summaryrefslogtreecommitdiff
path: root/deps/openssl/openssl/crypto/modes
diff options
context:
space:
mode:
Diffstat (limited to 'deps/openssl/openssl/crypto/modes')
-rw-r--r--deps/openssl/openssl/crypto/modes/asm/ghash-armv4.pl9
-rw-r--r--deps/openssl/openssl/crypto/modes/asm/ghashv8-armx.pl4
-rw-r--r--deps/openssl/openssl/crypto/modes/build.info2
-rw-r--r--deps/openssl/openssl/crypto/modes/modes_lcl.h17
-rw-r--r--deps/openssl/openssl/crypto/modes/ocb128.c123
5 files changed, 77 insertions, 78 deletions
diff --git a/deps/openssl/openssl/crypto/modes/asm/ghash-armv4.pl b/deps/openssl/openssl/crypto/modes/asm/ghash-armv4.pl
index 7d880c94a7..1cf14a6c9f 100644
--- a/deps/openssl/openssl/crypto/modes/asm/ghash-armv4.pl
+++ b/deps/openssl/openssl/crypto/modes/asm/ghash-armv4.pl
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -145,6 +145,8 @@ $code=<<___;
.text
#if defined(__thumb2__) || defined(__clang__)
.syntax unified
+#define ldrplb ldrbpl
+#define ldrneb ldrbne
#endif
#if defined(__thumb2__)
.thumb
@@ -152,11 +154,6 @@ $code=<<___;
.code 32
#endif
-#ifdef __clang__
-#define ldrplb ldrbpl
-#define ldrneb ldrbne
-#endif
-
.type rem_4bit,%object
.align 5
rem_4bit:
diff --git a/deps/openssl/openssl/crypto/modes/asm/ghashv8-armx.pl b/deps/openssl/openssl/crypto/modes/asm/ghashv8-armx.pl
index dcd5f595d2..e13c709019 100644
--- a/deps/openssl/openssl/crypto/modes/asm/ghashv8-armx.pl
+++ b/deps/openssl/openssl/crypto/modes/asm/ghashv8-armx.pl
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -64,6 +64,7 @@ my ($t0,$t1,$t2,$xC2,$H,$Hhl,$H2)=map("q$_",(8..14));
$code=<<___;
#include "arm_arch.h"
+#if __ARM_MAX_ARCH__>=7
.text
___
$code.=".arch armv8-a+crypto\n" if ($flavour =~ /64/);
@@ -351,6 +352,7 @@ ___
$code.=<<___;
.asciz "GHASH for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
.align 2
+#endif
___
if ($flavour =~ /64/) { ######## 64-bit code
diff --git a/deps/openssl/openssl/crypto/modes/build.info b/deps/openssl/openssl/crypto/modes/build.info
index b794c5041a..38195c44a5 100644
--- a/deps/openssl/openssl/crypto/modes/build.info
+++ b/deps/openssl/openssl/crypto/modes/build.info
@@ -19,8 +19,6 @@ GENERATE[ghash-armv4.S]=asm/ghash-armv4.pl $(PERLASM_SCHEME)
INCLUDE[ghash-armv4.o]=..
GENERATE[ghashv8-armx.S]=asm/ghashv8-armx.pl $(PERLASM_SCHEME)
INCLUDE[ghashv8-armx.o]=..
-GENERATE[ghash-s390x.S]=asm/ghash-s390x.pl $(PERLASM_SCHEME)
-INCLUDE[ghash-s390x.o]=..
