summaryrefslogtreecommitdiff
path: root/main
diff options
context:
space:
mode:
authorArne Schwabe <arne@rfc2549.org>2015-02-12 22:22:25 +0100
committerArne Schwabe <arne@rfc2549.org>2015-02-12 22:22:25 +0100
commit9f0928c6593f937a17b7974b04051c57e3874b20 (patch)
tree1aaffa07a5c177fef2c1386f1850a688045bec2e /main
parent68d26e1b1b5b411adce714c88532fc8889289f34 (diff)
Update OpenSSL to AOSP -master
Diffstat (limited to 'main')
-rw-r--r--main/openssl/Apps-config-host.mk24
-rw-r--r--main/openssl/Apps-config-target.mk28
-rw-r--r--main/openssl/CleanSpec.mk2
-rw-r--r--main/openssl/Crypto-config-host.mk32
-rw-r--r--main/openssl/Crypto-config-target.mk36
-rw-r--r--main/openssl/Crypto-config-trusty.mk31
-rw-r--r--main/openssl/Crypto.mk4
-rw-r--r--main/openssl/Ssl-config-host.mk27
-rw-r--r--main/openssl/Ssl-config-target.mk31
-rw-r--r--main/openssl/apps/ca.c2
-rw-r--r--main/openssl/apps/dgst.c2
-rw-r--r--main/openssl/apps/ocsp.c98
-rw-r--r--main/openssl/apps/openssl.c5
-rw-r--r--main/openssl/apps/s_client.c22
-rw-r--r--main/openssl/apps/s_server.c22
-rw-r--r--main/openssl/apps/s_time.c6
-rw-r--r--main/openssl/apps/speed.c23
-rw-r--r--main/openssl/build-config-32.mk2
-rw-r--r--main/openssl/build-config-64.mk2
-rw-r--r--main/openssl/build-config-trusty.mk2
-rw-r--r--main/openssl/crypto/LPdir_win.c2
-rw-r--r--main/openssl/crypto/aes/asm/aes-mips.pl2
-rw-r--r--main/openssl/crypto/armcap.c8
-rw-r--r--main/openssl/crypto/asn1/a_bitstr.c7
-rw-r--r--main/openssl/crypto/asn1/a_type.c2
-rw-r--r--main/openssl/crypto/asn1/a_verify.c12
-rw-r--r--main/openssl/crypto/asn1/asn1.h4
-rw-r--r--main/openssl/crypto/asn1/asn1_err.c4
-rw-r--r--main/openssl/crypto/asn1/tasn_dec.c8
-rw-r--r--main/openssl/crypto/asn1/x_algor.c11
-rw-r--r--main/openssl/crypto/asn1/x_name.c2
-rw-r--r--main/openssl/crypto/bio/bio.h4
-rw-r--r--main/openssl/crypto/bio/bss_dgram.c158
-rw-r--r--main/openssl/crypto/bn/asm/bn-mips.S592
-rw-r--r--main/openssl/crypto/bn/asm/mips.pl611
-rw-r--r--main/openssl/crypto/bn/asm/mips3.S2201
-rw-r--r--main/openssl/crypto/bn/asm/x86_64-gcc.c34
-rw-r--r--main/openssl/crypto/bn/bn.h4
-rw-r--r--main/openssl/crypto/bn/bn_asm.c16
-rw-r--r--main/openssl/crypto/bn/bn_ctx.c2
-rw-r--r--main/openssl/crypto/bn/bn_div.c8
-rw-r--r--main/openssl/crypto/bn/bntest.c178
-rw-r--r--main/openssl/crypto/constant_time_locl.h18
-rw-r--r--main/openssl/crypto/cversion.c15
-rw-r--r--main/openssl/crypto/dsa/dsa_asn1.c14
-rw-r--r--main/openssl/crypto/dso/dso_dlfcn.c6
-rw-r--r--main/openssl/crypto/ec/ec_lib.c2
-rw-r--r--main/openssl/crypto/ec/ec_mult.c7
-rw-r--r--main/openssl/crypto/ec/ec_pmeth.c6
-rw-r--r--main/openssl/crypto/ec/ectest.c4
-rw-r--r--main/openssl/crypto/ecdsa/ecs_vrf.c15
-rw-r--r--main/openssl/crypto/engine/eng_dyn.c3
-rw-r--r--main/openssl/crypto/evp/e_des3.c22
-rw-r--r--main/openssl/crypto/evp/evp_enc.c58
-rw-r--r--main/openssl/crypto/md32_common.h6
-rw-r--r--main/openssl/crypto/mem.c12
-rw-r--r--main/openssl/crypto/objects/obj_xref.h3
-rw-r--r--main/openssl/crypto/objects/objxref.pl5
-rw-r--r--main/openssl/crypto/opensslv.h6
-rw-r--r--main/openssl/crypto/rand/rand_win.c61
-rw-r--r--main/openssl/crypto/sha/asm/sha1-mips.pl2
-rw-r--r--main/openssl/crypto/sha/asm/sha512-mips.pl2
-rw-r--r--main/openssl/crypto/x509/x509.h1
-rw-r--r--main/openssl/crypto/x509/x509_vpm.c2
-rw-r--r--main/openssl/crypto/x509/x_all.c2
-rw-r--r--main/openssl/crypto/x509v3/v3_ncons.c2
-rw-r--r--main/openssl/e_os.h31
-rwxr-xr-xmain/openssl/import_openssl.sh36
-rw-r--r--main/openssl/include/openssl/asn1.h4
-rw-r--r--main/openssl/include/openssl/bio.h4
-rw-r--r--main/openssl/include/openssl/bn.h4
-rw-r--r--main/openssl/include/openssl/dtls1.h8
-rw-r--r--main/openssl/include/openssl/opensslv.h6
-rw-r--r--main/openssl/include/openssl/srtp.h4
-rw-r--r--main/openssl/include/openssl/ssl.h30
-rw-r--r--main/openssl/include/openssl/ssl3.h13
-rw-r--r--main/openssl/include/openssl/x509.h1
-rw-r--r--main/openssl/openssl.config24
-rw-r--r--main/openssl/openssl.version2
-rw-r--r--main/openssl/ssl/d1_both.c162
-rw-r--r--main/openssl/ssl/d1_clnt.c25
-rw-r--r--main/openssl/ssl/d1_enc.c3
-rw-r--r--main/openssl/ssl/d1_lib.c38
-rw-r--r--main/openssl/ssl/d1_pkt.c37
-rw-r--r--main/openssl/ssl/d1_srvr.c53
-rw-r--r--main/openssl/ssl/dtls1.h8
-rw-r--r--main/openssl/ssl/kssl.c72
-rw-r--r--main/openssl/ssl/s23_srvr.c7
-rw-r--r--main/openssl/ssl/s2_enc.c12
-rw-r--r--main/openssl/ssl/s2_pkt.c9
-rw-r--r--main/openssl/ssl/s2_srvr.c22
-rw-r--r--main/openssl/ssl/s3_both.c1
-rw-r--r--main/openssl/ssl/s3_clnt.c131
-rw-r--r--main/openssl/ssl/s3_enc.c3
-rw-r--r--main/openssl/ssl/s3_lib.c16
-rw-r--r--main/openssl/ssl/s3_meth.c5
-rw-r--r--main/openssl/ssl/s3_pkt.c5
-rw-r--r--main/openssl/ssl/s3_srvr.c142
-rw-r--r--main/openssl/ssl/srtp.h4
-rw-r--r--main/openssl/ssl/ssl.h30
-rw-r--r--main/openssl/ssl/ssl3.h13
-rw-r--r--main/openssl/ssl/ssl_cert.c29
-rw-r--r--main/openssl/ssl/ssl_ciph.c12
-rw-r--r--main/openssl/ssl/ssl_lib.c46
-rw-r--r--main/openssl/ssl/ssl_locl.h7
-rw-r--r--main/openssl/ssl/ssl_sess.c16
-rw-r--r--main/openssl/ssl/ssltest.c79
-rw-r--r--main/openssl/ssl/t1_enc.c70
-rw-r--r--main/openssl/ssl/t1_lib.c38
-rw-r--r--main/openvpn/config-version.h2
-rw-r--r--main/openvpn/src/openvpn/ps.c11
-rw-r--r--main/src/main/java/de/blinkt/openvpn/fragments/Settings_Allowed_Apps.java6
-rw-r--r--main/src/main/res/layout/file_dialog_row.xml18
-rw-r--r--main/src/main/res/layout/server_card.xml7
-rwxr-xr-xmain/src/main/res/values/strings.xml3
115 files changed, 2003 insertions, 3851 deletions
diff --git a/main/openssl/Apps-config-host.mk b/main/openssl/Apps-config-host.mk
index c6ebf817..baf5a6a1 100644
--- a/main/openssl/Apps-config-host.mk
+++ b/main/openssl/Apps-config-host.mk
@@ -1,6 +1,6 @@
# Auto-generated - DO NOT EDIT!
# To regenerate, edit openssl.config, then run:
-# ./import_openssl.sh import /path/to/openssl-1.0.1j.tar.gz
+# ./import_openssl.sh import /path/to/openssl-1.0.1l.tar.gz
#
# This script will append to the following variables:
#
@@ -114,6 +114,28 @@ mips_src_files :=
mips_exclude_files :=
+mips64_clang_asflags :=
+
+mips64_cflags :=
+
+mips64_src_files :=
+
+mips64_exclude_files :=
+
+mips32r6_clang_asflags :=
+
+mips32r6_cflags :=
+
+mips32r6_src_files :=
+
+mips32r6_exclude_files :=
+
+
+ifdef ARCH_MIPS_REV6
+mips_cflags := $(mips32r6_cflags)
+mips_src_files := $(mips32r6_src_files)
+mips_exclude_files := $(mips32r6_exclude_files)
+endif
LOCAL_CFLAGS += $(common_cflags)
LOCAL_C_INCLUDES += $(common_c_includes) $(local_c_includes)
diff --git a/main/openssl/Apps-config-target.mk b/main/openssl/Apps-config-target.mk
index fe600c0a..f2bb032d 100644
--- a/main/openssl/Apps-config-target.mk
+++ b/main/openssl/Apps-config-target.mk
@@ -1,6 +1,6 @@
# Auto-generated - DO NOT EDIT!
# To regenerate, edit openssl.config, then run:
-# ./import_openssl.sh import /path/to/openssl-1.0.1j.tar.gz
+# ./import_openssl.sh import /path/to/openssl-1.0.1l.tar.gz
#
# This script will append to the following variables:
#
@@ -114,6 +114,28 @@ mips_src_files :=
mips_exclude_files :=
+mips64_clang_asflags :=
+
+mips64_cflags :=
+
+mips64_src_files :=
+
+mips64_exclude_files :=
+
+mips32r6_clang_asflags :=
+
+mips32r6_cflags :=
+
+mips32r6_src_files :=
+
+mips32r6_exclude_files :=
+
+
+ifdef ARCH_MIPS_REV6
+mips_cflags := $(mips32r6_cflags)
+mips_src_files := $(mips32r6_src_files)
+mips_exclude_files := $(mips32r6_exclude_files)
+endif
LOCAL_CFLAGS += $(common_cflags)
LOCAL_C_INCLUDES += $(common_c_includes)
@@ -137,3 +159,7 @@ LOCAL_CLANG_ASFLAGS_x86_64 += $(x86_64_clang_asflags)
LOCAL_SRC_FILES_mips += $(filter-out $(mips_exclude_files),$(common_src_files) $(mips_src_files))
LOCAL_CFLAGS_mips += $(mips_cflags)
LOCAL_CLANG_ASFLAGS_mips += $(mips_clang_asflags)
+
+LOCAL_SRC_FILES_mips64 += $(filter-out $(mips64_exclude_files),$(common_src_files) $(mips64_src_files))
+LOCAL_CFLAGS_mips64 += $(mips64_cflags)
+LOCAL_CLANG_ASFLAGS_mips64 += $(mips64_clang_asflags)
diff --git a/main/openssl/CleanSpec.mk b/main/openssl/CleanSpec.mk
index 3c1f8503..8b33f99f 100644
--- a/main/openssl/CleanSpec.mk
+++ b/main/openssl/CleanSpec.mk
@@ -55,6 +55,8 @@ $(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/SHARED_LIBRARIES/libcrypto_inte
$(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/STATIC_LIBRARIES/libssl_static_intermediates)
$(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/STATIC_LIBRARIES/libcrypto_static_intermediates)
$(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/EXECUTABLES/*ssl*_intermediates $(PRODUCT_OUT)/obj/*/libssl_*intermediates $(PRODUCT_OUT)/obj/*/libcrypto_*intermediates)
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/*/libcrypto*intermediates/export_includes $(PRODUCT_OUT)/obj/*/libssl*intermediates/export_includes $(OUT_DIR)/host/*/obj*/SHARED_LIBRARIES/libcrypto*intermediates/export_includes $(OUT_DIR)/host/*/obj*/SHARED_LIBRARIES/libssl*intermediates/export_includes)
+$(call add-clean-step, rm -rf $(OUT_DIR)/host/*/obj/*/libcrypto*intermediates $(OUT_DIR)/host/*/obj/libssl*intermediates)
# ************************************************
# NEWER CLEAN STEPS MUST BE AT THE END OF THE LIST
diff --git a/main/openssl/Crypto-config-host.mk b/main/openssl/Crypto-config-host.mk
index 61df350e..bcb8e6d4 100644
--- a/main/openssl/Crypto-config-host.mk
+++ b/main/openssl/Crypto-config-host.mk
@@ -1,6 +1,6 @@
# Auto-generated - DO NOT EDIT!
# To regenerate, edit openssl.config, then run:
-# ./import_openssl.sh import /path/to/openssl-1.0.1j.tar.gz
+# ./import_openssl.sh import /path/to/openssl-1.0.1l.tar.gz
#
# This script will append to the following variables:
#
@@ -11,6 +11,7 @@
# LOCAL_CFLAGS_$(TARGET_ARCH)
# LOCAL_CFLAGS_$(TARGET_2ND_ARCH)
# LOCAL_ADDITIONAL_DEPENDENCIES
+# LOCAL_EXPORT_C_INCLUDE_DIRS
LOCAL_ADDITIONAL_DEPENDENCIES += $(LOCAL_PATH)/Crypto-config-host.mk
@@ -707,6 +708,35 @@ mips_exclude_files := \
crypto/aes/aes_core.c \
crypto/bn/bn_asm.c \
+mips64_clang_asflags :=
+
+mips64_cflags := \
+ -DOPENSSL_NO_ASM \
+
+mips64_src_files :=
+
+mips64_exclude_files :=
+
+mips32r6_clang_asflags :=
+
+mips32r6_cflags := \
+ -DOPENSSL_NO_ASM \
+
+mips32r6_src_files :=
+
+mips32r6_exclude_files :=
+
+
+# "Temporary" hack until this can be fixed in openssl.config
+x86_64_cflags += -DRC4_INT="unsigned int"
+
+LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include
+
+ifdef ARCH_MIPS_REV6
+mips_cflags := $(mips32r6_cflags)
+mips_src_files := $(mips32r6_src_files)
+mips_exclude_files := $(mips32r6_exclude_files)
+endif
LOCAL_CFLAGS += $(common_cflags)
LOCAL_C_INCLUDES += $(common_c_includes) $(local_c_includes)
diff --git a/main/openssl/Crypto-config-target.mk b/main/openssl/Crypto-config-target.mk
index 17fe4bf5..4cf8c9ea 100644
--- a/main/openssl/Crypto-config-target.mk
+++ b/main/openssl/Crypto-config-target.mk
@@ -1,6 +1,6 @@
# Auto-generated - DO NOT EDIT!
# To regenerate, edit openssl.config, then run:
-# ./import_openssl.sh import /path/to/openssl-1.0.1j.tar.gz
+# ./import_openssl.sh import /path/to/openssl-1.0.1l.tar.gz
#
# This script will append to the following variables:
#
@@ -11,6 +11,7 @@
# LOCAL_CFLAGS_$(TARGET_ARCH)
# LOCAL_CFLAGS_$(TARGET_2ND_ARCH)
# LOCAL_ADDITIONAL_DEPENDENCIES
+# LOCAL_EXPORT_C_INCLUDE_DIRS
LOCAL_ADDITIONAL_DEPENDENCIES += $(LOCAL_PATH)/Crypto-config-target.mk
@@ -707,6 +708,35 @@ mips_exclude_files := \
crypto/aes/aes_core.c \
crypto/bn/bn_asm.c \
+mips64_clang_asflags :=
+
+mips64_cflags := \
+ -DOPENSSL_NO_ASM \
+
+mips64_src_files :=
+
+mips64_exclude_files :=
+
+mips32r6_clang_asflags :=
+
+mips32r6_cflags := \
+ -DOPENSSL_NO_ASM \
+
+mips32r6_src_files :=
+
+mips32r6_exclude_files :=
+
+
+# "Temporary" hack until this can be fixed in openssl.config
+x86_64_cflags += -DRC4_INT="unsigned int"
+
+LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include
+
+ifdef ARCH_MIPS_REV6
+mips_cflags := $(mips32r6_cflags)
+mips_src_files := $(mips32r6_src_files)
+mips_exclude_files := $(mips32r6_exclude_files)
+endif
LOCAL_CFLAGS += $(common_cflags)
LOCAL_C_INCLUDES += $(common_c_includes)
@@ -730,3 +760,7 @@ LOCAL_CLANG_ASFLAGS_x86_64 += $(x86_64_clang_asflags)
LOCAL_SRC_FILES_mips += $(filter-out $(mips_exclude_files),$(common_src_files) $(mips_src_files))
LOCAL_CFLAGS_mips += $(mips_cflags)
LOCAL_CLANG_ASFLAGS_mips += $(mips_clang_asflags)
+
+LOCAL_SRC_FILES_mips64 += $(filter-out $(mips64_exclude_files),$(common_src_files) $(mips64_src_files))
+LOCAL_CFLAGS_mips64 += $(mips64_cflags)
+LOCAL_CLANG_ASFLAGS_mips64 += $(mips64_clang_asflags)
diff --git a/main/openssl/Crypto-config-trusty.mk b/main/openssl/Crypto-config-trusty.mk
index c1b01d50..cc22723b 100644
--- a/main/openssl/Crypto-config-trusty.mk
+++ b/main/openssl/Crypto-config-trusty.mk
@@ -1,6 +1,6 @@
# Auto-generated - DO NOT EDIT!
# To regenerate, edit openssl.config, then run:
-# ./import_openssl.sh import /path/to/openssl-1.0.1j.tar.gz
+# ./import_openssl.sh import /path/to/openssl-1.0.1l.tar.gz
#
# This script will append to the following variables:
#
@@ -11,6 +11,7 @@
# LOCAL_CFLAGS_$(TARGET_ARCH)
# LOCAL_CFLAGS_$(TARGET_2ND_ARCH)
# LOCAL_ADDITIONAL_DEPENDENCIES
+# LOCAL_EXPORT_C_INCLUDE_DIRS
LOCAL_ADDITIONAL_DEPENDENCIES += $(LOCAL_PATH)/Crypto-config-trusty.mk
@@ -252,6 +253,30 @@ mips_src_files :=
mips_exclude_files :=
+mips64_clang_asflags :=
+
+mips64_cflags :=
+
+mips64_src_files :=
+
+mips64_exclude_files :=
+
+mips32r6_clang_asflags :=
+
+mips32r6_cflags :=
+
+mips32r6_src_files :=
+
+mips32r6_exclude_files :=
+
+
+LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include
+
+ifdef ARCH_MIPS_REV6
+mips_cflags := $(mips32r6_cflags)
+mips_src_files := $(mips32r6_src_files)
+mips_exclude_files := $(mips32r6_exclude_files)
+endif
LOCAL_CFLAGS += $(common_cflags)
LOCAL_C_INCLUDES += $(common_c_includes)
@@ -275,3 +300,7 @@ LOCAL_CLANG_ASFLAGS_x86_64 += $(x86_64_clang_asflags)
LOCAL_SRC_FILES_mips += $(filter-out $(mips_exclude_files),$(common_src_files) $(mips_src_files))
LOCAL_CFLAGS_mips += $(mips_cflags)
LOCAL_CLANG_ASFLAGS_mips += $(mips_clang_asflags)
+
+LOCAL_SRC_FILES_mips64 += $(filter-out $(mips64_exclude_files),$(common_src_files) $(mips64_src_files))
+LOCAL_CFLAGS_mips64 += $(mips64_cflags)
+LOCAL_CLANG_ASFLAGS_mips64 += $(mips64_clang_asflags)
diff --git a/main/openssl/Crypto.mk b/main/openssl/Crypto.mk
index 621627bf..6935cb67 100644
--- a/main/openssl/Crypto.mk
+++ b/main/openssl/Crypto.mk
@@ -33,10 +33,6 @@ LOCAL_C_INCLUDES := $(log_c_includes)
# in the NDK.
ifeq (,$(TARGET_BUILD_APPS))
LOCAL_CLANG := true
-ifeq ($(HOST_OS), darwin_does_not_wrok)
-LOCAL_ASFLAGS += -no-integrated-as
-LOCAL_CFLAGS += -no-integrated-as
-endif
else
LOCAL_SDK_VERSION := 9
endif
diff --git a/main/openssl/Ssl-config-host.mk b/main/openssl/Ssl-config-host.mk
index 83c60267..8f3bdce5 100644
--- a/main/openssl/Ssl-config-host.mk
+++ b/main/openssl/Ssl-config-host.mk
@@ -1,6 +1,6 @@
# Auto-generated - DO NOT EDIT!
# To regenerate, edit openssl.config, then run:
-# ./import_openssl.sh import /path/to/openssl-1.0.1j.tar.gz
+# ./import_openssl.sh import /path/to/openssl-1.0.1l.tar.gz
#
# This script will append to the following variables:
#
@@ -11,6 +11,7 @@
# LOCAL_CFLAGS_$(TARGET_ARCH)
# LOCAL_CFLAGS_$(TARGET_2ND_ARCH)
# LOCAL_ADDITIONAL_DEPENDENCIES
+# LOCAL_EXPORT_C_INCLUDE_DIRS
LOCAL_ADDITIONAL_DEPENDENCIES += $(LOCAL_PATH)/Ssl-config-host.mk
@@ -108,6 +109,30 @@ mips_src_files :=
mips_exclude_files :=
+mips64_clang_asflags :=
+
+mips64_cflags :=
+
+mips64_src_files :=
+
+mips64_exclude_files :=
+
+mips32r6_clang_asflags :=
+
+mips32r6_cflags :=
+
+mips32r6_src_files :=
+
+mips32r6_exclude_files :=
+
+
+LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include
+
+ifdef ARCH_MIPS_REV6
+mips_cflags := $(mips32r6_cflags)
+mips_src_files := $(mips32r6_src_files)
+mips_exclude_files := $(mips32r6_exclude_files)
+endif
LOCAL_CFLAGS += $(common_cflags)
LOCAL_C_INCLUDES += $(common_c_includes) $(local_c_includes)
diff --git a/main/openssl/Ssl-config-target.mk b/main/openssl/Ssl-config-target.mk
index bf1671f0..481ef042 100644
--- a/main/openssl/Ssl-config-target.mk
+++ b/main/openssl/Ssl-config-target.mk
@@ -1,6 +1,6 @@
# Auto-generated - DO NOT EDIT!
# To regenerate, edit openssl.config, then run:
-# ./import_openssl.sh import /path/to/openssl-1.0.1j.tar.gz
+# ./import_openssl.sh import /path/to/openssl-1.0.1l.tar.gz
#
# This script will append to the following variables:
#
@@ -11,6 +11,7 @@
# LOCAL_CFLAGS_$(TARGET_ARCH)
# LOCAL_CFLAGS_$(TARGET_2ND_ARCH)
# LOCAL_ADDITIONAL_DEPENDENCIES
+# LOCAL_EXPORT_C_INCLUDE_DIRS
LOCAL_ADDITIONAL_DEPENDENCIES += $(LOCAL_PATH)/Ssl-config-target.mk
@@ -108,6 +109,30 @@ mips_src_files :=
mips_exclude_files :=
+mips64_clang_asflags :=
+
+mips64_cflags :=
+
+mips64_src_files :=
+
+mips64_exclude_files :=
+
+mips32r6_clang_asflags :=
+
+mips32r6_cflags :=
+
+mips32r6_src_files :=
+
+mips32r6_exclude_files :=
+
+
+LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include
+
+ifdef ARCH_MIPS_REV6
+mips_cflags := $(mips32r6_cflags)
+mips_src_files := $(mips32r6_src_files)
+mips_exclude_files := $(mips32r6_exclude_files)
+endif
LOCAL_CFLAGS += $(common_cflags)
LOCAL_C_INCLUDES += $(common_c_includes)
@@ -131,3 +156,7 @@ LOCAL_CLANG_ASFLAGS_x86_64 += $(x86_64_clang_asflags)
LOCAL_SRC_FILES_mips += $(filter-out $(mips_exclude_files),$(common_src_files) $(mips_src_files))
LOCAL_CFLAGS_mips += $(mips_cflags)
LOCAL_CLANG_ASFLAGS_mips += $(mips_clang_asflags)
+
+LOCAL_SRC_FILES_mips64 += $(filter-out $(mips64_exclude_files),$(common_src_files) $(mips64_src_files))
+LOCAL_CFLAGS_mips64 += $(mips64_cflags)
+LOCAL_CLANG_ASFLAGS_mips64 += $(mips64_clang_asflags)
diff --git a/main/openssl/apps/ca.c b/main/openssl/apps/ca.c
index 9c25026a..613f5bee 100644
--- a/main/openssl/apps/ca.c
+++ b/main/openssl/apps/ca.c
@@ -703,7 +703,7 @@ bad:
ERR_clear_error();
#ifdef RL_DEBUG
if (!p)
- BIO_printf(bio_err, "DEBUG: unique_subject undefined\n", p);
+ BIO_printf(bio_err, "DEBUG: unique_subject undefined\n");
#endif
#ifdef RL_DEBUG
BIO_printf(bio_err, "DEBUG: configured unique_subject is %d\n",
diff --git a/main/openssl/apps/dgst.c b/main/openssl/apps/dgst.c
index f4aec779..e31a6b18 100644
--- a/main/openssl/apps/dgst.c
+++ b/main/openssl/apps/dgst.c
@@ -273,6 +273,8 @@ int MAIN(int argc, char **argv)
BIO_printf(bio_err,"-d to output debug info\n");
BIO_printf(bio_err,"-hex output as hex dump\n");
BIO_printf(bio_err,"-binary output in binary form\n");
+ BIO_printf(bio_err,"-hmac arg set the HMAC key to arg\n");
+ BIO_printf(bio_err,"-non-fips-allow allow use of non FIPS digest\n");
BIO_printf(bio_err,"-sign file sign digest using private key in file\n");
BIO_printf(bio_err,"-verify file verify a signature using public key in file\n");
BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n");
diff --git a/main/openssl/apps/ocsp.c b/main/openssl/apps/ocsp.c
index 04263ffd..8883afc9 100644
--- a/main/openssl/apps/ocsp.c
+++ b/main/openssl/apps/ocsp.c
@@ -583,51 +583,52 @@ int MAIN(int argc, char **argv)
BIO_printf (bio_err, "OCSP utility\n");
BIO_printf (bio_err, "Usage ocsp [options]\n");
BIO_printf (bio_err, "where options are\n");
- BIO_printf (bio_err, "-out file output filename\n");
- BIO_printf (bio_err, "-issuer file issuer certificate\n");
- BIO_printf (bio_err, "-cert file certificate to check\n");
- BIO_printf (bio_err, "-serial n serial number to check\n");
- BIO_printf (bio_err, "-signer file certificate to sign OCSP request with\n");
- BIO_printf (bio_err, "-signkey file private key to sign OCSP request with\n");
- BIO_printf (bio_err, "-sign_other file additional certificates to include in signed request\n");
- BIO_printf (bio_err, "-no_certs don't include any certificates in signed request\n");
- BIO_printf (bio_err, "-req_text print text form of request\n");
- BIO_printf (bio_err, "-resp_text print text form of response\n");
- BIO_printf (bio_err, "-text print text form of request and response\n");
- BIO_printf (bio_err, "-reqout file write DER encoded OCSP request to \"file\"\n");
- BIO_printf (bio_err, "-respout file write DER encoded OCSP reponse to \"file\"\n");
- BIO_printf (bio_err, "-reqin file read DER encoded OCSP request from \"file\"\n");
- BIO_printf (bio_err, "-respin file read DER encoded OCSP reponse from \"file\"\n");
- BIO_printf (bio_err, "-nonce add OCSP nonce to request\n");
- BIO_printf (bio_err, "-no_nonce don't add OCSP nonce to request\n");
- BIO_printf (bio_err, "-url URL OCSP responder URL\n");
- BIO_printf (bio_err, "-host host:n send OCSP request to host on port n\n");
- BIO_printf (bio_err, "-path path to use in OCSP request\n");
- BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
- BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
- BIO_printf (bio_err, "-VAfile file validator certificates file\n");
- BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
- BIO_printf (bio_err, "-status_age n maximum status age in seconds\n");
- BIO_printf (bio_err, "-noverify don't verify response at all\n");
- BIO_printf (bio_err, "-verify_other file additional certificates to search for signer\n");
- BIO_printf (bio_err, "-trust_other don't verify additional certificates\n");
- BIO_printf (bio_err, "-no_intern don't search certificates contained in response for signer\n");
+ BIO_printf (bio_err, "-out file output filename\n");
+ BIO_printf (bio_err, "-issuer file issuer certificate\n");
+ BIO_printf (bio_err, "-cert file certificate to check\n");
+ BIO_printf (bio_err, "-serial n serial number to check\n");
+ BIO_printf (bio_err, "-signer file certificate to sign OCSP request with\n");
+ BIO_printf (bio_err, "-signkey file private key to sign OCSP request with\n");
+ BIO_printf (bio_err, "-sign_other file additional certificates to include in signed request\n");
+ BIO_printf (bio_err, "-no_certs don't include any certificates in signed request\n");
+ BIO_printf (bio_err, "-req_text print text form of request\n");
+ BIO_printf (bio_err, "-resp_text print text form of response\n");
+ BIO_printf (bio_err, "-text print text form of request and response\n");
+ BIO_printf (bio_err, "-reqout file write DER encoded OCSP request to \"file\"\n");
+ BIO_printf (bio_err, "-respout file write DER encoded OCSP reponse to \"file\"\n");
+ BIO_printf (bio_err, "-reqin file read DER encoded OCSP request from \"file\"\n");
+ BIO_printf (bio_err, "-respin file read DER encoded OCSP reponse from \"file\"\n");
+ BIO_printf (bio_err, "-nonce add OCSP nonce to request\n");
+ BIO_printf (bio_err, "-no_nonce don't add OCSP nonce to request\n");
+ BIO_printf (bio_err, "-url URL OCSP responder URL\n");
+ BIO_printf (bio_err, "-host host:n send OCSP request to host on port n\n");
+ BIO_printf (bio_err, "-path path to use in OCSP request\n");
+ BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
+ BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
+ BIO_printf (bio_err, "-VAfile file validator certificates file\n");
+ BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
+ BIO_printf (bio_err, "-status_age n maximum status age in seconds\n");
+ BIO_printf (bio_err, "-noverify don't verify response at all\n");
+ BIO_printf (bio_err, "-verify_other file additional certificates to search for signer\n");
+ BIO_printf (bio_err, "-trust_other don't verify additional certificates\n");
+ BIO_printf (bio_err, "-no_intern don't search certificates contained in response for signer\n");
BIO_printf (bio_err, "-no_signature_verify don't check signature on response\n");
- BIO_printf (bio_err, "-no_cert_verify don't check signing certificate\n");
- BIO_printf (bio_err, "-no_chain don't chain verify response\n");
- BIO_printf (bio_err, "-no_cert_checks don't do additional checks on signing certificate\n");
- BIO_printf (bio_err, "-port num port to run responder on\n");
- BIO_printf (bio_err, "-index file certificate status index file\n");
- BIO_printf (bio_err, "-CA file CA certificate\n");
- BIO_printf (bio_err, "-rsigner file responder certificate to sign responses with\n");
- BIO_printf (bio_err, "-rkey file responder key to sign responses with\n");
- BIO_printf (bio_err, "-rother file other certificates to include in response\n");
- BIO_printf (bio_err, "-resp_no_certs don't include any certificates in response\n");
- BIO_printf (bio_err, "-nmin n number of minutes before next update\n");
- BIO_printf (bio_err, "-ndays n number of days before next update\n");
- BIO_printf (bio_err, "-resp_key_id identify reponse by signing certificate key ID\n");
- BIO_printf (bio_err, "-nrequest n number of requests to accept (default unlimited)\n");
- BIO_printf (bio_err, "-<dgst alg> use specified digest in the request\n");
+ BIO_printf (bio_err, "-no_cert_verify don't check signing certificate\n");
+ BIO_printf (bio_err, "-no_chain don't chain verify response\n");
+ BIO_printf (bio_err, "-no_cert_checks don't do additional checks on signing certificate\n");
+ BIO_printf (bio_err, "-port num port to run responder on\n");
+ BIO_printf (bio_err, "-index file certificate status index file\n");
+ BIO_printf (bio_err, "-CA file CA certificate\n");
+ BIO_printf (bio_err, "-rsigner file responder certificate to sign responses with\n");
+ BIO_printf (bio_err, "-rkey file responder key to sign responses with\n");
+ BIO_printf (bio_err, "-rother file other certificates to include in response\n");
+ BIO_printf (bio_err, "-resp_no_certs don't include any certificates in response\n");
+ BIO_printf (bio_err, "-nmin n number of minutes before next update\n");
+ BIO_printf (bio_err, "-ndays n number of days before next update\n");
+ BIO_printf (bio_err, "-resp_key_id identify reponse by signing certificate key ID\n");
+ BIO_printf (bio_err, "-nrequest n number of requests to accept (default unlimited)\n");
+ BIO_printf (bio_err, "-<dgst alg> use specified digest in the request\n");
+ BIO_printf (bio_err, "-timeout n timeout connection to OCSP responder after n seconds\n");
goto end;
}
@@ -1398,16 +1399,7 @@ OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
if (use_ssl == 1)
{
BIO *sbio;
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
ctx = SSL_CTX_new(SSLv23_client_method());
-#elif !defined(OPENSSL_NO_SSL3)
- ctx = SSL_CTX_new(SSLv3_client_method());
-#elif !defined(OPENSSL_NO_SSL2)
- ctx = SSL_CTX_new(SSLv2_client_method());
-#else
- BIO_printf(err, "SSL is disabled\n");
- goto end;
-#endif
if (ctx == NULL)
{
BIO_printf(err, "Error creating SSL context.\n");
diff --git a/main/openssl/apps/openssl.c b/main/openssl/apps/openssl.c
index a9fa1e3f..bca79a23 100644
--- a/main/openssl/apps/openssl.c
+++ b/main/openssl/apps/openssl.c
@@ -437,9 +437,7 @@ end:
if (prog != NULL) lh_FUNCTION_free(prog);
if (arg.data != NULL) OPENSSL_free(arg.data);
- apps_shutdown();
- CRYPTO_mem_leaks(bio_err);
if (bio_err != NULL)
{
BIO_free(bio_err);
@@ -452,6 +450,9 @@ end:
OPENSSL_free(Argv);
}
#endif
+ apps_shutdown();
+ CRYPTO_mem_leaks(bio_err);
+
OPENSSL_EXIT(ret);
}
diff --git a/main/openssl/apps/s_client.c b/main/openssl/apps/s_client.c
index dfe2de1f..afa4c2b9 100644
--- a/main/openssl/apps/s_client.c
+++ b/main/openssl/apps/s_client.c
@@ -329,10 +329,12 @@ static void sc_usage(void)
BIO_printf(bio_err," -srppass arg - password for 'user'\n");
BIO_printf(bio_err," -srp_lateuser - SRP username into second ClientHello message\n");
BIO_printf(bio_err," -srp_moregroups - Tolerate other than the known g N values.\n");
- BIO_printf(bio_err," -srp_strength int - minimal mength in bits for N (default %d).\n",SRP_MINIMAL_N);
+ BIO_printf(bio_err," -srp_strength int - minimal length in bits for N (default %d).\n",SRP_MINIMAL_N);
#endif
BIO_printf(bio_err," -ssl2 - just use SSLv2\n");
+#ifndef OPENSSL_NO_SSL3_METHOD
BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
+#endif
BIO_printf(bio_err," -tls1_2 - just use TLSv1.2\n");
BIO_printf(bio_err," -tls1_1 - just use TLSv1.1\n");
BIO_printf(bio_err," -tls1 - just use TLSv1\n");
@@ -813,7 +815,7 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"-ssl2") == 0)
meth=SSLv2_client_method();
#endif
-#ifndef OPENSSL_NO_SSL3
+#ifndef OPENSSL_NO_SSL3_METHOD
else if (strcmp(*argv,"-ssl3") == 0)
meth=SSLv3_client_method();
#endif
@@ -1359,10 +1361,22 @@ re_start:
BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
}
- if (socket_mtu > 28)
+ if (socket_mtu)
{
+ if(socket_mtu < DTLS_get_link_min_mtu(con))
+ {
+ BIO_printf(bio_err,"MTU too small. Must be at least %ld\n",
+ DTLS_get_link_min_mtu(con));
+ BIO_free(sbio);
+ goto shut;
+ }
SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
- SSL_set_mtu(con, socket_mtu - 28);
+ if(!DTLS_set_link_mtu(con, socket_mtu))
+ {
+ BIO_printf(bio_err, "Failed to set MTU\n");
+ BIO_free(sbio);
+ goto shut;
+ }
}
else
/* want to do MTU discovery */
diff --git a/main/openssl/apps/s_server.c b/main/openssl/apps/s_server.c
index fe7ad882..f47328ab 100644
--- a/main/openssl/apps/s_server.c
+++ b/main/openssl/apps/s_server.c
@@ -515,7 +515,9 @@ static void sv_usage(void)
BIO_printf(bio_err," -srpuserseed string - A seed string for a default user salt.\n");
#endif
BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n");
+#ifndef OPENSSL_NO_SSL3_METHOD
BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n");
+#endif
BIO_printf(bio_err," -tls1_2 - Just talk TLSv1.2\n");
BIO_printf(bio_err," -tls1_1 - Just talk TLSv1.1\n");
BIO_printf(bio_err," -tls1 - Just talk TLSv1\n");
@@ -1251,7 +1253,7 @@ int MAIN(int argc, char *argv[])
else if (strcmp(*argv,"-ssl2") == 0)
{ meth=SSLv2_server_method(); }
#endif
-#ifndef OPENSSL_NO_SSL3
+#ifndef OPENSSL_NO_SSL3_METHOD
else if (strcmp(*argv,"-ssl3") == 0)
{ meth=SSLv3_server_method(); }
#endif
@@ -2049,10 +2051,24 @@ static int sv_body(char *hostname, int s, unsigned char *context)
BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
}
- if (socket_mtu > 28)
+ if (socket_mtu)
{
+ if(socket_mtu < DTLS_get_link_min_mtu(con))
+ {
+ BIO_printf(bio_err,"MTU too small. Must be at least %ld\n",
+ DTLS_get_link_min_mtu(con));
+ ret = -1;
+ BIO_free(sbio);
+ goto err;
+ }
SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
- SSL_set_mtu(con, socket_mtu - 28);
+ if(!DTLS_set_link_mtu(con, socket_mtu))
+ {
+ BIO_printf(bio_err, "Failed to set MTU\n");
+ ret = -1;
+ BIO_free(sbio);
+ goto err;
+ }
}
else
/* want to do MTU discovery */
diff --git a/main/openssl/apps/s_time.c b/main/openssl/apps/s_time.c
index b823c33c..81dad532 100644
--- a/main/openssl/apps/s_time.c
+++ b/main/openssl/apps/s_time.c
@@ -349,13 +349,7 @@ int MAIN(int argc, char **argv)
if (bio_err == NULL)
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
s_time_meth=SSLv23_client_method();
-#elif !defined(OPENSSL_NO_SSL3)
- s_time_meth=SSLv3_client_method();
-#elif !defined(OPENSSL_NO_SSL2)
- s_time_meth=SSLv2_client_method();
-#endif
/* parse the command line arguments */
if( parseArgs( argc, argv ) < 0 )
diff --git a/main/openssl/apps/speed.c b/main/openssl/apps/speed.c
index 9c251ebe..2e613968 100644
--- a/main/openssl/apps/speed.c
+++ b/main/openssl/apps/speed.c
@@ -225,7 +225,7 @@
#undef BUFSIZE
#define BUFSIZE ((long)1024*8+1)
-int run=0;
+static volatile int run=0;
static int mr=0;
static int usertime=1;
@@ -2741,27 +2741,6 @@ static int do_multi(int multi)
else
rsa_results[k][1]=d;
}
- else if(!strncmp(buf,"+F2:",4))
- {
- int k;
- double d;
-
- p=buf+4;
- k=atoi(sstrsep(&p,sep));
- sstrsep(&p,sep);
-
- d=atof(sstrsep(&p,sep));
- if(n)
- rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d);
- else
- rsa_results[k][0]=d;
-
- d=atof(sstrsep(&p,sep));
- if(n)
- rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d);
- else
- rsa_results[k][1]=d;
- }
#ifndef OPENSSL_NO_DSA
else if(!strncmp(buf,"+F3:",4))
