint64_t N[6] )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_THIS_CORRUPTION;
|
||||
mbedtls_mpi G, TA, TU, U1, U2, TB, TV, V1, V2;
|
||||
MBEDTLS_ASSERT( A->s == 1 );
|
||||
MBEDTLS_ASSERT( N->s == 1 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( X ) <= 6 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( A ) <= 6 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( N ) <= 6 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_cmp_int( N, 1 ) > 0 );
|
||||
mbedtls_mpi_init( &TA );
|
||||
mbedtls_mpi_init( &TU );
|
||||
mbedtls_mpi_init( &U1 );
|
||||
mbedtls_mpi_init( &U2 );
|
||||
mbedtls_mpi_init( &G );
|
||||
mbedtls_mpi_init( &TB );
|
||||
mbedtls_mpi_init( &TV );
|
||||
mbedtls_mpi_init( &V1 );
|
||||
mbedtls_mpi_init( &V2 );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &TA, 7 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &TU, 7 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &U1, 7 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &U2, 7 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &G, 7 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &TB, 7 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &TV, 7 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &V1, 7 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &V2, 7 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, A, N ) );
|
||||
if (!mbedtls_mpi_is_one( &G ))
|
||||
{
|
||||
ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
|
||||
goto cleanup;
|
||||
}
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &TA, A, N ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TU, &TA ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, N ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TV, N ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &U1, 1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &U2, 0 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &V1, 0 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &V2, 1 ) );
|
||||
do
|
||||
{
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &TU ) <= 7 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &U1 ) <= 7 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &U2 ) <= 7 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &TV ) <= 7 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &V2 ) <= 7 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &V1 ) <= 7 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &G ) <= 7 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &TA ) <= 7 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &TB ) <= 7 );
|
||||
while ( !( TU.p[0] & 1 ) )
|
||||
{
|
||||
mbedtls_p384_sar( TU.p );
|
||||
if ((U1.p[0] & 1) || (U2.p[0] & 1))
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &U1, &U1, &TB ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U2, &U2, &TA ) );
|
||||
uint64_t TA[7], TU[7], TV[7], UV[4][7];
|
||||
mbedtls_platform_zeroize( UV, sizeof( UV ) );
|
||||
*(uint64_t *)mempcpy( TA, A, 6*8 ) = 0;
|
||||
*(uint64_t *)mempcpy( TU, A, 6*8 ) = 0;
|
||||
*(uint64_t *)mempcpy( TV, N, 6*8 ) = 0;
|
||||
UV[0][0] = 1;
|
||||
UV[3][0] = 1;
|
||||
do {
|
||||
while( ~TU[0] & 1 ){
|
||||
mbedtls_p384_sar( TU );
|
||||
if( ( UV[0][0] | UV[1][0] ) & 1 ){
|
||||
mbedtls_p384_gro( UV[0] );
|
||||
mbedtls_p384_slu( UV[1], TA );
|
||||
}
|
||||
mbedtls_p384_sar(U1.p);
|
||||
mbedtls_p384_sar(U2.p);
|
||||
mbedtls_p384_sar( UV[0] );
|
||||
mbedtls_p384_sar( UV[1] );
|
||||
}
|
||||
while ( !( TV.p[0] & 1 ) )
|
||||
{
|
||||
mbedtls_p384_sar(TV.p);
|
||||
if ((V1.p[0] & 1) || (V2.p[0] & 1))