BEGINRAW[Makefile]
# GNU make "catch all"
diff --git a/deps/openssl/openssl/crypto/modes/modes_lcl.h b/deps/openssl/openssl/crypto/modes/modes_lcl.h
index 7a1603bf90..4fc32e190f 100644
--- a/deps/openssl/openssl/crypto/modes/modes_lcl.h
+++ b/deps/openssl/openssl/crypto/modes/modes_lcl.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -174,12 +174,13 @@ struct ocb128_context {
OCB_BLOCK l_dollar;
OCB_BLOCK *l;
/* Must be reset for each session */
- u64 blocks_hashed;
- u64 blocks_processed;
- OCB_BLOCK tag;
- OCB_BLOCK offset_aad;
- OCB_BLOCK sum;
- OCB_BLOCK offset;
- OCB_BLOCK checksum;
+ struct {
+ u64 blocks_hashed;
+ u64 blocks_processed;
+ OCB_BLOCK offset_aad;
+ OCB_BLOCK sum;
+ OCB_BLOCK offset;
+ OCB_BLOCK checksum;
+ } sess;
};
#endif /* OPENSSL_NO_OCB */
diff --git a/deps/openssl/openssl/crypto/modes/ocb128.c b/deps/openssl/openssl/crypto/modes/ocb128.c
index db794d0854..fc92b246bd 100644
--- a/deps/openssl/openssl/crypto/modes/ocb128.c
+++ b/deps/openssl/openssl/crypto/modes/ocb128.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -236,6 +236,9 @@ int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv,
return -1;
}
+ /* Reset nonce-dependent variables */
+ memset(&ctx->sess, 0, sizeof(ctx->sess));
+
/* Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N */
nonce[0] = ((taglen * 8) % 128) << 1;
memset(nonce + 1, 0, 15);
@@ -256,10 +259,10 @@ int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv,
/* Offset_0 = Stretch[1+bottom..128+bottom] */
shift = bottom % 8;
- ocb_block_lshift(stretch + (bottom / 8), shift, ctx->offset.c);
+ ocb_block_lshift(stretch + (bottom / 8), shift, ctx->sess.offset.c);
mask = 0xff;
mask <<= 8 - shift;
- ctx->offset.c[15] |=
+ ctx->sess.offset.c[15] |=
(*(stretch + (bottom / 8) + 16) & mask) >> (8 - shift);
return 1;
@@ -278,25 +281,25 @@ int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad,
/* Calculate the number of blocks of AAD provided now, and so far */
num_blocks = len / 16;
- all_num_blocks = num_blocks + ctx->blocks_hashed;
+ all_num_blocks = num_blocks + ctx->sess.blocks_hashed;
/* Loop through all full blocks of AAD */
- for (i = ctx->blocks_hashed + 1; i <= all_num_blocks; i++) {
+ for (i = ctx->sess.blocks_hashed + 1; i <= all_num_blocks; i++) {
OCB_BLOCK *lookup;
/* Offset_i = Offset_{i-1} xor L_{ntz(i)} */
lookup = ocb_lookup_l(ctx, ocb_ntz(i));
if (lookup == NULL)
return 0;
- ocb_block16_xor(&ctx->offset_aad, lookup, &ctx->offset_aad);
+ ocb_block16_xor(&ctx->sess.offset_aad, lookup, &ctx->sess.offset_aad);
memcpy(tmp.c, aad, 16);
aad += 16;
/* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */
- ocb_block16_xor(&ctx->offset_aad, &tmp, &tmp);
+ ocb_block16_xor(&ctx->sess.offset_aad, &tmp, &tmp);
ctx->encrypt(tmp.c, tmp.c, ctx->keyenc);
- ocb_block16_xor(&tmp, &ctx->sum, &ctx->sum);
+ ocb_block16_xor(&tmp, &ctx->sess.sum, &ctx->sess.sum);
}
/*
@@ -307,20 +310,21 @@ int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad,
if (last_len > 0) {
/* Offset_* = Offset_m xor L_* */
- ocb_block16_xor(&ctx->offset_aad, &ctx->l_star, &ctx->offset_aad);
+ ocb_block16_xor(&ctx->sess.offset_aad, &ctx->l_star,
+ &ctx->sess.offset_aad);
/* CipherInput = (A_* || 1 || zeros(127-bitlen(A_*))) xor Offset_* */
memset(tmp.c, 0, 16);
memcpy(tmp.c, aad, last_len);
tmp.c[last_len] = 0x80;
- ocb_block16_xor(&ctx->offset_aad, &tmp, &tmp);
+ ocb_block16_xor(&ctx->sess.offset_aad, &tmp, &tmp);
/* Sum = Sum_m xor ENCIPHER(K, CipherInput) */
ctx->encrypt(tmp.c, tmp.c, ctx->keyenc);