{
diff --git a/main/openssl/build-config-32.mk b/main/openssl/build-config-32.mk
index 9f1380b9..cb5aea96 100644
--- a/main/openssl/build-config-32.mk
+++ b/main/openssl/build-config-32.mk
@@ -1,6 +1,6 @@
# Auto-generated - DO NOT EDIT!
# To regenerate, edit openssl.config, then run:
-# ./import_openssl.sh import /path/to/openssl-1.0.1j.tar.gz
+# ./import_openssl.sh import /path/to/openssl-1.0.1l.tar.gz
#
openssl_cflags_32 := \
-DOPENSSL_THREADS \
diff --git a/main/openssl/build-config-64.mk b/main/openssl/build-config-64.mk
index 2475c2ed..e7c9c462 100644
--- a/main/openssl/build-config-64.mk
+++ b/main/openssl/build-config-64.mk
@@ -1,6 +1,6 @@
# Auto-generated - DO NOT EDIT!
# To regenerate, edit openssl.config, then run:
-# ./import_openssl.sh import /path/to/openssl-1.0.1j.tar.gz
+# ./import_openssl.sh import /path/to/openssl-1.0.1l.tar.gz
#
openssl_cflags_64 := \
-DOPENSSL_THREADS \
diff --git a/main/openssl/build-config-trusty.mk b/main/openssl/build-config-trusty.mk
index 34574f34..d0b19aae 100644
--- a/main/openssl/build-config-trusty.mk
+++ b/main/openssl/build-config-trusty.mk
@@ -1,6 +1,6 @@
# Auto-generated - DO NOT EDIT!
# To regenerate, edit openssl.config, then run:
-# ./import_openssl.sh import /path/to/openssl-1.0.1j.tar.gz
+# ./import_openssl.sh import /path/to/openssl-1.0.1l.tar.gz
#
openssl_cflags_trusty := \
-DL_ENDIAN \
diff --git a/main/openssl/crypto/LPdir_win.c b/main/openssl/crypto/LPdir_win.c
index d5b5e2c9..7eea373c 100644
--- a/main/openssl/crypto/LPdir_win.c
+++ b/main/openssl/crypto/LPdir_win.c
@@ -36,7 +36,7 @@
#if defined(LP_SYS_WINCE) && !defined(FindFirstFile)
# define FindFirstFile FindFirstFileW
#endif
-#if defined(LP_SYS_WINCE) && !defined(FindFirstFile)
+#if defined(LP_SYS_WINCE) && !defined(FindNextFile)
# define FindNextFile FindNextFileW
#endif
diff --git a/main/openssl/crypto/aes/asm/aes-mips.pl b/main/openssl/crypto/aes/asm/aes-mips.pl
index e5239542..537c8d31 100644
--- a/main/openssl/crypto/aes/asm/aes-mips.pl
+++ b/main/openssl/crypto/aes/asm/aes-mips.pl
@@ -70,7 +70,7 @@ $pf = ($flavour =~ /nubi/i) ? $t0 : $t2;
#
######################################################################
-$big_endian=(`echo MIPSEL | $ENV{CC} -E -P -`=~/MIPSEL/)?1:0;
+$big_endian=(`echo MIPSEL | $ENV{CC} -E -`=~/MIPSEL/)?1:0 if ($ENV{CC});
for (@ARGV) { $output=$_ if (/^\w[\w\-]*\.\w+$/); }
open STDOUT,">$output";
diff --git a/main/openssl/crypto/armcap.c b/main/openssl/crypto/armcap.c
index 7e46d07a..59b74948 100644
--- a/main/openssl/crypto/armcap.c
+++ b/main/openssl/crypto/armcap.c
@@ -68,6 +68,14 @@ static unsigned long (*getauxval)(unsigned long) = NULL;
# define HWCAP_CE_SHA256 (1 << 6)
#endif
+#ifdef ANDROID
+// Works around a bug where Android versions up to and including L don't
+// properly restore the signal mask when asked.
+#define sigsetjmp(env,savesigs) \
+ (sigprocmask(SIG_SETMASK,&ill_act.sa_mask,NULL), \
+ sigsetjmp(env,savesigs))
+#endif
+
void OPENSSL_cpuid_setup(void)
{
char *e;
diff --git a/main/openssl/crypto/asn1/a_bitstr.c b/main/openssl/crypto/asn1/a_bitstr.c
index 34179960..4117a67d 100644
--- a/main/openssl/crypto/asn1/a_bitstr.c
+++ b/main/openssl/crypto/asn1/a_bitstr.c
@@ -136,11 +136,16 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
p= *pp;
i= *(p++);
+ if (i > 7)
+ {
+ i=ASN1_R_INVALID_BIT_STRING_BITS_LEFT;
+ goto err;
+ }
/* We do this to preserve the settings. If we modify
* the settings, via the _set_bit function, we will recalculate
* on output */
ret->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */
- ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|(i&0x07)); /* set */
+ ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|i); /* set */
if (len-- > 1) /* using one because of the bits left byte */
{
diff --git a/main/openssl/crypto/asn1/a_type.c b/main/openssl/crypto/asn1/a_type.c
index a45d2f9d..5e1bc762 100644
--- a/main/openssl/crypto/asn1/a_type.c
+++ b/main/openssl/crypto/asn1/a_type.c
@@ -113,7 +113,7 @@ IMPLEMENT_STACK_OF(ASN1_TYPE)
IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
/* Returns 0 if they are equal, != 0 otherwise. */
-int ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b)
+int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b)
{
int result = -1;
diff --git a/main/openssl/crypto/asn1/a_verify.c b/main/openssl/crypto/asn1/a_verify.c
index fc84cd3d..78dde1d0 100644
--- a/main/openssl/crypto/asn1/a_verify.c
+++ b/main/openssl/crypto/asn1/a_verify.c
@@ -90,6 +90,12 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
goto err;
}
+
+ if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7)
+ {
+ ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
+ goto err;
+ }
inl=i2d(data,NULL);
buf_in=OPENSSL_malloc((unsigned int)inl);
@@ -146,6 +152,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
return -1;
}
+ if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7)
+ {
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
+ return -1;
+ }
+
EVP_MD_CTX_init(&ctx);
/* Convert signature OID into digest and public key OIDs */
diff --git a/main/openssl/crypto/asn1/asn1.h b/main/openssl/crypto/asn1/asn1.h
index 220a0c8c..3c45d5d0 100644
--- a/main/openssl/crypto/asn1/asn1.h
+++ b/main/openssl/crypto/asn1/asn1.h
@@ -776,7 +776,7 @@ DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
int ASN1_TYPE_get(ASN1_TYPE *a);
void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
-int ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b);
+int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
ASN1_OBJECT * ASN1_OBJECT_new(void );
void ASN1_OBJECT_free(ASN1_OBJECT *a);
@@ -1329,6 +1329,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_R_ILLEGAL_TIME_VALUE 184
#define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185
#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128
+#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220
#define ASN1_R_INVALID_BMPSTRING_LENGTH 129
#define ASN1_R_INVALID_DIGIT 130
#define ASN1_R_INVALID_MIME_TYPE 205
@@ -1378,6 +1379,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_R_TIME_NOT_ASCII_FORMAT 193
#define ASN1_R_TOO_LONG 155
#define ASN1_R_TYPE_NOT_CONSTRUCTED 156
+#define ASN1_R_TYPE_NOT_PRIMITIVE 218
#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157
#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158
#define ASN1_R_UNEXPECTED_EOC 159
diff --git a/main/openssl/crypto/asn1/asn1_err.c b/main/openssl/crypto/asn1/asn1_err.c
index aa60203b..568a8416 100644
--- a/main/openssl/crypto/asn1/asn1_err.c
+++ b/main/openssl/crypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
/* crypto/asn1/asn1_err.c */
/* ====================================================================
- * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -246,6 +246,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
{ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE) ,"illegal time value"},
{ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT),"integer not ascii format"},
{ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"},
+{ERR_REASON(ASN1_R_INVALID_BIT_STRING_BITS_LEFT),"invalid bit string bits left"},
{ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"},
{ERR_REASON(ASN1_R_INVALID_DIGIT) ,"invalid digit"},
{ERR_REASON(ASN1_R_INVALID_MIME_TYPE) ,"invalid mime type"},
@@ -295,6 +296,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
{ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT),"time not ascii format"},
{ERR_REASON(ASN1_R_TOO_LONG) ,"too long"},
{ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED) ,"type not constructed"},
+{ERR_REASON(ASN1_R_TYPE_NOT_PRIMITIVE) ,"type not primitive"},
{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},
{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},
{ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"},
diff --git a/main/openssl/crypto/asn1/tasn_dec.c b/main/openssl/crypto/asn1/tasn_dec.c
index 87d7dfdf..2cbfa814 100644
--- a/main/openssl/crypto/asn1/tasn_dec.c
+++ b/main/openssl/crypto/asn1/tasn_dec.c
@@ -870,6 +870,14 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
}
else if (cst)
{
+ if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN
+ || utype == V_ASN1_OBJECT || utype == V_ASN1_INTEGER
+ || utype == V_ASN1_ENUMERATED)
+ {
+ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+ ASN1_R_TYPE_NOT_PRIMITIVE);
+ return 0;
+ }
buf.length = 0;
buf.max = 0;
buf.data = NULL;
diff --git a/main/openssl/crypto/asn1/x_algor.c b/main/openssl/crypto/asn1/x_algor.c
index 274e456c..57cc956c 100644
--- a/main/openssl/crypto/asn1/x_algor.c
+++ b/main/openssl/crypto/asn1/x_algor.c
@@ -142,3 +142,14 @@ void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md)
X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
}
+
+int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b)
+ {
+ int rv;
+ rv = OBJ_cmp(a->algorithm, b->algorithm);
+ if (rv)
+ return rv;
+ if (!a->parameter && !b->parameter)
+ return 0;
+ return ASN1_TYPE_cmp(a->parameter, b->parameter);
+ }
diff --git a/main/openssl/crypto/asn1/x_name.c b/main/openssl/crypto/asn1/x_name.c
index d7c23186..22da5704 100644
--- a/main/openssl/crypto/asn1/x_name.c
+++ b/main/openssl/crypto/asn1/x_name.c
@@ -350,6 +350,8 @@ static int x509_name_canon(X509_NAME *a)
set = entry->set;
}
tmpentry = X509_NAME_ENTRY_new();
+ if (!tmpentry)
+ goto err;
tmpentry->object = OBJ_dup(entry->object);
if (!asn1_string_canon(tmpentry->value, entry->value))
goto err;
diff --git a/main/openssl/crypto/bio/bio.h b/main/openssl/crypto/bio/bio.h
index d05fa22a..3ff67275 100644
--- a/main/openssl/crypto/bio/bio.h
+++ b/main/openssl/crypto/bio/bio.h
@@ -175,6 +175,8 @@ extern "C" {
#define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45 /* Next DTLS handshake timeout to
* adjust socket timeouts */
+#define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49
+
#ifndef OPENSSL_NO_SCTP
/* SCTP stuff */
#define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50
@@ -610,6 +612,8 @@ int BIO_ctrl_reset_read_request(BIO *b);
(int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer)
#define BIO_dgram_set_peer(b,peer) \
(int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer)
+#define BIO_dgram_get_mtu_overhead(b) \
+ (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
/* These two aren't currently implemented */
/* int BIO_get_ex_num(BIO *bio); */
diff --git a/main/openssl/crypto/bio/bss_dgram.c b/main/openssl/crypto/bio/bss_dgram.c
index d9967e72..0decf944 100644
--- a/main/openssl/crypto/bio/bss_dgram.c
+++ b/main/openssl/crypto/bio/bss_dgram.c
@@ -454,6 +454,36 @@ static int dgram_write(BIO *b, const char *in, int inl)
return(ret);
}
+static long dgram_get_mtu_overhead(bio_dgram_data *data)
+ {
+ long ret;
+
+ switch (data->peer.sa.sa_family)
+ {
+ case AF_INET:
+ /* Assume this is UDP - 20 bytes for IP, 8 bytes for UDP */
+ ret = 28;
+ break;
+#if OPENSSL_USE_IPV6
+ case AF_INET6:
+#ifdef IN6_IS_ADDR_V4MAPPED
+ if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr))
+ /* Assume this is UDP - 20 bytes for IP, 8 bytes for UDP */
+ ret = 28;
+ else
+#endif
+ /* Assume this is UDP - 40 bytes for IP, 8 bytes for UDP */
+ ret = 48;
+ break;
+#endif
+ default:
+ /* We don't know. Go with the historical default */
+ ret = 28;
+ break;
+ }
+ return ret;
+ }
+
static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
{
long ret=1;
@@ -630,23 +660,24 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
#endif
break;
case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
+ ret = -dgram_get_mtu_overhead(data);
switch (data->peer.sa.sa_family)
{
case AF_INET:
- ret = 576 - 20 - 8;
+ ret += 576;
break;
#if OPENSSL_USE_IPV6
case AF_INET6:
#ifdef IN6_IS_ADDR_V4MAPPED
if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr))
- ret = 576 - 20 - 8;
+ ret += 576;
else
#endif
- ret = 1280 - 40 - 8;
+ ret += 1280;
break;
#endif
default:
- ret = 576 - 20 - 8;
+ ret += 576;
break;
}
break;
@@ -847,6 +878,9 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
ret = 0;
break;
#endif
+ case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
+ ret = dgram_get_mtu_overhead(data);
+ break;
default:
ret=0;
break;
@@ -893,10 +927,18 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
/* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */
auth.sauth_chunk = OPENSSL_SCTP_DATA_CHUNK_TYPE;
ret = setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, sizeof(struct sctp_authchunk));
- OPENSSL_assert(ret >= 0);
+ if (ret < 0)
+ {
+ BIO_vfree(bio);
+ return(NULL);
+ }
auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE;
ret = setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, sizeof(struct sctp_authchunk));
- OPENSSL_assert(ret >= 0);
+ if (ret < 0)
+ {
+ BIO_vfree(bio);
+ return(NULL);
+ }
/* Test if activation was successful. When using accept(),
* SCTP-AUTH has to be activated for the listening socket
@@ -905,7 +947,13 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
authchunks = OPENSSL_malloc(sockopt_len);
memset(authchunks, 0, sizeof(sockopt_len));
ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, &sockopt_len);
- OPENSSL_assert(ret >= 0);
+
+ if (ret < 0)
+ {
+ OPENSSL_free(authchunks);
+ BIO_vfree(bio);
+ return(NULL);
+ }
for (p = (unsigned char*) authchunks->gauth_chunks;
p < (unsigned char*) authchunks + sockopt_len;
@@ -927,16 +975,28 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
event.se_type = SCTP_AUTHENTICATION_EVENT;
event.se_on = 1;
ret = setsockopt(fd, IPPROTO_SCTP, SCTP_EVENT, &event, sizeof(struct sctp_event));
- OPENSSL_assert(ret >= 0);
+ if (ret < 0)
+ {
+ BIO_vfree(bio);
+ return(NULL);
+ }
#else
sockopt_len = (socklen_t) sizeof(struct sctp_event_subscribe);
ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len);
- OPENSSL_assert(ret >= 0);
+ if (ret < 0)
+ {
+ BIO_vfree(bio);
+ return(NULL);
+ }
event.sctp_authentication_event = 1;
ret = setsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, sizeof(struct sctp_event_subscribe));
- OPENSSL_assert(ret >= 0);
+ if (ret < 0)
+ {
+ BIO_vfree(bio);
+ return(NULL);
+ }
#endif
#endif
@@ -944,7 +1004,11 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
* larger than the max record size of 2^14 + 2048 + 13
*/
ret = setsockopt(fd, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, &optval, sizeof(optval));
- OPENSSL_assert(ret >= 0);
+ if (ret < 0)
+ {
+ BIO_vfree(bio);
+ return(NULL);
+ }
return(bio);
}
@@ -982,7 +1046,12 @@ static int dgram_sctp_free(BIO *a)
return 0;
data = (bio_dgram_sctp_data *)a->ptr;
- if(data != NULL) OPENSSL_free(data);
+ if(data != NULL)
+ {
+ if(data->saved_message.data != NULL)
+ OPENSSL_free(data->saved_message.data);
+ OPENSSL_free(data);
+ }
return(1);
}
@@ -1034,6 +1103,13 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
msg.msg_flags = 0;
n = recvmsg(b->num, &msg, 0);
+ if (n <= 0)
+ {
+ if (n < 0)
+ ret = n;
+ break;
+ }
+
if (msg.msg_controllen > 0)
{
for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg))
@@ -1073,13 +1149,6 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
}
}
- if (n <= 0)
- {
- if (n < 0)
- ret = n;
- break;
- }
-
if (msg.msg_flags & MSG_NOTIFICATION)
{
snp = (union sctp_notification*) out;
@@ -1099,6 +1168,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
dgram_sctp_write(data->saved_message.bio, data->saved_message.data,
data->saved_message.length);
OPENSSL_free(data->saved_message.data);
+ data->saved_message.data = NULL;
data->saved_message.length = 0;
}
@@ -1109,16 +1179,28 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
event.se_type = SCTP_SENDER_DRY_EVENT;
event.se_on = 0;
i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, sizeof(struct sctp_event));
- OPENSSL_assert(i >= 0);
+ if (i < 0)
+ {
+ ret = i;
+ break;
+ }
#else
eventsize = sizeof(struct sctp_event_subscribe);
i = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize);
- OPENSSL_assert(i >= 0);
+ if (i < 0)
+ {
+ ret = i;
+ break;
+ }
event.sctp_sender_dry_event = 0;
i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, sizeof(struct sctp_event_subscribe));
- OPENSSL_assert(i >= 0);
+ if (i < 0)
+ {
+ ret = i;
+ break;
+ }
#endif
}
@@ -1151,8 +1233,8 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
*/
optlen = (socklen_t) sizeof(int);
ret = getsockopt(b->num, SOL_SOCKET, SO_RCVBUF, &optval, &optlen);
- OPENSSL_assert(ret >= 0);
- OPENSSL_assert(optval >= 18445);
+ if (ret >= 0)
+ OPENSSL_assert(optval >= 18445);
/* Test if SCTP doesn't partially deliver below
* max record size (2^14 + 2048 + 13)
@@ -1160,8 +1242,8 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
optlen = (socklen_t) sizeof(int);
ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT,
&optval, &optlen);
- OPENSSL_assert(ret >= 0);
- OPENSSL_assert(optval >= 18445);
+ if (ret >= 0)
+ OPENSSL_assert(optval >= 18445);
/* Partially delivered notification??? Probably a bug.... */
OPENSSL_assert(!(msg.msg_flags & MSG_NOTIFICATION));
@@ -1195,15 +1277,15 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
authchunks = OPENSSL_malloc(optlen);
memset(authchunks, 0, sizeof(optlen));
ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, authchunks, &optlen);
- OPENSSL_assert(ii >= 0);
- for (p = (unsigned char*) authchunks->gauth_chunks;
- p < (unsigned char*) authchunks + optlen;
- p += sizeof(uint8_t))
- {
- if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE) auth_data = 1;
- if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE) auth_forward = 1;
- }
+ if (ii >= 0)
+ for (p = (unsigned char*) authchunks->gauth_chunks;
+ p < (unsigned char*) authchunks + optlen;
+ p += sizeof(uint8_t))
+ {
+ if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE) auth_data = 1;
+ if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE) auth_forward = 1;
+ }
OPENSSL_free(authchunks);
@@ -1258,9 +1340,11 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl)
if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b))
{
data->saved_message.bio = b;
- data->saved_message.length = inl;
+ if (data->saved_message.data)
+ OPENSSL_free(data->saved_message.data);
data->saved_message.data = OPENSSL_malloc(inl);
memcpy(data->saved_message.data, in, inl);
+ data->saved_message.length = inl;
return inl;
}
@@ -1367,6 +1451,10 @@ static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
* Returns always 1.
*/
break;
+ case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
+ /* We allow transport protocol fragmentation so this is irrelevant */
+ ret = 0;
+ break;
case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
if (num > 0)
data->in_handshake = 1;
diff --git a/main/openssl/crypto/bn/asm/bn-mips.S b/main/openssl/crypto/bn/asm/bn-mips.S
index 2e7cccb7..62136802 100644
--- a/main/openssl/crypto/bn/asm/bn-mips.S
+++ b/main/openssl/crypto/bn/asm/bn-mips.S
@@ -1549,21 +1549,20 @@ bn_sqr_comba8:
sltu $1,$3,$24
addu $7,$25,$1
sw $3,4($4)
-
mflo $24
mfhi $25
- slt $3,$25,$0
- sll $25,1
- multu $13,$13 # mul_add_c(a[1],b[1],c3,c1,c2);
- slt $6,$24,$0
- addu $25,$6
- sll $24,1
addu $7,$24
sltu $1,$7,$24
- addu $25,$1
+ multu $13,$13 # forward multiplication
+ addu $7,$24
+ addu $1,$25
+ sltu $24,$7,$24
+ addu $2,$1
+ addu $25,$24
+ sltu $3,$2,$1
addu $2,$25
- sltu $1,$2,$25
- addu $3,$1
+ sltu $25,$2,$25
+ addu $3,$25
mflo $24
mfhi $25
addu $7,$24
@@ -1574,67 +1573,65 @@ bn_sqr_comba8:
sltu $1,$2,$25
addu $3,$1
sw $7,2*4($4)
-
mflo $24
mfhi $25
- slt $7,$25,$0
- sll $25,1
- multu $13,$14 # mul_add_c2(a[1],b[2],c1,c2,c3);
- slt $6,$24,$0
- addu $25,$6
- sll $24,1
addu $2,$24
sltu $1,$2,$24
- addu $25,$1
+ multu $13,$14 # forward multiplication
+ addu $2,$24
+ addu $1,$25
+ sltu $24,$2,$24
+ addu $3,$1
+ addu $25,$24
+ sltu $7,$3,$1
addu $3,$25
- sltu $1,$3,$25
- addu $7,$1
+ sltu $25,$3,$25
+ addu $7,$25
mflo $24
mfhi $25
- slt $1,$25,$0
- addu $7,$1
- multu $8,$12 # mul_add_c2(a[4],b[0],c2,c3,c1);
- sll $25,1
- slt $6,$24,$0
- addu $25,$6
- sll $24,1
addu $2,$24
sltu $1,$2,$24
- addu $25,$1
+ multu $8,$12 # forward multiplication
+ addu $2,$24
+ addu $1,$25
+ sltu $24,$2,$24
+ addu $3,$1
+ addu $25,$24
+ sltu $1,$3,$1
addu $3,$25
- sltu $1,$3,$25
addu $7,$1
+ sltu $25,$3,$25
+ addu $7,$25
sw $2,3*4($4)
-
mflo $24
mfhi $25
- slt $2,$25,$0
- sll $25,1
- multu $15,$13 # mul_add_c2(a[3],b[1],c2,c3,c1);
- slt $6,$24,$0
- addu $25,$6
- sll $24,1
addu $3,$24
sltu $1,$3,$24
- addu $25,$1
+ multu $15,$13 # forward multiplication
+ addu $3,$24
+ addu $1,$25
+ sltu $24,$3,$24
+ addu $7,$1
+ addu $25,$24
+ sltu $2,$7,$1
addu $7,$25
- sltu $1,$7,$25
- addu $2,$1
+ sltu $25,$7,$25
+ addu $2,$25
mflo $24
mfhi $25
- slt $1,$25,$0
- addu $2,$1
- multu $14,$14 # mul_add_c(a[2],b[2],c2,c3,c1);
- sll $25,1
- slt $6,$24,$0
- addu $25,$6
- sll $24,1
addu $3,$24
sltu $1,$3,$24
- addu $25,$1
+ multu $14,$14 # forward multiplication
+ addu $3,$24
+ addu $1,$25
+ sltu $24,$3,$24
+ addu $7,$1
+ addu $25,$24
+ sltu $1,$7,$1
addu $7,$25
- sltu $1,$7,$25
addu $2,$1
+ sltu $25,$7,$25
+ addu $2,$25
mflo $24
mfhi $25
addu $3,$24
@@ -1645,97 +1642,95 @@ bn_sqr_comba8:
sltu $1,$7,$25
addu $2,$1
sw $3,4*4($4)
-
mflo $24
mfhi $25
- slt $3,$25,$0
- sll $25,1
- multu $13,$8 # mul_add_c2(a[1],b[4],c3,c1,c2);
- slt $6,$24,$0
- addu $25,$6
- sll $24,1
addu $7,$24
sltu $1,$7,$24
- addu $25,$1
+ multu $13,$8 # forward multiplication
+ addu $7,$24
+ addu $1,$25
+ sltu $24,$7,$24
+ addu $2,$1
+ addu $25,$24
+ sltu $3,$2,$1
addu $2,$25
- sltu $1,$2,$25
- addu $3,$1
+ sltu $25,$2,$25
+ addu $3,$25
mflo $24
mfhi $25
- slt $1,$25,$0
- addu $3,$1
- multu $14,$15 # mul_add_c2(a[2],b[3],c3,c1,c2);
- sll $25,1
- slt $6,$24,$0
- addu $25,$6
- sll $24,1
addu $7,$24
sltu $1,$7,$24
- addu $25,$1
+ multu $14,$15 # forward multiplication
+ addu $7,$24
+ addu $1,$25
+ sltu $24,$7,$24
+ addu $2,$1
+ addu $25,$24
+ sltu $1,$2,$1
addu $2,$25
- sltu $1,$2,$25
addu $3,$1
+ sltu $25,$2,$25
+ addu $3,$25
mflo $24
mfhi $25
- slt $1,$25,$0
- multu $10,$12 # mul_add_c2(a[6],b[0],c1,c2,c3);
- addu $3,$1
- sll $25,1
- slt $6,$24,$0
- addu $25,$6
- sll $24,1
addu $7,$24
sltu $1,$7,$24
- addu $25,$1
+ multu $10,$12 # forward multiplication
+ addu $7,$24
+ addu $1,$25
+ sltu $24,$7,$24
+ addu $2,$1
+ addu $25,$24
+ sltu $1,$2,$1
addu $2,$25
- sltu $1,$2,$25
addu $3,$1
+ sltu $25,$2,$25
+ addu $3,$25
sw $7,5*4($4)
-
mflo $24
mfhi $25
- slt $7,$25,$0
- sll $25,1
- multu $9,$13 # mul_add_c2(a[5],b[1],c1,c2,c3);
- slt $6,$24,$0
- addu $25,$6
- sll $24,1
addu $2,$24
sltu $1,$2,$24
- addu $25,$1
+ multu $9,$13 # forward multiplication
+ addu $2,$24
+ addu $1,$25
+ sltu $24,$2,$24
+ addu $3,$1
+ addu $25,$24
+ sltu $7,$3,$1
addu $3,$25
- sltu $1,$3,$25
- addu $7,$1
+ sltu $25,$3,$25
+ addu $7,$25
mflo $24
mfhi $25
- slt $1,$25,$0
- addu $7,$1
- multu $8,$14 # mul_add_c2(a[4],b[2],c1,c2,c3);
- sll $25,1
- slt $6,$24,$0
- addu $25,$6
- sll $24,1
addu $2,$24
sltu $1,$2,$24
- addu $25,$1
+ multu $8,$14 # forward multiplication
+ addu $2,$24
+ addu $1,$25
+ sltu $24,$2,$24
+ addu $3,$1
+ addu $25,$24
+ sltu $1,$3,$1
addu $3,$25
- sltu $1,$3,$25
addu $7,$1
+ sltu $25,$3,$25
+ addu $7,$25
mflo $24
mfhi $25
- slt $1,$25,$0
- addu $7,$1
- multu $15,$15 # mul_add_c(a[3],b[3],c1,c2,c3);
- sll $25,1
- slt $6,$24,$0
- addu $25,$6
- sll $24,1
addu $2,$24
sltu $1,$2,$24
- addu $25,$1
+ multu $15,$15 # forward multiplication
+ addu $2,$24
+ addu $1,$25
+ sltu $24,$2,$24
+ addu $3,$1
+ addu $25,$24
+ sltu $1,$3,$1
addu $3,$25
- sltu $1,$3,$25
addu $7,$1
+ sltu $25,$3,$25
+ addu $7,$25
mflo $24
mfhi $25
addu $2,$24
@@ -1746,112 +1741,110 @@ bn_sqr_comba8:
sltu $1,$3,$25
addu $7,$1
sw $2,6*4($4)
-
mflo $24
mfhi $25
- slt $2,$25,$0
- sll $25,1
- multu $13,$10 # mul_add_c2(a[1],b[6],c2,c3,c1);
- slt $6,$24,$0
- addu $25,$6
- sll $24,1
addu $3,$24
sltu $1,$3,$24
- addu $25,$1
+ multu $13,$10 # forward multiplication
+ addu $3,$24
+ addu $1,$25
+ sltu $24,$3,$24
+ addu $7,$1
+ addu $25,$24
+ sltu $2,$7,$1
addu $7,$25
- sltu $1,$7,$25
- addu $2,$1
+ sltu $25,$7,$25
+ addu $2,$25
mflo $24
mfhi $25
- slt $1,$25,$0
- addu $2,$1
- multu $14,$9 # mul_add_c2(a[2],b[5],c2,c3,c1);
- sll $25,1
- slt $6,$24,$0
- addu $25,$6
- sll $24,1
addu $3,$24
sltu $1,$3,$24
- addu $25,$1
+ multu $14,$9 # forward multiplication
+ addu $3,$24
+ addu $1,$25
+ sltu $24,$3,$24
+ addu $7,$1
+ addu $25,$24
+ sltu $1,$7,$1
addu $7,$25
- sltu $1,$7,$25
addu $2,$1
+ sltu $25,$7,$25
+ addu $2,$25
mflo $24
mfhi $25
- slt $1,$25,$0
- addu $2,$1
- multu $15,$8 # mul_add_c2(a[3],b[4],c2,c3,c1);
- sll $25,1
- slt $6,$24,$0
- addu $25,$6
- sll $24,1
addu $3,$24
sltu $1,$3,$24
- addu $25,$1
+ multu $15,$8 # forward multiplication
+ addu $3,$24
+ addu $1,$25
+ sltu $24,$3,$24
+ addu $7,$1
+ addu $25,$24
+ sltu $1,$7,$1
addu $7,$25
- sltu $1,$7,$25
addu $2,$1
+ sltu $25,$7,$25
+ addu $2,$25
mflo $24
mfhi $25
- slt $1,$25,$0
- addu $2,$1
- multu $11,$13 # mul_add_c2(a[7],b[1],c3,c1,c2);
- sll $25,1
- slt $6,$24,$0
- addu $25,$6
- sll $24,1
addu $3,$24
sltu $1,$3,$24
- addu $25,$1