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &V1, &V1, &TB ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V2, &V2, &TA ) );
|
||||
while( ~TV[0] & 1 ){
|
||||
mbedtls_p384_sar( TV );
|
||||
if( ( UV[2][0] | UV[3][0] ) & 1 ){
|
||||
mbedtls_p384_gro( UV[2] );
|
||||
mbedtls_p384_slu( UV[3], TA );
|
||||
}
|
||||
mbedtls_p384_sar( V1.p );
|
||||
mbedtls_p384_sar( V2.p );
|
||||
mbedtls_p384_sar( UV[2] );
|
||||
mbedtls_p384_sar( UV[3] );
|
||||
}
|
||||
if (mbedtls_mpi_cmp_mpi( &TU, &TV ) >= 0)
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &TU, &TU, &TV ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U1, &U1, &V1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &U2, &U2, &V2 ) );
|
||||
if( mbedtls_p384_cmp( TU, TV ) >= 0 ){
|
||||
mbedtls_p384_slu( TU, TV );
|
||||
mbedtls_p384_slu( UV[0], UV[2] );
|
||||
mbedtls_p384_slu( UV[1], UV[3] );
|
||||
} else {
|
||||
mbedtls_p384_slu( TV, TU );
|
||||
mbedtls_p384_slu( UV[2], UV[0] );
|
||||
mbedtls_p384_slu( UV[3], UV[1] );
|
||||
}
|
||||
else
|
||||
{
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &TV, &TV, &TU ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V1, &V1, &U1 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V2, &V2, &U2 ) );
|
||||
}
|
||||
} while ( TU.p[0] | TU.p[1] | TU.p[2] | TU.p[3] | TU.p[4] | TU.p[5] );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &TU ) <= 7 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &U1 ) <= 7 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &U2 ) <= 7 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &TV ) <= 7 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &V2 ) <= 7 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &V1 ) <= 7 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &G ) <= 7 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &TA ) <= 7 );
|
||||
MBEDTLS_ASSERT( mbedtls_mpi_limbs( &TB ) <= 7 );
|
||||
while (V1.s < 0)
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &V1, &V1, N ) );
|
||||
while (mbedtls_mpi_cmp_mpi( &V1, N ) >= 0)
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &V1, &V1, N ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &V1 ) );
|
||||
cleanup:
|
||||
mbedtls_mpi_free( &TA );
|
||||
mbedtls_mpi_free( &TU );
|
||||
mbedtls_mpi_free( &U1 );
|
||||
mbedtls_mpi_free( &U2 );
|
||||
mbedtls_mpi_free( &G );
|
||||
mbedtls_mpi_free( &TB );
|
||||
mbedtls_mpi_free( &TV );
|
||||
mbedtls_mpi_free( &V1 );
|
||||
mbedtls_mpi_free( &V2 );
|
||||
return ret;
|
||||
} while( TU[0] | TU[1] | TU[2] | TU[3] | TU[4] | TU[5] | TU[6] );
|
||||
while( (int64_t)UV[2][6] < 0 )
|
||||
mbedtls_p384_gro( UV[2] );
|
||||
while( mbedtls_p384_gte( UV[2] ) )
|
||||
mbedtls_p384_red( UV[2] );
|
||||
mbedtls_p384_cop( X, UV[2] );
|
||||
}
|
||||
|
||||
int mbedtls_p384_normalize_jac( const mbedtls_ecp_group *grp,
|
||||
mbedtls_ecp_point *pt )
|
||||
{
|
||||
int ret;
|
||||
uint64_t t[12], Zi[12], ZZi[12];
|
||||
if ((ret = mbedtls_p384_dim(pt))) return ret;
|
||||
mbedtls_p384_inv( Zi, pt->Z.p, grp->P.p );
|
||||
mbedtls_p384_mul( ZZi, Zi, 6, Zi, 6 );
|
||||
mbedtls_p384_mul( t, pt->X.p, 6, ZZi, 6 );
|
||||
mbedtls_p384_cop( pt->X.p, t );
|
||||
mbedtls_p384_mul( t, pt->Y.p, 6, ZZi, 6 );
|
||||
mbedtls_p384_mul( t, t, 6, Zi, 6 );
|
||||
mbedtls_p384_cop( pt->Y.p, t );
|
||||
mbedtls_mpi_lset( &pt->Z, 1 );
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
int mbedtls_p384_normalize_jac_many( const mbedtls_ecp_group *grp,
|
||||
mbedtls_ecp_point *T[], size_t T_size )
|
||||