- ocb_block16_xor(&tmp, &ctx->sum, &ctx->sum);
+ ocb_block16_xor(&tmp, &ctx->sess.sum, &ctx->sess.sum);
}
- ctx->blocks_hashed = all_num_blocks;
+ ctx->sess.blocks_hashed = all_num_blocks;
return 1;
}
@@ -341,7 +345,7 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx,
* so far
*/
num_blocks = len / 16;
- all_num_blocks = num_blocks + ctx->blocks_processed;
+ all_num_blocks = num_blocks + ctx->sess.blocks_processed;
if (num_blocks && all_num_blocks == (size_t)all_num_blocks
&& ctx->stream != NULL) {
@@ -357,11 +361,11 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx,
return 0;
ctx->stream(in, out, num_blocks, ctx->keyenc,
- (size_t)ctx->blocks_processed + 1, ctx->offset.c,
- (const unsigned char (*)[16])ctx->l, ctx->checksum.c);
+ (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c,
+ (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c);
} else {
/* Loop through all full blocks to be encrypted */
- for (i = ctx->blocks_processed + 1; i <= all_num_blocks; i++) {
+ for (i = ctx->sess.blocks_processed + 1; i <= all_num_blocks; i++) {
OCB_BLOCK *lookup;
OCB_BLOCK tmp;
@@ -369,18 +373,18 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx,
lookup = ocb_lookup_l(ctx, ocb_ntz(i));
if (lookup == NULL)
return 0;
- ocb_block16_xor(&ctx->offset, lookup, &ctx->offset);
+ ocb_block16_xor(&ctx->sess.offset, lookup, &ctx->sess.offset);
memcpy(tmp.c, in, 16);
in += 16;
/* Checksum_i = Checksum_{i-1} xor P_i */
- ocb_block16_xor(&tmp, &ctx->checksum, &ctx->checksum);
+ ocb_block16_xor(&tmp, &ctx->sess.checksum, &ctx->sess.checksum);
/* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */
- ocb_block16_xor(&ctx->offset, &tmp, &tmp);
+ ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp);
ctx->encrypt(tmp.c, tmp.c, ctx->keyenc);
- ocb_block16_xor(&ctx->offset, &tmp, &tmp);
+ ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp);
memcpy(out, tmp.c, 16);
out += 16;
@@ -397,10 +401,10 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx,
OCB_BLOCK pad;
/* Offset_* = Offset_m xor L_* */
- ocb_block16_xor(&ctx->offset, &ctx->l_star, &ctx->offset);
+ ocb_block16_xor(&ctx->sess.offset, &ctx->l_star, &ctx->sess.offset);
/* Pad = ENCIPHER(K, Offset_*) */
- ctx->encrypt(ctx->offset.c, pad.c, ctx->keyenc);
+ ctx->encrypt(ctx->sess.offset.c, pad.c, ctx->keyenc);
/* C_* = P_* xor Pad[1..bitlen(P_*)] */
ocb_block_xor(in, pad.c, last_len, out);
@@ -409,10 +413,10 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx,
memset(pad.c, 0, 16); /* borrow pad */
memcpy(pad.c, in, last_len);
pad.c[last_len] = 0x80;
- ocb_block16_xor(&pad, &ctx->checksum, &ctx->checksum);
+ ocb_block16_xor(&pad, &ctx->sess.checksum, &ctx->sess.checksum);
}
- ctx->blocks_processed = all_num_blocks;
+ ctx->sess.blocks_processed = all_num_blocks;
return 1;
}
@@ -433,7 +437,7 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx,
* so far
*/
num_blocks = len / 16;
- all_num_blocks = num_blocks + ctx->blocks_processed;
+ all_num_blocks = num_blocks + ctx->sess.blocks_processed;
if (num_blocks && all_num_blocks == (size_t)all_num_blocks
&& ctx->stream != NULL) {
@@ -449,30 +453,30 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx,
return 0;
ctx->stream(in, out, num_blocks, ctx->keydec,
- (size_t)ctx->blocks_processed + 1, ctx->offset.c,
- (const unsigned char (*)[16])ctx->l, ctx->checksum.c);
+ (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c,
+ (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c);
} else {
OCB_BLOCK tmp;