+ multu $11,$13 # forward multiplication
+ addu $3,$24
+ addu $1,$25
+ sltu $24,$3,$24
+ addu $7,$1
+ addu $25,$24
+ sltu $1,$7,$1
addu $7,$25
- sltu $1,$7,$25
addu $2,$1
+ sltu $25,$7,$25
+ addu $2,$25
sw $3,7*4($4)
-
mflo $24
mfhi $25
- slt $3,$25,$0
- sll $25,1
- multu $10,$14 # mul_add_c2(a[6],b[2],c3,c1,c2);
- slt $6,$24,$0
- addu $25,$6
- sll $24,1
addu $7,$24
sltu $1,$7,$24
- addu $25,$1
+ multu $10,$14 # forward multiplication
+ addu $7,$24
+ addu $1,$25
+ sltu $24,$7,$24
+ addu $2,$1
+ addu $25,$24
+ sltu $3,$2,$1
addu $2,$25
- sltu $1,$2,$25
- addu $3,$1
+ sltu $25,$2,$25
+ addu $3,$25
mflo $24
mfhi $25
- slt $1,$25,$0
- addu $3,$1
- multu $9,$15 # mul_add_c2(a[5],b[3],c3,c1,c2);
- sll $25,1
- slt $6,$24,$0
- addu $25,$6
- sll $24,1
addu $7,$24
sltu $1,$7,$24
- addu $25,$1
+ multu $9,$15 # forward multiplication
+ addu $7,$24
+ addu $1,$25
+ sltu $24,$7,$24
+ addu $2,$1
+ addu $25,$24
+ sltu $1,$2,$1
addu $2,$25
- sltu $1,$2,$25
addu $3,$1
+ sltu $25,$2,$25
+ addu $3,$25
mflo $24
mfhi $25
- slt $1,$25,$0
- addu $3,$1
- multu $8,$8 # mul_add_c(a[4],b[4],c3,c1,c2);
- sll $25,1
- slt $6,$24,$0
- addu $25,$6
- sll $24,1
addu $7,$24
sltu $1,$7,$24
- addu $25,$1
+ multu $8,$8 # forward multiplication
+ addu $7,$24
+ addu $1,$25
+ sltu $24,$7,$24
+ addu $2,$1
+ addu $25,$24
+ sltu $1,$2,$1
addu $2,$25
- sltu $1,$2,$25
addu $3,$1
+ sltu $25,$2,$25
+ addu $3,$25
mflo $24
mfhi $25
addu $7,$24
@@ -1862,82 +1855,80 @@ bn_sqr_comba8:
sltu $1,$2,$25
addu $3,$1
sw $7,8*4($4)
-
mflo $24
mfhi $25
- slt $7,$25,$0
- sll $25,1
- multu $15,$10 # mul_add_c2(a[3],b[6],c1,c2,c3);
- slt $6,$24,$0
- addu $25,$6
- sll $24,1
addu $2,$24
sltu $1,$2,$24
- addu $25,$1
+ multu $15,$10 # forward multiplication
+ addu $2,$24
+ addu $1,$25
+ sltu $24,$2,$24
+ addu $3,$1
+ addu $25,$24
+ sltu $7,$3,$1
addu $3,$25
- sltu $1,$3,$25
- addu $7,$1
+ sltu $25,$3,$25
+ addu $7,$25
mflo $24
mfhi $25
- slt $1,$25,$0
- addu $7,$1
- multu $8,$9 # mul_add_c2(a[4],b[5],c1,c2,c3);
- sll $25,1
- slt $6,$24,$0
- addu $25,$6
- sll $24,1
addu $2,$24
sltu $1,$2,$24
- addu $25,$1
+ multu $8,$9 # forward multiplication
+ addu $2,$24
+ addu $1,$25
+ sltu $24,$2,$24
+ addu $3,$1
+ addu $25,$24
+ sltu $1,$3,$1
addu $3,$25
- sltu $1,$3,$25
addu $7,$1
+ sltu $25,$3,$25
+ addu $7,$25
mflo $24
mfhi $25
- slt $1,$25,$0
- addu $7,$1
- multu $11,$15 # mul_add_c2(a[7],b[3],c2,c3,c1);
- sll $25,1
- slt $6,$24,$0
- addu $25,$6
- sll $24,1
addu $2,$24
sltu $1,$2,$24
- addu $25,$1
+ multu $11,$15 # forward multiplication
+ addu $2,$24
+ addu $1,$25
+ sltu $24,$2,$24
+ addu $3,$1
+ addu $25,$24
+ sltu $1,$3,$1
addu $3,$25
- sltu $1,$3,$25
addu $7,$1
+ sltu $25,$3,$25
+ addu $7,$25
sw $2,9*4($4)
-
mflo $24
mfhi $25
- slt $2,$25,$0
- sll $25,1
- multu $10,$8 # mul_add_c2(a[6],b[4],c2,c3,c1);
- slt $6,$24,$0
- addu $25,$6
- sll $24,1
addu $3,$24
sltu $1,$3,$24
- addu $25,$1
+ multu $10,$8 # forward multiplication
+ addu $3,$24
+ addu $1,$25
+ sltu $24,$3,$24
+ addu $7,$1
+ addu $25,$24
+ sltu $2,$7,$1
addu $7,$25
- sltu $1,$7,$25
- addu $2,$1
+ sltu $25,$7,$25
+ addu $2,$25
mflo $24
mfhi $25
- slt $1,$25,$0
- addu $2,$1
- multu $9,$9 # mul_add_c(a[5],b[5],c2,c3,c1);
- sll $25,1
- slt $6,$24,$0
- addu $25,$6
- sll $24,1
addu $3,$24
sltu $1,$3,$24
- addu $25,$1
+ multu $9,$9 # forward multiplication
+ addu $3,$24
+ addu $1,$25
+ sltu $24,$3,$24
+ addu $7,$1
+ addu $25,$24
+ sltu $1,$7,$1
addu $7,$25
- sltu $1,$7,$25
addu $2,$1
+ sltu $25,$7,$25
+ addu $2,$25
mflo $24
mfhi $25
addu $3,$24
@@ -1948,52 +1939,50 @@ bn_sqr_comba8:
sltu $1,$7,$25
addu $2,$1
sw $3,10*4($4)
-
mflo $24
mfhi $25
- slt $3,$25,$0
- sll $25,1
- multu $9,$10 # mul_add_c2(a[5],b[6],c3,c1,c2);
- slt $6,$24,$0
- addu $25,$6
- sll $24,1
addu $7,$24
sltu $1,$7,$24
- addu $25,$1
+ multu $9,$10 # forward multiplication
+ addu $7,$24
+ addu $1,$25
+ sltu $24,$7,$24
+ addu $2,$1
+ addu $25,$24
+ sltu $3,$2,$1
addu $2,$25
- sltu $1,$2,$25
- addu $3,$1
+ sltu $25,$2,$25
+ addu $3,$25
mflo $24
mfhi $25
- slt $1,$25,$0
- addu $3,$1
- multu $11,$9 # mul_add_c2(a[7],b[5],c1,c2,c3);
- sll $25,1
- slt $6,$24,$0
- addu $25,$6
- sll $24,1
addu $7,$24
sltu $1,$7,$24
- addu $25,$1
+ multu $11,$9 # forward multiplication
+ addu $7,$24
+ addu $1,$25
+ sltu $24,$7,$24
+ addu $2,$1
+ addu $25,$24
+ sltu $1,$2,$1
addu $2,$25
- sltu $1,$2,$25
addu $3,$1
+ sltu $25,$2,$25
+ addu $3,$25
sw $7,11*4($4)
-
mflo $24
mfhi $25
- slt $7,$25,$0
- sll $25,1
- multu $10,$10 # mul_add_c(a[6],b[6],c1,c2,c3);
- slt $6,$24,$0
- addu $25,$6
- sll $24,1
addu $2,$24
sltu $1,$2,$24
- addu $25,$1
+ multu $10,$10 # forward multiplication
+ addu $2,$24
+ addu $1,$25
+ sltu $24,$2,$24
+ addu $3,$1
+ addu $25,$24
+ sltu $7,$3,$1
addu $3,$25
- sltu $1,$3,$25
- addu $7,$1
+ sltu $25,$3,$25
+ addu $7,$25
mflo $24
mfhi $25
addu $2,$24
@@ -2004,21 +1993,20 @@ bn_sqr_comba8:
sltu $1,$3,$25
addu $7,$1
sw $2,12*4($4)
-
mflo $24
mfhi $25
- slt $2,$25,$0
- sll $25,1
- multu $11,$11 # mul_add_c(a[7],b[7],c3,c1,c2);
- slt $6,$24,$0
- addu $25,$6
- sll $24,1
addu $3,$24
sltu $1,$3,$24
- addu $25,$1
+ multu $11,$11 # forward multiplication
+ addu $3,$24
+ addu $1,$25
+ sltu $24,$3,$24
+ addu $7,$1
+ addu $25,$24
+ sltu $2,$7,$1
addu $7,$25
- sltu $1,$7,$25
- addu $2,$1
+ sltu $25,$7,$25
+ addu $2,$25
sw $3,13*4($4)
mflo $24
@@ -2062,21 +2050,20 @@ bn_sqr_comba4:
sltu $1,$3,$24
addu $7,$25,$1
sw $3,4($4)
-
mflo $24
mfhi $25
- slt $3,$25,$0
- sll $25,1
- multu $13,$13 # mul_add_c(a[1],b[1],c3,c1,c2);
- slt $6,$24,$0
- addu $25,$6
- sll $24,1
addu $7,$24
sltu $1,$7,$24
- addu $25,$1
+ multu $13,$13 # forward multiplication
+ addu $7,$24
+ addu $1,$25
+ sltu $24,$7,$24
+ addu $2,$1
+ addu $25,$24
+ sltu $3,$2,$1
addu $2,$25
- sltu $1,$2,$25
- addu $3,$1
+ sltu $25,$2,$25
+ addu $3,$25
mflo $24
mfhi $25
addu $7,$24
@@ -2087,52 +2074,50 @@ bn_sqr_comba4:
sltu $1,$2,$25
addu $3,$1
sw $7,2*4($4)
-
mflo $24
mfhi $25
- slt $7,$25,$0
- sll $25,1
- multu $13,$14 # mul_add_c(a2[1],b[2],c1,c2,c3);
- slt $6,$24,$0
- addu $25,$6
- sll $24,1
addu $2,$24
sltu $1,$2,$24
- addu $25,$1
+ multu $13,$14 # forward multiplication
+ addu $2,$24
+ addu $1,$25
+ sltu $24,$2,$24
+ addu $3,$1
+ addu $25,$24
+ sltu $7,$3,$1
addu $3,$25
- sltu $1,$3,$25
- addu $7,$1
+ sltu $25,$3,$25
+ addu $7,$25
mflo $24
mfhi $25
- slt $1,$25,$0
- addu $7,$1
- multu $15,$13 # mul_add_c2(a[3],b[1],c2,c3,c1);
- sll $25,1
- slt $6,$24,$0
- addu $25,$6
- sll $24,1
addu $2,$24
sltu $1,$2,$24
- addu $25,$1
+ multu $15,$13 # forward multiplication
+ addu $2,$24
+ addu $1,$25
+ sltu $24,$2,$24
+ addu $3,$1
+ addu $25,$24
+ sltu $1,$3,$1
addu $3,$25
- sltu $1,$3,$25
addu $7,$1
+ sltu $25,$3,$25
+ addu $7,$25
sw $2,3*4($4)
-
mflo $24
mfhi $25
- slt $2,$25,$0
- sll $25,1
- multu $14,$14 # mul_add_c(a[2],b[2],c2,c3,c1);
- slt $6,$24,$0
- addu $25,$6
- sll $24,1
addu $3,$24
sltu $1,$3,$24
- addu $25,$1
+ multu $14,$14 # forward multiplication
+ addu $3,$24
+ addu $1,$25
+ sltu $24,$3,$24
+ addu $7,$1
+ addu $25,$24
+ sltu $2,$7,$1
addu $7,$25
- sltu $1,$7,$25
- addu $2,$1
+ sltu $25,$7,$25
+ addu $2,$25
mflo $24
mfhi $25
addu $3,$24
@@ -2143,21 +2128,20 @@ bn_sqr_comba4:
sltu $1,$7,$25
addu $2,$1
sw $3,4*4($4)
-
mflo $24
mfhi $25
- slt $3,$25,$0
- sll $25,1
- multu $15,$15 # mul_add_c(a[3],b[3],c1,c2,c3);
- slt $6,$24,$0
- addu $25,$6
- sll $24,1
addu $7,$24
sltu $1,$7,$24
- addu $25,$1
+ multu $15,$15 # forward multiplication
+ addu $7,$24
+ addu $1,$25
+ sltu $24,$7,$24
+ addu $2,$1
+ addu $25,$24
+ sltu $3,$2,$1
addu $2,$25
- sltu $1,$2,$25
- addu $3,$1
+ sltu $25,$2,$25
+ addu $3,$25
sw $7,5*4($4)
mflo $24
diff --git a/main/openssl/crypto/bn/asm/mips.pl b/main/openssl/crypto/bn/asm/mips.pl
index d2f3ef7b..215c9a74 100644
--- a/main/openssl/crypto/bn/asm/mips.pl
+++ b/main/openssl/crypto/bn/asm/mips.pl
@@ -1872,6 +1872,41 @@ ___
($a_4,$a_5,$a_6,$a_7)=($b_0,$b_1,$b_2,$b_3);
+sub add_c2 () {
+my ($hi,$lo,$c0,$c1,$c2,
+ $warm, # !$warm denotes first call with specific sequence of
+ # $c_[XYZ] when there is no Z-carry to accumulate yet;
+ $an,$bn # these two are arguments for multiplication which
+ # result is used in *next* step [which is why it's
+ # commented as "forward multiplication" below];
+ )=@_;
+$code.=<<___;
+ mflo $lo
+ mfhi $hi
+ $ADDU $c0,$lo
+ sltu $at,$c0,$lo
+ $MULTU $an,$bn # forward multiplication
+ $ADDU $c0,$lo
+ $ADDU $at,$hi
+ sltu $lo,$c0,$lo
+ $ADDU $c1,$at
+ $ADDU $hi,$lo
+___
+$code.=<<___ if (!$warm);
+ sltu $c2,$c1,$at
+ $ADDU $c1,$hi
+ sltu $hi,$c1,$hi
+ $ADDU $c2,$hi
+___
+$code.=<<___ if ($warm);
+ sltu $at,$c1,$at
+ $ADDU $c1,$hi
+ $ADDU $c2,$at
+ sltu $hi,$c1,$hi
+ $ADDU $c2,$hi
+___
+}
+
$code.=<<___;
.align 5
@@ -1920,21 +1955,10 @@ $code.=<<___;
sltu $at,$c_2,$t_1
$ADDU $c_3,$t_2,$at
$ST $c_2,$BNSZ($a0)
-
- mflo $t_1
- mfhi $t_2
- slt $c_2,$t_2,$zero
- $SLL $t_2,1
- $MULTU $a_1,$a_1 # mul_add_c(a[1],b[1],c3,c1,c2);
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_3,$t_1
- sltu $at,$c_3,$t_1
- $ADDU $t_2,$at
- $ADDU $c_1,$t_2
- sltu $at,$c_1,$t_2
- $ADDU $c_2,$at
+___
+ &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
+ $a_1,$a_1); # mul_add_c(a[1],b[1],c3,c1,c2);
+$code.=<<___;
mflo $t_1
mfhi $t_2
$ADDU $c_3,$t_1
@@ -1945,67 +1969,19 @@ $code.=<<___;
sltu $at,$c_1,$t_2
$ADDU $c_2,$at
$ST $c_3,2*$BNSZ($a0)
-
- mflo $t_1
- mfhi $t_2
- slt $c_3,$t_2,$zero
- $SLL $t_2,1
- $MULTU $a_1,$a_2 # mul_add_c2(a[1],b[2],c1,c2,c3);
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_1,$t_1
- sltu $at,$c_1,$t_1
- $ADDU $t_2,$at
- $ADDU $c_2,$t_2
- sltu $at,$c_2,$t_2
- $ADDU $c_3,$at
- mflo $t_1
- mfhi $t_2
- slt $at,$t_2,$zero
- $ADDU $c_3,$at
- $MULTU $a_4,$a_0 # mul_add_c2(a[4],b[0],c2,c3,c1);
- $SLL $t_2,1
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_1,$t_1
- sltu $at,$c_1,$t_1
- $ADDU $t_2,$at
- $ADDU $c_2,$t_2
- sltu $at,$c_2,$t_2
- $ADDU $c_3,$at
+___
+ &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0,
+ $a_1,$a_2); # mul_add_c2(a[1],b[2],c1,c2,c3);
+ &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1,
+ $a_4,$a_0); # mul_add_c2(a[4],b[0],c2,c3,c1);
+$code.=<<___;
$ST $c_1,3*$BNSZ($a0)
-
- mflo $t_1
- mfhi $t_2
- slt $c_1,$t_2,$zero
- $SLL $t_2,1
- $MULTU $a_3,$a_1 # mul_add_c2(a[3],b[1],c2,c3,c1);
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_2,$t_1
- sltu $at,$c_2,$t_1
- $ADDU $t_2,$at
- $ADDU $c_3,$t_2
- sltu $at,$c_3,$t_2
- $ADDU $c_1,$at
- mflo $t_1
- mfhi $t_2
- slt $at,$t_2,$zero
- $ADDU $c_1,$at
- $MULTU $a_2,$a_2 # mul_add_c(a[2],b[2],c2,c3,c1);
- $SLL $t_2,1
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_2,$t_1
- sltu $at,$c_2,$t_1
- $ADDU $t_2,$at
- $ADDU $c_3,$t_2
- sltu $at,$c_3,$t_2
- $ADDU $c_1,$at
+___
+ &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0,
+ $a_3,$a_1); # mul_add_c2(a[3],b[1],c2,c3,c1);
+ &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1,
+ $a_2,$a_2); # mul_add_c(a[2],b[2],c2,c3,c1);
+$code.=<<___;
mflo $t_1
mfhi $t_2
$ADDU $c_2,$t_1
@@ -2016,97 +1992,23 @@ $code.=<<___;
sltu $at,$c_3,$t_2
$ADDU $c_1,$at
$ST $c_2,4*$BNSZ($a0)
-
- mflo $t_1
- mfhi $t_2
- slt $c_2,$t_2,$zero
- $SLL $t_2,1
- $MULTU $a_1,$a_4 # mul_add_c2(a[1],b[4],c3,c1,c2);
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_3,$t_1
- sltu $at,$c_3,$t_1
- $ADDU $t_2,$at
- $ADDU $c_1,$t_2
- sltu $at,$c_1,$t_2
- $ADDU $c_2,$at
- mflo $t_1
- mfhi $t_2
- slt $at,$t_2,$zero
- $ADDU $c_2,$at
- $MULTU $a_2,$a_3 # mul_add_c2(a[2],b[3],c3,c1,c2);
- $SLL $t_2,1
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_3,$t_1
- sltu $at,$c_3,$t_1
- $ADDU $t_2,$at
- $ADDU $c_1,$t_2
- sltu $at,$c_1,$t_2
- $ADDU $c_2,$at
- mflo $t_1
- mfhi $t_2
- slt $at,$t_2,$zero
- $MULTU $a_6,$a_0 # mul_add_c2(a[6],b[0],c1,c2,c3);
- $ADDU $c_2,$at
- $SLL $t_2,1
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_3,$t_1
- sltu $at,$c_3,$t_1
- $ADDU $t_2,$at
- $ADDU $c_1,$t_2
- sltu $at,$c_1,$t_2
- $ADDU $c_2,$at
+___
+ &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
+ $a_1,$a_4); # mul_add_c2(a[1],b[4],c3,c1,c2);
+ &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1,
+ $a_2,$a_3); # mul_add_c2(a[2],b[3],c3,c1,c2);
+ &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1,
+ $a_6,$a_0); # mul_add_c2(a[6],b[0],c1,c2,c3);
+$code.=<<___;
$ST $c_3,5*$BNSZ($a0)
-
- mflo $t_1
- mfhi $t_2
- slt $c_3,$t_2,$zero
- $SLL $t_2,1
- $MULTU $a_5,$a_1 # mul_add_c2(a[5],b[1],c1,c2,c3);
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_1,$t_1
- sltu $at,$c_1,$t_1
- $ADDU $t_2,$at
- $ADDU $c_2,$t_2
- sltu $at,$c_2,$t_2
- $ADDU $c_3,$at
- mflo $t_1
- mfhi $t_2
- slt $at,$t_2,$zero
- $ADDU $c_3,$at
- $MULTU $a_4,$a_2 # mul_add_c2(a[4],b[2],c1,c2,c3);
- $SLL $t_2,1
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_1,$t_1
- sltu $at,$c_1,$t_1
- $ADDU $t_2,$at
- $ADDU $c_2,$t_2
- sltu $at,$c_2,$t_2
- $ADDU $c_3,$at
- mflo $t_1
- mfhi $t_2
- slt $at,$t_2,$zero
- $ADDU $c_3,$at
- $MULTU $a_3,$a_3 # mul_add_c(a[3],b[3],c1,c2,c3);
- $SLL $t_2,1
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_1,$t_1
- sltu $at,$c_1,$t_1
- $ADDU $t_2,$at
- $ADDU $c_2,$t_2
- sltu $at,$c_2,$t_2
- $ADDU $c_3,$at
+___
+ &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0,
+ $a_5,$a_1); # mul_add_c2(a[5],b[1],c1,c2,c3);
+ &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1,
+ $a_4,$a_2); # mul_add_c2(a[4],b[2],c1,c2,c3);
+ &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1,
+ $a_3,$a_3); # mul_add_c(a[3],b[3],c1,c2,c3);
+$code.=<<___;
mflo $t_1
mfhi $t_2
$ADDU $c_1,$t_1
@@ -2117,112 +2019,25 @@ $code.=<<___;
sltu $at,$c_2,$t_2
$ADDU $c_3,$at
$ST $c_1,6*$BNSZ($a0)
-
- mflo $t_1
- mfhi $t_2
- slt $c_1,$t_2,$zero
- $SLL $t_2,1
- $MULTU $a_1,$a_6 # mul_add_c2(a[1],b[6],c2,c3,c1);
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_2,$t_1
- sltu $at,$c_2,$t_1
- $ADDU $t_2,$at
- $ADDU $c_3,$t_2
- sltu $at,$c_3,$t_2
- $ADDU $c_1,$at
- mflo $t_1
- mfhi $t_2
- slt $at,$t_2,$zero
- $ADDU $c_1,$at
- $MULTU $a_2,$a_5 # mul_add_c2(a[2],b[5],c2,c3,c1);
- $SLL $t_2,1
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_2,$t_1
- sltu $at,$c_2,$t_1
- $ADDU $t_2,$at
- $ADDU $c_3,$t_2
- sltu $at,$c_3,$t_2
- $ADDU $c_1,$at
- mflo $t_1
- mfhi $t_2
- slt $at,$t_2,$zero
- $ADDU $c_1,$at
- $MULTU $a_3,$a_4 # mul_add_c2(a[3],b[4],c2,c3,c1);
- $SLL $t_2,1
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_2,$t_1
- sltu $at,$c_2,$t_1
- $ADDU $t_2,$at
- $ADDU $c_3,$t_2
- sltu $at,$c_3,$t_2
- $ADDU $c_1,$at
- mflo $t_1
- mfhi $t_2
- slt $at,$t_2,$zero
- $ADDU $c_1,$at
- $MULTU $a_7,$a_1 # mul_add_c2(a[7],b[1],c3,c1,c2);
- $SLL $t_2,1
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_2,$t_1
- sltu $at,$c_2,$t_1
- $ADDU $t_2,$at
- $ADDU $c_3,$t_2
- sltu $at,$c_3,$t_2
- $ADDU $c_1,$at
+___
+ &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0,
+ $a_1,$a_6); # mul_add_c2(a[1],b[6],c2,c3,c1);
+ &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1,
+ $a_2,$a_5); # mul_add_c2(a[2],b[5],c2,c3,c1);
+ &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1,
+ $a_3,$a_4); # mul_add_c2(a[3],b[4],c2,c3,c1);
+ &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1,
+ $a_7,$a_1); # mul_add_c2(a[7],b[1],c3,c1,c2);
+$code.=<<___;
$ST $c_2,7*$BNSZ($a0)
-
- mflo $t_1
- mfhi $t_2
- slt $c_2,$t_2,$zero
- $SLL $t_2,1
- $MULTU $a_6,$a_2 # mul_add_c2(a[6],b[2],c3,c1,c2);
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_3,$t_1
- sltu $at,$c_3,$t_1
- $ADDU $t_2,$at
- $ADDU $c_1,$t_2
- sltu $at,$c_1,$t_2
- $ADDU $c_2,$at
- mflo $t_1
- mfhi $t_2
- slt $at,$t_2,$zero
- $ADDU $c_2,$at
- $MULTU $a_5,$a_3 # mul_add_c2(a[5],b[3],c3,c1,c2);
- $SLL $t_2,1
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_3,$t_1
- sltu $at,$c_3,$t_1
- $ADDU $t_2,$at
- $ADDU $c_1,$t_2
- sltu $at,$c_1,$t_2
- $ADDU $c_2,$at
- mflo $t_1
- mfhi $t_2
- slt $at,$t_2,$zero
- $ADDU $c_2,$at
- $MULTU $a_4,$a_4 # mul_add_c(a[4],b[4],c3,c1,c2);
- $SLL $t_2,1
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_3,$t_1
- sltu $at,$c_3,$t_1
- $ADDU $t_2,$at
- $ADDU $c_1,$t_2
- sltu $at,$c_1,$t_2
- $ADDU $c_2,$at
+___
+ &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
+ $a_6,$a_2); # mul_add_c2(a[6],b[2],c3,c1,c2);
+ &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1,
+ $a_5,$a_3); # mul_add_c2(a[5],b[3],c3,c1,c2);
+ &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1,
+ $a_4,$a_4); # mul_add_c(a[4],b[4],c3,c1,c2);
+$code.=<<___;
mflo $t_1
mfhi $t_2
$ADDU $c_3,$t_1
@@ -2233,82 +2048,21 @@ $code.=<<___;
sltu $at,$c_1,$t_2
$ADDU $c_2,$at
$ST $c_3,8*$BNSZ($a0)
-
- mflo $t_1
- mfhi $t_2
- slt $c_3,$t_2,$zero
- $SLL $t_2,1
- $MULTU $a_3,$a_6 # mul_add_c2(a[3],b[6],c1,c2,c3);
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_1,$t_1
- sltu $at,$c_1,$t_1
- $ADDU $t_2,$at
- $ADDU $c_2,$t_2
- sltu $at,$c_2,$t_2
- $ADDU $c_3,$at
- mflo $t_1
- mfhi $t_2
- slt $at,$t_2,$zero
- $ADDU $c_3,$at
- $MULTU $a_4,$a_5 # mul_add_c2(a[4],b[5],c1,c2,c3);
- $SLL $t_2,1
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_1,$t_1
- sltu $at,$c_1,$t_1
- $ADDU $t_2,$at
- $ADDU $c_2,$t_2
- sltu $at,$c_2,$t_2
- $ADDU $c_3,$at
- mflo $t_1
- mfhi $t_2
- slt $at,$t_2,$zero
- $ADDU $c_3,$at
- $MULTU $a_7,$a_3 # mul_add_c2(a[7],b[3],c2,c3,c1);
- $SLL $t_2,1
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_1,$t_1
- sltu $at,$c_1,$t_1
- $ADDU $t_2,$at
- $ADDU $c_2,$t_2
- sltu $at,$c_2,$t_2
- $ADDU $c_3,$at
+___
+ &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0,
+ $a_3,$a_6); # mul_add_c2(a[3],b[6],c1,c2,c3);
+ &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1,
+ $a_4,$a_5); # mul_add_c2(a[4],b[5],c1,c2,c3);
+ &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1,
+ $a_7,$a_3); # mul_add_c2(a[7],b[3],c2,c3,c1);
+$code.=<<___;
$ST $c_1,9*$BNSZ($a0)
-
- mflo $t_1
- mfhi $t_2
- slt $c_1,$t_2,$zero
- $SLL $t_2,1
- $MULTU $a_6,$a_4 # mul_add_c2(a[6],b[4],c2,c3,c1);
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_2,$t_1
- sltu $at,$c_2,$t_1
- $ADDU $t_2,$at
- $ADDU $c_3,$t_2
- sltu $at,$c_3,$t_2
- $ADDU $c_1,$at
- mflo $t_1
- mfhi $t_2
- slt $at,$t_2,$zero
- $ADDU $c_1,$at
- $MULTU $a_5,$a_5 # mul_add_c(a[5],b[5],c2,c3,c1);
- $SLL $t_2,1
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_2,$t_1
- sltu $at,$c_2,$t_1
- $ADDU $t_2,$at
- $ADDU $c_3,$t_2
- sltu $at,$c_3,$t_2
- $ADDU $c_1,$at
+___
+ &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0,
+ $a_6,$a_4); # mul_add_c2(a[6],b[4],c2,c3,c1);
+ &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1,
+ $a_5,$a_5); # mul_add_c(a[5],b[5],c2,c3,c1);
+$code.=<<___;
mflo $t_1
mfhi $t_2
$ADDU $c_2,$t_1
@@ -2319,52 +2073,17 @@ $code.=<<___;
sltu $at,$c_3,$t_2
$ADDU $c_1,$at
$ST $c_2,10*$BNSZ($a0)
-
- mflo $t_1
- mfhi $t_2
- slt $c_2,$t_2,$zero
- $SLL $t_2,1
- $MULTU $a_5,$a_6 # mul_add_c2(a[5],b[6],c3,c1,c2);
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_3,$t_1
- sltu $at,$c_3,$t_1
- $ADDU $t_2,$at
- $ADDU $c_1,$t_2
- sltu $at,$c_1,$t_2
- $ADDU $c_2,$at
- mflo $t_1
- mfhi $t_2
- slt $at,$t_2,$zero
- $ADDU $c_2,$at
- $MULTU $a_7,$a_5 # mul_add_c2(a[7],b[5],c1,c2,c3);
- $SLL $t_2,1
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_3,$t_1
- sltu $at,$c_3,$t_1
- $ADDU $t_2,$at
- $ADDU $c_1,$t_2
- sltu $at,$c_1,$t_2
- $ADDU $c_2,$at
+___
+ &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
+ $a_5,$a_6); # mul_add_c2(a[5],b[6],c3,c1,c2);
+ &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1,
+ $a_7,$a_5); # mul_add_c2(a[7],b[5],c1,c2,c3);
+$code.=<<___;
$ST $c_3,11*$BNSZ($a0)
-
- mflo $t_1
- mfhi $t_2
- slt $c_3,$t_2,$zero
- $SLL $t_2,1
- $MULTU $a_6,$a_6 # mul_add_c(a[6],b[6],c1,c2,c3);
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_1,$t_1
- sltu $at,$c_1,$t_1
- $ADDU $t_2,$at
- $ADDU $c_2,$t_2
- sltu $at,$c_2,$t_2
- $ADDU $c_3,$at
+___
+ &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0,
+ $a_6,$a_6); # mul_add_c(a[6],b[6],c1,c2,c3);
+$code.=<<___;
mflo $t_1
mfhi $t_2
$ADDU $c_1,$t_1
@@ -2375,21 +2094,10 @@ $code.=<<___;
sltu $at,$c_2,$t_2
$ADDU $c_3,$at
$ST $c_1,12*$BNSZ($a0)
-
- mflo $t_1
- mfhi $t_2
- slt $c_1,$t_2,$zero
- $SLL $t_2,1
- $MULTU $a_7,$a_7 # mul_add_c(a[7],b[7],c3,c1,c2);
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_2,$t_1
- sltu $at,$c_2,$t_1
- $ADDU $t_2,$at
- $ADDU $c_3,$t_2
- sltu $at,$c_3,$t_2
- $ADDU $c_1,$at
+___
+ &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0,
+ $a_7,$a_7); # mul_add_c(a[7],b[7],c3,c1,c2);
+$code.=<<___;
$ST $c_2,13*$BNSZ($a0)
mflo $t_1
@@ -2457,21 +2165,10 @@ $code.=<<___;
sltu $at,$c_2,$t_1
$ADDU $c_3,$t_2,$at
$ST $c_2,$BNSZ($a0)
-
- mflo $t_1
- mfhi $t_2
- slt $c_2,$t_2,$zero
- $SLL $t_2,1
- $MULTU $a_1,$a_1 # mul_add_c(a[1],b[1],c3,c1,c2);
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_3,$t_1
- sltu $at,$c_3,$t_1
- $ADDU $t_2,$at
- $ADDU $c_1,$t_2
- sltu $at,$c_1,$t_2
- $ADDU $c_2,$at
+___
+ &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
+ $a_1,$a_1); # mul_add_c(a[1],b[1],c3,c1,c2);
+$code.=<<___;
mflo $t_1
mfhi $t_2
$ADDU $c_3,$t_1
@@ -2482,52 +2179,17 @@ $code.=<<___;
sltu $at,$c_1,$t_2
$ADDU $c_2,$at
$ST $c_3,2*$BNSZ($a0)
-
- mflo $t_1
- mfhi $t_2
- slt $c_3,$t_2,$zero
- $SLL $t_2,1
- $MULTU $a_1,$a_2 # mul_add_c(a2[1],b[2],c1,c2,c3);
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_1,$t_1
- sltu $at,$c_1,$t_1
- $ADDU $t_2,$at
- $ADDU $c_2,$t_2
- sltu $at,$c_2,$t_2
- $ADDU $c_3,$at
- mflo $t_1
- mfhi $t_2
- slt $at,$t_2,$zero
- $ADDU $c_3,$at
- $MULTU $a_3,$a_1 # mul_add_c2(a[3],b[1],c2,c3,c1);
- $SLL $t_2,1
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_1,$t_1
- sltu $at,$c_1,$t_1
- $ADDU $t_2,$at
- $ADDU $c_2,$t_2
- sltu $at,$c_2,$t_2
- $ADDU $c_3,$at
+___
+ &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0,
+ $a_1,$a_2); # mul_add_c2(a2[1],b[2],c1,c2,c3);
+ &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1,
+ $a_3,$a_1); # mul_add_c2(a[3],b[1],c2,c3,c1);
+$code.=<<___;
$ST $c_1,3*$BNSZ($a0)
-
- mflo $t_1
- mfhi $t_2
- slt $c_1,$t_2,$zero
- $SLL $t_2,1
- $MULTU $a_2,$a_2 # mul_add_c(a[2],b[2],c2,c3,c1);
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_2,$t_1
- sltu $at,$c_2,$t_1
- $ADDU $t_2,$at
- $ADDU $c_3,$t_2
- sltu $at,$c_3,$t_2
- $ADDU $c_1,$at
+___
+ &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0,
+ $a_2,$a_2); # mul_add_c(a[2],b[2],c2,c3,c1);
+$code.=<<___;
mflo $t_1
mfhi $t_2
$ADDU $c_2,$t_1
@@ -2538,21 +2200,10 @@ $code.=<<___;
sltu $at,$c_3,$t_2
$ADDU $c_1,$at
$ST $c_2,4*$BNSZ($a0)
-
- mflo $t_1
- mfhi $t_2
- slt $c_2,$t_2,$zero
- $SLL $t_2,1
- $MULTU $a_3,$a_3 # mul_add_c(a[3],b[3],c1,c2,c3);
- slt $a2,$t_1,$zero
- $ADDU $t_2,$a2
- $SLL $t_1,1
- $ADDU $c_3,$t_1
- sltu $at,$c_3,$t_1
- $ADDU $t_2,$at
- $ADDU $c_1,$t_2
- sltu $at,$c_1,$t_2
- $ADDU $c_2,$at
+___
+ &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0,
+ $a_3,$a_3); # mul_add_c(a[3],b[3],c1,c2,c3);
+$code.=<<___;
$ST $c_3,5*$BNSZ($a0)
mflo $t_1
diff --git a/main/openssl/crypto/bn/asm/mips3.S b/main/openssl/crypto/bn/asm/mips3.S
deleted file mode 100644
index dca4105c..00000000
--- a/main/openssl/crypto/bn/asm/mips3.S
+++ /dev/null
@@ -1,2201 +0,0 @@
-.rdata
-.asciiz "mips3.s, Version 1.1"
-.asciiz "MIPS III/IV ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
-
-/*
- * ====================================================================
- * Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
- * project.
- *
- * Rights for redistribution and usage in source and binary forms are
- * granted according to the OpenSSL license. Warranty of any kind is
- * disclaimed.
- * ====================================================================
- */
-
-/*
- * This is my modest contributon to the OpenSSL project (see
- * http://www.openssl.org/ for more information about it) and is
- * a drop-in MIPS III/IV ISA replacement for crypto/bn/bn_asm.c
- * module. For updates see http://fy.chalmers.se/~appro/hpe/.
- *
- * The module is designed to work with either of the "new" MIPS ABI(5),
- * namely N32 or N64, offered by IRIX 6.x. It's not ment to work under
- * IRIX 5.x not only because it doesn't support new ABIs but also
- * because 5.x kernels put R4x00 CPU into 32-bit mode and all those
- * 64-bit instructions (daddu, dmultu, etc.) found below gonna only
- * cause illegal instruction exception:-(
- *
- * In addition the code depends on preprocessor flags set up by MIPSpro
- * compiler driver (either as or cc) and therefore (probably?) can't be
- * compiled by the GNU assembler. GNU C driver manages fine though...
- * I mean as long as -mmips-as is specified or is the default option,
- * because then it simply invokes /usr/bin/as which in turn takes
- * perfect care of the preprocessor definitions. Another neat feature
- * offered by the MIPSpro assembler is an optimization pass. This gave
- * me the opportunity to have the code looking more regular as all those
- * architecture dependent instruction rescheduling details were left to
- * the assembler. Cool, huh?
- *
- * Performance improvement is astonishing! 'apps/openssl speed rsa dsa'
- * goes way over 3 times faster!