mbedtls_ecp_point *T[], size_t n )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_THIS_CORRUPTION;
|
||||
size_t i;
|
||||
uint64_t ta[12];
|
||||
mbedtls_mpi *c, u, Zi, ZZi;
|
||||
if( !( c = mbedtls_calloc( T_size, sizeof( mbedtls_mpi ) ) ) )
|
||||
uint64_t *c, u[12], ta[12], Zi[12], ZZi[12];
|
||||
if( !( c = mbedtls_calloc( n, 12*8 ) ) )
|
||||
return( MBEDTLS_ERR_ECP_ALLOC_FAILED );
|
||||
mbedtls_mpi_init( &u );
|
||||
mbedtls_mpi_init( &Zi );
|
||||
mbedtls_mpi_init( &ZZi );
|
||||
for( i = 0; i < T_size; i++ )
|
||||
{
|
||||
CHECK_EQ( 6, T[i]->X.n );
|
||||
CHECK_EQ( 6, T[i]->Y.n );
|
||||
CHECK_EQ( 6, T[i]->Z.n );
|
||||
mbedtls_mpi_init( c + i );
|
||||
}
|
||||
for( i = 0; i < T_size; i++ )
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( c + i, 12 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &u, 12 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &Zi, 12 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &ZZi, 12 ) );
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( c, &T[0]->Z ) );
|
||||
for( i = 1; i < T_size; i++ )
|
||||
mbedtls_p384_mul( c[i].p, c[i-1].p, 6, T[i]->Z.p, 6 );
|
||||
MBEDTLS_MPI_CHK( mbedtls_p384_inv_mod( &u, c + T_size - 1, &grp->P ) );
|
||||
for( i = T_size - 1; ; i-- )
|
||||
{
|
||||
if( !i )
|
||||
memcpy( Zi.p, u.p, 6 * 8 );
|
||||
else
|
||||
{
|
||||
mbedtls_p384_mul( Zi.p, u.p, 6, c[i-1].p, 6 );
|
||||
mbedtls_p384_mul( u.p, u.p, 6, T[i]->Z.p, 6 );
|
||||
memcpy( c, T[0]->Z.p, T[0]->Z.n*8 );
|
||||
for( i = 1; i < n; i++ )
|
||||
mbedtls_p384_mul( c+i*12, c+(i-1)*12, 6, T[i]->Z.p, 6 );
|
||||
mbedtls_p384_inv( u, c+(n-1)*12, grp->P.p );
|
||||
for( i = n - 1; ; i-- ){
|
||||
if( !i ){
|
||||
mbedtls_p384_cop( Zi, u );
|
||||
} else {
|
||||
mbedtls_p384_mul( Zi, u, 6, c+(i-1)*12, 6 );
|
||||
mbedtls_p384_mul( u, u, 6, T[i]->Z.p, 6 );
|
||||
}
|
||||
mbedtls_p384_mul( ZZi.p, Zi.p, 6, Zi.p, 6 );
|
||||
mbedtls_p384_mul( ta, T[i]->X.p, 6, ZZi.p, 6 );
|
||||
memcpy( T[i]->X.p, ta, 6 * 8 );
|
||||
mbedtls_p384_mul( ta, T[i]->Y.p, 6, ZZi.p, 6 );
|
||||
mbedtls_p384_mul( ta, ta, 6, Zi.p, 6 );
|
||||
memcpy( T[i]->Y.p, ta, 6 * 8 );
|
||||
mbedtls_p384_mul( ZZi, Zi, 6, Zi, 6 );
|
||||
mbedtls_p384_mul( ta, T[i]->X.p, 6, ZZi, 6 );
|
||||
memcpy( T[i]->X.p, ta, 6 * 8 );
|
||||
mbedtls_p384_mul( ta, T[i]->Y.p, 6, ZZi, 6 );
|
||||
mbedtls_p384_mul( ta, ta, 6, Zi, 6 );
|
||||
memcpy( T[i]->Y.p, ta, 6 * 8 );
|
||||
mbedtls_mpi_free( &T[i]->Z );
|
||||
if( !i ) break;
|
||||
}
|
||||
cleanup:
|
||||
mbedtls_platform_zeroize( ta, sizeof( ta ) );
|
||||
for( i = 0; i < T_size; i++ )
|
||||
mbedtls_mpi_free( c + i );
|
||||
mbedtls_mpi_free( &ZZi );
|
||||
mbedtls_mpi_free( &Zi );
|
||||
mbedtls_mpi_free( &u );
|
||||
mbedtls_platform_zeroize( c, n*12*8 );
|
||||
mbedtls_free( c );
|
||||
return( ret );
|
||||
return( 0 );
|
||||
}
|
||||
|
|
|
|||
2
third_party/mbedtls/ecp_internal.h
vendored
2
third_party/mbedtls/ecp_internal.h
vendored
|
|
@ -256,6 +256,8 @@ int mbedtls_p384_add_mixed( const mbedtls_ecp_group *,
|
|||
const mbedtls_ecp_point *,
|
||||
const mbedtls_ecp_point *,
|
||||
mbedtls_ecp_point * );
|
||||
int mbedtls_p384_normalize_jac( const mbedtls_ecp_group *,
|
||||
mbedtls_ecp_point * );
|
||||
int mbedtls_p384_normalize_jac_many( const mbedtls_ecp_group *,
|
||||
mbedtls_ecp_point *[], size_t );
|
||||
|
||||
|
|
|
|||
1
third_party/mbedtls/everest.c
vendored
1
third_party/mbedtls/everest.c
vendored
|
|
@ -242,7 +242,6 @@ static void HaclEcAddAndDoubleFmonty(uint64_t xz2[2][5], uint64_t xz3[2][5],
|
|||
|
||||
/**
|
||||
* Computes elliptic curve 25519.