/* Loop through all full blocks to be decrypted */
- for (i = ctx->blocks_processed + 1; i <= all_num_blocks; i++) {
+ for (i = ctx->sess.blocks_processed + 1; i <= all_num_blocks; i++) {
/* Offset_i = Offset_{i-1} xor L_{ntz(i)} */
OCB_BLOCK *lookup = ocb_lookup_l(ctx, ocb_ntz(i));
if (lookup == NULL)
return 0;
- ocb_block16_xor(&ctx->offset, lookup, &ctx->offset);
+ ocb_block16_xor(&ctx->sess.offset, lookup, &ctx->sess.offset);
memcpy(tmp.c, in, 16);
in += 16;
/* P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) */
- ocb_block16_xor(&ctx->offset, &tmp, &tmp);
+ ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp);
ctx->decrypt(tmp.c, tmp.c, ctx->keydec);
- ocb_block16_xor(&ctx->offset, &tmp, &tmp);
+ ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp);
/* Checksum_i = Checksum_{i-1} xor P_i */
- ocb_block16_xor(&tmp, &ctx->checksum, &ctx->checksum);
+ ocb_block16_xor(&tmp, &ctx->sess.checksum, &ctx->sess.checksum);
memcpy(out, tmp.c, 16);
out += 16;
@@ -489,10 +493,10 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx,
OCB_BLOCK pad;
/* Offset_* = Offset_m xor L_* */
- ocb_block16_xor(&ctx->offset, &ctx->l_star, &ctx->offset);
+ ocb_block16_xor(&ctx->sess.offset, &ctx->l_star, &ctx->sess.offset);
/* Pad = ENCIPHER(K, Offset_*) */
- ctx->encrypt(ctx->offset.c, pad.c, ctx->keyenc);
+ ctx->encrypt(ctx->sess.offset.c, pad.c, ctx->keyenc);
/* P_* = C_* xor Pad[1..bitlen(C_*)] */
ocb_block_xor(in, pad.c, last_len, out);
@@ -501,39 +505,46 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx,
memset(pad.c, 0, 16); /* borrow pad */
memcpy(pad.c, out, last_len);
pad.c[last_len] = 0x80;
- ocb_block16_xor(&pad, &ctx->checksum, &ctx->checksum);
+ ocb_block16_xor(&pad, &ctx->sess.checksum, &ctx->sess.checksum);
}
- ctx->blocks_processed = all_num_blocks;
+ ctx->sess.blocks_processed = all_num_blocks;
return 1;
}
-/*
- * Calculate the tag and verify it against the supplied tag
- */
-int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag,
- size_t len)
+static int ocb_finish(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len,
+ int write)
{
OCB_BLOCK tmp;
+ if (len > 16 || len < 1) {
+ return -1;
+ }
+
/*
* Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A)
*/
- ocb_block16_xor(&ctx->checksum, &ctx->offset, &tmp);
+ ocb_block16_xor(&ctx->sess.checksum, &ctx->sess.offset, &tmp);
ocb_block16_xor(&ctx->l_dollar, &tmp, &tmp);
ctx->encrypt(tmp.c, tmp.c, ctx->keyenc);
- ocb_block16_xor(&tmp, &ctx->sum, &ctx->tag);
+ ocb_block16_xor(&tmp, &ctx->sess.sum, &tmp);
- if (len > 16 || len < 1) {
- return -1;
+ if (write) {
+ memcpy(tag, &tmp, len);
+ return 1;
+ } else {
+ return CRYPTO_memcmp(&tmp, tag, len);
}
+}
- /* Compare the tag if we've been given one */
- if (tag)
- return CRYPTO_memcmp(&ctx->tag, tag, len);
- else
- return -1;
+/*
+ * Calculate the tag and verify it against the supplied tag
+ */
+int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag,
+ size_t len)
+{
+ return ocb_finish(ctx, (unsigned char*)tag, len, 0);
}
/*
@@ -541,17 +552,7 @@ int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag,
*/
int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len)
{
- if (len > 16 || len < 1) {
- return -1;
- }
-
- /* Calculate the tag */
- CRYPTO_ocb128_finish(ctx, NULL, 0);
-
- /* Copy the tag into the supplied buffer */
- memcpy(tag, ctx->tag.c, len);
-
- return 1;
+ return ocb_finish(ctx, tag, len, 1);
}
/*
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-19 10:13:38 +0000