- *
- * <appro@fy.chalmers.se>
- */
-#include <asm.h>
-#include <regdef.h>
-
-#if _MIPS_ISA>=4
-#define MOVNZ(cond,dst,src) \
- movn dst,src,cond
-#else
-#define MOVNZ(cond,dst,src) \
- .set noreorder; \
- bnezl cond,.+8; \
- move dst,src; \
- .set reorder
-#endif
-
-.text
-
-.set noat
-.set reorder
-
-#define MINUS4 v1
-
-.align 5
-LEAF(bn_mul_add_words)
- .set noreorder
- bgtzl a2,.L_bn_mul_add_words_proceed
- ld t0,0(a1)
- jr ra
- move v0,zero
- .set reorder
-
-.L_bn_mul_add_words_proceed:
- li MINUS4,-4
- and ta0,a2,MINUS4
- move v0,zero
- beqz ta0,.L_bn_mul_add_words_tail
-
-.L_bn_mul_add_words_loop:
- dmultu t0,a3
- ld t1,0(a0)
- ld t2,8(a1)
- ld t3,8(a0)
- ld ta0,16(a1)
- ld ta1,16(a0)
- daddu t1,v0
- sltu v0,t1,v0 /* All manuals say it "compares 32-bit
- * values", but it seems to work fine
- * even on 64-bit registers. */
- mflo AT
- mfhi t0
- daddu t1,AT
- daddu v0,t0
- sltu AT,t1,AT
- sd t1,0(a0)
- daddu v0,AT
-
- dmultu t2,a3
- ld ta2,24(a1)
- ld ta3,24(a0)
- daddu t3,v0
- sltu v0,t3,v0
- mflo AT
- mfhi t2
- daddu t3,AT
- daddu v0,t2
- sltu AT,t3,AT
- sd t3,8(a0)
- daddu v0,AT
-
- dmultu ta0,a3
- subu a2,4
- PTR_ADD a0,32
- PTR_ADD a1,32
- daddu ta1,v0
- sltu v0,ta1,v0
- mflo AT
- mfhi ta0
- daddu ta1,AT
- daddu v0,ta0
- sltu AT,ta1,AT
- sd ta1,-16(a0)
- daddu v0,AT
-
-
- dmultu ta2,a3
- and ta0,a2,MINUS4
- daddu ta3,v0
- sltu v0,ta3,v0
- mflo AT
- mfhi ta2
- daddu ta3,AT
- daddu v0,ta2
- sltu AT,ta3,AT
- sd ta3,-8(a0)
- daddu v0,AT
- .set noreorder
- bgtzl ta0,.L_bn_mul_add_words_loop
- ld t0,0(a1)
-
- bnezl a2,.L_bn_mul_add_words_tail
- ld t0,0(a1)
- .set reorder
-
-.L_bn_mul_add_words_return:
- jr ra
-
-.L_bn_mul_add_words_tail:
- dmultu t0,a3
- ld t1,0(a0)
- subu a2,1
- daddu t1,v0
- sltu v0,t1,v0
- mflo AT
- mfhi t0
- daddu t1,AT
- daddu v0,t0
- sltu AT,t1,AT
- sd t1,0(a0)
- daddu v0,AT
- beqz a2,.L_bn_mul_add_words_return
-
- ld t0,8(a1)
- dmultu t0,a3
- ld t1,8(a0)
- subu a2,1
- daddu t1,v0
- sltu v0,t1,v0
- mflo AT
- mfhi t0
- daddu t1,AT
- daddu v0,t0
- sltu AT,t1,AT
- sd t1,8(a0)
- daddu v0,AT
- beqz a2,.L_bn_mul_add_words_return
-
- ld t0,16(a1)
- dmultu t0,a3
- ld t1,16(a0)
- daddu t1,v0
- sltu v0,t1,v0
- mflo AT
- mfhi t0
- daddu t1,AT
- daddu v0,t0
- sltu AT,t1,AT
- sd t1,16(a0)
- daddu v0,AT
- jr ra
-END(bn_mul_add_words)
-
-.align 5
-LEAF(bn_mul_words)
- .set noreorder
- bgtzl a2,.L_bn_mul_words_proceed
- ld t0,0(a1)
- jr ra
- move v0,zero
- .set reorder
-
-.L_bn_mul_words_proceed:
- li MINUS4,-4
- and ta0,a2,MINUS4
- move v0,zero
- beqz ta0,.L_bn_mul_words_tail
-
-.L_bn_mul_words_loop:
- dmultu t0,a3
- ld t2,8(a1)
- ld ta0,16(a1)
- ld ta2,24(a1)
- mflo AT
- mfhi t0
- daddu v0,AT
- sltu t1,v0,AT
- sd v0,0(a0)
- daddu v0,t1,t0
-
- dmultu t2,a3
- subu a2,4
- PTR_ADD a0,32
- PTR_ADD a1,32
- mflo AT
- mfhi t2
- daddu v0,AT
- sltu t3,v0,AT
- sd v0,-24(a0)
- daddu v0,t3,t2
-
- dmultu ta0,a3
- mflo AT
- mfhi ta0
- daddu v0,AT
- sltu ta1,v0,AT
- sd v0,-16(a0)
- daddu v0,ta1,ta0
-
-
- dmultu ta2,a3
- and ta0,a2,MINUS4
- mflo AT
- mfhi ta2
- daddu v0,AT
- sltu ta3,v0,AT
- sd v0,-8(a0)
- daddu v0,ta3,ta2
- .set noreorder
- bgtzl ta0,.L_bn_mul_words_loop
- ld t0,0(a1)
-
- bnezl a2,.L_bn_mul_words_tail
- ld t0,0(a1)
- .set reorder
-
-.L_bn_mul_words_return:
- jr ra
-
-.L_bn_mul_words_tail:
- dmultu t0,a3
- subu a2,1
- mflo AT
- mfhi t0
- daddu v0,AT
- sltu t1,v0,AT
- sd v0,0(a0)
- daddu v0,t1,t0
- beqz a2,.L_bn_mul_words_return
-
- ld t0,8(a1)
- dmultu t0,a3
- subu a2,1
- mflo AT
- mfhi t0
- daddu v0,AT
- sltu t1,v0,AT
- sd v0,8(a0)
- daddu v0,t1,t0
- beqz a2,.L_bn_mul_words_return
-
- ld t0,16(a1)
- dmultu t0,a3
- mflo AT
- mfhi t0
- daddu v0,AT
- sltu t1,v0,AT
- sd v0,16(a0)
- daddu v0,t1,t0
- jr ra
-END(bn_mul_words)
-
-.align 5
-LEAF(bn_sqr_words)
- .set noreorder
- bgtzl a2,.L_bn_sqr_words_proceed
- ld t0,0(a1)
- jr ra
- move v0,zero
- .set reorder
-
-.L_bn_sqr_words_proceed:
- li MINUS4,-4
- and ta0,a2,MINUS4
- move v0,zero
- beqz ta0,.L_bn_sqr_words_tail
-
-.L_bn_sqr_words_loop:
- dmultu t0,t0
- ld t2,8(a1)
- ld ta0,16(a1)
- ld ta2,24(a1)
- mflo t1
- mfhi t0
- sd t1,0(a0)
- sd t0,8(a0)
-
- dmultu t2,t2
- subu a2,4
- PTR_ADD a0,64
- PTR_ADD a1,32
- mflo t3
- mfhi t2
- sd t3,-48(a0)
- sd t2,-40(a0)
-
- dmultu ta0,ta0
- mflo ta1
- mfhi ta0
- sd ta1,-32(a0)
- sd ta0,-24(a0)
-
-
- dmultu ta2,ta2
- and ta0,a2,MINUS4
- mflo ta3
- mfhi ta2
- sd ta3,-16(a0)
- sd ta2,-8(a0)
-
- .set noreorder
- bgtzl ta0,.L_bn_sqr_words_loop
- ld t0,0(a1)
-
- bnezl a2,.L_bn_sqr_words_tail
- ld t0,0(a1)
- .set reorder
-
-.L_bn_sqr_words_return:
- move v0,zero
- jr ra
-
-.L_bn_sqr_words_tail:
- dmultu t0,t0
- subu a2,1
- mflo t1
- mfhi t0
- sd t1,0(a0)
- sd t0,8(a0)
- beqz a2,.L_bn_sqr_words_return
-
- ld t0,8(a1)
- dmultu t0,t0
- subu a2,1
- mflo t1
- mfhi t0
- sd t1,16(a0)
- sd t0,24(a0)
- beqz a2,.L_bn_sqr_words_return
-
- ld t0,16(a1)
- dmultu t0,t0
- mflo t1
- mfhi t0
- sd t1,32(a0)
- sd t0,40(a0)
- jr ra
-END(bn_sqr_words)
-
-.align 5
-LEAF(bn_add_words)
- .set noreorder
- bgtzl a3,.L_bn_add_words_proceed
- ld t0,0(a1)
- jr ra
- move v0,zero
- .set reorder
-
-.L_bn_add_words_proceed:
- li MINUS4,-4
- and AT,a3,MINUS4
- move v0,zero
- beqz AT,.L_bn_add_words_tail
-
-.L_bn_add_words_loop:
- ld ta0,0(a2)
- subu a3,4
- ld t1,8(a1)
- and AT,a3,MINUS4
- ld t2,16(a1)
- PTR_ADD a2,32
- ld t3,24(a1)
- PTR_ADD a0,32
- ld ta1,-24(a2)
- PTR_ADD a1,32
- ld ta2,-16(a2)
- ld ta3,-8(a2)
- daddu ta0,t0
- sltu t8,ta0,t0
- daddu t0,ta0,v0
- sltu v0,t0,ta0
- sd t0,-32(a0)
- daddu v0,t8
-
- daddu ta1,t1
- sltu t9,ta1,t1
- daddu t1,ta1,v0
- sltu v0,t1,ta1
- sd t1,-24(a0)
- daddu v0,t9
-
- daddu ta2,t2
- sltu t8,ta2,t2
- daddu t2,ta2,v0
- sltu v0,t2,ta2
- sd t2,-16(a0)
- daddu v0,t8
-
- daddu ta3,t3
- sltu t9,ta3,t3
- daddu t3,ta3,v0
- sltu v0,t3,ta3
- sd t3,-8(a0)
- daddu v0,t9
-
- .set noreorder
- bgtzl AT,.L_bn_add_words_loop
- ld t0,0(a1)
-
- bnezl a3,.L_bn_add_words_tail
- ld t0,0(a1)
- .set reorder
-
-.L_bn_add_words_return:
- jr ra
-
-.L_bn_add_words_tail:
- ld ta0,0(a2)
- daddu ta0,t0
- subu a3,1
- sltu t8,ta0,t0
- daddu t0,ta0,v0
- sltu v0,t0,ta0
- sd t0,0(a0)
- daddu v0,t8
- beqz a3,.L_bn_add_words_return
-
- ld t1,8(a1)
- ld ta1,8(a2)
- daddu ta1,t1
- subu a3,1
- sltu t9,ta1,t1
- daddu t1,ta1,v0
- sltu v0,t1,ta1
- sd t1,8(a0)
- daddu v0,t9
- beqz a3,.L_bn_add_words_return
-
- ld t2,16(a1)
- ld ta2,16(a2)
- daddu ta2,t2
- sltu t8,ta2,t2
- daddu t2,ta2,v0
- sltu v0,t2,ta2
- sd t2,16(a0)
- daddu v0,t8
- jr ra
-END(bn_add_words)
-
-.align 5
-LEAF(bn_sub_words)
- .set noreorder
- bgtzl a3,.L_bn_sub_words_proceed
- ld t0,0(a1)
- jr ra
- move v0,zero
- .set reorder
-
-.L_bn_sub_words_proceed:
- li MINUS4,-4
- and AT,a3,MINUS4
- move v0,zero
- beqz AT,.L_bn_sub_words_tail
-
-.L_bn_sub_words_loop:
- ld ta0,0(a2)
- subu a3,4
- ld t1,8(a1)
- and AT,a3,MINUS4
- ld t2,16(a1)
- PTR_ADD a2,32
- ld t3,24(a1)
- PTR_ADD a0,32
- ld ta1,-24(a2)
- PTR_ADD a1,32
- ld ta2,-16(a2)
- ld ta3,-8(a2)
- sltu t8,t0,ta0
- dsubu t0,ta0
- dsubu ta0,t0,v0
- sd ta0,-32(a0)
- MOVNZ (t0,v0,t8)
-
- sltu t9,t1,ta1
- dsubu t1,ta1
- dsubu ta1,t1,v0
- sd ta1,-24(a0)
- MOVNZ (t1,v0,t9)
-
-
- sltu t8,t2,ta2
- dsubu t2,ta2
- dsubu ta2,t2,v0
- sd ta2,-16(a0)
- MOVNZ (t2,v0,t8)
-
- sltu t9,t3,ta3
- dsubu t3,ta3
- dsubu ta3,t3,v0
- sd ta3,-8(a0)
- MOVNZ (t3,v0,t9)
-
- .set noreorder
- bgtzl AT,.L_bn_sub_words_loop
- ld t0,0(a1)
-
- bnezl a3,.L_bn_sub_words_tail
- ld t0,0(a1)
- .set reorder
-
-.L_bn_sub_words_return:
- jr ra
-
-.L_bn_sub_words_tail:
- ld ta0,0(a2)
- subu a3,1
- sltu t8,t0,ta0
- dsubu t0,ta0
- dsubu ta0,t0,v0
- MOVNZ (t0,v0,t8)
- sd ta0,0(a0)
- beqz a3,.L_bn_sub_words_return
-
- ld t1,8(a1)
- subu a3,1
- ld ta1,8(a2)
- sltu t9,t1,ta1
- dsubu t1,ta1
- dsubu ta1,t1,v0
- MOVNZ (t1,v0,t9)
- sd ta1,8(a0)
- beqz a3,.L_bn_sub_words_return
-
- ld t2,16(a1)
- ld ta2,16(a2)
- sltu t8,t2,ta2
- dsubu t2,ta2
- dsubu ta2,t2,v0
- MOVNZ (t2,v0,t8)
- sd ta2,16(a0)
- jr ra
-END(bn_sub_words)
-
-#undef MINUS4
-
-.align 5
-LEAF(bn_div_3_words)
- .set reorder
- move a3,a0 /* we know that bn_div_words doesn't
- * touch a3, ta2, ta3 and preserves a2
- * so that we can save two arguments
- * and return address in registers
- * instead of stack:-)
- */
- ld a0,(a3)
- move ta2,a1
- ld a1,-8(a3)
- bne a0,a2,.L_bn_div_3_words_proceed
- li v0,-1
- jr ra
-.L_bn_div_3_words_proceed:
- move ta3,ra
- bal bn_div_words
- move ra,ta3
- dmultu ta2,v0
- ld t2,-16(a3)
- move ta0,zero
- mfhi t1
- mflo t0
- sltu t8,t1,v1
-.L_bn_div_3_words_inner_loop:
- bnez t8,.L_bn_div_3_words_inner_loop_done
- sgeu AT,t2,t0
- seq t9,t1,v1
- and AT,t9
- sltu t3,t0,ta2
- daddu v1,a2
- dsubu t1,t3
- dsubu t0,ta2
- sltu t8,t1,v1
- sltu ta0,v1,a2
- or t8,ta0
- .set noreorder
- beqzl AT,.L_bn_div_3_words_inner_loop
- dsubu v0,1
- .set reorder
-.L_bn_div_3_words_inner_loop_done:
- jr ra
-END(bn_div_3_words)
-
-.align 5
-LEAF(bn_div_words)
- .set noreorder
- bnezl a2,.L_bn_div_words_proceed
- move v1,zero
- jr ra
- li v0,-1 /* I'd rather signal div-by-zero
- * which can be done with 'break 7' */
-
-.L_bn_div_words_proceed:
- bltz a2,.L_bn_div_words_body
- move t9,v1
- dsll a2,1
- bgtz a2,.-4
- addu t9,1
-
- .set reorder
- negu t1,t9
- li t2,-1
- dsll t2,t1
- and t2,a0
- dsrl AT,a1,t1
- .set noreorder
- bnezl t2,.+8
- break 6 /* signal overflow */
- .set reorder
- dsll a0,t9
- dsll a1,t9
- or a0,AT
-
-#define QT ta0
-#define HH ta1
-#define DH v1
-.L_bn_div_words_body:
- dsrl DH,a2,32
- sgeu AT,a0,a2
- .set noreorder
- bnezl AT,.+8
- dsubu a0,a2
- .set reorder
-
- li QT,-1
- dsrl HH,a0,32
- dsrl QT,32 /* q=0xffffffff */
- beq DH,HH,.L_bn_div_words_skip_div1
- ddivu zero,a0,DH
- mflo QT
-.L_bn_div_words_skip_div1:
- dmultu a2,QT
- dsll t3,a0,32
- dsrl AT,a1,32
- or t3,AT
- mflo t0
- mfhi t1
-.L_bn_div_words_inner_loop1:
- sltu t2,t3,t0
- seq t8,HH,t1
- sltu AT,HH,t1
- and t2,t8
- sltu v0,t0,a2
- or AT,t2
- .set noreorder
- beqz AT,.L_bn_div_words_inner_loop1_done
- dsubu t1,v0
- dsubu t0,a2
- b .L_bn_div_words_inner_loop1
- dsubu QT,1
- .set reorder
-.L_bn_div_words_inner_loop1_done:
-
- dsll a1,32
- dsubu a0,t3,t0
- dsll v0,QT,32
-
- li QT,-1
- dsrl HH,a0,32
- dsrl QT,32 /* q=0xffffffff */
- beq DH,HH,.L_bn_div_words_skip_div2
- ddivu zero,a0,DH
- mflo QT
-.L_bn_div_words_skip_div2:
-#undef DH
- dmultu a2,QT
- dsll t3,a0,32
- dsrl AT,a1,32
- or t3,AT
- mflo t0
- mfhi t1
-.L_bn_div_words_inner_loop2:
- sltu t2,t3,t0
- seq t8,HH,t1
- sltu AT,HH,t1
- and t2,t8
- sltu v1,t0,a2
- or AT,t2
- .set noreorder
- beqz AT,.L_bn_div_words_inner_loop2_done
- dsubu t1,v1
- dsubu t0,a2
- b .L_bn_div_words_inner_loop2
- dsubu QT,1
- .set reorder
-.L_bn_div_words_inner_loop2_done:
-#undef HH
-
- dsubu a0,t3,t0
- or v0,QT
- dsrl v1,a0,t9 /* v1 contains remainder if anybody wants it */
- dsrl a2,t9 /* restore a2 */
- jr ra
-#undef QT
-END(bn_div_words)
-
-#define a_0 t0
-#define a_1 t1
-#define a_2 t2
-#define a_3 t3
-#define b_0 ta0
-#define b_1 ta1
-#define b_2 ta2
-#define b_3 ta3
-
-#define a_4 s0
-#define a_5 s2
-#define a_6 s4
-#define a_7 a1 /* once we load a[7] we don't need a anymore */
-#define b_4 s1
-#define b_5 s3
-#define b_6 s5
-#define b_7 a2 /* once we load b[7] we don't need b anymore */
-
-#define t_1 t8
-#define t_2 t9
-
-#define c_1 v0
-#define c_2 v1
-#define c_3 a3
-
-#define FRAME_SIZE 48
-
-.align 5
-LEAF(bn_mul_comba8)
- .set noreorder
- PTR_SUB sp,FRAME_SIZE
- .frame sp,64,ra
- .set reorder
- ld a_0,0(a1) /* If compiled with -mips3 option on
- * R5000 box assembler barks on this
- * line with "shouldn't have mult/div
- * as last instruction in bb (R10K
- * bug)" warning. If anybody out there
- * has a clue about how to circumvent
- * this do send me a note.
- * <appro@fy.chalmers.se>
- */
- ld b_0,0(a2)
- ld a_1,8(a1)
- ld a_2,16(a1)
- ld a_3,24(a1)
- ld b_1,8(a2)
- ld b_2,16(a2)
- ld b_3,24(a2)
- dmultu a_0,b_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */
- sd s0,0(sp)
- sd s1,8(sp)
- sd s2,16(sp)
- sd s3,24(sp)
- sd s4,32(sp)
- sd s5,40(sp)
- mflo c_1
- mfhi c_2
-
- dmultu a_0,b_1 /* mul_add_c(a[0],b[1],c2,c3,c1); */
- ld a_4,32(a1)
- ld a_5,40(a1)
- ld a_6,48(a1)
- ld a_7,56(a1)
- ld b_4,32(a2)
- ld b_5,40(a2)
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu c_3,t_2,AT
- dmultu a_1,b_0 /* mul_add_c(a[1],b[0],c2,c3,c1); */
- ld b_6,48(a2)
- ld b_7,56(a2)
- sd c_1,0(a0) /* r[0]=c1; */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu c_1,c_3,t_2
- sd c_2,8(a0) /* r[1]=c2; */
-
- dmultu a_2,b_0 /* mul_add_c(a[2],b[0],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- dmultu a_1,b_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu c_2,c_1,t_2
- dmultu a_0,b_2 /* mul_add_c(a[0],b[2],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,16(a0) /* r[2]=c3; */
-
- dmultu a_0,b_3 /* mul_add_c(a[0],b[3],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu c_3,c_2,t_2
- dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_3,b_0 /* mul_add_c(a[3],b[0],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- sd c_1,24(a0) /* r[3]=c1; */
-
- dmultu a_4,b_0 /* mul_add_c(a[4],b[0],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu c_1,c_3,t_2
- dmultu a_3,b_1 /* mul_add_c(a[3],b[1],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_1,b_3 /* mul_add_c(a[1],b[3],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_0,b_4 /* mul_add_c(a[0],b[4],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- sd c_2,32(a0) /* r[4]=c2; */
-
- dmultu a_0,b_5 /* mul_add_c(a[0],b[5],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu c_2,c_1,t_2
- dmultu a_1,b_4 /* mul_add_c(a[1],b[4],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_2,b_3 /* mul_add_c(a[2],b[3],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_3,b_2 /* mul_add_c(a[3],b[2],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_4,b_1 /* mul_add_c(a[4],b[1],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_5,b_0 /* mul_add_c(a[5],b[0],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,40(a0) /* r[5]=c3; */
-
- dmultu a_6,b_0 /* mul_add_c(a[6],b[0],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu c_3,c_2,t_2
- dmultu a_5,b_1 /* mul_add_c(a[5],b[1],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_4,b_2 /* mul_add_c(a[4],b[2],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_3,b_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_2,b_4 /* mul_add_c(a[2],b[4],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_1,b_5 /* mul_add_c(a[1],b[5],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_0,b_6 /* mul_add_c(a[0],b[6],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- sd c_1,48(a0) /* r[6]=c1; */
-
- dmultu a_0,b_7 /* mul_add_c(a[0],b[7],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu c_1,c_3,t_2
- dmultu a_1,b_6 /* mul_add_c(a[1],b[6],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_2,b_5 /* mul_add_c(a[2],b[5],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_3,b_4 /* mul_add_c(a[3],b[4],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_4,b_3 /* mul_add_c(a[4],b[3],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_5,b_2 /* mul_add_c(a[5],b[2],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_6,b_1 /* mul_add_c(a[6],b[1],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_7,b_0 /* mul_add_c(a[7],b[0],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- sd c_2,56(a0) /* r[7]=c2; */
-
- dmultu a_7,b_1 /* mul_add_c(a[7],b[1],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu c_2,c_1,t_2
- dmultu a_6,b_2 /* mul_add_c(a[6],b[2],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_5,b_3 /* mul_add_c(a[5],b[3],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_4,b_4 /* mul_add_c(a[4],b[4],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_3,b_5 /* mul_add_c(a[3],b[5],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_2,b_6 /* mul_add_c(a[2],b[6],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_1,b_7 /* mul_add_c(a[1],b[7],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,64(a0) /* r[8]=c3; */
-
- dmultu a_2,b_7 /* mul_add_c(a[2],b[7],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu c_3,c_2,t_2
- dmultu a_3,b_6 /* mul_add_c(a[3],b[6],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_4,b_5 /* mul_add_c(a[4],b[5],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_5,b_4 /* mul_add_c(a[5],b[4],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_6,b_3 /* mul_add_c(a[6],b[3],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_7,b_2 /* mul_add_c(a[7],b[2],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- sd c_1,72(a0) /* r[9]=c1; */
-
- dmultu a_7,b_3 /* mul_add_c(a[7],b[3],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu c_1,c_3,t_2
- dmultu a_6,b_4 /* mul_add_c(a[6],b[4],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_5,b_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_4,b_6 /* mul_add_c(a[4],b[6],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_3,b_7 /* mul_add_c(a[3],b[7],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- sd c_2,80(a0) /* r[10]=c2; */
-
- dmultu a_4,b_7 /* mul_add_c(a[4],b[7],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu c_2,c_1,t_2
- dmultu a_5,b_6 /* mul_add_c(a[5],b[6],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_6,b_5 /* mul_add_c(a[6],b[5],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_7,b_4 /* mul_add_c(a[7],b[4],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,88(a0) /* r[11]=c3; */
-
- dmultu a_7,b_5 /* mul_add_c(a[7],b[5],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu c_3,c_2,t_2
- dmultu a_6,b_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_5,b_7 /* mul_add_c(a[5],b[7],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- sd c_1,96(a0) /* r[12]=c1; */
-
- dmultu a_6,b_7 /* mul_add_c(a[6],b[7],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu c_1,c_3,t_2
- dmultu a_7,b_6 /* mul_add_c(a[7],b[6],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- sd c_2,104(a0) /* r[13]=c2; */
-
- dmultu a_7,b_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */
- ld s0,0(sp)
- ld s1,8(sp)
- ld s2,16(sp)
- ld s3,24(sp)
- ld s4,32(sp)
- ld s5,40(sp)
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sd c_3,112(a0) /* r[14]=c3; */
- sd c_1,120(a0) /* r[15]=c1; */
-
- PTR_ADD sp,FRAME_SIZE
-
- jr ra
-END(bn_mul_comba8)
-
-.align 5
-LEAF(bn_mul_comba4)
- .set reorder
- ld a_0,0(a1)
- ld b_0,0(a2)
- ld a_1,8(a1)
- ld a_2,16(a1)
- dmultu a_0,b_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */
- ld a_3,24(a1)
- ld b_1,8(a2)
- ld b_2,16(a2)
- ld b_3,24(a2)
- mflo c_1
- mfhi c_2
- sd c_1,0(a0)
-
- dmultu a_0,b_1 /* mul_add_c(a[0],b[1],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu c_3,t_2,AT
- dmultu a_1,b_0 /* mul_add_c(a[1],b[0],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu c_1,c_3,t_2
- sd c_2,8(a0)
-
- dmultu a_2,b_0 /* mul_add_c(a[2],b[0],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- dmultu a_1,b_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu c_2,c_1,t_2
- dmultu a_0,b_2 /* mul_add_c(a[0],b[2],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,16(a0)
-
- dmultu a_0,b_3 /* mul_add_c(a[0],b[3],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu c_3,c_2,t_2
- dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_3,b_0 /* mul_add_c(a[3],b[0],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- sd c_1,24(a0)
-
- dmultu a_3,b_1 /* mul_add_c(a[3],b[1],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu c_1,c_3,t_2
- dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_1,b_3 /* mul_add_c(a[1],b[3],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- sd c_2,32(a0)
-
- dmultu a_2,b_3 /* mul_add_c(a[2],b[3],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu c_2,c_1,t_2
- dmultu a_3,b_2 /* mul_add_c(a[3],b[2],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,40(a0)
-
- dmultu a_3,b_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sd c_1,48(a0)
- sd c_2,56(a0)
-
- jr ra
-END(bn_mul_comba4)
-
-#undef a_4
-#undef a_5
-#undef a_6
-#undef a_7
-#define a_4 b_0
-#define a_5 b_1
-#define a_6 b_2
-#define a_7 b_3
-
-.align 5
-LEAF(bn_sqr_comba8)
- .set reorder
- ld a_0,0(a1)
- ld a_1,8(a1)
- ld a_2,16(a1)
- ld a_3,24(a1)
-
- dmultu a_0,a_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */
- ld a_4,32(a1)
- ld a_5,40(a1)
- ld a_6,48(a1)
- ld a_7,56(a1)
- mflo c_1
- mfhi c_2
- sd c_1,0(a0)
-
- dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu c_3,t_2,AT
- sd c_2,8(a0)
-
- dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,16(a0)
-
- dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt c_3,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_1,a_2 /* mul_add_c2(a[1],b[2],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- sd c_1,24(a0)
-
- dmultu a_4,a_0 /* mul_add_c2(a[4],b[0],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_1,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- sd c_2,32(a0)
-
- dmultu a_0,a_5 /* mul_add_c2(a[0],b[5],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_1,a_4 /* mul_add_c2(a[1],b[4],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_2,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_2,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,40(a0)
-
- dmultu a_6,a_0 /* mul_add_c2(a[6],b[0],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt c_3,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_5,a_1 /* mul_add_c2(a[5],b[1],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_4,a_2 /* mul_add_c2(a[4],b[2],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- sd c_1,48(a0)
-
- dmultu a_0,a_7 /* mul_add_c2(a[0],b[7],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_1,a_6 /* mul_add_c2(a[1],b[6],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_1,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_2,a_5 /* mul_add_c2(a[2],b[5],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_1,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_3,a_4 /* mul_add_c2(a[3],b[4],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_1,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- sd c_2,56(a0)
-
- dmultu a_7,a_1 /* mul_add_c2(a[7],b[1],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_6,a_2 /* mul_add_c2(a[6],b[2],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_2,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_5,a_3 /* mul_add_c2(a[5],b[3],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_2,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_4,a_4 /* mul_add_c(a[4],b[4],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,64(a0)
-
- dmultu a_2,a_7 /* mul_add_c2(a[2],b[7],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt c_3,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_3,a_6 /* mul_add_c2(a[3],b[6],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_4,a_5 /* mul_add_c2(a[4],b[5],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- sd c_1,72(a0)
-
- dmultu a_7,a_3 /* mul_add_c2(a[7],b[3],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_6,a_4 /* mul_add_c2(a[6],b[4],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_1,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_5,a_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- sd c_2,80(a0)
-
- dmultu a_4,a_7 /* mul_add_c2(a[4],b[7],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_5,a_6 /* mul_add_c2(a[5],b[6],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_2,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,88(a0)
-
- dmultu a_7,a_5 /* mul_add_c2(a[7],b[5],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt c_3,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_6,a_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- sd c_1,96(a0)
-
- dmultu a_6,a_7 /* mul_add_c2(a[6],b[7],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- sd c_2,104(a0)
-
- dmultu a_7,a_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sd c_3,112(a0)
- sd c_1,120(a0)
-
- jr ra
-END(bn_sqr_comba8)
-
-.align 5
-LEAF(bn_sqr_comba4)
- .set reorder
- ld a_0,0(a1)
- ld a_1,8(a1)
- ld a_2,16(a1)
- ld a_3,24(a1)
- dmultu a_0,a_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */
- mflo c_1
- mfhi c_2
- sd c_1,0(a0)
-
- dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu c_3,t_2,AT
- sd c_2,8(a0)
-
- dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,16(a0)
-
- dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt c_3,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_1,a_2 /* mul_add_c(a2[1],b[2],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- sd c_1,24(a0)
-
- dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- sd c_2,32(a0)
-
- dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,40(a0)
-
- dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sd c_1,48(a0)
- sd c_2,56(a0)
-
- jr ra
-END(bn_sqr_comba4)
diff --git a/main/openssl/crypto/bn/asm/x86_64-gcc.c b/main/openssl/crypto/bn/asm/x86_64-gcc.c
index 6bcf32f6..e85ee8ce 100644
--- a/main/openssl/crypto/bn/asm/x86_64-gcc.c
+++ b/main/openssl/crypto/bn/asm/x86_64-gcc.c
@@ -273,6 +273,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
/* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */
+/*
+ * Keep in mind that carrying into high part of multiplication result
+ * can not overflow, because it cannot be all-ones.
+ */
#if 0
/* original macros are kept for reference purposes */
#define mul_add_c(a,b,c0,c1,c2) { \
@@ -287,10 +291,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
BN_ULONG ta=(a),tb=(b),t0; \
t1 = BN_UMULT_HIGH(ta,tb); \
t0 = ta * tb; \
- t2 = t1+t1; c2 += (t2<t1)?1:0; \
- t1 = t0+t0; t2 += (t1<t0)?1:0; \
- c0 += t1; t2 += (c0<t1)?1:0; \
+ c0 += t0; t2 = t1+((c0<t0)?1:0);\
c1 += t2; c2 += (c1<t2)?1:0; \
+ c0 += t0; t1 += (c0<t0)?1:0; \
+ c1 += t1; c2 += (c1<t1)?1:0; \
}
#else
#define mul_add_c(a,b,c0,c1,c2) do { \
@@ -328,22 +332,14 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
: "=a"(t1),"=d"(t2) \
: "a"(a),"m"(b) \
: "cc"); \
- asm ("addq %0,%0; adcq %2,%1" \
- : "+d"(t2),"+r"(c2) \
- : "g"(0) \
- : "cc"); \
- asm ("addq %0,%0; adcq %2,%1" \
- : "+a"(t1),"+d"(t2) \
- : "g"(0) \
- : "cc"); \
- asm ("addq %2,%0; adcq %3,%1" \
- : "+r"(c0),"+d"(t2) \
- : "a"(t1),"g"(0) \
- : "cc"); \
- asm ("addq %2,%0; adcq %3,%1" \
- : "+r"(c1),"+r"(c2) \
- : "d"(t2),"g"(0) \
- : "cc"); \
+ asm ("addq %3,%0; adcq %4,%1; adcq %5,%2" \
+ : "+r"(c0),"+r"(c1),"+r"(c2) \
+ : "r"(t1),"r"(t2),"g"(0) \
+ : "cc"); \
+ asm ("addq %3,%0; adcq %4,%1; adcq %5,%2" \
+ : "+r"(c0),"+r"(c1),"+r"(c2) \
+ : "r"(t1),"r"(t2),"g"(0) \
+ : "cc"); \
} while (0)
#endif
diff --git a/main/openssl/crypto/bn/bn.h b/main/openssl/crypto/bn/bn.h
index e776c07a..0dd8d889 100644
--- a/main/openssl/crypto/bn/bn.h
+++ b/main/openssl/crypto/bn/bn.h
@@ -784,7 +784,9 @@ int RAND_pseudo_bytes(unsigned char *buf,int num);
#define bn_wcheck_size(bn, words) \
do { \
const BIGNUM *_bnum2 = (bn); \
- assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
+ assert((words) <= (_bnum2)->dmax && (words) >= (_bnum2)->top); \
+ /* avoid unused variable warning with NDEBUG */ \
+ (void)(_bnum2); \
} while(0)
#else /* !BN_DEBUG */
diff --git a/main/openssl/crypto/bn/bn_asm.c b/main/openssl/crypto/bn/bn_asm.c
index c43c91cc..a33b6341 100644
--- a/main/openssl/crypto/bn/bn_asm.c
+++ b/main/openssl/crypto/bn/bn_asm.c
@@ -438,6 +438,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
/* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */
+/*
+ * Keep in mind that carrying into high part of multiplication result
+ * can not overflow, because it cannot be all-ones.