|
||||
* @note it has 126 bits of security
|
||||
*/
|
||||
void curve25519(uint8_t mypublic[32], const uint8_t secret[32],
|
||||
const uint8_t basepoint[32]) {
|
||||
|
|
|
|||
2
third_party/mbedtls/md.h
vendored
2
third_party/mbedtls/md.h
vendored
|
|
@ -58,7 +58,7 @@ typedef struct mbedtls_md_info_t {
|
|||
int (*f_update)(void *, const void *, size_t);
|
||||
int (*f_process)(void *, const void *);
|
||||
int (*f_finish)(void *, void *);
|
||||
int (*f_md)(const void *, size_t, void *);
|
||||
int (*f_md)(const void *, size_t, unsigned char *);
|
||||
} mbedtls_md_info_t;
|
||||
|
||||
/**
|
||||
|
|
|
|||
1
third_party/mbedtls/oid.c
vendored
1
third_party/mbedtls/oid.c
vendored
|
|
@ -291,7 +291,6 @@ static const mbedtls_oid_descriptor_t oid_ext_key_usage[] =
|
|||
{ ADD_LEN( MBEDTLS_OID_EMAIL_PROTECTION ), "id-kp-emailProtection", "E-mail Protection" },
|
||||
{ ADD_LEN( MBEDTLS_OID_TIME_STAMPING ), "id-kp-timeStamping", "Time Stamping" },
|
||||
{ ADD_LEN( MBEDTLS_OID_OCSP_SIGNING ), "id-kp-OCSPSigning", "OCSP Signing" },
|
||||
{ ADD_LEN( MBEDTLS_OID_WISUN_FAN ), "id-kp-wisun-fan-device", "Wi-SUN Alliance Field Area Network (FAN)" },
|
||||
{ NULL, 0, NULL, NULL },
|
||||
};
|
||||
|
||||
|
|
|
|||
7
third_party/mbedtls/oid.h
vendored
7
third_party/mbedtls/oid.h
vendored
|
|
@ -171,13 +171,6 @@
|
|||
#define MBEDTLS_OID_TIME_STAMPING MBEDTLS_OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */
|
||||
#define MBEDTLS_OID_OCSP_SIGNING MBEDTLS_OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */
|
||||
|
||||
/**
|
||||
* Wi-SUN Alliance Field Area Network
|
||||
* { iso(1) identified-organization(3) dod(6) internet(1)
|
||||
* private(4) enterprise(1) WiSUN(45605) FieldAreaNetwork(1) }
|
||||
*/
|
||||
#define MBEDTLS_OID_WISUN_FAN MBEDTLS_OID_INTERNET "\x04\x01\x82\xe4\x25\x01"
|
||||
|
||||
#define MBEDTLS_OID_ON MBEDTLS_OID_PKIX "\x08" /**< id-on OBJECT IDENTIFIER ::= { id-pkix 8 } */
|
||||
#define MBEDTLS_OID_ON_HW_MODULE_NAME MBEDTLS_OID_ON "\x04" /**< id-on-hardwareModuleName OBJECT IDENTIFIER ::= { id-on 4 } */
|
||||
|
||||
|
|
|
|||
58
third_party/mbedtls/rsa.c
vendored
58
third_party/mbedtls/rsa.c
vendored
|
|
@ -32,43 +32,39 @@ Mbed TLS (Apache 2.0)\\n\
|
|||
Copyright ARM Limited\\n\
|
||||
Copyright Mbed TLS Contributors\"");
|
||||
asm(".include \"libc/disclaimer.inc\"");
|
||||
|
||||
/* clang-format off */
|
||||
/*
|
||||
* The RSA public-key cryptosystem
|
||||
*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
/*
|
||||
* The following sources were referenced in the design of this implementation
|
||||
* of the RSA algorithm:
|
||||
/**
|
||||
* @fileoverview The RSA public-key cryptosystem
|
||||
*
|
||||
* [1] A method for obtaining digital signatures and public-key cryptosystems
|
||||
* R Rivest, A Shamir, and L Adleman
|
||||
* http://people.csail.mit.edu/rivest/pubs.html#RSA78
|
||||
* LENGTH SECURITY
|
||||
* -------------- --------
|
||||
* RSA 512 57
|
||||
* RSA 1024 80
|
||||
* RSA 2048 110
|
||||
* RSA 4096 150
|
||||
* RSA 8192 202
|
||||
* RSA 16384 270
|
||||
* RSA 32768 359
|
||||
* RSA 65536 475
|
||||
* RSA 131072 626
|
||||
*
|
||||
* [2] Handbook of Applied Cryptography - 1997, Chapter 8
|
||||
* Menezes, van Oorschot and Vanstone
|
||||
* (1.923*cbrt(L*log(2))*cbrt(log(L*log(2))*log(L*log(2)))-4.69)/log(2)
|
||||
*
|
||||
* [3] Malware Guard Extension: Using SGX to Conceal Cache Attacks
|
||||
* Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice and
|
||||
* Stefan Mangard
|
||||
* https://arxiv.org/abs/1702.08719v2
|
||||
* The following sources were referenced in the design of this implementation
|
||||
* of the RSA algorithm:
|
||||
*
|
||||
* [1] A method for obtaining digital signatures and public-key cryptosystems
|
||||
* R Rivest, A Shamir, and L Adleman
|
||||
* http://people.csail.mit.edu/rivest/pubs.html#RSA78
|
||||
*
|
||||
* [2] Handbook of Applied Cryptography - 1997, Chapter 8
|
||||
* Menezes, van Oorschot and Vanstone
|
||||
*
|
||||
* [3] Malware Guard Extension: Using SGX to Conceal Cache Attacks
|
||||
* Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice and
|
||||
* Stefan Mangard
|
||||
* https://arxiv.org/abs/1702.08719v2
|
||||
*/
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
|
|
|
|||
4
third_party/mbedtls/secp384r1.c
vendored
4
third_party/mbedtls/secp384r1.c
vendored
|
|
@ -42,9 +42,7 @@
|
|||
* @see FIPS 186-3 §D.2.4
|
||||
*/
|
||||
void secp384r1(uint64_t p[12]) {
|
||||
int r;
|
||||
char o;
|
||||
uint64_t A, B, C, D, E, F, G, a, b, c;
|
||||
uint64_t A, B, C, D, E, F, G, a, b;
|
||||
A = Q(0);
|
||||
B = Q(2);
|
||||
C = Q(4);
|
||||
|
|
|
|||
4
third_party/mbedtls/sha256.c
vendored
4
third_party/mbedtls/sha256.c
vendored
|
|
@ -458,12 +458,12 @@ exit:
|
|||
return( ret );
|
||||
}
|
||||
|
||||
noinstrument int mbedtls_sha256_ret_224( const void *input, size_t ilen, void *output )
|
||||
noinstrument int mbedtls_sha256_ret_224( const void *input, size_t ilen, unsigned char *output )
|
||||
{
|
||||
return mbedtls_sha256_ret( input, ilen, output, true );
|
||||
}
|
||||
|
||||