+ */
#ifdef BN_LLONG
#define mul_add_c(a,b,c0,c1,c2) \
t=(BN_ULLONG)a*b; \
@@ -478,10 +482,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
#define mul_add_c2(a,b,c0,c1,c2) { \
BN_ULONG ta=(a),tb=(b),t0; \
BN_UMULT_LOHI(t0,t1,ta,tb); \
- t2 = t1+t1; c2 += (t2<t1)?1:0; \
- t1 = t0+t0; t2 += (t1<t0)?1:0; \
- c0 += t1; t2 += (c0<t1)?1:0; \
+ c0 += t0; t2 = t1+((c0<t0)?1:0);\
c1 += t2; c2 += (c1<t2)?1:0; \
+ c0 += t0; t1 += (c0<t0)?1:0; \
+ c1 += t1; c2 += (c1<t1)?1:0; \
}
#define sqr_add_c(a,i,c0,c1,c2) { \
@@ -508,10 +512,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
BN_ULONG ta=(a),tb=(b),t0; \
t1 = BN_UMULT_HIGH(ta,tb); \
t0 = ta * tb; \
- t2 = t1+t1; c2 += (t2<t1)?1:0; \
- t1 = t0+t0; t2 += (t1<t0)?1:0; \
- c0 += t1; t2 += (c0<t1)?1:0; \
+ c0 += t0; t2 = t1+((c0<t0)?1:0);\
c1 += t2; c2 += (c1<t2)?1:0; \
+ c0 += t0; t1 += (c0<t0)?1:0; \
+ c1 += t1; c2 += (c1<t1)?1:0; \
}
#define sqr_add_c(a,i,c0,c1,c2) { \
diff --git a/main/openssl/crypto/bn/bn_ctx.c b/main/openssl/crypto/bn/bn_ctx.c
index 3f2256f6..90aa3aeb 100644
--- a/main/openssl/crypto/bn/bn_ctx.c
+++ b/main/openssl/crypto/bn/bn_ctx.c
@@ -158,7 +158,7 @@ static void ctxdbg(BN_CTX *ctx)
unsigned int bnidx = 0, fpidx = 0;
BN_POOL_ITEM *item = ctx->pool.head;
BN_STACK *stack = &ctx->stack;
- fprintf(stderr,"(%08x): ", (unsigned int)ctx);
+ fprintf(stderr,"(%16p): ", ctx);
while(bnidx < ctx->used)
{
fprintf(stderr,"%03x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax);
diff --git a/main/openssl/crypto/bn/bn_div.c b/main/openssl/crypto/bn/bn_div.c
index 7b240318..0ec90e80 100644
--- a/main/openssl/crypto/bn/bn_div.c
+++ b/main/openssl/crypto/bn/bn_div.c
@@ -189,15 +189,17 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
int no_branch=0;
/* Invalid zero-padding would have particularly bad consequences
- * in the case of 'num', so don't just rely on bn_check_top() for this one
+ * so don't just rely on bn_check_top() here
* (bn_check_top() works only for BN_DEBUG builds) */
- if (num->top > 0 && num->d[num->top - 1] == 0)
+ if ((num->top > 0 && num->d[num->top - 1] == 0) ||
+ (divisor->top > 0 && divisor->d[divisor->top - 1] == 0))
{
BNerr(BN_F_BN_DIV,BN_R_NOT_INITIALIZED);
return 0;
}
bn_check_top(num);
+ bn_check_top(divisor);
if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0))
{
@@ -207,7 +209,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
bn_check_top(dv);
bn_check_top(rm);
/* bn_check_top(num); */ /* 'num' has been checked already */
- bn_check_top(divisor);
+ /* bn_check_top(divisor); */ /* 'divisor' has been checked already */
if (BN_is_zero(divisor))
{
diff --git a/main/openssl/crypto/bn/bntest.c b/main/openssl/crypto/bn/bntest.c
index 06f5954a..48bc6338 100644
--- a/main/openssl/crypto/bn/bntest.c
+++ b/main/openssl/crypto/bn/bntest.c
@@ -107,6 +107,7 @@ int test_mod(BIO *bp,BN_CTX *ctx);
int test_mod_mul(BIO *bp,BN_CTX *ctx);
int test_mod_exp(BIO *bp,BN_CTX *ctx);
int test_mod_exp_mont_consttime(BIO *bp,BN_CTX *ctx);
+int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx);
int test_exp(BIO *bp,BN_CTX *ctx);
int test_gf2m_add(BIO *bp);
int test_gf2m_mod(BIO *bp);
@@ -249,6 +250,7 @@ int main(int argc, char *argv[])
message(out,"BN_mod_exp_mont_consttime");
if (!test_mod_exp_mont_consttime(out,ctx)) goto err;
+ if (!test_mod_exp_mont5(out,ctx)) goto err;
(void)BIO_flush(out);
message(out,"BN_exp");
@@ -676,44 +678,98 @@ int test_mul(BIO *bp)
int test_sqr(BIO *bp, BN_CTX *ctx)
{
- BIGNUM a,c,d,e;
- int i;
+ BIGNUM *a,*c,*d,*e;
+ int i, ret = 0;
- BN_init(&a);
- BN_init(&c);
- BN_init(&d);
- BN_init(&e);
+ a = BN_new();
+ c = BN_new();
+ d = BN_new();
+ e = BN_new();
+ if (a == NULL || c == NULL || d == NULL || e == NULL)
+ {
+ goto err;
+ }
for (i=0; i<num0; i++)
{
- BN_bntest_rand(&a,40+i*10,0,0);
- a.neg=rand_neg();
- BN_sqr(&c,&a,ctx);
+ BN_bntest_rand(a,40+i*10,0,0);
+ a->neg=rand_neg();
+ BN_sqr(c,a,ctx);
if (bp != NULL)
{
if (!results)
{
- BN_print(bp,&a);
+ BN_print(bp,a);
BIO_puts(bp," * ");
- BN_print(bp,&a);
+ BN_print(bp,a);
BIO_puts(bp," - ");
}
- BN_print(bp,&c);
+ BN_print(bp,c);
BIO_puts(bp,"\n");
}
- BN_div(&d,&e,&c,&a,ctx);
- BN_sub(&d,&d,&a);
- if(!BN_is_zero(&d) || !BN_is_zero(&e))
- {
- fprintf(stderr,"Square test failed!\n");
- return 0;
- }
+ BN_div(d,e,c,a,ctx);
+ BN_sub(d,d,a);
+ if(!BN_is_zero(d) || !BN_is_zero(e))
+ {
+ fprintf(stderr,"Square test failed!\n");
+ goto err;
+ }
}
- BN_free(&a);
- BN_free(&c);
- BN_free(&d);
- BN_free(&e);
- return(1);
+
+ /* Regression test for a BN_sqr overflow bug. */
+ BN_hex2bn(&a,
+ "80000000000000008000000000000001FFFFFFFFFFFFFFFE0000000000000000");
+ BN_sqr(c, a, ctx);
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," * ");
+ BN_print(bp,a);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,c);
+ BIO_puts(bp,"\n");
+ }
+ BN_mul(d, a, a, ctx);
+ if (BN_cmp(c, d))
+ {
+ fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
+ "different results!\n");
+ goto err;
+ }
+
+ /* Regression test for a BN_sqr overflow bug. */
+ BN_hex2bn(&a,
+ "80000000000000000000000080000001FFFFFFFE000000000000000000000000");
+ BN_sqr(c, a, ctx);
+ if (bp != NULL)
+ {
+ if (!results)
+ {
+ BN_print(bp,a);
+ BIO_puts(bp," * ");
+ BN_print(bp,a);
+ BIO_puts(bp," - ");
+ }
+ BN_print(bp,c);
+ BIO_puts(bp,"\n");
+ }
+ BN_mul(d, a, a, ctx);
+ if (BN_cmp(c, d))
+ {
+ fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
+ "different results!\n");
+ goto err;
+ }
+ ret = 1;
+err:
+ if (a != NULL) BN_free(a);
+ if (c != NULL) BN_free(c);
+ if (d != NULL) BN_free(d);
+ if (e != NULL) BN_free(e);
+ return ret;
}
int test_mont(BIO *bp, BN_CTX *ctx)
@@ -1012,6 +1068,80 @@ int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx)
return(1);
}
+/* Test constant-time modular exponentiation with 1024-bit inputs,
+ * which on x86_64 cause a different code branch to be taken.
+ */
+int test_mod_exp_mont5(BIO *bp, BN_CTX *ctx)
+ {
+ BIGNUM *a,*p,*m,*d,*e;
+
+ BN_MONT_CTX *mont;
+
+ a=BN_new();
+ p=BN_new();
+ m=BN_new();
+ d=BN_new();
+ e=BN_new();
+
+ mont = BN_MONT_CTX_new();
+
+ BN_bntest_rand(m,1024,0,1); /* must be odd for montgomery */
+ /* Zero exponent */
+ BN_bntest_rand(a,1024,0,0);
+ BN_zero(p);
+ if(!BN_mod_exp_mont_consttime(d,a,p,m,ctx,NULL))
+ return 0;
+ if(!BN_is_one(d))
+ {
+ fprintf(stderr, "Modular exponentiation test failed!\n");
+ return 0;
+ }
+ /* Zero input */
+ BN_bntest_rand(p,1024,0,0);
+ BN_zero(a);
+ if(!BN_mod_exp_mont_consttime(d,a,p,m,ctx,NULL))
+ return 0;
+ if(!BN_is_zero(d))
+ {
+ fprintf(stderr, "Modular exponentiation test failed!\n");
+ return 0;
+ }
+ /* Craft an input whose Montgomery representation is 1,
+ * i.e., shorter than the modulus m, in order to test
+ * the const time precomputation scattering/gathering.
+ */
+ BN_one(a);
+ BN_MONT_CTX_set(mont,m,ctx);
+ if(!BN_from_montgomery(e,a,mont,ctx))
+ return 0;
+ if(!BN_mod_exp_mont_consttime(d,e,p,m,ctx,NULL))
+ return 0;
+ if(!BN_mod_exp_simple(a,e,p,m,ctx))
+ return 0;
+ if(BN_cmp(a,d) != 0)
+ {
+ fprintf(stderr,"Modular exponentiation test failed!\n");
+ return 0;
+ }
+ /* Finally, some regular test vectors. */
+ BN_bntest_rand(e,1024,0,0);
+ if(!BN_mod_exp_mont_consttime(d,e,p,m,ctx,NULL))
+ return 0;
+ if(!BN_mod_exp_simple(a,e,p,m,ctx))
+ return 0;
+ if(BN_cmp(a,d) != 0)
+ {
+ fprintf(stderr,"Modular exponentiation test failed!\n");
+ return 0;
+ }
+ BN_free(a);
+ BN_free(p);
+ BN_free(m);
+ BN_free(d);
+ BN_free(e);
+ return(1);
+ }
+
int test_exp(BIO *bp, BN_CTX *ctx)
{
BIGNUM *a,*b,*d,*e,*one;
diff --git a/main/openssl/crypto/constant_time_locl.h b/main/openssl/crypto/constant_time_locl.h
index c0483939..8af98c16 100644
--- a/main/openssl/crypto/constant_time_locl.h
+++ b/main/openssl/crypto/constant_time_locl.h
@@ -129,17 +129,12 @@ static inline int constant_time_select_int(unsigned int mask, int a, int b);
static inline unsigned int constant_time_msb(unsigned int a)
{
- return (unsigned int)((int)(a) >> (sizeof(int) * 8 - 1));
+ return 0-(a >> (sizeof(a) * 8 - 1));
}
static inline unsigned int constant_time_lt(unsigned int a, unsigned int b)
{
- unsigned int lt;
- /* Case 1: msb(a) == msb(b). a < b iff the MSB of a - b is set.*/
- lt = ~(a ^ b) & (a - b);
- /* Case 2: msb(a) != msb(b). a < b iff the MSB of b is set. */
- lt |= ~a & b;
- return constant_time_msb(lt);
+ return constant_time_msb(a^((a^b)|((a-b)^b)));
}
static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b)
@@ -149,12 +144,7 @@ static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b)
static inline unsigned int constant_time_ge(unsigned int a, unsigned int b)
{
- unsigned int ge;
- /* Case 1: msb(a) == msb(b). a >= b iff the MSB of a - b is not set.*/
- ge = ~((a ^ b) | (a - b));
- /* Case 2: msb(a) != msb(b). a >= b iff the MSB of a is set. */
- ge |= a & ~b;
- return constant_time_msb(ge);
+ return ~constant_time_lt(a, b);
}
static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b)
@@ -204,7 +194,7 @@ static inline unsigned char constant_time_select_8(unsigned char mask,
return (unsigned char)(constant_time_select(mask, a, b));
}
-inline int constant_time_select_int(unsigned int mask, int a, int b)
+static inline int constant_time_select_int(unsigned int mask, int a, int b)
{
return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b)));
}
diff --git a/main/openssl/crypto/cversion.c b/main/openssl/crypto/cversion.c
index ea9f25fd..881957e8 100644
--- a/main/openssl/crypto/cversion.c
+++ b/main/openssl/crypto/cversion.c
@@ -69,10 +69,7 @@ const char *SSLeay_version(int t)
if (t == SSLEAY_BUILT_ON)
{
#ifdef DATE
- static char buf[sizeof(DATE)+11];
-
- BIO_snprintf(buf,sizeof buf,"built on: %s",DATE);
- return(buf);
+ return(DATE);
#else
return("built on: date not available");
#endif
@@ -80,10 +77,7 @@ const char *SSLeay_version(int t)
if (t == SSLEAY_CFLAGS)
{
#ifdef CFLAGS
- static char buf[sizeof(CFLAGS)+11];
-
- BIO_snprintf(buf,sizeof buf,"compiler: %s",CFLAGS);
- return(buf);
+ return(CFLAGS);
#else
return("compiler: information not available");
#endif
@@ -91,10 +85,7 @@ const char *SSLeay_version(int t)
if (t == SSLEAY_PLATFORM)
{
#ifdef PLATFORM
- static char buf[sizeof(PLATFORM)+11];
-
- BIO_snprintf(buf,sizeof buf,"platform: %s", PLATFORM);
- return(buf);
+ return(PLATFORM);
#else
return("platform: information not available");
#endif
diff --git a/main/openssl/crypto/dsa/dsa_asn1.c b/main/openssl/crypto/dsa/dsa_asn1.c
index 60585343..473af873 100644
--- a/main/openssl/crypto/dsa/dsa_asn1.c
+++ b/main/openssl/crypto/dsa/dsa_asn1.c
@@ -176,13 +176,25 @@ int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
const unsigned char *sigbuf, int siglen, DSA *dsa)
{
DSA_SIG *s;
+ const unsigned char *p = sigbuf;
+ unsigned char *der = NULL;
+ int derlen = -1;
int ret=-1;
s = DSA_SIG_new();
if (s == NULL) return(ret);
- if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
+ if (d2i_DSA_SIG(&s,&p,siglen) == NULL) goto err;
+ /* Ensure signature uses DER and doesn't have trailing garbage */
+ derlen = i2d_DSA_SIG(s, &der);
+ if (derlen != siglen || memcmp(sigbuf, der, derlen))
+ goto err;
ret=DSA_do_verify(dgst,dgst_len,s,dsa);
err:
+ if (derlen > 0)
+ {
+ OPENSSL_cleanse(der, derlen);
+ OPENSSL_free(der);
+ }
DSA_SIG_free(s);
return(ret);
}
diff --git a/main/openssl/crypto/dso/dso_dlfcn.c b/main/openssl/crypto/dso/dso_dlfcn.c
index 4a56aace..faa9d76b 100644
--- a/main/openssl/crypto/dso/dso_dlfcn.c
+++ b/main/openssl/crypto/dso/dso_dlfcn.c
@@ -60,10 +60,8 @@
that handle _GNU_SOURCE and other similar macros. Defining it later
is simply too late, because those headers are protected from re-
inclusion. */
-#ifdef __linux
-# ifndef _GNU_SOURCE
-# define _GNU_SOURCE /* make sure dladdr is declared */
-# endif
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE /* make sure dladdr is declared */
#endif
#include <stdio.h>
diff --git a/main/openssl/crypto/ec/ec_lib.c b/main/openssl/crypto/ec/ec_lib.c
index e2c4741b..0992c393 100644
--- a/main/openssl/crypto/ec/ec_lib.c
+++ b/main/openssl/crypto/ec/ec_lib.c
@@ -68,7 +68,7 @@
#include "ec_lcl.h"
-static const char EC_version[] = "EC" OPENSSL_VERSION_PTEXT;
+const char EC_version[] = "EC" OPENSSL_VERSION_PTEXT;
/* functions for EC_GROUP objects */
diff --git a/main/openssl/crypto/ec/ec_mult.c b/main/openssl/crypto/ec/ec_mult.c
index 19f21675..e81200b2 100644
--- a/main/openssl/crypto/ec/ec_mult.c
+++ b/main/openssl/crypto/ec/ec_mult.c
@@ -445,15 +445,16 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]);
wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); /* includes space for pivot */
val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]);
-
+
+ /* Ensure wNAF is initialised in case we end up going to err */
+ if (wNAF) wNAF[0] = NULL; /* preliminary pivot */
+
if (!wsize || !wNAF_len || !wNAF || !val_sub)
{
ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
goto err;
}
- wNAF[0] = NULL; /* preliminary pivot */
-
/* num_val will be the total number of temporarily precomputed points */
num_val = 0;
diff --git a/main/openssl/crypto/ec/ec_pmeth.c b/main/openssl/crypto/ec/ec_pmeth.c
index 66ee397d..b62b532c 100644
--- a/main/openssl/crypto/ec/ec_pmeth.c
+++ b/main/openssl/crypto/ec/ec_pmeth.c
@@ -167,6 +167,7 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
return ret;
}
+#ifndef OPENSSL_NO_ECDH
static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
{
int ret;
@@ -200,6 +201,7 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
*keylen = ret;
return 1;
}
+#endif
static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
{
@@ -333,7 +335,11 @@ const EVP_PKEY_METHOD ec_pkey_meth =
0,0,
0,
+#ifndef OPENSSL_NO_ECDH
pkey_ec_derive,
+#else
+ 0,
+#endif
pkey_ec_ctrl,
pkey_ec_ctrl_str
diff --git a/main/openssl/crypto/ec/ectest.c b/main/openssl/crypto/ec/ectest.c
index d1bf9805..8e4154d8 100644
--- a/main/openssl/crypto/ec/ectest.c
+++ b/main/openssl/crypto/ec/ectest.c
@@ -1366,7 +1366,7 @@ static const struct nistp_test_params nistp_tests_params[] =
},
};
-void nistp_single_test(const struct nistp_test_params *test)
+static void nistp_single_test(const struct nistp_test_params *test)
{
BN_CTX *ctx;
BIGNUM *p, *a, *b, *x, *y, *n, *m, *order;
@@ -1469,7 +1469,7 @@ void nistp_single_test(const struct nistp_test_params *test)
BN_CTX_free(ctx);
}
-void nistp_tests()
+static void nistp_tests()
{
unsigned i;
diff --git a/main/openssl/crypto/ecdsa/ecs_vrf.c b/main/openssl/crypto/ecdsa/ecs_vrf.c
index ef9acf7b..188b9d57 100644
--- a/main/openssl/crypto/ecdsa/ecs_vrf.c
+++ b/main/openssl/crypto/ecdsa/ecs_vrf.c
@@ -57,6 +57,7 @@
*/
#include "ecs_locl.h"
+#include <string.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
@@ -84,13 +85,25 @@ int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len,
const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
{
ECDSA_SIG *s;
+ const unsigned char *p = sigbuf;
+ unsigned char *der = NULL;
+ int derlen = -1;
int ret=-1;
s = ECDSA_SIG_new();
if (s == NULL) return(ret);
- if (d2i_ECDSA_SIG(&s, &sigbuf, sig_len) == NULL) goto err;
+ if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) goto err;
+ /* Ensure signature uses DER and doesn't have trailing garbage */
+ derlen = i2d_ECDSA_SIG(s, &der);
+ if (derlen != sig_len || memcmp(sigbuf, der, derlen))
+ goto err;
ret=ECDSA_do_verify(dgst, dgst_len, s, eckey);
err:
+ if (derlen > 0)
+ {
+ OPENSSL_cleanse(der, derlen);
+ OPENSSL_free(der);
+ }
ECDSA_SIG_free(s);
return(ret);
}
diff --git a/main/openssl/crypto/engine/eng_dyn.c b/main/openssl/crypto/engine/eng_dyn.c
index 8fb8634e..b751ffd8 100644
--- a/main/openssl/crypto/engine/eng_dyn.c
+++ b/main/openssl/crypto/engine/eng_dyn.c
@@ -114,9 +114,6 @@ static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = {
ENGINE_CMD_FLAG_NO_INPUT},
{0, NULL, NULL, 0}
};
-static const ENGINE_CMD_DEFN dynamic_cmd_defns_empty[] = {
- {0, NULL, NULL, 0}
- };
/* Loading code stores state inside the ENGINE structure via the "ex_data"
* element. We load all our state into a single structure and use that as a
diff --git a/main/openssl/crypto/evp/e_des3.c b/main/openssl/crypto/evp/e_des3.c
index 8d7b7de2..7e1e8b30 100644
--- a/main/openssl/crypto/evp/e_des3.c
+++ b/main/openssl/crypto/evp/e_des3.c
@@ -124,12 +124,11 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
#ifdef KSSL_DEBUG
{
int i;
- char *cp;
- printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", ctx, ctx->buf_len);
- printf("\t iv= ");
+ fprintf(stderr,"des_ede_cbc_cipher(ctx=%p, buflen=%d)\n", ctx, ctx->buf_len);
+ fprintf(stderr,"\t iv= ");
for(i=0;i<8;i++)
- printf("%02X",ctx->iv[i]);
- printf("\n");
+ fprintf(stderr,"%02X",ctx->iv[i]);
+ fprintf(stderr,"\n");
}
#endif /* KSSL_DEBUG */
while (inl>=EVP_MAXCHUNK)
@@ -260,11 +259,14 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
#ifdef KSSL_DEBUG
{
int i;
- printf("des_ede3_init_key(ctx=%lx)\n", ctx);
- printf("\tKEY= ");
- for(i=0;i<24;i++) printf("%02X",key[i]); printf("\n");
- printf("\t IV= ");
- for(i=0;i<8;i++) printf("%02X",iv[i]); printf("\n");
+ fprintf(stderr,"des_ede3_init_key(ctx=%p)\n", ctx);
+ fprintf(stderr,"\tKEY= ");
+ for(i=0;i<24;i++) fprintf(stderr,"%02X",key[i]); fprintf(stderr,"\n");
+ if (iv)
+ {
+ fprintf(stderr,"\t IV= ");
+ for(i=0;i<8;i++) fprintf(stderr,"%02X",iv[i]); fprintf(stderr,"\n");
+ }
}
#endif /* KSSL_DEBUG */
diff --git a/main/openssl/crypto/evp/evp_enc.c b/main/openssl/crypto/evp/evp_enc.c
index 7b1842a5..2e863ac5 100644
--- a/main/openssl/crypto/evp/evp_enc.c
+++ b/main/openssl/crypto/evp/evp_enc.c
@@ -67,7 +67,6 @@
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
-#include "constant_time_locl.h"
#include "evp_locl.h"
#ifdef OPENSSL_FIPS
@@ -501,21 +500,21 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
{
- unsigned int i, b;
- unsigned char pad, padding_good;
+ int i,n;
+ unsigned int b;
*outl=0;
if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
{
- int ret = M_do_cipher(ctx, out, NULL, 0);
- if (ret < 0)
+ i = M_do_cipher(ctx, out, NULL, 0);
+ if (i < 0)
return 0;
else
- *outl = ret;
+ *outl = i;
return 1;
}
- b=(unsigned int)(ctx->cipher->block_size);
+ b=ctx->cipher->block_size;
if (ctx->flags & EVP_CIPH_NO_PADDING)
{
if(ctx->buf_len)
@@ -534,34 +533,33 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
return(0);
}
OPENSSL_assert(b <= sizeof ctx->final);
- pad=ctx->final[b-1];
-
- padding_good = (unsigned char)(~constant_time_is_zero_8(pad));
- padding_good &= constant_time_ge_8(b, pad);
-
- for (i = 1; i < b; ++i)
- {
- unsigned char is_pad_index = constant_time_lt_8(i, pad);
- unsigned char pad_byte_good = constant_time_eq_8(ctx->final[b-i-1], pad);
- padding_good &= constant_time_select_8(is_pad_index, pad_byte_good, 0xff);
- }
/*
- * At least 1 byte is always padding, so we always write b - 1
- * bytes to avoid a timing leak. The caller is required to have |b|
- * bytes space in |out| by the API contract.
+ * The following assumes that the ciphertext has been authenticated.
+ * Otherwise it provides a padding oracle.
*/
- for (i = 0; i < b - 1; ++i)
- out[i] = ctx->final[i] & padding_good;
- /* Safe cast: for a good padding, EVP_MAX_IV_LENGTH >= b >= pad */
- *outl = padding_good & ((unsigned char)(b - pad));
- return padding_good & 1;
+ n=ctx->final[b-1];
+ if (n == 0 || n > (int)b)
+ {
+ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
+ return(0);
+ }
+ for (i=0; i<n; i++)
+ {
+ if (ctx->final[--b] != n)
+ {
+ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
+ return(0);
+ }
+ }
+ n=ctx->cipher->block_size-n;
+ for (i=0; i<n; i++)
+ out[i]=ctx->final[i];
+ *outl=n;
}
else
- {
- *outl = 0;
- return 1;
- }
+ *outl=0;
+ return(1);
}
void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
diff --git a/main/openssl/crypto/md32_common.h b/main/openssl/crypto/md32_common.h
index bb738195..a75f136c 100644
--- a/main/openssl/crypto/md32_common.h
+++ b/main/openssl/crypto/md32_common.h
@@ -225,8 +225,7 @@
#define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \
l|=(((unsigned long)(*((c)++)))<<16), \
l|=(((unsigned long)(*((c)++)))<< 8), \
- l|=(((unsigned long)(*((c)++))) ), \
- l)
+ l|=(((unsigned long)(*((c)++))) ) )
#endif
#ifndef HOST_l2c
#define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
@@ -262,8 +261,7 @@
#define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \
l|=(((unsigned long)(*((c)++)))<< 8), \
l|=(((unsigned long)(*((c)++)))<<16), \
- l|=(((unsigned long)(*((c)++)))<<24), \
- l)
+ l|=(((unsigned long)(*((c)++)))<<24) )
#endif
#ifndef HOST_l2c
#define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
diff --git a/main/openssl/crypto/mem.c b/main/openssl/crypto/mem.c
index 1cc62eaf..01052cfa 100644
--- a/main/openssl/crypto/mem.c
+++ b/main/openssl/crypto/mem.c
@@ -255,10 +255,12 @@ void *CRYPTO_malloc_locked(int num, const char *file, int line)
if (num <= 0) return NULL;
- allow_customize = 0;
+ if(allow_customize)
+ allow_customize = 0;
if (malloc_debug_func != NULL)
{
- allow_customize_debug = 0;
+ if(allow_customize_debug)
+ allow_customize_debug = 0;
malloc_debug_func(NULL, num, file, line, 0);
}
ret = malloc_locked_ex_func(num,file,line);
@@ -299,10 +301,12 @@ void *CRYPTO_malloc(int num, const char *file, int line)
if (num <= 0) return NULL;
- allow_customize = 0;
+ if(allow_customize)
+ allow_customize = 0;
if (malloc_debug_func != NULL)
{
- allow_customize_debug = 0;
+ if(allow_customize_debug)
+ allow_customize_debug = 0;
malloc_debug_func(NULL, num, file, line, 0);
}
ret = malloc_ex_func(num,file,line);
diff --git a/main/openssl/crypto/objects/obj_xref.h b/main/openssl/crypto/objects/obj_xref.h
index e23938c2..33cb24b0 100644
--- a/main/openssl/crypto/objects/obj_xref.h
+++ b/main/openssl/crypto/objects/obj_xref.h
@@ -43,9 +43,6 @@ static const nid_triple sigoid_srt[] =
static const nid_triple * const sigoid_srt_xref[] =
{
- &sigoid_srt[29],
- &sigoid_srt[17],
- &sigoid_srt[18],
&sigoid_srt[0],
&sigoid_srt[1],
&sigoid_srt[7],
diff --git a/main/openssl/crypto/objects/objxref.pl b/main/openssl/crypto/objects/objxref.pl
index 731d3ae2..6c4c832a 100644
--- a/main/openssl/crypto/objects/objxref.pl
+++ b/main/openssl/crypto/objects/objxref.pl
@@ -90,7 +90,10 @@ EOF
foreach (@srt2)
{
- my $x = $xref_tbl{$_}[2];
+ my ($p1, $p2, $x) = @{$xref_tbl{$_}};
+ # If digest or signature algorithm is "undef" then the algorithm
+ # needs special handling and is excluded from the cross reference table.
+ next if $p1 eq "undef" || $p2 eq "undef";
print "\t\&sigoid_srt\[$x\],\n";
}
diff --git a/main/openssl/crypto/opensslv.h b/main/openssl/crypto/opensslv.h
index f375967e..4a1df08f 100644
--- a/main/openssl/crypto/opensslv.h
+++ b/main/openssl/crypto/opensslv.h
@@ -29,11 +29,11 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x100010afL
+#define OPENSSL_VERSION_NUMBER 0x100010cfL
#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1j-fips 15 Oct 2014"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1l-fips 15 Jan 2015"
#else
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1j 15 Oct 2014"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1l 15 Jan 2015"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/main/openssl/crypto/rand/rand_win.c b/main/openssl/crypto/rand/rand_win.c
index 34ffcd23..c37c416b 100644
--- a/main/openssl/crypto/rand/rand_win.c
+++ b/main/openssl/crypto/rand/rand_win.c
@@ -196,12 +196,6 @@ int RAND_poll(void)
DWORD w;
int good = 0;
- /* Determine the OS version we are on so we can turn off things
- * that do not work properly.
- */
- OSVERSIONINFO osverinfo ;
- osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ;
- GetVersionEx( &osverinfo ) ;
#if defined(OPENSSL_SYS_WINCE)
# if defined(_WIN32_WCE) && _WIN32_WCE>=300
@@ -281,56 +275,6 @@ int RAND_poll(void)
* at random times on Windows 2000. Reported by Jeffrey Altman.
* Only use it on NT.
*/
- /* Wolfgang Marczy <WMarczy@topcall.co.at> reports that
- * the RegQueryValueEx call below can hang on NT4.0 (SP6).
- * So we don't use this at all for now. */
-#if 0
- if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
- osverinfo.dwMajorVersion < 5)
- {
- /* Read Performance Statistics from NT/2000 registry
- * The size of the performance data can vary from call
- * to call so we must guess the size of the buffer to use
- * and increase its size if we get an ERROR_MORE_DATA
- * return instead of ERROR_SUCCESS.
- */
- LONG rc=ERROR_MORE_DATA;
- char * buf=NULL;
- DWORD bufsz=0;
- DWORD length;
-
- while (rc == ERROR_MORE_DATA)
- {
- buf = realloc(buf,bufsz+8192);
- if (!buf)
- break;
- bufsz += 8192;
-
- length = bufsz;
- rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, TEXT("Global"),
- NULL, NULL, buf, &length);
- }
- if (rc == ERROR_SUCCESS)
- {
- /* For entropy count assume only least significant
- * byte of each DWORD is random.
- */
- RAND_add(&length, sizeof(length), 0);
- RAND_add(buf, length, length / 4.0);
-
- /* Close the Registry Key to allow Windows to cleanup/close
- * the open handle
- * Note: The 'HKEY_PERFORMANCE_DATA' key is implicitly opened
- * when the RegQueryValueEx above is done. However, if
- * it is not explicitly closed, it can cause disk
- * partition manipulation problems.
- */
- RegCloseKey(HKEY_PERFORMANCE_DATA);
- }
- if (buf)
- free(buf);
- }
-#endif
if (advapi)
{
@@ -383,7 +327,7 @@ int RAND_poll(void)
if (advapi)
FreeLibrary(advapi);
- if ((osverinfo.dwPlatformId != VER_PLATFORM_WIN32_NT ||
+ if ((!check_winnt() ||
!OPENSSL_isservice()) &&
(user = LoadLibrary(TEXT("USER32.DLL"))))
{
@@ -407,8 +351,7 @@ int RAND_poll(void)
* on NT4 even though it exists in SP3 (or SP6) and
* higher.
*/
- if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
- osverinfo.dwMajorVersion < 5)
+ if (check_winnt() && !check_win_minplat(5))
cursor = 0;
}
if (cursor)
diff --git a/main/openssl/crypto/sha/asm/sha1-mips.pl b/main/openssl/crypto/sha/asm/sha1-mips.pl
index f1a702f3..197bc6b5 100644
--- a/main/openssl/crypto/sha/asm/sha1-mips.pl
+++ b/main/openssl/crypto/sha/asm/sha1-mips.pl
@@ -64,7 +64,7 @@ if ($flavour =~ /64|n32/i) {
#
######################################################################
-$big_endian=(`echo MIPSEL | $ENV{CC} -E -P -`=~/MIPSEL/)?1:0;
+$big_endian=(`echo MIPSEL | $ENV{CC} -E -`=~/MIPSEL/)?1:0 if ($ENV{CC});
for (@ARGV) { $output=$_ if (/^\w[\w\-]*\.\w+$/); }
open STDOUT,">$output";
diff --git a/main/openssl/crypto/sha/asm/sha512-mips.pl b/main/openssl/crypto/sha/asm/sha512-mips.pl
index ffa053bb..6807a2c7 100644
--- a/main/openssl/crypto/sha/asm/sha512-mips.pl
+++ b/main/openssl/crypto/sha/asm/sha512-mips.pl
@@ -68,7 +68,7 @@ $pf = ($flavour =~ /nubi/i) ? $t0 : $t2;
#
######################################################################
-$big_endian=(`echo MIPSEL | $ENV{CC} -E -P -`=~/MIPSEL/)?1:0;
+$big_endian=(`echo MIPSEL | $ENV{CC} -E -`=~/MIPSEL/)?1:0 if ($ENV{CC});
for (@ARGV) { $output=$_ if (/^\w[\w\-]*\.\w+$/); }
open STDOUT,">$output";
diff --git a/main/openssl/crypto/x509/x509.h b/main/openssl/crypto/x509/x509.h
index 092dd745..ed767f84 100644
--- a/main/openssl/crypto/x509/x509.h
+++ b/main/openssl/crypto/x509/x509.h
@@ -768,6 +768,7 @@ int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval);
void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
X509_ALGOR *algor);
void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
+int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
X509_NAME *X509_NAME_dup(X509_NAME *xn);
X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
diff --git a/main/openssl/crypto/x509/x509_vpm.c b/main/openssl/crypto/x509/x509_vpm.c
index dfd89d89..ba546bd1 100644
--- a/main/openssl/crypto/x509/x509_vpm.c
+++ b/main/openssl/crypto/x509/x509_vpm.c
@@ -89,6 +89,8 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
{
X509_VERIFY_PARAM *param;
param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
+ if (!param)
+ return NULL;
memset(param, 0, sizeof(X509_VERIFY_PARAM));
x509_verify_param_zero(param);
return param;
diff --git a/main/openssl/crypto/x509/x_all.c b/main/openssl/crypto/x509/x_all.c
index e06602d6..fef55f89 100644
--- a/main/openssl/crypto/x509/x_all.c
+++ b/main/openssl/crypto/x509/x_all.c
@@ -72,6 +72,8 @@
int X509_verify(X509 *a, EVP_PKEY *r)
{
+ if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature))
+ return 0;
return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg,
a->signature,a->cert_info,r));
}
diff --git a/main/openssl/crypto/x509v3/v3_ncons.c b/main/openssl/crypto/x509v3/v3_ncons.c
index a01dc64d..3b0f1bd1 100644
--- a/main/openssl/crypto/x509v3/v3_ncons.c
+++ b/main/openssl/crypto/x509v3/v3_ncons.c
@@ -401,7 +401,7 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base)
if (dns->length > base->length)
{
dnsptr += dns->length - base->length;
- if (dnsptr[-1] != '.')
+ if (*baseptr != '.' && dnsptr[-1] != '.')
return X509_V_ERR_PERMITTED_VIOLATION;
}
diff --git a/main/openssl/e_os.h b/main/openssl/e_os.h
index 733155e4..4df285b5 100644
--- a/main/openssl/e_os.h
+++ b/main/openssl/e_os.h
@@ -290,7 +290,7 @@ extern "C" {
# ifdef _WIN64
# define strlen(s) _strlen31(s)
/* cut strings to 2GB */
-static unsigned int _strlen31(const char *str)
+static __inline unsigned int _strlen31(const char *str)
{
unsigned int len=0;
while (*str && len<0x80000000U) str++, len++;
@@ -368,20 +368,13 @@ static unsigned int _strlen31(const char *str)
# define DEFAULT_HOME "C:"
# endif
-/* Avoid Windows 8 SDK GetVersion deprecated problems */
+/* Avoid Visual Studio 13 GetVersion deprecated problems */
#if defined(_MSC_VER) && _MSC_VER>=1800
# define check_winnt() (1)
+# define check_win_minplat(x) (1)
#else
# define check_winnt() (GetVersion() < 0x80000000)
-#endif
-
-/*
- * Visual Studio: inline is available in C++ only, however
- * __inline is available for C, see
- * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx
- */
-#if defined(_MSC_VER) && !defined(__cplusplus) && !defined(inline)
-# define inline __inline
+# define check_win_minplat(x) (LOBYTE(LOWORD(GetVersion())) >= (x))
#endif
#else /* The non-microsoft world */
@@ -741,6 +734,22 @@ struct servent *getservbyname(const char *name, const char *proto);
#include <OS.h>
#endif
+#if !defined(inline) && !defined(__cplusplus)
+# if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L
+ /* do nothing, inline works */
+# elif defined(__GNUC__) && __GNUC__>=2
+# define inline __inline__
+# elif defined(_MSC_VER)
+ /*
+ * Visual Studio: inline is available in C++ only, however
+ * __inline is available for C, see
+ * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx
+ */
+# define inline __inline
+# else
+# define inline
+# endif
+#endif
#ifdef __cplusplus
}
diff --git a/main/openssl/import_openssl.sh b/main/openssl/import_openssl.sh
index dc4049ca..b20c25e0 100755
--- a/main/openssl/import_openssl.sh
+++ b/main/openssl/import_openssl.sh
@@ -149,6 +149,8 @@ function gen_asm_mips () {
CC=true $PERL_EXE "$1" o32 > "$OUT"
}
+# TODO: gen_asm_mips64
+
function gen_asm_x86 () {
local OUT
OUT=$(default_asm_file "$@")
@@ -409,7 +411,8 @@ print_defines_in_mk() {
function generate_config_mk() {
declare -r output="$1"
declare -r prefix="$2"
- declare -r all_archs="arm arm64 x86 x86_64 mips"
+ declare -r all_archs="arm arm64 x86 x86_64 mips mips64"
+ declare -r variant_archs="mips32r6"
echo "Generating $(basename $output)"
(
@@ -423,8 +426,11 @@ function generate_config_mk() {
# LOCAL_SRC_FILES_\$(TARGET_2ND_ARCH)
# LOCAL_CFLAGS_\$(TARGET_ARCH)
# LOCAL_CFLAGS_\$(TARGET_2ND_ARCH)
-# LOCAL_ADDITIONAL_DEPENDENCIES
-
+# LOCAL_ADDITIONAL_DEPENDENCIES"
+if [ $prefix != "APPS" ] ; then
+ echo "# LOCAL_EXPORT_C_INCLUDE_DIRS"
+fi
+echo "
LOCAL_ADDITIONAL_DEPENDENCIES += \$(LOCAL_PATH)/$(basename $output)
"
@@ -438,7 +444,7 @@ LOCAL_ADDITIONAL_DEPENDENCIES += \$(LOCAL_PATH)/$(basename $output)
common_includes=$(var_sorted_value OPENSSL_${prefix}_INCLUDES)
print_vardef_with_prefix_in_mk common_c_includes external/openssl/ $common_includes
- for arch in $all_archs; do
+ for arch in $all_archs $variant_archs; do
arch_clang_asflags=$(var_sorted_value OPENSSL_${prefix}_CLANG_ASFLAGS_${arch})
print_vardef_in_mk ${arch}_clang_asflags $arch_clang_asflags
@@ -453,6 +459,24 @@ LOCAL_ADDITIONAL_DEPENDENCIES += \$(LOCAL_PATH)/$(basename $output)
done
+ if [ $prefix == "CRYPTO" ]; then
+ echo "
+# \"Temporary\" hack until this can be fixed in openssl.config
+x86_64_cflags += -DRC4_INT=\"unsigned int\""
+ fi
+
+ if [ $prefix != "APPS" ] ; then
+ echo "
+LOCAL_EXPORT_C_INCLUDE_DIRS := \$(LOCAL_PATH)/include"
+ fi
+
+ echo "
+ifdef ARCH_MIPS_REV6
+mips_cflags := \$(mips32r6_cflags)
+mips_src_files := \$(mips32r6_src_files)
+mips_exclude_files := \$(mips32r6_exclude_files)
+endif"
+
if [ $3 == "target" ]; then
echo "
LOCAL_CFLAGS += \$(common_cflags)
@@ -536,6 +560,10 @@ function import() {
gen_asm_mips crypto/sha/asm/sha1-mips.pl
gen_asm_mips crypto/sha/asm/sha512-mips.pl crypto/sha/asm/sha256-mips.S
+ # TODO: Generate mips32r6 asm
+
+ # TODO: Generate mips64 asm
+
# Generate x86 asm
gen_asm_x86 crypto/x86cpuid.pl
gen_asm_x86 crypto/aes/asm/aes-586.pl
diff --git a/main/openssl/include/openssl/asn1.h b/main/openssl/include/openssl/asn1.h
index 220a0c8c..3c45d5d0 100644
--- a/main/openssl/include/openssl/asn1.h
+++ b/main/openssl/include/openssl/asn1.h
@@ -776,7 +776,7 @@ DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
int ASN1_TYPE_get(ASN1_TYPE *a);
void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
-int ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b);
+int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
ASN1_OBJECT * ASN1_OBJECT_new(void );
void ASN1_OBJECT_free(ASN1_OBJECT *a);
@@ -1329,6 +1329,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_R_ILLEGAL_TIME_VALUE 184
#define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185
#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128
+#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220
#define ASN1_R_INVALID_BMPSTRING_LENGTH 129
#define ASN1_R_INVALID_DIGIT 130
#define ASN1_R_INVALID_MIME_TYPE 205
@@ -1378,6 +1379,7 @@ void ERR_load_ASN1_strings(void);
#define ASN1_R_TIME_NOT_ASCII_FORMAT 193
#define ASN1_R_TOO_LONG 155
#define ASN1_R_TYPE_NOT_CONSTRUCTED 156
+#define ASN1_R_TYPE_NOT_PRIMITIVE 218
#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157
#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158
#define ASN1_R_UNEXPECTED_EOC 159
diff --git a/main/openssl/include/openssl/bio.h b/main/openssl/include/openssl/bio.h
index d05fa22a..3ff67275 100644
--- a/main/openssl/include/openssl/bio.h
+++ b/main/openssl/include/openssl/bio.h
@@ -175,6 +175,8 @@ extern "C" {
#define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45 /* Next DTLS handshake timeout to
* adjust socket timeouts */
+#define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49
+
#ifndef OPENSSL_NO_SCTP
/* SCTP stuff */
#define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50
@@ -610,6 +612,8 @@ int BIO_ctrl_reset_read_request(BIO *b);
(int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer)
#define BIO_dgram_set_peer(b,peer) \
(int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer)
+#define BIO_dgram_get_mtu_overhead(b) \
+ (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
/* These two aren't currently implemented */
/* int BIO_get_ex_num(BIO *bio); */
diff --git a/main/openssl/include/openssl/bn.h b/main/openssl/include/openssl/bn.h
index e776c07a..0dd8d889 100644
--- a/main/openssl/include/openssl/bn.h
+++ b/main/openssl/include/openssl/bn.h
@@ -784,7 +784,9 @@ int RAND_pseudo_bytes(unsigned char *buf,int num);
#define bn_wcheck_size(bn, words) \
do { \
const BIGNUM *_bnum2 = (bn); \
- assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
+ assert((words) <= (_bnum2)->dmax && (words) >= (_bnum2)->top); \
+ /* avoid unused variable warning with NDEBUG */ \
+ (void)(_bnum2); \
} while(0)
#else /* !BN_DEBUG */
diff --git a/main/openssl/include/openssl/dtls1.h b/main/openssl/include/openssl/dtls1.h
index 192c5def..33857526 100644
--- a/main/openssl/include/openssl/dtls1.h
+++ b/main/openssl/include/openssl/dtls1.h
@@ -117,6 +117,9 @@ extern "C" {
#define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP"
#endif
+/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */
+#define DTLS1_MAX_MTU_OVERHEAD 48
+
typedef struct dtls1_bitmap_st
{
unsigned long map; /* track 32 packets on 32-bit systems
@@ -231,6 +234,7 @@ typedef struct dtls1_state_st
/* Is set when listening for new connections with dtls1_listen() */
unsigned int listen;
+ unsigned int link_mtu; /* max on-the-wire DTLS packet size */
unsigned int mtu; /* max DTLS packet size */
struct hm_header_st w_msg_hdr;
@@ -252,6 +256,10 @@ typedef struct dtls1_state_st
unsigned int handshake_fragment_len;
unsigned int retransmitting;
+ /*
+ * Set when the handshake is ready to process peer's ChangeCipherSpec message.
+ * Cleared after the message has been processed.
+ */
unsigned int change_cipher_spec_ok;
#ifndef OPENSSL_NO_SCTP
diff --git a/main/openssl/include/openssl/opensslv.h b/main/openssl/include/openssl/opensslv.h
index f375967e..4a1df08f 100644
--- a/main/openssl/include/openssl/opensslv.h
+++ b/main/openssl/include/openssl/opensslv.h
@@ -29,11 +29,11 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-#define OPENSSL_VERSION_NUMBER 0x100010afL
+#define OPENSSL_VERSION_NUMBER 0x100010cfL
#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1j-fips 15 Oct 2014"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1l-fips 15 Jan 2015"
#else
-#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1j 15 Oct 2014"
+#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1l 15 Jan 2015"
#endif
#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
diff --git a/main/openssl/include/openssl/srtp.h b/main/openssl/include/openssl/srtp.h
index 24f23309..096b624d 100644
--- a/main/openssl/include/openssl/srtp.h
+++ b/main/openssl/include/openssl/srtp.h
@@ -1,4 +1,4 @@
-/* ssl/tls1.h */
+/* ssl/srtp.h */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -118,6 +118,8 @@
#ifndef HEADER_D1_SRTP_H
#define HEADER_D1_SRTP_H
+#include <openssl/ssl.h>
+
#ifdef __cplusplus
extern "C" {
#endif
diff --git a/main/openssl/include/openssl/ssl.h b/main/openssl/include/openssl/ssl.h
index 7a1fce89..90862dd6 100644
--- a/main/openssl/include/openssl/ssl.h
+++ b/main/openssl/include/openssl/ssl.h
@@ -607,9 +607,8 @@ struct ssl_session_st
#define SSL_OP_SINGLE_ECDH_USE 0x00080000L
/* If set, always create a new key when using tmp_dh parameters */
#define SSL_OP_SINGLE_DH_USE 0x00100000L
-/* Set to always use the tmp_rsa key when doing RSA operations,
- * even when this violates protocol specs */
-#define SSL_OP_EPHEMERAL_RSA 0x00200000L
+/* Does nothing: retained for compatibiity */
+#define SSL_OP_EPHEMERAL_RSA 0x0
/* Set on servers to choose the cipher according to the server's
* preferences */
#define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L
@@ -666,8 +665,13 @@ struct ssl_session_st
#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L
#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L
/* Send TLS_FALLBACK_SCSV in the ClientHello.
- * To be set by applications that reconnect with a downgraded protocol
- * version; see draft-ietf-tls-downgrade-scsv-00 for details. */
+ * To be set only by applications that reconnect with a downgraded protocol
+ * version; see draft-ietf-tls-downgrade-scsv-00 for details.
+ *
+ * DO NOT ENABLE THIS if your application attempts a normal handshake.
+ * Only use this in explicit fallback retries, following the guidance
+ * in draft-ietf-tls-downgrade-scsv-00.
+ */
#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L
/* When set, clients may send application data before receipt of CCS
@@ -711,6 +715,10 @@ struct ssl_session_st
SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
#define SSL_set_mtu(ssl, mtu) \
SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
+#define DTLS_set_link_mtu(ssl, mtu) \
+ SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL)
+#define DTLS_get_link_min_mtu(ssl) \
+ SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL)
#define SSL_get_secure_renegotiation_support(ssl) \
SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
@@ -1736,6 +1744,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83
#define SSL_CTRL_CHECK_PROTO_VERSION 119
+#define DTLS_CTRL_SET_LINK_MTU 120
+#define DTLS_CTRL_GET_LINK_MIN_MTU 121
#define DTLSv1_get_timeout(ssl, arg) \
SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
@@ -2014,13 +2024,15 @@ const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
const SSL_METHOD *SSLv3_method(void); /* SSLv3 */
const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
+#endif
-const SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */
-const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */
-const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */
+const SSL_METHOD *SSLv23_method(void); /* Negotiate highest available SSL/TLS version */
+const SSL_METHOD *SSLv23_server_method(void); /* Negotiate highest available SSL/TLS version */
+const SSL_METHOD *SSLv23_client_method(void); /* Negotiate highest available SSL/TLS version */
const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */
const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */
@@ -2592,7 +2604,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_NO_COMPRESSION_SPECIFIED 187
#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330
#define SSL_R_NO_METHOD_SPECIFIED 188
-#define SSL_R_NO_P256_SUPPORT 373
+#define SSL_R_NO_P256_SUPPORT 380
#define SSL_R_NO_PRIVATEKEY 189
#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190
#define SSL_R_NO_PROTOCOLS_AVAILABLE 191
diff --git a/main/openssl/include/openssl/ssl3.h b/main/openssl/include/openssl/ssl3.h
index cba94345..6dc08179 100644
--- a/main/openssl/include/openssl/ssl3.h
+++ b/main/openssl/include/openssl/ssl3.h
@@ -393,8 +393,12 @@ typedef struct ssl3_buffer_st
#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
#define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020
+/*
+ * Set when the handshake is ready to process peer's ChangeCipherSpec message.
+ * Cleared after the message has been processed.
+ */
#define SSL3_FLAGS_CCS_OK 0x0080
-
+
/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
* restart a handshake because of MS SGC and so prevents us
* from restarting the handshake in a loop. It's reset on a
@@ -456,8 +460,11 @@ typedef struct ssl3_state_st
* and freed and MD_CTX-es for all required digests are stored in
* this array */
EVP_MD_CTX **handshake_dgst;
- /* this is set whenerver we see a change_cipher_spec message
- * come in when we are not looking for one */
+ /*
+ * Set whenever an expected ChangeCipherSpec message is processed.
+ * Unset when the peer's Finished message is received.
+ * Unexpected ChangeCipherSpec messages trigger a fatal alert.
+ */
int change_cipher_spec;
int warn_alert;
diff --git a/main/openssl/include/openssl/x509.h b/main/openssl/include/openssl/x509.h
index 092dd745..ed767f84 100644
--- a/main/openssl/include/openssl/x509.h
+++ b/main/openssl/include/openssl/x509.h
@@ -768,6 +768,7 @@ int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval);
void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
X509_ALGOR *algor);
void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
+int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
X509_NAME *X509_NAME_dup(X509_NAME *xn);
X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
diff --git a/main/openssl/openssl.config b/main/openssl/openssl.config
index 9edd51e2..c8b3dbde 100644
--- a/main/openssl/openssl.config
+++ b/main/openssl/openssl.config
@@ -275,6 +275,16 @@ SHA1_ASM \
SHA256_ASM \
"
+# TODO: generate *-mips32r6.S files
+OPENSSL_CRYPTO_DEFINES_mips32r6="\
+OPENSSL_NO_ASM \
+"
+
+# TODO: generate *-mips64.S files
+OPENSSL_CRYPTO_DEFINES_mips64="\
+OPENSSL_NO_ASM \
+"
+
OPENSSL_CRYPTO_DEFINES_x86="\
AES_ASM \
DES_PTR \
@@ -884,6 +894,20 @@ crypto/aes/aes_core.c \
crypto/bn/bn_asm.c \
"
+# TODO: generate *-mips32r6.S files
+OPENSSL_CRYPTO_SOURCES_mips32r6="\
+"
+
+OPENSSL_CRYPTO_SOURCES_EXCLUDES_mips32r6="\
+"
+
+# TODO: generate *-mips64.S files
+OPENSSL_CRYPTO_SOURCES_mips64="\
+"
+
+OPENSSL_CRYPTO_SOURCES_EXCLUDES_mips64="\
+"
+
OPENSSL_CRYPTO_SOURCES_x86="\
crypto/aes/asm/aes-586.S \
crypto/aes/asm/aesni-x86.S \
diff --git a/main/openssl/openssl.version b/main/openssl/openssl.version
index 293396f3..40e6fc04 100644
--- a/main/openssl/openssl.version
+++ b/main/openssl/openssl.version
@@ -1 +1 @@
-OPENSSL_VERSION=1.0.1j
+OPENSSL_VERSION=1.0.1l
diff --git a/main/openssl/ssl/d1_both.c b/main/openssl/ssl/d1_both.c
index 2e4250fc..1b9d64bf 100644
--- a/main/openssl/ssl/d1_both.c
+++ b/main/openssl/ssl/d1_both.c
@@ -156,9 +156,8 @@ static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe
static unsigned char bitmask_end_values[] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
/* XDTLS: figure out the right values */
-static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
+static const unsigned int g_probable_mtu[] = {1500, 512, 256};
-static unsigned int dtls1_guess_mtu(unsigned int curr_mtu);
static void dtls1_fix_message_header(SSL *s, unsigned long frag_off,
unsigned long frag_len);
static unsigned char *dtls1_write_message_header(SSL *s,
@@ -211,8 +210,7 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
return frag;
}
-static void
-dtls1_hm_fragment_free(hm_fragment *frag)
+void dtls1_hm_fragment_free(hm_fragment *frag)
{
if (frag->msg_header.is_ccs)
@@ -225,53 +223,50 @@ dtls1_hm_fragment_free(hm_fragment *frag)
OPENSSL_free(frag);
}
-/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
-int dtls1_do_write(SSL *s, int type)
- {
- int ret;
- int curr_mtu;
- unsigned int len, frag_off, mac_size, blocksize;
+static int dtls1_query_mtu(SSL *s)
+{
+ if(s->d1->link_mtu)
+ {
+ s->d1->mtu = s->d1->link_mtu-BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));
+ s->d1->link_mtu = 0;
+ }
/* AHA! Figure out the MTU, and stick to the right size */
- if (s->d1->mtu < dtls1_min_mtu() && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
+ if (s->d1->mtu < dtls1_min_mtu(s))
{
- s->d1->mtu =
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
-
- /* I've seen the kernel return bogus numbers when it doesn't know
- * (initial write), so just make sure we have a reasonable number */
- if (s->d1->mtu < dtls1_min_mtu())
+ if(!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
{
- s->d1->mtu = 0;
- s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
- s->d1->mtu, NULL);
+ s->d1->mtu =
+ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
+
+ /* I've seen the kernel return bogus numbers when it doesn't know
+ * (initial write), so just make sure we have a reasonable number */
+ if (s->d1->mtu < dtls1_min_mtu(s))
+ {
+ /* Set to min mtu */
+ s->d1->mtu = dtls1_min_mtu(s);
+ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
+ s->d1->mtu, NULL);
+ }
}
+ else
+ return 0;
}
-#if 0
- mtu = s->d1->mtu;
-
- fprintf(stderr, "using MTU = %d\n", mtu);
-
- mtu -= (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
-
- curr_mtu = mtu - BIO_wpending(SSL_get_wbio(s));
+ return 1;
+}
- if ( curr_mtu > 0)
- mtu = curr_mtu;
- else if ( ( ret = BIO_flush(SSL_get_wbio(s))) <= 0)
- return ret;
+/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
+int dtls1_do_write(SSL *s, int type)
+ {
+ int ret;
+ unsigned int curr_mtu;
+ int retry = 1;
+ unsigned int len, frag_off, mac_size, blocksize, used_len;
- if ( BIO_wpending(SSL_get_wbio(s)) + s->init_num >= mtu)
- {
- ret = BIO_flush(SSL_get_wbio(s));
- if ( ret <= 0)
- return ret;
- mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
- }
-#endif
+ if(!dtls1_query_mtu(s))
+ return -1;
- OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu()); /* should have something reasonable now */
+ OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu(s)); /* should have something reasonable now */
if ( s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
OPENSSL_assert(s->init_num ==
@@ -289,10 +284,15 @@ int dtls1_do_write(SSL *s, int type)
blocksize = 0;
frag_off = 0;
- while( s->init_num)
+ /* s->init_num shouldn't ever be < 0...but just in case */
+ while(s->init_num > 0)
{
- curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) -
- DTLS1_RT_HEADER_LENGTH - mac_size - blocksize;
+ used_len = BIO_wpending(SSL_get_wbio(s)) + DTLS1_RT_HEADER_LENGTH
+ + mac_size + blocksize;
+ if(s->d1->mtu > used_len)
+ curr_mtu = s->d1->mtu - used_len;
+ else
+ curr_mtu = 0;
if ( curr_mtu <= DTLS1_HM_HEADER_LENGTH)
{
@@ -300,15 +300,27 @@ int dtls1_do_write(SSL *s, int type)
ret = BIO_flush(SSL_get_wbio(s));
if ( ret <= 0)
return ret;
- curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH -
- mac_size - blocksize;
+ used_len = DTLS1_RT_HEADER_LENGTH + mac_size + blocksize;
+ if(s->d1->mtu > used_len + DTLS1_HM_HEADER_LENGTH)
+ {
+ curr_mtu = s->d1->mtu - used_len;
+ }
+ else
+ {
+ /* Shouldn't happen */
+ return -1;
+ }
}
- if ( s->init_num > curr_mtu)
+ /* We just checked that s->init_num > 0 so this cast should be safe */
+ if (((unsigned int)s->init_num) > curr_mtu)
len = curr_mtu;
else
len = s->init_num;
+ /* Shouldn't ever happen */
+ if(len > INT_MAX)
+ len = INT_MAX;
/* XDTLS: this function is too long. split out the CCS part */
if ( type == SSL3_RT_HANDSHAKE)
@@ -319,18 +331,29 @@ int dtls1_do_write(SSL *s, int type)
s->init_off -= DTLS1_HM_HEADER_LENGTH;
s->init_num += DTLS1_HM_HEADER_LENGTH;
- if ( s->init_num > curr_mtu)
+ /* We just checked that s->init_num > 0 so this cast should be safe */
+ if (((unsigned int)s->init_num) > curr_mtu)
len = curr_mtu;
else
len = s->init_num;
}
+ /* Shouldn't ever happen */
+ if(len > INT_MAX)
+ len = INT_MAX;
+
+ if ( len < DTLS1_HM_HEADER_LENGTH )
+ {
+ /*
+ * len is so small that we really can't do anything sensible
+ * so fail
+ */
+ return -1;
+ }
dtls1_fix_message_header(s, frag_off,
len - DTLS1_HM_HEADER_LENGTH);
dtls1_write_message_header(s, (unsigned char *)&s->init_buf->data[s->init_off]);
-
- OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH);
}
ret=dtls1_write_bytes(s,type,&s->init_buf->data[s->init_off],
@@ -343,12 +366,23 @@ int dtls1_do_write(SSL *s, int type)
* is fine and wait for an alert to handle the
* retransmit
*/
- if ( BIO_ctrl(SSL_get_wbio(s),
+ if ( retry && BIO_ctrl(SSL_get_wbio(s),
BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0 )
- s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
- BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
+ {
+ if(!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
+ {
+ if(!dtls1_query_mtu(s))
+ return -1;
+ /* Have one more go */
+ retry = 0;
+ }
+ else
+ return -1;
+ }
else
+ {
return(-1);
+ }
}
else
{
@@ -1412,28 +1446,20 @@ dtls1_write_message_header(SSL *s, unsigned char *p)
return p;
}
-unsigned int
-dtls1_min_mtu(void)
+unsigned int
+dtls1_link_min_mtu(void)
{
return (g_probable_mtu[(sizeof(g_probable_mtu) /
sizeof(g_probable_mtu[0])) - 1]);
}
-static unsigned int
-dtls1_guess_mtu(unsigned int curr_mtu)
+unsigned int
+dtls1_min_mtu(SSL *s)
{
- unsigned int i;
-
- if ( curr_mtu == 0 )
- return g_probable_mtu[0] ;
-
- for ( i = 0; i < sizeof(g_probable_mtu)/sizeof(g_probable_mtu[0]); i++)
- if ( curr_mtu > g_probable_mtu[i])
- return g_probable_mtu[i];
-
- return curr_mtu;
+ return dtls1_link_min_mtu()-BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));
}
+
void
dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
{
diff --git a/main/openssl/ssl/d1_clnt.c b/main/openssl/ssl/d1_clnt.c
index 37dd5483..e5ae2bd8 100644
--- a/main/openssl/ssl/d1_clnt.c
+++ b/main/openssl/ssl/d1_clnt.c
@@ -249,6 +249,9 @@ int dtls1_connect(SSL *s)
memset(s->s3->client_random,0,sizeof(s->s3->client_random));
s->d1->send_cookie = 0;
s->hit = 0;
+ s->d1->change_cipher_spec_ok = 0;
+ /* Should have been reset by ssl3_get_finished, too. */
+ s->s3->change_cipher_spec = 0;
break;
#ifndef OPENSSL_NO_SCTP
@@ -370,20 +373,6 @@ int dtls1_connect(SSL *s)
case SSL3_ST_CR_CERT_A:
case SSL3_ST_CR_CERT_B:
-#ifndef OPENSSL_NO_TLSEXT
- ret=ssl3_check_finished(s);
- if (ret <= 0) goto end;
- if (ret == 2)
- {
- s->hit = 1;
- if (s->tlsext_ticket_expected)
- s->state=SSL3_ST_CR_SESSION_TICKET_A;
- else
- s->state=SSL3_ST_CR_FINISHED_A;
- s->init_num=0;
- break;
- }
-#endif
/* Check if it is anon DH or PSK */
if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) &&
!(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
@@ -506,7 +495,6 @@ int dtls1_connect(SSL *s)
else
#endif
s->state=SSL3_ST_CW_CHANGE_A;
- s->s3->change_cipher_spec=0;
}
s->init_num=0;
@@ -527,7 +515,6 @@ int dtls1_connect(SSL *s)
#endif
s->state=SSL3_ST_CW_CHANGE_A;
s->init_num=0;
- s->s3->change_cipher_spec=0;
break;
case SSL3_ST_CW_CHANGE_A:
@@ -1725,6 +1712,12 @@ int dtls1_send_client_certificate(SSL *s)
s->state=SSL3_ST_CW_CERT_D;
l=dtls1_output_cert_chain(s,
(s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
+ if (!l)
+ {
+ SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR);
+ return 0;
+ }
s->init_num=(int)l;
s->init_off=0;
diff --git a/main/openssl/ssl/d1_enc.c b/main/openssl/ssl/d1_enc.c
index 712c4647..3da2b4c8 100644
--- a/main/openssl/ssl/d1_enc.c
+++ b/main/openssl/ssl/d1_enc.c
@@ -241,7 +241,8 @@ int dtls1_enc(SSL *s, int send)
return 0;
}
- EVP_Cipher(ds,rec->data,rec->input,l);
+ if(EVP_Cipher(ds,rec->data,rec->input,l) < 1)
+ return -1;
#ifdef KSSL_DEBUG
{
diff --git a/main/openssl/ssl/d1_lib.c b/main/openssl/ssl/d1_lib.c
index 82ca6539..14337b31 100644
--- a/main/openssl/ssl/d1_lib.c
+++ b/main/openssl/ssl/d1_lib.c
@@ -113,6 +113,9 @@ int dtls1_new(SSL *s)
d1->cookie_len = sizeof(s->d1->cookie);
}
+ d1->link_mtu = 0;
+ d1->mtu = 0;
+
if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q
|| ! d1->buffered_messages || ! d1->sent_messages || ! d1->buffered_app_data.q)
{
@@ -161,16 +164,14 @@ static void dtls1_clear_queues(SSL *s)
while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL)
{
frag = (hm_fragment *)item->data;
- OPENSSL_free(frag->fragment);
- OPENSSL_free(frag);
+ dtls1_hm_fragment_free(frag);
pitem_free(item);
}
while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)
{
frag = (hm_fragment *)item->data;
- OPENSSL_free(frag->fragment);
- OPENSSL_free(frag);
+ dtls1_hm_fragment_free(frag);
pitem_free(item);
}
@@ -210,6 +211,7 @@ void dtls1_clear(SSL *s)
pqueue sent_messages;
pqueue buffered_app_data;
unsigned int mtu;
+ unsigned int link_mtu;
if (s->d1)
{
@@ -219,6 +221,7 @@ void dtls1_clear(SSL *s)
sent_messages = s->d1->sent_messages;
buffered_app_data = s->d1->buffered_app_data.q;
mtu = s->d1->mtu;
+ link_mtu = s->d1->link_mtu;
dtls1_clear_queues(s);
@@ -232,6 +235,7 @@ void dtls1_clear(SSL *s)
if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)
{
s->d1->mtu = mtu;
+ s->d1->link_mtu = link_mtu;
}
s->d1->unprocessed_rcds.q = unprocessed_rcds;
@@ -276,7 +280,22 @@ long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
/* Just one protocol version is supported so far;
* fail closed if the version is not as expected. */
return s->version == DTLS_MAX_VERSION;
-
+ case DTLS_CTRL_SET_LINK_MTU:
+ if (larg < (long)dtls1_link_min_mtu())
+ return 0;
+ s->d1->link_mtu = larg;
+ return 1;
+ case DTLS_CTRL_GET_LINK_MIN_MTU:
+ return (long)dtls1_link_min_mtu();
+ case SSL_CTRL_SET_MTU:
+ /*
+ * We may not have a BIO set yet so can't call dtls1_min_mtu()
+ * We'll have to make do with dtls1_link_min_mtu() and max overhead
+ */
+ if (larg < (long)dtls1_link_min_mtu() - DTLS1_MAX_MTU_OVERHEAD)
+ return 0;
+ s->d1->mtu = larg;
+ return larg;
default:
ret = ssl3_ctrl(s, cmd, larg, parg);
break;
@@ -415,12 +434,17 @@ void dtls1_stop_timer(SSL *s)
int dtls1_check_timeout_num(SSL *s)
{
+ unsigned int mtu;
+
s->d1->timeout.num_alerts++;
/* Reduce MTU after 2 unsuccessful retransmissions */
- if (s->d1->timeout.num_alerts > 2)
+ if (s->d1->timeout.num_alerts > 2
+ && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
{
- s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
+ mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
+ if(mtu < s->d1->mtu)
+ s->d1->mtu = mtu;
}
if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
diff --git a/main/openssl/ssl/d1_pkt.c b/main/openssl/ssl/d1_pkt.c
index 363fc8c8..4e5b68e5 100644
--- a/main/openssl/ssl/d1_pkt.c
+++ b/main/openssl/ssl/d1_pkt.c
@@ -214,7 +214,7 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
/* Limit the size of the queue to prevent DOS attacks */
if (pqueue_size(queue->q) >= 100)
return 0;
-
+
rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
item = pitem_new(priority, rdata);
if (rdata == NULL || item == NULL)
@@ -249,18 +249,22 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
if (!ssl3_setup_buffers(s))
{
SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
+ if (rdata->rbuf.buf != NULL)
+ OPENSSL_free(rdata->rbuf.buf);
OPENSSL_free(rdata);
pitem_free(item);
- return(0);
+ return(-1);
}
/* insert should not fail, since duplicates are dropped */
if (pqueue_insert(queue->q, item) == NULL)
{
SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
+ if (rdata->rbuf.buf != NULL)
+ OPENSSL_free(rdata->rbuf.buf);
OPENSSL_free(rdata);
pitem_free(item);
- return(0);
+ return(-1);
}
return(1);
@@ -316,8 +320,9 @@ dtls1_process_buffered_records(SSL *s)
dtls1_get_unprocessed_record(s);
if ( ! dtls1_process_record(s))
return(0);
- dtls1_buffer_record(s, &(s->d1->processed_rcds),
- s->s3->rrec.seq_num);
+ if(dtls1_buffer_record(s, &(s->d1->processed_rcds),
+ s->s3->rrec.seq_num)<0)
+ return -1;
}
}
@@ -532,7 +537,6 @@ printf("\n");
/* we have pulled in a full packet so zero things */
s->packet_length=0;
- dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */
return(1);
f_err:
@@ -565,7 +569,8 @@ int dtls1_get_record(SSL *s)
/* The epoch may have changed. If so, process all the
* pending records. This is a non-blocking operation. */
- dtls1_process_buffered_records(s);
+ if(dtls1_process_buffered_records(s)<0)
+ return -1;
/* if we're renegotiating, then there may be buffered records */
if (dtls1_get_processed_record(s))
@@ -644,8 +649,6 @@ again:
/* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
i=rr->length;
n=ssl3_read_n(s,i,i,1);
- if (n <= 0) return(n); /* error or non-blocking io */
-
/* this packet contained a partial record, dump it */
if ( n != i)
{
@@ -680,7 +683,8 @@ again:
* would be dropped unnecessarily.
*/
if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
- *p == SSL3_MT_CLIENT_HELLO) &&
+ s->packet_length > DTLS1_RT_HEADER_LENGTH &&
+ s->packet[DTLS1_RT_HEADER_LENGTH] == SSL3_MT_CLIENT_HELLO) &&
!dtls1_record_replay_check(s, bitmap))
{
rr->length = 0;
@@ -703,7 +707,9 @@ again:
{
if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen)
{
- dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
+ if(dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num)<0)
+ return -1;
+ dtls1_record_bitmap_update(s, bitmap);/* Mark receipt of record. */
}
rr->length = 0;
s->packet_length = 0;
@@ -716,6 +722,7 @@ again:
s->packet_length = 0; /* dump this record */
goto again; /* get another record */
}
+ dtls1_record_bitmap_update(s, bitmap);/* Mark receipt of record. */
return(1);
@@ -867,7 +874,11 @@ start:
* buffer the application data for later processing rather
* than dropping the connection.
*/
- dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num);
+ if(dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num)<0)
+ {
+ SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
rr->length = 0;
goto start;
}
@@ -1591,7 +1602,7 @@ static int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
wr->length += bs;
}
- s->method->ssl3_enc->enc(s,1);
+ if(s->method->ssl3_enc->enc(s,1) < 1) goto err;
/* record length after mac and block padding */
/* if (type == SSL3_RT_APPLICATION_DATA ||
diff --git a/main/openssl/ssl/d1_srvr.c b/main/openssl/ssl/d1_srvr.c
index 03b20a27..a7751350 100644
--- a/main/openssl/ssl/d1_srvr.c
+++ b/main/openssl/ssl/d1_srvr.c
@@ -233,6 +233,7 @@ int dtls1_accept(SSL *s)
}
if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
{
+ BUF_MEM_free(buf);
ret= -1;
goto end;
}
@@ -246,6 +247,9 @@ int dtls1_accept(SSL *s)
}
s->init_num=0;
+ s->d1->change_cipher_spec_ok = 0;
+ /* Should have been reset by ssl3_get_finished, too. */
+ s->s3->change_cipher_spec = 0;
if (s->state != SSL_ST_RENEGOTIATE)
{
@@ -450,24 +454,15 @@ int dtls1_accept(SSL *s)
case SSL3_ST_SW_KEY_EXCH_B:
alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
- /* clear this, it may get reset by
- * send_server_key_exchange */
- if ((s->options & SSL_OP_EPHEMERAL_RSA)
-#ifndef OPENSSL_NO_KRB5
- && !(alg_k & SSL_kKRB5)
-#endif /* OPENSSL_NO_KRB5 */
- )
- /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
- * even when forbidden by protocol specs
- * (handshake may fail as clients are not required to
- * be able to handle this) */
- s->s3->tmp.use_rsa_tmp=1;
- else
- s->s3->tmp.use_rsa_tmp=0;
+ /*
+ * clear this, it may get reset by
+ * send_server_key_exchange
+ */
+ s->s3->tmp.use_rsa_tmp=0;
/* only send if a DH key exchange or
* RSA but we have a sign only certificate */
- if (s->s3->tmp.use_rsa_tmp
+ if (0
/* PSK: send ServerKeyExchange if PSK identity
* hint if provided */
#ifndef OPENSSL_NO_PSK
@@ -658,8 +653,14 @@ int dtls1_accept(SSL *s)
case SSL3_ST_SR_CERT_VRFY_A:
case SSL3_ST_SR_CERT_VRFY_B:
-
- s->d1->change_cipher_spec_ok = 1;
+ /*
+ * This *should* be the first time we enable CCS, but be
+ * extra careful about surrounding code changes. We need
+ * to set this here because we don't know if we're
+ * expecting a CertificateVerify or not.
+ */
+ if (!s->s3->change_cipher_spec)
+ s->d1->change_cipher_spec_ok = 1;
/* we should decide if we expected this one */
ret=ssl3_get_cert_verify(s);
if (ret <= 0) goto end;
@@ -675,7 +676,18 @@ int dtls1_accept(SSL *s)
case SSL3_ST_SR_FINISHED_A:
case SSL3_ST_SR_FINISHED_B:
- s->d1->change_cipher_spec_ok = 1;
+ /*
+ * Enable CCS for resumed handshakes.
+ * In a full handshake, we end up here through
+ * SSL3_ST_SR_CERT_VRFY_B, so change_cipher_spec_ok was
+ * already set. Receiving a CCS clears the flag, so make
+ * sure not to re-enable it to ban duplicates.
+ * s->s3->change_cipher_spec is set when a CCS is
+ * processed in d1_pkt.c, and remains set until
+ * the client's Finished message is read.
+ */
+ if (!s->s3->change_cipher_spec)
+ s->d1->change_cipher_spec_ok = 1;
ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
SSL3_ST_SR_FINISHED_B);
if (ret <= 0) goto end;
@@ -1604,6 +1616,11 @@ int dtls1_send_server_certificate(SSL *s)
}
l=dtls1_output_cert_chain(s,x);
+ if (!l)
+ {
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
+ return(0);
+ }
s->state=SSL3_ST_SW_CERT_B;
s->init_num=(int)l;
s->init_off=0;
diff --git a/main/openssl/ssl/dtls1.h b/main/openssl/ssl/dtls1.h
index 192c5def..33857526 100644
--- a/main/openssl/ssl/dtls1.h
+++ b/main/openssl/ssl/dtls1.h
@@ -117,6 +117,9 @@ extern "C" {
#define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP"
#endif
+/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */
+#define DTLS1_MAX_MTU_OVERHEAD 48
+
typedef struct dtls1_bitmap_st
{
unsigned long map; /* track 32 packets on 32-bit systems
@@ -231,6 +234,7 @@ typedef struct dtls1_state_st
/* Is set when listening for new connections with dtls1_listen() */
unsigned int listen;
+ unsigned int link_mtu; /* max on-the-wire DTLS packet size */
unsigned int mtu; /* max DTLS packet size */
struct hm_header_st w_msg_hdr;
@@ -252,6 +256,10 @@ typedef struct dtls1_state_st
unsigned int handshake_fragment_len;
unsigned int retransmitting;
+ /*
+ * Set when the handshake is ready to process peer's ChangeCipherSpec message.
+ * Cleared after the message has been processed.