noinstrument int mbedtls_sha256_ret_256( const void *input, size_t ilen, void *output )
|
||||
noinstrument int mbedtls_sha256_ret_256( const void *input, size_t ilen, unsigned char *output )
|
||||
{
|
||||
return mbedtls_sha256_ret( input, ilen, output, false );
|
||||
}
|
||||
|
|
|
|||
2
third_party/mbedtls/sha256.h
vendored
2
third_party/mbedtls/sha256.h
vendored
|
|
@ -31,6 +31,8 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *, const unsigned char *,
|
|||
int mbedtls_sha256_finish_ret( mbedtls_sha256_context *, unsigned char[32] );
|
||||
int mbedtls_internal_sha256_process( mbedtls_sha256_context *, const unsigned char[64] );
|
||||
int mbedtls_sha256_ret( const void *, size_t, unsigned char[32], int );
|
||||
int mbedtls_sha256_ret_224( const void *, size_t , unsigned char * );
|
||||
int mbedtls_sha256_ret_256( const void *, size_t , unsigned char * );
|
||||
int mbedtls_sha256_self_test( int );
|
||||
|
||||
/**
|
||||
|
|
|
|||
4
third_party/mbedtls/sha512.c
vendored
4
third_party/mbedtls/sha512.c
vendored
|
|
@ -471,12 +471,12 @@ cleanup:
|
|||
return( ret );
|
||||
}
|
||||
|
||||
noinstrument int mbedtls_sha512_ret_384( const void *input, size_t ilen, void *output )
|
||||
noinstrument int mbedtls_sha512_ret_384( const void *input, size_t ilen, unsigned char *output )
|
||||
{
|
||||
return mbedtls_sha512_ret( input, ilen, output, true );
|
||||
}
|
||||
|
||||
noinstrument int mbedtls_sha512_ret_512( const void *input, size_t ilen, void *output )
|
||||
noinstrument int mbedtls_sha512_ret_512( const void *input, size_t ilen, unsigned char *output )
|
||||
{
|
||||
return mbedtls_sha512_ret( input, ilen, output, false );
|
||||
}
|
||||
|
|
|
|||
2
third_party/mbedtls/sha512.h
vendored
2
third_party/mbedtls/sha512.h
vendored
|
|
@ -33,6 +33,8 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *, const unsigned char *,
|
|||
int mbedtls_sha512_finish_ret( mbedtls_sha512_context *, unsigned char[64] );
|
||||
int mbedtls_internal_sha512_process( mbedtls_sha512_context *, const unsigned char[128] );
|
||||
int mbedtls_sha512_ret( const void *, size_t, unsigned char[64], int );
|
||||
int mbedtls_sha512_ret_384( const void *, size_t, unsigned char * );
|
||||
int mbedtls_sha512_ret_512( const void *, size_t, unsigned char * );
|
||||
int mbedtls_sha512_self_test( int );
|
||||
|
||||
/**
|
||||
|
|
|
|||
42
third_party/mbedtls/ssl_ciphersuites.c
vendored
42
third_party/mbedtls/ssl_ciphersuites.c
vendored
|
|
@ -26,8 +26,8 @@ Mbed TLS (Apache 2.0)\\n\
|
|||
Copyright ARM Limited\\n\
|
||||
Copyright Mbed TLS Contributors\"");
|
||||
asm(".include \"libc/disclaimer.inc\"");
|
||||
|
||||
/* clang-format off */
|
||||
|
||||
/*
|
||||
* CRYPTOGRAPHY 101
|
||||
*
|
||||
|
|
@ -50,69 +50,69 @@ static const uint16_t ciphersuite_preference[] =
|
|||
|
||||
#ifdef MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED
|
||||
/* strong perfect forward secrecy */
|
||||
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM,
|
||||
MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM,
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM,
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
|
||||
MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
||||
MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
|
||||
MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
#endif
|
||||
|
||||
#ifdef MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
|
||||
MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
|
||||
MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
|
||||
MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
|
||||
#endif
|
||||
|
||||
#ifdef MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED
|
||||
MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
|
||||
MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256,
|
||||
MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
|
||||
MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
|
||||
MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA,
|
||||
MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
|
||||
MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||
MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA,
|
||||
#endif
|
||||
|
||||
#ifdef MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
|
||||
MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256,
|
||||
MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
|
||||
MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
|
||||
MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
|
||||
MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
|
||||
MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384,
|
||||
MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA,
|
||||
|
|
|
|||
6
third_party/mbedtls/ssl_msg.c
vendored
6
third_party/mbedtls/ssl_msg.c
vendored
|
|
@ -1270,9 +1270,13 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_ssl_cf_hmac(
|
|||
MD_CHK( mbedtls_md_update( ctx, data, min_data_len ) );
|
||||
|
||||
#if 1
|
||||
/*
|
||||
* This code path strengthens the server against DOS attacks by
|
||||
* weakening Internet Explorer sessions against Lucky Thirteen.