+ */
unsigned int change_cipher_spec_ok;
#ifndef OPENSSL_NO_SCTP
diff --git a/main/openssl/ssl/kssl.c b/main/openssl/ssl/kssl.c
index fd7c67bb..950a0c56 100644
--- a/main/openssl/ssl/kssl.c
+++ b/main/openssl/ssl/kssl.c
@@ -954,15 +954,15 @@ print_krb5_data(char *label, krb5_data *kdata)
{
int i;
- printf("%s[%d] ", label, kdata->length);
+ fprintf(stderr,"%s[%d] ", label, kdata->length);
for (i=0; i < (int)kdata->length; i++)
{
if (0 && isprint((int) kdata->data[i]))
- printf( "%c ", kdata->data[i]);
+ fprintf(stderr, "%c ", kdata->data[i]);
else
- printf( "%02x ", (unsigned char) kdata->data[i]);
+ fprintf(stderr, "%02x ", (unsigned char) kdata->data[i]);
}
- printf("\n");
+ fprintf(stderr,"\n");
}
@@ -973,20 +973,20 @@ print_krb5_authdata(char *label, krb5_authdata **adata)
{
if (adata == NULL)
{
- printf("%s, authdata==0\n", label);
+ fprintf(stderr,"%s, authdata==0\n", label);
return;
}
- printf("%s [%p]\n", label, (void *)adata);
+ fprintf(stderr,"%s [%p]\n", label, (void *)adata);
#if 0
{
int i;
- printf("%s[at%d:%d] ", label, adata->ad_type, adata->length);
+ fprintf(stderr,"%s[at%d:%d] ", label, adata->ad_type, adata->length);
for (i=0; i < adata->length; i++)
{
- printf((isprint(adata->contents[i]))? "%c ": "%02x",
+ fprintf(stderr,(isprint(adata->contents[i]))? "%c ": "%02x",
adata->contents[i]);
}
- printf("\n");
+ fprintf(stderr,"\n");
}
#endif
}
@@ -1001,24 +1001,24 @@ print_krb5_keyblock(char *label, krb5_keyblock *keyblk)
if (keyblk == NULL)
{
- printf("%s, keyblk==0\n", label);
+ fprintf(stderr,"%s, keyblk==0\n", label);
return;
}
#ifdef KRB5_HEIMDAL
- printf("%s\n\t[et%d:%d]: ", label, keyblk->keytype,
+ fprintf(stderr,"%s\n\t[et%d:%d]: ", label, keyblk->keytype,
keyblk->keyvalue->length);
for (i=0; i < (int)keyblk->keyvalue->length; i++)
{
- printf("%02x",(unsigned char *)(keyblk->keyvalue->contents)[i]);
+ fprintf(stderr,"%02x",(unsigned char *)(keyblk->keyvalue->contents)[i]);
}
- printf("\n");
+ fprintf(stderr,"\n");
#else
- printf("%s\n\t[et%d:%d]: ", label, keyblk->enctype, keyblk->length);
+ fprintf(stderr,"%s\n\t[et%d:%d]: ", label, keyblk->enctype, keyblk->length);
for (i=0; i < (int)keyblk->length; i++)
{
- printf("%02x",keyblk->contents[i]);
+ fprintf(stderr,"%02x",keyblk->contents[i]);
}
- printf("\n");
+ fprintf(stderr,"\n");
#endif
}
@@ -1031,17 +1031,17 @@ print_krb5_princ(char *label, krb5_principal_data *princ)
{
int i, ui, uj;
- printf("%s principal Realm: ", label);
+ fprintf(stderr,"%s principal Realm: ", label);
if (princ == NULL) return;
for (ui=0; ui < (int)princ->realm.length; ui++) putchar(princ->realm.data[ui]);
- printf(" (nametype %d) has %d strings:\n", princ->type,princ->length);
+ fprintf(stderr," (nametype %d) has %d strings:\n", princ->type,princ->length);
for (i=0; i < (int)princ->length; i++)
{
- printf("\t%d [%d]: ", i, princ->data[i].length);
+ fprintf(stderr,"\t%d [%d]: ", i, princ->data[i].length);
for (uj=0; uj < (int)princ->data[i].length; uj++) {
putchar(princ->data[i].data[uj]);
}
- printf("\n");
+ fprintf(stderr,"\n");
}
return;
}
@@ -1332,7 +1332,7 @@ kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx,
}
#ifdef KSSL_DEBUG
- printf("in kssl_sget_tkt(%s)\n", kstring(kssl_ctx->service_name));
+ fprintf(stderr,"in kssl_sget_tkt(%s)\n", kstring(kssl_ctx->service_name));
#endif /* KSSL_DEBUG */
if (!krb5context && (krb5rc = krb5_init_context(&krb5context)))
@@ -1481,18 +1481,18 @@ kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx,
#ifdef KSSL_DEBUG
{
int i; krb5_address **paddr = krb5ticket->enc_part2->caddrs;
- printf("Decrypted ticket fields:\n");
- printf("\tflags: %X, transit-type: %X",
+ fprintf(stderr,"Decrypted ticket fields:\n");
+ fprintf(stderr,"\tflags: %X, transit-type: %X",
krb5ticket->enc_part2->flags,
krb5ticket->enc_part2->transited.tr_type);
print_krb5_data("\ttransit-data: ",
&(krb5ticket->enc_part2->transited.tr_contents));
- printf("\tcaddrs: %p, authdata: %p\n",
+ fprintf(stderr,"\tcaddrs: %p, authdata: %p\n",
krb5ticket->enc_part2->caddrs,
krb5ticket->enc_part2->authorization_data);
if (paddr)
{
- printf("\tcaddrs:\n");
+ fprintf(stderr,"\tcaddrs:\n");
for (i=0; paddr[i] != NULL; i++)
{
krb5_data d;
@@ -1501,7 +1501,7 @@ kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx,
print_krb5_data("\t\tIP: ", &d);
}
}
- printf("\tstart/auth/end times: %d / %d / %d\n",
+ fprintf(stderr,"\tstart/auth/end times: %d / %d / %d\n",
krb5ticket->enc_part2->times.starttime,
krb5ticket->enc_part2->times.authtime,
krb5ticket->enc_part2->times.endtime);
@@ -1976,7 +1976,7 @@ krb5_error_code kssl_validate_times( krb5_timestamp atime,
if ((now - ttimes->endtime) > skew) return SSL_R_KRB5_S_TKT_EXPIRED;
#ifdef KSSL_DEBUG
- printf("kssl_validate_times: %d |<- | %d - %d | < %d ->| %d\n",
+ fprintf(stderr,"kssl_validate_times: %d |<- | %d - %d | < %d ->| %d\n",
start, atime, now, skew, ttimes->endtime);
#endif /* KSSL_DEBUG */
@@ -2027,10 +2027,10 @@ krb5_error_code kssl_check_authent(
#ifdef KSSL_DEBUG
{
unsigned int ui;
- printf("kssl_check_authent: authenticator[%d]:\n",authentp->length);
+ fprintf(stderr,"kssl_check_authent: authenticator[%d]:\n",authentp->length);
p = authentp->data;
- for (ui=0; ui < authentp->length; ui++) printf("%02x ",p[ui]);
- printf("\n");
+ for (ui=0; ui < authentp->length; ui++) fprintf(stderr,"%02x ",p[ui]);
+ fprintf(stderr,"\n");
}
#endif /* KSSL_DEBUG */
@@ -2095,9 +2095,9 @@ krb5_error_code kssl_check_authent(
#ifdef KSSL_DEBUG
{
int padl;
- printf("kssl_check_authent: decrypted authenticator[%d] =\n", outl);
- for (padl=0; padl < outl; padl++) printf("%02x ",unenc_authent[padl]);
- printf("\n");
+ fprintf(stderr,"kssl_check_authent: decrypted authenticator[%d] =\n", outl);
+ for (padl=0; padl < outl; padl++) fprintf(stderr,"%02x ",unenc_authent[padl]);
+ fprintf(stderr,"\n");
}
#endif /* KSSL_DEBUG */
@@ -2132,10 +2132,10 @@ krb5_error_code kssl_check_authent(
}
#ifdef KSSL_DEBUG
- printf("kssl_check_authent: returns %d for client time ", *atimep);
+ fprintf(stderr,"kssl_check_authent: returns %d for client time ", *atimep);
if (auth && auth->ctime && auth->ctime->length && auth->ctime->data)
- printf("%.*s\n", auth->ctime->length, auth->ctime->data);
- else printf("NULL\n");
+ fprintf(stderr,"%.*s\n", auth->ctime->length, auth->ctime->data);
+ else fprintf(stderr,"NULL\n");
#endif /* KSSL_DEBUG */
err:
diff --git a/main/openssl/ssl/s23_srvr.c b/main/openssl/ssl/s23_srvr.c
index 93ca7d53..3178815e 100644
--- a/main/openssl/ssl/s23_srvr.c
+++ b/main/openssl/ssl/s23_srvr.c
@@ -192,6 +192,7 @@ int ssl23_accept(SSL *s)
}
if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
{
+ BUF_MEM_free(buf);
ret= -1;
goto end;
}
@@ -602,12 +603,14 @@ int ssl23_get_client_hello(SSL *s)
if ((type == 2) || (type == 3))
{
/* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
- s->method = ssl23_get_server_method(s->version);
- if (s->method == NULL)
+ const SSL_METHOD *new_method;
+ new_method = ssl23_get_server_method(s->version);
+ if (new_method == NULL)
{
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
goto err;
}
+ s->method = new_method;
if (!ssl_init_wbio_buffer(s,1)) goto err;
diff --git a/main/openssl/ssl/s2_enc.c b/main/openssl/ssl/s2_enc.c
index ff3395f4..a35968f6 100644
--- a/main/openssl/ssl/s2_enc.c
+++ b/main/openssl/ssl/s2_enc.c
@@ -117,8 +117,9 @@ err:
/* read/writes from s->s2->mac_data using length for encrypt and
* decrypt. It sets s->s2->padding and s->[rw]length
- * if we are encrypting */
-void ssl2_enc(SSL *s, int send)
+ * if we are encrypting
+ * Returns 0 on error and 1 on success */
+int ssl2_enc(SSL *s, int send)
{
EVP_CIPHER_CTX *ds;
unsigned long l;
@@ -136,7 +137,7 @@ void ssl2_enc(SSL *s, int send)
}
/* check for NULL cipher */
- if (ds == NULL) return;
+ if (ds == NULL) return 1;
bs=ds->cipher->block_size;
@@ -145,7 +146,10 @@ void ssl2_enc(SSL *s, int send)
if (bs == 8)
l=(l+7)/8*8;
- EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l);
+ if(EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l) < 1)
+ return 0;
+
+ return 1;
}
void ssl2_mac(SSL *s, unsigned char *md, int send)
diff --git a/main/openssl/ssl/s2_pkt.c b/main/openssl/ssl/s2_pkt.c
index 8bb6ab8b..acd61dc5 100644
--- a/main/openssl/ssl/s2_pkt.c
+++ b/main/openssl/ssl/s2_pkt.c
@@ -265,7 +265,11 @@ static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
if ((!s->s2->clear_text) &&
(s->s2->rlength >= (unsigned int)mac_size))
{
- ssl2_enc(s,0);
+ if(!ssl2_enc(s,0))
+ {
+ SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_DECRYPTION_FAILED);
+ return(-1);
+ }
s->s2->ract_data_length-=mac_size;
ssl2_mac(s,mac,0);
s->s2->ract_data_length-=s->s2->padding;
@@ -616,7 +620,8 @@ static int n_do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
s->s2->wact_data_length=len+p;
ssl2_mac(s,s->s2->mac_data,1);
s->s2->wlength+=p+mac_size;
- ssl2_enc(s,1);
+ if(ssl2_enc(s,1) < 1)
+ return -1;
}
/* package up the header */
diff --git a/main/openssl/ssl/s2_srvr.c b/main/openssl/ssl/s2_srvr.c
index 2cba426b..59ced3f3 100644
--- a/main/openssl/ssl/s2_srvr.c
+++ b/main/openssl/ssl/s2_srvr.c
@@ -188,13 +188,21 @@ int ssl2_accept(SSL *s)
s->version=SSL2_VERSION;
s->type=SSL_ST_ACCEPT;
- buf=s->init_buf;
- if ((buf == NULL) && ((buf=BUF_MEM_new()) == NULL))
- { ret= -1; goto end; }
- if (!BUF_MEM_grow(buf,(int)
- SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
- { ret= -1; goto end; }
- s->init_buf=buf;
+ if(s->init_buf == NULL)
+ {
+ if ((buf=BUF_MEM_new()) == NULL)
+ {
+ ret= -1;
+ goto end;
+ }
+ if (!BUF_MEM_grow(buf,(int) SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
+ {
+ BUF_MEM_free(buf);
+ ret= -1;
+ goto end;
+ }
+ s->init_buf=buf;
+ }
s->init_num=0;
s->ctx->stats.sess_accept++;
s->handshake_func=ssl2_accept;
diff --git a/main/openssl/ssl/s3_both.c b/main/openssl/ssl/s3_both.c
index 607990d0..8d5e0b73 100644
--- a/main/openssl/ssl/s3_both.c
+++ b/main/openssl/ssl/s3_both.c
@@ -446,6 +446,7 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
goto f_err;
}
*ok=1;
+ s->state = stn;
s->init_msg = s->init_buf->data + 4;
s->init_num = (int)s->s3->tmp.message_size;
return s->init_num;
diff --git a/main/openssl/ssl/s3_clnt.c b/main/openssl/ssl/s3_clnt.c
index 8a81793e..f06c7160 100644
--- a/main/openssl/ssl/s3_clnt.c
+++ b/main/openssl/ssl/s3_clnt.c
@@ -167,9 +167,9 @@
#include <openssl/engine.h>
#endif
-static const SSL_METHOD *ssl3_get_client_method(int ver);
static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
+#ifndef OPENSSL_NO_SSL3_METHOD
static const SSL_METHOD *ssl3_get_client_method(int ver)
{
if (ver == SSL3_VERSION)
@@ -182,6 +182,7 @@ IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
ssl_undefined_function,
ssl3_connect,
ssl3_get_client_method)
+#endif
int ssl3_connect(SSL *s)
{
@@ -278,6 +279,9 @@ int ssl3_connect(SSL *s)
s->state=SSL3_ST_CW_CLNT_HELLO_A;
s->ctx->stats.sess_connect++;
s->init_num=0;
+ s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
+ /* Should have been reset by ssl3_get_finished, too. */
+ s->s3->change_cipher_spec = 0;
break;
case SSL3_ST_CW_CLNT_HELLO_A:
@@ -318,20 +322,6 @@ int ssl3_connect(SSL *s)
case SSL3_ST_CR_CERT_A:
case SSL3_ST_CR_CERT_B:
-#ifndef OPENSSL_NO_TLSEXT
- ret=ssl3_check_finished(s);
- if (ret <= 0) goto end;
- if (ret == 2)
- {
- s->hit = 1;
- if (s->tlsext_ticket_expected)
- s->state=SSL3_ST_CR_SESSION_TICKET_A;
- else
- s->state=SSL3_ST_CR_FINISHED_A;
- s->init_num=0;
- break;
- }
-#endif
/* Check if it is anon DH/ECDH, SRP auth */
/* or non-RSA PSK */
if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL|SSL_aSRP)) &&
@@ -440,12 +430,10 @@ int ssl3_connect(SSL *s)
else
{
s->state=SSL3_ST_CW_CHANGE_A;
- s->s3->change_cipher_spec=0;
}
if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY)
{
s->state=SSL3_ST_CW_CHANGE_A;
- s->s3->change_cipher_spec=0;
}
s->init_num=0;
@@ -457,7 +445,6 @@ int ssl3_connect(SSL *s)
if (ret <= 0) goto end;
s->state=SSL3_ST_CW_CHANGE_A;
s->init_num=0;
- s->s3->change_cipher_spec=0;
break;
case SSL3_ST_CW_CHANGE_A:
@@ -530,7 +517,6 @@ int ssl3_connect(SSL *s)
s->method->ssl3_enc->client_finished_label,
s->method->ssl3_enc->client_finished_label_len);
if (ret <= 0) goto end;
- s->s3->flags |= SSL3_FLAGS_CCS_OK;
s->state=SSL3_ST_CW_FLUSH;
/* clear flags */
@@ -609,7 +595,6 @@ int ssl3_connect(SSL *s)
case SSL3_ST_CR_FINISHED_A:
case SSL3_ST_CR_FINISHED_B:
-
s->s3->flags |= SSL3_FLAGS_CCS_OK;
ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
SSL3_ST_CR_FINISHED_B);
@@ -737,11 +722,7 @@ int ssl3_client_hello(SSL *s)
SSL_SESSION *sess = s->session;
if ((sess == NULL) ||
(sess->ssl_version != s->version) ||
-#ifdef OPENSSL_NO_TLSEXT
!sess->session_id_length ||
-#else
- (!sess->session_id_length && !sess->tlsext_tick) ||
-#endif
(sess->not_resumable))
{
if (!s->session_creation_enabled)
@@ -953,6 +934,8 @@ int ssl3_get_server_hello(SSL *s)
memcpy(s->s3->server_random,p,SSL3_RANDOM_SIZE);
p+=SSL3_RANDOM_SIZE;
+ s->hit = 0;
+
/* get the session-id */
j= *(p++);
@@ -976,12 +959,12 @@ int ssl3_get_server_hello(SSL *s)
{
s->session->cipher = pref_cipher ?
pref_cipher : ssl_get_cipher_by_char(s, p+j);
- s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ s->hit = 1;
}
}
#endif /* OPENSSL_NO_TLSEXT */
- if (j != 0 && j == s->session->session_id_length
+ if (!s->hit && j != 0 && j == s->session->session_id_length
&& memcmp(p,s->session->session_id,j) == 0)
{
if(s->sid_ctx_length != s->session->sid_ctx_length
@@ -992,14 +975,13 @@ int ssl3_get_server_hello(SSL *s)
SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
goto f_err;
}
- s->s3->flags |= SSL3_FLAGS_CCS_OK;
s->hit=1;
}
- else /* a miss or crap from the other end */
+ /* a miss or crap from the other end */
+ if (!s->hit)
{
/* If we were trying for session-id reuse, make a new
* SSL_SESSION so we don't stuff up other people */
- s->hit=0;
if (s->session->session_id_length > 0)
{
if (!s->session_creation_enabled)
@@ -1283,9 +1265,9 @@ int ssl3_get_server_certificate(SSL *s)
? 0 : 1;
#ifdef KSSL_DEBUG
- printf("pkey,x = %p, %p\n", pkey,x);
- printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey));
- printf("cipher, alg, nc = %s, %lx, %lx, %d\n", s->s3->tmp.new_cipher->name,
+ fprintf(stderr,"pkey,x = %p, %p\n", pkey,x);
+ fprintf(stderr,"ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey));
+ fprintf(stderr,"cipher, alg, nc = %s, %lx, %lx, %d\n", s->s3->tmp.new_cipher->name,
s->s3->tmp.new_cipher->algorithm_mkey, s->s3->tmp.new_cipher->algorithm_auth, need_cert);
#endif /* KSSL_DEBUG */
@@ -1375,6 +1357,8 @@ int ssl3_get_key_exchange(SSL *s)
int encoded_pt_len = 0;
#endif
+ EVP_MD_CTX_init(&md_ctx);
+
/* use same message size as in ssl3_get_certificate_request()
* as ServerKeyExchange message may be skipped */
n=s->method->ssl_get_message(s,
@@ -1385,8 +1369,20 @@ int ssl3_get_key_exchange(SSL *s)
&ok);
if (!ok) return((int)n);
+ alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
+
if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE)
{
+ /*
+ * Can't skip server key exchange if this is an ephemeral
+ * ciphersuite.
+ */
+ if (alg_k & (SSL_kEDH|SSL_kEECDH))
+ {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ goto f_err;
+ }
#ifndef OPENSSL_NO_PSK
/* In plain PSK ciphersuite, ServerKeyExchange can be
omitted if no identity hint is sent. Set
@@ -1439,9 +1435,7 @@ int ssl3_get_key_exchange(SSL *s)
/* Total length of the parameters including the length prefix */
param_len=0;
- alg_k=s->s3->tmp.new_cipher->algorithm_mkey;
alg_a=s->s3->tmp.new_cipher->algorithm_auth;
- EVP_MD_CTX_init(&md_ctx);
al=SSL_AD_DECODE_ERROR;
@@ -1630,6 +1624,13 @@ int ssl3_get_key_exchange(SSL *s)
#ifndef OPENSSL_NO_RSA
else if (alg_k & SSL_kRSA)
{
+ /* Temporary RSA keys only allowed in export ciphersuites */
+ if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher))
+ {
+ al=SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
+ goto f_err;
+ }
if ((rsa=RSA_new()) == NULL)
{
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
@@ -2260,24 +2261,13 @@ int ssl3_get_new_session_ticket(SSL *s)
n=s->method->ssl_get_message(s,
SSL3_ST_CR_SESSION_TICKET_A,
SSL3_ST_CR_SESSION_TICKET_B,
- -1,
+ SSL3_MT_NEWSESSION_TICKET,
16384,
&ok);
if (!ok)
return((int)n);
- if (s->s3->tmp.message_type == SSL3_MT_FINISHED)
- {
- s->s3->tmp.reuse_message=1;
- return(1);
- }
- if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET)
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_BAD_MESSAGE_TYPE);
- goto f_err;
- }
if (n < 6)
{
/* need at least ticket_lifetime_hint + ticket length */
@@ -2309,7 +2299,7 @@ int ssl3_get_new_session_ticket(SSL *s)
}
memcpy(s->session->tlsext_tick, p, ticklen);
s->session->tlsext_ticklen = ticklen;
- /* There are two ways to detect a resumed ticket sesion.
+ /* There are two ways to detect a resumed ticket session.
* One is to set an appropriate session ID and then the server
* must return a match in ServerHello. This allows the normal
* client session ID matching to work and we know much
@@ -2490,7 +2480,7 @@ int ssl3_send_client_key_exchange(SSL *s)
memset(identity, 0, sizeof(identity));
psk_len = s->psk_client_callback(s, s->session->psk_identity_hint,
- identity, sizeof(identity - 1), psk, sizeof(psk));
+ identity, sizeof(identity) - 1, psk, sizeof(psk));
if (psk_len > PSK_MAX_PSK_LEN)
{
SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
@@ -2638,7 +2628,7 @@ int ssl3_send_client_key_exchange(SSL *s)
EVP_CIPHER_CTX_init(&ciph_ctx);
#ifdef KSSL_DEBUG
- printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
+ fprintf(stderr,"ssl3_send_client_key_exchange(%lx & %lx)\n",
alg_k, SSL_kKRB5);
#endif /* KSSL_DEBUG */
@@ -2654,9 +2644,9 @@ int ssl3_send_client_key_exchange(SSL *s)
goto err;
#ifdef KSSL_DEBUG
{
- printf("kssl_cget_tkt rtn %d\n", krb5rc);
+ fprintf(stderr,"kssl_cget_tkt rtn %d\n", krb5rc);
if (krb5rc && kssl_err.text)
- printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
+ fprintf(stderr,"kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
}
#endif /* KSSL_DEBUG */
@@ -3457,6 +3447,12 @@ int ssl3_send_client_certificate(SSL *s)
s->state=SSL3_ST_CW_CERT_D;
l=ssl3_output_cert_chain(s,
(s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
+ if (!l)
+ {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR);
+ return 0;
+ }
s->init_num=(int)l;
s->init_off=0;
}
@@ -3627,7 +3623,7 @@ int ssl3_send_next_proto(SSL *s)
}
return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
-}
+ }
# endif /* !OPENSSL_NO_NEXTPROTONEG */
int ssl3_send_channel_id(SSL *s)
@@ -3758,37 +3754,6 @@ err:
}
#endif /* !OPENSSL_NO_TLSEXT */
-/* Check to see if handshake is full or resumed. Usually this is just a
- * case of checking to see if a cache hit has occurred. In the case of
- * session tickets we have to check the next message to be sure.
- */
-
-#ifndef OPENSSL_NO_TLSEXT
-int ssl3_check_finished(SSL *s)
- {
- int ok;
- long n;
- /* If we have no ticket it cannot be a resumed session. */
- if (!s->session->tlsext_tick)
- return 1;
- /* this function is called when we really expect a Certificate
- * message, so permit appropriate message length */
- n=s->method->ssl_get_message(s,
- SSL3_ST_CR_CERT_A,
- SSL3_ST_CR_CERT_B,
- -1,
- s->max_cert_list,
- &ok);
- if (!ok) return((int)n);
- s->s3->tmp.reuse_message = 1;
- if ((s->s3->tmp.message_type == SSL3_MT_FINISHED)
- || (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))
- return 2;
-
- return 1;
- }
-#endif
-
int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
{
int i = 0;
diff --git a/main/openssl/ssl/s3_enc.c b/main/openssl/ssl/s3_enc.c
index bcb65d48..f99b61ce 100644
--- a/main/openssl/ssl/s3_enc.c
+++ b/main/openssl/ssl/s3_enc.c
@@ -534,7 +534,8 @@ int ssl3_enc(SSL *s, int send)
/* otherwise, rec->length >= bs */
}
- EVP_Cipher(ds,rec->data,rec->input,l);
+ if(EVP_Cipher(ds,rec->data,rec->input,l) < 1)
+ return -1;
if (EVP_MD_CTX_md(s->read_hash) != NULL)
mac_size = EVP_MD_CTX_size(s->read_hash);
diff --git a/main/openssl/ssl/s3_lib.c b/main/openssl/ssl/s3_lib.c
index c378dd60..e752ebdd 100644
--- a/main/openssl/ssl/s3_lib.c
+++ b/main/openssl/ssl/s3_lib.c
@@ -3912,17 +3912,17 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
#endif
#ifdef CIPHER_DEBUG
- printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr);
+ fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), (void *)srvr);
for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
{
c=sk_SSL_CIPHER_value(srvr,i);
- printf("%p:%s\n",(void *)c,c->name);
+ fprintf(stderr, "%p:%s\n",(void *)c,c->name);
}
- printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt);
+ fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), (void *)clnt);
for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
{
c=sk_SSL_CIPHER_value(clnt,i);
- printf("%p:%s\n",(void *)c,c->name);
+ fprintf(stderr, "%p:%s\n",(void *)c,c->name);
}
#endif
@@ -3962,7 +3962,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
#endif
#ifdef KSSL_DEBUG
-/* printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
+/* fprintf(stderr,"ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
#endif /* KSSL_DEBUG */
alg_k=c->algorithm_mkey;
@@ -3985,7 +3985,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
{
ok = (alg_k & emask_k) && (alg_a & emask_a);
#ifdef CIPHER_DEBUG
- printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a,
+ fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s (export)\n",ok,alg_k,alg_a,emask_k,emask_a,
(void *)c,c->name);
#endif
}
@@ -3993,7 +3993,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
{
ok = (alg_k & mask_k) && (alg_a & mask_a);
#ifdef CIPHER_DEBUG
- printf("%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c,
+ fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n",ok,alg_k,alg_a,mask_k,mask_a,(void *)c,
c->name);
#endif
}
@@ -4102,6 +4102,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
}
ok = ok && ec_ok;
}
+#ifndef OPENSSL_NO_ECDH
if (
/* if we are considering an ECC cipher suite that uses an ephemeral EC key */
(alg_k & SSL_kEECDH)
@@ -4149,6 +4150,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
}
ok = ok && ec_ok;
}
+#endif /* OPENSSL_NO_ECDH */
#endif /* OPENSSL_NO_EC */
#endif /* OPENSSL_NO_TLSEXT */
diff --git a/main/openssl/ssl/s3_meth.c b/main/openssl/ssl/s3_meth.c
index cdddb17b..4dec7033 100644
--- a/main/openssl/ssl/s3_meth.c
+++ b/main/openssl/ssl/s3_meth.c
@@ -60,7 +60,7 @@
#include <openssl/objects.h>
#include "ssl_locl.h"
-static const SSL_METHOD *ssl3_get_method(int ver);
+#ifndef OPENSSL_NO_SSL3_METHOD
static const SSL_METHOD *ssl3_get_method(int ver)
{
if (ver == SSL3_VERSION)
@@ -73,5 +73,4 @@ IMPLEMENT_ssl3_meth_func(SSLv3_method,
ssl3_accept,
ssl3_connect,
ssl3_get_method)
-
-
+#endif
diff --git a/main/openssl/ssl/s3_pkt.c b/main/openssl/ssl/s3_pkt.c
index 4a2f5d6c..c2ae93bc 100644
--- a/main/openssl/ssl/s3_pkt.c
+++ b/main/openssl/ssl/s3_pkt.c
@@ -183,6 +183,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend)
* at once (as long as it fits into the buffer). */
if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
{
+ if (left == 0 && extend)
+ return 0;
if (left > 0 && n > left)
n = left;
}
@@ -868,8 +870,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
wr->length += eivlen;
}
- /* ssl3_enc can only have an error on read */
- s->method->ssl3_enc->enc(s,1);
+ if(s->method->ssl3_enc->enc(s,1)<1) goto err;
/* record length after mac and block padding */
s2n(wr->length,plen);
diff --git a/main/openssl/ssl/s3_srvr.c b/main/openssl/ssl/s3_srvr.c
index a42fc9e3..ac3d213d 100644
--- a/main/openssl/ssl/s3_srvr.c
+++ b/main/openssl/ssl/s3_srvr.c
@@ -173,6 +173,7 @@
#endif
#include <openssl/md5.h>
+#ifndef OPENSSL_NO_SSL3_METHOD
static const SSL_METHOD *ssl3_get_server_method(int ver);
static const SSL_METHOD *ssl3_get_server_method(int ver)
@@ -183,6 +184,12 @@ static const SSL_METHOD *ssl3_get_server_method(int ver)
return(NULL);
}
+IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
+ ssl3_accept,
+ ssl_undefined_function,
+ ssl3_get_server_method)
+#endif
+
#ifndef OPENSSL_NO_SRP
static int ssl_check_srp_ext_ClientHello(SSL *s, int *al)
{
@@ -209,11 +216,6 @@ static int ssl_check_srp_ext_ClientHello(SSL *s, int *al)
}
#endif
-IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
- ssl3_accept,
- ssl_undefined_function,
- ssl3_get_server_method)
-
int ssl3_accept(SSL *s)
{
BUF_MEM *buf;
@@ -288,6 +290,7 @@ int ssl3_accept(SSL *s)
}
if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
{
+ BUF_MEM_free(buf);
ret= -1;
goto end;
}
@@ -302,6 +305,9 @@ int ssl3_accept(SSL *s)
s->init_num=0;
s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE;
+ s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
+ /* Should have been reset by ssl3_get_finished, too. */
+ s->s3->change_cipher_spec = 0;
if (s->state != SSL_ST_RENEGOTIATE)
{
@@ -448,20 +454,11 @@ int ssl3_accept(SSL *s)
alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
alg_a = s->s3->tmp.new_cipher->algorithm_auth;
- /* clear this, it may get reset by
- * send_server_key_exchange */
- if ((s->options & SSL_OP_EPHEMERAL_RSA)
-#ifndef OPENSSL_NO_KRB5
- && !(alg_k & SSL_kKRB5)
-#endif /* OPENSSL_NO_KRB5 */
- )
- /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
- * even when forbidden by protocol specs
- * (handshake may fail as clients are not required to
- * be able to handle this) */
- s->s3->tmp.use_rsa_tmp=1;
- else
- s->s3->tmp.use_rsa_tmp=0;
+ /*
+ * clear this, it may get reset by
+ * send_server_key_exchange
+ */
+ s->s3->tmp.use_rsa_tmp=0;
/* only send if a DH key exchange, fortezza or
@@ -475,7 +472,7 @@ int ssl3_accept(SSL *s)
* server certificate contains the server's
* public key for key exchange.
*/
- if (s->s3->tmp.use_rsa_tmp
+ if (0
/* PSK: send ServerKeyExchange if either:
* - PSK identity hint is provided, or
* - the key exchange is kEECDH.
@@ -676,8 +673,14 @@ int ssl3_accept(SSL *s)
case SSL3_ST_SR_CERT_VRFY_A:
case SSL3_ST_SR_CERT_VRFY_B:
-
- s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ /*
+ * This *should* be the first time we enable CCS, but be
+ * extra careful about surrounding code changes. We need
+ * to set this here because we don't know if we're
+ * expecting a CertificateVerify or not.
+ */
+ if (!s->s3->change_cipher_spec)
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
/* we should decide if we expected this one */
ret=ssl3_get_cert_verify(s);
if (ret <= 0) goto end;
@@ -708,6 +711,19 @@ int ssl3_accept(SSL *s)
#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
case SSL3_ST_SR_NEXT_PROTO_A:
case SSL3_ST_SR_NEXT_PROTO_B:
+ /*
+ * Enable CCS for resumed handshakes with NPN.
+ * In a full handshake with NPN, we end up here through
+ * SSL3_ST_SR_CERT_VRFY_B, where SSL3_FLAGS_CCS_OK was
+ * already set. Receiving a CCS clears the flag, so make
+ * sure not to re-enable it to ban duplicates.
+ * s->s3->change_cipher_spec is set when a CCS is
+ * processed in s3_pkt.c, and remains set until
+ * the client's Finished message is read.
+ */
+ if (!s->s3->change_cipher_spec)
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
+
ret=ssl3_get_next_proto(s);
if (ret <= 0) goto end;
s->init_num = 0;
@@ -730,7 +746,18 @@ int ssl3_accept(SSL *s)
case SSL3_ST_SR_FINISHED_A:
case SSL3_ST_SR_FINISHED_B:
- s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ /*
+ * Enable CCS for resumed handshakes without NPN.
+ * In a full handshake, we end up here through
+ * SSL3_ST_SR_CERT_VRFY_B, where SSL3_FLAGS_CCS_OK was
+ * already set. Receiving a CCS clears the flag, so make
+ * sure not to re-enable it to ban duplicates.
+ * s->s3->change_cipher_spec is set when a CCS is
+ * processed in s3_pkt.c, and remains set until
+ * the client's Finished message is read.
+ */
+ if (!s->s3->change_cipher_spec)
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
SSL3_ST_SR_FINISHED_B);
if (ret <= 0) goto end;
@@ -1047,7 +1074,16 @@ int ssl3_get_client_hello(SSL *s)
else
{
i=ssl_get_prev_session(s, p, j, d + n);
- if (i == 1)
+ /*
+ * Only resume if the session's version matches the negotiated
+ * version.
+ * RFC 5246 does not provide much useful advice on resumption
+ * with a different protocol version. It doesn't forbid it but
+ * the sanity of such behaviour would be questionable.
+ * In practice, clients do not accept a version mismatch and
+ * will abort the handshake with an error.
+ */
+ if (i == 1 && s->version == s->session->ssl_version)
{ /* previous session */
s->hit=1;
}
@@ -1148,14 +1184,15 @@ int ssl3_get_client_hello(SSL *s)
id=s->session->cipher->id;
#ifdef CIPHER_DEBUG
- printf("client sent %d ciphers\n",sk_num(ciphers));
+ fprintf(stderr,"client sent %d ciphers\n",sk_SSL_CIPHER_num(ciphers));
#endif
for (i=0; i<sk_SSL_CIPHER_num(ciphers); i++)
{
c=sk_SSL_CIPHER_value(ciphers,i);
#ifdef CIPHER_DEBUG
- printf("client [%2d of %2d]:%s\n",
- i,sk_num(ciphers),SSL_CIPHER_get_name(c));
+ fprintf(stderr,"client [%2d of %2d]:%s\n",
+ i,sk_SSL_CIPHER_num(ciphers),
+ SSL_CIPHER_get_name(c));
#endif
if (c->id == id)
{
@@ -2330,6 +2367,7 @@ int ssl3_get_client_key_exchange(SSL *s)
unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH];
int decrypt_len;
unsigned char decrypt_good, version_good;
+ size_t j;
/* FIX THIS UP EAY EAY EAY EAY */
if (s->s3->tmp.use_rsa_tmp)
@@ -2368,8 +2406,9 @@ int ssl3_get_client_key_exchange(SSL *s)
{
if (!(s->options & SSL_OP_TLS_D5_BUG))
{
+ al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
- goto err;
+ goto f_err;
}
else
p-=2;
@@ -2378,6 +2417,20 @@ int ssl3_get_client_key_exchange(SSL *s)
n=i;
}
+ /*
+ * Reject overly short RSA ciphertext because we want to be sure
+ * that the buffer size makes it safe to iterate over the entire
+ * size of a premaster secret (SSL_MAX_MASTER_KEY_LENGTH). The
+ * actual expected size is larger due to RSA padding, but the
+ * bound is sufficient to be safe.
+ */
+ if (n < SSL_MAX_MASTER_KEY_LENGTH)
+ {
+ al = SSL_AD_DECRYPT_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
+ goto f_err;
+ }
+
/* We must not leak whether a decryption failure occurs because
* of Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see
* RFC 2246, section 7.4.7.1). The code follows that advice of
@@ -2425,19 +2478,23 @@ int ssl3_get_client_key_exchange(SSL *s)
* to remain non-zero (0xff). */
decrypt_good &= version_good;
- /* Now copy rand_premaster_secret over p using
- * decrypt_good_mask. */
- for (i = 0; i < (int) sizeof(rand_premaster_secret); i++)
+ /*
+ * Now copy rand_premaster_secret over from p using
+ * decrypt_good_mask. If decryption failed, then p does not
+ * contain valid plaintext, however, a check above guarantees
+ * it is still sufficiently large to read from.
+ */
+ for (j = 0; j < sizeof(rand_premaster_secret); j++)
{
- p[i] = constant_time_select_8(decrypt_good, p[i],
- rand_premaster_secret[i]);
+ p[j] = constant_time_select_8(decrypt_good, p[j],
+ rand_premaster_secret[j]);
}
s->session->master_key_length=
s->method->ssl3_enc->generate_master_secret(s,
s->session->master_key,
- p,i);
- OPENSSL_cleanse(p,i);
+ p,sizeof(rand_premaster_secret));
+ OPENSSL_cleanse(p,sizeof(rand_premaster_secret));
}
#endif
#ifndef OPENSSL_NO_DH
@@ -2577,10 +2634,10 @@ int ssl3_get_client_key_exchange(SSL *s)
&kssl_err)) != 0)
{
#ifdef KSSL_DEBUG
- printf("kssl_sget_tkt rtn %d [%d]\n",
+ fprintf(stderr,"kssl_sget_tkt rtn %d [%d]\n",
krb5rc, kssl_err.reason);
if (kssl_err.text)
- printf("kssl_err text= %s\n", kssl_err.text);
+ fprintf(stderr,"kssl_err text= %s\n", kssl_err.text);
#endif /* KSSL_DEBUG */
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
kssl_err.reason);
@@ -2594,10 +2651,10 @@ int ssl3_get_client_key_exchange(SSL *s)
&authtime, &kssl_err)) != 0)
{
#ifdef KSSL_DEBUG
- printf("kssl_check_authent rtn %d [%d]\n",
+ fprintf(stderr,"kssl_check_authent rtn %d [%d]\n",
krb5rc, kssl_err.reason);
if (kssl_err.text)
- printf("kssl_err text= %s\n", kssl_err.text);
+ fprintf(stderr,"kssl_err text= %s\n", kssl_err.text);
#endif /* KSSL_DEBUG */
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
kssl_err.reason);
@@ -3042,7 +3099,7 @@ int ssl3_get_cert_verify(SSL *s)
if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
{
s->s3->tmp.reuse_message=1;
- if ((peer != NULL) && (type & EVP_PKT_SIGN))
+ if (peer != NULL)
{
al=SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);
@@ -3446,6 +3503,11 @@ int ssl3_send_server_certificate(SSL *s)
}
l=ssl3_output_cert_chain(s,x);
+ if (!l)
+ {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
+ return(0);
+ }
s->state=SSL3_ST_SW_CERT_B;
s->init_num=(int)l;
s->init_off=0;
diff --git a/main/openssl/ssl/srtp.h b/main/openssl/ssl/srtp.h
index 24f23309..096b624d 100644
--- a/main/openssl/ssl/srtp.h
+++ b/main/openssl/ssl/srtp.h
@@ -1,4 +1,4 @@
-/* ssl/tls1.h */
+/* ssl/srtp.h */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -118,6 +118,8 @@
#ifndef HEADER_D1_SRTP_H
#define HEADER_D1_SRTP_H
+#include <openssl/ssl.h>
+
#ifdef __cplusplus
extern "C" {
#endif
diff --git a/main/openssl/ssl/ssl.h b/main/openssl/ssl/ssl.h
index 7a1fce89..90862dd6 100644
--- a/main/openssl/ssl/ssl.h
+++ b/main/openssl/ssl/ssl.h
@@ -607,9 +607,8 @@ struct ssl_session_st
#define SSL_OP_SINGLE_ECDH_USE 0x00080000L
/* If set, always create a new key when using tmp_dh parameters */
#define SSL_OP_SINGLE_DH_USE 0x00100000L
-/* Set to always use the tmp_rsa key when doing RSA operations,
- * even when this violates protocol specs */
-#define SSL_OP_EPHEMERAL_RSA 0x00200000L
+/* Does nothing: retained for compatibiity */
+#define SSL_OP_EPHEMERAL_RSA 0x0
/* Set on servers to choose the cipher according to the server's
* preferences */
#define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L
@@ -666,8 +665,13 @@ struct ssl_session_st
#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L
#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L
/* Send TLS_FALLBACK_SCSV in the ClientHello.
- * To be set by applications that reconnect with a downgraded protocol
- * version; see draft-ietf-tls-downgrade-scsv-00 for details. */
+ * To be set only by applications that reconnect with a downgraded protocol
+ * version; see draft-ietf-tls-downgrade-scsv-00 for details.
+ *
+ * DO NOT ENABLE THIS if your application attempts a normal handshake.
+ * Only use this in explicit fallback retries, following the guidance
+ * in draft-ietf-tls-downgrade-scsv-00.
+ */
#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L
/* When set, clients may send application data before receipt of CCS
@@ -711,6 +715,10 @@ struct ssl_session_st
SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
#define SSL_set_mtu(ssl, mtu) \
SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
+#define DTLS_set_link_mtu(ssl, mtu) \
+ SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL)
+#define DTLS_get_link_min_mtu(ssl) \
+ SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL)
#define SSL_get_secure_renegotiation_support(ssl) \
SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
@@ -1736,6 +1744,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83
#define SSL_CTRL_CHECK_PROTO_VERSION 119
+#define DTLS_CTRL_SET_LINK_MTU 120
+#define DTLS_CTRL_GET_LINK_MIN_MTU 121
#define DTLSv1_get_timeout(ssl, arg) \
SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
@@ -2014,13 +2024,15 @@ const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
const SSL_METHOD *SSLv3_method(void); /* SSLv3 */
const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
+#endif
-const SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */
-const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */
-const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */
+const SSL_METHOD *SSLv23_method(void); /* Negotiate highest available SSL/TLS version */
+const SSL_METHOD *SSLv23_server_method(void); /* Negotiate highest available SSL/TLS version */
+const SSL_METHOD *SSLv23_client_method(void); /* Negotiate highest available SSL/TLS version */
const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */
const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */
@@ -2592,7 +2604,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_NO_COMPRESSION_SPECIFIED 187
#define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330
#define SSL_R_NO_METHOD_SPECIFIED 188
-#define SSL_R_NO_P256_SUPPORT 373
+#define SSL_R_NO_P256_SUPPORT 380
#define SSL_R_NO_PRIVATEKEY 189
#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190
#define SSL_R_NO_PROTOCOLS_AVAILABLE 191
diff --git a/main/openssl/ssl/ssl3.h b/main/openssl/ssl/ssl3.h
index cba94345..6dc08179 100644
--- a/main/openssl/ssl/ssl3.h
+++ b/main/openssl/ssl/ssl3.h
@@ -393,8 +393,12 @@ typedef struct ssl3_buffer_st
#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
#define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010
#define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020
+/*
+ * Set when the handshake is ready to process peer's ChangeCipherSpec message.
+ * Cleared after the message has been processed.
+ */
#define SSL3_FLAGS_CCS_OK 0x0080
-
+
/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
* restart a handshake because of MS SGC and so prevents us
* from restarting the handshake in a loop. It's reset on a
@@ -456,8 +460,11 @@ typedef struct ssl3_state_st
* and freed and MD_CTX-es for all required digests are stored in
* this array */
EVP_MD_CTX **handshake_dgst;
- /* this is set whenerver we see a change_cipher_spec message
- * come in when we are not looking for one */
+ /*
+ * Set whenever an expected ChangeCipherSpec message is processed.
+ * Unset when the peer's Finished message is received.
+ * Unexpected ChangeCipherSpec messages trigger a fatal alert.
+ */
int change_cipher_spec;
int warn_alert;
diff --git a/main/openssl/ssl/ssl_cert.c b/main/openssl/ssl/ssl_cert.c
index bc4150b0..62580201 100644
--- a/main/openssl/ssl/ssl_cert.c
+++ b/main/openssl/ssl/ssl_cert.c
@@ -270,35 +270,6 @@ CERT *ssl_cert_dup(CERT *cert)
ret->pkeys[i].privatekey = cert->pkeys[i].privatekey;
CRYPTO_add(&ret->pkeys[i].privatekey->references, 1,
CRYPTO_LOCK_EVP_PKEY);
-
- switch(i)
- {
- /* If there was anything special to do for
- * certain types of keys, we'd do it here.
- * (Nothing at the moment, I think.) */
-
- case SSL_PKEY_RSA_ENC:
- case SSL_PKEY_RSA_SIGN:
- /* We have an RSA key. */
- break;
-
- case SSL_PKEY_DSA_SIGN:
- /* We have a DSA key. */
- break;
-
- case SSL_PKEY_DH_RSA:
- case SSL_PKEY_DH_DSA:
- /* We have a DH key. */
- break;
-
- case SSL_PKEY_ECC:
- /* We have an ECC key */
- break;
-
- default:
- /* Can't happen. */
- SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG);
- }
}
}
diff --git a/main/openssl/ssl/ssl_ciph.c b/main/openssl/ssl/ssl_ciph.c
index cd9f1082..6ea8444d 100644
--- a/main/openssl/ssl/ssl_ciph.c
+++ b/main/openssl/ssl/ssl_ciph.c
@@ -814,7 +814,7 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
co_list[co_list_num].active = 0;
co_list_num++;
#ifdef KSSL_DEBUG
- printf("\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth);
+ fprintf(stderr,"\t%d: %s %lx %lx %lx\n",i,c->name,c->id,c->algorithm_mkey,c->algorithm_auth);
#endif /* KSSL_DEBUG */
/*
if (!sk_push(ca_list,(char *)c)) goto err;
@@ -931,7 +931,7 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
int reverse = 0;
#ifdef CIPHER_DEBUG
- printf("Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n",
+ fprintf(stderr, "Applying rule %d with %08lx/%08lx/%08lx/%08lx/%08lx %08lx (%d)\n",
rule, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength, strength_bits);
#endif
@@ -977,7 +977,7 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
else
{
#ifdef CIPHER_DEBUG
- printf("\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
+ fprintf(stderr, "\nName: %s:\nAlgo = %08lx/%08lx/%08lx/%08lx/%08lx Algo_strength = %08lx\n", cp->name, cp->algorithm_mkey, cp->algorithm_auth, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength);
#endif
if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
@@ -997,7 +997,7 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id,
}
#ifdef CIPHER_DEBUG
- printf("Action = %d\n", rule);
+ fprintf(stderr, "Action = %d\n", rule);
#endif
/* add the cipher if it has not been added yet. */
@@ -1386,7 +1386,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
*/
num_of_ciphers = ssl_method->num_ciphers();
#ifdef KSSL_DEBUG
- printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
+ fprintf(stderr,"ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
#endif /* KSSL_DEBUG */
co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
if (co_list == NULL)
@@ -1513,7 +1513,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
{
sk_SSL_CIPHER_push(cipherstack, curr->cipher);
#ifdef CIPHER_DEBUG
- printf("<%s>\n",curr->cipher->name);
+ fprintf(stderr, "<%s>\n",curr->cipher->name);
#endif
}
}
diff --git a/main/openssl/ssl/ssl_lib.c b/main/openssl/ssl/ssl_lib.c
index eb1ae782..3ea817ab 100644
--- a/main/openssl/ssl/ssl_lib.c
+++ b/main/openssl/ssl/ssl_lib.c
@@ -402,13 +402,7 @@ SSL *SSL_new(SSL_CTX *ctx)
return(s);
err:
if (s != NULL)
- {
- if (s->cert != NULL)
- ssl_cert_free(s->cert);
- if (s->ctx != NULL)
- SSL_CTX_free(s->ctx); /* decrement reference count */
- OPENSSL_free(s);
- }
+ SSL_free(s);
SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
return(NULL);
}
@@ -1108,19 +1102,6 @@ long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
l=s->max_cert_list;
s->max_cert_list=larg;
return(l);
- case SSL_CTRL_SET_MTU:
-#ifndef OPENSSL_NO_DTLS1
- if (larg < (long)dtls1_min_mtu())
- return 0;
-#endif
-
- if (SSL_version(s) == DTLS1_VERSION ||
- SSL_version(s) == DTLS1_BAD_VER)
- {
- s->d1->mtu = larg;
- return larg;
- }
- return 0;
case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
return 0;
@@ -1561,6 +1542,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INAPPROPRIATE_FALLBACK);
goto err;
}
+ p += n;
continue;
}
@@ -2245,7 +2227,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
#ifdef CIPHER_DEBUG
- printf("rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
+ fprintf(stderr,"rt=%d rte=%d dht=%d ecdht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
rsa_tmp,rsa_tmp_export,dh_tmp,have_ecdh_tmp,
rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
#endif
@@ -3154,10 +3136,32 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
if (ssl->cert != NULL)
ssl_cert_free(ssl->cert);
ssl->cert = ssl_cert_dup(ctx->cert);
+
+ /*
+ * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH),
+ * so setter APIs must prevent invalid lengths from entering the system.
+ */
+ OPENSSL_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx));
+
+ /*
+ * If the session ID context matches that of the parent SSL_CTX,
+ * inherit it from the new SSL_CTX as well. If however the context does
+ * not match (i.e., it was set per-ssl with SSL_set_session_id_context),
+ * leave it unchanged.
+ */
+ if ((ssl->ctx != NULL) &&
+ (ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) &&
+ (memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0))
+ {
+ ssl->sid_ctx_length = ctx->sid_ctx_length;
+ memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx));
+ }
+
CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
if (ssl->ctx != NULL)
SSL_CTX_free(ssl->ctx); /* decrement reference count */
ssl->ctx = ctx;
+
return(ssl->ctx);
}
diff --git a/main/openssl/ssl/ssl_locl.h b/main/openssl/ssl/ssl_locl.h
index ca399078..b07782bc 100644
--- a/main/openssl/ssl/ssl_locl.h
+++ b/main/openssl/ssl/ssl_locl.h
@@ -864,7 +864,7 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
int ssl2_enc_init(SSL *s, int client);
int ssl2_generate_key_material(SSL *s);
-void ssl2_enc(SSL *s,int send_data);
+int ssl2_enc(SSL *s,int send_data);
void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
@@ -997,7 +997,9 @@ void dtls1_stop_timer(SSL *s);
int dtls1_is_timer_expired(SSL *s);
void dtls1_double_timeout(SSL *s);
int dtls1_send_newsession_ticket(SSL *s);
-unsigned int dtls1_min_mtu(void);
+unsigned int dtls1_min_mtu(SSL *s);
+unsigned int dtls1_link_min_mtu(void);
+void dtls1_hm_fragment_free(hm_fragment *frag);
/* some client-only functions */
int ssl3_client_hello(SSL *s);
@@ -1014,7 +1016,6 @@ int ssl3_get_key_exchange(SSL *s);
int ssl3_get_server_certificate(SSL *s);
int ssl3_check_cert_and_algorithm(SSL *s);
#ifndef OPENSSL_NO_TLSEXT
-int ssl3_check_finished(SSL *s);
# ifndef OPENSSL_NO_NEXTPROTONEG
int ssl3_send_next_proto(SSL *s);
int ssl3_send_channel_id(SSL *s);
diff --git a/main/openssl/ssl/ssl_sess.c b/main/openssl/ssl/ssl_sess.c
index 7d170852..97902cd5 100644
--- a/main/openssl/ssl/ssl_sess.c
+++ b/main/openssl/ssl/ssl_sess.c
@@ -342,7 +342,21 @@ int ssl_get_new_session(SSL *s, int session)
return(0);
}
#ifndef OPENSSL_NO_TLSEXT
- /* If RFC4507 ticket use empty session ID */
+ /*
+ * If RFC5077 ticket, use empty session ID (as server).
+ * Note that:
+ * (a) ssl_get_prev_session() does lookahead into the
+ * ClientHello extensions to find the session ticket.
+ * When ssl_get_prev_session() fails, s3_srvr.c calls
+ * ssl_get_new_session() in ssl3_get_client_hello().
+ * At that point, it has not yet parsed the extensions,
+ * however, because of the lookahead, it already knows
+ * whether a ticket is expected or not.
+ *
+ * (b) s3_clnt.c calls ssl_get_new_session() before parsing
+ * ServerHello extensions, and before recording the session
+ * ID received from the server, so this block is a noop.
+ */
if (s->tlsext_ticket_expected)
{
ss->session_id_length = 0;
diff --git a/main/openssl/ssl/ssltest.c b/main/openssl/ssl/ssltest.c
index 28fa223f..4f0abfe2 100644
--- a/main/openssl/ssl/ssltest.c
+++ b/main/openssl/ssl/ssltest.c
@@ -345,7 +345,7 @@ static void sv_usage(void)
#ifndef OPENSSL_NO_SSL2
fprintf(stderr," -ssl2 - use SSLv2\n");
#endif
-#ifndef OPENSSL_NO_SSL3
+#ifndef OPENSSL_NO_SSL3_METHOD
fprintf(stderr," -ssl3 - use SSLv3\n");
#endif
#ifndef OPENSSL_NO_TLS1
@@ -368,7 +368,9 @@ static void sv_usage(void)
" Use \"openssl ecparam -list_curves\" for all names\n" \
" (default is sect163r2).\n");
#endif
- fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");
+ fprintf(stderr," -test_cipherlist - Verifies the order of the ssl cipher lists.\n"
+ " When this option is requested, the cipherlist\n"
+ " tests are run instead of handshake tests.\n");
fprintf(stderr," -cutthrough - enable 1-RTT full-handshake for strong ciphers\n");
}
@@ -498,6 +500,7 @@ int opaque_prf_input_cb(SSL *ssl, void *peerinput, size_t len, void *arg_)
return arg->ret;
}
#endif
+ int cutthrough = 0;
int main(int argc, char *argv[])
{
@@ -550,7 +553,7 @@ int main(int argc, char *argv[])
#ifdef OPENSSL_FIPS
int fips_mode=0;
#endif
- int cutthrough = 0;
+ int no_protocol = 0;
verbose = 0;
debug = 0;
@@ -660,11 +663,26 @@ int main(int argc, char *argv[])
}
#endif
else if (strcmp(*argv,"-ssl2") == 0)
- ssl2=1;
+ {
+#ifdef OPENSSL_NO_SSL2
+ no_protocol = 1;
+#endif
+ ssl2 = 1;
+ }
else if (strcmp(*argv,"-tls1") == 0)
- tls1=1;
+ {
+#ifdef OPENSSL_NO_TLS1
+ no_protocol = 1;
+#endif
+ tls1 = 1;
+ }
else if (strcmp(*argv,"-ssl3") == 0)
- ssl3=1;
+ {
+#ifdef OPENSSL_NO_SSL3_METHOD
+ no_protocol = 1;
+#endif
+ ssl3 = 1;
+ }
else if (strncmp(*argv,"-num",4) == 0)
{
if (--argc < 1) goto bad;
@@ -787,15 +805,41 @@ bad:
goto end;
}
+ /*
+ * test_cipherlist prevails over protocol switch: we test the cipherlist
+ * for all enabled protocols.
+ */
if (test_cipherlist == 1)
{
/* ensure that the cipher list are correctly sorted and exit */
+ fprintf(stdout, "Testing cipherlist order only. Ignoring all "
+ "other options.\n");
if (do_test_cipherlist() == 0)
EXIT(1);
ret = 0;
goto end;
}
+ if (ssl2 + ssl3 + tls1 > 1)
+ {
+ fprintf(stderr, "At most one of -ssl2, -ssl3, or -tls1 should "
+ "be requested.\n");
+ EXIT(1);
+ }
+
+ /*
+ * Testing was requested for a compiled-out protocol (e.g. SSLv2).
+ * Ideally, we would error out, but the generic test wrapper can't know
+ * when to expect failure. So we do nothing and return success.
+ */
+ if (no_protocol)
+ {
+ fprintf(stderr, "Testing was requested for a disabled protocol. "
+ "Skipping tests.\n");
+ ret = 0;
+ goto end;
+ }
+
if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force)
{
fprintf(stderr, "This case cannot work. Use -f to perform "
@@ -874,30 +918,25 @@ bad:
}
#endif
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+/* At this point, ssl2/ssl3/tls1 is only set if the protocol is available.
+ * (Otherwise we exit early.)
+ * However the compiler doesn't know this, so we ifdef. */
+#ifndef OPENSSL_NO_SSL2
if (ssl2)
meth=SSLv2_method();
- else
- if (tls1)
- meth=TLSv1_method();
else
+#endif
+#ifndef OPENSSL_NO_SSL3
if (ssl3)
meth=SSLv3_method();
else
- meth=SSLv23_method();
-#else
-#ifdef OPENSSL_NO_SSL2
+#endif
+#ifndef OPENSSL_NO_TLS1
if (tls1)
meth=TLSv1_method();
else
- if (ssl3)
- meth=SSLv3_method();
- else
- meth=SSLv23_method();
-#else
- meth=SSLv2_method();
-#endif
#endif
+ meth=SSLv23_method();
c_ctx=SSL_CTX_new(meth);
s_ctx=SSL_CTX_new(meth);
diff --git a/main/openssl/ssl/t1_enc.c b/main/openssl/ssl/t1_enc.c
index 455992ad..5b5bc148 100644
--- a/main/openssl/ssl/t1_enc.c
+++ b/main/openssl/ssl/t1_enc.c
@@ -303,15 +303,15 @@ static int tls1_generate_key_block(SSL *s, unsigned char *km,
s->session->master_key,s->session->master_key_length,
km,tmp,num);
#ifdef KSSL_DEBUG
- printf("tls1_generate_key_block() ==> %d byte master_key =\n\t",
+ fprintf(stderr,"tls1_generate_key_block() ==> %d byte master_key =\n\t",
s->session->master_key_length);
{
int i;
for (i=0; i < s->session->master_key_length; i++)
{
- printf("%02X", s->session->master_key[i]);
+ fprintf(stderr,"%02X", s->session->master_key[i]);
}
- printf("\n"); }
+ fprintf(stderr,"\n"); }
#endif /* KSSL_DEBUG */
return ret;
}
@@ -349,19 +349,19 @@ int tls1_change_cipher_state(SSL *s, int which)
#endif
#ifdef KSSL_DEBUG
- printf("tls1_change_cipher_state(which= %d) w/\n", which);
- printf("\talg= %ld/%ld, comp= %p\n",
+ fprintf(stderr,"tls1_change_cipher_state(which= %d) w/\n", which);
+ fprintf(stderr,"\talg= %ld/%ld, comp= %p\n",
s->s3->tmp.new_cipher->algorithm_mkey,
s->s3->tmp.new_cipher->algorithm_auth,
comp);
- printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
- printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
+ fprintf(stderr,"\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
+ fprintf(stderr,"\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
c->nid,c->block_size,c->key_len,c->iv_len);
- printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length);
+ fprintf(stderr,"\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length);
{
int i;
for (i=0; i<s->s3->tmp.key_block_length; i++)
- printf("%02x", s->s3->tmp.key_block[i]); printf("\n");
+ fprintf(stderr,"%02x", s->s3->tmp.key_block[i]); fprintf(stderr,"\n");
}
#endif /* KSSL_DEBUG */
@@ -540,11 +540,11 @@ printf("which = %04X\nmac key=",which);
#ifdef KSSL_DEBUG
{
int i;
- printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
- printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]);
- printf("\n");
- printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]);
- printf("\n");
+ fprintf(stderr,"EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
+ fprintf(stderr,"\tkey= "); for (i=0; i<c->key_len; i++) fprintf(stderr,"%02x", key[i]);
+ fprintf(stderr,"\n");
+ fprintf(stderr,"\t iv= "); for (i=0; i<c->iv_len; i++) fprintf(stderr,"%02x", iv[i]);
+ fprintf(stderr,"\n");
}
#endif /* KSSL_DEBUG */
@@ -591,7 +591,7 @@ int tls1_setup_key_block(SSL *s)
int ret=0;
#ifdef KSSL_DEBUG
- printf ("tls1_setup_key_block()\n");
+ fprintf(stderr,"tls1_setup_key_block()\n");
#endif /* KSSL_DEBUG */
if (s->s3->tmp.key_block_length != 0)
@@ -740,7 +740,7 @@ int tls1_enc(SSL *s, int send)
}
#ifdef KSSL_DEBUG
- printf("tls1_enc(%d)\n", send);
+ fprintf(stderr,"tls1_enc(%d)\n", send);
#endif /* KSSL_DEBUG */
if ((s->session == NULL) || (ds == NULL) || (enc == NULL))
@@ -812,18 +812,18 @@ int tls1_enc(SSL *s, int send)
#ifdef KSSL_DEBUG
{
unsigned long ui;
- printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
+ fprintf(stderr,"EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
ds,rec->data,rec->input,l);
- printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
+ fprintf(stderr,"\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%lu %lu], %d iv_len\n",
ds->buf_len, ds->cipher->key_len,
DES_KEY_SZ, DES_SCHEDULE_SZ,
ds->cipher->iv_len);
- printf("\t\tIV: ");
- for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
- printf("\n");
- printf("\trec->input=");
- for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);
- printf("\n");
+ fprintf(stderr,"\t\tIV: ");
+ for (i=0; i<ds->cipher->iv_len; i++) fprintf(stderr,"%02X", ds->iv[i]);
+ fprintf(stderr,"\n");
+ fprintf(stderr,"\trec->input=");
+ for (ui=0; ui<l; ui++) fprintf(stderr," %02x", rec->input[ui]);
+ fprintf(stderr,"\n");
}
#endif /* KSSL_DEBUG */
@@ -848,9 +848,9 @@ int tls1_enc(SSL *s, int send)
#ifdef KSSL_DEBUG
{
unsigned long i;
- printf("\trec->data=");
+ fprintf(stderr,"\trec->data=");
for (i=0; i<l; i++)
- printf(" %02x", rec->data[i]); printf("\n");
+ fprintf(stderr," %02x", rec->data[i]); fprintf(stderr,"\n");
}
#endif /* KSSL_DEBUG */
@@ -1073,10 +1073,10 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
if (!stream_mac)
EVP_MD_CTX_cleanup(&hmac);
#ifdef TLS_DEBUG
-printf("seq=");
-{int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); }
-printf("rec=");
-{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",rec->data[z]); printf("\n"); }
+fprintf(stderr,"seq=");
+{int z; for (z=0; z<8; z++) fprintf(stderr,"%02X ",seq[z]); fprintf(stderr,"\n"); }
+fprintf(stderr,"rec=");
+{unsigned int z; for (z=0; z<rec->length; z++) fprintf(stderr,"%02X ",rec->data[z]); fprintf(stderr,"\n"); }
#endif
if (ssl->version != DTLS1_VERSION && ssl->version != DTLS1_BAD_VER)
@@ -1089,7 +1089,7 @@ printf("rec=");
}
#ifdef TLS_DEBUG
-{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); }
+{unsigned int z; for (z=0; z<md_size; z++) fprintf(stderr,"%02X ",md[z]); fprintf(stderr,"\n"); }
#endif
return(md_size);
}
@@ -1103,7 +1103,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
#ifdef KSSL_DEBUG
- printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len);
+ fprintf(stderr,"tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len);
#endif /* KSSL_DEBUG */
#ifdef TLSEXT_TYPE_opaque_prf_input
@@ -1138,7 +1138,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
#endif
#ifdef KSSL_DEBUG
- printf ("tls1_generate_master_secret() complete\n");
+ fprintf(stderr,"tls1_generate_master_secret() complete\n");
#endif /* KSSL_DEBUG */
return(SSL3_MASTER_SECRET_SIZE);
}
@@ -1153,7 +1153,7 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
int rv;
#ifdef KSSL_DEBUG
- printf ("tls1_export_keying_material(%p,%p,%d,%s,%d,%p,%d)\n", s, out, olen, label, llen, context, contextlen);
+ fprintf(stderr,"tls1_export_keying_material(%p,%p,%lu,%s,%lu,%p,%lu)\n", s, out, olen, label, llen, context, contextlen);
#endif /* KSSL_DEBUG */
buff = OPENSSL_malloc(olen);
@@ -1216,7 +1216,7 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
out,buff,olen);
#ifdef KSSL_DEBUG
- printf ("tls1_export_keying_material() complete\n");
+ fprintf(stderr,"tls1_export_keying_material() complete\n");
#endif /* KSSL_DEBUG */
goto ret;
err1:
diff --git a/main/openssl/ssl/t1_lib.c b/main/openssl/ssl/t1_lib.c
index d0b893b5..a8829207 100644
--- a/main/openssl/ssl/t1_lib.c
+++ b/main/openssl/ssl/t1_lib.c
@@ -204,28 +204,40 @@ static int nid_list[] =
static int pref_list[] =
{
+#ifndef OPENSSL_NO_EC2M
NID_sect571r1, /* sect571r1 (14) */
NID_sect571k1, /* sect571k1 (13) */
+#endif
NID_secp521r1, /* secp521r1 (25) */
+#ifndef OPENSSL_NO_EC2M
NID_sect409k1, /* sect409k1 (11) */
NID_sect409r1, /* sect409r1 (12) */
+#endif
NID_secp384r1, /* secp384r1 (24) */
+#ifndef OPENSSL_NO_EC2M
NID_sect283k1, /* sect283k1 (9) */
NID_sect283r1, /* sect283r1 (10) */
+#endif
NID_secp256k1, /* secp256k1 (22) */
NID_X9_62_prime256v1, /* secp256r1 (23) */
+#ifndef OPENSSL_NO_EC2M
NID_sect239k1, /* sect239k1 (8) */
NID_sect233k1, /* sect233k1 (6) */
NID_sect233r1, /* sect233r1 (7) */
+#endif
NID_secp224k1, /* secp224k1 (20) */
NID_secp224r1, /* secp224r1 (21) */
+#ifndef OPENSSL_NO_EC2M
NID_sect193r1, /* sect193r1 (4) */
NID_sect193r2, /* sect193r2 (5) */
+#endif
NID_secp192k1, /* secp192k1 (18) */
NID_X9_62_prime192v1, /* secp192r1 (19) */
+#ifndef OPENSSL_NO_EC2M
NID_sect163k1, /* sect163k1 (1) */
NID_sect163r1, /* sect163r1 (2) */
NID_sect163r2, /* sect163r2 (3) */
+#endif
NID_secp160k1, /* secp160k1 (15) */
NID_secp160r1, /* secp160r1 (16) */
NID_secp160r2, /* secp160r2 (17) */
@@ -233,7 +245,7 @@ static int pref_list[] =
int tls1_ec_curve_id2nid(int curve_id)
{
- /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */
+ /* ECC curves from RFC 4492 */
if ((curve_id < 1) || ((unsigned int)curve_id >
sizeof(nid_list)/sizeof(nid_list[0])))
return 0;
@@ -242,7 +254,7 @@ int tls1_ec_curve_id2nid(int curve_id)
int tls1_ec_nid2curve_id(int nid)
{
- /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */
+ /* ECC curves from RFC 4492 */
switch (nid)
{
case NID_sect163k1: /* sect163k1 (1) */
@@ -488,11 +500,6 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c
s2n(TLSEXT_TYPE_elliptic_curves,ret);
s2n(s->tlsext_ellipticcurvelist_length + 2, ret);
- /* NB: draft-ietf-tls-ecc-12.txt uses a one-byte prefix for
- * elliptic_curve_list, but the examples use two bytes.
- * http://www1.ietf.org/mail-archive/web/tls/current/msg00538.html
- * resolves this to two bytes.
- */
s2n(s->tlsext_ellipticcurvelist_length, ret);
memcpy(ret, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length);
ret+=s->tlsext_ellipticcurvelist_length;
@@ -1134,6 +1141,16 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
ssl_check_for_safari(s, data, d, n);
#endif /* !OPENSSL_NO_EC */
+#ifndef OPENSSL_NO_SRP
+ if (s->srp_ctx.login != NULL)
+ {
+ OPENSSL_free(s->srp_ctx.login);
+ s->srp_ctx.login = NULL;
+ }
+#endif
+
+ s->srtp_profile = NULL;
+
if (data >= (d+n-2))
goto ri_check;
n2s(data,len);
@@ -1328,7 +1345,9 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
ellipticcurvelist_length += (*(sdata++));
if (ellipticcurvelist_length != size - 2 ||
- ellipticcurvelist_length < 1)
+ ellipticcurvelist_length < 1 ||
+ /* Each NamedCurve is 2 bytes. */
+ ellipticcurvelist_length & 1)
{
*al = TLS1_AD_DECODE_ERROR;
return 0;
@@ -1659,6 +1678,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
#ifndef OPENSSL_NO_NEXTPROTONEG
s->s3->next_proto_neg_seen = 0;
#endif
+ s->tlsext_ticket_expected = 0;
if (s->s3->alpn_selected)
{
@@ -2013,7 +2033,7 @@ int ssl_prepare_clienthello_tlsext(SSL *s)
s->tlsext_ecpointformatlist[1] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
s->tlsext_ecpointformatlist[2] = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
- /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */
+ /* we support all named elliptic curves in RFC 4492 */
if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist);
s->tlsext_ellipticcurvelist_length = sizeof(pref_list)/sizeof(pref_list[0]) * 2;
if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL)
diff --git a/main/openvpn/config-version.h b/main/openvpn/config-version.h
index 4aa92283..6044ed8e 100644
--- a/main/openvpn/config-version.h
+++ b/main/openvpn/config-version.h
@@ -1,2 +1,2 @@
-#define CONFIGURE_GIT_REVISION "icsopenvpn_627-cff5e3e9c3ac08df"
+#define CONFIGURE_GIT_REVISION "icsopenvpn_629-3976c7f5f4d39f06"
#define CONFIGURE_GIT_FLAGS ""
diff --git a/main/openvpn/src/openvpn/ps.c b/main/openvpn/src/openvpn/ps.c
index 6807aac0..fe18a9df 100644
--- a/main/openvpn/src/openvpn/ps.c
+++ b/main/openvpn/src/openvpn/ps.c
@@ -372,17 +372,6 @@ proxy_list_close (struct proxy_connection **list)
}
}
-static void
-sock_addr_set (struct openvpn_sockaddr *osaddr,
- const in_addr_t addr,
- const int port)
-{
- CLEAR (*osaddr);
- osaddr->addr.in4.sin_family = AF_INET;
- osaddr->addr.in4.sin_addr.s_addr = htonl (addr);
- osaddr->addr.in4.sin_port = htons (port);
-}
-
static inline void
proxy_connection_io_requeue (struct proxy_connection *pc, const int rwflags_new, struct event_set *es)
{
diff --git a/main/src/main/java/de/blinkt/openvpn/fragments/Settings_Allowed_Apps.java b/main/src/main/java/de/blinkt/openvpn/fragments/Settings_Allowed_Apps.java
index d02dfd47..a1635d54 100644
--- a/main/src/main/java/de/blinkt/openvpn/fragments/Settings_Allowed_Apps.java
+++ b/main/src/main/java/de/blinkt/openvpn/fragments/Settings_Allowed_Apps.java
@@ -56,9 +56,9 @@ public class Settings_Allowed_Apps extends Fragment implements AdapterView.OnIte
//public TextView disabled;
public CompoundButton checkBox;
- static public AppViewHolder createOrRecycle(LayoutInflater inflater, View convertView) {
+ static public AppViewHolder createOrRecycle(LayoutInflater inflater, View convertView, ViewGroup parent) {
if (convertView == null) {
- convertView = inflater.inflate(R.layout.allowed_application_layout, null);
+ convertView = inflater.inflate(R.layout.allowed_application_layout, parent, false);
// Creates a ViewHolder and store references to the two children views
// we want to bind data to.
@@ -151,7 +151,7 @@ public class Settings_Allowed_Apps extends Fragment implements AdapterView.OnIte
@Override
public View getView(int position, View convertView, ViewGroup parent) {
- AppViewHolder viewHolder = AppViewHolder.createOrRecycle(mInflater, convertView);
+ AppViewHolder viewHolder = AppViewHolder.createOrRecycle(mInflater, convertView ,parent);
convertView = viewHolder.rootView;
viewHolder.mInfo = mPackages.get(position);
final ApplicationInfo mInfo = mPackages.get(position);
diff --git a/main/src/main/res/layout/file_dialog_row.xml b/main/src/main/res/layout/file_dialog_row.xml
index 584b26c3..bca67776 100644
--- a/main/src/main/res/layout/file_dialog_row.xml
+++ b/main/src/main/res/layout/file_dialog_row.xml
@@ -4,15 +4,17 @@
~ Distributed under the GNU GPL v2 with additional terms. For full terms see the file doc/LICENSE.txt
-->
-<RelativeLayout xmlns:android="http://schemas.android.com/apk/res/android"
- android:layout_width="fill_parent"
- android:layout_height="fill_parent" >
+<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
+ xmlns:tools="http://schemas.android.com/tools"
+ android:layout_width="wrap_content"
+ android:orientation="horizontal"
+ android:layout_height="wrap_content">
<ImageView
android:id="@+id/fdrowimage"
android:layout_width="wrap_content"
android:layout_height="35dp"
- android:layout_alignParentLeft="true"
+ tools:background="@drawable/ic_root_folder_am"
android:paddingLeft="3dp"
android:paddingRight="5dp" android:contentDescription="@string/file_icon"/>
@@ -20,12 +22,10 @@
android:id="@+id/fdrowtext"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
- android:layout_alignBottom="@+id/fdrowimage"
- android:layout_alignTop="@+id/fdrowimage"
- android:layout_toRightOf="@+id/fdrowimage"
android:gravity="center_vertical"
- android:text="@+id/fdrowtext"
+ android:layout_gravity="center_vertical"
+ tools:text="foo, die datei,"
android:textAppearance="?android:attr/textAppearanceMedium" />
-</RelativeLayout> \ No newline at end of file
+</LinearLayout> \ No newline at end of file
diff --git a/main/src/main/res/layout/server_card.xml b/main/src/main/res/layout/server_card.xml
index 1f59a99f..690a27bd 100644
--- a/main/src/main/res/layout/server_card.xml
+++ b/main/src/main/res/layout/server_card.xml
@@ -153,7 +153,7 @@
android:layout_height="wrap_content"
android:layout_below="@id/udptcpradiogroup"
android:id="@+id/use_customoptions"
- android:text="Custom Options" />
+ android:text="@string/custom_connection_options" />
<LinearLayout
android:paddingLeft="10dp"
@@ -165,7 +165,7 @@
android:layout_height="wrap_content">
<TextView
android:id="@+id/warnung_custom"
- android:text="Specify custom connection specific options. Use with care"
+ android:text="@string/custom_connection_options_warng"
android:layout_width="wrap_content"
android:layout_height="wrap_content" />
@@ -195,7 +195,8 @@
android:layout_alignEnd="@+id/portnumber"
android:layout_below="@id/remoteSwitch"
android:background="@drawable/ic_menu_delete_grey"
- android:id="@+id/remove_connection" />
+ android:id="@+id/remove_connection"
+ android:contentDescription="@string/remove_connection_entry" />
</RelativeLayout>
diff --git a/main/src/main/res/values/strings.xml b/main/src/main/res/values/strings.xml
index a223ed04..2a694da1 100755
--- a/main/src/main/res/values/strings.xml
+++ b/main/src/main/res/values/strings.xml
@@ -369,5 +369,8 @@
<string name="ab_not_route_to_vpn_title">Route to the configured IP address</string>
<string name="ab_kitkat_mss_title">Wrong MSS value for VPN connection</string>
<string name="ab_secondary_users_title">Secondary tablet users</string>
+ <string name="custom_connection_options_warng">Specify custom connection specific options. Use with care</string>
+ <string name="custom_connection_options">Custom Options</string>
+ <string name="remove_connection_entry">Remove connection entry</string>
</resources>