|
||||
*/
|
||||
MD_CHK( mbedtls_md_update( ctx, data + min_data_len, data_len_secret - min_data_len ) );
|
||||
MD_CHK( mbedtls_md_finish( ctx, output ) );
|
||||
#else /* come on! */
|
||||
#else
|
||||
mbedtls_md_context_t aux;
|
||||
mbedtls_md_init( &aux );
|
||||
MD_CHK( mbedtls_md_setup( &aux, ctx->md_info, 0 ) );
|
||||
|
|
|
|||
6
third_party/mbedtls/ssl_tls.c
vendored
6
third_party/mbedtls/ssl_tls.c
vendored
|
|
@ -7597,20 +7597,14 @@ static uint8_t ssl_preset_default_hashes[] = {
|
|||
|
||||
static uint16_t ssl_preset_suiteb_ciphersuites[] = {
|
||||
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
0
|
||||
};
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
static uint8_t ssl_preset_suiteb_hashes[] = {
|
||||
MBEDTLS_MD_SHA384,
|
||||
MBEDTLS_MD_SHA256,
|
||||
MBEDTLS_MD_NONE
|
||||
};
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -25,9 +25,6 @@ OID get Ext Key Usage - id-kp-timeStamping
|
|||
OID get Ext Key Usage - id-kp-OCSPSigning
|
||||
1:hex:"2B06010505070309":char*:"OCSP Signing"
|
||||
|
||||
OID get Ext Key Usage - id-kp-wisun-fan-device
|
||||
1:hex:"2B0601040182E42501":char*:"Wi-SUN Alliance Field Area Network (FAN)"
|
||||
|
||||
OID get Ext Key Usage invalid oid
|
||||
1:hex:"5533445566":char*:""
|
||||
|
||||
|
|
|
|||
|
|
@ -98,10 +98,6 @@ X509 CRT information EC, SHA256 Digest, hardware module name SAN
|
|||
depends_on:0:10:11:6
|
||||
1:char*:"zip:third_party/mbedtls/test/data/server5-othername.crt":char*:"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nissued on \: 2019-03-24 09\:06\:02\nexpires on \: 2029-03-21 09\:06\:02\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 123456\n"
|
||||
|
||||
X509 CRT information EC, SHA256 Digest, Wisun Fan device
|
||||
depends_on:0:10:11:6
|
||||
1:char*:"zip:third_party/mbedtls/test/data/server5-fan.crt":char*:"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS FAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS FAN\nissued on \: 2019-03-25 09\:03\:46\nexpires on \: 2029-03-22 09\:03\:46\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\next key usage \: Wi-SUN Alliance Field Area Network (FAN)\n"
|
||||
|
||||
X509 CRT information, NS Cert Type
|
||||
depends_on:0:1:2
|
||||
1:char*:"zip:third_party/mbedtls/test/data/server1.cert_type.crt":char*:"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\ncert. type \: SSL Server\n"
|
||||
|
|
|
|||
|
|
@ -248,9 +248,15 @@ SECURITY
|
|||
|
||||
Your redbean has been secured with algorithms so strong that, until a
|
||||
few decades ago, it was illegal to share them with with those outside
|
||||
the United States. By default, your redbean uses Suite C cryptography
|
||||
since it goes a little bit faster. If you want stronger Suite B stuff
|
||||
then you can pass the -B flag.
|
||||
the United States. By default your redbean offers roughly 128 bits of
|
||||
security with modern clients but will fall back to at minimum 112 bit
|
||||
security depending on the preferences of legacy and iot clients. Both
|
||||
are secure based on public knowledge until 2030 according to NIST. If
|
||||
you'd rather restrict yourself to just 150+ bits of security but with
|
||||
the tradeoff of dropping support for old Internet Explorer and making
|
||||
embedded clients less happy, then pass the -B flag, which'll restrict
|
||||
redbean to a very short list of protocols, algorithms, and parameters
|
||||
that the NSA, NIST, and IANA all agree upon.
|
||||
|
||||
SSL verbosity is controlled as follows for troubleshooting:
|
||||
|
||||
|
|
|
|||
|
|
@ -142,7 +142,7 @@
|
|||
#define REDBEAN "redbean"
|
||||
#endif
|
||||
|
||||
#define VERSION 0x010400
|
||||
#define VERSION 0x010400
|
||||
#define HASH_LOAD_FACTOR /* 1. / */ 4
|
||||
#define read(F, P, N) readv(F, &(struct iovec){P, N}, 1)
|
||||
#define write(F, P, N) writev(F, &(struct iovec){P, N}, 1)
|
||||
|
|
@ -307,6 +307,7 @@ static bool usessl;
|
|||
static bool suiteb;
|
||||
static bool killed;
|
||||
static bool istext;
|
||||
static bool ishtml;
|
||||
static bool zombied;
|
||||
static bool gzipped;
|
||||
static bool branded;
|
||||
|
|
@ -378,6 +379,7 @@ static struct Strings stagedirs;
|
|||
static struct Strings hidepaths;
|
||||
static mbedtls_x509_crt *cachain;
|
||||
static const char *launchbrowser;
|
||||
static const char *referrerpolicy;
|
||||
static ssize_t (*generator)(struct iovec[3]);
|
||||
|
||||
static struct Buffer inbuf;
|
||||
|
|
@ -961,7 +963,8 @@ static void ProgramCache(long x) {
|
|||
}
|
||||
|
||||
static void SetDefaults(void) {
|
||||
ProgramBrand(gc(xasprintf("%s/%hhd.%hhd", REDBEAN, VERSION>>020, VERSION>>010)));
|
||||
ProgramBrand(
|
||||
gc(xasprintf("%s/%hhd.%hhd", REDBEAN, VERSION >> 020, VERSION >> 010)));
|
||||
__log_level = kLogInfo;
|
||||
maxpayloadsize = 64 * 1024;
|
||||
ProgramCache(-1);
|
||||
|
|
@ -2191,9 +2194,12 @@ static char *AppendContentType(char *p, const char *ct) {
|
|||
p = stpcpy(p, ct);
|
||||
if (startswith(ct, "text/")) {
|
||||
istext = true;
|
||||
if (!strchr(ct, ';')) {
|
||||
if (!strchr(ct + 5, ';')) {
|
||||
p = stpcpy(p, "; charset=utf-8");
|
||||
}
|
||||
if (!referrerpolicy && startswith(ct + 5, "html")) {
|
||||
referrerpolicy = "no-referrer-when-downgrade";
|
||||
}
|
||||
}
|
||||
return AppendCrlf(p);
|
||||
}
|
||||
|
|
@ -2789,7 +2795,7 @@ static void LaunchBrowser(const char *path) {
|
|||
if ((prog = commandv(GetSystemUrlLauncherCommand(), gc(malloc(PATH_MAX))))) {
|
||||
u = gc(xasprintf("http://%s:%d%s", inet_ntoa(addr),
|
||||
ntohs(serveraddr->sin_port), gc(EscapePath(path, -1, 0))));
|
||||
DEBUGF("opening browser with command %s %s\n", prog, u);
|
||||
DEBUGF("opening browser with command %s %s", prog, u);
|
||||
ignore.sa_flags = 0;
|
||||
ignore.sa_handler = SIG_IGN;
|
||||
sigemptyset(&ignore.sa_mask);
|
||||
|
|
@ -3708,13 +3714,13 @@ static int LuaFetch(lua_State *L) {
|
|||
*/
|
||||
urlarg = luaL_checklstring(L, 1, &urlarglen);
|
||||
if (lua_istable(L, 2)) {
|
||||
lua_settop(L, 2); // discard any extra arguments
|
||||
lua_settop(L, 2); // discard any extra arguments
|
||||
lua_getfield(L, 2, "body");
|
||||
body = luaL_optlstring(L, -1, "", &bodylen);
|
||||
lua_getfield(L, 2, "method");
|
||||
// use GET by default if no method is provided
|
||||
method = strtoupper(luaL_optstring(L, -1, kHttpMethod[kHttpGet]));
|
||||
lua_settop(L, 2); // drop all added elements to keep the stack balanced
|
||||
lua_settop(L, 2); // drop all added elements to keep the stack balanced
|
||||
} else if (lua_isnoneornil(L, 2)) {
|
||||
body = "";
|
||||
bodylen = 0;
|
||||
|
|
@ -3725,10 +3731,11 @@ static int LuaFetch(lua_State *L) {
|
|||
}
|
||||
// provide Content-Length header unless it's zero and not expected
|
||||
methodidx = GetHttpMethod(method, -1);
|
||||
if (bodylen > 0 ||
|
||||
!(methodidx == kHttpGet || methodidx == kHttpHead ||
|
||||
methodidx == kHttpTrace || methodidx == kHttpDelete || methodidx == kHttpConnect))
|
||||
if (bodylen > 0 || !(methodidx == kHttpGet || methodidx == kHttpHead ||
|
||||
methodidx == kHttpTrace || methodidx == kHttpDelete ||
|
||||
methodidx == kHttpConnect)) {
|
||||
conlenhdr = gc(xasprintf("Content-Length: %zu\r\n", bodylen));
|
||||
}
|
||||
|
||||
/*
|
||||
* Parse URL.
|
||||
|
|
@ -3786,9 +3793,8 @@ static int LuaFetch(lua_State *L) {
|
|||
"User-Agent: %s\r\n"
|
||||
"%s"
|
||||
"\r\n%s",
|
||||
method, gc(EncodeUrl(&url, 0)),
|
||||
host, port,
|
||||
brand, conlenhdr, body));
|
||||
method, gc(EncodeUrl(&url, 0)), host, port, brand,
|
||||
conlenhdr, body));
|
||||
requestlen = strlen(request);
|
||||
|
||||
/*
|
||||
|
|
@ -4272,6 +4278,9 @@ static int LuaSetHeader(lua_State *L) {
|
|||
branded = true;
|
||||
p = AppendHeader(p, "Server", eval);
|
||||
break;
|
||||
case kHttpReferrerPolicy:
|
||||
referrerpolicy = FreeLater(strdup(eval));
|
||||
break;
|
||||
default:
|
||||
p = AppendHeader(p, key, eval);
|
||||
break;
|
||||
|
|
@ -4574,22 +4583,6 @@ static int LuaVisualizeControlCodes(lua_State *L) {
|
|||
return LuaCoder(L, VisualizeControlCodes);
|
||||
}
|
||||
|
||||
static int Sha224(const void *p, size_t n, uint8_t d[28]) {
|
||||
return mbedtls_sha256_ret(p, n, d, 1);
|
||||
}
|
||||
|
||||
static int Sha256(const void *p, size_t n, uint8_t d[32]) {
|
||||
return mbedtls_sha256_ret(p, n, d, 0);
|
||||
}
|
||||
|
||||
static int Sha384(const void *p, size_t n, uint8_t d[48]) {
|
||||
return mbedtls_sha512_ret(p, n, d, 1);
|
||||
}
|
||||
|
||||
static int Sha512(const void *p, size_t n, uint8_t d[64]) {
|
||||
return mbedtls_sha512_ret(p, n, d, 0);
|
||||
}
|
||||
|
||||
static noinline int LuaHasherImpl(lua_State *L, size_t k,
|
||||
int H(const void *, size_t, uint8_t *)) {
|
||||
void *p;
|
||||
|
|
@ -4616,19 +4609,19 @@ static int LuaSha1(lua_State *L) {
|
|||
}
|
||||
|
||||
static int LuaSha224(lua_State *L) {
|
||||
return LuaHasher(L, 28, Sha224);
|
||||
return LuaHasher(L, 28, mbedtls_sha256_ret_224);
|
||||
}
|
||||
|
||||
static int LuaSha256(lua_State *L) {
|
||||
return LuaHasher(L, 32, Sha256);
|
||||
return LuaHasher(L, 32, mbedtls_sha256_ret_256);
|
||||
}
|
||||
|
||||
static int LuaSha384(lua_State *L) {
|
||||
return LuaHasher(L, 48, Sha384);
|
||||
return LuaHasher(L, 48, mbedtls_sha512_ret_384);
|
||||
}
|
||||
|
||||
static int LuaSha512(lua_State *L) {
|
||||
return LuaHasher(L, 64, Sha512);
|
||||
return LuaHasher(L, 64, mbedtls_sha512_ret_512);
|
||||
}
|
||||
|
||||
static int LuaGetHttpReason(lua_State *L) {
|
||||
|
|
@ -6107,6 +6100,11 @@ static bool HandleMessage(void) {
|
|||
DEBUGF("%`'.*s latency %,ldµs", msg.uri.b - msg.uri.a, inbuf.p + msg.uri.a,
|
||||
(long)((nowl() - startrequest) * 1e6L));
|
||||
}
|
||||
if (referrerpolicy) {
|
||||
p = stpcpy(p, "Referrer-Policy: ");
|
||||
p = stpcpy(p, referrerpolicy);
|
||||
p = stpcpy(p, "\r\n");
|
||||
}
|
||||
LockInc(&shared->c.messageshandled);
|
||||
++messageshandled;
|
||||
if (!generator) {
|
||||
|
|
@ -6127,6 +6125,7 @@ static void InitRequest(void) {
|
|||
generator = 0;
|
||||
luaheaderp = 0;
|
||||
contentlength = 0;
|
||||
referrerpolicy = 0;
|
||||
InitHttpMessage(&msg, kHttpRequest);
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue