# HG changeset patch # User Misaki Miyashita # Date 1367622611 25200 # Node ID b92e6df5eaf003b8f384d2592df83a448aa8c682 # Parent a7d8d41eeab2fbbb3c0d2d6b8d7be081cd85cbb8 PSARC 2013/034 OpenSSL 1.0.1 15824597 SUNBT7206149 Resynch with the latest OpenSSL (1.0.1e) diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/Makefile --- a/components/openssl/openssl-1.0.0/Makefile Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,387 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License (the "License"). -# You may not use this file except in compliance with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved. -# -include ../../../make-rules/shared-macros.mk - -COMPONENT_NAME = openssl -# When new version of OpenSSL comes in, you must update both COMPONENT_VERSION -# and IPS_COMPONENT_VERSION. -# When upgrading OpenSSL, please, DON'T FORGET TO TEST WANBOOT too. -# For more information about wanboot-openssl testing, please refer to -# ../README. -COMPONENT_VERSION = 1.0.0k -# Version for IPS. It is easier to do it manually than convert the letter to a -# number while taking into account that there might be no letter at all. -IPS_COMPONENT_VERSION = 1.0.0.11 -COMPONENT_PROJECT_URL= http://www.openssl.org/ -COMPONENT_SRC = $(COMPONENT_NAME)-$(COMPONENT_VERSION) -COMPONENT_ARCHIVE = $(COMPONENT_SRC).tar.gz -COMPONENT_ARCHIVE_HASH= \ - sha256:2982b2e9697a857b336c5c1b1b7b463747e5c1d560f25f6ace95365791b1efd1 -COMPONENT_ARCHIVE_URL = $(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE) -COMPONENT_BUGDB= utility/openssl - -# Architecture-specific patches -EXTRA_PATCHES.i386 = $(PATCH_DIR)/openssl-1.0.0d-aesni-v4.i386-patch -EXTRA_PATCHES.sparc = $(PATCH_DIR)/openssl-1.0.0d-t4-engine.sparc-patch -EXTRA_PATCHES = $(EXTRA_PATCHES.$(MACH)) - -include $(WS_TOP)/make-rules/prep.mk -include $(WS_TOP)/make-rules/configure.mk -include $(WS_TOP)/make-rules/ips.mk -include $(WS_TOP)/make-rules/lint-libraries.mk - -PATH=$(SPRO_VROOT)/bin:/usr/bin:/usr/gnu/bin:/usr/perl5/bin - -# Variant of OpenSSL for wanboot is built in build/sparcv9-wanboot. -BUILD_DIR_WANBOOT = $(BUILD_DIR)/$(MACH64)-wanboot - -# OpenSSL does not use autoconf but its own configure system. -CONFIGURE_SCRIPT = $(SOURCE_DIR)/Configure - -# This is to force OpenSSL's Configure script to use gmake for 'make links'. -# Otherwise it fails with: -# mksh: Fatal error in reader: Unmatched `(' on line -CONFIGURE_ENV += MAKE="$(GMAKE)" - -# Used in the configure options below. -PKCS11_LIB32 = /usr/lib/libpkcs11.so.1 -PKCS11_LIB64 = /usr/lib/64/libpkcs11.so.1 -ENGINESDIR_32 = /lib/openssl/engines -ENGINESDIR_64 = /lib/openssl/engines/64 - -# Configure options common to both regular OpenSSL and OpenSSL for wanboot. -CONFIGURE_OPTIONS = -DSOLARIS_OPENSSL -DNO_WINDOWS_BRAINDEATH -CONFIGURE_OPTIONS += --openssldir=/etc/openssl -CONFIGURE_OPTIONS += --prefix=/usr -# We use OpenSSL install code for installing only manual pages and we do that -# for 32-bit version only. -CONFIGURE_OPTIONS += --install_prefix=$(PROTO_DIR) -CONFIGURE_OPTIONS += no-ec -CONFIGURE_OPTIONS += no-ecdh -CONFIGURE_OPTIONS += no-ecdsa -CONFIGURE_OPTIONS += no-rc3 -CONFIGURE_OPTIONS += no-rc5 -CONFIGURE_OPTIONS += no-mdc2 -CONFIGURE_OPTIONS += no-idea -CONFIGURE_OPTIONS += no-hw_4758_cca -CONFIGURE_OPTIONS += no-hw_aep -CONFIGURE_OPTIONS += no-hw_atalla -CONFIGURE_OPTIONS += no-hw_chil -CONFIGURE_OPTIONS += no-hw_gmp -CONFIGURE_OPTIONS += no-hw_ncipher -CONFIGURE_OPTIONS += no-hw_nuron -CONFIGURE_OPTIONS += no-hw_padlock -CONFIGURE_OPTIONS += no-hw_sureware -CONFIGURE_OPTIONS += no-hw_ubsec -CONFIGURE_OPTIONS += no-hw_cswift -# MD2 is not enabled by default in OpensSSL but some software we have in -# Userland needs it. One example is nmap. -CONFIGURE_OPTIONS += enable-md2 -CONFIGURE_OPTIONS += no-seed -# We use both no-whirlpool and no-whrlpool since there is an inconsistency in -# the OpenSSL code and one needs both to build OpenSSL successfully with -# Whirlpool implementation removed. -CONFIGURE_OPTIONS += no-whirlpool -CONFIGURE_OPTIONS += no-whrlpool -# Some additional options needed for our engines. -CONFIGURE_OPTIONS += --pk11-libname=$(PKCS11_LIB$(BITS)) -CONFIGURE_OPTIONS += --enginesdir=$(ENGINESDIR_$(BITS)) - -# We define our own compiler and linker option sets for Solaris. See Configure -# for more information. -CONFIGURE_OPTIONS32_i386 = solaris-x86-cc-sunw -CONFIGURE_OPTIONS32_sparc = solaris-sparcv9-cc-sunw -CONFIGURE_OPTIONS64_i386 = solaris64-x86_64-cc-sunw -CONFIGURE_OPTIONS64_sparc = solaris64-sparcv9-cc-sunw - -# Options specific to regular build. -# They must not be specified as common, as they cannot be overridden. -$(BUILD_DIR)/$(MACH32)/.configured: CONFIGURE_OPTIONS += threads -$(BUILD_DIR)/$(MACH64)/.configured: CONFIGURE_OPTIONS += threads -$(BUILD_DIR)/$(MACH32)/.configured: CONFIGURE_OPTIONS += shared -$(BUILD_DIR)/$(MACH64)/.configured: CONFIGURE_OPTIONS += shared -$(BUILD_DIR)/$(MACH32)/.configured: CONFIGURE_OPTIONS += shared -$(BUILD_DIR)/$(MACH64)/.configured: CONFIGURE_OPTIONS += shared -$(BUILD_DIR)/$(MACH32)/.configured: CONFIGURE_OPTIONS += \ - $(CONFIGURE_OPTIONS32_$(MACH)) -$(BUILD_DIR)/$(MACH64)/.configured: CONFIGURE_OPTIONS += \ - $(CONFIGURE_OPTIONS64_$(MACH)) - -# OpenSSL for wanboot specific options -$(BUILD_DIR_WANBOOT)/.configured: BITS=64 -$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += -DNO_CHMOD -$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += -D_BOOT -$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += -DOPENSSL_NO_DTLS1 -$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += no-cast -$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += no-dso -$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += no-rc4 -$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += no-ripemd -$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += no-hw -$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += no-threads -$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += no-shared -$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += \ - solaris64-sparcv9-cc-sunw-wanboot - - -# OpenSSL has its own configure system which must be run from the fully -# populated source code directory. However, the Userland configuration phase is -# run from the build directory. So, we must get the full source code into the -# build directory. -COMPONENT_PRE_CONFIGURE_ACTION = \ - ( $(CLONEY) $(SOURCE_DIR) $(BUILD_DIR)/$(MACH$(BITS)); ) - -$(BUILD_DIR_WANBOOT)/.configured: COMPONENT_PRE_CONFIGURE_ACTION = \ - ( $(CLONEY) $(SOURCE_DIR) $(BUILD_DIR_WANBOOT); ) - -# We deliver only one opensslconf.h file which must be suitable for both 32 and -# 64 bits. Depending on the configuration option, OpenSSL's Configure script -# creates opensslconf.h for either 32 or 64 bits. A patch makes the resulting -# header file usable on both architectures. The patch was generated against the -# opensslconf.h version from the 32 bit build. -COMPONENT_POST_CONFIGURE_ACTION = \ - ( [ $(BITS) -eq 32 ] && $(GPATCH) -p1 $(@D)/crypto/opensslconf.h \ - patches-post-config/opensslconf.patch; cd $(@D); $(MAKE) depend; ) - - -# We do not ship our engines as patches since it would be more difficult to -# update the files which have been under continuous development. We rather copy -# the files to the right directories. -# Same holds for wanboot-stubs.c, which stubs out several functions, that are -# not available in the stand-alone environment of wanboot. -COMPONENT_PRE_BUILD_ACTION = \ - ( echo "Cloning engines..."; \ - $(LN) -fs $(COMPONENT_DIR)/engines/aesni/eng_aesni.c $(@D)/crypto/engine; \ - $(LN) -fs $(COMPONENT_DIR)/engines/aesni/aesni-x86*.pl $(@D)/crypto/aes/asm; \ - $(LN) -fs $(COMPONENT_DIR)/engines/devcrypto/*.[ch] $(@D)/engines; \ - $(LN) -fs $(COMPONENT_DIR)/engines/pkcs11/*.[ch] $(@D)/crypto/engine; \ - $(LN) -fs $(COMPONENT_DIR)/engines/t4/eng_t4*.[ch] $(@D)/crypto/engine; \ - $(LN) -fs $(COMPONENT_DIR)/engines/t4/t4_aes.S $(@D)/crypto/aes/asm; \ - $(LN) -fs $(COMPONENT_DIR)/engines/t4/t4_des.S $(@D)/crypto/des/asm; \ - $(LN) -fs $(COMPONENT_DIR)/engines/t4/t4_md5.S $(@D)/crypto/md5/asm; \ - $(LN) -fs $(COMPONENT_DIR)/engines/t4/t4_sha?.S $(@D)/crypto/sha/asm; \ - $(LN) -fs $(COMPONENT_DIR)/wanboot-openssl/wanboot-stubs.c $(@D)/crypto; ) - -# OpenSSL for wanboot is built on sparc only. -ifeq ($(MACH), sparc) -BUILD_64 += $(BUILD_DIR_WANBOOT)/.built -endif - -build: $(BUILD_32_and_64) - -# Object files for wanboot-openssl.o have to be listed explicitly. -WANBOOT_OBJS = \ - crypto/aes/aes-sparcv9.o crypto/aes/aes_cbc.o crypto/aes/aes_cfb.o \ - crypto/aes/aes_core.o crypto/aes/aes_ecb.o crypto/aes/aes_ofb.o \ - crypto/aes/aes_wrap.o crypto/asn1/a_bitstr.o crypto/asn1/a_bool.o \ - crypto/asn1/a_bytes.o crypto/asn1/a_d2i_fp.o crypto/asn1/a_digest.o \ - crypto/asn1/a_dup.o crypto/asn1/a_enum.o crypto/asn1/a_gentm.o \ - crypto/asn1/a_i2d_fp.o crypto/asn1/a_int.o crypto/asn1/a_mbstr.o \ - crypto/asn1/a_object.o crypto/asn1/a_octet.o crypto/asn1/a_print.o \ - crypto/asn1/a_set.o crypto/asn1/a_sign.o crypto/asn1/a_strex.o \ - crypto/asn1/a_strnid.o crypto/asn1/a_time.o crypto/asn1/a_type.o \ - crypto/asn1/a_utctm.o crypto/asn1/a_utf8.o crypto/asn1/a_verify.o \ - crypto/asn1/ameth_lib.o crypto/asn1/asn1_err.o crypto/asn1/asn1_gen.o \ - crypto/asn1/asn1_lib.o crypto/asn1/asn1_par.o crypto/asn1/asn_mime.o \ - crypto/asn1/asn_pack.o crypto/asn1/bio_asn1.o crypto/asn1/bio_ndef.o \ - crypto/asn1/d2i_pr.o crypto/asn1/evp_asn1.o crypto/asn1/f_int.o \ - crypto/asn1/f_string.o crypto/asn1/i2d_pr.o crypto/asn1/nsseq.o \ - crypto/asn1/p5_pbe.o crypto/asn1/p5_pbev2.o crypto/asn1/p8_pkey.o \ - crypto/asn1/t_pkey.o crypto/asn1/t_x509.o crypto/asn1/t_x509a.o \ - crypto/asn1/tasn_dec.o crypto/asn1/tasn_enc.o crypto/asn1/tasn_fre.o \ - crypto/asn1/tasn_new.o crypto/asn1/tasn_prn.o crypto/asn1/tasn_typ.o \ - crypto/asn1/tasn_utl.o crypto/asn1/x_algor.o crypto/asn1/x_attrib.o \ - crypto/asn1/x_bignum.o crypto/asn1/x_crl.o crypto/asn1/x_exten.o \ - crypto/asn1/x_info.o crypto/asn1/x_long.o crypto/asn1/x_name.o \ - crypto/asn1/x_pkey.o crypto/asn1/x_pubkey.o crypto/asn1/x_req.o \ - crypto/asn1/x_sig.o crypto/asn1/x_spki.o crypto/asn1/x_val.o \ - crypto/asn1/x_x509.o crypto/asn1/x_x509a.o crypto/bf/bf_cfb64.o \ - crypto/bf/bf_ecb.o crypto/bf/bf_enc.o crypto/bf/bf_ofb64.o \ - crypto/bf/bf_skey.o crypto/bio/b_dump.o crypto/bio/b_print.o \ - crypto/bio/bf_buff.o crypto/bio/bio_err.o crypto/bio/bio_lib.o \ - crypto/bio/bss_file.o crypto/bio/bss_mem.o crypto/bio/bss_null.o \ - crypto/bio/bss_sock.o crypto/bn/bn-sparcv9.o crypto/bn/bn_add.o \ - crypto/bn/bn_blind.o crypto/bn/bn_ctx.o crypto/bn/bn_div.o \ - crypto/bn/bn_err.o crypto/bn/bn_exp.o crypto/bn/bn_exp2.o \ - crypto/bn/bn_gcd.o crypto/bn/bn_lib.o crypto/bn/bn_mod.o \ - crypto/bn/bn_mont.o crypto/bn/bn_mul.o crypto/bn/bn_prime.o \ - crypto/bn/bn_print.o crypto/bn/bn_rand.o crypto/bn/bn_recp.o \ - crypto/bn/bn_shift.o crypto/bn/bn_sqr.o crypto/bn/bn_word.o \ - crypto/bn/sparcv9-mont.o crypto/bn/sparcv9a-mont.o \ - crypto/buffer/buf_err.o crypto/buffer/buffer.o crypto/camellia/camellia.o \ - crypto/camellia/cmll_cbc.o crypto/camellia/cmll_cfb.o \ - crypto/camellia/cmll_ecb.o crypto/camellia/cmll_misc.o \ - crypto/camellia/cmll_ofb.o crypto/cms/cms_asn1.o crypto/cms/cms_att.o \ - crypto/cms/cms_dd.o crypto/cms/cms_enc.o crypto/cms/cms_env.o \ - crypto/cms/cms_err.o crypto/cms/cms_io.o crypto/cms/cms_lib.o \ - crypto/cms/cms_sd.o crypto/comp/c_zlib.o crypto/comp/comp_err.o \ - crypto/comp/comp_lib.o crypto/conf/conf_api.o crypto/conf/conf_def.o \ - crypto/conf/conf_err.o crypto/conf/conf_lib.o crypto/conf/conf_mod.o \ - crypto/cpt_err.o crypto/cryptlib.o crypto/des/cfb64ede.o \ - crypto/des/cfb64enc.o crypto/des/cfb_enc.o crypto/des/des_enc-sparc.o \ - crypto/des/ecb3_enc.o crypto/des/ecb_enc.o crypto/des/ofb64ede.o \ - crypto/des/ofb64enc.o crypto/des/set_key.o crypto/des/xcbc_enc.o \ - crypto/dh/dh_ameth.o crypto/dh/dh_asn1.o crypto/dh/dh_check.o \ - crypto/dh/dh_err.o crypto/dh/dh_gen.o crypto/dh/dh_key.o \ - crypto/dh/dh_lib.o crypto/dh/dh_pmeth.o crypto/dsa/dsa_ameth.o \ - crypto/dsa/dsa_asn1.o crypto/dsa/dsa_err.o crypto/dsa/dsa_gen.o \ - crypto/dsa/dsa_key.o crypto/dsa/dsa_lib.o crypto/dsa/dsa_ossl.o \ - crypto/dsa/dsa_pmeth.o crypto/dsa/dsa_sign.o crypto/dsa/dsa_vrf.o \ - crypto/dso/dso_lib.o crypto/dso/dso_null.o crypto/dso/dso_openssl.o \ - crypto/engine/eng_ctrl.o crypto/engine/eng_err.o crypto/engine/eng_init.o \ - crypto/engine/eng_lib.o crypto/engine/eng_list.o crypto/engine/eng_pkey.o \ - crypto/engine/eng_table.o crypto/engine/tb_asnmth.o \ - crypto/engine/tb_cipher.o crypto/engine/tb_dh.o crypto/engine/tb_digest.o \ - crypto/engine/tb_dsa.o crypto/engine/tb_pkmeth.o crypto/engine/tb_rand.o \ - crypto/engine/tb_rsa.o crypto/err/err.o crypto/err/err_all.o \ - crypto/err/err_prn.o crypto/evp/bio_b64.o crypto/evp/bio_enc.o \ - crypto/evp/bio_md.o crypto/evp/c_all.o crypto/evp/c_allc.o \ - crypto/evp/c_alld.o crypto/evp/digest.o crypto/evp/e_aes.o \ - crypto/evp/e_bf.o crypto/evp/e_camellia.o crypto/evp/e_des.o \ - crypto/evp/e_des3.o crypto/evp/e_null.o crypto/evp/e_rc2.o \ - crypto/evp/e_xcbc_d.o crypto/evp/encode.o crypto/evp/evp_enc.o \ - crypto/evp/evp_err.o crypto/evp/evp_key.o crypto/evp/evp_lib.o \ - crypto/evp/evp_pbe.o crypto/evp/evp_pkey.o crypto/evp/m_dss.o \ - crypto/evp/m_dss1.o crypto/evp/m_md4.o crypto/evp/m_md5.o \ - crypto/evp/m_sha.o crypto/evp/m_sha1.o crypto/evp/m_sigver.o \ - crypto/evp/names.o crypto/evp/p5_crpt.o crypto/evp/p5_crpt2.o \ - crypto/evp/p_lib.o crypto/evp/p_sign.o crypto/evp/p_verify.o \ - crypto/evp/pmeth_fn.o crypto/evp/pmeth_gn.o crypto/evp/pmeth_lib.o \ - crypto/ex_data.o crypto/hmac/hm_ameth.o crypto/hmac/hm_pmeth.o \ - crypto/hmac/hmac.o crypto/lhash/lhash.o crypto/md4/md4_dgst.o \ - crypto/md5/md5_dgst.o crypto/mem.o crypto/mem_dbg.o crypto/modes/cbc128.o \ - crypto/modes/cfb128.o crypto/modes/ofb128.o crypto/o_dir.o \ - crypto/o_time.o crypto/objects/o_names.o crypto/objects/obj_dat.o \ - crypto/objects/obj_err.o crypto/objects/obj_lib.o \ - crypto/objects/obj_xref.o crypto/ocsp/ocsp_asn.o crypto/ocsp/ocsp_err.o \ - crypto/pem/pem_all.o crypto/pem/pem_err.o crypto/pem/pem_info.o \ - crypto/pem/pem_lib.o crypto/pem/pem_oth.o crypto/pem/pem_pk8.o \ - crypto/pem/pem_pkey.o crypto/pem/pem_x509.o crypto/pem/pem_xaux.o \ - crypto/pkcs12/p12_add.o crypto/pkcs12/p12_asn.o crypto/pkcs12/p12_attr.o \ - crypto/pkcs12/p12_crpt.o crypto/pkcs12/p12_decr.o crypto/pkcs12/p12_key.o \ - crypto/pkcs12/p12_mutl.o crypto/pkcs12/p12_p8d.o crypto/pkcs12/p12_p8e.o \ - crypto/pkcs12/p12_utl.o crypto/pkcs12/pk12err.o crypto/pkcs7/pk7_asn1.o \ - crypto/pkcs7/pk7_attr.o crypto/pkcs7/pk7_doit.o crypto/pkcs7/pk7_lib.o \ - crypto/pkcs7/pkcs7err.o crypto/rand/md_rand.o crypto/rand/rand_err.o \ - crypto/rand/rand_lib.o crypto/rand/rand_unix.o crypto/rand/randfile.o \ - crypto/rc2/rc2_cbc.o crypto/rc2/rc2_ecb.o crypto/rc2/rc2_skey.o \ - crypto/rc2/rc2cfb64.o crypto/rc2/rc2ofb64.o crypto/rsa/rsa_ameth.o \ - crypto/rsa/rsa_asn1.o crypto/rsa/rsa_eay.o crypto/rsa/rsa_err.o \ - crypto/rsa/rsa_gen.o crypto/rsa/rsa_lib.o crypto/rsa/rsa_none.o \ - crypto/rsa/rsa_oaep.o crypto/rsa/rsa_pk1.o crypto/rsa/rsa_pmeth.o \ - crypto/rsa/rsa_pss.o crypto/rsa/rsa_sign.o crypto/rsa/rsa_ssl.o \ - crypto/rsa/rsa_x931.o crypto/sha/sha1-sparcv9.o crypto/sha/sha1dgst.o \ - crypto/sha/sha256-sparcv9.o crypto/sha/sha256.o \ - crypto/sha/sha512-sparcv9.o crypto/sha/sha512.o crypto/sha/sha_dgst.o \ - crypto/sparccpuid.o crypto/sparcv9cap.o crypto/stack/stack.o \ - crypto/wanboot-stubs.o \ - crypto/ts/ts_err.o crypto/ui/ui_err.o crypto/x509/by_dir.o \ - crypto/x509/by_file.o crypto/x509/x509_att.o crypto/x509/x509_cmp.o \ - crypto/x509/x509_d2.o crypto/x509/x509_def.o crypto/x509/x509_err.o \ - crypto/x509/x509_ext.o crypto/x509/x509_lu.o crypto/x509/x509_obj.o \ - crypto/x509/x509_req.o crypto/x509/x509_trs.o crypto/x509/x509_txt.o \ - crypto/x509/x509_v3.o crypto/x509/x509_vfy.o crypto/x509/x509_vpm.o \ - crypto/x509/x509name.o crypto/x509/x509rset.o crypto/x509/x509type.o \ - crypto/x509/x_all.o crypto/x509v3/pcy_cache.o crypto/x509v3/pcy_data.o \ - crypto/x509v3/pcy_lib.o crypto/x509v3/pcy_map.o crypto/x509v3/pcy_node.o \ - crypto/x509v3/pcy_tree.o crypto/x509v3/v3_akey.o crypto/x509v3/v3_akeya.o \ - crypto/x509v3/v3_alt.o crypto/x509v3/v3_bcons.o crypto/x509v3/v3_bitst.o \ - crypto/x509v3/v3_conf.o crypto/x509v3/v3_cpols.o crypto/x509v3/v3_crld.o \ - crypto/x509v3/v3_enum.o crypto/x509v3/v3_extku.o crypto/x509v3/v3_genn.o \ - crypto/x509v3/v3_ia5.o crypto/x509v3/v3_info.o crypto/x509v3/v3_int.o \ - crypto/x509v3/v3_lib.o crypto/x509v3/v3_ncons.o crypto/x509v3/v3_ocsp.o \ - crypto/x509v3/v3_pci.o crypto/x509v3/v3_pcia.o crypto/x509v3/v3_pcons.o \ - crypto/x509v3/v3_pku.o crypto/x509v3/v3_pmaps.o crypto/x509v3/v3_prn.o \ - crypto/x509v3/v3_purp.o crypto/x509v3/v3_skey.o crypto/x509v3/v3_sxnet.o \ - crypto/x509v3/v3_utl.o crypto/x509v3/v3err.o ssl/s3_both.o ssl/s3_clnt.o \ - ssl/s3_enc.o ssl/s3_lib.o ssl/s3_pkt.o ssl/ssl_algs.o ssl/ssl_asn1.o \ - ssl/ssl_cert.o ssl/ssl_ciph.o ssl/ssl_err.o ssl/ssl_err2.o ssl/ssl_lib.o \ - ssl/ssl_rsa.o ssl/ssl_sess.o ssl/t1_enc.o ssl/t1_lib.o ssl/t1_reneg.o - -# Linking of openssl bits for wanboot. -# Interface for wanboot is specified in mapfile.wanboot. Object files are -# compiled to have functions in separate sections, unused sections get -# discarded. -CREATE_BIG_OBJECT_FILE = ( \ - cd $(BUILD_DIR_WANBOOT); \ - $(LD) -o wanboot-openssl.o -r -M../../mapfile.wanboot -Breduce \ - -zdiscard-unused=sections,files -zguidance \ - $(WANBOOT_OBJS); \ - ) - -$(BUILD_DIR_WANBOOT)/.built: COMPONENT_POST_BUILD_ACTION = \ - ($(CREATE_BIG_OBJECT_FILE); ) - -# OpenSSL uses sections man[1357] by default so we must create the man -# directories we use for OpenSSL man pages in Solaris. Note that we patch the -# OpenSSL man page install script to use the correct directories. -MANDIR_SECTIONS = $(PROTO_DIR)/usr/share/man/man1openssl -MANDIR_SECTIONS += $(PROTO_DIR)/usr/share/man/man3openssl -MANDIR_SECTIONS += $(PROTO_DIR)/usr/share/man/man5openssl -MANDIR_SECTIONS += $(PROTO_DIR)/usr/share/man/man7openssl - -# We must create man page directories manually since we patched OpenSSL install -# code to install into manXopenssl instead of manX. Also, OpenSSL does not -# install into /$(MACH64) for 64-bit install so no such directory is -# created and Userland install code would fail when installing lint libraries. -COMPONENT_PRE_INSTALL_ACTION = ( $(MKDIR) $(MANDIR_SECTIONS); \ - $(MKDIR) $(PROTO_DIR)/usr/lib/$(MACH64); ) - -# The install_docs target will install man pages into $(PROTO_DIR)/$(MANDIR). We -# also add /usr/perl5/bin to PATH so that OpenSSL install code can locate the -# system pod2man. If not set, OpenSSL make would use an internal implementation -# from the tarball which would corrupt some man pages. -COMPONENT_INSTALL_ARGS += PATH=$(PATH) MANDIR=/usr/share/man - -WANBOOT_TO = $(PROTO_DIR)/lib/openssl/wanboot/$(MACH64) - -# We could run OpenSSL install code for 32 bits only to process header files and -# manual pages. However, lint libraries depend on install stamps so we run -# install for 64 bit as well. Note that we must take built binary files from -# build directories, not from the proto area which contains whatever was -# installed first. -# OpenSSL for wanboot is built on sparc only. -ifeq ($(MACH), sparc) -install: $(INSTALL_32_and_64) $(BUILD_DIR_WANBOOT)/.built - $(MKDIR) -p $(WANBOOT_TO); - $(CP) $(BUILD_DIR_WANBOOT)/wanboot-openssl.o $(WANBOOT_TO); -else -install: $(INSTALL_32_and_64) -endif - -# We need to modify the default lint flags to include patched opensslconf.h from -# the build directory. If we do not do that, lint will complain about md2.h -# which is not enabled by default but it is in our opensslconf.h. -LFLAGS_32 := -I$(BUILD_DIR_32)/include $(LINT_FLAGS) -lsoftcrypto -LFLAGS_64 := -I$(BUILD_DIR_64)/include $(LINT_FLAGS) -lsoftcrypto - -# Set modified lint flags for our lint library targets. -$(BUILD_DIR_32)/llib-lcrypto.ln: LINT_FLAGS="$(LFLAGS_32)" -$(BUILD_DIR_32)/llib-lssl.ln: LINT_FLAGS="$(LFLAGS_32)" -$(BUILD_DIR_64)/llib-lcrypto.ln: LINT_FLAGS="$(LFLAGS_64)" -$(BUILD_DIR_64)/llib-lssl.ln: LINT_FLAGS="$(LFLAGS_64)" - -test: $(NO_TESTS) - -BUILD_PKG_DEPENDENCIES = $(BUILD_TOOLS) - -include $(WS_TOP)/make-rules/depend.mk diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/engines/aesni/aesni-x86.pl --- a/components/openssl/openssl-1.0.0/engines/aesni/aesni-x86.pl Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,765 +0,0 @@ -#!/usr/bin/env perl - -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# This module implements support for Intel AES-NI extension. In -# OpenSSL context it's used with Intel engine, but can also be used as -# drop-in replacement for crypto/aes/asm/aes-586.pl [see below for -# details]. - -$PREFIX="aesni"; # if $PREFIX is set to "AES", the script - # generates drop-in replacement for - # crypto/aes/asm/aes-586.pl:-) - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../perlasm"); -require "x86asm.pl"; - -&asm_init($ARGV[0],$0); - -$movekey = eval($RREFIX eq "aseni" ? "*movaps" : "*movups"); - -$len="eax"; -$rounds="ecx"; -$key="edx"; -$inp="esi"; -$out="edi"; -$rounds_="ebx"; # backup copy for $rounds -$key_="ebp"; # backup copy for $key - -$inout0="xmm0"; -$inout1="xmm1"; -$inout2="xmm2"; -$rndkey0="xmm3"; -$rndkey1="xmm4"; -$ivec="xmm5"; -$in0="xmm6"; -$in1="xmm7"; $inout3="xmm7"; - -# Inline version of internal aesni_[en|de]crypt1 -sub aesni_inline_generate1 -{ my $p=shift; - - &$movekey ($rndkey0,&QWP(0,$key)); - &$movekey ($rndkey1,&QWP(16,$key)); - &lea ($key,&DWP(32,$key)); - &pxor ($inout0,$rndkey0); - &set_label("${p}1_loop"); - eval"&aes${p} ($inout0,$rndkey1)"; - &dec ($rounds); - &$movekey ($rndkey1,&QWP(0,$key)); - &lea ($key,&DWP(16,$key)); - &jnz (&label("${p}1_loop")); - eval"&aes${p}last ($inout0,$rndkey1)"; -} - -sub aesni_generate1 # fully unrolled loop -{ my $p=shift; - - &function_begin_B("_aesni_${p}rypt1"); - &$movekey ($rndkey0,&QWP(0,$key)); - &$movekey ($rndkey1,&QWP(0x10,$key)); - &cmp ($rounds,11); - &pxor ($inout0,$rndkey0); - &$movekey ($rndkey0,&QWP(0x20,$key)); - &lea ($key,&DWP(0x30,$key)); - &jb (&label("${p}128")); - &lea ($key,&DWP(0x20,$key)); - &je (&label("${p}192")); - &lea ($key,&DWP(0x20,$key)); - eval"&aes${p} ($inout0,$rndkey1)"; - &$movekey ($rndkey1,&QWP(-0x40,$key)); - eval"&aes${p} ($inout0,$rndkey0)"; - &$movekey ($rndkey0,&QWP(-0x30,$key)); - &set_label("${p}192"); - eval"&aes${p} ($inout0,$rndkey1)"; - &$movekey ($rndkey1,&QWP(-0x20,$key)); - eval"&aes${p} ($inout0,$rndkey0)"; - &$movekey ($rndkey0,&QWP(-0x10,$key)); - &set_label("${p}128"); - eval"&aes${p} ($inout0,$rndkey1)"; - &$movekey ($rndkey1,&QWP(0,$key)); - eval"&aes${p} ($inout0,$rndkey0)"; - &$movekey ($rndkey0,&QWP(0x10,$key)); - eval"&aes${p} ($inout0,$rndkey1)"; - &$movekey ($rndkey1,&QWP(0x20,$key)); - eval"&aes${p} ($inout0,$rndkey0)"; - &$movekey ($rndkey0,&QWP(0x30,$key)); - eval"&aes${p} ($inout0,$rndkey1)"; - &$movekey ($rndkey1,&QWP(0x40,$key)); - eval"&aes${p} ($inout0,$rndkey0)"; - &$movekey ($rndkey0,&QWP(0x50,$key)); - eval"&aes${p} ($inout0,$rndkey1)"; - &$movekey ($rndkey1,&QWP(0x60,$key)); - eval"&aes${p} ($inout0,$rndkey0)"; - &$movekey ($rndkey0,&QWP(0x70,$key)); - eval"&aes${p} ($inout0,$rndkey1)"; - eval"&aes${p}last ($inout0,$rndkey0)"; - &ret(); - &function_end_B("_aesni_${p}rypt1"); -} - -# void $PREFIX_encrypt (const void *inp,void *out,const AES_KEY *key); -# &aesni_generate1("dec"); -&function_begin_B("${PREFIX}_encrypt"); - &mov ("eax",&wparam(0)); - &mov ($key,&wparam(2)); - &movups ($inout0,&QWP(0,"eax")); - &mov ($rounds,&DWP(240,$key)); - &mov ("eax",&wparam(1)); - &aesni_inline_generate1("enc"); # &call ("_aesni_encrypt1"); - &movups (&QWP(0,"eax"),$inout0); - &ret (); -&function_end_B("${PREFIX}_encrypt"); - -# void $PREFIX_decrypt (const void *inp,void *out,const AES_KEY *key); -# &aesni_generate1("dec"); -&function_begin_B("${PREFIX}_decrypt"); - &mov ("eax",&wparam(0)); - &mov ($key,&wparam(2)); - &movups ($inout0,&QWP(0,"eax")); - &mov ($rounds,&DWP(240,$key)); - &mov ("eax",&wparam(1)); - &aesni_inline_generate1("dec"); # &call ("_aesni_decrypt1"); - &movups (&QWP(0,"eax"),$inout0); - &ret (); -&function_end_B("${PREFIX}_decrypt"); - -# _aesni_[en|de]crypt[34] are private interfaces, N denotes interleave -# factor. Why 3x subroutine is used in loops? Even though aes[enc|dec] -# latency is 6, it turned out that it can be scheduled only every -# *second* cycle. Thus 3x interleave is the one providing optimal -# utilization, i.e. when subroutine's throughput is virtually same as -# of non-interleaved subroutine [for number of input blocks up to 3]. -# This is why it makes no sense to implement 2x subroutine. As soon -# as/if Intel improves throughput by making it possible to schedule -# the instructions in question *every* cycles I would have to -# implement 6x interleave and use it in loop... -sub aesni_generate3 -{ my $p=shift; - - &function_begin_B("_aesni_${p}rypt3"); - &$movekey ($rndkey0,&QWP(0,$key)); - &shr ($rounds,1); - &$movekey ($rndkey1,&QWP(16,$key)); - &lea ($key,&DWP(32,$key)); - &pxor ($inout0,$rndkey0); - &pxor ($inout1,$rndkey0); - &pxor ($inout2,$rndkey0); - &jmp (&label("${p}3_loop")); - &set_label("${p}3_loop",16); - eval"&aes${p} ($inout0,$rndkey1)"; - &$movekey ($rndkey0,&QWP(0,$key)); - eval"&aes${p} ($inout1,$rndkey1)"; - &dec ($rounds); - eval"&aes${p} ($inout2,$rndkey1)"; - &$movekey ($rndkey1,&QWP(16,$key)); - eval"&aes${p} ($inout0,$rndkey0)"; - &lea ($key,&DWP(32,$key)); - eval"&aes${p} ($inout1,$rndkey0)"; - eval"&aes${p} ($inout2,$rndkey0)"; - &jnz (&label("${p}3_loop")); - eval"&aes${p} ($inout0,$rndkey1)"; - &$movekey ($rndkey0,&QWP(0,$key)); - eval"&aes${p} ($inout1,$rndkey1)"; - eval"&aes${p} ($inout2,$rndkey1)"; - eval"&aes${p}last ($inout0,$rndkey0)"; - eval"&aes${p}last ($inout1,$rndkey0)"; - eval"&aes${p}last ($inout2,$rndkey0)"; - &ret(); - &function_end_B("_aesni_${p}rypt3"); -} - -# 4x interleave is implemented to improve small block performance, -# most notably [and naturally] 4 block by ~30%. One can argue that one -# should have implemented 5x as well, but improvement would be <20%, -# so it's not worth it... -sub aesni_generate4 -{ my $p=shift; - - &function_begin_B("_aesni_${p}rypt4"); - &$movekey ($rndkey0,&QWP(0,$key)); - &$movekey ($rndkey1,&QWP(16,$key)); - &shr ($rounds,1); - &lea ($key,&DWP(32,$key)); - &pxor ($inout0,$rndkey0); - &pxor ($inout1,$rndkey0); - &pxor ($inout2,$rndkey0); - &pxor ($inout3,$rndkey0); - &jmp (&label("${p}3_loop")); - &set_label("${p}3_loop",16); - eval"&aes${p} ($inout0,$rndkey1)"; - &$movekey ($rndkey0,&QWP(0,$key)); - eval"&aes${p} ($inout1,$rndkey1)"; - &dec ($rounds); - eval"&aes${p} ($inout2,$rndkey1)"; - eval"&aes${p} ($inout3,$rndkey1)"; - &$movekey ($rndkey1,&QWP(16,$key)); - eval"&aes${p} ($inout0,$rndkey0)"; - &lea ($key,&DWP(32,$key)); - eval"&aes${p} ($inout1,$rndkey0)"; - eval"&aes${p} ($inout2,$rndkey0)"; - eval"&aes${p} ($inout3,$rndkey0)"; - &jnz (&label("${p}3_loop")); - eval"&aes${p} ($inout0,$rndkey1)"; - &$movekey ($rndkey0,&QWP(0,$key)); - eval"&aes${p} ($inout1,$rndkey1)"; - eval"&aes${p} ($inout2,$rndkey1)"; - eval"&aes${p} ($inout3,$rndkey1)"; - eval"&aes${p}last ($inout0,$rndkey0)"; - eval"&aes${p}last ($inout1,$rndkey0)"; - eval"&aes${p}last ($inout2,$rndkey0)"; - eval"&aes${p}last ($inout3,$rndkey0)"; - &ret(); - &function_end_B("_aesni_${p}rypt4"); -} -&aesni_generate3("enc") if ($PREFIX eq "aesni"); -&aesni_generate3("dec"); -&aesni_generate4("enc") if ($PREFIX eq "aesni"); -&aesni_generate4("dec"); - -if ($PREFIX eq "aesni") { -# void aesni_ecb_encrypt (const void *in, void *out, -# size_t length, const AES_KEY *key, -# int enc); -&function_begin("aesni_ecb_encrypt"); - &mov ($inp,&wparam(0)); - &mov ($out,&wparam(1)); - &mov ($len,&wparam(2)); - &mov ($key,&wparam(3)); - &mov ($rounds,&wparam(4)); - &cmp ($len,16); - &jb (&label("ecb_ret")); - &and ($len,-16); - &test ($rounds,$rounds) - &mov ($rounds,&DWP(240,$key)); - &mov ($key_,$key); # backup $key - &mov ($rounds_,$rounds); # backup $rounds - &jz (&label("ecb_decrypt")); - - &sub ($len,0x40); - &jbe (&label("ecb_enc_tail")); - &jmp (&label("ecb_enc_loop3")); - -&set_label("ecb_enc_loop3",16); - &movups ($inout0,&QWP(0,$inp)); - &movups ($inout1,&QWP(0x10,$inp)); - &movups ($inout2,&QWP(0x20,$inp)); - &call ("_aesni_encrypt3"); - &sub ($len,0x30); - &lea ($inp,&DWP(0x30,$inp)); - &lea ($out,&DWP(0x30,$out)); - &movups (&QWP(-0x30,$out),$inout0); - &mov ($key,$key_); # restore $key - &movups (&QWP(-0x20,$out),$inout1); - &mov ($rounds,$rounds_); # restore $rounds - &movups (&QWP(-0x10,$out),$inout2); - &ja (&label("ecb_enc_loop3")); - -&set_label("ecb_enc_tail"); - &add ($len,0x40); - &jz (&label("ecb_ret")); - - &cmp ($len,0x10); - &movups ($inout0,&QWP(0,$inp)); - &je (&label("ecb_enc_one")); - &cmp ($len,0x20); - &movups ($inout1,&QWP(0x10,$inp)); - &je (&label("ecb_enc_two")); - &cmp ($len,0x30); - &movups ($inout2,&QWP(0x20,$inp)); - &je (&label("ecb_enc_three")); - &movups ($inout3,&QWP(0x30,$inp)); - &call ("_aesni_encrypt4"); - &movups (&QWP(0,$out),$inout0); - &movups (&QWP(0x10,$out),$inout1); - &movups (&QWP(0x20,$out),$inout2); - &movups (&QWP(0x30,$out),$inout3); - jmp (&label("ecb_ret")); - -&set_label("ecb_enc_one",16); - &aesni_inline_generate1("enc"); # &call ("_aesni_encrypt1"); - &movups (&QWP(0,$out),$inout0); - &jmp (&label("ecb_ret")); - -&set_label("ecb_enc_two",16); - &call ("_aesni_encrypt3"); - &movups (&QWP(0,$out),$inout0); - &movups (&QWP(0x10,$out),$inout1); - &jmp (&label("ecb_ret")); - -&set_label("ecb_enc_three",16); - &call ("_aesni_encrypt3"); - &movups (&QWP(0,$out),$inout0); - &movups (&QWP(0x10,$out),$inout1); - &movups (&QWP(0x20,$out),$inout2); - &jmp (&label("ecb_ret")); - -&set_label("ecb_decrypt",16); - &sub ($len,0x40); - &jbe (&label("ecb_dec_tail")); - &jmp (&label("ecb_dec_loop3")); - -&set_label("ecb_dec_loop3",16); - &movups ($inout0,&QWP(0,$inp)); - &movups ($inout1,&QWP(0x10,$inp)); - &movups ($inout2,&QWP(0x20,$inp)); - &call ("_aesni_decrypt3"); - &sub ($len,0x30); - &lea ($inp,&DWP(0x30,$inp)); - &lea ($out,&DWP(0x30,$out)); - &movups (&QWP(-0x30,$out),$inout0); - &mov ($key,$key_); # restore $key - &movups (&QWP(-0x20,$out),$inout1); - &mov ($rounds,$rounds_); # restore $rounds - &movups (&QWP(-0x10,$out),$inout2); - &ja (&label("ecb_dec_loop3")); - -&set_label("ecb_dec_tail"); - &add ($len,0x40); - &jz (&label("ecb_ret")); - - &cmp ($len,0x10); - &movups ($inout0,&QWP(0,$inp)); - &je (&label("ecb_dec_one")); - &cmp ($len,0x20); - &movups ($inout1,&QWP(0x10,$inp)); - &je (&label("ecb_dec_two")); - &cmp ($len,0x30); - &movups ($inout2,&QWP(0x20,$inp)); - &je (&label("ecb_dec_three")); - &movups ($inout3,&QWP(0x30,$inp)); - &call ("_aesni_decrypt4"); - &movups (&QWP(0,$out),$inout0); - &movups (&QWP(0x10,$out),$inout1); - &movups (&QWP(0x20,$out),$inout2); - &movups (&QWP(0x30,$out),$inout3); - &jmp (&label("ecb_ret")); - -&set_label("ecb_dec_one",16); - &aesni_inline_generate1("dec"); # &call ("_aesni_decrypt3"); - &movups (&QWP(0,$out),$inout0); - &jmp (&label("ecb_ret")); - -&set_label("ecb_dec_two",16); - &call ("_aesni_decrypt3"); - &movups (&QWP(0,$out),$inout0); - &movups (&QWP(0x10,$out),$inout1); - &jmp (&label("ecb_ret")); - -&set_label("ecb_dec_three",16); - &call ("_aesni_decrypt3"); - &movups (&QWP(0,$out),$inout0); - &movups (&QWP(0x10,$out),$inout1); - &movups (&QWP(0x20,$out),$inout2); - -&set_label("ecb_ret"); -&function_end("aesni_ecb_encrypt"); -} - -# void $PREFIX_cbc_encrypt (const void *inp, void *out, -# size_t length, const AES_KEY *key, -# unsigned char *ivp,const int enc); -&function_begin("${PREFIX}_cbc_encrypt"); - &mov ($inp,&wparam(0)); - &mov ($out,&wparam(1)); - &mov ($len,&wparam(2)); - &mov ($key,&wparam(3)); - &test ($len,$len); - &mov ($key_,&wparam(4)); - &jz (&label("cbc_ret")); - - &cmp (&wparam(5),0); - &movups ($ivec,&QWP(0,$key_)); # load IV - &mov ($rounds,&DWP(240,$key)); - &mov ($key_,$key); # backup $key - &mov ($rounds_,$rounds); # backup $rounds - &je (&label("cbc_decrypt")); - - &movaps ($inout0,$ivec); - &cmp ($len,16); - &jb (&label("cbc_enc_tail")); - &sub ($len,16); - &jmp (&label("cbc_enc_loop")); - -&set_label("cbc_enc_loop",16); - &movups ($ivec,&QWP(0,$inp)); - &lea ($inp,&DWP(16,$inp)); - &pxor ($inout0,$ivec); - &aesni_inline_generate1("enc"); # &call ("_aesni_encrypt3"); - &sub ($len,16); - &lea ($out,&DWP(16,$out)); - &mov ($rounds,$rounds_); # restore $rounds - &mov ($key,$key_); # restore $key - &movups (&QWP(-16,$out),$inout0); - &jnc (&label("cbc_enc_loop")); - &add ($len,16); - &jnz (&label("cbc_enc_tail")); - &movaps ($ivec,$inout0); - &jmp (&label("cbc_ret")); - -&set_label("cbc_enc_tail"); - &mov ("ecx",$len); # zaps $rounds - &data_word(0xA4F3F689); # rep movsb - &mov ("ecx",16); # zero tail - &sub ("ecx",$len); - &xor ("eax","eax"); # zaps $len - &data_word(0xAAF3F689); # rep stosb - &lea ($out,&DWP(-16,$out)); # rewind $out by 1 block - &mov ($rounds,$rounds_); # restore $rounds - &mov ($inp,$out); # $inp and $out are the same - &mov ($key,$key_); # restore $key - &jmp (&label("cbc_enc_loop")); - -&set_label("cbc_decrypt",16); - &sub ($len,0x40); - &jbe (&label("cbc_dec_tail")); - &jmp (&label("cbc_dec_loop3")); - -&set_label("cbc_dec_loop3",16); - &movups ($inout0,&QWP(0,$inp)); - &movups ($inout1,&QWP(0x10,$inp)); - &movups ($inout2,&QWP(0x20,$inp)); - &movaps ($in0,$inout0); - &movaps ($in1,$inout1); - &call ("_aesni_decrypt3"); - &sub ($len,0x30); - &lea ($inp,&DWP(0x30,$inp)); - &lea ($out,&DWP(0x30,$out)); - &pxor ($inout0,$ivec); - &pxor ($inout1,$in0); - &movups ($ivec,&QWP(-0x10,$inp)); - &pxor ($inout2,$in1); - &movups (&QWP(-0x30,$out),$inout0); - &mov ($rounds,$rounds_) # restore $rounds - &movups (&QWP(-0x20,$out),$inout1); - &mov ($key,$key_); # restore $key - &movups (&QWP(-0x10,$out),$inout2); - &ja (&label("cbc_dec_loop3")); - -&set_label("cbc_dec_tail"); - &add ($len,0x40); - &jz (&label("cbc_ret")); - - &movups ($inout0,&QWP(0,$inp)); - &cmp ($len,0x10); - &movaps ($in0,$inout0); - &jbe (&label("cbc_dec_one")); - &movups ($inout1,&QWP(0x10,$inp)); - &cmp ($len,0x20); - &movaps ($in1,$inout1); - &jbe (&label("cbc_dec_two")); - &movups ($inout2,&QWP(0x20,$inp)); - &cmp ($len,0x30); - &jbe (&label("cbc_dec_three")); - &movups ($inout3,&QWP(0x30,$inp)); - &call ("_aesni_decrypt4"); - &movups ($rndkey0,&QWP(0x10,$inp)); - &movups ($rndkey1,&QWP(0x20,$inp)); - &pxor ($inout0,$ivec); - &pxor ($inout1,$in0); - &movups ($ivec,&QWP(0x30,$inp)); - &movups (&QWP(0,$out),$inout0); - &pxor ($inout2,$rndkey0); - &pxor ($inout3,$rndkey1); - &movups (&QWP(0x10,$out),$inout1); - &movups (&QWP(0x20,$out),$inout2); - &movaps ($inout0,$inout3); - &lea ($out,&DWP(0x30,$out)); - &jmp (&label("cbc_dec_tail_collected")); - -&set_label("cbc_dec_one"); - &aesni_inline_generate1("dec"); # &call ("_aesni_decrypt3"); - &pxor ($inout0,$ivec); - &movaps ($ivec,$in0); - &jmp (&label("cbc_dec_tail_collected")); - -&set_label("cbc_dec_two"); - &call ("_aesni_decrypt3"); - &pxor ($inout0,$ivec); - &pxor ($inout1,$in0); - &movups (&QWP(0,$out),$inout0); - &movaps ($inout0,$inout1); - &movaps ($ivec,$in1); - &lea ($out,&DWP(0x10,$out)); - &jmp (&label("cbc_dec_tail_collected")); - -&set_label("cbc_dec_three"); - &call ("_aesni_decrypt3"); - &pxor ($inout0,$ivec); - &pxor ($inout1,$in0); - &pxor ($inout2,$in1); - &movups (&QWP(0,$out),$inout0); - &movups (&QWP(0x10,$out),$inout1); - &movaps ($inout0,$inout2); - &movups ($ivec,&QWP(0x20,$inp)); - &lea ($out,&DWP(0x20,$out)); - -&set_label("cbc_dec_tail_collected"); - &and ($len,15); - &jnz (&label("cbc_dec_tail_partial")); - &movups (&QWP(0,$out),$inout0); - &jmp (&label("cbc_ret")); - -&set_label("cbc_dec_tail_partial"); - &mov ($key_,"esp"); - &sub ("esp",16); - &and ("esp",-16); - &movaps (&QWP(0,"esp"),$inout0); - &mov ($inp,"esp"); - &mov ("ecx",$len); - &data_word(0xA4F3F689); # rep movsb - &mov ("esp",$key_); - -&set_label("cbc_ret"); - &mov ($key_,&wparam(4)); - &movups (&QWP(0,$key_),$ivec); # output IV -&function_end("${PREFIX}_cbc_encrypt"); - -# Mechanical port from aesni-x86_64.pl. -# -# _aesni_set_encrypt_key is private interface, -# input: -# "eax" const unsigned char *userKey -# $rounds int bits -# $key AES_KEY *key -# output: -# "eax" return code -# $round rounds - -&function_begin_B("_aesni_set_encrypt_key"); - &test ("eax","eax"); - &jz (&label("bad_pointer")); - &test ($key,$key); - &jz (&label("bad_pointer")); - - &movups ("xmm0",&QWP(0,"eax")); # pull first 128 bits of *userKey - &pxor ("xmm4","xmm4"); # low dword of xmm4 is assumed 0 - &lea ($key,&DWP(16,$key)); - &cmp ($rounds,256); - &je (&label("14rounds")); - &cmp ($rounds,192); - &je (&label("12rounds")); - &cmp ($rounds,128); - &jne (&label("bad_keybits")); - -&set_label("10rounds",16); - &mov ($rounds,9); - &$movekey (&QWP(-16,$key),"xmm0"); # round 0 - &aeskeygenassist("xmm1","xmm0",0x01); # round 1 - &call (&label("key_128_cold")); - &aeskeygenassist("xmm1","xmm0",0x2); # round 2 - &call (&label("key_128")); - &aeskeygenassist("xmm1","xmm0",0x04); # round 3 - &call (&label("key_128")); - &aeskeygenassist("xmm1","xmm0",0x08); # round 4 - &call (&label("key_128")); - &aeskeygenassist("xmm1","xmm0",0x10); # round 5 - &call (&label("key_128")); - &aeskeygenassist("xmm1","xmm0",0x20); # round 6 - &call (&label("key_128")); - &aeskeygenassist("xmm1","xmm0",0x40); # round 7 - &call (&label("key_128")); - &aeskeygenassist("xmm1","xmm0",0x80); # round 8 - &call (&label("key_128")); - &aeskeygenassist("xmm1","xmm0",0x1b); # round 9 - &call (&label("key_128")); - &aeskeygenassist("xmm1","xmm0",0x36); # round 10 - &call (&label("key_128")); - &$movekey (&QWP(0,$key),"xmm0"); - &mov (&DWP(80,$key),$rounds); - &xor ("eax","eax"); - &ret(); - -&set_label("key_128",16); - &$movekey (&QWP(0,$key),"xmm0"); - &lea ($key,&DWP(16,$key)); -&set_label("key_128_cold"); - &shufps ("xmm4","xmm0",0b00010000); - &pxor ("xmm0","xmm4"); - &shufps ("xmm4","xmm0",0b10001100,); - &pxor ("xmm0","xmm4"); - &pshufd ("xmm1","xmm1",0b11111111); # critical path - &pxor ("xmm0","xmm1"); - &ret(); - -&set_label("12rounds",16); - &movq ("xmm2",&QWP(16,"eax")); # remaining 1/3 of *userKey - &mov ($rounds,11); - &$movekey (&QWP(-16,$key),"xmm0") # round 0 - &aeskeygenassist("xmm1","xmm2",0x01); # round 1,2 - &call (&label("key_192a_cold")); - &aeskeygenassist("xmm1","xmm2",0x02); # round 2,3 - &call (&label("key_192b")); - &aeskeygenassist("xmm1","xmm2",0x04); # round 4,5 - &call (&label("key_192a")); - &aeskeygenassist("xmm1","xmm2",0x08); # round 5,6 - &call (&label("key_192b")); - &aeskeygenassist("xmm1","xmm2",0x10); # round 7,8 - &call (&label("key_192a")); - &aeskeygenassist("xmm1","xmm2",0x20); # round 8,9 - &call (&label("key_192b")); - &aeskeygenassist("xmm1","xmm2",0x40); # round 10,11 - &call (&label("key_192a")); - &aeskeygenassist("xmm1","xmm2",0x80); # round 11,12 - &call (&label("key_192b")); - &$movekey (&QWP(0,$key),"xmm0"); - &mov (&DWP(48,$key),$rounds); - &xor ("eax","eax"); - &ret(); - -&set_label("key_192a",16); - &$movekey (&QWP(0,$key),"xmm0"); - &lea ($key,&DWP(16,$key)); -&set_label("key_192a_cold",16); - &movaps ("xmm5","xmm2"); -&set_label("key_192b_warm"); - &shufps ("xmm4","xmm0",0b00010000); - &movaps ("xmm3","xmm2"); - &pxor ("xmm0","xmm4"); - &shufps ("xmm4","xmm0",0b10001100); - &pslldq ("xmm3",4); - &pxor ("xmm0","xmm4"); - &pshufd ("xmm1","xmm1",0b01010101); # critical path - &pxor ("xmm2","xmm3"); - &pxor ("xmm0","xmm1"); - &pshufd ("xmm3","xmm0",0b11111111); - &pxor ("xmm2","xmm3"); - &ret(); - -&set_label("key_192b",16); - &movaps ("xmm3","xmm0"); - &shufps ("xmm5","xmm0",0b01000100); - &$movekey (&QWP(0,$key),"xmm5"); - &shufps ("xmm3","xmm2",0b01001110); - &$movekey (&QWP(16,$key),"xmm3"); - &lea ($key,&DWP(32,$key)); - &jmp (&label("key_192b_warm")); - -&set_label("14rounds",16); - &movups ("xmm2",&QWP(16,"eax")); # remaining half of *userKey - &mov ($rounds,13); - &lea ($key,&DWP(16,$key)); - &$movekey (&QWP(-32,$key),"xmm0"); # round 0 - &$movekey (&QWP(-16,$key),"xmm2"); # round 1 - &aeskeygenassist("xmm1","xmm2",0x01); # round 2 - &call (&label("key_256a_cold")); - &aeskeygenassist("xmm1","xmm0",0x01); # round 3 - &call (&label("key_256b")); - &aeskeygenassist("xmm1","xmm2",0x02); # round 4 - &call (&label("key_256a")); - &aeskeygenassist("xmm1","xmm0",0x02); # round 5 - &call (&label("key_256b")); - &aeskeygenassist("xmm1","xmm2",0x04); # round 6 - &call (&label("key_256a")); - &aeskeygenassist("xmm1","xmm0",0x04); # round 7 - &call (&label("key_256b")); - &aeskeygenassist("xmm1","xmm2",0x08); # round 8 - &call (&label("key_256a")); - &aeskeygenassist("xmm1","xmm0",0x08); # round 9 - &call (&label("key_256b")); - &aeskeygenassist("xmm1","xmm2",0x10); # round 10 - &call (&label("key_256a")); - &aeskeygenassist("xmm1","xmm0",0x10); # round 11 - &call (&label("key_256b")); - &aeskeygenassist("xmm1","xmm2",0x20); # round 12 - &call (&label("key_256a")); - &aeskeygenassist("xmm1","xmm0",0x20); # round 13 - &call (&label("key_256b")); - &aeskeygenassist("xmm1","xmm2",0x40); # round 14 - &call (&label("key_256a")); - &$movekey (&QWP(0,$key),"xmm0"); - &mov (&DWP(16,$key),$rounds); - &xor ("eax","eax"); - &ret(); - -&set_label("key_256a",16); - &$movekey (&QWP(0,$key),"xmm2"); - &lea ($key,&DWP(16,$key)); -&set_label("key_256a_cold"); - &shufps ("xmm4","xmm0",0b00010000); - &pxor ("xmm0","xmm4"); - &shufps ("xmm4","xmm0",0b10001100); - &pxor ("xmm0","xmm4"); - &pshufd ("xmm1","xmm1",0b11111111); # critical path - &pxor ("xmm0","xmm1"); - &ret(); - -&set_label("key_256b",16); - &$movekey (&QWP(0,$key),"xmm0"); - &lea ($key,&DWP(16,$key)); - - &shufps ("xmm4","xmm2",0b00010000); - &pxor ("xmm2","xmm4"); - &shufps ("xmm4","xmm2",0b10001100); - &pxor ("xmm2","xmm4"); - &pshufd ("xmm1","xmm1",0b10101010); # critical path - &pxor ("xmm2","xmm1"); - &ret(); - -&set_label("bad_pointer",4); - &mov ("eax",-1); - &ret (); -&set_label("bad_keybits",4); - &mov ("eax",-2); - &ret (); -&function_end_B("_aesni_set_encrypt_key"); - -# int $PREFIX_set_encrypt_key (const unsigned char *userKey, int bits, -# AES_KEY *key) -&function_begin_B("${PREFIX}_set_encrypt_key"); - &mov ("eax",&wparam(0)); - &mov ($rounds,&wparam(1)); - &mov ($key,&wparam(2)); - &call ("_aesni_set_encrypt_key"); - &ret (); -&function_end_B("${PREFIX}_set_encrypt_key"); - -# int $PREFIX_set_decrypt_key (const unsigned char *userKey, int bits, -# AES_KEY *key) -&function_begin_B("${PREFIX}_set_decrypt_key"); - &mov ("eax",&wparam(0)); - &mov ($rounds,&wparam(1)); - &mov ($key,&wparam(2)); - &call ("_aesni_set_encrypt_key"); - &mov ($key,&wparam(2)); - &shl ($rounds,4) # rounds-1 after _aesni_set_encrypt_key - &test ("eax","eax"); - &jnz (&label("dec_key_ret")); - &lea ("eax",&DWP(16,$key,$rounds)); # end of key schedule - - &$movekey ("xmm0",&QWP(0,$key)); # just swap - &$movekey ("xmm1",&QWP(0,"eax")); - &$movekey (&QWP(0,"eax"),"xmm0"); - &$movekey (&QWP(0,$key),"xmm1"); - &lea ($key,&DWP(16,$key)); - &lea ("eax",&DWP(-16,"eax")); - -&set_label("dec_key_inverse"); - &$movekey ("xmm0",&QWP(0,$key)); # swap and inverse - &$movekey ("xmm1",&QWP(0,"eax")); - &aesimc ("xmm0","xmm0"); - &aesimc ("xmm1","xmm1"); - &lea ($key,&DWP(16,$key)); - &lea ("eax",&DWP(-16,"eax")); - &cmp ("eax",$key); - &$movekey (&QWP(16,"eax"),"xmm0"); - &$movekey (&QWP(-16,$key),"xmm1"); - &ja (&label("dec_key_inverse")); - - &$movekey ("xmm0",&QWP(0,$key)); # inverse middle - &aesimc ("xmm0","xmm0"); - &$movekey (&QWP(0,$key),"xmm0"); - - &xor ("eax","eax"); # return success -&set_label("dec_key_ret"); - &ret (); -&function_end_B("${PREFIX}_set_decrypt_key"); -&asciz("AES for Intel AES-NI, CRYPTOGAMS by "); - -&asm_finish(); diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/engines/aesni/aesni-x86_64.pl --- a/components/openssl/openssl-1.0.0/engines/aesni/aesni-x86_64.pl Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,991 +0,0 @@ -#!/usr/bin/env perl -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# This module implements support for Intel AES-NI extension. In -# OpenSSL context it's used with Intel engine, but can also be used as -# drop-in replacement for crypto/aes/asm/aes-x86_64.pl [see below for -# details]. - -$PREFIX="aesni"; # if $PREFIX is set to "AES", the script - # generates drop-in replacement for - # crypto/aes/asm/aes-x86_64.pl:-) - -$flavour = shift; -$output = shift; -if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } - -$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open STDOUT,"| $^X $xlate $flavour $output"; - -$movkey = $PREFIX eq "aesni" ? "movaps" : "movups"; -@_4args=$win64? ("%rcx","%rdx","%r8", "%r9") : # Win64 order - ("%rdi","%rsi","%rdx","%rcx"); # Unix order - -$code=".text\n"; - -$rounds="%eax"; # input to and changed by aesni_[en|de]cryptN !!! -# this is natural Unix argument order for public $PREFIX_[ecb|cbc]_encrypt ... -$inp="%rdi"; -$out="%rsi"; -$len="%rdx"; -$key="%rcx"; # input to and changed by aesni_[en|de]cryptN !!! -$ivp="%r8"; # cbc - -$rnds_="%r10d"; # backup copy for $rounds -$key_="%r11"; # backup copy for $key - -# %xmm register layout -$inout0="%xmm0"; $inout1="%xmm1"; -$inout2="%xmm2"; $inout3="%xmm3"; -$rndkey0="%xmm4"; $rndkey1="%xmm5"; - -$iv="%xmm6"; $in0="%xmm7"; # used in CBC decrypt -$in1="%xmm8"; $in2="%xmm9"; - -# Inline version of internal aesni_[en|de]crypt1. -# -# Why folded loop? Because aes[enc|dec] is slow enough to accommodate -# cycles which take care of loop variables... -{ my $sn; -sub aesni_generate1 { -my ($p,$key,$rounds)=@_; -++$sn; -$code.=<<___; - $movkey ($key),$rndkey0 - $movkey 16($key),$rndkey1 - lea 32($key),$key - pxor $rndkey0,$inout0 -.Loop_${p}1_$sn: - aes${p} $rndkey1,$inout0 - dec $rounds - $movkey ($key),$rndkey1 - lea 16($key),$key - jnz .Loop_${p}1_$sn # loop body is 16 bytes - aes${p}last $rndkey1,$inout0 -___ -}} -# void $PREFIX_[en|de]crypt (const void *inp,void *out,const AES_KEY *key); -# -{ my ($inp,$out,$key) = @_4args; - -$code.=<<___; -.globl ${PREFIX}_encrypt -.type ${PREFIX}_encrypt,\@abi-omnipotent -.align 16 -${PREFIX}_encrypt: - movups ($inp),$inout0 # load input - mov 240($key),$rounds # pull $rounds -___ - &aesni_generate1("enc",$key,$rounds); -$code.=<<___; - movups $inout0,($out) # output - ret -.size ${PREFIX}_encrypt,.-${PREFIX}_encrypt - -.globl ${PREFIX}_decrypt -.type ${PREFIX}_decrypt,\@abi-omnipotent -.align 16 -${PREFIX}_decrypt: - movups ($inp),$inout0 # load input - mov 240($key),$rounds # pull $rounds -___ - &aesni_generate1("dec",$key,$rounds); -$code.=<<___; - movups $inout0,($out) # output - ret -.size ${PREFIX}_decrypt, .-${PREFIX}_decrypt -___ -} - -# _aesni_[en|de]crypt[34] are private interfaces, N denotes interleave -# factor. Why 3x subroutine is used in loops? Even though aes[enc|dec] -# latency is 6, it turned out that it can be scheduled only every -# *second* cycle. Thus 3x interleave is the one providing optimal -# utilization, i.e. when subroutine's throughput is virtually same as -# of non-interleaved subroutine [for number of input blocks up to 3]. -# This is why it makes no sense to implement 2x subroutine. As soon -# as/if Intel improves throughput by making it possible to schedule -# the instructions in question *every* cycles I would have to -# implement 6x interleave and use it in loop... -sub aesni_generate3 { -my $dir=shift; -# As already mentioned it takes in $key and $rounds, which are *not* -# preserved. $inout[0-2] is cipher/clear text... -$code.=<<___; -.type _aesni_${dir}rypt3,\@abi-omnipotent -.align 16 -_aesni_${dir}rypt3: - $movkey ($key),$rndkey0 - shr \$1,$rounds - $movkey 16($key),$rndkey1 - lea 32($key),$key - pxor $rndkey0,$inout0 - pxor $rndkey0,$inout1 - pxor $rndkey0,$inout2 - -.L${dir}_loop3: - aes${dir} $rndkey1,$inout0 - $movkey ($key),$rndkey0 - aes${dir} $rndkey1,$inout1 - dec $rounds - aes${dir} $rndkey1,$inout2 - aes${dir} $rndkey0,$inout0 - $movkey 16($key),$rndkey1 - aes${dir} $rndkey0,$inout1 - lea 32($key),$key - aes${dir} $rndkey0,$inout2 - jnz .L${dir}_loop3 - - aes${dir} $rndkey1,$inout0 - $movkey ($key),$rndkey0 - aes${dir} $rndkey1,$inout1 - aes${dir} $rndkey1,$inout2 - aes${dir}last $rndkey0,$inout0 - aes${dir}last $rndkey0,$inout1 - aes${dir}last $rndkey0,$inout2 - ret -.size _aesni_${dir}rypt3,.-_aesni_${dir}rypt3 -___ -} -# 4x interleave is implemented to improve small block performance, -# most notably [and naturally] 4 block by ~30%. One can argue that one -# should have implemented 5x as well, but improvement would be <20%, -# so it's not worth it... -sub aesni_generate4 { -my $dir=shift; -# As already mentioned it takes in $key and $rounds, which are *not* -# preserved. $inout[0-3] is cipher/clear text... -$code.=<<___; -.type _aesni_${dir}rypt4,\@abi-omnipotent -.align 16 -_aesni_${dir}rypt4: - $movkey ($key),$rndkey0 - shr \$1,$rounds - $movkey 16($key),$rndkey1 - lea 32($key),$key - pxor $rndkey0,$inout0 - pxor $rndkey0,$inout1 - pxor $rndkey0,$inout2 - pxor $rndkey0,$inout3 - -.L${dir}_loop4: - aes${dir} $rndkey1,$inout0 - $movkey ($key),$rndkey0 - aes${dir} $rndkey1,$inout1 - dec $rounds - aes${dir} $rndkey1,$inout2 - aes${dir} $rndkey1,$inout3 - aes${dir} $rndkey0,$inout0 - $movkey 16($key),$rndkey1 - aes${dir} $rndkey0,$inout1 - lea 32($key),$key - aes${dir} $rndkey0,$inout2 - aes${dir} $rndkey0,$inout3 - jnz .L${dir}_loop4 - - aes${dir} $rndkey1,$inout0 - $movkey ($key),$rndkey0 - aes${dir} $rndkey1,$inout1 - aes${dir} $rndkey1,$inout2 - aes${dir} $rndkey1,$inout3 - aes${dir}last $rndkey0,$inout0 - aes${dir}last $rndkey0,$inout1 - aes${dir}last $rndkey0,$inout2 - aes${dir}last $rndkey0,$inout3 - ret -.size _aesni_${dir}rypt4,.-_aesni_${dir}rypt4 -___ -} -&aesni_generate3("enc") if ($PREFIX eq "aesni"); -&aesni_generate3("dec"); -&aesni_generate4("enc") if ($PREFIX eq "aesni"); -&aesni_generate4("dec"); - -if ($PREFIX eq "aesni") { -# void aesni_ecb_encrypt (const void *in, void *out, -# size_t length, const AES_KEY *key, -# int enc); -$code.=<<___; -.globl aesni_ecb_encrypt -.type aesni_ecb_encrypt,\@function,5 -.align 16 -aesni_ecb_encrypt: - cmp \$16,$len # check length - jb .Lecb_ret - - mov 240($key),$rounds # pull $rounds - and \$-16,$len - mov $key,$key_ # backup $key - test %r8d,%r8d # 5th argument - mov $rounds,$rnds_ # backup $rounds - jz .Lecb_decrypt -#--------------------------- ECB ENCRYPT ------------------------------# - sub \$0x40,$len - jbe .Lecb_enc_tail - jmp .Lecb_enc_loop3 -.align 16 -.Lecb_enc_loop3: - movups ($inp),$inout0 - movups 0x10($inp),$inout1 - movups 0x20($inp),$inout2 - call _aesni_encrypt3 - sub \$0x30,$len - lea 0x30($inp),$inp - lea 0x30($out),$out - movups $inout0,-0x30($out) - mov $rnds_,$rounds # restore $rounds - movups $inout1,-0x20($out) - mov $key_,$key # restore $key - movups $inout2,-0x10($out) - ja .Lecb_enc_loop3 - -.Lecb_enc_tail: - add \$0x40,$len - jz .Lecb_ret - - cmp \$0x10,$len - movups ($inp),$inout0 - je .Lecb_enc_one - cmp \$0x20,$len - movups 0x10($inp),$inout1 - je .Lecb_enc_two - cmp \$0x30,$len - movups 0x20($inp),$inout2 - je .Lecb_enc_three - movups 0x30($inp),$inout3 - call _aesni_encrypt4 - movups $inout0,($out) - movups $inout1,0x10($out) - movups $inout2,0x20($out) - movups $inout3,0x30($out) - jmp .Lecb_ret -.align 16 -.Lecb_enc_one: -___ - &aesni_generate1("enc",$key,$rounds); -$code.=<<___; - movups $inout0,($out) - jmp .Lecb_ret -.align 16 -.Lecb_enc_two: - call _aesni_encrypt3 - movups $inout0,($out) - movups $inout1,0x10($out) - jmp .Lecb_ret -.align 16 -.Lecb_enc_three: - call _aesni_encrypt3 - movups $inout0,($out) - movups $inout1,0x10($out) - movups $inout2,0x20($out) - jmp .Lecb_ret - #--------------------------- ECB DECRYPT ------------------------------# -.align 16 -.Lecb_decrypt: - sub \$0x40,$len - jbe .Lecb_dec_tail - jmp .Lecb_dec_loop3 -.align 16 -.Lecb_dec_loop3: - movups ($inp),$inout0 - movups 0x10($inp),$inout1 - movups 0x20($inp),$inout2 - call _aesni_decrypt3 - sub \$0x30,$len - lea 0x30($inp),$inp - lea 0x30($out),$out - movups $inout0,-0x30($out) - mov $rnds_,$rounds # restore $rounds - movups $inout1,-0x20($out) - mov $key_,$key # restore $key - movups $inout2,-0x10($out) - ja .Lecb_dec_loop3 - -.Lecb_dec_tail: - add \$0x40,$len - jz .Lecb_ret - - cmp \$0x10,$len - movups ($inp),$inout0 - je .Lecb_dec_one - cmp \$0x20,$len - movups 0x10($inp),$inout1 - je .Lecb_dec_two - cmp \$0x30,$len - movups 0x20($inp),$inout2 - je .Lecb_dec_three - movups 0x30($inp),$inout3 - call _aesni_decrypt4 - movups $inout0,($out) - movups $inout1,0x10($out) - movups $inout2,0x20($out) - movups $inout3,0x30($out) - jmp .Lecb_ret -.align 16 -.Lecb_dec_one: -___ - &aesni_generate1("dec",$key,$rounds); -$code.=<<___; - movups $inout0,($out) - jmp .Lecb_ret -.align 16 -.Lecb_dec_two: - call _aesni_decrypt3 - movups $inout0,($out) - movups $inout1,0x10($out) - jmp .Lecb_ret -.align 16 -.Lecb_dec_three: - call _aesni_decrypt3 - movups $inout0,($out) - movups $inout1,0x10($out) - movups $inout2,0x20($out) - -.Lecb_ret: - ret -.size aesni_ecb_encrypt,.-aesni_ecb_encrypt -___ -} - -# void $PREFIX_cbc_encrypt (const void *inp, void *out, -# size_t length, const AES_KEY *key, -# unsigned char *ivp,const int enc); -$reserved = $win64?0x40:-0x18; # used in decrypt -$code.=<<___; -.globl ${PREFIX}_cbc_encrypt -.type ${PREFIX}_cbc_encrypt,\@function,6 -.align 16 -${PREFIX}_cbc_encrypt: - test $len,$len # check length - jz .Lcbc_ret - - mov 240($key),$rnds_ # pull $rounds - mov $key,$key_ # backup $key - test %r9d,%r9d # 6th argument - jz .Lcbc_decrypt -#--------------------------- CBC ENCRYPT ------------------------------# - movups ($ivp),$inout0 # load iv as initial state - cmp \$16,$len - mov $rnds_,$rounds - jb .Lcbc_enc_tail - sub \$16,$len - jmp .Lcbc_enc_loop -.align 16 -.Lcbc_enc_loop: - movups ($inp),$inout1 # load input - lea 16($inp),$inp - pxor $inout1,$inout0 -___ - &aesni_generate1("enc",$key,$rounds); -$code.=<<___; - sub \$16,$len - lea 16($out),$out - mov $rnds_,$rounds # restore $rounds - mov $key_,$key # restore $key - movups $inout0,-16($out) # store output - jnc .Lcbc_enc_loop - add \$16,$len - jnz .Lcbc_enc_tail - movups $inout0,($ivp) - jmp .Lcbc_ret - -.Lcbc_enc_tail: - mov $len,%rcx # zaps $key - xchg $inp,$out # $inp is %rsi and $out is %rdi now - .long 0x9066A4F3 # rep movsb - mov \$16,%ecx # zero tail - sub $len,%rcx - xor %eax,%eax - .long 0x9066AAF3 # rep stosb - lea -16(%rdi),%rdi # rewind $out by 1 block - mov $rnds_,$rounds # restore $rounds - mov %rdi,%rsi # $inp and $out are the same - mov $key_,$key # restore $key - xor $len,$len # len=16 - jmp .Lcbc_enc_loop # one more spin - #--------------------------- CBC DECRYPT ------------------------------# -.align 16 -.Lcbc_decrypt: -___ -$code.=<<___ if ($win64); - lea -0x58(%rsp),%rsp - movaps %xmm6,(%rsp) - movaps %xmm7,0x10(%rsp) - movaps %xmm8,0x20(%rsp) - movaps %xmm9,0x30(%rsp) -.Lcbc_decrypt_body: -___ -$code.=<<___; - movups ($ivp),$iv - sub \$0x40,$len - mov $rnds_,$rounds - jbe .Lcbc_dec_tail - jmp .Lcbc_dec_loop3 -.align 16 -.Lcbc_dec_loop3: - movups ($inp),$inout0 - movups 0x10($inp),$inout1 - movups 0x20($inp),$inout2 - movaps $inout0,$in0 - movaps $inout1,$in1 - movaps $inout2,$in2 - call _aesni_decrypt3 - sub \$0x30,$len - lea 0x30($inp),$inp - lea 0x30($out),$out - pxor $iv,$inout0 - pxor $in0,$inout1 - movaps $in2,$iv - pxor $in1,$inout2 - movups $inout0,-0x30($out) - mov $rnds_,$rounds # restore $rounds - movups $inout1,-0x20($out) - mov $key_,$key # restore $key - movups $inout2,-0x10($out) - ja .Lcbc_dec_loop3 - -.Lcbc_dec_tail: - add \$0x40,$len - movups $iv,($ivp) - jz .Lcbc_dec_ret - - movups ($inp),$inout0 - cmp \$0x10,$len - movaps $inout0,$in0 - jbe .Lcbc_dec_one - movups 0x10($inp),$inout1 - cmp \$0x20,$len - movaps $inout1,$in1 - jbe .Lcbc_dec_two - movups 0x20($inp),$inout2 - cmp \$0x30,$len - movaps $inout2,$in2 - jbe .Lcbc_dec_three - movups 0x30($inp),$inout3 - call _aesni_decrypt4 - pxor $iv,$inout0 - movups 0x30($inp),$iv - pxor $in0,$inout1 - movups $inout0,($out) - pxor $in1,$inout2 - movups $inout1,0x10($out) - pxor $in2,$inout3 - movups $inout2,0x20($out) - movaps $inout3,$inout0 - lea 0x30($out),$out - jmp .Lcbc_dec_tail_collected -.align 16 -.Lcbc_dec_one: -___ - &aesni_generate1("dec",$key,$rounds); -$code.=<<___; - pxor $iv,$inout0 - movaps $in0,$iv - jmp .Lcbc_dec_tail_collected -.align 16 -.Lcbc_dec_two: - call _aesni_decrypt3 - pxor $iv,$inout0 - pxor $in0,$inout1 - movups $inout0,($out) - movaps $in1,$iv - movaps $inout1,$inout0 - lea 0x10($out),$out - jmp .Lcbc_dec_tail_collected -.align 16 -.Lcbc_dec_three: - call _aesni_decrypt3 - pxor $iv,$inout0 - pxor $in0,$inout1 - movups $inout0,($out) - pxor $in1,$inout2 - movups $inout1,0x10($out) - movaps $in2,$iv - movaps $inout2,$inout0 - lea 0x20($out),$out - jmp .Lcbc_dec_tail_collected -.align 16 -.Lcbc_dec_tail_collected: - and \$15,$len - movups $iv,($ivp) - jnz .Lcbc_dec_tail_partial - movups $inout0,($out) - jmp .Lcbc_dec_ret -.Lcbc_dec_tail_partial: - movaps $inout0,$reserved(%rsp) - mov $out,%rdi - mov $len,%rcx - lea $reserved(%rsp),%rsi - .long 0x9066A4F3 # rep movsb - -.Lcbc_dec_ret: -___ -$code.=<<___ if ($win64); - movaps (%rsp),%xmm6 - movaps 0x10(%rsp),%xmm7 - movaps 0x20(%rsp),%xmm8 - movaps 0x30(%rsp),%xmm9 - lea 0x58(%rsp),%rsp -___ -$code.=<<___; -.Lcbc_ret: - ret -.size ${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt -___ - -# int $PREFIX_set_[en|de]crypt_key (const unsigned char *userKey, -# int bits, AES_KEY *key) -{ my ($inp,$bits,$key) = @_4args; - $bits =~ s/%r/%e/; - -$code.=<<___; -.globl ${PREFIX}_set_decrypt_key -.type ${PREFIX}_set_decrypt_key,\@abi-omnipotent -.align 16 -${PREFIX}_set_decrypt_key: - .byte 0x48,0x83,0xEC,0x08 # sub rsp,8 - call _aesni_set_encrypt_key - shl \$4,$bits # rounds-1 after _aesni_set_encrypt_key - test %eax,%eax - jnz .Ldec_key_ret - lea 16($key,$bits),$inp # points at the end of key schedule - - $movkey ($key),%xmm0 # just swap - $movkey ($inp),%xmm1 - $movkey %xmm0,($inp) - $movkey %xmm1,($key) - lea 16($key),$key - lea -16($inp),$inp - -.Ldec_key_inverse: - $movkey ($key),%xmm0 # swap and inverse - $movkey ($inp),%xmm1 - aesimc %xmm0,%xmm0 - aesimc %xmm1,%xmm1 - lea 16($key),$key - lea -16($inp),$inp - cmp $key,$inp - $movkey %xmm0,16($inp) - $movkey %xmm1,-16($key) - ja .Ldec_key_inverse - - $movkey ($key),%xmm0 # inverse middle - aesimc %xmm0,%xmm0 - $movkey %xmm0,($inp) -.Ldec_key_ret: - add \$8,%rsp - ret -.LSEH_end_set_decrypt_key: -.size ${PREFIX}_set_decrypt_key,.-${PREFIX}_set_decrypt_key -___ - -# This is based on submission by -# -# Huang Ying -# Vinodh Gopal -# Kahraman Akdemir -# -# Agressively optimized in respect to aeskeygenassist's critical path -# and is contained in %xmm0-5 to meet Win64 ABI requirement. -# -$code.=<<___; -.globl ${PREFIX}_set_encrypt_key -.type ${PREFIX}_set_encrypt_key,\@abi-omnipotent -.align 16 -${PREFIX}_set_encrypt_key: -_aesni_set_encrypt_key: - .byte 0x48,0x83,0xEC,0x08 # sub rsp,8 - test $inp,$inp - mov \$-1,%rax - jz .Lenc_key_ret - test $key,$key - jz .Lenc_key_ret - - movups ($inp),%xmm0 # pull first 128 bits of *userKey - pxor %xmm4,%xmm4 # low dword of xmm4 is assumed 0 - lea 16($key),%rax - cmp \$256,$bits - je .L14rounds - cmp \$192,$bits - je .L12rounds - cmp \$128,$bits - jne .Lbad_keybits - -.L10rounds: - mov \$9,$bits # 10 rounds for 128-bit key - $movkey %xmm0,($key) # round 0 - aeskeygenassist \$0x1,%xmm0,%xmm1 # round 1 - call .Lkey_expansion_128_cold - aeskeygenassist \$0x2,%xmm0,%xmm1 # round 2 - call .Lkey_expansion_128 - aeskeygenassist \$0x4,%xmm0,%xmm1 # round 3 - call .Lkey_expansion_128 - aeskeygenassist \$0x8,%xmm0,%xmm1 # round 4 - call .Lkey_expansion_128 - aeskeygenassist \$0x10,%xmm0,%xmm1 # round 5 - call .Lkey_expansion_128 - aeskeygenassist \$0x20,%xmm0,%xmm1 # round 6 - call .Lkey_expansion_128 - aeskeygenassist \$0x40,%xmm0,%xmm1 # round 7 - call .Lkey_expansion_128 - aeskeygenassist \$0x80,%xmm0,%xmm1 # round 8 - call .Lkey_expansion_128 - aeskeygenassist \$0x1b,%xmm0,%xmm1 # round 9 - call .Lkey_expansion_128 - aeskeygenassist \$0x36,%xmm0,%xmm1 # round 10 - call .Lkey_expansion_128 - $movkey %xmm0,(%rax) - mov $bits,80(%rax) # 240(%rdx) - xor %eax,%eax - jmp .Lenc_key_ret - -.align 16 -.L12rounds: - movq 16($inp),%xmm2 # remaining 1/3 of *userKey - mov \$11,$bits # 12 rounds for 192 - $movkey %xmm0,($key) # round 0 - aeskeygenassist \$0x1,%xmm2,%xmm1 # round 1,2 - call .Lkey_expansion_192a_cold - aeskeygenassist \$0x2,%xmm2,%xmm1 # round 2,3 - call .Lkey_expansion_192b - aeskeygenassist \$0x4,%xmm2,%xmm1 # round 4,5 - call .Lkey_expansion_192a - aeskeygenassist \$0x8,%xmm2,%xmm1 # round 5,6 - call .Lkey_expansion_192b - aeskeygenassist \$0x10,%xmm2,%xmm1 # round 7,8 - call .Lkey_expansion_192a - aeskeygenassist \$0x20,%xmm2,%xmm1 # round 8,9 - call .Lkey_expansion_192b - aeskeygenassist \$0x40,%xmm2,%xmm1 # round 10,11 - call .Lkey_expansion_192a - aeskeygenassist \$0x80,%xmm2,%xmm1 # round 11,12 - call .Lkey_expansion_192b - $movkey %xmm0,(%rax) - mov $bits,48(%rax) # 240(%rdx) - xor %rax, %rax - jmp .Lenc_key_ret - -.align 16 -.L14rounds: - movups 16($inp),%xmm2 # remaning half of *userKey - mov \$13,$bits # 14 rounds for 256 - lea 16(%rax),%rax - $movkey %xmm0,($key) # round 0 - $movkey %xmm2,16($key) # round 1 - aeskeygenassist \$0x1,%xmm2,%xmm1 # round 2 - call .Lkey_expansion_256a_cold - aeskeygenassist \$0x1,%xmm0,%xmm1 # round 3 - call .Lkey_expansion_256b - aeskeygenassist \$0x2,%xmm2,%xmm1 # round 4 - call .Lkey_expansion_256a - aeskeygenassist \$0x2,%xmm0,%xmm1 # round 5 - call .Lkey_expansion_256b - aeskeygenassist \$0x4,%xmm2,%xmm1 # round 6 - call .Lkey_expansion_256a - aeskeygenassist \$0x4,%xmm0,%xmm1 # round 7 - call .Lkey_expansion_256b - aeskeygenassist \$0x8,%xmm2,%xmm1 # round 8 - call .Lkey_expansion_256a - aeskeygenassist \$0x8,%xmm0,%xmm1 # round 9 - call .Lkey_expansion_256b - aeskeygenassist \$0x10,%xmm2,%xmm1 # round 10 - call .Lkey_expansion_256a - aeskeygenassist \$0x10,%xmm0,%xmm1 # round 11 - call .Lkey_expansion_256b - aeskeygenassist \$0x20,%xmm2,%xmm1 # round 12 - call .Lkey_expansion_256a - aeskeygenassist \$0x20,%xmm0,%xmm1 # round 13 - call .Lkey_expansion_256b - aeskeygenassist \$0x40,%xmm2,%xmm1 # round 14 - call .Lkey_expansion_256a - $movkey %xmm0,(%rax) - mov $bits,16(%rax) # 240(%rdx) - xor %rax,%rax - jmp .Lenc_key_ret - -.align 16 -.Lbad_keybits: - mov \$-2,%rax -.Lenc_key_ret: - add \$8,%rsp - ret -.LSEH_end_set_encrypt_key: - -.align 16 -.Lkey_expansion_128: - $movkey %xmm0,(%rax) - lea 16(%rax),%rax -.Lkey_expansion_128_cold: - shufps \$0b00010000,%xmm0,%xmm4 - pxor %xmm4, %xmm0 - shufps \$0b10001100,%xmm0,%xmm4 - pxor %xmm4, %xmm0 - pshufd \$0b11111111,%xmm1,%xmm1 # critical path - pxor %xmm1,%xmm0 - ret - -.align 16 -.Lkey_expansion_192a: - $movkey %xmm0,(%rax) - lea 16(%rax),%rax -.Lkey_expansion_192a_cold: - movaps %xmm2, %xmm5 -.Lkey_expansion_192b_warm: - shufps \$0b00010000,%xmm0,%xmm4 - movaps %xmm2,%xmm3 - pxor %xmm4,%xmm0 - shufps \$0b10001100,%xmm0,%xmm4 - pslldq \$4,%xmm3 - pxor %xmm4,%xmm0 - pshufd \$0b01010101,%xmm1,%xmm1 # critical path - pxor %xmm3,%xmm2 - pxor %xmm1,%xmm0 - pshufd \$0b11111111,%xmm0,%xmm3 - pxor %xmm3,%xmm2 - ret - -.align 16 -.Lkey_expansion_192b: - movaps %xmm0,%xmm3 - shufps \$0b01000100,%xmm0,%xmm5 - $movkey %xmm5,(%rax) - shufps \$0b01001110,%xmm2,%xmm3 - $movkey %xmm3,16(%rax) - lea 32(%rax),%rax - jmp .Lkey_expansion_192b_warm - -.align 16 -.Lkey_expansion_256a: - $movkey %xmm2,(%rax) - lea 16(%rax),%rax -.Lkey_expansion_256a_cold: - shufps \$0b00010000,%xmm0,%xmm4 - pxor %xmm4,%xmm0 - shufps \$0b10001100,%xmm0,%xmm4 - pxor %xmm4,%xmm0 - pshufd \$0b11111111,%xmm1,%xmm1 # critical path - pxor %xmm1,%xmm0 - ret - -.align 16 -.Lkey_expansion_256b: - $movkey %xmm0,(%rax) - lea 16(%rax),%rax - - shufps \$0b00010000,%xmm2,%xmm4 - pxor %xmm4,%xmm2 - shufps \$0b10001100,%xmm2,%xmm4 - pxor %xmm4,%xmm2 - pshufd \$0b10101010,%xmm1,%xmm1 # critical path - pxor %xmm1,%xmm2 - ret -.size ${PREFIX}_set_encrypt_key,.-${PREFIX}_set_encrypt_key -___ -} - -$code.=<<___; -.asciz "AES for Intel AES-NI, CRYPTOGAMS by " -.align 64 -___ - -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -if ($win64) { -$rec="%rcx"; -$frame="%rdx"; -$context="%r8"; -$disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind -.type cbc_se_handler,\@abi-omnipotent -.align 16 -cbc_se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 152($context),%rax # pull context->Rsp - mov 248($context),%rbx # pull context->Rip - - lea .Lcbc_decrypt(%rip),%r10 - cmp %r10,%rbx # context->Rip<"prologue" label - jb .Lin_prologue - - lea .Lcbc_decrypt_body(%rip),%r10 - cmp %r10,%rbx # context->RipRip>="epilogue" label - jae .Lin_prologue - - lea 0(%rax),%rsi # top of stack - lea 512($context),%rdi # &context.Xmm6 - mov \$8,%ecx # 4*sizeof(%xmm0)/sizeof(%rax) - .long 0xa548f3fc # cld; rep movsq - lea 0x58(%rax),%rax # adjust stack pointer - jmp .Lin_prologue - -.Lrestore_rax: - mov 120($context),%rax -.Lin_prologue: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - jmp .Lcommon_seh_exit -.size cbc_se_handler,.-cbc_se_handler - -.type ecb_se_handler,\@abi-omnipotent -.align 16 -ecb_se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 152($context),%rax # pull context->Rsp - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - -.Lcommon_seh_exit: - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$154,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size cbc_se_handler,.-cbc_se_handler - -.section .pdata -.align 4 - .rva .LSEH_begin_${PREFIX}_ecb_encrypt - .rva .LSEH_end_${PREFIX}_ecb_encrypt - .rva .LSEH_info_ecb - - .rva .LSEH_begin_${PREFIX}_cbc_encrypt - .rva .LSEH_end_${PREFIX}_cbc_encrypt - .rva .LSEH_info_cbc - - .rva ${PREFIX}_set_decrypt_key - .rva .LSEH_end_set_decrypt_key - .rva .LSEH_info_key - - .rva ${PREFIX}_set_encrypt_key - .rva .LSEH_end_set_encrypt_key - .rva .LSEH_info_key -.section .xdata -.align 8 -.LSEH_info_ecb: - .byte 9,0,0,0 - .rva ecb_se_handler -.LSEH_info_cbc: - .byte 9,0,0,0 - .rva cbc_se_handler -.LSEH_info_key: - .byte 0x01,0x04,0x01,0x00 - .byte 0x04,0x02,0x00,0x00 -___ -} - -sub rex { - local *opcode=shift; - my ($dst,$src)=@_; - - if ($dst>=8 || $src>=8) { - $rex=0x40; - $rex|=0x04 if($dst>=8); - $rex|=0x01 if($src>=8); - push @opcode,$rex; - } -} - -sub aesni { - my $line=shift; - my @opcode=(0x66); - - if ($line=~/(aeskeygenassist)\s+\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) { - rex(\@opcode,$4,$3); - push @opcode,0x0f,0x3a,0xdf; - push @opcode,0xc0|($3&7)|(($4&7)<<3); # ModR/M - my $c=$2; - push @opcode,$c=~/^0/?oct($c):$c; - return ".byte\t".join(',',@opcode); - } - elsif ($line=~/(aes[a-z]+)\s+%xmm([0-9]+),\s*%xmm([0-9]+)/) { - my %opcodelet = ( - "aesimc" => 0xdb, - "aesenc" => 0xdc, "aesenclast" => 0xdd, - "aesdec" => 0xde, "aesdeclast" => 0xdf - ); - return undef if (!defined($opcodelet{$1})); - rex(\@opcode,$3,$2); - push @opcode,0x0f,0x38,$opcodelet{$1}; - push @opcode,0xc0|($2&7)|(($3&7)<<3); # ModR/M - return ".byte\t".join(',',@opcode); - } - return $line; -} - -$code =~ s/\`([^\`]*)\`/eval($1)/gem; -$code =~ s/\b(aes.*%xmm[0-9]+).*$/aesni($1)/gem; - -print $code; - -close STDOUT; diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/engines/aesni/eng_aesni.c --- a/components/openssl/openssl-1.0.0/engines/aesni/eng_aesni.c Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,412 +0,0 @@ -/* - * Support for Intel AES-NI intruction set - * Author: Huang Ying - * - * Intel AES-NI is a new set of Single Instruction Multiple Data - * (SIMD) instructions that are going to be introduced in the next - * generation of Intel processor, as of 2009. These instructions - * enable fast and secure data encryption and decryption, using the - * Advanced Encryption Standard (AES), defined by FIPS Publication - * number 197. The architecture introduces six instructions that - * offer full hardware support for AES. Four of them support high - * performance data encryption and decryption, and the other two - * instructions support the AES key expansion procedure. - * - * The white paper can be downloaded from: - * http://softwarecommunity.intel.com/isn/downloads/intelavx/AES-Instructions-Set_WP.pdf - * - * This file is based on engines/e_padlock.c - */ - -/* ==================================================================== - * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - - -#include - -#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AES_NI) && !defined(OPENSSL_NO_AES) - -#include -#include "cryptlib.h" -#include -#include -#include -#include -#include -#include - -/* AES-NI is available *ONLY* on some x86 CPUs. Not only that it - doesn't exist elsewhere, but it even can't be compiled on other - platforms! */ -#undef COMPILE_HW_AESNI -#if (defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) || \ - defined(OPENSSL_IA32_SSE2)) && !defined(OPENSSL_NO_ASM) -#define COMPILE_HW_AESNI -static ENGINE *ENGINE_aesni (void); -#endif - -void ENGINE_load_aesni (void) -{ -/* On non-x86 CPUs it just returns. */ -#ifdef COMPILE_HW_AESNI - ENGINE *toadd = ENGINE_aesni(); - if (!toadd) - return; - ENGINE_add (toadd); - ENGINE_free (toadd); - ERR_clear_error (); -#endif -} - -#ifdef COMPILE_HW_AESNI -int aesni_set_encrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); -int aesni_set_decrypt_key(const unsigned char *userKey, int bits, - AES_KEY *key); - -void aesni_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); -void aesni_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); - -void aesni_ecb_encrypt(const unsigned char *in, - unsigned char *out, - size_t length, - const AES_KEY *key, - int enc); -void aesni_cbc_encrypt(const unsigned char *in, - unsigned char *out, - size_t length, - const AES_KEY *key, - unsigned char *ivec, int enc); - -/* Function for ENGINE detection and control */ -static int aesni_init(ENGINE *e); - -/* Cipher Stuff */ -static int aesni_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid); - -#define AESNI_MIN_ALIGN 16 -#define AESNI_ALIGN(x) \ - ((void *)(((unsigned long)(x)+AESNI_MIN_ALIGN-1)&~(AESNI_MIN_ALIGN-1))) - -/* Engine names */ -static const char aesni_id[] = "aesni", - aesni_name[] = "Intel AES-NI engine", - no_aesni_name[] = "Intel AES-NI engine (no-aesni)"; - -/* ===== Engine "management" functions ===== */ - -#if defined(_WIN32) -typedef unsigned __int64 IA32CAP; -#else -typedef unsigned long long IA32CAP; -#endif - -/* Prepare the ENGINE structure for registration */ -static int -aesni_bind_helper(ENGINE *e) -{ - int engage; - if (sizeof(OPENSSL_ia32cap_P) > 4) { - engage = (int)((OPENSSL_ia32cap_P >> 30) >> 27) & 1; - } else { - IA32CAP OPENSSL_ia32_cpuid(void); - engage = (int)(OPENSSL_ia32_cpuid() >> 57) & 1; - } - - /* Register everything or return with an error */ - if (!ENGINE_set_id(e, aesni_id) || - !ENGINE_set_name(e, engage ? aesni_name : no_aesni_name) || - - !ENGINE_set_init_function(e, aesni_init) || - (engage && !ENGINE_set_ciphers (e, aesni_ciphers)) - ) - return 0; - - /* Everything looks good */ - return 1; -} - -/* Constructor */ -static ENGINE * -ENGINE_aesni(void) -{ - ENGINE *eng = ENGINE_new(); - - if (!eng) { - return NULL; - } - - if (!aesni_bind_helper(eng)) { - ENGINE_free(eng); - return NULL; - } - - return eng; -} - -/* Check availability of the engine */ -static int -aesni_init(ENGINE *e) -{ - return 1; -} - -#if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb) -#define NID_aes_128_cfb NID_aes_128_cfb128 -#endif - -#if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb) -#define NID_aes_128_ofb NID_aes_128_ofb128 -#endif - -#if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb) -#define NID_aes_192_cfb NID_aes_192_cfb128 -#endif - -#if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb) -#define NID_aes_192_ofb NID_aes_192_ofb128 -#endif - -#if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb) -#define NID_aes_256_cfb NID_aes_256_cfb128 -#endif - -#if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb) -#define NID_aes_256_ofb NID_aes_256_ofb128 -#endif - -/* List of supported ciphers. */ -static int aesni_cipher_nids[] = { - NID_aes_128_ecb, - NID_aes_128_cbc, - NID_aes_128_cfb, - NID_aes_128_ofb, - - NID_aes_192_ecb, - NID_aes_192_cbc, - NID_aes_192_cfb, - NID_aes_192_ofb, - - NID_aes_256_ecb, - NID_aes_256_cbc, - NID_aes_256_cfb, - NID_aes_256_ofb, -}; -static int aesni_cipher_nids_num = - (sizeof(aesni_cipher_nids)/sizeof(aesni_cipher_nids[0])); - -typedef struct -{ - AES_KEY ks; - unsigned int _pad1[3]; -} AESNI_KEY; - -static int -aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *user_key, - const unsigned char *iv, int enc) -{ - int ret; - AES_KEY *key = AESNI_ALIGN(ctx->cipher_data); - - if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE - || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE - || enc) - ret=aesni_set_encrypt_key(user_key, ctx->key_len * 8, key); - else - ret=aesni_set_decrypt_key(user_key, ctx->key_len * 8, key); - - if(ret < 0) { - EVPerr(EVP_F_AESNI_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED); - return 0; - } - - return 1; -} - -static int aesni_cipher_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ AES_KEY *key = AESNI_ALIGN(ctx->cipher_data); - aesni_ecb_encrypt(in, out, inl, key, ctx->encrypt); - return 1; -} -static int aesni_cipher_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ AES_KEY *key = AESNI_ALIGN(ctx->cipher_data); - aesni_cbc_encrypt(in, out, inl, key, - ctx->iv, ctx->encrypt); - return 1; -} -static int aesni_cipher_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ AES_KEY *key = AESNI_ALIGN(ctx->cipher_data); - CRYPTO_cfb128_encrypt(in, out, inl, key, ctx->iv, - &ctx->num, ctx->encrypt, - (block128_f)aesni_encrypt); - return 1; -} -static int aesni_cipher_ofb(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ AES_KEY *key = AESNI_ALIGN(ctx->cipher_data); - CRYPTO_ofb128_encrypt(in, out, inl, key, ctx->iv, - &ctx->num, (block128_f)aesni_encrypt); - return 1; -} - -#define AES_BLOCK_SIZE 16 - -#define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE -#define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE -#define EVP_CIPHER_block_size_OFB 1 -#define EVP_CIPHER_block_size_CFB 1 - -/* Declaring so many ciphers by hand would be a pain. - Instead introduce a bit of preprocessor magic :-) */ -#define DECLARE_AES_EVP(ksize,lmode,umode) \ -static const EVP_CIPHER aesni_##ksize##_##lmode = { \ - NID_aes_##ksize##_##lmode, \ - EVP_CIPHER_block_size_##umode, \ - ksize / 8, \ - AES_BLOCK_SIZE, \ - 0 | EVP_CIPH_##umode##_MODE, \ - aesni_init_key, \ - aesni_cipher_##lmode, \ - NULL, \ - sizeof(AESNI_KEY), \ - EVP_CIPHER_set_asn1_iv, \ - EVP_CIPHER_get_asn1_iv, \ - NULL, \ - NULL \ -} - -DECLARE_AES_EVP(128,ecb,ECB); -DECLARE_AES_EVP(128,cbc,CBC); -DECLARE_AES_EVP(128,cfb,CFB); -DECLARE_AES_EVP(128,ofb,OFB); - -DECLARE_AES_EVP(192,ecb,ECB); -DECLARE_AES_EVP(192,cbc,CBC); -DECLARE_AES_EVP(192,cfb,CFB); -DECLARE_AES_EVP(192,ofb,OFB); - -DECLARE_AES_EVP(256,ecb,ECB); -DECLARE_AES_EVP(256,cbc,CBC); -DECLARE_AES_EVP(256,cfb,CFB); -DECLARE_AES_EVP(256,ofb,OFB); - -static int -aesni_ciphers (ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid) -{ - /* No specific cipher => return a list of supported nids ... */ - if (!cipher) { - *nids = aesni_cipher_nids; - return aesni_cipher_nids_num; - } - - /* ... or the requested "cipher" otherwise */ - switch (nid) { - case NID_aes_128_ecb: - *cipher = &aesni_128_ecb; - break; - case NID_aes_128_cbc: - *cipher = &aesni_128_cbc; - break; - case NID_aes_128_cfb: - *cipher = &aesni_128_cfb; - break; - case NID_aes_128_ofb: - *cipher = &aesni_128_ofb; - break; - - case NID_aes_192_ecb: - *cipher = &aesni_192_ecb; - break; - case NID_aes_192_cbc: - *cipher = &aesni_192_cbc; - break; - case NID_aes_192_cfb: - *cipher = &aesni_192_cfb; - break; - case NID_aes_192_ofb: - *cipher = &aesni_192_ofb; - break; - - case NID_aes_256_ecb: - *cipher = &aesni_256_ecb; - break; - case NID_aes_256_cbc: - *cipher = &aesni_256_cbc; - break; - case NID_aes_256_cfb: - *cipher = &aesni_256_cfb; - break; - case NID_aes_256_ofb: - *cipher = &aesni_256_ofb; - break; - - default: - /* Sorry, we don't support this NID */ - *cipher = NULL; - return 0; - } - - return 1; -} - -#endif /* COMPILE_HW_AESNI */ -#endif /* !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AESNI) && !defined(OPENSSL_NO_AES) */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/engines/devcrypto/e_devcrypto.c --- a/components/openssl/openssl-1.0.0/engines/devcrypto/e_devcrypto.c Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1297 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - * - * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define DEVCRYPTO_LIB_NAME "devcrypto engine" -#include "e_devcrypto_err.c" - -/* DEVCRYPTO CONTEXT */ -typedef struct devcrypto_ctx { - uint_t session_id; -} devcrypto_ctx_t; - -/* Index for the supported ciphers */ -typedef enum { - DEV_DES_CBC, - DEV_DES3_CBC, - DEV_DES_ECB, - DEV_DES3_ECB, - DEV_RC4, - DEV_AES_128_CBC, - DEV_AES_192_CBC, - DEV_AES_256_CBC, - DEV_AES_128_ECB, - DEV_AES_192_ECB, - DEV_AES_256_ECB, - DEV_BLOWFISH_CBC, - DEV_AES_128_CTR, - DEV_AES_192_CTR, - DEV_AES_256_CTR, - DEV_CIPHER_MAX -} DEV_CIPHER_ID; - -typedef struct devcrypto_cipher { - DEV_CIPHER_ID id; - int nid; - int iv_len; - int min_key_len; - int max_key_len; - CK_KEY_TYPE key_type; - CK_MECHANISM_TYPE mech_type; - unsigned long flags; - crypto_mech_type_t pn_internal_number; -} devcrypto_cipher_t; - - -/* Constants used when creating the ENGINE */ -static const char *ENGINE_DEVCRYPTO_ID = "devcrypto"; -static const char *ENGINE_DEVCRYPTO_NAME = "/dev/crypto engine support"; -static const char *CRYPTO_DEVICE = "/dev/crypto"; - -/* static variables */ -static int kernel_fd = -1; -static int kernel_fd_ref = 0; -static int slot_count = 0; -static CK_SLOT_ID *kernel_provider_id = NULL; -static int cipher_count = 0; -static int *cipher_nids = NULL; -pthread_mutex_t *kernel_fd_lock; - -/* - * NIDs for AES counter mode. They will be defined during the engine - * initialization. - */ -static int NID_aes_128_ctr = NID_undef; -static int NID_aes_192_ctr = NID_undef; -static int NID_aes_256_ctr = NID_undef; - -/* - * Cipher Table for all supported symmetric ciphers. - */ -static devcrypto_cipher_t cipher_table[] = { - /* id, nid, iv_len, min_, max_key_len, */ - /* key_type, mech_type, flags, pn_internal_number */ - { DEV_DES_CBC, NID_des_cbc, 8, 8, 8, - CKK_DES, CKM_DES_CBC, 0, CRYPTO_MECH_INVALID}, - { DEV_DES3_CBC, NID_des_ede3_cbc, 8, 24, 24, - CKK_DES3, CKM_DES3_CBC, 0, CRYPTO_MECH_INVALID}, - { DEV_DES_ECB, NID_des_ecb, 0, 8, 8, - CKK_DES, CKM_DES_ECB, 0, CRYPTO_MECH_INVALID}, - { DEV_DES3_ECB, NID_des_ede3_ecb, 0, 24, 24, - CKK_DES3, CKM_DES3_ECB, 0, CRYPTO_MECH_INVALID}, - { DEV_RC4, NID_rc4, 0, 16, 256, - CKK_RC4, CKM_RC4, 0, CRYPTO_MECH_INVALID}, - { DEV_AES_128_CBC, NID_aes_128_cbc, 16, 16, 16, - CKK_AES, CKM_AES_CBC, 0, CRYPTO_MECH_INVALID}, - { DEV_AES_192_CBC, NID_aes_192_cbc, 16, 24, 24, - CKK_AES, CKM_AES_CBC, 0, CRYPTO_MECH_INVALID}, - { DEV_AES_256_CBC, NID_aes_256_cbc, 16, 32, 32, - CKK_AES, CKM_AES_CBC, 0, CRYPTO_MECH_INVALID}, - { DEV_AES_128_ECB, NID_aes_128_ecb, 0, 16, 16, - CKK_AES, CKM_AES_ECB, 0, CRYPTO_MECH_INVALID}, - { DEV_AES_192_ECB, NID_aes_192_ecb, 0, 24, 24, - CKK_AES, CKM_AES_ECB, 0, CRYPTO_MECH_INVALID}, - { DEV_AES_256_ECB, NID_aes_256_ecb, 0, 32, 32, - CKK_AES, CKM_AES_ECB, 0, CRYPTO_MECH_INVALID}, - { DEV_BLOWFISH_CBC, NID_bf_cbc, 8, 16, 16, - CKK_BLOWFISH, CKM_BLOWFISH_CBC, 0, CRYPTO_MECH_INVALID}, - /* - * For the following 3 AES counter mode entries, we don't know the - * NIDs until the engine is initialized - */ - { DEV_AES_128_CTR, NID_undef, 16, 16, 16, - CKK_AES, CKM_AES_CTR, EVP_CIPH_NO_PADDING, - CRYPTO_MECH_INVALID}, - { DEV_AES_192_CTR, NID_undef, 16, 24, 24, - CKK_AES, CKM_AES_CTR, EVP_CIPH_NO_PADDING, - CRYPTO_MECH_INVALID}, - { DEV_AES_256_CTR, NID_undef, 16, 32, 32, - CKK_AES, CKM_AES_CTR, EVP_CIPH_NO_PADDING, - CRYPTO_MECH_INVALID}, - }; - - -/* Formal declaration for functions in EVP_CIPHER structure */ -static int devcrypto_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); -static int devcrypto_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); -static int devcrypto_cipher_cleanup(EVP_CIPHER_CTX *ctx); - -/* - * Cipher Algorithms - * - * OpenSSL's libcrypto EVP stuff. This is how this engine gets wired to EVP. - * EVP_CIPHER is defined in evp.h. To maintain binary compatibility the - * definition cannot be modified. - * Stuff specific to the devcrypto engine is kept in devcrypto_ctx_t, which is - * pointed to by cipher_data or md_data. - * - * Fields: nid, block_size, key_len, iv_len, flags, - * init(), do_cipher(), cleanup(), - * ctx_size, - * set_asn1_parameters(), get_asn1_parameters(), ctrl(), app_data - */ -static const EVP_CIPHER dev_des_cbc = { - NID_des_cbc, - 8, 8, 8, - EVP_CIPH_CBC_MODE, - devcrypto_cipher_init, - devcrypto_cipher_do_cipher, - devcrypto_cipher_cleanup, - sizeof (devcrypto_ctx_t), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL -}; - -static const EVP_CIPHER dev_3des_cbc = { - NID_des_ede3_cbc, - 8, 24, 8, - EVP_CIPH_CBC_MODE, - devcrypto_cipher_init, - devcrypto_cipher_do_cipher, - devcrypto_cipher_cleanup, - sizeof (devcrypto_ctx_t), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL -}; - -/* - * ECB modes don't use an Initial Vector, therefore set_asn1_parameters and - * get_asn1_parameters fields are set to NULL. - */ -static const EVP_CIPHER dev_des_ecb = { - NID_des_ecb, - 8, 8, 8, - EVP_CIPH_ECB_MODE, - devcrypto_cipher_init, - devcrypto_cipher_do_cipher, - devcrypto_cipher_cleanup, - sizeof (devcrypto_ctx_t), - NULL, - NULL, - NULL -}; - -static const EVP_CIPHER dev_3des_ecb = { - NID_des_ede3_ecb, - 8, 24, 8, - EVP_CIPH_ECB_MODE, - devcrypto_cipher_init, - devcrypto_cipher_do_cipher, - devcrypto_cipher_cleanup, - sizeof (devcrypto_ctx_t), - NULL, - NULL, - NULL -}; - -static const EVP_CIPHER dev_rc4 = { - NID_rc4, - 1, 16, 0, - EVP_CIPH_VARIABLE_LENGTH, - devcrypto_cipher_init, - devcrypto_cipher_do_cipher, - devcrypto_cipher_cleanup, - sizeof (devcrypto_ctx_t), - NULL, - NULL, - NULL -}; - -static const EVP_CIPHER dev_aes_128_cbc = { - NID_aes_128_cbc, - 16, 16, 16, - EVP_CIPH_CBC_MODE, - devcrypto_cipher_init, - devcrypto_cipher_do_cipher, - devcrypto_cipher_cleanup, - sizeof (devcrypto_ctx_t), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL -}; - -static const EVP_CIPHER dev_aes_192_cbc = { - NID_aes_192_cbc, - 16, 24, 16, - EVP_CIPH_CBC_MODE, - devcrypto_cipher_init, - devcrypto_cipher_do_cipher, - devcrypto_cipher_cleanup, - sizeof (devcrypto_ctx_t), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL -}; - -static const EVP_CIPHER dev_aes_256_cbc = { - NID_aes_256_cbc, - 16, 32, 16, - EVP_CIPH_CBC_MODE, - devcrypto_cipher_init, - devcrypto_cipher_do_cipher, - devcrypto_cipher_cleanup, - sizeof (devcrypto_ctx_t), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL -}; - - -/* - * ECB modes don't use IV, therefore set_asn1_parameters and - * get_asn1_parameters are set to NULL. - */ -static const EVP_CIPHER dev_aes_128_ecb = { - NID_aes_128_ecb, - 16, 16, 0, - EVP_CIPH_ECB_MODE, - devcrypto_cipher_init, - devcrypto_cipher_do_cipher, - devcrypto_cipher_cleanup, - sizeof (devcrypto_ctx_t), - NULL, - NULL, - NULL -}; - -static const EVP_CIPHER dev_aes_192_ecb = { - NID_aes_192_ecb, - 16, 24, 0, - EVP_CIPH_ECB_MODE, - devcrypto_cipher_init, - devcrypto_cipher_do_cipher, - devcrypto_cipher_cleanup, - sizeof (devcrypto_ctx_t), - NULL, - NULL, - NULL -}; - -static const EVP_CIPHER dev_aes_256_ecb = { - NID_aes_256_ecb, - 16, 32, 0, - EVP_CIPH_ECB_MODE, - devcrypto_cipher_init, - devcrypto_cipher_do_cipher, - devcrypto_cipher_cleanup, - sizeof (devcrypto_ctx_t), - NULL, - NULL, - NULL -}; - -static const EVP_CIPHER dev_bf_cbc = { - NID_bf_cbc, - 8, 16, 8, - EVP_CIPH_VARIABLE_LENGTH, - devcrypto_cipher_init, - devcrypto_cipher_do_cipher, - devcrypto_cipher_cleanup, - sizeof (devcrypto_ctx_t), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL -}; - - -/* - * NID_undef's will be changed for AES counter mode, as soon they are created. - */ -static EVP_CIPHER dev_aes_128_ctr = { - NID_undef, - 16, 16, 16, - EVP_CIPH_CBC_MODE, - devcrypto_cipher_init, - devcrypto_cipher_do_cipher, - devcrypto_cipher_cleanup, - sizeof (devcrypto_ctx_t), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL -}; - -static EVP_CIPHER dev_aes_192_ctr = { - NID_undef, - 16, 24, 16, - EVP_CIPH_CBC_MODE, - devcrypto_cipher_init, - devcrypto_cipher_do_cipher, - devcrypto_cipher_cleanup, - sizeof (devcrypto_ctx_t), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL -}; - -static EVP_CIPHER dev_aes_256_ctr = { - NID_undef, - 16, 32, 16, - EVP_CIPH_CBC_MODE, - devcrypto_cipher_init, - devcrypto_cipher_do_cipher, - devcrypto_cipher_cleanup, - sizeof (devcrypto_ctx_t), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL -}; - - - -/* - * This function creates a new NID. - */ -static int -devcrypto_add_NID(char *sn, char *ln) -{ - ASN1_OBJECT *o; - int nid; - - if ((o = ASN1_OBJECT_create(OBJ_new_nid(1), (unsigned char *)"", - 1, sn, ln)) == NULL) { - return (0); - } - - nid = OBJ_add_object(o); /* will return NID_undef on error */ - ASN1_OBJECT_free(o); - return (nid); -} - - -/* - * This function creates new NIDs for AES counter mode algorithms. - * Note that OpenSSL doesn't support them now so we have to help - * ourselves here. - */ -static int -devcrypto_add_aes_ctr_NIDs(void) -{ - if (NID_aes_256_ctr != NID_undef) /* already set */ - return (1); - - NID_aes_128_ctr = devcrypto_add_NID("AES-128-CTR", "aes-128-ctr"); - if (NID_aes_128_ctr == NID_undef) - goto failed; - cipher_table[DEV_AES_128_CTR].nid = - dev_aes_128_ctr.nid = NID_aes_128_ctr; - - NID_aes_192_ctr = devcrypto_add_NID("AES-192-CTR", "aes-192-ctr"); - if (NID_aes_192_ctr == NID_undef) - goto failed; - cipher_table[DEV_AES_192_CTR].nid = - dev_aes_192_ctr.nid = NID_aes_192_ctr; - - NID_aes_256_ctr = devcrypto_add_NID("AES-256-CTR", "aes-256-ctr"); - if (NID_aes_256_ctr == NID_undef) - goto failed; - cipher_table[DEV_AES_256_CTR].nid = - dev_aes_256_ctr.nid = NID_aes_256_ctr; - - return (1); - -failed: - return (0); -} - - -static void -devcrypto_free_aes_ctr_NIDs(void) -{ - ASN1_OBJECT *ob = NULL; - - if (NID_aes_128_ctr != NID_undef) { - ob = OBJ_nid2obj(NID_aes_128_ctr); - if (ob != NULL) - ASN1_OBJECT_free(ob); - } - - if (NID_aes_192_ctr != NID_undef) { - ob = OBJ_nid2obj(NID_aes_192_ctr); - if (ob != NULL) - ASN1_OBJECT_free(ob); - } - - if (NID_aes_256_ctr != NID_undef) { - ob = OBJ_nid2obj(NID_aes_256_ctr); - if (ob != NULL) - ASN1_OBJECT_free(ob); - } -} - -/* - * Open the /dev/crypto device - */ -static int -devcrypto_open(void) -{ - int fd = -1; - - if (kernel_fd != -1) { /* already open */ - (void) pthread_mutex_lock(kernel_fd_lock); - kernel_fd_ref++; - (void) pthread_mutex_unlock(kernel_fd_lock); - return (1); - } - - (void) pthread_mutex_lock(kernel_fd_lock); - fd = open(CRYPTO_DEVICE, O_RDWR); - if (fd == -1) { -#ifdef DEBUG - (void) fprintf(stderr, - "libdevcrypto: open /dev/crypto failed, errno=%x\n", - errno); -#endif - (void) pthread_mutex_unlock(kernel_fd_lock); - return (0); - } - - if (fcntl(fd, F_SETFD, FD_CLOEXEC) != 0) { -#ifdef DEBUG - (void) fprintf(stderr, "libdevcrypto: failed to fcntl\n"); -#endif - (void) close(fd); - (void) pthread_mutex_unlock(kernel_fd_lock); - return (0); - } - - kernel_fd = fd; - kernel_fd_ref++; - (void) pthread_mutex_unlock(kernel_fd_lock); - return (1); -} - - -/* - * This function gets the total number of hardware providers presented in - * the system first. If there is any hardware providers, then it will get - * the kernel provider id for each hardware slot also. - */ -static int -devcrypto_get_slot_info(void) -{ - crypto_get_provider_list_t *pl = NULL; - int ret = 1; - int r; - int i; - - /* Already have the information */ - if (kernel_provider_id != NULL) - return (1); - - /* Find out how many hardware slots are presented. */ - pl = OPENSSL_malloc(sizeof (crypto_get_provider_list_t)); - if (pl == NULL) - return (0); - - pl->pl_count = 0; - while ((r = ioctl(kernel_fd, CRYPTO_GET_PROVIDER_LIST, pl)) < 0) { - if (errno != EINTR) - break; - } - if (r < 0 || pl->pl_return_value != CRYPTO_SUCCESS) { -#ifdef DEBUG - (void) fprintf(stderr, "libdevcrypto:CRYPTO_GET_PROVIDER_LIST:" - "ret (r) = 0x%x, (rv) = 0x%x\n", r, pl->pl_return_value); -#endif /* DEBUG */ - ret = 0; - goto out; - } - - slot_count = pl->pl_count; - if (slot_count == 0) { -#ifdef DEBUG - (void) fprintf(stderr, "libdevcrypto: no hw providers\n"); -#endif /* DEBUG */ - ret = 0; - goto out; - } - - /* Get the provider ID for each slot from kernel and save it */ - kernel_provider_id = OPENSSL_malloc(sizeof (CK_SLOT_ID) * slot_count); - if (kernel_provider_id == NULL) { - ret = 0; - goto out; - } - - (void) OPENSSL_free(pl); - pl = OPENSSL_malloc(slot_count * sizeof (crypto_get_provider_list_t)); - if (pl == NULL) { - ret = 0; - goto out; - } - - pl->pl_count = slot_count; - while ((r = ioctl(kernel_fd, CRYPTO_GET_PROVIDER_LIST, pl)) < 0) { - if (errno != EINTR) - break; - } - if (r < 0 || (pl->pl_return_value != CRYPTO_SUCCESS)) { -#ifdef DEBUG - (void) fprintf(stderr, "libdevcrypto:CRYPTO_GET_PROVIDER_LIST:" - "ret (r) = 0x%x, (rv) = 0x%x\n", r, pl->pl_return_value); -#endif /* DEBUG */ - ret = 0; - goto out; - } - - for (i = 0; i < slot_count; i++) { - kernel_provider_id[i] = pl->pl_list[i].pe_provider_id; -#ifdef DEBUG - (void) fprintf(stderr, "libdevcrypto: i = %d, " - "kernel_provider_id = %d\n", i, kernel_provider_id[i]); -#endif /* DEBUG */ - } - -out: - if (pl != NULL) - (void) OPENSSL_free(pl); - - if (ret == 0 && kernel_provider_id != NULL) { - (void) OPENSSL_free(kernel_provider_id); - kernel_provider_id = NULL; - } - - return (ret); -} - - -/* - * This function checks if the "nid" is already in the nid list. - */ -static int -nid_in_list(int nid, int *nid_list, int count) -{ - int i = 0; - - if (nid_list == NULL || count <= 0) - return (0); - - while (i < count) { - if (nid == nid_list[i]) - break; - i++; - } - return (i < count ? 1 : 0); -} - -/* - * This function is to get all the ciphers supported by hardware providers. - * If this function is successfully completed, then the following 2 global - * variables will be set. - * cipher_count - the number of ciphers found in all hardware providers. - * cipher_nids - the nid list for all the ciphers. - */ -static int -devcrypto_get_hw_ciphers(void) -{ - crypto_get_provider_mechanism_info_t mechinfo; - int max_cipher_count; - int *tmp_nids = NULL; - const char *mech_string; - int r; - int i, j; - - if (slot_count <= 0) /* no hardware provider */ - return (0); - - max_cipher_count = slot_count * DEV_CIPHER_MAX + 1; - tmp_nids = OPENSSL_malloc(max_cipher_count * sizeof (int)); - if (tmp_nids == NULL) { - /* not enough memory */ - goto failed; - } - - for (i = 0; i < slot_count; i++) { - mechinfo.mi_provider_id = kernel_provider_id[i]; - for (j = 0; j < DEV_CIPHER_MAX; j++) { - mech_string = - pkcs11_mech2str(cipher_table[j].mech_type); - if (mech_string == NULL) { - continue; /* shouldn't happen; skip it */ - } - - (void) strlcpy(mechinfo.mi_mechanism_name, - mech_string, CRYPTO_MAX_MECH_NAME); - while ((r = ioctl(kernel_fd, - CRYPTO_GET_PROVIDER_MECHANISM_INFO, - &mechinfo)) < 0) { - if (errno != EINTR) - break; - } - if (r < 0) { - goto failed; - } - - if (mechinfo.mi_return_value == CRYPTO_SUCCESS) { - /* - * Found this mechanism in hardware providers. - * If it is not in the nid list yet, add it. - */ - if (!nid_in_list(cipher_table[j].nid, - tmp_nids, cipher_count)) { - tmp_nids[cipher_count] = - cipher_table[j].nid; - cipher_count++; - } - } - } - } - - if (cipher_count > 0) { - cipher_nids = tmp_nids; - } - - return (1); - -failed: - if (r < 0 || cipher_count == 0) { - if (tmp_nids != NULL) - OPENSSL_free(tmp_nids); - } - return (0); -} - -/* - * Registered by the ENGINE when used to find out how to deal with - * a particular NID in the ENGINE. This says what we'll do at the - * top level - note, that list is restricted by what we answer with. - */ -static int -devcrypto_get_all_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid) -{ - if (!cipher) { - *nids = (cipher_count > 0) ? cipher_nids : NULL; - return (cipher_count); - } - - switch (nid) { - case NID_des_cbc: - *cipher = &dev_des_cbc; - break; - case NID_des_ede3_cbc: - *cipher = &dev_3des_cbc; - break; - case NID_des_ecb: - *cipher = &dev_des_ecb; - break; - case NID_des_ede3_ecb: - *cipher = &dev_3des_ecb; - break; - case NID_rc4: - *cipher = &dev_rc4; - break; - case NID_aes_128_cbc: - *cipher = &dev_aes_128_cbc; - break; - case NID_aes_192_cbc: - *cipher = &dev_aes_192_cbc; - break; - case NID_aes_256_cbc: - *cipher = &dev_aes_256_cbc; - break; - case NID_aes_128_ecb: - *cipher = &dev_aes_128_ecb; - break; - case NID_aes_192_ecb: - *cipher = &dev_aes_192_ecb; - break; - case NID_aes_256_ecb: - *cipher = &dev_aes_256_ecb; - break; - case NID_bf_cbc: - *cipher = &dev_bf_cbc; - break; - default: - /* - * We cannot put the NIDs for AES counter mode in separated - * cases as above because they are not constants. - */ - if (nid == NID_aes_128_ctr) - *cipher = &dev_aes_128_ctr; - else if (nid == NID_aes_192_ctr) - *cipher = &dev_aes_192_ctr; - else if (nid == NID_aes_256_ctr) - *cipher = &dev_aes_256_ctr; - else - *cipher = NULL; - break; - } - - return (*cipher != NULL); -} - - -static int -get_cipher_id_by_nid(int nid) -{ - int i; - - for (i = 0; i < DEV_CIPHER_MAX; i++) - if (cipher_table[i].nid == nid) - return (cipher_table[i].id); - return (-1); -} - - -static int -get_slotid_by_mechanism(const char *mech_string, CK_SLOT_ID *slot_id) -{ - crypto_get_provider_mechanism_info_t mechanism_info; - uint_t rv; - int r; - int i = 0; - - (void) strlcpy(mechanism_info.mi_mechanism_name, mech_string, - CRYPTO_MAX_MECH_NAME); - while (i < slot_count) { - mechanism_info.mi_provider_id = kernel_provider_id[i]; - while ((r = ioctl(kernel_fd, - CRYPTO_GET_PROVIDER_MECHANISM_INFO, - &mechanism_info)) < 0) { - if (errno != EINTR) - break; - } - if (r < 0) { - return (0); /* ioctl function failed */ - } - rv = mechanism_info.mi_return_value; - if (rv == 0) { /* found it */ - *slot_id = kernel_provider_id[i]; - return (1); - } - i++; - } - - return (0); -} - - -static int -devcrypto_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - devcrypto_ctx_t *devc_ctx = ctx->cipher_data; - crypto_encrypt_init_t encrypt_init; - crypto_decrypt_init_t decrypt_init; - crypto_open_session_t session; - crypto_get_mechanism_number_t get_number; - CK_AES_CTR_PARAMS aes_ctr_params; - devcrypto_cipher_t *the_cipher; - const char *mech_string; - CK_SLOT_ID slot_id; - int index; - int r; - uint_t rv = 0; - - if (key == NULL) { - DEVCRYPTOerr(DEVC_F_CIPHER_INIT, DEVC_R_CIPHER_KEY); - return (0); - } - - /* get the cipher entry index in cipher_table from nid */ - index = get_cipher_id_by_nid(ctx->cipher->nid); - if (index < 0 || index >= DEV_CIPHER_MAX) { - DEVCRYPTOerr(DEVC_F_CIPHER_INIT, DEVC_R_CIPHER_NID); - return (0); - } - the_cipher = &cipher_table[index]; - - /* check key size */ - if (ctx->cipher->iv_len < the_cipher->iv_len || - ctx->key_len < the_cipher->min_key_len || - ctx->key_len > the_cipher->max_key_len) { - DEVCRYPTOerr(DEVC_F_CIPHER_INIT, DEVC_R_KEY_OR_IV_LEN_PROBLEM); - return (0); - } - - /* Set cipher flags, if any */ - ctx->flags |= the_cipher->flags; - - /* get the mechanism string */ - mech_string = pkcs11_mech2str(the_cipher->mech_type); - if (mech_string == NULL) { - DEVCRYPTOerr(DEVC_F_CIPHER_INIT, DEVC_R_MECH_STRING); - return (0); - } - -#ifdef DEBUG - (void) fprintf(stderr, "libdevcrypto: mech_string=%s\n", mech_string); -#endif - - /* Find the slot that supports this mechanism */ - if (!get_slotid_by_mechanism(mech_string, &slot_id)) { - DEVCRYPTOerr(DEVC_F_CIPHER_INIT, DEVC_R_FIND_SLOT_BY_MECH); -#ifdef DEBUG - (void) fprintf(stderr, - "libdevcrypto: failed to find a slot with %s\n", - mech_string); -#endif - return (0); - } - -#ifdef DEBUG - (void) fprintf(stderr, "libdevcrypto: found a slot with %s, " - "slot_id = %d\n", mech_string, slot_id); -#endif - - /* Open a session on this slot */ - session.os_provider_id = slot_id; - session.os_flags = CKF_RW_SESSION | CKF_SERIAL_SESSION; - while ((r = ioctl(kernel_fd, CRYPTO_OPEN_SESSION, &session)) < 0) { - if (errno != EINTR) - break; - } - rv = session.os_return_value; - if (r || rv) { - DEVCRYPTOerr(DEVC_F_CIPHER_INIT, DEVC_R_OPEN_SESSION); -#ifdef DEBUG - (void) fprintf(stderr, - "libdevcrypto:cipher_init:failed to open a session\n"); -#endif /* DEBUG */ - goto failed; - } - -#ifdef DEBUG - (void) fprintf(stderr, "libdevcrypto:cipher_init: open session = %d\n", - session.os_session); -#endif /* DEBUG */ - - /* save the session_id */ - devc_ctx->session_id = session.os_session; - - /* - * Get the kernel mechanism number for this mechanism, if it has not - * been retrieved yet. - */ - if (the_cipher->pn_internal_number == CRYPTO_MECH_INVALID) { - get_number.pn_mechanism_string = (char *)mech_string; - get_number.pn_mechanism_len = strlen(mech_string) + 1; - while ((r = ioctl(kernel_fd, CRYPTO_GET_MECHANISM_NUMBER, - &get_number)) < 0) { - if (errno != EINTR) - break; - } - rv = get_number.pn_return_value; - if (r || rv) { - DEVCRYPTOerr(DEVC_F_CIPHER_INIT, - DEVC_R_GET_MECHANISM_NUMBER); -#ifdef DEBUG - (void) fprintf(stderr, "libdevcrypto:cipher_init: " - "failed to get the kernel mech number.\n"); -#endif /* DEBUG */ - goto failed; - } - - the_cipher->pn_internal_number = get_number.pn_internal_number; - } - - /* Crypto Init */ - if (ctx->encrypt) { - encrypt_init.ei_session = session.os_session; - encrypt_init.ei_key.ck_format = CRYPTO_KEY_RAW; - encrypt_init.ei_key.ck_obj_id = 0; - encrypt_init.ei_key.ck_data = (void *) key; - encrypt_init.ei_key.ck_length = ctx->key_len * 8; - encrypt_init.ei_mech.cm_type = the_cipher->pn_internal_number; - - if (ctx->cipher->nid == NID_aes_128_ctr || - ctx->cipher->nid == NID_aes_192_ctr || - ctx->cipher->nid == NID_aes_256_ctr) { - encrypt_init.ei_mech.cm_param = - (void *) (&aes_ctr_params); - encrypt_init.ei_mech.cm_param_len = - sizeof (aes_ctr_params); - - aes_ctr_params.ulCounterBits = AES_BLOCK_SIZE * 8; - OPENSSL_assert(ctx->cipher->iv_len == AES_BLOCK_SIZE); - (void) memcpy(aes_ctr_params.cb, ctx->iv, - AES_BLOCK_SIZE); - } else { - if (the_cipher->iv_len > 0) { - encrypt_init.ei_mech.cm_param = - (char *)ctx->iv; - encrypt_init.ei_mech.cm_param_len = - ctx->cipher->iv_len; - } else { - encrypt_init.ei_mech.cm_param = NULL; - encrypt_init.ei_mech.cm_param_len = 0; - } - } - - while ((r = ioctl(kernel_fd, CRYPTO_ENCRYPT_INIT, - &encrypt_init)) < 0) { - if (errno != EINTR) - break; - } - rv = encrypt_init.ei_return_value; - - } else { - decrypt_init.di_session = session.os_session; - decrypt_init.di_key.ck_format = CRYPTO_KEY_RAW; - decrypt_init.di_key.ck_obj_id = 0; - decrypt_init.di_key.ck_data = (void *) key; - decrypt_init.di_key.ck_length = ctx->key_len * 8; - decrypt_init.di_mech.cm_type = the_cipher->pn_internal_number; - - if (ctx->cipher->nid == NID_aes_128_ctr || - ctx->cipher->nid == NID_aes_192_ctr || - ctx->cipher->nid == NID_aes_256_ctr) { - decrypt_init.di_mech.cm_param = - (void *)(&aes_ctr_params); - decrypt_init.di_mech.cm_param_len = - sizeof (aes_ctr_params); - aes_ctr_params.ulCounterBits = AES_BLOCK_SIZE * 8; - OPENSSL_assert(ctx->cipher->iv_len == AES_BLOCK_SIZE); - (void) memcpy(aes_ctr_params.cb, ctx->iv, - AES_BLOCK_SIZE); - } else { - if (the_cipher->iv_len > 0) { - decrypt_init.di_mech.cm_param = - (char *)ctx->iv; - decrypt_init.di_mech.cm_param_len = - ctx->cipher->iv_len; - } else { - decrypt_init.di_mech.cm_param = NULL; - decrypt_init.di_mech.cm_param_len = 0; - } - } - - while ((r = ioctl(kernel_fd, CRYPTO_DECRYPT_INIT, - &decrypt_init)) < 0) { - if (errno != EINTR) - break; - } - rv = decrypt_init.di_return_value; - } - -failed: - if (r || rv) { - if (ctx->encrypt) - DEVCRYPTOerr(DEVC_F_CIPHER_INIT, DEVC_R_ENCRYPT_INIT); - else - DEVCRYPTOerr(DEVC_F_CIPHER_INIT, DEVC_R_DECRYPT_INIT); - - return (0); - } - - return (1); -} - - -/* - * ENCRYPT_UPDATE or DECRYPT_UPDATE - */ -static int -devcrypto_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) -{ - crypto_encrypt_update_t encrypt_update; - crypto_decrypt_update_t decrypt_update; - devcrypto_ctx_t *devc_ctx = ctx->cipher_data; - int r = 0, rv = 0; - - if (ctx->encrypt) { - encrypt_update.eu_session = devc_ctx->session_id; - encrypt_update.eu_databuf = (char *)in; - encrypt_update.eu_datalen = inl; - encrypt_update.eu_encrbuf = (char *)out; - encrypt_update.eu_encrlen = inl; - - while ((r = ioctl(kernel_fd, CRYPTO_ENCRYPT_UPDATE, - &encrypt_update)) < 0) { - if (errno != EINTR) - break; - } - rv = encrypt_update.eu_return_value; - - } else { /* decrypt */ - decrypt_update.du_session = devc_ctx->session_id; - decrypt_update.du_encrbuf = (char *)in; - decrypt_update.du_encrlen = inl; - decrypt_update.du_databuf = (char *)out; - decrypt_update.du_datalen = inl; - - while ((r = ioctl(kernel_fd, CRYPTO_DECRYPT_UPDATE, - &decrypt_update)) < 0) { - if (errno != EINTR) - break; - } - rv = decrypt_update.du_return_value; - } - - if (r || rv) { - if (ctx->encrypt) - DEVCRYPTOerr(DEVC_F_CIPHER_DO_CIPHER, - DEVC_R_ENCRYPT_UPDATE); - else - DEVCRYPTOerr(DEVC_F_CIPHER_DO_CIPHER, - DEVC_R_DECRYPT_UPDATE); - -#ifdef DEBUG - (void) fprintf(stderr, "libdevcrypto:crypto_do ret (r) = 0x%x," - "crypto ret (rv) = 0x%x,", r, rv); -#endif /* DEBUG */ - return (0); - } - - return (1); -} - - -/* - * ENCRYPT_FINAL or DECRYPT_FINAL - */ -static int -devcrypto_cipher_cleanup(EVP_CIPHER_CTX *ctx) -{ - crypto_encrypt_final_t encrypt_final; - crypto_decrypt_final_t decrypt_final; - crypto_close_session_t session; - devcrypto_ctx_t *devc_ctx = ctx->cipher_data; - char buf[EVP_MAX_BLOCK_LENGTH]; - int r; - uint_t rv = 0; - int ret = 1; - - if (ctx->encrypt) { - encrypt_final.ef_session = devc_ctx->session_id; - encrypt_final.ef_encrbuf = buf; - encrypt_final.ef_encrlen = sizeof (buf); - while ((r = ioctl(kernel_fd, CRYPTO_ENCRYPT_FINAL, - &encrypt_final)) < 0) { - if (errno != EINTR) - break; - } - rv = encrypt_final.ef_return_value; - - } else { - decrypt_final.df_session = devc_ctx->session_id; - decrypt_final.df_databuf = buf; - decrypt_final.df_datalen = sizeof (buf); - while ((r = ioctl(kernel_fd, CRYPTO_DECRYPT_FINAL, - &decrypt_final)) < 0) { - if (errno != EINTR) - break; - } - rv = decrypt_final.df_return_value; - } - -#ifdef DEBUG - if (ctx->encrypt) - (void) fprintf(stderr, "libdevcrypto:CRYPTO_ENCRYPT_FINAL " - "ret (r) = 0x%x, (rv) = 0x%x\n", r, rv); - else - (void) fprintf(stderr, "libdevcrypto:CRYPTO_DECRYPT_FINAL " - "ret (r) = 0x%x, (rv) = 0x%x\n", r, rv); -#endif /* DEBUG */ - - if (r || rv) { - if (ctx->encrypt) - DEVCRYPTOerr(DEVC_F_CIPHER_CLEANUP, - DEVC_R_ENCRYPT_FINAL); - else - DEVCRYPTOerr(DEVC_F_CIPHER_CLEANUP, - DEVC_R_DECRYPT_FINAL); - ret = 0; - } - - /* close the session */ - session.cs_session = devc_ctx->session_id; - while ((r = ioctl(kernel_fd, CRYPTO_CLOSE_SESSION, &session)) < 0) { - if (errno != EINTR) - break; - } - -#ifdef DEBUG - (void) fprintf(stderr, "libdevcrypto:CRYPTO_CLOSE_SESSION, " - "session id = %d ret (r) = 0x%x, crypto ret (rv) = 0x%x\n", - devc_ctx->session_id, r, rv); -#endif /* DEBUG */ - - if (r || rv) { - DEVCRYPTOerr(DEVC_F_CIPHER_CLEANUP, DEVC_R_CLOSE_SESSION); - ret = 0; - } - - return (ret); -} - -static void -devcrypto_cleanup(void) -{ - if (kernel_fd == -1) - return; - - (void) pthread_mutex_lock(kernel_fd_lock); - kernel_fd_ref--; - (void) pthread_mutex_unlock(kernel_fd_lock); - - if (kernel_fd_ref == 0) { - (void) pthread_mutex_lock(kernel_fd_lock); - (void) close(kernel_fd); - kernel_fd = -1; - if (kernel_provider_id != NULL) { - OPENSSL_free(kernel_provider_id); - kernel_provider_id = NULL; - } - if (cipher_nids != NULL) { - OPENSSL_free(cipher_nids); - cipher_nids = NULL; - } - devcrypto_free_aes_ctr_NIDs(); - (void) pthread_mutex_unlock(kernel_fd_lock); - (void) pthread_mutex_destroy(kernel_fd_lock); - OPENSSL_free(kernel_fd_lock); - kernel_fd_lock = NULL; - } -} - -static int -devcrypto_destroy(ENGINE *e) -{ - ERR_unload_devcrypto_strings(); - return (1); -} - -static int -devcrypto_finish(ENGINE *e) -{ - devcrypto_cleanup(); - return (1); -} - -/* - * Set up the engine info and get the /dev/crypto engine ready. - */ -static int -devcrypto_bind(ENGINE *e) -{ -#ifdef DEBUG - int i; -#endif - - /* Get the NIDs for AES counter mode algorithms first. */ - if (devcrypto_add_aes_ctr_NIDs() == 0) { - return (0); - } - - /* Create a lock for the devcrypto device file descriptor */ - if (kernel_fd_lock == NULL) { - kernel_fd_lock = OPENSSL_malloc(sizeof (pthread_mutex_t)); - if (kernel_fd_lock == NULL) { - devcrypto_free_aes_ctr_NIDs(); - return (0); - } - - if (pthread_mutex_init(kernel_fd_lock, NULL) != 0) { - devcrypto_free_aes_ctr_NIDs(); - OPENSSL_free(kernel_fd_lock); - kernel_fd_lock = NULL; - return (0); - } - } - - /* Open the /dev/crypto device */ - if (devcrypto_open() == 0) { - devcrypto_free_aes_ctr_NIDs(); - pthread_mutex_destroy(kernel_fd_lock); - OPENSSL_free(kernel_fd_lock); - kernel_fd_lock = NULL; - return (0); - } - - /* Get all hardware providers' information */ - if (devcrypto_get_slot_info() == 0) { - goto failed; - } - - if (devcrypto_get_hw_ciphers() == 0) { - goto failed; - } - -#ifdef DEBUG - (void) fprintf(stderr, "cipher_count = %d\n", cipher_count); - for (i = 0; i < cipher_count; i++) { - (void) fprintf(stderr, - "cipher_nids[i] = %d\n", cipher_nids[i]); - } -#endif /* DEBUG */ - - if (!ENGINE_set_id(e, ENGINE_DEVCRYPTO_ID) || - !ENGINE_set_name(e, ENGINE_DEVCRYPTO_NAME) || - !ENGINE_set_ciphers(e, devcrypto_get_all_ciphers) || - !ENGINE_set_destroy_function(e, devcrypto_destroy) || - !ENGINE_set_finish_function(e, devcrypto_finish)) { - goto failed; - } - - /* Set up the devcrypto error handling */ - ERR_load_devcrypto_strings(); - return (1); - -failed: - devcrypto_cleanup(); - return (0); -} - - -static int -bind_helper(ENGINE *e, const char *id) -{ - if (id != NULL && (strcmp(id, ENGINE_DEVCRYPTO_ID) != 0)) { -#ifdef DEBUG - (void) fprintf(stderr, "libdevcrypto - bad engine id\n"); -#endif /* DEBUG */ - return (0); - } - if (!devcrypto_bind(e)) { -#ifdef DEBUG - (void) fprintf(stderr, - "libdevcrypto - failed to bind engine\n"); -#endif /* DEBUG */ - return (0); - } - - return (1); -} - -IMPLEMENT_DYNAMIC_CHECK_FN() -IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/engines/devcrypto/e_devcrypto_err.c --- a/components/openssl/openssl-1.0.0/engines/devcrypto/e_devcrypto_err.c Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,122 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - * - * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. - */ - -#include "e_devcrypto_err.h" - -/* BEGIN ERROR CODES */ - -#ifndef OPENSSL_NO_ERR - -#define ERR_FUNC(func) ERR_PACK(0, func, 0) -#define ERR_REASON(reason) ERR_PACK(0, 0, reason) - -static ERR_STRING_DATA devcrypto_str_functs[]= -{ -{ ERR_FUNC(DEVC_F_INIT), "DEVCRYPTO_INIT"}, -{ ERR_FUNC(DEVC_F_DESTROY), "DEVCRYPTO_DESTROY"}, -{ ERR_FUNC(DEVC_F_FINISH), "DEVCRYPTO_FINISH"}, -{ ERR_FUNC(DEVC_F_CIPHER_INIT), "DEVCRYPTO_CIPHER_INIT"}, -{ ERR_FUNC(DEVC_F_CIPHER_DO_CIPHER), "DEVCRYPTO_CIPHER_DO_CIPHER"}, -{ ERR_FUNC(DEVC_F_CIPHER_CLEANUP), "DEVCRYPTO_CIPHER_CLEANUP"}, -{ 0, NULL} -}; - -static ERR_STRING_DATA devcrypto_str_reasons[]= -{ -{ ERR_REASON(DEVC_R_CIPHER_KEY), "invalid cipher key"}, -{ ERR_REASON(DEVC_R_CIPHER_NID), "invalid cipher nid"}, -{ ERR_REASON(DEVC_R_KEY_OR_IV_LEN_PROBLEM), "IV or key length incorrect"}, -{ ERR_REASON(DEVC_R_MECH_STRING), "convert cipher type to string failed"}, -{ ERR_REASON(DEVC_R_FIND_SLOT_BY_MECH), - "no hardware providers support this cipher"}, -{ ERR_REASON(DEVC_R_OPEN_SESSION), "CRYPTO_OPEN_SESSION failed"}, -{ ERR_REASON(DEVC_R_GET_MECHANISM_NUMBER), - "CRYPTO_GET_MECHANISM_NUMBER failed"}, -{ ERR_REASON(DEVC_R_ENCRYPT_INIT), "CRYPTO_ENCRYPT_INIT failed"}, -{ ERR_REASON(DEVC_R_ENCRYPT_UPDATE), "CRYPTO_ENCRYPT_UPDATE failed"}, -{ ERR_REASON(DEVC_R_ENCRYPT_FINAL), "CRYPTO_ENCRYPT_FINAL failed"}, -{ ERR_REASON(DEVC_R_DECRYPT_INIT), "CRYPTO_DECRYPT_INIT failed"}, -{ ERR_REASON(DEVC_R_DECRYPT_UPDATE), "CRYPTO_DECRYPT_UPDATE failed"}, -{ ERR_REASON(DEVC_R_DECRYPT_FINAL), "CRYPTO_DECRYPT_FINAL failed"}, -{ ERR_REASON(DEVC_R_CLOSE_SESSION), "CRYPTO_CLOSE_SESSION failed"}, -{ 0, NULL} -}; -#endif /* OPENSSL_NO_ERR */ - - -#ifdef DEVCRYPTO_LIB_NAME -static ERR_STRING_DATA DEVCRYPTO_lib_name[]= -{ -{0, DEVCRYPTO_LIB_NAME}, -{0, NULL} -}; -#endif - -static int devcrypto_error_code = 0; -static int devcrypto_error_init = 1; - -static void -ERR_load_devcrypto_strings(void) -{ - if (devcrypto_error_code == 0) - devcrypto_error_code = ERR_get_next_error_library(); - - if (devcrypto_error_init) { - devcrypto_error_init = 0; - -#ifndef OPENSSL_NO_ERR - ERR_load_strings(devcrypto_error_code, devcrypto_str_functs); - ERR_load_strings(devcrypto_error_code, devcrypto_str_reasons); -#endif - -#ifdef DEVCRYPTO_LIB_NAME - DEVCRYPTO_lib_name->error = - ERR_PACK(devcrypto_error_code, 0, 0); - ERR_load_strings(0, DEVCRYPTO_lib_name); -#endif - } -} - -static void -ERR_unload_devcrypto_strings(void) -{ - if (devcrypto_error_init == 0) { -#ifndef OPENSSL_NO_ERR - ERR_unload_strings(devcrypto_error_code, devcrypto_str_functs); - ERR_unload_strings(devcrypto_error_code, devcrypto_str_reasons); -#endif - -#ifdef DEVCRYPTO_LIB_NAME - ERR_unload_strings(0, DEVCRYPTO_lib_name); -#endif - devcrypto_error_init = 1; - } -} - -static void -ERR_devcrypto_error(int function, int reason, char *file, int line) -{ - if (devcrypto_error_code == 0) - devcrypto_error_code = ERR_get_next_error_library(); - ERR_PUT_error(devcrypto_error_code, function, reason, file, line); -} diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/engines/devcrypto/e_devcrypto_err.h --- a/components/openssl/openssl-1.0.0/engines/devcrypto/e_devcrypto_err.h Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,59 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - * - * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. - */ - -#ifndef HEADER_DEVCRYPTO_ERR_H -#define HEADER_DEVCRYPTO_ERR_H - -static void ERR_load_devcrypto_strings(void); -static void ERR_unload_devcrypto_strings(void); -static void ERR_devcrypto_error(int function, int reason, char *file, int line); - -#define DEVCRYPTOerr(f, r) ERR_devcrypto_error((f), (r), __FILE__, __LINE__) - - -/* Function codes */ -#define DEVC_F_INIT 100 -#define DEVC_F_DESTROY 101 -#define DEVC_F_FINISH 102 -#define DEVC_F_CIPHER_INIT 103 -#define DEVC_F_CIPHER_DO_CIPHER 104 -#define DEVC_F_CIPHER_CLEANUP 105 - - -/* Reason codes */ -#define DEVC_R_CIPHER_KEY 100 -#define DEVC_R_CIPHER_NID 101 -#define DEVC_R_KEY_OR_IV_LEN_PROBLEM 102 -#define DEVC_R_MECH_STRING 103 -#define DEVC_R_FIND_SLOT_BY_MECH 104 -#define DEVC_R_OPEN_SESSION 105 -#define DEVC_R_GET_MECHANISM_NUMBER 106 -#define DEVC_R_ENCRYPT_INIT 107 -#define DEVC_R_ENCRYPT_UPDATE 108 -#define DEVC_R_ENCRYPT_FINAL 109 -#define DEVC_R_DECRYPT_INIT 110 -#define DEVC_R_DECRYPT_UPDATE 111 -#define DEVC_R_DECRYPT_FINAL 112 -#define DEVC_R_CLOSE_SESSION 113 - -#endif /* HEADER_DEVCRYPTO_ERR_H */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/engines/pkcs11/hw_pk11.c --- a/components/openssl/openssl-1.0.0/engines/pkcs11/hw_pk11.c Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,3930 +0,0 @@ -/* - * Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved. - */ - -/* crypto/engine/hw_pk11.c */ -/* - * This product includes software developed by the OpenSSL Project for - * use in the OpenSSL Toolkit (http://www.openssl.org/). - * - * This project also referenced hw_pkcs11-0.9.7b.patch written by - * Afchine Madjlessi. - */ -/* - * ==================================================================== - * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#ifndef OPENSSL_NO_RSA -#include -#endif -#ifndef OPENSSL_NO_DSA -#include -#endif -#ifndef OPENSSL_NO_DH -#include -#endif -#include -#include -#include -#include -#include -#include -#include - -#ifndef OPENSSL_NO_HW -#ifndef OPENSSL_NO_HW_PK11 - -/* label for debug messages printed on stderr */ -#define PK11_DBG "PKCS#11 ENGINE DEBUG" -/* prints a lot of debug messages on stderr about slot selection process */ -#undef DEBUG_SLOT_SELECTION -/* - * Solaris specific code. See comment at check_hw_mechanisms() for more - * information. - */ -#if defined(__SVR4) && defined(__sun) -#define SOLARIS_HW_SLOT_SELECTION -#endif - -#ifdef SOLARIS_HW_SLOT_SELECTION -#include -#endif - -#ifdef DEBUG_SLOT_SELECTION -#define DEBUG_SLOT_SEL(...) fprintf(stderr, __VA_ARGS__) -#else -#define DEBUG_SLOT_SEL(...) -#endif - -/* - * AES counter mode is not supported in the OpenSSL EVP API yet and neither - * there are official OIDs for mechanisms based on this mode. With our changes, - * an application can define its own EVP calls for AES counter mode and then - * it can make use of hardware acceleration through this engine. However, it's - * better if we keep AES CTR support code under ifdef's. - */ -#define SOLARIS_AES_CTR - -#include -#include -#include "hw_pk11.h" -#include "hw_pk11_uri.h" - -#define PK11_ENGINE_LIB_NAME "PKCS#11 engine" -#include "hw_pk11_err.c" - -#ifdef SOLARIS_AES_CTR -/* - * NIDs for AES counter mode that will be defined during the engine - * initialization. - */ -int NID_aes_128_ctr = NID_undef; -int NID_aes_192_ctr = NID_undef; -int NID_aes_256_ctr = NID_undef; -#endif /* SOLARIS_AES_CTR */ - -/* - * We use this lock to prevent multiple C_Login()s, guard getpassphrase(), - * uri_struct manipulation, and static token info. All of that is used by the - * RSA keys by reference feature. - */ -pthread_mutex_t *uri_lock = NULL; - -#ifdef SOLARIS_HW_SLOT_SELECTION -/* - * Tables for symmetric ciphers and digest mechs found in the pkcs11_kernel - * library. See comment at check_hw_mechanisms() for more information. - */ -int *hw_cnids; -int *hw_dnids; -#endif /* SOLARIS_HW_SLOT_SELECTION */ - -/* PKCS#11 session caches and their locks for all operation types */ -static PK11_CACHE session_cache[OP_MAX]; - -/* - * We cache the flags so that we do not have to run C_GetTokenInfo() again when - * logging into the token. - */ -CK_FLAGS pubkey_token_flags; - -/* - * As stated in v2.20, 11.7 Object Management Function, in section for - * C_FindObjectsInit(), at most one search operation may be active at a given - * time in a given session. Therefore, C_Find{,Init,Final}Objects() should be - * grouped together to form one atomic search operation. This is already - * ensured by the property of unique PKCS#11 session handle used for each - * PK11_SESSION object. - * - * This is however not the biggest concern - maintaining consistency of the - * underlying object store is more important. The same section of the spec also - * says that one thread can be in the middle of a search operation while another - * thread destroys the object matching the search template which would result in - * invalid handle returned from the search operation. - * - * Hence, the following locks are used for both protection of the object stores. - * They are also used for active list protection. - */ -pthread_mutex_t *find_lock[OP_MAX] = { NULL }; - -/* - * lists of asymmetric key handles which are active (referenced by at least one - * PK11_SESSION structure, either held by a thread or present in free_session - * list) for given algorithm type - */ -PK11_active *active_list[OP_MAX] = { NULL }; - -/* - * Create all secret key objects in a global session so that they are available - * to use for other sessions. These other sessions may be opened or closed - * without losing the secret key objects. - */ -static CK_SESSION_HANDLE global_session = CK_INVALID_HANDLE; - -/* Index for the supported ciphers */ -enum pk11_cipher_id { - PK11_DES_CBC, - PK11_DES3_CBC, - PK11_DES_ECB, - PK11_DES3_ECB, - PK11_RC4, - PK11_AES_128_CBC, - PK11_AES_192_CBC, - PK11_AES_256_CBC, - PK11_AES_128_ECB, - PK11_AES_192_ECB, - PK11_AES_256_ECB, - PK11_BLOWFISH_CBC, -#ifdef SOLARIS_AES_CTR - PK11_AES_128_CTR, - PK11_AES_192_CTR, - PK11_AES_256_CTR, -#endif /* SOLARIS_AES_CTR */ - PK11_CIPHER_MAX -}; - -/* Index for the supported digests */ -enum pk11_digest_id { - PK11_MD5, - PK11_SHA1, - PK11_SHA224, - PK11_SHA256, - PK11_SHA384, - PK11_SHA512, - PK11_DIGEST_MAX -}; - -typedef struct PK11_CIPHER_st - { - enum pk11_cipher_id id; - int nid; - int iv_len; - int min_key_len; - int max_key_len; - CK_KEY_TYPE key_type; - CK_MECHANISM_TYPE mech_type; - } PK11_CIPHER; - -typedef struct PK11_DIGEST_st - { - enum pk11_digest_id id; - int nid; - CK_MECHANISM_TYPE mech_type; - } PK11_DIGEST; - -/* ENGINE level stuff */ -static int pk11_init(ENGINE *e); -static int pk11_library_init(ENGINE *e); -static int pk11_finish(ENGINE *e); -static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); -static int pk11_destroy(ENGINE *e); - -/* RAND stuff */ -static void pk11_rand_seed(const void *buf, int num); -static void pk11_rand_add(const void *buf, int num, double add_entropy); -static void pk11_rand_cleanup(void); -static int pk11_rand_bytes(unsigned char *buf, int num); -static int pk11_rand_status(void); - -/* These functions are also used in other files */ -PK11_SESSION *pk11_get_session(PK11_OPTYPE optype); -void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype); - -/* active list manipulation functions used in this file */ -extern int pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type); -extern void pk11_free_active_list(PK11_OPTYPE type); - -#ifndef OPENSSL_NO_RSA -int pk11_destroy_rsa_key_objects(PK11_SESSION *session); -int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock); -int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock); -#endif -#ifndef OPENSSL_NO_DSA -int pk11_destroy_dsa_key_objects(PK11_SESSION *session); -int pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock); -int pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock); -#endif -#ifndef OPENSSL_NO_DH -int pk11_destroy_dh_key_objects(PK11_SESSION *session); -int pk11_destroy_dh_object(PK11_SESSION *session, CK_BBOOL uselock); -#endif - -/* Local helper functions */ -static int pk11_free_all_sessions(void); -static int pk11_free_session_list(PK11_OPTYPE optype); -static int pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype); -static int pk11_destroy_cipher_key_objects(PK11_SESSION *session); -static int pk11_destroy_object(CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE oh, - CK_BBOOL persistent); -static const char *get_PK11_LIBNAME(void); -static void free_PK11_LIBNAME(void); -static long set_PK11_LIBNAME(const char *name); - -/* Symmetric cipher and digest support functions */ -static int cipher_nid_to_pk11(int nid); -#ifdef SOLARIS_AES_CTR -static int pk11_add_NID(char *sn, char *ln); -static int pk11_add_aes_ctr_NIDs(void); -#endif /* SOLARIS_AES_CTR */ -static int pk11_usable_ciphers(const int **nids); -static int pk11_usable_digests(const int **nids); -static int pk11_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); -static int pk11_cipher_final(PK11_SESSION *sp); -static int pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); -static int pk11_cipher_cleanup(EVP_CIPHER_CTX *ctx); -static int pk11_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid); -static int pk11_engine_digests(ENGINE *e, const EVP_MD **digest, - const int **nids, int nid); -static CK_OBJECT_HANDLE pk11_get_cipher_key(EVP_CIPHER_CTX *ctx, - const unsigned char *key, CK_KEY_TYPE key_type, PK11_SESSION *sp); -static int check_new_cipher_key(PK11_SESSION *sp, const unsigned char *key, - int key_len); -static int md_nid_to_pk11(int nid); -static int pk11_digest_init(EVP_MD_CTX *ctx); -static int pk11_digest_update(EVP_MD_CTX *ctx, const void *data, - size_t count); -static int pk11_digest_final(EVP_MD_CTX *ctx, unsigned char *md); -static int pk11_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from); -static int pk11_digest_cleanup(EVP_MD_CTX *ctx); - -static int pk11_choose_slots(int *any_slot_found); -static void pk11_find_symmetric_ciphers(CK_FUNCTION_LIST_PTR pflist, - CK_SLOT_ID current_slot, int *current_slot_n_cipher, - int *local_cipher_nids); -static void pk11_find_digests(CK_FUNCTION_LIST_PTR pflist, - CK_SLOT_ID current_slot, int *current_slot_n_digest, - int *local_digest_nids); -static void pk11_get_symmetric_cipher(CK_FUNCTION_LIST_PTR, int slot_id, - int *current_slot_n_cipher, int *local_cipher_nids, - PK11_CIPHER *cipher); -static void pk11_get_digest(CK_FUNCTION_LIST_PTR pflist, int slot_id, - int *current_slot_n_digest, int *local_digest_nids, - PK11_DIGEST *digest); - -static int pk11_init_all_locks(void); -static void pk11_free_all_locks(void); - -#ifdef SOLARIS_HW_SLOT_SELECTION -static int check_hw_mechanisms(void); -static int nid_in_table(int nid, int *nid_table); -static int hw_aes_instruction_set_present(void); -#endif /* SOLARIS_HW_SLOT_SELECTION */ - -#define TRY_OBJ_DESTROY(sp, obj_hdl, retval, uselock, alg_type) \ - { \ - if (uselock) \ - LOCK_OBJSTORE(alg_type); \ - if (pk11_active_delete(obj_hdl, alg_type) == 1) \ - { \ - retval = pk11_destroy_object(sp->session, obj_hdl, \ - sp->persistent); \ - } \ - if (uselock) \ - UNLOCK_OBJSTORE(alg_type); \ - } - -static int cipher_nids[PK11_CIPHER_MAX]; -static int digest_nids[PK11_DIGEST_MAX]; -static int cipher_count = 0; -static int digest_count = 0; -static CK_BBOOL pk11_have_rsa = CK_FALSE; -static CK_BBOOL pk11_have_dsa = CK_FALSE; -static CK_BBOOL pk11_have_dh = CK_FALSE; -static CK_BBOOL pk11_have_random = CK_FALSE; - -/* - * Static list of ciphers. - * Note, that ciphers array is indexed by member PK11_CIPHER.id, - * thus ciphers[i].id == i - * Rows must be kept in sync with enum pk11_cipher_id. - */ -static PK11_CIPHER ciphers[] = - { - { PK11_DES_CBC, NID_des_cbc, 8, 8, 8, - CKK_DES, CKM_DES_CBC, }, - { PK11_DES3_CBC, NID_des_ede3_cbc, 8, 24, 24, - CKK_DES3, CKM_DES3_CBC, }, - { PK11_DES_ECB, NID_des_ecb, 0, 8, 8, - CKK_DES, CKM_DES_ECB, }, - { PK11_DES3_ECB, NID_des_ede3_ecb, 0, 24, 24, - CKK_DES3, CKM_DES3_ECB, }, - { PK11_RC4, NID_rc4, 0, 16, 256, - CKK_RC4, CKM_RC4, }, - { PK11_AES_128_CBC, NID_aes_128_cbc, 16, 16, 16, - CKK_AES, CKM_AES_CBC, }, - { PK11_AES_192_CBC, NID_aes_192_cbc, 16, 24, 24, - CKK_AES, CKM_AES_CBC, }, - { PK11_AES_256_CBC, NID_aes_256_cbc, 16, 32, 32, - CKK_AES, CKM_AES_CBC, }, - { PK11_AES_128_ECB, NID_aes_128_ecb, 0, 16, 16, - CKK_AES, CKM_AES_ECB, }, - { PK11_AES_192_ECB, NID_aes_192_ecb, 0, 24, 24, - CKK_AES, CKM_AES_ECB, }, - { PK11_AES_256_ECB, NID_aes_256_ecb, 0, 32, 32, - CKK_AES, CKM_AES_ECB, }, - { PK11_BLOWFISH_CBC, NID_bf_cbc, 8, 16, 16, - CKK_BLOWFISH, CKM_BLOWFISH_CBC, }, -#ifdef SOLARIS_AES_CTR - /* we don't know the correct NIDs until the engine is initialized */ - { PK11_AES_128_CTR, NID_undef, 16, 16, 16, - CKK_AES, CKM_AES_CTR, }, - { PK11_AES_192_CTR, NID_undef, 16, 24, 24, - CKK_AES, CKM_AES_CTR, }, - { PK11_AES_256_CTR, NID_undef, 16, 32, 32, - CKK_AES, CKM_AES_CTR, }, -#endif /* SOLARIS_AES_CTR */ - }; - -/* - * Static list of digests. - * Note, that digests array is indexed by member PK11_DIGEST.id, - * thus digests[i].id == i - * Rows must be kept in sync with enum pk11_digest_id. - */ -static PK11_DIGEST digests[] = - { - {PK11_MD5, NID_md5, CKM_MD5, }, - {PK11_SHA1, NID_sha1, CKM_SHA_1, }, - {PK11_SHA224, NID_sha224, CKM_SHA224, }, - {PK11_SHA256, NID_sha256, CKM_SHA256, }, - {PK11_SHA384, NID_sha384, CKM_SHA384, }, - {PK11_SHA512, NID_sha512, CKM_SHA512, }, - {0, NID_undef, 0xFFFF, }, - }; - -/* - * Structure to be used for the cipher_data/md_data in - * EVP_CIPHER_CTX/EVP_MD_CTX structures in order to use the same pk11 - * session in multiple cipher_update calls - */ -typedef struct PK11_CIPHER_STATE_st - { - PK11_SESSION *sp; - } PK11_CIPHER_STATE; - - -/* - * libcrypto EVP stuff - this is how we get wired to EVP so the engine gets - * called when libcrypto requests a cipher NID. - * - * Note how the PK11_CIPHER_STATE is used here. - */ - -/* DES CBC EVP */ -static const EVP_CIPHER pk11_des_cbc = - { - NID_des_cbc, - 8, 8, 8, - EVP_CIPH_CBC_MODE, - pk11_cipher_init, - pk11_cipher_do_cipher, - pk11_cipher_cleanup, - sizeof (PK11_CIPHER_STATE), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL - }; - -/* 3DES CBC EVP */ -static const EVP_CIPHER pk11_3des_cbc = - { - NID_des_ede3_cbc, - 8, 24, 8, - EVP_CIPH_CBC_MODE, - pk11_cipher_init, - pk11_cipher_do_cipher, - pk11_cipher_cleanup, - sizeof (PK11_CIPHER_STATE), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL - }; - -/* - * ECB modes don't use an Initial Vector so that's why set_asn1_parameters and - * get_asn1_parameters fields are set to NULL. - */ -static const EVP_CIPHER pk11_des_ecb = - { - NID_des_ecb, - 8, 8, 8, - EVP_CIPH_ECB_MODE, - pk11_cipher_init, - pk11_cipher_do_cipher, - pk11_cipher_cleanup, - sizeof (PK11_CIPHER_STATE), - NULL, - NULL, - NULL - }; - -static const EVP_CIPHER pk11_3des_ecb = - { - NID_des_ede3_ecb, - 8, 24, 8, - EVP_CIPH_ECB_MODE, - pk11_cipher_init, - pk11_cipher_do_cipher, - pk11_cipher_cleanup, - sizeof (PK11_CIPHER_STATE), - NULL, - NULL, - NULL - }; - - -static const EVP_CIPHER pk11_aes_128_cbc = - { - NID_aes_128_cbc, - 16, 16, 16, - EVP_CIPH_CBC_MODE, - pk11_cipher_init, - pk11_cipher_do_cipher, - pk11_cipher_cleanup, - sizeof (PK11_CIPHER_STATE), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL - }; - -static const EVP_CIPHER pk11_aes_192_cbc = - { - NID_aes_192_cbc, - 16, 24, 16, - EVP_CIPH_CBC_MODE, - pk11_cipher_init, - pk11_cipher_do_cipher, - pk11_cipher_cleanup, - sizeof (PK11_CIPHER_STATE), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL - }; - -static const EVP_CIPHER pk11_aes_256_cbc = - { - NID_aes_256_cbc, - 16, 32, 16, - EVP_CIPH_CBC_MODE, - pk11_cipher_init, - pk11_cipher_do_cipher, - pk11_cipher_cleanup, - sizeof (PK11_CIPHER_STATE), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL - }; - -/* - * ECB modes don't use IV so that's why set_asn1_parameters and - * get_asn1_parameters are set to NULL. - */ -static const EVP_CIPHER pk11_aes_128_ecb = - { - NID_aes_128_ecb, - 16, 16, 0, - EVP_CIPH_ECB_MODE, - pk11_cipher_init, - pk11_cipher_do_cipher, - pk11_cipher_cleanup, - sizeof (PK11_CIPHER_STATE), - NULL, - NULL, - NULL - }; - -static const EVP_CIPHER pk11_aes_192_ecb = - { - NID_aes_192_ecb, - 16, 24, 0, - EVP_CIPH_ECB_MODE, - pk11_cipher_init, - pk11_cipher_do_cipher, - pk11_cipher_cleanup, - sizeof (PK11_CIPHER_STATE), - NULL, - NULL, - NULL - }; - -static const EVP_CIPHER pk11_aes_256_ecb = - { - NID_aes_256_ecb, - 16, 32, 0, - EVP_CIPH_ECB_MODE, - pk11_cipher_init, - pk11_cipher_do_cipher, - pk11_cipher_cleanup, - sizeof (PK11_CIPHER_STATE), - NULL, - NULL, - NULL - }; - -#ifdef SOLARIS_AES_CTR -/* - * NID_undef's will be changed to the AES counter mode NIDs as soon they are - * created in pk11_library_init(). Note that the need to change these structures - * is the reason why we don't define them with the const keyword. - */ -static EVP_CIPHER pk11_aes_128_ctr = - { - NID_undef, - 16, 16, 16, - EVP_CIPH_CBC_MODE, - pk11_cipher_init, - pk11_cipher_do_cipher, - pk11_cipher_cleanup, - sizeof (PK11_CIPHER_STATE), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL - }; - -static EVP_CIPHER pk11_aes_192_ctr = - { - NID_undef, - 16, 24, 16, - EVP_CIPH_CBC_MODE, - pk11_cipher_init, - pk11_cipher_do_cipher, - pk11_cipher_cleanup, - sizeof (PK11_CIPHER_STATE), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL - }; - -static EVP_CIPHER pk11_aes_256_ctr = - { - NID_undef, - 16, 32, 16, - EVP_CIPH_CBC_MODE, - pk11_cipher_init, - pk11_cipher_do_cipher, - pk11_cipher_cleanup, - sizeof (PK11_CIPHER_STATE), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL - }; -#endif /* SOLARIS_AES_CTR */ - -static const EVP_CIPHER pk11_bf_cbc = - { - NID_bf_cbc, - 8, 16, 8, - EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CBC_MODE, - pk11_cipher_init, - pk11_cipher_do_cipher, - pk11_cipher_cleanup, - sizeof (PK11_CIPHER_STATE), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL - }; - -static const EVP_CIPHER pk11_rc4 = - { - NID_rc4, - 1, 16, 0, - EVP_CIPH_VARIABLE_LENGTH, - pk11_cipher_init, - pk11_cipher_do_cipher, - pk11_cipher_cleanup, - sizeof (PK11_CIPHER_STATE), - NULL, - NULL, - NULL - }; - -static const EVP_MD pk11_md5 = - { - NID_md5, - NID_md5WithRSAEncryption, - MD5_DIGEST_LENGTH, - 0, - pk11_digest_init, - pk11_digest_update, - pk11_digest_final, - pk11_digest_copy, - pk11_digest_cleanup, - EVP_PKEY_RSA_method, - MD5_CBLOCK, - sizeof (PK11_CIPHER_STATE), - }; - -static const EVP_MD pk11_sha1 = - { - NID_sha1, - NID_sha1WithRSAEncryption, - SHA_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, - pk11_digest_init, - pk11_digest_update, - pk11_digest_final, - pk11_digest_copy, - pk11_digest_cleanup, - EVP_PKEY_RSA_method, - SHA_CBLOCK, - sizeof (PK11_CIPHER_STATE), - }; - -static const EVP_MD pk11_sha224 = - { - NID_sha224, - NID_sha224WithRSAEncryption, - SHA224_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, - pk11_digest_init, - pk11_digest_update, - pk11_digest_final, - pk11_digest_copy, - pk11_digest_cleanup, - EVP_PKEY_RSA_method, - /* SHA-224 uses the same cblock size as SHA-256 */ - SHA256_CBLOCK, - sizeof (PK11_CIPHER_STATE), - }; - -static const EVP_MD pk11_sha256 = - { - NID_sha256, - NID_sha256WithRSAEncryption, - SHA256_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, - pk11_digest_init, - pk11_digest_update, - pk11_digest_final, - pk11_digest_copy, - pk11_digest_cleanup, - EVP_PKEY_RSA_method, - SHA256_CBLOCK, - sizeof (PK11_CIPHER_STATE), - }; - -static const EVP_MD pk11_sha384 = - { - NID_sha384, - NID_sha384WithRSAEncryption, - SHA384_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, - pk11_digest_init, - pk11_digest_update, - pk11_digest_final, - pk11_digest_copy, - pk11_digest_cleanup, - EVP_PKEY_RSA_method, - /* SHA-384 uses the same cblock size as SHA-512 */ - SHA512_CBLOCK, - sizeof (PK11_CIPHER_STATE), - }; - -static const EVP_MD pk11_sha512 = - { - NID_sha512, - NID_sha512WithRSAEncryption, - SHA512_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, - pk11_digest_init, - pk11_digest_update, - pk11_digest_final, - pk11_digest_copy, - pk11_digest_cleanup, - EVP_PKEY_RSA_method, - SHA512_CBLOCK, - sizeof (PK11_CIPHER_STATE), - }; - -/* - * Initialization function. Sets up various PKCS#11 library components. - * The definitions for control commands specific to this engine - */ -#define PK11_CMD_SO_PATH ENGINE_CMD_BASE -static const ENGINE_CMD_DEFN pk11_cmd_defns[] = - { - { - PK11_CMD_SO_PATH, - "SO_PATH", - "Specifies the path to the 'pkcs#11' shared library", - ENGINE_CMD_FLAG_STRING - }, - {0, NULL, NULL, 0} - }; - - -static RAND_METHOD pk11_random = - { - pk11_rand_seed, - pk11_rand_bytes, - pk11_rand_cleanup, - pk11_rand_add, - pk11_rand_bytes, - pk11_rand_status - }; - - -/* Constants used when creating the ENGINE */ -static const char *engine_pk11_id = "pkcs11"; -static const char *engine_pk11_name = "PKCS #11 engine support"; - -CK_FUNCTION_LIST_PTR pFuncList = NULL; -static const char PK11_GET_FUNCTION_LIST[] = "C_GetFunctionList"; - -/* - * This is a static string constant for the DSO file name and the function - * symbol names to bind to. We set it in the Configure script based on whether - * this is 32 or 64 bit build. - */ -static const char def_PK11_LIBNAME[] = PK11_LIB_LOCATION; - -static CK_BBOOL pk11_true = CK_TRUE; -static CK_BBOOL pk11_false = CK_FALSE; -/* Needed in hw_pk11_pub.c as well so that's why it is not static. */ -CK_SLOT_ID pubkey_SLOTID = 0; -static CK_SLOT_ID rand_SLOTID = 0; -static CK_SLOT_ID SLOTID = 0; -static CK_BBOOL pk11_library_initialized = CK_FALSE; -static CK_BBOOL pk11_atfork_initialized = CK_FALSE; -static int pk11_pid = 0; -static ENGINE* pk11_engine = NULL; - -static DSO *pk11_dso = NULL; - -/* allocate and initialize all locks used by the engine itself */ -static int pk11_init_all_locks(void) - { - int type; - -#ifndef OPENSSL_NO_RSA - find_lock[OP_RSA] = OPENSSL_malloc(sizeof (pthread_mutex_t)); - if (find_lock[OP_RSA] == NULL) - goto malloc_err; - (void) pthread_mutex_init(find_lock[OP_RSA], NULL); -#endif /* OPENSSL_NO_RSA */ - - if ((uri_lock = OPENSSL_malloc(sizeof (pthread_mutex_t))) == NULL) - goto malloc_err; - (void) pthread_mutex_init(uri_lock, NULL); - -#ifndef OPENSSL_NO_DSA - find_lock[OP_DSA] = OPENSSL_malloc(sizeof (pthread_mutex_t)); - if (find_lock[OP_DSA] == NULL) - goto malloc_err; - (void) pthread_mutex_init(find_lock[OP_DSA], NULL); -#endif /* OPENSSL_NO_DSA */ - -#ifndef OPENSSL_NO_DH - find_lock[OP_DH] = OPENSSL_malloc(sizeof (pthread_mutex_t)); - if (find_lock[OP_DH] == NULL) - goto malloc_err; - (void) pthread_mutex_init(find_lock[OP_DH], NULL); -#endif /* OPENSSL_NO_DH */ - - for (type = 0; type < OP_MAX; type++) - { - session_cache[type].lock = - OPENSSL_malloc(sizeof (pthread_mutex_t)); - if (session_cache[type].lock == NULL) - goto malloc_err; - (void) pthread_mutex_init(session_cache[type].lock, NULL); - } - - return (1); - -malloc_err: - pk11_free_all_locks(); - PK11err(PK11_F_INIT_ALL_LOCKS, PK11_R_MALLOC_FAILURE); - return (0); - } - -static void pk11_free_all_locks(void) - { - int type; - -#ifndef OPENSSL_NO_RSA - if (find_lock[OP_RSA] != NULL) - { - (void) pthread_mutex_destroy(find_lock[OP_RSA]); - OPENSSL_free(find_lock[OP_RSA]); - find_lock[OP_RSA] = NULL; - } -#endif /* OPENSSL_NO_RSA */ -#ifndef OPENSSL_NO_DSA - if (find_lock[OP_DSA] != NULL) - { - (void) pthread_mutex_destroy(find_lock[OP_DSA]); - OPENSSL_free(find_lock[OP_DSA]); - find_lock[OP_DSA] = NULL; - } -#endif /* OPENSSL_NO_DSA */ -#ifndef OPENSSL_NO_DH - if (find_lock[OP_DH] != NULL) - { - (void) pthread_mutex_destroy(find_lock[OP_DH]); - OPENSSL_free(find_lock[OP_DH]); - find_lock[OP_DH] = NULL; - } -#endif /* OPENSSL_NO_DH */ - - for (type = 0; type < OP_MAX; type++) - { - if (session_cache[type].lock != NULL) - { - (void) pthread_mutex_destroy(session_cache[type].lock); - OPENSSL_free(session_cache[type].lock); - session_cache[type].lock = NULL; - } - } - /* Free uri_lock */ - (void) pthread_mutex_destroy(uri_lock); - OPENSSL_free(uri_lock); - uri_lock = NULL; - } - -/* - * This internal function is used by ENGINE_pk11() and "dynamic" ENGINE support. - */ -static int bind_pk11(ENGINE *e) - { -#ifndef OPENSSL_NO_RSA - const RSA_METHOD *rsa = NULL; - RSA_METHOD *pk11_rsa = PK11_RSA(); -#endif /* OPENSSL_NO_RSA */ - if (!pk11_library_initialized) - if (!pk11_library_init(e)) - return (0); - - if (!ENGINE_set_id(e, engine_pk11_id) || - !ENGINE_set_name(e, engine_pk11_name) || - !ENGINE_set_ciphers(e, pk11_engine_ciphers) || - !ENGINE_set_digests(e, pk11_engine_digests)) - return (0); - - if (!ENGINE_set_pkey_meths(e, pk11_engine_pkey_methods)) - return (0); - -#ifndef OPENSSL_NO_RSA - if (pk11_have_rsa == CK_TRUE) - { - if (!ENGINE_set_RSA(e, PK11_RSA()) || - !ENGINE_set_load_privkey_function(e, pk11_load_privkey) || - !ENGINE_set_load_pubkey_function(e, pk11_load_pubkey)) - return (0); - DEBUG_SLOT_SEL("%s: registered RSA\n", PK11_DBG); - } -#endif /* OPENSSL_NO_RSA */ -#ifndef OPENSSL_NO_DSA - if (pk11_have_dsa == CK_TRUE) - { - if (!ENGINE_set_DSA(e, PK11_DSA())) - return (0); - DEBUG_SLOT_SEL("%s: registered DSA\n", PK11_DBG); - } -#endif /* OPENSSL_NO_DSA */ -#ifndef OPENSSL_NO_DH - if (pk11_have_dh == CK_TRUE) - { - if (!ENGINE_set_DH(e, PK11_DH())) - return (0); - DEBUG_SLOT_SEL("%s: registered DH\n", PK11_DBG); - } -#endif /* OPENSSL_NO_DH */ - if (pk11_have_random) - { - if (!ENGINE_set_RAND(e, &pk11_random)) - return (0); - DEBUG_SLOT_SEL("%s: registered random\n", PK11_DBG); - } - if (!ENGINE_set_init_function(e, pk11_init) || - !ENGINE_set_destroy_function(e, pk11_destroy) || - !ENGINE_set_finish_function(e, pk11_finish) || - !ENGINE_set_ctrl_function(e, pk11_ctrl) || - !ENGINE_set_cmd_defns(e, pk11_cmd_defns)) - return (0); - -/* - * Apache calls OpenSSL function RSA_blinding_on() once during startup - * which in turn calls bn_mod_exp. Since we do not implement bn_mod_exp - * here, we wire it back to the OpenSSL software implementation. - * Since it is used only once, performance is not a concern. - */ -#ifndef OPENSSL_NO_RSA - rsa = RSA_PKCS1_SSLeay(); - pk11_rsa->rsa_mod_exp = rsa->rsa_mod_exp; - pk11_rsa->bn_mod_exp = rsa->bn_mod_exp; -#endif /* OPENSSL_NO_RSA */ - - /* Ensure the pk11 error handling is set up */ - ERR_load_pk11_strings(); - - return (1); - } - -/* Dynamic engine support is disabled at a higher level for Solaris */ -#ifdef ENGINE_DYNAMIC_SUPPORT -static int bind_helper(ENGINE *e, const char *id) - { - if (id && (strcmp(id, engine_pk11_id) != 0)) - return (0); - - if (!bind_pk11(e)) - return (0); - - return (1); - } - -IMPLEMENT_DYNAMIC_CHECK_FN() -IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) - -#else -static ENGINE *engine_pk11(void) - { - ENGINE *ret = ENGINE_new(); - - if (!ret) - return (NULL); - - if (!bind_pk11(ret)) - { - ENGINE_free(ret); - return (NULL); - } - - return (ret); - } - -int -pk11_engine_loaded() - { - ENGINE *e; - int rtrn = 0; - - if ((e = ENGINE_by_id(engine_pk11_id)) != NULL) - { - rtrn = 1; - ENGINE_free(e); - } - return (rtrn); - } - -void -ENGINE_load_pk11(void) - { - ENGINE *e_pk11 = NULL; - - /* - * Do not attempt to load the engine twice! - * Multiple instances would share static variables from this file. - */ - if (pk11_engine_loaded()) - return; - - /* - * Do not use dynamic PKCS#11 library on Solaris due to - * security reasons. We will link it in statically. - */ - /* Attempt to load PKCS#11 library */ - if (!pk11_dso) - pk11_dso = DSO_load(NULL, get_PK11_LIBNAME(), NULL, 0); - - if (pk11_dso == NULL) - { - PK11err(PK11_F_LOAD, PK11_R_DSO_FAILURE); - return; - } - - e_pk11 = engine_pk11(); - if (!e_pk11) - { - DSO_free(pk11_dso); - pk11_dso = NULL; - return; - } - - /* - * At this point, the pk11 shared library is either dynamically - * loaded or statically linked in. So, initialize the pk11 - * library before calling ENGINE_set_default since the latter - * needs cipher and digest algorithm information - */ - if (!pk11_library_init(e_pk11)) - { - DSO_free(pk11_dso); - pk11_dso = NULL; - ENGINE_free(e_pk11); - return; - } - - ENGINE_add(e_pk11); - - ENGINE_free(e_pk11); - ERR_clear_error(); - } -#endif /* ENGINE_DYNAMIC_SUPPORT */ - -/* - * These are the static string constants for the DSO file name and - * the function symbol names to bind to. - */ -static const char *PK11_LIBNAME = NULL; - -static const char *get_PK11_LIBNAME(void) - { - if (PK11_LIBNAME) - return (PK11_LIBNAME); - - return (def_PK11_LIBNAME); - } - -static void free_PK11_LIBNAME(void) - { - if (PK11_LIBNAME) - OPENSSL_free((void*)PK11_LIBNAME); - - PK11_LIBNAME = NULL; - } - -static long set_PK11_LIBNAME(const char *name) - { - free_PK11_LIBNAME(); - - return ((PK11_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0); - } - -/* acquire all engine specific mutexes before fork */ -static void pk11_fork_prepare(void) - { - int i; - - if (!pk11_library_initialized) - return; - - LOCK_OBJSTORE(OP_RSA); - LOCK_OBJSTORE(OP_DSA); - LOCK_OBJSTORE(OP_DH); - (void) pthread_mutex_lock(uri_lock); - for (i = 0; i < OP_MAX; i++) - { - (void) pthread_mutex_lock(session_cache[i].lock); - } - } - -/* release all engine specific mutexes */ -static void pk11_fork_parent(void) - { - int i; - - if (!pk11_library_initialized) - return; - - for (i = OP_MAX - 1; i >= 0; i--) - { - (void) pthread_mutex_unlock(session_cache[i].lock); - } - UNLOCK_OBJSTORE(OP_DH); - UNLOCK_OBJSTORE(OP_DSA); - UNLOCK_OBJSTORE(OP_RSA); - (void) pthread_mutex_unlock(uri_lock); - } - -/* - * same situation as in parent - we need to unlock all locks to make them - * accessible to all threads. - */ -static void pk11_fork_child(void) - { - int i; - - if (!pk11_library_initialized) - return; - - for (i = OP_MAX - 1; i >= 0; i--) - { - (void) pthread_mutex_unlock(session_cache[i].lock); - } - UNLOCK_OBJSTORE(OP_DH); - UNLOCK_OBJSTORE(OP_DSA); - UNLOCK_OBJSTORE(OP_RSA); - (void) pthread_mutex_unlock(uri_lock); - } - -/* Initialization function for the pk11 engine */ -static int pk11_init(ENGINE *e) -{ - return (pk11_library_init(e)); -} - -/* - * Helper function that unsets reference to current engine (pk11_engine = NULL). - * - * Use of local variable only seems clumsy, it needs to be this way! - * This is to prevent double free in the unlucky scenario: - * ENGINE_free calls pk11_destroy calls pk11_finish calls ENGINE_free - * Setting pk11_engine to NULL prior to ENGINE_free() avoids this. - */ -static void pk11_engine_free() - { - ENGINE* old_engine = pk11_engine; - - if (old_engine) { - pk11_engine = NULL; - } - } - -/* - * Initialization function. Sets up various PKCS#11 library components. - * It selects a slot based on predefined critiera. In the process, it also - * count how many ciphers and digests to support. Since the cipher and - * digest information is needed when setting default engine, this function - * needs to be called before calling ENGINE_set_default. - */ -/* ARGSUSED */ -static int pk11_library_init(ENGINE *e) - { - CK_C_GetFunctionList p; - CK_RV rv = CKR_OK; - CK_INFO info; - CK_ULONG ul_state_len; - int any_slot_found; - int i; - - if (e != pk11_engine) - { - pk11_engine_free(); - pk11_engine = e; - } - - /* - * pk11_library_initialized is set to 0 in pk11_finish() which is called - * from ENGINE_finish(). However, if there is still at least one - * existing functional reference to the engine (see engine(3) for more - * information), pk11_finish() is skipped. For example, this can happen - * if an application forgets to clear one cipher context. In case of a - * fork() when the application is finishing the engine so that it can be - * reinitialized in the child, forgotten functional reference causes - * pk11_library_initialized to stay 1. In that case we need the PID - * check so that we properly initialize the engine again. - */ - if (pk11_library_initialized) - { - if (pk11_pid == getpid()) - { - return (1); - } - else - { - global_session = CK_INVALID_HANDLE; - /* - * free the locks first to prevent memory leak in case - * the application calls fork() without finishing the - * engine first. - */ - pk11_free_all_locks(); - } - } - - - /* Attempt to load PKCS#11 library */ - if (!pk11_dso) - { - pk11_dso = DSO_load(NULL, get_PK11_LIBNAME(), NULL, 0); - if (pk11_dso == NULL) - { - PK11err(PK11_F_LOAD, PK11_R_DSO_FAILURE); - goto err; - } - } - -#ifdef SOLARIS_AES_CTR - /* - * We must do this before we start working with slots since we need all - * NIDs there. - */ - if (pk11_add_aes_ctr_NIDs() == 0) - goto err; -#endif /* SOLARIS_AES_CTR */ - -#ifdef SOLARIS_HW_SLOT_SELECTION - if (check_hw_mechanisms() == 0) - goto err; -#endif /* SOLARIS_HW_SLOT_SELECTION */ - - /* get the C_GetFunctionList function from the loaded library */ - p = (CK_C_GetFunctionList)DSO_bind_func(pk11_dso, - PK11_GET_FUNCTION_LIST); - if (!p) - { - PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE); - goto err; - } - - /* get the full function list from the loaded library */ - rv = p(&pFuncList); - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE, rv); - goto err; - } - - rv = pFuncList->C_Initialize(NULL_PTR); - if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED)) - { - PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_INITIALIZE, rv); - goto err; - } - - rv = pFuncList->C_GetInfo(&info); - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_GETINFO, rv); - goto err; - } - - if (pk11_choose_slots(&any_slot_found) == 0) - goto err; - - /* - * The library we use, set in def_PK11_LIBNAME, may not offer any - * slot(s). In that case, we must not proceed but we must not return an - * error. The reason is that applications that try to set up the PKCS#11 - * engine don't exit on error during the engine initialization just - * because no slot was present. - */ - if (any_slot_found == 0) - return (1); - - if (global_session == CK_INVALID_HANDLE) - { - /* Open the global_session for the new process */ - rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION, - NULL_PTR, NULL_PTR, &global_session); - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_LIBRARY_INIT, - PK11_R_OPENSESSION, rv); - goto err; - } - } - - /* - * Disable digest if C_GetOperationState is not supported since - * this function is required by OpenSSL digest copy function - */ - if (pFuncList->C_GetOperationState(global_session, NULL, &ul_state_len) - == CKR_FUNCTION_NOT_SUPPORTED) { - DEBUG_SLOT_SEL("%s: C_GetOperationState() not supported, " - "setting digest_count to 0\n", PK11_DBG); - digest_count = 0; - } - - pk11_library_initialized = CK_TRUE; - pk11_pid = getpid(); - /* - * if initialization of the locks fails pk11_init_all_locks() - * will do the cleanup. - */ - if (!pk11_init_all_locks()) - goto err; - for (i = 0; i < OP_MAX; i++) - session_cache[i].head = NULL; - /* - * initialize active lists. We only use active lists - * for asymmetric ciphers. - */ - for (i = 0; i < OP_MAX; i++) - active_list[i] = NULL; - - if (!pk11_atfork_initialized) - { - if (pthread_atfork(pk11_fork_prepare, pk11_fork_parent, - pk11_fork_child) != 0) - { - PK11err(PK11_F_LIBRARY_INIT, PK11_R_ATFORK_FAILED); - goto err; - } - pk11_atfork_initialized = CK_TRUE; - } - - return (1); - -err: - return (0); - } - -/* Destructor (complements the "ENGINE_pk11()" constructor) */ -/* ARGSUSED */ -static int pk11_destroy(ENGINE *e) - { - int rtn = 1; - - free_PK11_LIBNAME(); - ERR_unload_pk11_strings(); - if (pk11_library_initialized == CK_TRUE) - rtn = pk11_finish(e); - - return (rtn); - } - -/* - * Termination function to clean up the session, the token, and the pk11 - * library. - */ -/* ARGSUSED */ -static int pk11_finish(ENGINE *e) - { - int i; - - /* - * Make sure, right engine instance is being destroyed. - * Engine e may be the wrong instance if - * 1) either someone calls ENGINE_load_pk11 twice - * 2) or last ref. to an already finished engine is being destroyed - */ - if (e != pk11_engine) - goto err; - - if (pk11_dso == NULL) - { - PK11err(PK11_F_FINISH, PK11_R_NOT_LOADED); - goto err; - } - - OPENSSL_assert(pFuncList != NULL); - - if (pk11_free_all_sessions() == 0) - goto err; - - /* free all active lists */ - for (i = 0; i < OP_MAX; i++) - pk11_free_active_list(i); - - pFuncList->C_CloseSession(global_session); - global_session = CK_INVALID_HANDLE; - - /* - * Since we are part of a library (libcrypto.so), calling this function - * may have side-effects. - */ -#if 0 - pFuncList->C_Finalize(NULL); -#endif -#ifdef SOLARIS_AES_CTR - { - ASN1_OBJECT *ob = NULL; - if (NID_aes_128_ctr != NID_undef) { - ob = OBJ_nid2obj(NID_aes_128_ctr); - if (ob != NULL) - ASN1_OBJECT_free(ob); - } - if (NID_aes_192_ctr != NID_undef) { - ob = OBJ_nid2obj(NID_aes_192_ctr); - if (ob != NULL) - ASN1_OBJECT_free(ob); - } - if (NID_aes_256_ctr != NID_undef) { - ob = OBJ_nid2obj(NID_aes_256_ctr); - if (ob != NULL) - ASN1_OBJECT_free(ob); - } - } -#endif - - if (!DSO_free(pk11_dso)) - { - PK11err(PK11_F_FINISH, PK11_R_DSO_FAILURE); - goto err; - } - pk11_dso = NULL; - pFuncList = NULL; - pk11_library_initialized = CK_FALSE; - pk11_pid = 0; - pk11_engine_free(); - /* - * There is no way how to unregister atfork handlers (other than - * unloading the library) so we just free the locks. For this reason - * the atfork handlers check if the engine is initialized and bail out - * immediately if not. This is necessary in case a process finishes - * the engine before calling fork(). - */ - pk11_free_all_locks(); - - return (1); - -err: - return (0); - } - -/* Standard engine interface function to set the dynamic library path */ -/* ARGSUSED */ -static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) - { - int initialized = ((pk11_dso == NULL) ? 0 : 1); - - switch (cmd) - { - case PK11_CMD_SO_PATH: - if (p == NULL) - { - PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER); - return (0); - } - - if (initialized) - { - PK11err(PK11_F_CTRL, PK11_R_ALREADY_LOADED); - return (0); - } - - return (set_PK11_LIBNAME((const char *)p)); - default: - break; - } - - PK11err(PK11_F_CTRL, PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED); - - return (0); - } - - -/* Required function by the engine random interface. It does nothing here */ -static void pk11_rand_cleanup(void) - { - return; - } - -/* ARGSUSED */ -static void pk11_rand_add(const void *buf, int num, double add) - { - PK11_SESSION *sp; - - if ((sp = pk11_get_session(OP_RAND)) == NULL) - return; - - /* - * Ignore any errors (e.g. CKR_RANDOM_SEED_NOT_SUPPORTED) since - * the calling functions do not care anyway - */ - pFuncList->C_SeedRandom(sp->session, (unsigned char *) buf, num); - pk11_return_session(sp, OP_RAND); - - return; - } - -static void pk11_rand_seed(const void *buf, int num) - { - pk11_rand_add(buf, num, 0); - } - -static int pk11_rand_bytes(unsigned char *buf, int num) - { - CK_RV rv; - PK11_SESSION *sp; - - if ((sp = pk11_get_session(OP_RAND)) == NULL) - return (0); - - rv = pFuncList->C_GenerateRandom(sp->session, buf, num); - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_RAND_BYTES, PK11_R_GENERATERANDOM, rv); - pk11_return_session(sp, OP_RAND); - return (0); - } - - pk11_return_session(sp, OP_RAND); - return (1); - } - -/* Required function by the engine random interface. It does nothing here */ -static int pk11_rand_status(void) - { - return (1); - } - -/* Free all BIGNUM structures from PK11_SESSION. */ -static void pk11_free_nums(PK11_SESSION *sp, PK11_OPTYPE optype) - { - switch (optype) - { -#ifndef OPENSSL_NO_RSA - case OP_RSA: - if (sp->opdata_rsa_n_num != NULL) - { - BN_free(sp->opdata_rsa_n_num); - sp->opdata_rsa_n_num = NULL; - } - if (sp->opdata_rsa_e_num != NULL) - { - BN_free(sp->opdata_rsa_e_num); - sp->opdata_rsa_e_num = NULL; - } - if (sp->opdata_rsa_d_num != NULL) - { - BN_free(sp->opdata_rsa_d_num); - sp->opdata_rsa_d_num = NULL; - } - break; -#endif -#ifndef OPENSSL_NO_DSA - case OP_DSA: - if (sp->opdata_dsa_pub_num != NULL) - { - BN_free(sp->opdata_dsa_pub_num); - sp->opdata_dsa_pub_num = NULL; - } - if (sp->opdata_dsa_priv_num != NULL) - { - BN_free(sp->opdata_dsa_priv_num); - sp->opdata_dsa_priv_num = NULL; - } - break; -#endif -#ifndef OPENSSL_NO_DH - case OP_DH: - if (sp->opdata_dh_priv_num != NULL) - { - BN_free(sp->opdata_dh_priv_num); - sp->opdata_dh_priv_num = NULL; - } - break; -#endif - default: - break; - } - } - -/* - * Get new PK11_SESSION structure ready for use. Every process must have - * its own freelist of PK11_SESSION structures so handle fork() here - * by destroying the old and creating new freelist. - * The returned PK11_SESSION structure is disconnected from the freelist. - */ -PK11_SESSION * -pk11_get_session(PK11_OPTYPE optype) - { - PK11_SESSION *sp = NULL, *sp1, *freelist; - pthread_mutex_t *freelist_lock; - static pid_t pid = 0; - pid_t new_pid; - CK_RV rv; - - switch (optype) - { - case OP_RSA: - case OP_DSA: - case OP_DH: - case OP_RAND: - case OP_DIGEST: - case OP_CIPHER: - freelist_lock = session_cache[optype].lock; - break; - default: - PK11err(PK11_F_GET_SESSION, - PK11_R_INVALID_OPERATION_TYPE); - return (NULL); - } - (void) pthread_mutex_lock(freelist_lock); - - /* - * Will use it to find out if we forked. We cannot use the PID field in - * the session structure because we could get a newly allocated session - * here, with no PID information. - */ - if (pid == 0) - pid = getpid(); - - freelist = session_cache[optype].head; - sp = freelist; - - /* - * If the free list is empty, allocate new uninitialized (filled - * with zeroes) PK11_SESSION structure otherwise return first - * structure from the freelist. - */ - if (sp == NULL) - { - if ((sp = OPENSSL_malloc(sizeof (PK11_SESSION))) == NULL) - { - PK11err(PK11_F_GET_SESSION, - PK11_R_MALLOC_FAILURE); - goto err; - } - (void) memset(sp, 0, sizeof (PK11_SESSION)); - - /* - * It is a new session so it will look like a cache miss to the - * code below. So, we must not try to to destroy its members so - * mark them as unused. - */ - sp->opdata_rsa_priv_key = CK_INVALID_HANDLE; - sp->opdata_rsa_pub_key = CK_INVALID_HANDLE; - } - else - freelist = sp->next; - - /* - * Check whether we have forked. In that case, we must get rid of all - * inherited sessions and start allocating new ones. - */ - if (pid != (new_pid = getpid())) - { - pid = new_pid; - - /* - * We are a new process and thus need to free any inherited - * PK11_SESSION objects aside from the first session (sp) which - * is the only PK11_SESSION structure we will reuse (for the - * head of the list). - */ - while ((sp1 = freelist) != NULL) - { - freelist = sp1->next; - /* - * NOTE: we do not want to call pk11_free_all_sessions() - * here because it would close underlying PKCS#11 - * sessions and destroy all objects. - */ - pk11_free_nums(sp1, optype); - OPENSSL_free(sp1); - } - - /* we have to free the active list as well. */ - pk11_free_active_list(optype); - - /* Initialize the process */ - rv = pFuncList->C_Initialize(NULL_PTR); - if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED)) - { - PK11err_add_data(PK11_F_GET_SESSION, PK11_R_INITIALIZE, - rv); - OPENSSL_free(sp); - sp = NULL; - goto err; - } - - /* - * Choose slot here since the slot table is different on this - * process. If we are here then we must have found at least one - * usable slot before so we don't need to check any_slot_found. - * See pk11_library_init()'s usage of this function for more - * information. - */ -#ifdef SOLARIS_HW_SLOT_SELECTION - if (check_hw_mechanisms() == 0) - goto err; -#endif /* SOLARIS_HW_SLOT_SELECTION */ - if (pk11_choose_slots(NULL) == 0) - goto err; - - /* Open the global_session for the new process */ - rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION, - NULL_PTR, NULL_PTR, &global_session); - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_GET_SESSION, PK11_R_OPENSESSION, - rv); - OPENSSL_free(sp); - sp = NULL; - goto err; - } - - /* - * It is an inherited session from our parent so it needs - * re-initialization. - */ - if (pk11_setup_session(sp, optype) == 0) - { - OPENSSL_free(sp); - sp = NULL; - goto err; - } - if (pk11_token_relogin(sp->session) == 0) - { - /* - * We will keep the session in the cache list and let - * the caller cope with the situation. - */ - freelist = sp; - sp = NULL; - goto err; - } - } - - if (sp->pid == 0) - { - /* It is a new session and needs initialization. */ - if (pk11_setup_session(sp, optype) == 0) - { - OPENSSL_free(sp); - sp = NULL; - } - } - - /* set new head for the list of PK11_SESSION objects */ - session_cache[optype].head = freelist; - -err: - if (sp != NULL) - sp->next = NULL; - - (void) pthread_mutex_unlock(freelist_lock); - - return (sp); - } - - -void -pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype) - { - pthread_mutex_t *freelist_lock; - PK11_SESSION *freelist; - - /* - * If this is a session from the parent it will be taken care of and - * freed in pk11_get_session() as part of the post-fork clean up the - * next time we will ask for a new session. - */ - if (sp == NULL || sp->pid != getpid()) - return; - - switch (optype) - { - case OP_RSA: - case OP_DSA: - case OP_DH: - case OP_RAND: - case OP_DIGEST: - case OP_CIPHER: - freelist_lock = session_cache[optype].lock; - break; - default: - PK11err(PK11_F_RETURN_SESSION, - PK11_R_INVALID_OPERATION_TYPE); - return; - } - - (void) pthread_mutex_lock(freelist_lock); - freelist = session_cache[optype].head; - sp->next = freelist; - session_cache[optype].head = sp; - (void) pthread_mutex_unlock(freelist_lock); - } - - -/* Destroy all objects. This function is called when the engine is finished */ -static int pk11_free_all_sessions() - { - int ret = 1; - int type; - -#ifndef OPENSSL_NO_RSA - (void) pk11_destroy_rsa_key_objects(NULL); -#endif /* OPENSSL_NO_RSA */ -#ifndef OPENSSL_NO_DSA - (void) pk11_destroy_dsa_key_objects(NULL); -#endif /* OPENSSL_NO_DSA */ -#ifndef OPENSSL_NO_DH - (void) pk11_destroy_dh_key_objects(NULL); -#endif /* OPENSSL_NO_DH */ - (void) pk11_destroy_cipher_key_objects(NULL); - - /* - * We try to release as much as we can but any error means that we will - * return 0 on exit. - */ - for (type = 0; type < OP_MAX; type++) - { - if (pk11_free_session_list(type) == 0) - ret = 0; - } - - return (ret); - } - -/* - * Destroy session structures from the linked list specified. Free as many - * sessions as possible but any failure in C_CloseSession() means that we - * return an error on return. - */ -static int pk11_free_session_list(PK11_OPTYPE optype) - { - CK_RV rv; - PK11_SESSION *sp = NULL; - PK11_SESSION *freelist = NULL; - pid_t mypid = getpid(); - pthread_mutex_t *freelist_lock; - int ret = 1; - - switch (optype) - { - case OP_RSA: - case OP_DSA: - case OP_DH: - case OP_RAND: - case OP_DIGEST: - case OP_CIPHER: - freelist_lock = session_cache[optype].lock; - break; - default: - PK11err(PK11_F_FREE_ALL_SESSIONS, - PK11_R_INVALID_OPERATION_TYPE); - return (0); - } - - (void) pthread_mutex_lock(freelist_lock); - freelist = session_cache[optype].head; - while ((sp = freelist) != NULL) - { - if (sp->session != CK_INVALID_HANDLE && sp->pid == mypid) - { - rv = pFuncList->C_CloseSession(sp->session); - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_FREE_ALL_SESSIONS, - PK11_R_CLOSESESSION, rv); - ret = 0; - } - } - freelist = sp->next; - pk11_free_nums(sp, optype); - OPENSSL_free(sp); - } - - (void) pthread_mutex_unlock(freelist_lock); - return (ret); - } - - -static int -pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype) - { - CK_RV rv; - CK_SLOT_ID myslot; - - switch (optype) - { - case OP_RSA: - case OP_DSA: - case OP_DH: - myslot = pubkey_SLOTID; - break; - case OP_RAND: - myslot = rand_SLOTID; - break; - case OP_DIGEST: - case OP_CIPHER: - myslot = SLOTID; - break; - default: - PK11err(PK11_F_SETUP_SESSION, - PK11_R_INVALID_OPERATION_TYPE); - return (0); - } - - sp->session = CK_INVALID_HANDLE; - DEBUG_SLOT_SEL("%s: myslot=%d optype=%d\n", PK11_DBG, myslot, optype); - rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION, - NULL_PTR, NULL_PTR, &sp->session); - if (rv == CKR_CRYPTOKI_NOT_INITIALIZED) - { - /* - * We are probably a child process so force the - * reinitialize of the session - */ - pk11_library_initialized = CK_FALSE; - if (!pk11_library_init(NULL)) - return (0); - rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION, - NULL_PTR, NULL_PTR, &sp->session); - } - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_SETUP_SESSION, PK11_R_OPENSESSION, rv); - return (0); - } - - sp->pid = getpid(); - - switch (optype) - { -#ifndef OPENSSL_NO_RSA - case OP_RSA: - sp->opdata_rsa_pub_key = CK_INVALID_HANDLE; - sp->opdata_rsa_priv_key = CK_INVALID_HANDLE; - sp->opdata_rsa_pub = NULL; - sp->opdata_rsa_n_num = NULL; - sp->opdata_rsa_e_num = NULL; - sp->opdata_rsa_priv = NULL; - sp->opdata_rsa_d_num = NULL; - break; -#endif /* OPENSSL_NO_RSA */ -#ifndef OPENSSL_NO_DSA - case OP_DSA: - sp->opdata_dsa_pub_key = CK_INVALID_HANDLE; - sp->opdata_dsa_priv_key = CK_INVALID_HANDLE; - sp->opdata_dsa_pub = NULL; - sp->opdata_dsa_pub_num = NULL; - sp->opdata_dsa_priv = NULL; - sp->opdata_dsa_priv_num = NULL; - break; -#endif /* OPENSSL_NO_DSA */ -#ifndef OPENSSL_NO_DH - case OP_DH: - sp->opdata_dh_key = CK_INVALID_HANDLE; - sp->opdata_dh = NULL; - sp->opdata_dh_priv_num = NULL; - break; -#endif /* OPENSSL_NO_DH */ - case OP_CIPHER: - sp->opdata_cipher_key = CK_INVALID_HANDLE; - sp->opdata_encrypt = -1; - break; - } - - /* - * We always initialize the session as containing a non-persistent - * object. The key load functions set it to persistent if that is so. - */ - sp->persistent = CK_FALSE; - return (1); - } - -#ifndef OPENSSL_NO_RSA -/* - * Destroy all non-NULL RSA parameters. For the RSA keys by reference code, - * public components 'n'/'e' are the key components we use to check for the - * cache hit even for the private keys. So, no matter whether we are destroying - * a public or a private key, we always free what we can. - */ -static void -destroy_all_rsa_params(PK11_SESSION *sp) - { - if (sp->opdata_rsa_n_num != NULL) - { - BN_free(sp->opdata_rsa_n_num); - sp->opdata_rsa_n_num = NULL; - } - if (sp->opdata_rsa_e_num != NULL) - { - BN_free(sp->opdata_rsa_e_num); - sp->opdata_rsa_e_num = NULL; - } - if (sp->opdata_rsa_d_num != NULL) - { - BN_free(sp->opdata_rsa_d_num); - sp->opdata_rsa_d_num = NULL; - } - } - -/* Destroy RSA public key from single session. */ -int -pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock) - { - int ret = 0; - - if (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE) - { - TRY_OBJ_DESTROY(sp, sp->opdata_rsa_pub_key, - ret, uselock, OP_RSA); - sp->opdata_rsa_pub_key = CK_INVALID_HANDLE; - sp->opdata_rsa_pub = NULL; - destroy_all_rsa_params(sp); - } - - return (ret); - } - -/* Destroy RSA private key from single session. */ -int -pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock) - { - int ret = 0; - - if (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE) - { - TRY_OBJ_DESTROY(sp, sp->opdata_rsa_priv_key, - ret, uselock, OP_RSA); - sp->opdata_rsa_priv_key = CK_INVALID_HANDLE; - sp->opdata_rsa_priv = NULL; - destroy_all_rsa_params(sp); - } - - return (ret); - } - -/* - * Destroy RSA key object wrapper. If session is NULL, try to destroy all - * objects in the free list. - */ -int -pk11_destroy_rsa_key_objects(PK11_SESSION *session) - { - int ret = 1; - PK11_SESSION *sp = NULL; - PK11_SESSION *local_free_session; - CK_BBOOL uselock = CK_TRUE; - - if (session != NULL) - local_free_session = session; - else - { - (void) pthread_mutex_lock(session_cache[OP_RSA].lock); - local_free_session = session_cache[OP_RSA].head; - uselock = CK_FALSE; - } - - /* - * go through the list of sessions and delete key objects - */ - while ((sp = local_free_session) != NULL) - { - local_free_session = sp->next; - - /* - * Do not terminate list traversal if one of the - * destroy operations fails. - */ - if (pk11_destroy_rsa_object_pub(sp, uselock) == 0) - { - ret = 0; - continue; - } - if (pk11_destroy_rsa_object_priv(sp, uselock) == 0) - { - ret = 0; - continue; - } - } - - if (session == NULL) - (void) pthread_mutex_unlock(session_cache[OP_RSA].lock); - - return (ret); - } -#endif /* OPENSSL_NO_RSA */ - -#ifndef OPENSSL_NO_DSA -/* Destroy DSA public key from single session. */ -int -pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock) - { - int ret = 0; - - if (sp->opdata_dsa_pub_key != CK_INVALID_HANDLE) - { - TRY_OBJ_DESTROY(sp, sp->opdata_dsa_pub_key, - ret, uselock, OP_DSA); - sp->opdata_dsa_pub_key = CK_INVALID_HANDLE; - sp->opdata_dsa_pub = NULL; - if (sp->opdata_dsa_pub_num != NULL) - { - BN_free(sp->opdata_dsa_pub_num); - sp->opdata_dsa_pub_num = NULL; - } - } - - return (ret); - } - -/* Destroy DSA private key from single session. */ -int -pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock) - { - int ret = 0; - - if (sp->opdata_dsa_priv_key != CK_INVALID_HANDLE) - { - TRY_OBJ_DESTROY(sp, sp->opdata_dsa_priv_key, - ret, uselock, OP_DSA); - sp->opdata_dsa_priv_key = CK_INVALID_HANDLE; - sp->opdata_dsa_priv = NULL; - if (sp->opdata_dsa_priv_num != NULL) - { - BN_free(sp->opdata_dsa_priv_num); - sp->opdata_dsa_priv_num = NULL; - } - } - - return (ret); - } - -/* - * Destroy DSA key object wrapper. If session is NULL, try to destroy all - * objects in the free list. - */ -int -pk11_destroy_dsa_key_objects(PK11_SESSION *session) - { - int ret = 1; - PK11_SESSION *sp = NULL; - PK11_SESSION *local_free_session; - CK_BBOOL uselock = CK_TRUE; - - if (session != NULL) - local_free_session = session; - else - { - (void) pthread_mutex_lock(session_cache[OP_DSA].lock); - local_free_session = session_cache[OP_DSA].head; - uselock = CK_FALSE; - } - - /* - * go through the list of sessions and delete key objects - */ - while ((sp = local_free_session) != NULL) - { - local_free_session = sp->next; - - /* - * Do not terminate list traversal if one of the - * destroy operations fails. - */ - if (pk11_destroy_dsa_object_pub(sp, uselock) == 0) - { - ret = 0; - continue; - } - if (pk11_destroy_dsa_object_priv(sp, uselock) == 0) - { - ret = 0; - continue; - } - } - - if (session == NULL) - (void) pthread_mutex_unlock(session_cache[OP_DSA].lock); - - return (ret); - } -#endif /* OPENSSL_NO_DSA */ - -#ifndef OPENSSL_NO_DH -/* Destroy DH key from single session. */ -int -pk11_destroy_dh_object(PK11_SESSION *sp, CK_BBOOL uselock) - { - int ret = 0; - - if (sp->opdata_dh_key != CK_INVALID_HANDLE) - { - TRY_OBJ_DESTROY(sp, sp->opdata_dh_key, - ret, uselock, OP_DH); - sp->opdata_dh_key = CK_INVALID_HANDLE; - sp->opdata_dh = NULL; - if (sp->opdata_dh_priv_num != NULL) - { - BN_free(sp->opdata_dh_priv_num); - sp->opdata_dh_priv_num = NULL; - } - } - - return (ret); - } - -/* - * Destroy DH key object wrapper. - * - * arg0: pointer to PKCS#11 engine session structure - * if session is NULL, try to destroy all objects in the free list - */ -int -pk11_destroy_dh_key_objects(PK11_SESSION *session) - { - int ret = 1; - PK11_SESSION *sp = NULL; - PK11_SESSION *local_free_session; - CK_BBOOL uselock = CK_TRUE; - - if (session != NULL) - local_free_session = session; - else - { - (void) pthread_mutex_lock(session_cache[OP_DH].lock); - local_free_session = session_cache[OP_DH].head; - uselock = CK_FALSE; - } - - while ((sp = local_free_session) != NULL) - { - local_free_session = sp->next; - - /* - * Do not terminate list traversal if one of the - * destroy operations fails. - */ - if (pk11_destroy_dh_object(sp, uselock) == 0) - { - ret = 0; - continue; - } - } -err: - if (session == NULL) - (void) pthread_mutex_unlock(session_cache[OP_DH].lock); - - return (ret); - } -#endif /* OPENSSL_NO_DH */ - -static int -pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh, - CK_BBOOL persistent) - { - CK_RV rv; - - /* - * We never try to destroy persistent objects which are the objects - * stored in the keystore. Also, we always use read-only sessions so - * C_DestroyObject() would be returning CKR_SESSION_READ_ONLY here. - */ - if (persistent == CK_TRUE) - return (1); - - rv = pFuncList->C_DestroyObject(session, oh); - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_DESTROY_OBJECT, PK11_R_DESTROYOBJECT, - rv); - return (0); - } - - return (1); - } - - -/* Symmetric ciphers and digests support functions */ - -static int -cipher_nid_to_pk11(int nid) - { - int i; - - for (i = 0; i < PK11_CIPHER_MAX; i++) - if (ciphers[i].nid == nid) - return (ciphers[i].id); - return (-1); - } - -static int -pk11_usable_ciphers(const int **nids) - { - if (cipher_count > 0) - *nids = cipher_nids; - else - *nids = NULL; - return (cipher_count); - } - -static int -pk11_usable_digests(const int **nids) - { - if (digest_count > 0) - *nids = digest_nids; - else - *nids = NULL; - return (digest_count); - } - -/* - * Init context for encryption or decryption using a symmetric key. - */ -static int pk11_init_symmetric(EVP_CIPHER_CTX *ctx, PK11_CIPHER *pcipher, - PK11_SESSION *sp, CK_MECHANISM_PTR pmech) - { - CK_RV rv; -#ifdef SOLARIS_AES_CTR - CK_AES_CTR_PARAMS ctr_params; -#endif /* SOLARIS_AES_CTR */ - - /* - * We expect pmech->mechanism to be already set and - * pParameter/ulParameterLen initialized to NULL/0 before - * pk11_init_symmetric() is called. - */ - OPENSSL_assert(pmech->mechanism != NULL); - OPENSSL_assert(pmech->pParameter == NULL); - OPENSSL_assert(pmech->ulParameterLen == 0); - -#ifdef SOLARIS_AES_CTR - if (ctx->cipher->nid == NID_aes_128_ctr || - ctx->cipher->nid == NID_aes_192_ctr || - ctx->cipher->nid == NID_aes_256_ctr) - { - pmech->pParameter = (void *)(&ctr_params); - pmech->ulParameterLen = sizeof (ctr_params); - /* - * For now, we are limited to the fixed length of the counter, - * it covers the whole counter block. That's what RFC 4344 - * needs. For more information on internal structure of the - * counter block, see RFC 3686. If needed in the future, we can - * add code so that the counter length can be set via - * ENGINE_ctrl() function. - */ - ctr_params.ulCounterBits = AES_BLOCK_SIZE * 8; - OPENSSL_assert(pcipher->iv_len == AES_BLOCK_SIZE); - (void) memcpy(ctr_params.cb, ctx->iv, AES_BLOCK_SIZE); - } - else -#endif /* SOLARIS_AES_CTR */ - { - if (pcipher->iv_len > 0) - { - pmech->pParameter = (void *)ctx->iv; - pmech->ulParameterLen = pcipher->iv_len; - } - } - - /* if we get here, the encryption needs to be reinitialized */ - if (ctx->encrypt) - rv = pFuncList->C_EncryptInit(sp->session, pmech, - sp->opdata_cipher_key); - else - rv = pFuncList->C_DecryptInit(sp->session, pmech, - sp->opdata_cipher_key); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_CIPHER_INIT, ctx->encrypt ? - PK11_R_ENCRYPTINIT : PK11_R_DECRYPTINIT, rv); - pk11_return_session(sp, OP_CIPHER); - return (0); - } - - return (1); - } - -/* ARGSUSED */ -static int -pk11_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { - CK_MECHANISM mech; - int index; - PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->cipher_data; - PK11_SESSION *sp; - PK11_CIPHER *p_ciph_table_row; - - state->sp = NULL; - - index = cipher_nid_to_pk11(ctx->cipher->nid); - if (index < 0 || index >= PK11_CIPHER_MAX) - return (0); - - p_ciph_table_row = &ciphers[index]; - /* - * iv_len in the ctx->cipher structure is the maximum IV length for the - * current cipher and it must be less or equal to the IV length in our - * ciphers table. The key length must be in the allowed interval. From - * all cipher modes that the PKCS#11 engine supports only RC4 allows a - * key length to be in some range, all other NIDs have a precise key - * length. Every application can define its own EVP functions so this - * code serves as a sanity check. - * - * Note that the reason why the IV length in ctx->cipher might be - * greater than the actual length is that OpenSSL uses BLOCK_CIPHER_defs - * macro to define functions that return EVP structures for all DES - * modes. So, even ECB modes get 8 byte IV. - */ - if (ctx->cipher->iv_len < p_ciph_table_row->iv_len || - ctx->key_len < p_ciph_table_row->min_key_len || - ctx->key_len > p_ciph_table_row->max_key_len) { - PK11err(PK11_F_CIPHER_INIT, PK11_R_KEY_OR_IV_LEN_PROBLEM); - return (0); - } - - if ((sp = pk11_get_session(OP_CIPHER)) == NULL) - return (0); - - /* if applicable, the mechanism parameter is used for IV */ - mech.mechanism = p_ciph_table_row->mech_type; - mech.pParameter = NULL; - mech.ulParameterLen = 0; - - /* The key object is destroyed here if it is not the current key. */ - (void) check_new_cipher_key(sp, key, ctx->key_len); - - /* - * If the key is the same and the encryption is also the same, then - * just reuse it. However, we must not forget to reinitialize the - * context that was finalized in pk11_cipher_cleanup(). - */ - if (sp->opdata_cipher_key != CK_INVALID_HANDLE && - sp->opdata_encrypt == ctx->encrypt) - { - state->sp = sp; - if (pk11_init_symmetric(ctx, p_ciph_table_row, sp, &mech) == 0) - return (0); - - return (1); - } - - /* - * Check if the key has been invalidated. If so, a new key object - * needs to be created. - */ - if (sp->opdata_cipher_key == CK_INVALID_HANDLE) - { - sp->opdata_cipher_key = pk11_get_cipher_key( - ctx, key, p_ciph_table_row->key_type, sp); - } - - if (sp->opdata_encrypt != ctx->encrypt && sp->opdata_encrypt != -1) - { - /* - * The previous encryption/decryption is different. Need to - * terminate the previous * active encryption/decryption here. - */ - if (!pk11_cipher_final(sp)) - { - pk11_return_session(sp, OP_CIPHER); - return (0); - } - } - - if (sp->opdata_cipher_key == CK_INVALID_HANDLE) - { - pk11_return_session(sp, OP_CIPHER); - return (0); - } - - /* now initialize the context with a new key */ - if (pk11_init_symmetric(ctx, p_ciph_table_row, sp, &mech) == 0) - return (0); - - sp->opdata_encrypt = ctx->encrypt; - state->sp = sp; - - return (1); - } - -/* - * When reusing the same key in an encryption/decryption session for a - * decryption/encryption session, we need to close the active session - * and recreate a new one. Note that the key is in the global session so - * that it needs not be recreated. - * - * It is more appropriate to use C_En/DecryptFinish here. At the time of this - * development, these two functions in the PKCS#11 libraries used return - * unexpected errors when passing in 0 length output. It may be a good - * idea to try them again if performance is a problem here and fix - * C_En/DecryptFinial if there are bugs there causing the problem. - */ -static int -pk11_cipher_final(PK11_SESSION *sp) - { - CK_RV rv; - - rv = pFuncList->C_CloseSession(sp->session); - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_CIPHER_FINAL, PK11_R_CLOSESESSION, rv); - return (0); - } - - rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION, - NULL_PTR, NULL_PTR, &sp->session); - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_CIPHER_FINAL, PK11_R_OPENSESSION, rv); - return (0); - } - - return (1); - } - -/* - * An engine interface function. The calling function allocates sufficient - * memory for the output buffer "out" to hold the results. - */ -static int -pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl) - { - PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->cipher_data; - PK11_SESSION *sp; - CK_RV rv; - unsigned long outl = inl; - - if (state == NULL || state->sp == NULL) - return (0); - - sp = (PK11_SESSION *) state->sp; - - if (!inl) - return (1); - - /* RC4 is the only stream cipher we support */ - if (ctx->cipher->nid != NID_rc4 && (inl % ctx->cipher->block_size) != 0) - return (0); - - if (ctx->encrypt) - { - rv = pFuncList->C_EncryptUpdate(sp->session, - (unsigned char *)in, inl, out, &outl); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_CIPHER_DO_CIPHER, - PK11_R_ENCRYPTUPDATE, rv); - return (0); - } - } - else - { - rv = pFuncList->C_DecryptUpdate(sp->session, - (unsigned char *)in, inl, out, &outl); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_CIPHER_DO_CIPHER, - PK11_R_DECRYPTUPDATE, rv); - return (0); - } - } - - /* - * For DES_CBC, DES3_CBC, AES_CBC, and RC4, the output size is always - * the same size of input. - * The application has guaranteed to call the block ciphers with - * correctly aligned buffers. - */ - if (inl != outl) - return (0); - - return (1); - } - -/* - * Return the session to the pool. Calling C_EncryptFinal() and C_DecryptFinal() - * here is the right thing because in EVP_DecryptFinal_ex(), engine's - * do_cipher() is not even called, and in EVP_EncryptFinal_ex() it is called but - * the engine can't find out that it's the finalizing call. We wouldn't - * necessarily have to finalize the context here since reinitializing it with - * C_(Encrypt|Decrypt)Init() should be fine but for the sake of correctness, - * let's do it. Some implementations might leak memory if the previously used - * context is initialized without finalizing it first. - */ -static int -pk11_cipher_cleanup(EVP_CIPHER_CTX *ctx) - { - CK_RV rv; - CK_ULONG len = EVP_MAX_BLOCK_LENGTH; - CK_BYTE buf[EVP_MAX_BLOCK_LENGTH]; - PK11_CIPHER_STATE *state = ctx->cipher_data; - - if (state != NULL && state->sp != NULL) - { - /* - * We are not interested in the data here, we just need to get - * rid of the context. - */ - if (ctx->encrypt) - rv = pFuncList->C_EncryptFinal( - state->sp->session, buf, &len); - else - rv = pFuncList->C_DecryptFinal( - state->sp->session, buf, &len); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_CIPHER_CLEANUP, ctx->encrypt ? - PK11_R_ENCRYPTFINAL : PK11_R_DECRYPTFINAL, rv); - pk11_return_session(state->sp, OP_CIPHER); - return (0); - } - - pk11_return_session(state->sp, OP_CIPHER); - state->sp = NULL; - } - - return (1); - } - -/* - * Registered by the ENGINE when used to find out how to deal with - * a particular NID in the ENGINE. This says what we'll do at the - * top level - note, that list is restricted by what we answer with - */ -/* ARGSUSED */ -static int -pk11_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid) - { - if (!cipher) - return (pk11_usable_ciphers(nids)); - - switch (nid) - { - case NID_des_ede3_cbc: - *cipher = &pk11_3des_cbc; - break; - case NID_des_cbc: - *cipher = &pk11_des_cbc; - break; - case NID_des_ede3_ecb: - *cipher = &pk11_3des_ecb; - break; - case NID_des_ecb: - *cipher = &pk11_des_ecb; - break; - case NID_aes_128_cbc: - *cipher = &pk11_aes_128_cbc; - break; - case NID_aes_192_cbc: - *cipher = &pk11_aes_192_cbc; - break; - case NID_aes_256_cbc: - *cipher = &pk11_aes_256_cbc; - break; - case NID_aes_128_ecb: - *cipher = &pk11_aes_128_ecb; - break; - case NID_aes_192_ecb: - *cipher = &pk11_aes_192_ecb; - break; - case NID_aes_256_ecb: - *cipher = &pk11_aes_256_ecb; - break; - case NID_bf_cbc: - *cipher = &pk11_bf_cbc; - break; - case NID_rc4: - *cipher = &pk11_rc4; - break; - default: -#ifdef SOLARIS_AES_CTR - /* - * These can't be in separated cases because the NIDs - * here are not constants. - */ - if (nid == NID_aes_128_ctr) - *cipher = &pk11_aes_128_ctr; - else if (nid == NID_aes_192_ctr) - *cipher = &pk11_aes_192_ctr; - else if (nid == NID_aes_256_ctr) - *cipher = &pk11_aes_256_ctr; - else -#endif /* SOLARIS_AES_CTR */ - *cipher = NULL; - break; - } - return (*cipher != NULL); - } - -/* ARGSUSED */ -static int -pk11_engine_digests(ENGINE *e, const EVP_MD **digest, - const int **nids, int nid) - { - if (!digest) - return (pk11_usable_digests(nids)); - - switch (nid) - { - case NID_md5: - *digest = &pk11_md5; - break; - /* - * A special case. For "openssl dgst -dss1 -engine pkcs11 ...", - * OpenSSL calls EVP_get_digestbyname() on "dss1" which ends up - * calling pk11_engine_digests() for NID_dsa. Internally, if an - * engine is not used, OpenSSL uses SHA1_Init() as expected for - * DSA. So, we must return pk11_sha1() for NID_dsa as well. Note - * that this must have changed between 0.9.8 and 1.0.0 since we - * did not have the problem with the 0.9.8 version. - */ - case NID_sha1: - case NID_dsa: - *digest = &pk11_sha1; - break; - case NID_sha224: - *digest = &pk11_sha224; - break; - case NID_sha256: - *digest = &pk11_sha256; - break; - case NID_sha384: - *digest = &pk11_sha384; - break; - case NID_sha512: - *digest = &pk11_sha512; - break; - default: - *digest = NULL; - break; - } - return (*digest != NULL); - } - - -/* Create a secret key object in a PKCS#11 session */ -static CK_OBJECT_HANDLE pk11_get_cipher_key(EVP_CIPHER_CTX *ctx, - const unsigned char *key, CK_KEY_TYPE key_type, PK11_SESSION *sp) - { - CK_RV rv; - CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE; - CK_OBJECT_CLASS obj_key = CKO_SECRET_KEY; - CK_ULONG ul_key_attr_count = 6; - - CK_ATTRIBUTE a_key_template[] = - { - {CKA_CLASS, (void*) NULL, sizeof (CK_OBJECT_CLASS)}, - {CKA_KEY_TYPE, (void*) NULL, sizeof (CK_KEY_TYPE)}, - {CKA_TOKEN, &pk11_false, sizeof (pk11_false)}, - {CKA_ENCRYPT, &pk11_true, sizeof (pk11_true)}, - {CKA_DECRYPT, &pk11_true, sizeof (pk11_true)}, - {CKA_VALUE, (void*) NULL, 0}, - }; - - /* - * Create secret key object in global_session. All other sessions - * can use the key handles. Here is why: - * OpenSSL will call EncryptInit and EncryptUpdate using a secret key. - * It may then call DecryptInit and DecryptUpdate using the same key. - * To use the same key object, we need to call EncryptFinal with - * a 0 length message. Currently, this does not work for 3DES - * mechanism. To get around this problem, we close the session and - * then create a new session to use the same key object. When a session - * is closed, all the object handles will be invalid. Thus, create key - * objects in a global session, an individual session may be closed to - * terminate the active operation. - */ - CK_SESSION_HANDLE session = global_session; - a_key_template[0].pValue = &obj_key; - a_key_template[1].pValue = &key_type; - a_key_template[5].pValue = (void *) key; - a_key_template[5].ulValueLen = (unsigned long) ctx->key_len; - - rv = pFuncList->C_CreateObject(session, - a_key_template, ul_key_attr_count, &h_key); - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_GET_CIPHER_KEY, PK11_R_CREATEOBJECT, - rv); - goto err; - } - - /* - * Save the key information used in this session. - * The max can be saved is PK11_KEY_LEN_MAX. - */ - sp->opdata_key_len = ctx->key_len > PK11_KEY_LEN_MAX ? - PK11_KEY_LEN_MAX : ctx->key_len; - (void) memcpy(sp->opdata_key, key, sp->opdata_key_len); -err: - - return (h_key); - } - -static int -md_nid_to_pk11(int nid) - { - int i; - - for (i = 0; i < PK11_DIGEST_MAX; i++) - if (digests[i].nid == nid) - return (digests[i].id); - return (-1); - } - -static int -pk11_digest_init(EVP_MD_CTX *ctx) - { - CK_RV rv; - CK_MECHANISM mech; - int index; - PK11_SESSION *sp; - PK11_DIGEST *pdp; - PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data; - - state->sp = NULL; - - index = md_nid_to_pk11(ctx->digest->type); - if (index < 0 || index >= PK11_DIGEST_MAX) - return (0); - - pdp = &digests[index]; - if ((sp = pk11_get_session(OP_DIGEST)) == NULL) - return (0); - - /* at present, no parameter is needed for supported digests */ - mech.mechanism = pdp->mech_type; - mech.pParameter = NULL; - mech.ulParameterLen = 0; - - rv = pFuncList->C_DigestInit(sp->session, &mech); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_DIGEST_INIT, PK11_R_DIGESTINIT, rv); - pk11_return_session(sp, OP_DIGEST); - return (0); - } - - state->sp = sp; - - return (1); - } - -static int -pk11_digest_update(EVP_MD_CTX *ctx, const void *data, size_t count) - { - CK_RV rv; - PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data; - - /* 0 length message will cause a failure in C_DigestFinal */ - if (count == 0) - return (1); - - if (state == NULL || state->sp == NULL) - return (0); - - rv = pFuncList->C_DigestUpdate(state->sp->session, (CK_BYTE *) data, - count); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_DIGEST_UPDATE, PK11_R_DIGESTUPDATE, rv); - pk11_return_session(state->sp, OP_DIGEST); - state->sp = NULL; - return (0); - } - - return (1); - } - -static int -pk11_digest_final(EVP_MD_CTX *ctx, unsigned char *md) - { - CK_RV rv; - unsigned long len; - PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data; - len = ctx->digest->md_size; - - if (state == NULL || state->sp == NULL) - return (0); - - rv = pFuncList->C_DigestFinal(state->sp->session, md, &len); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_DIGEST_FINAL, PK11_R_DIGESTFINAL, rv); - pk11_return_session(state->sp, OP_DIGEST); - state->sp = NULL; - return (0); - } - - if (ctx->digest->md_size != len) - return (0); - - /* - * Final is called and digest is returned, so return the session - * to the pool - */ - pk11_return_session(state->sp, OP_DIGEST); - state->sp = NULL; - - return (1); - } - -static int -pk11_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) - { - CK_RV rv; - int ret = 0; - PK11_CIPHER_STATE *state, *state_to; - CK_BYTE_PTR pstate = NULL; - CK_ULONG ul_state_len; - - if (from->md_data == NULL || to->digest->ctx_size == 0) - return (1); - - /* The copy-from state */ - state = (PK11_CIPHER_STATE *) from->md_data; - if (state->sp == NULL) - goto err; - - /* Initialize the copy-to state */ - if (!pk11_digest_init(to)) - goto err; - state_to = (PK11_CIPHER_STATE *) to->md_data; - - /* Get the size of the operation state of the copy-from session */ - rv = pFuncList->C_GetOperationState(state->sp->session, NULL, - &ul_state_len); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_DIGEST_COPY, PK11_R_GET_OPERATION_STATE, - rv); - goto err; - } - if (ul_state_len == 0) - { - goto err; - } - - pstate = OPENSSL_malloc(ul_state_len); - if (pstate == NULL) - { - PK11err(PK11_F_DIGEST_COPY, PK11_R_MALLOC_FAILURE); - goto err; - } - - /* Get the operation state of the copy-from session */ - rv = pFuncList->C_GetOperationState(state->sp->session, pstate, - &ul_state_len); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_DIGEST_COPY, PK11_R_GET_OPERATION_STATE, - rv); - goto err; - } - - /* Set the operation state of the copy-to session */ - rv = pFuncList->C_SetOperationState(state_to->sp->session, pstate, - ul_state_len, 0, 0); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_DIGEST_COPY, - PK11_R_SET_OPERATION_STATE, rv); - goto err; - } - - ret = 1; -err: - if (pstate != NULL) - OPENSSL_free(pstate); - - return (ret); - } - -/* Return any pending session state to the pool */ -static int -pk11_digest_cleanup(EVP_MD_CTX *ctx) - { - PK11_CIPHER_STATE *state = ctx->md_data; - unsigned char buf[EVP_MAX_MD_SIZE]; - - if (state != NULL && state->sp != NULL) - { - /* - * If state->sp is not NULL then pk11_digest_final() has not - * been called yet. We must call it now to free any memory - * that might have been allocated in the token when - * pk11_digest_init() was called. pk11_digest_final() - * will return the session to the cache. - */ - if (!pk11_digest_final(ctx, buf)) - return (0); - } - - return (1); - } - -/* - * Check if the new key is the same as the key object in the session. If the key - * is the same, no need to create a new key object. Otherwise, the old key - * object needs to be destroyed and a new one will be created. Return 1 for - * cache hit, 0 for cache miss. Note that we must check the key length first - * otherwise we could end up reusing a different, longer key with the same - * prefix. - */ -static int check_new_cipher_key(PK11_SESSION *sp, const unsigned char *key, - int key_len) - { - if (sp->opdata_key_len != key_len || - memcmp(sp->opdata_key, key, key_len) != 0) - { - (void) pk11_destroy_cipher_key_objects(sp); - return (0); - } - return (1); - } - -/* Destroy one or more secret key objects. */ -static int pk11_destroy_cipher_key_objects(PK11_SESSION *session) - { - int ret = 0; - PK11_SESSION *sp = NULL; - PK11_SESSION *local_free_session; - - if (session != NULL) - local_free_session = session; - else - { - (void) pthread_mutex_lock(session_cache[OP_CIPHER].lock); - local_free_session = session_cache[OP_CIPHER].head; - } - - while ((sp = local_free_session) != NULL) - { - local_free_session = sp->next; - - if (sp->opdata_cipher_key != CK_INVALID_HANDLE) - { - /* - * The secret key object is created in the - * global_session. See pk11_get_cipher_key(). - */ - if (pk11_destroy_object(global_session, - sp->opdata_cipher_key, CK_FALSE) == 0) - goto err; - sp->opdata_cipher_key = CK_INVALID_HANDLE; - } - } - ret = 1; -err: - - if (session == NULL) - (void) pthread_mutex_unlock(session_cache[OP_CIPHER].lock); - - return (ret); - } - - -/* - * Public key mechanisms optionally supported - * - * CKM_RSA_X_509 - * CKM_RSA_PKCS - * CKM_DSA - * - * The first slot that supports at least one of those mechanisms is chosen as a - * public key slot. - * - * Symmetric ciphers optionally supported - * - * CKM_DES3_CBC - * CKM_DES_CBC - * CKM_AES_CBC - * CKM_DES3_ECB - * CKM_DES_ECB - * CKM_AES_ECB - * CKM_AES_CTR - * CKM_RC4 - * CKM_BLOWFISH_CBC - * - * Digests optionally supported - * - * CKM_MD5 - * CKM_SHA_1 - * CKM_SHA224 - * CKM_SHA256 - * CKM_SHA384 - * CKM_SHA512 - * - * The output of this function is a set of global variables indicating which - * mechanisms from RSA, DSA, DH and RAND are present, and also two arrays of - * mechanisms, one for symmetric ciphers and one for digests. Also, 3 global - * variables carry information about which slot was chosen for (a) public key - * mechanisms, (b) random operations, and (c) symmetric ciphers and digests. - */ -static int -pk11_choose_slots(int *any_slot_found) - { - CK_SLOT_ID_PTR pSlotList = NULL_PTR; - CK_ULONG ulSlotCount = 0; - CK_MECHANISM_INFO mech_info; - CK_TOKEN_INFO token_info; - int i; - CK_RV rv; - CK_SLOT_ID best_slot_sofar; - CK_BBOOL found_candidate_slot = CK_FALSE; - int slot_n_cipher = 0; - int slot_n_digest = 0; - CK_SLOT_ID current_slot = 0; - int current_slot_n_cipher = 0; - int current_slot_n_digest = 0; - - int local_cipher_nids[PK11_CIPHER_MAX]; - int local_digest_nids[PK11_DIGEST_MAX]; - - /* let's initialize the output parameter */ - if (any_slot_found != NULL) - *any_slot_found = 0; - - /* Get slot list for memory allocation */ - rv = pFuncList->C_GetSlotList(CK_FALSE, NULL_PTR, &ulSlotCount); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv); - return (0); - } - - /* it's not an error if we didn't find any providers */ - if (ulSlotCount == 0) - { - DEBUG_SLOT_SEL("%s: no crypto providers found\n", PK11_DBG); - return (1); - } - - pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID)); - - if (pSlotList == NULL) - { - PK11err(PK11_F_CHOOSE_SLOT, PK11_R_MALLOC_FAILURE); - return (0); - } - - /* Get the slot list for processing */ - rv = pFuncList->C_GetSlotList(CK_FALSE, pSlotList, &ulSlotCount); - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv); - OPENSSL_free(pSlotList); - return (0); - } - - DEBUG_SLOT_SEL("%s: provider: %s\n", PK11_DBG, def_PK11_LIBNAME); - DEBUG_SLOT_SEL("%s: number of slots: %d\n", PK11_DBG, ulSlotCount); - - DEBUG_SLOT_SEL("%s: == checking rand slots ==\n", PK11_DBG); - for (i = 0; i < ulSlotCount; i++) - { - current_slot = pSlotList[i]; - - DEBUG_SLOT_SEL("%s: checking slot: %d\n", PK11_DBG, i); - /* Check if slot has random support. */ - rv = pFuncList->C_GetTokenInfo(current_slot, &token_info); - if (rv != CKR_OK) - continue; - - DEBUG_SLOT_SEL("%s: token label: %.32s\n", PK11_DBG, - token_info.label); - - if (token_info.flags & CKF_RNG) - { - DEBUG_SLOT_SEL( - "%s: this token has CKF_RNG flag\n", PK11_DBG); - pk11_have_random = CK_TRUE; - rand_SLOTID = current_slot; - break; - } - } - - DEBUG_SLOT_SEL("%s: == checking pubkey slots ==\n", PK11_DBG); - - pubkey_SLOTID = pSlotList[0]; - for (i = 0; i < ulSlotCount; i++) - { - CK_BBOOL slot_has_rsa = CK_FALSE; - CK_BBOOL slot_has_dsa = CK_FALSE; - CK_BBOOL slot_has_dh = CK_FALSE; - current_slot = pSlotList[i]; - - DEBUG_SLOT_SEL("%s: checking slot: %d\n", PK11_DBG, i); - rv = pFuncList->C_GetTokenInfo(current_slot, &token_info); - if (rv != CKR_OK) - continue; - - DEBUG_SLOT_SEL("%s: token label: %.32s\n", PK11_DBG, - token_info.label); - -#ifndef OPENSSL_NO_RSA - /* - * Check if this slot is capable of signing and - * verifying with CKM_RSA_PKCS. - */ - rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_RSA_PKCS, - &mech_info); - - if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) && - (mech_info.flags & CKF_VERIFY))) - { - /* - * Check if this slot is capable of encryption, - * decryption, sign, and verify with CKM_RSA_X_509. - */ - rv = pFuncList->C_GetMechanismInfo(current_slot, - CKM_RSA_X_509, &mech_info); - - if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) && - (mech_info.flags & CKF_VERIFY) && - (mech_info.flags & CKF_ENCRYPT) && - (mech_info.flags & CKF_VERIFY_RECOVER) && - (mech_info.flags & CKF_DECRYPT))) - { - slot_has_rsa = CK_TRUE; - } - } -#endif /* OPENSSL_NO_RSA */ - -#ifndef OPENSSL_NO_DSA - /* - * Check if this slot is capable of signing and - * verifying with CKM_DSA. - */ - rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_DSA, - &mech_info); - if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) && - (mech_info.flags & CKF_VERIFY))) - { - slot_has_dsa = CK_TRUE; - } - -#endif /* OPENSSL_NO_DSA */ - -#ifndef OPENSSL_NO_DH - /* - * Check if this slot is capable of DH key generataion and - * derivation. - */ - rv = pFuncList->C_GetMechanismInfo(current_slot, - CKM_DH_PKCS_KEY_PAIR_GEN, &mech_info); - - if (rv == CKR_OK && (mech_info.flags & CKF_GENERATE_KEY_PAIR)) - { - rv = pFuncList->C_GetMechanismInfo(current_slot, - CKM_DH_PKCS_DERIVE, &mech_info); - if (rv == CKR_OK && (mech_info.flags & CKF_DERIVE)) - { - slot_has_dh = CK_TRUE; - } - } -#endif /* OPENSSL_NO_DH */ - - if (!found_candidate_slot && - (slot_has_rsa || slot_has_dsa || slot_has_dh)) - { - DEBUG_SLOT_SEL( - "%s: potential slot: %d\n", PK11_DBG, current_slot); - best_slot_sofar = current_slot; - pk11_have_rsa = slot_has_rsa; - pk11_have_dsa = slot_has_dsa; - pk11_have_dh = slot_has_dh; - found_candidate_slot = CK_TRUE; - /* - * Cache the flags for later use. We might need those if - * RSA keys by reference feature is used. - */ - pubkey_token_flags = token_info.flags; - DEBUG_SLOT_SEL( - "%s: setting found_candidate_slot to CK_TRUE\n", - PK11_DBG); - DEBUG_SLOT_SEL("%s: best slot so far: %d\n", PK11_DBG, - best_slot_sofar); - DEBUG_SLOT_SEL("%s: pubkey flags changed to " - "%lu.\n", PK11_DBG, pubkey_token_flags); - } - else - { - DEBUG_SLOT_SEL("%s: no rsa/dsa/dh\n", PK11_DBG); - } - } /* for */ - - if (found_candidate_slot == CK_TRUE) - { - pubkey_SLOTID = best_slot_sofar; - } - - found_candidate_slot = CK_FALSE; - best_slot_sofar = 0; - - DEBUG_SLOT_SEL("%s: == checking cipher/digest ==\n", PK11_DBG); - - SLOTID = pSlotList[0]; - for (i = 0; i < ulSlotCount; i++) - { - DEBUG_SLOT_SEL("%s: checking slot: %d\n", PK11_DBG, i); - - current_slot = pSlotList[i]; - current_slot_n_cipher = 0; - current_slot_n_digest = 0; - (void) memset(local_cipher_nids, 0, sizeof (local_cipher_nids)); - (void) memset(local_digest_nids, 0, sizeof (local_digest_nids)); - - pk11_find_symmetric_ciphers(pFuncList, current_slot, - ¤t_slot_n_cipher, local_cipher_nids); - - pk11_find_digests(pFuncList, current_slot, - ¤t_slot_n_digest, local_digest_nids); - - DEBUG_SLOT_SEL("%s: current_slot_n_cipher %d\n", PK11_DBG, - current_slot_n_cipher); - DEBUG_SLOT_SEL("%s: current_slot_n_digest %d\n", PK11_DBG, - current_slot_n_digest); - DEBUG_SLOT_SEL("%s: best cipher/digest slot so far: %d\n", - PK11_DBG, best_slot_sofar); - - /* - * If the current slot supports more ciphers/digests than - * the previous best one we change the current best to this one, - * otherwise leave it where it is. - */ - if ((current_slot_n_cipher + current_slot_n_digest) > - (slot_n_cipher + slot_n_digest)) - { - DEBUG_SLOT_SEL("%s: changing best slot to %d\n", - PK11_DBG, current_slot); - best_slot_sofar = SLOTID = current_slot; - cipher_count = slot_n_cipher = current_slot_n_cipher; - digest_count = slot_n_digest = current_slot_n_digest; - (void) memcpy(cipher_nids, local_cipher_nids, - sizeof (local_cipher_nids)); - (void) memcpy(digest_nids, local_digest_nids, - sizeof (local_digest_nids)); - } - } - - DEBUG_SLOT_SEL("%s: chosen pubkey slot: %d\n", PK11_DBG, pubkey_SLOTID); - DEBUG_SLOT_SEL("%s: chosen rand slot: %d\n", PK11_DBG, rand_SLOTID); - DEBUG_SLOT_SEL("%s: chosen cipher/digest slot: %d\n", PK11_DBG, SLOTID); - DEBUG_SLOT_SEL("%s: pk11_have_rsa %d\n", PK11_DBG, pk11_have_rsa); - DEBUG_SLOT_SEL("%s: pk11_have_dsa %d\n", PK11_DBG, pk11_have_dsa); - DEBUG_SLOT_SEL("%s: pk11_have_dh %d\n", PK11_DBG, pk11_have_dh); - DEBUG_SLOT_SEL("%s: pk11_have_random %d\n", PK11_DBG, pk11_have_random); - DEBUG_SLOT_SEL("%s: cipher_count %d\n", PK11_DBG, cipher_count); - DEBUG_SLOT_SEL("%s: digest_count %d\n", PK11_DBG, digest_count); - - if (pSlotList != NULL) - OPENSSL_free(pSlotList); - -#ifdef SOLARIS_HW_SLOT_SELECTION - OPENSSL_free(hw_cnids); - OPENSSL_free(hw_dnids); -#endif /* SOLARIS_HW_SLOT_SELECTION */ - - if (any_slot_found != NULL) - *any_slot_found = 1; - return (1); - } - -static void pk11_get_symmetric_cipher(CK_FUNCTION_LIST_PTR pflist, - int slot_id, int *current_slot_n_cipher, int *local_cipher_nids, - PK11_CIPHER *cipher) - { - CK_MECHANISM_INFO mech_info; - CK_RV rv; - - DEBUG_SLOT_SEL("%s: checking mech: %x", PK11_DBG, cipher->mech_type); - rv = pflist->C_GetMechanismInfo(slot_id, cipher->mech_type, &mech_info); - - if (rv != CKR_OK) - { - DEBUG_SLOT_SEL(" not found\n"); - return; - } - - if ((mech_info.flags & CKF_ENCRYPT) && - (mech_info.flags & CKF_DECRYPT)) - { - if (mech_info.ulMinKeySize > cipher->min_key_len || - mech_info.ulMaxKeySize < cipher->max_key_len) - { - DEBUG_SLOT_SEL(" engine key size range <%i-%i> does not" - " match mech range <%lu-%lu>\n", - cipher->min_key_len, cipher->max_key_len, - mech_info.ulMinKeySize, mech_info.ulMaxKeySize); - return; - } -#ifdef SOLARIS_HW_SLOT_SELECTION - if (nid_in_table(cipher->nid, hw_cnids)) -#endif /* SOLARIS_HW_SLOT_SELECTION */ - { - DEBUG_SLOT_SEL(" usable\n"); - local_cipher_nids[(*current_slot_n_cipher)++] = - cipher->nid; - } -#ifdef SOLARIS_HW_SLOT_SELECTION - else - { - DEBUG_SLOT_SEL( - " rejected, software implementation only\n"); - } -#endif /* SOLARIS_HW_SLOT_SELECTION */ - } - else - { - DEBUG_SLOT_SEL(" unusable\n"); - } - - return; - } - -static void pk11_get_digest(CK_FUNCTION_LIST_PTR pflist, int slot_id, - int *current_slot_n_digest, int *local_digest_nids, PK11_DIGEST *digest) - { - CK_MECHANISM_INFO mech_info; - CK_RV rv; - - DEBUG_SLOT_SEL("%s: checking mech: %x", PK11_DBG, digest->mech_type); - rv = pflist->C_GetMechanismInfo(slot_id, digest->mech_type, &mech_info); - - if (rv != CKR_OK) - { - DEBUG_SLOT_SEL(" not found\n"); - return; - } - - if (mech_info.flags & CKF_DIGEST) - { -#ifdef SOLARIS_HW_SLOT_SELECTION - if (nid_in_table(digest->nid, hw_dnids)) -#endif /* SOLARIS_HW_SLOT_SELECTION */ - { - DEBUG_SLOT_SEL(" usable\n"); - local_digest_nids[(*current_slot_n_digest)++] = - digest->nid; - } -#ifdef SOLARIS_HW_SLOT_SELECTION - else - { - DEBUG_SLOT_SEL( - " rejected, software implementation only\n"); - } -#endif /* SOLARIS_HW_SLOT_SELECTION */ - } - else - { - DEBUG_SLOT_SEL(" unusable\n"); - } - - return; - } - -#ifdef SOLARIS_AES_CTR -/* create a new NID when we have no OID for that mechanism */ -static int pk11_add_NID(char *sn, char *ln) - { - ASN1_OBJECT *o; - int nid; - - if ((o = ASN1_OBJECT_create(OBJ_new_nid(1), (unsigned char *)"", - 1, sn, ln)) == NULL) - { - return (0); - } - - /* will return NID_undef on error */ - nid = OBJ_add_object(o); - ASN1_OBJECT_free(o); - - return (nid); - } - -/* - * Create new NIDs for AES counter mode. OpenSSL doesn't support them now so we - * have to help ourselves here. - */ -static int pk11_add_aes_ctr_NIDs(void) - { - /* are we already set? */ - if (NID_aes_256_ctr != NID_undef) - return (1); - - /* - * There are no official names for AES counter modes yet so we just - * follow the format of those that exist. - */ - if ((NID_aes_128_ctr = pk11_add_NID("AES-128-CTR", "aes-128-ctr")) == - NID_undef) - goto err; - ciphers[PK11_AES_128_CTR].nid = pk11_aes_128_ctr.nid = NID_aes_128_ctr; - if ((NID_aes_192_ctr = pk11_add_NID("AES-192-CTR", "aes-192-ctr")) == - NID_undef) - goto err; - ciphers[PK11_AES_192_CTR].nid = pk11_aes_192_ctr.nid = NID_aes_192_ctr; - if ((NID_aes_256_ctr = pk11_add_NID("AES-256-CTR", "aes-256-ctr")) == - NID_undef) - goto err; - ciphers[PK11_AES_256_CTR].nid = pk11_aes_256_ctr.nid = NID_aes_256_ctr; - return (1); - -err: - PK11err(PK11_F_ADD_AES_CTR_NIDS, PK11_R_ADD_NID_FAILED); - return (0); - } -#endif /* SOLARIS_AES_CTR */ - -/* Find what symmetric ciphers this slot supports. */ -static void pk11_find_symmetric_ciphers(CK_FUNCTION_LIST_PTR pflist, - CK_SLOT_ID current_slot, int *current_slot_n_cipher, int *local_cipher_nids) - { - int i; - - for (i = 0; i < PK11_CIPHER_MAX; ++i) - { - pk11_get_symmetric_cipher(pflist, current_slot, - current_slot_n_cipher, local_cipher_nids, &ciphers[i]); - } - } - -/* Find what digest algorithms this slot supports. */ -static void pk11_find_digests(CK_FUNCTION_LIST_PTR pflist, - CK_SLOT_ID current_slot, int *current_slot_n_digest, int *local_digest_nids) - { - int i; - - for (i = 0; i < PK11_DIGEST_MAX; ++i) - { - pk11_get_digest(pflist, current_slot, current_slot_n_digest, - local_digest_nids, &digests[i]); - } - } - -#ifdef SOLARIS_HW_SLOT_SELECTION -/* - * It would be great if we could use pkcs11_kernel directly since this library - * offers hardware slots only. That's the easiest way to achieve the situation - * where we use the hardware accelerators when present and OpenSSL native code - * otherwise. That presumes the fact that OpenSSL native code is faster than the - * code in the soft token. It's a logical assumption - Crypto Framework has some - * inherent overhead so going there for the software implementation of a - * mechanism should be logically slower in contrast to the OpenSSL native code, - * presuming that both implementations are of similar speed. For example, the - * soft token for AES is roughly three times slower than OpenSSL for 64 byte - * blocks and still 20% slower for 8KB blocks. So, if we want to ship products - * that use the PKCS#11 engine by default, we must somehow avoid that regression - * on machines without hardware acceleration. That's why switching to the - * pkcs11_kernel library seems like a very good idea. - * - * The problem is that OpenSSL built with SunStudio is roughly 2x slower for - * asymmetric operations (RSA/DSA/DH) than the soft token built with the same - * compiler. That means that if we switched to pkcs11_kernel from the libpkcs11 - * library, we would have had a performance regression on machines without - * hardware acceleration for asymmetric operations for all applications that use - * the PKCS#11 engine. There is one such application - Apache web server since - * it's shipped configured to use the PKCS#11 engine by default. Having said - * that, we can't switch to the pkcs11_kernel library now and have to come with - * a solution that, on non-accelerated machines, uses the OpenSSL native code - * for all symmetric ciphers and digests while it uses the soft token for - * asymmetric operations. - * - * This is the idea: dlopen() pkcs11_kernel directly and find out what - * mechanisms are there. We don't care about duplications (more slots can - * support the same mechanism), we just want to know what mechanisms can be - * possibly supported in hardware on that particular machine. As said before, - * pkcs11_kernel will show you hardware providers only. - * - * Then, we rely on the fact that since we use libpkcs11 library we will find - * the metaslot. When we go through the metaslot's mechanisms for symmetric - * ciphers and digests, we check that any found mechanism is in the table - * created using the pkcs11_kernel library. So, as a result we have two arrays - * of mechanisms that were advertised as supported in hardware which was the - * goal of that whole exercise. Thus, we can use libpkcs11 but avoid soft token - * code for symmetric ciphers and digests. See pk11_choose_slots() for more - * information. - * - * This is Solaris specific code, if SOLARIS_HW_SLOT_SELECTION is not defined - * the code won't be used. - */ -#if defined(__sparcv9) || defined(__x86_64) || defined(__amd64) -static const char pkcs11_kernel[] = "/usr/lib/security/64/pkcs11_kernel.so.1"; -#else -static const char pkcs11_kernel[] = "/usr/lib/security/pkcs11_kernel.so.1"; -#endif - -/* - * Check hardware capabilities of the machines. The output are two lists, - * hw_cnids and hw_dnids, that contain hardware mechanisms found in all hardware - * providers together. They are not sorted and may contain duplicate mechanisms. - */ -static int check_hw_mechanisms(void) - { - int i; - CK_RV rv; - void *handle; - CK_C_GetFunctionList p; - CK_TOKEN_INFO token_info; - CK_ULONG ulSlotCount = 0; - int n_cipher = 0, n_digest = 0; - CK_FUNCTION_LIST_PTR pflist = NULL; - CK_SLOT_ID_PTR pSlotList = NULL_PTR; - int *tmp_hw_cnids = NULL, *tmp_hw_dnids = NULL; - int hw_ctable_size, hw_dtable_size; - - DEBUG_SLOT_SEL("%s: SOLARIS_HW_SLOT_SELECTION code running\n", - PK11_DBG); - /* - * Use RTLD_GROUP to limit the pkcs11_kernel provider to its own - * symbols, which prevents it from mistakenly accessing C_* functions - * from the top-level PKCS#11 library. - */ - if ((handle = dlopen(pkcs11_kernel, RTLD_LAZY | RTLD_GROUP)) == NULL) - { - PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE); - goto err; - } - - if ((p = (CK_C_GetFunctionList)dlsym(handle, - PK11_GET_FUNCTION_LIST)) == NULL) - { - PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE); - goto err; - } - - /* get the full function list from the loaded library */ - if (p(&pflist) != CKR_OK) - { - PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE); - goto err; - } - - rv = pflist->C_Initialize(NULL_PTR); - if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED)) - { - PK11err_add_data(PK11_F_CHECK_HW_MECHANISMS, - PK11_R_INITIALIZE, rv); - goto err; - } - - if (pflist->C_GetSlotList(0, NULL_PTR, &ulSlotCount) != CKR_OK) - { - PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_GETSLOTLIST); - goto err; - } - - /* no slots, set the hw mechanism tables as empty */ - if (ulSlotCount == 0) - { - DEBUG_SLOT_SEL("%s: no hardware mechanisms found\n", PK11_DBG); - hw_cnids = OPENSSL_malloc(sizeof (int)); - hw_dnids = OPENSSL_malloc(sizeof (int)); - if (hw_cnids == NULL || hw_dnids == NULL) - { - PK11err(PK11_F_CHECK_HW_MECHANISMS, - PK11_R_MALLOC_FAILURE); - return (0); - } - /* this means empty tables */ - hw_cnids[0] = NID_undef; - hw_dnids[0] = NID_undef; - return (1); - } - - pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID)); - if (pSlotList == NULL) - { - PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_MALLOC_FAILURE); - goto err; - } - - /* Get the slot list for processing */ - if (pflist->C_GetSlotList(0, pSlotList, &ulSlotCount) != CKR_OK) - { - PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_GETSLOTLIST); - goto err; - } - - /* - * We don't care about duplicate mechanisms in multiple slots and also - * reserve one slot for the terminal NID_undef which we use to stop the - * search. - */ - hw_ctable_size = ulSlotCount * PK11_CIPHER_MAX + 1; - hw_dtable_size = ulSlotCount * PK11_DIGEST_MAX + 1; - tmp_hw_cnids = OPENSSL_malloc(hw_ctable_size * sizeof (int)); - tmp_hw_dnids = OPENSSL_malloc(hw_dtable_size * sizeof (int)); - if (tmp_hw_cnids == NULL || tmp_hw_dnids == NULL) - { - PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_MALLOC_FAILURE); - goto err; - } - - /* - * Do not use memset since we should not rely on the fact that NID_undef - * is zero now. - */ - for (i = 0; i < hw_ctable_size; ++i) - tmp_hw_cnids[i] = NID_undef; - for (i = 0; i < hw_dtable_size; ++i) - tmp_hw_dnids[i] = NID_undef; - - DEBUG_SLOT_SEL("%s: provider: %s\n", PK11_DBG, pkcs11_kernel); - DEBUG_SLOT_SEL("%s: found %d hardware slots\n", PK11_DBG, ulSlotCount); - DEBUG_SLOT_SEL("%s: now looking for mechs supported in hw\n", - PK11_DBG); - - for (i = 0; i < ulSlotCount; i++) - { - if (pflist->C_GetTokenInfo(pSlotList[i], &token_info) != CKR_OK) - continue; - - DEBUG_SLOT_SEL("%s: token label: %.32s\n", PK11_DBG, - token_info.label); - - /* - * We are filling the hw mech tables here. Global tables are - * still NULL so all mechanisms are put into tmp tables. - */ - pk11_find_symmetric_ciphers(pflist, pSlotList[i], - &n_cipher, tmp_hw_cnids); - pk11_find_digests(pflist, pSlotList[i], - &n_digest, tmp_hw_dnids); - } - - /* - * Since we are part of a library (libcrypto.so), calling this function - * may have side-effects. Also, C_Finalize() is triggered by - * dlclose(3C). - */ -#if 0 - pflist->C_Finalize(NULL); -#endif - OPENSSL_free(pSlotList); - (void) dlclose(handle); - hw_cnids = tmp_hw_cnids; - hw_dnids = tmp_hw_dnids; - - DEBUG_SLOT_SEL("%s: hw mechs check complete\n", PK11_DBG); - return (1); - -err: - if (pSlotList != NULL) - OPENSSL_free(pSlotList); - if (tmp_hw_cnids != NULL) - OPENSSL_free(tmp_hw_cnids); - if (tmp_hw_dnids != NULL) - OPENSSL_free(tmp_hw_dnids); - - return (0); - } - -/* - * Check presence of a NID in the table of NIDs unless the mechanism is - * supported directly in a CPU instruction set. The table may be NULL (i.e., - * non-existent). - */ -static int nid_in_table(int nid, int *nid_table) - { - int i = 0; - - /* - * Special case first. NULL means that we are initializing a new table. - */ - if (nid_table == NULL) - return (1); - - /* - * If we have an AES instruction set on SPARC we route everything - * through the Crypto Framework (ie., through pkcs11_softtoken in this - * case). This is for T4 which has HW instructions for AES, DES, MD5, - * SHA1, SHA256, SHA512, MONTMUL, and MPMUL. - * - * On Intel, if we have AES-NI instruction set we route AES to the - * Crypto Framework. Intel CPUs do not have other instruction sets for - * HW crypto acceleration so we check the HW NID table for any other - * mechanism. - */ -#if defined(__x86) - if (hw_aes_instruction_set_present() == 1) - { - switch (nid) - { - case NID_aes_128_ecb: - case NID_aes_192_ecb: - case NID_aes_256_ecb: - case NID_aes_128_cbc: - case NID_aes_192_cbc: - case NID_aes_256_cbc: - return (1); - } - /* - * These are variables, cannot be used as case expressions. - */ - if (nid == NID_aes_128_ctr || - nid == NID_aes_192_ctr || - nid == NID_aes_256_ctr) - { - return (1); - } - } -#elif defined(__sparc) - if (hw_aes_instruction_set_present() == 1) - return (1); -#endif - - /* The table is never full, there is always at least one NID_undef. */ - while (nid_table[i] != NID_undef) - { - if (nid_table[i++] == nid) - { - DEBUG_SLOT_SEL(" (NID %d in hw table, idx %d)", nid, i); - return (1); - } - } - - return (0); - } - -/* Do we have an AES instruction set? */ -static int -hw_aes_instruction_set_present(void) - { - static int present = -1; - - if (present == -1) - { - uint_t ui = 0; - - (void) getisax(&ui, 1); - -#if defined(__amd64) || defined(__i386) - present = (ui & AV_386_AES) > 0; -#elif defined(__sparc) - present = (ui & (AV_SPARC_AES|AV_SPARC_FJAES)) > 0; -#endif - } - - return (present); - } - -#endif /* SOLARIS_HW_SLOT_SELECTION */ - -#endif /* OPENSSL_NO_HW_PK11 */ -#endif /* OPENSSL_NO_HW */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/engines/pkcs11/hw_pk11.h --- a/components/openssl/openssl-1.0.0/engines/pkcs11/hw_pk11.h Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,257 +0,0 @@ -/* - * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved. - */ - -/* crypto/engine/hw_pk11.h */ -/* - * This product includes software developed by the OpenSSL Project for - * use in the OpenSSL Toolkit (http://www.openssl.org/). - * - * This project also referenced hw_pkcs11-0.9.7b.patch written by - * Afchine Madjlessi. - */ -/* - * ==================================================================== - * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HW_PK11_H -#define HW_PK11_H - -#include "hw_pk11_err.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/* max byte length of a symmetric key we support */ -#define PK11_KEY_LEN_MAX 32 - -/* - * This structure encapsulates all reusable information for a PKCS#11 - * session. A list of these objects is created on behalf of the - * calling application using an on-demand method. Each operation - * type (see PK11_OPTYPE below) has its own per-process list. - * Each of the lists is basically a cache for faster PKCS#11 object - * access to avoid expensive C_Find{,Init,Final}Object() calls. - * - * When a new request comes in, an object will be taken from the list - * (if there is one) or a new one is created to handle the request - * (if the list is empty). See pk11_get_session() on how it is done. - */ -typedef struct PK11_st_SESSION - { - struct PK11_st_SESSION *next; - CK_SESSION_HANDLE session; /* PK11 session handle */ - pid_t pid; /* Current process ID */ - CK_BBOOL persistent; /* is that a keystore object? */ - union - { -#ifndef OPENSSL_NO_RSA - struct - { - CK_OBJECT_HANDLE rsa_pub_key; /* pub handle */ - CK_OBJECT_HANDLE rsa_priv_key; /* priv handle */ - RSA *rsa_pub; /* pub key addr */ - BIGNUM *rsa_n_num; /* pub modulus */ - BIGNUM *rsa_e_num; /* pub exponent */ - RSA *rsa_priv; /* priv key addr */ - BIGNUM *rsa_d_num; /* priv exponent */ - } u_RSA; -#endif /* OPENSSL_NO_RSA */ -#ifndef OPENSSL_NO_DSA - struct - { - CK_OBJECT_HANDLE dsa_pub_key; /* pub handle */ - CK_OBJECT_HANDLE dsa_priv_key; /* priv handle */ - DSA *dsa_pub; /* pub key addr */ - BIGNUM *dsa_pub_num; /* pub key */ - DSA *dsa_priv; /* priv key addr */ - BIGNUM *dsa_priv_num; /* priv key */ - } u_DSA; -#endif /* OPENSSL_NO_DSA */ -#ifndef OPENSSL_NO_DH - struct - { - CK_OBJECT_HANDLE dh_key; /* key handle */ - DH *dh; /* dh key addr */ - BIGNUM *dh_priv_num; /* priv dh key */ - } u_DH; -#endif /* OPENSSL_NO_DH */ - struct - { - CK_OBJECT_HANDLE cipher_key; /* key handle */ - unsigned char key[PK11_KEY_LEN_MAX]; - int key_len; /* priv key len */ - int encrypt; /* 1/0 enc/decr */ - } u_cipher; - } opdata_u; - } PK11_SESSION; - -#define opdata_rsa_pub_key opdata_u.u_RSA.rsa_pub_key -#define opdata_rsa_priv_key opdata_u.u_RSA.rsa_priv_key -#define opdata_rsa_pub opdata_u.u_RSA.rsa_pub -#define opdata_rsa_priv opdata_u.u_RSA.rsa_priv -#define opdata_rsa_n_num opdata_u.u_RSA.rsa_n_num -#define opdata_rsa_e_num opdata_u.u_RSA.rsa_e_num -#define opdata_rsa_d_num opdata_u.u_RSA.rsa_d_num -#define opdata_dsa_pub_key opdata_u.u_DSA.dsa_pub_key -#define opdata_dsa_priv_key opdata_u.u_DSA.dsa_priv_key -#define opdata_dsa_pub opdata_u.u_DSA.dsa_pub -#define opdata_dsa_pub_num opdata_u.u_DSA.dsa_pub_num -#define opdata_dsa_priv opdata_u.u_DSA.dsa_priv -#define opdata_dsa_priv_num opdata_u.u_DSA.dsa_priv_num -#define opdata_dh_key opdata_u.u_DH.dh_key -#define opdata_dh opdata_u.u_DH.dh -#define opdata_dh_priv_num opdata_u.u_DH.dh_priv_num -#define opdata_cipher_key opdata_u.u_cipher.cipher_key -#define opdata_key opdata_u.u_cipher.key -#define opdata_key_len opdata_u.u_cipher.key_len -#define opdata_encrypt opdata_u.u_cipher.encrypt - -/* - * We have 3 different groups of operation types: - * 1) asymmetric operations - * 2) random operations - * 3) symmetric and digest operations - * - * This division into groups stems from the fact that it's common that hardware - * providers may support operations from one group only. For example, hardware - * providers on UltraSPARC T2, n2rng(7d), ncp(7d), and n2cp(7d), each support - * only a single group of operations. - * - * For every group a different slot can be chosen. That means that we must have - * at least 3 different lists of cached PKCS#11 sessions since sessions from - * different groups may be initialized in different slots. - * - * To provide locking granularity in multithreaded environment, the groups are - * further split into types with each type having a separate session cache. - */ -typedef enum PK11_OPTYPE_ENUM - { - OP_RAND, - OP_RSA, - OP_DSA, - OP_DH, - OP_CIPHER, - OP_DIGEST, - OP_MAX - } PK11_OPTYPE; - -/* - * This structure contains the heads of the lists forming the object caches - * and locks associated with the lists. - */ -typedef struct PK11_st_CACHE - { - PK11_SESSION *head; - pthread_mutex_t *lock; - } PK11_CACHE; - -/* structure for tracking handles of asymmetric key objects */ -typedef struct PK11_active_st - { - CK_OBJECT_HANDLE h; - unsigned int refcnt; - struct PK11_active_st *prev; - struct PK11_active_st *next; - } PK11_active; - -extern pthread_mutex_t *find_lock[]; -extern PK11_active *active_list[]; -/* - * These variables are specific for the RSA keys by reference code. See - * hw_pk11_pub.c for explanation. - */ -extern char *passphrasedialog; -extern CK_FLAGS pubkey_token_flags; - -#define LOCK_OBJSTORE(alg_type) \ - (void) pthread_mutex_lock(find_lock[alg_type]) -#define UNLOCK_OBJSTORE(alg_type) \ - (void) pthread_mutex_unlock(find_lock[alg_type]) - -extern PK11_SESSION *pk11_get_session(PK11_OPTYPE optype); -extern void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype); - -#ifndef OPENSSL_NO_RSA -extern int pk11_destroy_rsa_key_objects(PK11_SESSION *session); -extern int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock); -extern int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock); -extern EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *pubkey_file, - UI_METHOD *ui_method, void *callback_data); -extern EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file, - UI_METHOD *ui_method, void *callback_data); -extern RSA_METHOD *PK11_RSA(void); -#endif /* OPENSSL_NO_RSA */ -#ifndef OPENSSL_NO_DSA -extern int pk11_destroy_dsa_key_objects(PK11_SESSION *session); -extern int pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock); -extern int pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock); -extern DSA_METHOD *PK11_DSA(void); -#endif /* OPENSSL_NO_DSA */ -#ifndef OPENSSL_NO_DH -extern int pk11_destroy_dh_key_objects(PK11_SESSION *session); -extern int pk11_destroy_dh_object(PK11_SESSION *sp, CK_BBOOL uselock); -extern DH_METHOD *PK11_DH(void); -#endif /* OPENSSL_NO_DH */ - -extern int pk11_engine_pkey_methods(ENGINE *e, EVP_PKEY_METHOD **pmeth, - const int **nids, int nid); - -extern CK_FUNCTION_LIST_PTR pFuncList; - -#ifdef __cplusplus -} -#endif -#endif /* HW_PK11_H */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/engines/pkcs11/hw_pk11_err.c --- a/components/openssl/openssl-1.0.0/engines/pkcs11/hw_pk11_err.c Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,306 +0,0 @@ -/* - * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved. - */ - -/* crypto/engine/hw_pk11_err.c */ -/* - * This product includes software developed by the OpenSSL Project for - * use in the OpenSSL Toolkit (http://www.openssl.org/). - * - * This project also referenced hw_pkcs11-0.9.7b.patch written by - * Afchine Madjlessi. - */ -/* - * ==================================================================== - * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include "hw_pk11_err.h" - -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA pk11_str_functs[]= -{ -{ ERR_PACK(0, PK11_F_INIT, 0), "PK11_INIT"}, -{ ERR_PACK(0, PK11_F_FINISH, 0), "PK11_FINISH"}, -{ ERR_PACK(0, PK11_F_DESTROY, 0), "PK11_DESTROY"}, -{ ERR_PACK(0, PK11_F_CTRL, 0), "PK11_CTRL"}, -{ ERR_PACK(0, PK11_F_RSA_INIT, 0), "PK11_RSA_INIT"}, -{ ERR_PACK(0, PK11_F_RSA_FINISH, 0), "PK11_RSA_FINISH"}, -{ ERR_PACK(0, PK11_F_GET_PUB_RSA_KEY, 0), "PK11_GET_PUB_RSA_KEY"}, -{ ERR_PACK(0, PK11_F_GET_PRIV_RSA_KEY, 0), "PK11_GET_PRIV_RSA_KEY"}, -{ ERR_PACK(0, PK11_F_RSA_GEN_KEY, 0), "PK11_RSA_GEN_KEY"}, -{ ERR_PACK(0, PK11_F_RSA_PUB_ENC, 0), "PK11_RSA_PUB_ENC"}, -{ ERR_PACK(0, PK11_F_RSA_PRIV_ENC, 0), "PK11_RSA_PRIV_ENC"}, -{ ERR_PACK(0, PK11_F_RSA_PUB_DEC, 0), "PK11_RSA_PUB_DEC"}, -{ ERR_PACK(0, PK11_F_RSA_PRIV_DEC, 0), "PK11_RSA_PRIV_DEC"}, -{ ERR_PACK(0, PK11_F_RSA_SIGN, 0), "PK11_RSA_SIGN"}, -{ ERR_PACK(0, PK11_F_RSA_VERIFY, 0), "PK11_RSA_VERIFY"}, -{ ERR_PACK(0, PK11_F_RAND_ADD, 0), "PK11_RAND_ADD"}, -{ ERR_PACK(0, PK11_F_RAND_BYTES, 0), "PK11_RAND_BYTES"}, -{ ERR_PACK(0, PK11_F_GET_SESSION, 0), "PK11_GET_SESSION"}, -{ ERR_PACK(0, PK11_F_FREE_SESSION, 0), "PK11_FREE_SESSION"}, -{ ERR_PACK(0, PK11_F_LOAD_PUBKEY, 0), "PK11_LOAD_PUBKEY"}, -{ ERR_PACK(0, PK11_F_LOAD_PRIVKEY, 0), "PK11_LOAD_PRIV_KEY"}, -{ ERR_PACK(0, PK11_F_RSA_PUB_ENC_LOW, 0), "PK11_RSA_PUB_ENC_LOW"}, -{ ERR_PACK(0, PK11_F_RSA_PRIV_ENC_LOW, 0), "PK11_RSA_PRIV_ENC_LOW"}, -{ ERR_PACK(0, PK11_F_RSA_PUB_DEC_LOW, 0), "PK11_RSA_PUB_DEC_LOW"}, -{ ERR_PACK(0, PK11_F_RSA_PRIV_DEC_LOW, 0), "PK11_RSA_PRIV_DEC_LOW"}, -{ ERR_PACK(0, PK11_F_DSA_SIGN, 0), "PK11_DSA_SIGN"}, -{ ERR_PACK(0, PK11_F_DSA_VERIFY, 0), "PK11_DSA_VERIFY"}, -{ ERR_PACK(0, PK11_F_DSA_INIT, 0), "PK11_DSA_INIT"}, -{ ERR_PACK(0, PK11_F_DSA_FINISH, 0), "PK11_DSA_FINISH"}, -{ ERR_PACK(0, PK11_F_GET_PUB_DSA_KEY, 0), "PK11_GET_PUB_DSA_KEY"}, -{ ERR_PACK(0, PK11_F_GET_PRIV_DSA_KEY, 0), "PK11_GET_PRIV_DSA_KEY"}, -{ ERR_PACK(0, PK11_F_DH_INIT, 0), "PK11_DH_INIT"}, -{ ERR_PACK(0, PK11_F_DH_FINISH, 0), "PK11_DH_FINISH"}, -{ ERR_PACK(0, PK11_F_MOD_EXP_DH, 0), "PK11_MOD_EXP_DH"}, -{ ERR_PACK(0, PK11_F_GET_DH_KEY, 0), "PK11_GET_DH_KEY"}, -{ ERR_PACK(0, PK11_F_FREE_ALL_SESSIONS, 0), "PK11_FREE_ALL_SESSIONS"}, -{ ERR_PACK(0, PK11_F_SETUP_SESSION, 0), "PK11_SETUP_SESSION"}, -{ ERR_PACK(0, PK11_F_DESTROY_OBJECT, 0), "PK11_DESTROY_OBJECT"}, -{ ERR_PACK(0, PK11_F_CIPHER_INIT, 0), "PK11_CIPHER_INIT"}, -{ ERR_PACK(0, PK11_F_CIPHER_DO_CIPHER, 0), "PK11_CIPHER_DO_CIPHER"}, -{ ERR_PACK(0, PK11_F_GET_CIPHER_KEY, 0), "PK11_GET_CIPHER_KEY"}, -{ ERR_PACK(0, PK11_F_DIGEST_INIT, 0), "PK11_DIGEST_INIT"}, -{ ERR_PACK(0, PK11_F_DIGEST_UPDATE, 0), "PK11_DIGEST_UPDATE"}, -{ ERR_PACK(0, PK11_F_DIGEST_FINAL, 0), "PK11_DIGEST_FINAL"}, -{ ERR_PACK(0, PK11_F_CHOOSE_SLOT, 0), "PK11_CHOOSE_SLOT"}, -{ ERR_PACK(0, PK11_F_CIPHER_FINAL, 0), "PK11_CIPHER_FINAL"}, -{ ERR_PACK(0, PK11_F_LIBRARY_INIT, 0), "PK11_LIBRARY_INIT"}, -{ ERR_PACK(0, PK11_F_LOAD, 0), "ENGINE_LOAD_PK11"}, -{ ERR_PACK(0, PK11_F_DH_GEN_KEY, 0), "PK11_DH_GEN_KEY"}, -{ ERR_PACK(0, PK11_F_DH_COMP_KEY, 0), "PK11_DH_COMP_KEY"}, -{ ERR_PACK(0, PK11_F_DIGEST_COPY, 0), "PK11_DIGEST_COPY"}, -{ ERR_PACK(0, PK11_F_CIPHER_CLEANUP, 0), "PK11_CIPHER_CLEANUP"}, -{ ERR_PACK(0, PK11_F_ACTIVE_ADD, 0), "PK11_ACTIVE_ADD"}, -{ ERR_PACK(0, PK11_F_ACTIVE_DELETE, 0), "PK11_ACTIVE_DELETE"}, -{ ERR_PACK(0, PK11_F_CHECK_HW_MECHANISMS, 0), "PK11_CHECK_HW_MECHANISMS"}, -{ ERR_PACK(0, PK11_F_INIT_SYMMETRIC, 0), "PK11_INIT_SYMMETRIC"}, -{ ERR_PACK(0, PK11_F_ADD_AES_CTR_NIDS, 0), "PK11_ADD_AES_CTR_NIDS"}, -{ ERR_PACK(0, PK11_F_INIT_ALL_LOCKS, 0), "PK11_INIT_ALL_LOCKS"}, -{ ERR_PACK(0, PK11_F_RETURN_SESSION, 0), "PK11_RETURN_SESSION"}, -{ ERR_PACK(0, PK11_F_GET_PIN, 0), "PK11_GET_PIN"}, -{ ERR_PACK(0, PK11_F_FIND_ONE_OBJECT, 0), "PK11_FIND_ONE_OBJECT"}, -{ ERR_PACK(0, PK11_F_CHECK_TOKEN_ATTRS, 0), "PK11_CHECK_TOKEN_ATTRS"}, -{ ERR_PACK(0, PK11_F_CACHE_PIN, 0), "PK11_CACHE_PIN"}, -{ ERR_PACK(0, PK11_F_MLOCK_PIN_IN_MEMORY, 0), "PK11_MLOCK_PIN_IN_MEMORY"}, -{ ERR_PACK(0, PK11_F_TOKEN_LOGIN, 0), "PK11_TOKEN_LOGIN"}, -{ ERR_PACK(0, PK11_F_TOKEN_RELOGIN, 0), "PK11_TOKEN_RELOGIN"}, -{ ERR_PACK(0, PK11_F_RUN_ASKPASS, 0), "PK11_F_RUN_ASKPASS"}, -{ 0, NULL} -}; - -static ERR_STRING_DATA pk11_str_reasons[]= -{ -{ PK11_R_ALREADY_LOADED, "PKCS#11 DSO already loaded"}, -{ PK11_R_DSO_FAILURE, "unable to load PKCS#11 DSO"}, -{ PK11_R_NOT_LOADED, "PKCS#11 DSO not loaded"}, -{ PK11_R_PASSED_NULL_PARAMETER, "null parameter passed"}, -{ PK11_R_COMMAND_NOT_IMPLEMENTED, "command not implemented"}, -{ PK11_R_INITIALIZE, "C_Initialize failed"}, -{ PK11_R_FINALIZE, "C_Finalize failed"}, -{ PK11_R_GETINFO, "C_GetInfo faile"}, -{ PK11_R_GETSLOTLIST, "C_GetSlotList failed"}, -{ PK11_R_NO_MODULUS_OR_NO_EXPONENT, "no modulus or no exponent"}, -{ PK11_R_ATTRIBUT_SENSITIVE_OR_INVALID, "attr sensitive or invalid"}, -{ PK11_R_GETATTRIBUTVALUE, "C_GetAttributeValue failed"}, -{ PK11_R_NO_MODULUS, "no modulus"}, -{ PK11_R_NO_EXPONENT, "no exponent"}, -{ PK11_R_FINDOBJECTSINIT, "C_FindObjectsInit failed"}, -{ PK11_R_FINDOBJECTS, "C_FindObjects failed"}, -{ PK11_R_FINDOBJECTSFINAL, "C_FindObjectsFinal failed"}, -{ PK11_R_CREATEOBJECT, "C_CreateObject failed"}, -{ PK11_R_DESTROYOBJECT, "C_DestroyObject failed"}, -{ PK11_R_OPENSESSION, "C_OpenSession failed"}, -{ PK11_R_CLOSESESSION, "C_CloseSession failed"}, -{ PK11_R_ENCRYPTINIT, "C_EncryptInit failed"}, -{ PK11_R_ENCRYPT, "C_Encrypt failed"}, -{ PK11_R_SIGNINIT, "C_SignInit failed"}, -{ PK11_R_SIGN, "C_Sign failed"}, -{ PK11_R_DECRYPTINIT, "C_DecryptInit failed"}, -{ PK11_R_DECRYPT, "C_Decrypt failed"}, -{ PK11_R_VERIFYINIT, "C_VerifyRecover failed"}, -{ PK11_R_VERIFY, "C_Verify failed"}, -{ PK11_R_VERIFYRECOVERINIT, "C_VerifyRecoverInit failed"}, -{ PK11_R_VERIFYRECOVER, "C_VerifyRecover failed"}, -{ PK11_R_GEN_KEY, "C_GenerateKeyPair failed"}, -{ PK11_R_SEEDRANDOM, "C_SeedRandom failed"}, -{ PK11_R_GENERATERANDOM, "C_GenerateRandom failed"}, -{ PK11_R_INVALID_MESSAGE_LENGTH, "invalid message length"}, -{ PK11_R_UNKNOWN_ALGORITHM_TYPE, "unknown algorithm type"}, -{ PK11_R_UNKNOWN_ASN1_OBJECT_ID, "unknown asn1 onject id"}, -{ PK11_R_UNKNOWN_PADDING_TYPE, "unknown padding type"}, -{ PK11_R_PADDING_CHECK_FAILED, "padding check failed"}, -{ PK11_R_DIGEST_TOO_BIG, "digest too big"}, -{ PK11_R_MALLOC_FAILURE, "malloc failure"}, -{ PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED, "ctl command not implemented"}, -{ PK11_R_DATA_GREATER_THAN_MOD_LEN, "data is bigger than mod"}, -{ PK11_R_DATA_TOO_LARGE_FOR_MODULUS, "data is too larger for mod"}, -{ PK11_R_MISSING_KEY_COMPONENT, "a dsa component is missing"}, -{ PK11_R_INVALID_SIGNATURE_LENGTH, "invalid signature length"}, -{ PK11_R_INVALID_DSA_SIGNATURE_R, "missing r in dsa verify"}, -{ PK11_R_INVALID_DSA_SIGNATURE_S, "missing s in dsa verify"}, -{ PK11_R_INCONSISTENT_KEY, "inconsistent key type"}, -{ PK11_R_ENCRYPTUPDATE, "C_EncryptUpdate failed"}, -{ PK11_R_DECRYPTUPDATE, "C_DecryptUpdate failed"}, -{ PK11_R_DIGESTINIT, "C_DigestInit failed"}, -{ PK11_R_DIGESTUPDATE, "C_DigestUpdate failed"}, -{ PK11_R_DIGESTFINAL, "C_DigestFinal failed"}, -{ PK11_R_ENCRYPTFINAL, "C_EncryptFinal failed"}, -{ PK11_R_DECRYPTFINAL, "C_DecryptFinal failed"}, -{ PK11_R_NO_PRNG_SUPPORT, "Slot does not support PRNG"}, -{ PK11_R_GETTOKENINFO, "C_GetTokenInfo failed"}, -{ PK11_R_DERIVEKEY, "C_DeriveKey failed"}, -{ PK11_R_GET_OPERATION_STATE, "C_GetOperationState failed"}, -{ PK11_R_SET_OPERATION_STATE, "C_SetOperationState failed"}, -{ PK11_R_INVALID_HANDLE, "invalid PKCS#11 object handle"}, -{ PK11_R_KEY_OR_IV_LEN_PROBLEM, "IV or key length incorrect"}, -{ PK11_R_INVALID_OPERATION_TYPE, "invalid operation type"}, -{ PK11_R_ADD_NID_FAILED, "failed to add NID" }, -{ PK11_R_ATFORK_FAILED, "atfork failed" }, -{ PK11_R_TOKEN_LOGIN_FAILED, "C_Login failed on token" }, -{ PK11_R_MORE_THAN_ONE_OBJECT_FOUND, "more than one object found" }, -{ PK11_R_INVALID_PKCS11_URI, "pkcs11 URI provided is invalid" }, -{ PK11_R_COULD_NOT_READ_PIN, "could not read PIN from terminal" }, -{ PK11_R_PIN_NOT_READ_FROM_COMMAND, "PIN not read from external command" }, -{ PK11_R_COULD_NOT_OPEN_COMMAND, "could not popen dialog command" }, -{ PK11_R_PIPE_FAILED, "pipe failed" }, -{ PK11_R_BAD_PASSPHRASE_SPEC, "bad passphrasedialog specification" }, -{ PK11_R_TOKEN_NOT_INITIALIZED, "token not initialized" }, -{ PK11_R_TOKEN_PIN_NOT_SET, "token PIN required but not set" }, -{ PK11_R_TOKEN_PIN_NOT_PROVIDED, "token PIN required but not provided" }, -{ PK11_R_MISSING_OBJECT_LABEL, "missing mandatory 'object' keyword" }, -{ PK11_R_TOKEN_ATTRS_DO_NOT_MATCH, "token attrs provided do not match" }, -{ PK11_R_PRIV_KEY_NOT_FOUND, "private key not found in keystore" }, -{ PK11_R_NO_OBJECT_FOUND, "specified object not found" }, -{ PK11_R_PIN_CACHING_POLICY_INVALID, "PIN set but caching policy invalid" }, -{ PK11_R_SYSCONF_FAILED, "sysconf failed" }, -{ PK11_R_MMAP_FAILED, "mmap failed" }, -{ PK11_R_PRIV_PROC_LOCK_MEMORY_MISSING, "PROC_LOCK_MEMORY privilege missing" }, -{ PK11_R_MLOCK_FAILED, "mlock failed" }, -{ PK11_R_FORK_FAILED, "fork failed" }, -{ 0, NULL} -}; -#endif /* OPENSSL_NO_ERR */ - -static int pk11_lib_error_code = 0; -static int pk11_error_init = 1; - -#ifdef PK11_ENGINE_LIB_NAME -static ERR_STRING_DATA pk11_engine_lib_name[] = -{ -{0, PK11_ENGINE_LIB_NAME}, -{0, NULL} -}; -#endif - -static void -ERR_load_pk11_strings(void) - { - if (pk11_lib_error_code == 0) - pk11_lib_error_code = ERR_get_next_error_library(); - - if (pk11_error_init) - { - pk11_error_init = 0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(pk11_lib_error_code, pk11_str_functs); - ERR_load_strings(pk11_lib_error_code, pk11_str_reasons); -#endif - -#ifdef PK11_ENGINE_LIB_NAME - pk11_engine_lib_name->error = - ERR_PACK(pk11_lib_error_code, 0, 0); - ERR_load_strings(0, pk11_engine_lib_name); -#endif - } -} - -static void -ERR_unload_pk11_strings(void) - { - if (pk11_error_init == 0) - { -#ifndef OPENSSL_NO_ERR - ERR_unload_strings(pk11_lib_error_code, pk11_str_functs); - ERR_unload_strings(pk11_lib_error_code, pk11_str_reasons); -#endif - -#ifdef PK11_ENGINE_LIB_NAME - ERR_unload_strings(0, pk11_engine_lib_name); -#endif - - pk11_error_init = 1; - } -} - -void -ERR_pk11_error(int function, int reason, char *file, int line) -{ - if (pk11_lib_error_code == 0) - pk11_lib_error_code = ERR_get_next_error_library(); - ERR_PUT_error(pk11_lib_error_code, function, reason, file, line); -} - -void -PK11err_add_data(int function, int reason, CK_RV rv) -{ - char tmp_buf[20]; - - PK11err(function, reason); - (void) snprintf(tmp_buf, sizeof (tmp_buf), "%lx", rv); - ERR_add_error_data(2, "PK11 CK_RV=0X", tmp_buf); -} diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/engines/pkcs11/hw_pk11_err.h --- a/components/openssl/openssl-1.0.0/engines/pkcs11/hw_pk11_err.h Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,242 +0,0 @@ -/* - * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved. - */ - -/* - * This product includes software developed by the OpenSSL Project for - * use in the OpenSSL Toolkit (http://www.openssl.org/). - * - * This project also referenced hw_pkcs11-0.9.7b.patch written by - * Afchine Madjlessi. - */ -/* - * ==================================================================== - * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HW_PK11_ERR_H -#define HW_PK11_ERR_H - -#ifdef __cplusplus -extern "C" { -#endif - -void ERR_pk11_error(int function, int reason, char *file, int line); -void PK11err_add_data(int function, int reason, CK_RV rv); -#define PK11err(f, r) ERR_pk11_error((f), (r), __FILE__, __LINE__) - -/* Error codes for the PK11 functions. */ - -/* Function codes. */ - -#define PK11_F_INIT 100 -#define PK11_F_FINISH 101 -#define PK11_F_DESTROY 102 -#define PK11_F_CTRL 103 -#define PK11_F_RSA_INIT 104 -#define PK11_F_RSA_FINISH 105 -#define PK11_F_GET_PUB_RSA_KEY 106 -#define PK11_F_GET_PRIV_RSA_KEY 107 -#define PK11_F_RSA_GEN_KEY 108 -#define PK11_F_RSA_PUB_ENC 109 -#define PK11_F_RSA_PRIV_ENC 110 -#define PK11_F_RSA_PUB_DEC 111 -#define PK11_F_RSA_PRIV_DEC 112 -#define PK11_F_RSA_SIGN 113 -#define PK11_F_RSA_VERIFY 114 -#define PK11_F_RAND_ADD 115 -#define PK11_F_RAND_BYTES 116 -#define PK11_F_GET_SESSION 117 -#define PK11_F_FREE_SESSION 118 -#define PK11_F_LOAD_PUBKEY 119 -#define PK11_F_LOAD_PRIVKEY 120 -#define PK11_F_RSA_PUB_ENC_LOW 121 -#define PK11_F_RSA_PRIV_ENC_LOW 122 -#define PK11_F_RSA_PUB_DEC_LOW 123 -#define PK11_F_RSA_PRIV_DEC_LOW 124 -#define PK11_F_DSA_SIGN 125 -#define PK11_F_DSA_VERIFY 126 -#define PK11_F_DSA_INIT 127 -#define PK11_F_DSA_FINISH 128 -#define PK11_F_GET_PUB_DSA_KEY 129 -#define PK11_F_GET_PRIV_DSA_KEY 130 -#define PK11_F_DH_INIT 131 -#define PK11_F_DH_FINISH 132 -#define PK11_F_MOD_EXP_DH 133 -#define PK11_F_GET_DH_KEY 134 -#define PK11_F_FREE_ALL_SESSIONS 135 -#define PK11_F_SETUP_SESSION 136 -#define PK11_F_DESTROY_OBJECT 137 -#define PK11_F_CIPHER_INIT 138 -#define PK11_F_CIPHER_DO_CIPHER 139 -#define PK11_F_GET_CIPHER_KEY 140 -#define PK11_F_DIGEST_INIT 141 -#define PK11_F_DIGEST_UPDATE 142 -#define PK11_F_DIGEST_FINAL 143 -#define PK11_F_CHOOSE_SLOT 144 -#define PK11_F_CIPHER_FINAL 145 -#define PK11_F_LIBRARY_INIT 146 -#define PK11_F_LOAD 147 -#define PK11_F_DH_GEN_KEY 148 -#define PK11_F_DH_COMP_KEY 149 -#define PK11_F_DIGEST_COPY 150 -#define PK11_F_CIPHER_CLEANUP 151 -#define PK11_F_ACTIVE_ADD 152 -#define PK11_F_ACTIVE_DELETE 153 -#define PK11_F_CHECK_HW_MECHANISMS 154 -#define PK11_F_INIT_SYMMETRIC 155 -#define PK11_F_ADD_AES_CTR_NIDS 156 -#define PK11_F_INIT_ALL_LOCKS 157 -#define PK11_F_RETURN_SESSION 158 -#define PK11_F_GET_PIN 159 -#define PK11_F_FIND_ONE_OBJECT 160 -#define PK11_F_CHECK_TOKEN_ATTRS 161 -#define PK11_F_CACHE_PIN 162 -#define PK11_F_MLOCK_PIN_IN_MEMORY 163 -#define PK11_F_TOKEN_LOGIN 164 -#define PK11_F_TOKEN_RELOGIN 165 -#define PK11_F_RUN_ASKPASS 166 - -/* Reason codes. */ -#define PK11_R_ALREADY_LOADED 100 -#define PK11_R_DSO_FAILURE 101 -#define PK11_R_NOT_LOADED 102 -#define PK11_R_PASSED_NULL_PARAMETER 103 -#define PK11_R_COMMAND_NOT_IMPLEMENTED 104 -#define PK11_R_INITIALIZE 105 -#define PK11_R_FINALIZE 106 -#define PK11_R_GETINFO 107 -#define PK11_R_GETSLOTLIST 108 -#define PK11_R_NO_MODULUS_OR_NO_EXPONENT 109 -#define PK11_R_ATTRIBUT_SENSITIVE_OR_INVALID 110 -#define PK11_R_GETATTRIBUTVALUE 111 -#define PK11_R_NO_MODULUS 112 -#define PK11_R_NO_EXPONENT 113 -#define PK11_R_FINDOBJECTSINIT 114 -#define PK11_R_FINDOBJECTS 115 -#define PK11_R_FINDOBJECTSFINAL 116 -#define PK11_R_CREATEOBJECT 118 -#define PK11_R_DESTROYOBJECT 119 -#define PK11_R_OPENSESSION 120 -#define PK11_R_CLOSESESSION 121 -#define PK11_R_ENCRYPTINIT 122 -#define PK11_R_ENCRYPT 123 -#define PK11_R_SIGNINIT 124 -#define PK11_R_SIGN 125 -#define PK11_R_DECRYPTINIT 126 -#define PK11_R_DECRYPT 127 -#define PK11_R_VERIFYINIT 128 -#define PK11_R_VERIFY 129 -#define PK11_R_VERIFYRECOVERINIT 130 -#define PK11_R_VERIFYRECOVER 131 -#define PK11_R_GEN_KEY 132 -#define PK11_R_SEEDRANDOM 133 -#define PK11_R_GENERATERANDOM 134 -#define PK11_R_INVALID_MESSAGE_LENGTH 135 -#define PK11_R_UNKNOWN_ALGORITHM_TYPE 136 -#define PK11_R_UNKNOWN_ASN1_OBJECT_ID 137 -#define PK11_R_UNKNOWN_PADDING_TYPE 138 -#define PK11_R_PADDING_CHECK_FAILED 139 -#define PK11_R_DIGEST_TOO_BIG 140 -#define PK11_R_MALLOC_FAILURE 141 -#define PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED 142 -#define PK11_R_DATA_GREATER_THAN_MOD_LEN 143 -#define PK11_R_DATA_TOO_LARGE_FOR_MODULUS 144 -#define PK11_R_MISSING_KEY_COMPONENT 145 -#define PK11_R_INVALID_SIGNATURE_LENGTH 146 -#define PK11_R_INVALID_DSA_SIGNATURE_R 147 -#define PK11_R_INVALID_DSA_SIGNATURE_S 148 -#define PK11_R_INCONSISTENT_KEY 149 -#define PK11_R_ENCRYPTUPDATE 150 -#define PK11_R_DECRYPTUPDATE 151 -#define PK11_R_DIGESTINIT 152 -#define PK11_R_DIGESTUPDATE 153 -#define PK11_R_DIGESTFINAL 154 -#define PK11_R_ENCRYPTFINAL 155 -#define PK11_R_DECRYPTFINAL 156 -#define PK11_R_NO_PRNG_SUPPORT 157 -#define PK11_R_GETTOKENINFO 158 -#define PK11_R_DERIVEKEY 159 -#define PK11_R_GET_OPERATION_STATE 160 -#define PK11_R_SET_OPERATION_STATE 161 -#define PK11_R_INVALID_HANDLE 162 -#define PK11_R_KEY_OR_IV_LEN_PROBLEM 163 -#define PK11_R_INVALID_OPERATION_TYPE 164 -#define PK11_R_ADD_NID_FAILED 165 -#define PK11_R_ATFORK_FAILED 166 -#define PK11_R_TOKEN_LOGIN_FAILED 167 -#define PK11_R_MORE_THAN_ONE_OBJECT_FOUND 168 -#define PK11_R_INVALID_PKCS11_URI 169 -#define PK11_R_COULD_NOT_READ_PIN 170 -#define PK11_R_COULD_NOT_OPEN_COMMAND 171 -#define PK11_R_PIPE_FAILED 172 -#define PK11_R_PIN_NOT_READ_FROM_COMMAND 173 -#define PK11_R_BAD_PASSPHRASE_SPEC 174 -#define PK11_R_TOKEN_NOT_INITIALIZED 175 -#define PK11_R_TOKEN_PIN_NOT_SET 176 -#define PK11_R_TOKEN_PIN_NOT_PROVIDED 177 -#define PK11_R_MISSING_OBJECT_LABEL 178 -#define PK11_R_TOKEN_ATTRS_DO_NOT_MATCH 179 -#define PK11_R_PRIV_KEY_NOT_FOUND 180 -#define PK11_R_NO_OBJECT_FOUND 181 -#define PK11_R_PIN_CACHING_POLICY_INVALID 182 -#define PK11_R_SYSCONF_FAILED 183 -#define PK11_R_MMAP_FAILED 183 -#define PK11_R_PRIV_PROC_LOCK_MEMORY_MISSING 184 -#define PK11_R_MLOCK_FAILED 185 -#define PK11_R_FORK_FAILED 186 - -#ifdef __cplusplus -} -#endif -#endif /* HW_PK11_ERR_H */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/engines/pkcs11/hw_pk11_pub.c --- a/components/openssl/openssl-1.0.0/engines/pkcs11/hw_pk11_pub.c Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,3277 +0,0 @@ -/* - * Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved. - */ - -/* crypto/engine/hw_pk11_pub.c */ -/* - * This product includes software developed by the OpenSSL Project for - * use in the OpenSSL Toolkit (http://www.openssl.org/). - * - * This project also referenced hw_pkcs11-0.9.7b.patch written by - * Afchine Madjlessi. - */ -/* - * ==================================================================== - * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#ifndef OPENSSL_NO_RSA -#include -#endif /* OPENSSL_NO_RSA */ -#ifndef OPENSSL_NO_DSA -#include -#endif /* OPENSSL_NO_DSA */ -#ifndef OPENSSL_NO_DH -#include -#endif /* OPENSSL_NO_DH */ -#include -#include -#include -#include -#include -#include - -#ifndef OPENSSL_NO_HW -#ifndef OPENSSL_NO_HW_PK11 - -#include -#include -#include "hw_pk11.h" -#include "hw_pk11_uri.h" - -static CK_BBOOL pk11_login_done = CK_FALSE; -extern CK_SLOT_ID pubkey_SLOTID; - -/* - * During the reinitialization after a detected fork we will try to login to the - * token using the passphrasedialog keyword that we inherit from the parent. - */ -char *passphrasedialog; - -#ifndef OPENSSL_NO_RSA -/* RSA stuff */ -static int pk11_RSA_public_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); -static int pk11_RSA_private_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); -static int pk11_RSA_public_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); -static int pk11_RSA_private_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding); -static int pk11_RSA_init(RSA *rsa); -static int pk11_RSA_finish(RSA *rsa); -static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, const RSA *rsa); -static int pk11_RSA_verify(int dtype, const unsigned char *m, - unsigned int m_len, const unsigned char *sigbuf, unsigned int siglen, - const RSA *rsa); -EVP_PKEY *pk11_load_privkey(ENGINE*, const char *privkey_id, - UI_METHOD *ui_method, void *callback_data); -EVP_PKEY *pk11_load_pubkey(ENGINE*, const char *pubkey_id, - UI_METHOD *ui_method, void *callback_data); - -static int pk11_RSA_public_encrypt_low(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa); -static int pk11_RSA_private_encrypt_low(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa); -static int pk11_RSA_public_decrypt_low(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa); -static int pk11_RSA_private_decrypt_low(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa); - -static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA* rsa, PK11_SESSION *sp); -static CK_OBJECT_HANDLE pk11_get_private_rsa_key(RSA* rsa, PK11_SESSION *sp); - -static int pk11_check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa); -static int pk11_check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa); -#endif - -/* DSA stuff */ -#ifndef OPENSSL_NO_DSA -static int pk11_DSA_init(DSA *dsa); -static int pk11_DSA_finish(DSA *dsa); -static DSA_SIG *pk11_dsa_do_sign(const unsigned char *dgst, int dlen, - DSA *dsa); -static int pk11_dsa_do_verify(const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa); - -static CK_OBJECT_HANDLE pk11_get_public_dsa_key(DSA* dsa, DSA **key_ptr, - BIGNUM **dsa_pub_num, CK_SESSION_HANDLE session); -static CK_OBJECT_HANDLE pk11_get_private_dsa_key(DSA* dsa, DSA **key_ptr, - BIGNUM **dsa_priv_num, CK_SESSION_HANDLE session); - -static int check_new_dsa_key_pub(PK11_SESSION *sp, DSA *dsa); -static int check_new_dsa_key_priv(PK11_SESSION *sp, DSA *dsa); -#endif - -/* DH stuff */ -#ifndef OPENSSL_NO_DH -static int pk11_DH_init(DH *dh); -static int pk11_DH_finish(DH *dh); -static int pk11_DH_generate_key(DH *dh); -static int pk11_DH_compute_key(unsigned char *key, - const BIGNUM *pub_key, DH *dh); - -static CK_OBJECT_HANDLE pk11_get_dh_key(DH* dh, DH **key_ptr, - BIGNUM **priv_key, CK_SESSION_HANDLE session); - -static int check_new_dh_key(PK11_SESSION *sp, DH *dh); -#endif - -static int find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s, - CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey); -static int init_template_value(BIGNUM *bn, CK_VOID_PTR *pValue, - CK_ULONG *ulValueLen); -static void attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn); - -static int pk11_pkey_meth_nids[] = {NID_dsa}; - -/* Read mode string to be used for fopen() */ -#if SOLARIS_OPENSSL -static char *read_mode_flags = "rF"; -#else -static char *read_mode_flags = "r"; -#endif - -/* - * Increment existing or create a new reference for an asymmetric key PKCS#11 - * object handle in the active object list. If the operation fails, unlock (if - * locked), set error variable and jump to the specified label. We use this list - * so that we can track how many references to the PKCS#11 objects are used from - * all our sessions structures. If we are replacing an object reference in the - * session structure and the ref count for the reference being replaced gets to - * 0 we know that we can safely free the object itself via C_ObjectDestroy(). - * See also TRY_OBJ_DESTROY. - */ -#define KEY_HANDLE_REFHOLD(key_handle, alg_type, unlock, var, label) \ - { \ - if (pk11_active_add(key_handle, alg_type) < 0) \ - { \ - var = CK_TRUE; \ - if (unlock) \ - UNLOCK_OBJSTORE(alg_type); \ - goto label; \ - } \ - } - -/* - * Find active list entry according to object handle and return pointer to the - * entry otherwise return NULL. - * - * This function presumes it is called with lock protecting the active list - * held. - */ -static PK11_active *pk11_active_find(CK_OBJECT_HANDLE h, PK11_OPTYPE type) - { - PK11_active *entry; - - for (entry = active_list[type]; entry != NULL; entry = entry->next) - if (entry->h == h) - return (entry); - - return (NULL); - } - -/* - * Search for an entry in the active list using PKCS#11 object handle as a - * search key and return refcnt of the found/created entry or -1 in case of - * failure. - * - * This function presumes it is called with lock protecting the active list - * held. - */ -int -pk11_active_add(CK_OBJECT_HANDLE h, PK11_OPTYPE type) - { - PK11_active *entry = NULL; - - if (h == CK_INVALID_HANDLE) - { - PK11err(PK11_F_ACTIVE_ADD, PK11_R_INVALID_HANDLE); - return (-1); - } - - /* search for entry in the active list */ - if ((entry = pk11_active_find(h, type)) != NULL) - entry->refcnt++; - else - { - /* not found, create new entry and add it to the list */ - entry = OPENSSL_malloc(sizeof (PK11_active)); - if (entry == NULL) - { - PK11err(PK11_F_ACTIVE_ADD, PK11_R_MALLOC_FAILURE); - return (-1); - } - entry->h = h; - entry->refcnt = 1; - entry->prev = NULL; - entry->next = NULL; - /* connect the newly created entry to the list */ - if (active_list[type] == NULL) - active_list[type] = entry; - else /* make the entry first in the list */ - { - entry->next = active_list[type]; - active_list[type]->prev = entry; - active_list[type] = entry; - } - } - - return (entry->refcnt); - } - -/* - * Remove active list entry from the list and free it. - * - * This function presumes it is called with lock protecting the active list - * held. - */ -void -pk11_active_remove(PK11_active *entry, PK11_OPTYPE type) - { - PK11_active *prev_entry; - - /* remove the entry from the list and free it */ - if ((prev_entry = entry->prev) != NULL) - { - prev_entry->next = entry->next; - if (entry->next != NULL) - entry->next->prev = prev_entry; - } - else - { - active_list[type] = entry->next; - /* we were the first but not the only one */ - if (entry->next != NULL) - entry->next->prev = NULL; - } - - /* sanitization */ - entry->h = CK_INVALID_HANDLE; - entry->prev = NULL; - entry->next = NULL; - OPENSSL_free(entry); - } - -/* Free all entries from the active list. */ -void -pk11_free_active_list(PK11_OPTYPE type) - { - PK11_active *entry; - - /* only for asymmetric types since only they have C_Find* locks. */ - switch (type) - { - case OP_RSA: - case OP_DSA: - case OP_DH: - break; - default: - return; - } - - /* see find_lock array definition for more info on object locking */ - LOCK_OBJSTORE(type); - while ((entry = active_list[type]) != NULL) - pk11_active_remove(entry, type); - UNLOCK_OBJSTORE(type); - } - -/* - * Search for active list entry associated with given PKCS#11 object handle, - * decrement its refcnt and if it drops to 0, disconnect the entry and free it. - * - * Return 1 if the PKCS#11 object associated with the entry has no references, - * return 0 if there is at least one reference, -1 on error. - * - * This function presumes it is called with lock protecting the active list - * held. - */ -int -pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type) - { - PK11_active *entry = NULL; - - if ((entry = pk11_active_find(h, type)) == NULL) - { - PK11err(PK11_F_ACTIVE_DELETE, PK11_R_INVALID_HANDLE); - return (-1); - } - - OPENSSL_assert(entry->refcnt > 0); - entry->refcnt--; - if (entry->refcnt == 0) - { - pk11_active_remove(entry, type); - return (1); - } - - return (0); - } - -#ifndef OPENSSL_NO_RSA -/* Our internal RSA_METHOD that we provide pointers to */ -static RSA_METHOD pk11_rsa = - { - "PKCS#11 RSA method", - pk11_RSA_public_encrypt, /* rsa_pub_encrypt */ - pk11_RSA_public_decrypt, /* rsa_pub_decrypt */ - pk11_RSA_private_encrypt, /* rsa_priv_encrypt */ - pk11_RSA_private_decrypt, /* rsa_priv_decrypt */ - NULL, /* rsa_mod_exp */ - NULL, /* bn_mod_exp */ - pk11_RSA_init, /* init */ - pk11_RSA_finish, /* finish */ - RSA_FLAG_SIGN_VER, /* flags */ - NULL, /* app_data */ - pk11_RSA_sign, /* rsa_sign */ - pk11_RSA_verify, /* rsa_verify */ - /* Internal rsa_keygen will be used if this is NULL. */ - NULL /* rsa_keygen */ - }; - -RSA_METHOD * -PK11_RSA(void) - { - return (&pk11_rsa); - } -#endif - -#ifndef OPENSSL_NO_DSA -/* Our internal DSA_METHOD that we provide pointers to */ -static DSA_METHOD pk11_dsa = - { - "PKCS#11 DSA method", - pk11_dsa_do_sign, /* dsa_do_sign */ - NULL, /* dsa_sign_setup */ - pk11_dsa_do_verify, /* dsa_do_verify */ - NULL, /* dsa_mod_exp */ - NULL, /* bn_mod_exp */ - pk11_DSA_init, /* init */ - pk11_DSA_finish, /* finish */ - 0, /* flags */ - NULL /* app_data */ - }; - -DSA_METHOD * -PK11_DSA(void) - { - return (&pk11_dsa); - } -#endif - -#ifndef OPENSSL_NO_DH -/* - * PKCS #11 V2.20, section 11.2 specifies that the number of bytes needed for - * output buffer may somewhat exceed the precise number of bytes needed, but - * should not exceed it by a large amount. That may be caused, for example, by - * rounding it up to multiple of X in the underlying bignum library. 8 should be - * enough. - */ -#define DH_BUF_RESERVE 8 - -/* Our internal DH_METHOD that we provide pointers to */ -static DH_METHOD pk11_dh = - { - "PKCS#11 DH method", - pk11_DH_generate_key, /* generate_key */ - pk11_DH_compute_key, /* compute_key */ - NULL, /* bn_mod_exp */ - pk11_DH_init, /* init */ - pk11_DH_finish, /* finish */ - 0, /* flags */ - NULL, /* app_data */ - NULL /* generate_params */ - }; - -DH_METHOD * -PK11_DH(void) - { - return (&pk11_dh); - } -#endif - -/* Size of an SSL signature: MD5+SHA1 */ -#define SSL_SIG_LENGTH 36 - -/* Lengths of DSA data and signature */ -#define DSA_DATA_LEN 20 -#define DSA_SIGNATURE_LEN 40 - -static CK_BBOOL pk11_true = CK_TRUE; -static CK_BBOOL pk11_false = CK_FALSE; - -#ifndef OPENSSL_NO_RSA -/* - * Similar to OpenSSL to take advantage of the paddings. The goal is to - * support all paddings in this engine although PK11 library does not - * support all the paddings used in OpenSSL. - * The input errors should have been checked in the padding functions. - */ -static int pk11_RSA_public_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) - { - int i, num = 0, r = -1; - unsigned char *buf = NULL; - - num = BN_num_bytes(rsa->n); - if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL) - { - PK11err(PK11_F_RSA_PUB_ENC, PK11_R_MALLOC_FAILURE); - goto err; - } - - switch (padding) - { - case RSA_PKCS1_PADDING: - i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen); - break; -#ifndef OPENSSL_NO_SHA - case RSA_PKCS1_OAEP_PADDING: - i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0); - break; -#endif - case RSA_SSLV23_PADDING: - i = RSA_padding_add_SSLv23(buf, num, from, flen); - break; - case RSA_NO_PADDING: - i = RSA_padding_add_none(buf, num, from, flen); - break; - default: - PK11err(PK11_F_RSA_PUB_ENC, PK11_R_UNKNOWN_PADDING_TYPE); - goto err; - } - if (i <= 0) goto err; - - /* PK11 functions are called here */ - r = pk11_RSA_public_encrypt_low(num, buf, to, rsa); -err: - if (buf != NULL) - { - OPENSSL_cleanse(buf, num); - OPENSSL_free(buf); - } - return (r); - } - - -/* - * Similar to Openssl to take advantage of the paddings. The input errors - * should be caught in the padding functions - */ -static int pk11_RSA_private_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) - { - int i, num = 0, r = -1; - unsigned char *buf = NULL; - - num = BN_num_bytes(rsa->n); - if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL) - { - PK11err(PK11_F_RSA_PRIV_ENC, PK11_R_MALLOC_FAILURE); - goto err; - } - - switch (padding) - { - case RSA_PKCS1_PADDING: - i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen); - break; - case RSA_NO_PADDING: - i = RSA_padding_add_none(buf, num, from, flen); - break; - case RSA_SSLV23_PADDING: - default: - PK11err(PK11_F_RSA_PRIV_ENC, PK11_R_UNKNOWN_PADDING_TYPE); - goto err; - } - if (i <= 0) goto err; - - /* PK11 functions are called here */ - r = pk11_RSA_private_encrypt_low(num, buf, to, rsa); -err: - if (buf != NULL) - { - OPENSSL_cleanse(buf, num); - OPENSSL_free(buf); - } - return (r); - } - -/* Similar to OpenSSL code. Input errors are also checked here */ -static int pk11_RSA_private_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) - { - BIGNUM f; - int j, num = 0, r = -1; - unsigned char *p; - unsigned char *buf = NULL; - - BN_init(&f); - - num = BN_num_bytes(rsa->n); - - if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL) - { - PK11err(PK11_F_RSA_PRIV_DEC, PK11_R_MALLOC_FAILURE); - goto err; - } - - /* - * This check was for equality but PGP does evil things - * and chops off the top '0' bytes - */ - if (flen > num) - { - PK11err(PK11_F_RSA_PRIV_DEC, - PK11_R_DATA_GREATER_THAN_MOD_LEN); - goto err; - } - - /* make data into a big number */ - if (BN_bin2bn(from, (int)flen, &f) == NULL) - goto err; - - if (BN_ucmp(&f, rsa->n) >= 0) - { - PK11err(PK11_F_RSA_PRIV_DEC, - PK11_R_DATA_TOO_LARGE_FOR_MODULUS); - goto err; - } - - /* PK11 functions are called here */ - r = pk11_RSA_private_decrypt_low(flen, from, buf, rsa); - - /* - * PK11 CKM_RSA_X_509 mechanism pads 0's at the beginning. - * Needs to skip these 0's paddings here. - */ - for (j = 0; j < r; j++) - if (buf[j] != 0) - break; - - p = buf + j; - j = r - j; /* j is only used with no-padding mode */ - - switch (padding) - { - case RSA_PKCS1_PADDING: - r = RSA_padding_check_PKCS1_type_2(to, num, p, j, num); - break; -#ifndef OPENSSL_NO_SHA - case RSA_PKCS1_OAEP_PADDING: - r = RSA_padding_check_PKCS1_OAEP(to, num, p, j, num, NULL, 0); - break; -#endif - case RSA_SSLV23_PADDING: - r = RSA_padding_check_SSLv23(to, num, p, j, num); - break; - case RSA_NO_PADDING: - r = RSA_padding_check_none(to, num, p, j, num); - break; - default: - PK11err(PK11_F_RSA_PRIV_DEC, PK11_R_UNKNOWN_PADDING_TYPE); - goto err; - } - if (r < 0) - PK11err(PK11_F_RSA_PRIV_DEC, PK11_R_PADDING_CHECK_FAILED); - -err: - BN_clear_free(&f); - if (buf != NULL) - { - OPENSSL_cleanse(buf, num); - OPENSSL_free(buf); - } - return (r); - } - -/* Similar to OpenSSL code. Input errors are also checked here */ -static int pk11_RSA_public_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) - { - BIGNUM f; - int i, num = 0, r = -1; - unsigned char *p; - unsigned char *buf = NULL; - - BN_init(&f); - num = BN_num_bytes(rsa->n); - buf = (unsigned char *)OPENSSL_malloc(num); - if (buf == NULL) - { - PK11err(PK11_F_RSA_PUB_DEC, PK11_R_MALLOC_FAILURE); - goto err; - } - - /* - * This check was for equality but PGP does evil things - * and chops off the top '0' bytes - */ - if (flen > num) - { - PK11err(PK11_F_RSA_PUB_DEC, PK11_R_DATA_GREATER_THAN_MOD_LEN); - goto err; - } - - if (BN_bin2bn(from, flen, &f) == NULL) - goto err; - - if (BN_ucmp(&f, rsa->n) >= 0) - { - PK11err(PK11_F_RSA_PUB_DEC, - PK11_R_DATA_TOO_LARGE_FOR_MODULUS); - goto err; - } - - /* PK11 functions are called here */ - r = pk11_RSA_public_decrypt_low(flen, from, buf, rsa); - - /* - * PK11 CKM_RSA_X_509 mechanism pads 0's at the beginning. - * Needs to skip these 0's here - */ - for (i = 0; i < r; i++) - if (buf[i] != 0) - break; - - p = buf + i; - i = r - i; /* i is only used with no-padding mode */ - - switch (padding) - { - case RSA_PKCS1_PADDING: - r = RSA_padding_check_PKCS1_type_1(to, num, p, i, num); - break; - case RSA_NO_PADDING: - r = RSA_padding_check_none(to, num, p, i, num); - break; - default: - PK11err(PK11_F_RSA_PUB_DEC, PK11_R_UNKNOWN_PADDING_TYPE); - goto err; - } - if (r < 0) - PK11err(PK11_F_RSA_PUB_DEC, PK11_R_PADDING_CHECK_FAILED); - -err: - BN_clear_free(&f); - if (buf != NULL) - { - OPENSSL_cleanse(buf, num); - OPENSSL_free(buf); - } - return (r); - } - -/* - * This function implements RSA public encryption using C_EncryptInit and - * C_Encrypt pk11 interfaces. Note that the CKM_RSA_X_509 is used here. - * The calling function allocated sufficient memory in "to" to store results. - */ -static int pk11_RSA_public_encrypt_low(int flen, - const unsigned char *from, unsigned char *to, RSA *rsa) - { - CK_ULONG bytes_encrypted = flen; - int retval = -1; - CK_RV rv; - CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0}; - CK_MECHANISM *p_mech = &mech_rsa; - CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE; - PK11_SESSION *sp; - - if ((sp = pk11_get_session(OP_RSA)) == NULL) - return (-1); - - (void) pk11_check_new_rsa_key_pub(sp, rsa); - - h_pub_key = sp->opdata_rsa_pub_key; - if (h_pub_key == CK_INVALID_HANDLE) - h_pub_key = sp->opdata_rsa_pub_key = - pk11_get_public_rsa_key(rsa, sp); - - if (h_pub_key != CK_INVALID_HANDLE) - { - rv = pFuncList->C_EncryptInit(sp->session, p_mech, - h_pub_key); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_RSA_PUB_ENC_LOW, - PK11_R_ENCRYPTINIT, rv); - pk11_return_session(sp, OP_RSA); - return (-1); - } - - rv = pFuncList->C_Encrypt(sp->session, - (unsigned char *)from, flen, to, &bytes_encrypted); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_RSA_PUB_ENC_LOW, - PK11_R_ENCRYPT, rv); - pk11_return_session(sp, OP_RSA); - return (-1); - } - retval = bytes_encrypted; - } - - pk11_return_session(sp, OP_RSA); - return (retval); - } - - -/* - * This function implements RSA private encryption using C_SignInit and - * C_Sign pk11 APIs. Note that CKM_RSA_X_509 is used here. - * The calling function allocated sufficient memory in "to" to store results. - */ -static int pk11_RSA_private_encrypt_low(int flen, - const unsigned char *from, unsigned char *to, RSA *rsa) - { - CK_ULONG ul_sig_len = flen; - int retval = -1; - CK_RV rv; - CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0}; - CK_MECHANISM *p_mech = &mech_rsa; - CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE; - PK11_SESSION *sp; - - if ((sp = pk11_get_session(OP_RSA)) == NULL) - return (-1); - - (void) pk11_check_new_rsa_key_priv(sp, rsa); - - h_priv_key = sp->opdata_rsa_priv_key; - if (h_priv_key == CK_INVALID_HANDLE) - h_priv_key = sp->opdata_rsa_priv_key = - pk11_get_private_rsa_key(rsa, sp); - - if (h_priv_key != CK_INVALID_HANDLE) - { - rv = pFuncList->C_SignInit(sp->session, p_mech, - h_priv_key); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_RSA_PRIV_ENC_LOW, - PK11_R_SIGNINIT, rv); - pk11_return_session(sp, OP_RSA); - return (-1); - } - - rv = pFuncList->C_Sign(sp->session, - (unsigned char *)from, flen, to, &ul_sig_len); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_RSA_PRIV_ENC_LOW, PK11_R_SIGN, - rv); - pk11_return_session(sp, OP_RSA); - return (-1); - } - - retval = ul_sig_len; - } - - pk11_return_session(sp, OP_RSA); - return (retval); - } - - -/* - * This function implements RSA private decryption using C_DecryptInit and - * C_Decrypt pk11 APIs. Note that CKM_RSA_X_509 mechanism is used here. - * The calling function allocated sufficient memory in "to" to store results. - */ -static int pk11_RSA_private_decrypt_low(int flen, - const unsigned char *from, unsigned char *to, RSA *rsa) - { - CK_ULONG bytes_decrypted = flen; - int retval = -1; - CK_RV rv; - CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0}; - CK_MECHANISM *p_mech = &mech_rsa; - CK_OBJECT_HANDLE h_priv_key; - PK11_SESSION *sp; - - if ((sp = pk11_get_session(OP_RSA)) == NULL) - return (-1); - - (void) pk11_check_new_rsa_key_priv(sp, rsa); - - h_priv_key = sp->opdata_rsa_priv_key; - if (h_priv_key == CK_INVALID_HANDLE) - h_priv_key = sp->opdata_rsa_priv_key = - pk11_get_private_rsa_key(rsa, sp); - - if (h_priv_key != CK_INVALID_HANDLE) - { - rv = pFuncList->C_DecryptInit(sp->session, p_mech, - h_priv_key); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_RSA_PRIV_DEC_LOW, - PK11_R_DECRYPTINIT, rv); - pk11_return_session(sp, OP_RSA); - return (-1); - } - - rv = pFuncList->C_Decrypt(sp->session, - (unsigned char *)from, flen, to, &bytes_decrypted); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_RSA_PRIV_DEC_LOW, - PK11_R_DECRYPT, rv); - pk11_return_session(sp, OP_RSA); - return (-1); - } - retval = bytes_decrypted; - } - - pk11_return_session(sp, OP_RSA); - return (retval); - } - - -/* - * This function implements RSA public decryption using C_VerifyRecoverInit - * and C_VerifyRecover pk11 APIs. Note that CKM_RSA_X_509 is used here. - * The calling function allocated sufficient memory in "to" to store results. - */ -static int pk11_RSA_public_decrypt_low(int flen, - const unsigned char *from, unsigned char *to, RSA *rsa) - { - CK_ULONG bytes_decrypted = flen; - int retval = -1; - CK_RV rv; - CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0}; - CK_MECHANISM *p_mech = &mech_rsa; - CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE; - PK11_SESSION *sp; - - if ((sp = pk11_get_session(OP_RSA)) == NULL) - return (-1); - - (void) pk11_check_new_rsa_key_pub(sp, rsa); - - h_pub_key = sp->opdata_rsa_pub_key; - if (h_pub_key == CK_INVALID_HANDLE) - h_pub_key = sp->opdata_rsa_pub_key = - pk11_get_public_rsa_key(rsa, sp); - - if (h_pub_key != CK_INVALID_HANDLE) - { - rv = pFuncList->C_VerifyRecoverInit(sp->session, - p_mech, h_pub_key); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_RSA_PUB_DEC_LOW, - PK11_R_VERIFYRECOVERINIT, rv); - pk11_return_session(sp, OP_RSA); - return (-1); - } - - rv = pFuncList->C_VerifyRecover(sp->session, - (unsigned char *)from, flen, to, &bytes_decrypted); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_RSA_PUB_DEC_LOW, - PK11_R_VERIFYRECOVER, rv); - pk11_return_session(sp, OP_RSA); - return (-1); - } - retval = bytes_decrypted; - } - - pk11_return_session(sp, OP_RSA); - return (retval); - } - -static int pk11_RSA_init(RSA *rsa) - { - /* - * This flag in the RSA_METHOD enables the new rsa_sign, - * rsa_verify functions. See rsa.h for details. - */ - rsa->flags |= RSA_FLAG_SIGN_VER; - - return (1); - } - -static int pk11_RSA_finish(RSA *rsa) - { - /* - * Since we are overloading OpenSSL's native RSA_eay_finish() we need - * to do the same as in the original function, i.e. to free bignum - * structures. - */ - if (rsa->_method_mod_n != NULL) - BN_MONT_CTX_free(rsa->_method_mod_n); - if (rsa->_method_mod_p != NULL) - BN_MONT_CTX_free(rsa->_method_mod_p); - if (rsa->_method_mod_q != NULL) - BN_MONT_CTX_free(rsa->_method_mod_q); - - return (1); - } - -/* - * Standard engine interface function. Majority codes here are from - * rsa/rsa_sign.c. We replaced the decrypt function call by C_Sign of PKCS#11. - * See more details in rsa/rsa_sign.c - */ -static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, const RSA *rsa) - { - X509_SIG sig; - ASN1_TYPE parameter; - int i, j; - unsigned char *p, *s = NULL; - X509_ALGOR algor; - ASN1_OCTET_STRING digest; - CK_RV rv; - CK_MECHANISM mech_rsa = {CKM_RSA_PKCS, NULL, 0}; - CK_MECHANISM *p_mech = &mech_rsa; - CK_OBJECT_HANDLE h_priv_key; - PK11_SESSION *sp = NULL; - int ret = 0; - unsigned long ulsiglen; - - /* Encode the digest */ - /* Special case: SSL signature, just check the length */ - if (type == NID_md5_sha1) - { - if (m_len != SSL_SIG_LENGTH) - { - PK11err(PK11_F_RSA_SIGN, - PK11_R_INVALID_MESSAGE_LENGTH); - goto err; - } - i = SSL_SIG_LENGTH; - s = (unsigned char *)m; - } - else - { - sig.algor = &algor; - sig.algor->algorithm = OBJ_nid2obj(type); - if (sig.algor->algorithm == NULL) - { - PK11err(PK11_F_RSA_SIGN, - PK11_R_UNKNOWN_ALGORITHM_TYPE); - goto err; - } - if (sig.algor->algorithm->length == 0) - { - PK11err(PK11_F_RSA_SIGN, - PK11_R_UNKNOWN_ASN1_OBJECT_ID); - goto err; - } - parameter.type = V_ASN1_NULL; - parameter.value.ptr = NULL; - sig.algor->parameter = ¶meter; - - sig.digest = &digest; - sig.digest->data = (unsigned char *)m; - sig.digest->length = m_len; - - i = i2d_X509_SIG(&sig, NULL); - } - - j = RSA_size(rsa); - if ((i - RSA_PKCS1_PADDING) > j) - { - PK11err(PK11_F_RSA_SIGN, PK11_R_DIGEST_TOO_BIG); - goto err; - } - - if (type != NID_md5_sha1) - { - s = (unsigned char *)OPENSSL_malloc((unsigned int)(j + 1)); - if (s == NULL) - { - PK11err(PK11_F_RSA_SIGN, PK11_R_MALLOC_FAILURE); - goto err; - } - p = s; - (void) i2d_X509_SIG(&sig, &p); - } - - if ((sp = pk11_get_session(OP_RSA)) == NULL) - goto err; - - (void) pk11_check_new_rsa_key_priv(sp, rsa); - - h_priv_key = sp->opdata_rsa_priv_key; - if (h_priv_key == CK_INVALID_HANDLE) - h_priv_key = sp->opdata_rsa_priv_key = - pk11_get_private_rsa_key((RSA *)rsa, sp); - - if (h_priv_key != CK_INVALID_HANDLE) - { - rv = pFuncList->C_SignInit(sp->session, p_mech, h_priv_key); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGNINIT, rv); - goto err; - } - - ulsiglen = j; - rv = pFuncList->C_Sign(sp->session, s, i, sigret, - (CK_ULONG_PTR) &ulsiglen); - *siglen = ulsiglen; - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGN, rv); - goto err; - } - ret = 1; - } - -err: - if (type != NID_md5_sha1) - { - (void) memset(s, 0, (unsigned int)(j + 1)); - OPENSSL_free(s); - } - - pk11_return_session(sp, OP_RSA); - return (ret); - } - -static int pk11_RSA_verify(int type, const unsigned char *m, - unsigned int m_len, const unsigned char *sigbuf, unsigned int siglen, - const RSA *rsa) - { - X509_SIG sig; - ASN1_TYPE parameter; - int i, j; - unsigned char *p, *s = NULL; - X509_ALGOR algor; - ASN1_OCTET_STRING digest; - CK_RV rv; - CK_MECHANISM mech_rsa = {CKM_RSA_PKCS, NULL, 0}; - CK_MECHANISM *p_mech = &mech_rsa; - CK_OBJECT_HANDLE h_pub_key; - PK11_SESSION *sp = NULL; - int ret = 0; - - /* Encode the digest */ - /* Special case: SSL signature, just check the length */ - if (type == NID_md5_sha1) - { - if (m_len != SSL_SIG_LENGTH) - { - PK11err(PK11_F_RSA_VERIFY, - PK11_R_INVALID_MESSAGE_LENGTH); - goto err; - } - i = SSL_SIG_LENGTH; - s = (unsigned char *)m; - } - else - { - sig.algor = &algor; - sig.algor->algorithm = OBJ_nid2obj(type); - if (sig.algor->algorithm == NULL) - { - PK11err(PK11_F_RSA_VERIFY, - PK11_R_UNKNOWN_ALGORITHM_TYPE); - goto err; - } - if (sig.algor->algorithm->length == 0) - { - PK11err(PK11_F_RSA_VERIFY, - PK11_R_UNKNOWN_ASN1_OBJECT_ID); - goto err; - } - parameter.type = V_ASN1_NULL; - parameter.value.ptr = NULL; - sig.algor->parameter = ¶meter; - sig.digest = &digest; - sig.digest->data = (unsigned char *)m; - sig.digest->length = m_len; - i = i2d_X509_SIG(&sig, NULL); - } - - j = RSA_size(rsa); - if ((i - RSA_PKCS1_PADDING) > j) - { - PK11err(PK11_F_RSA_VERIFY, PK11_R_DIGEST_TOO_BIG); - goto err; - } - - if (type != NID_md5_sha1) - { - s = (unsigned char *)OPENSSL_malloc((unsigned int)(j + 1)); - if (s == NULL) - { - PK11err(PK11_F_RSA_VERIFY, PK11_R_MALLOC_FAILURE); - goto err; - } - p = s; - (void) i2d_X509_SIG(&sig, &p); - } - - if ((sp = pk11_get_session(OP_RSA)) == NULL) - goto err; - - (void) pk11_check_new_rsa_key_pub(sp, rsa); - - h_pub_key = sp->opdata_rsa_pub_key; - if (h_pub_key == CK_INVALID_HANDLE) - h_pub_key = sp->opdata_rsa_pub_key = - pk11_get_public_rsa_key((RSA *)rsa, sp); - - if (h_pub_key != CK_INVALID_HANDLE) - { - rv = pFuncList->C_VerifyInit(sp->session, p_mech, - h_pub_key); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_RSA_VERIFY, PK11_R_VERIFYINIT, - rv); - goto err; - } - rv = pFuncList->C_Verify(sp->session, s, i, - (CK_BYTE_PTR)sigbuf, (CK_ULONG)siglen); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_RSA_VERIFY, PK11_R_VERIFY, rv); - goto err; - } - ret = 1; - } - -err: - if (type != NID_md5_sha1) - { - (void) memset(s, 0, (unsigned int)siglen); - OPENSSL_free(s); - } - - pk11_return_session(sp, OP_RSA); - return (ret); - } - -#define MAXATTR 1024 -/* - * Load RSA private key from a file or get its PKCS#11 handle if stored in the - * PKCS#11 token. - */ -/* ARGSUSED */ -EVP_PKEY *pk11_load_privkey(ENGINE* e, const char *privkey_id, - UI_METHOD *ui_method, void *callback_data) - { - EVP_PKEY *pkey = NULL; - FILE *privkey; - CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE; - RSA *rsa = NULL; - PK11_SESSION *sp; - /* Anything else below is needed for the key by reference extension. */ - const char *file; - int ret; - pkcs11_uri uri_struct; - CK_RV rv; - CK_BBOOL is_token = CK_TRUE; - CK_BBOOL rollback = CK_FALSE; - CK_BYTE attr_data[8][MAXATTR]; - CK_OBJECT_CLASS key_class = CKO_PRIVATE_KEY; - CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */ - - /* We look for private keys only. */ - CK_ATTRIBUTE search_templ[] = - { - {CKA_TOKEN, &is_token, sizeof (is_token)}, - {CKA_CLASS, &key_class, sizeof (key_class)}, - {CKA_LABEL, NULL, 0} - }; - - /* - * These public attributes are needed to initialize the OpenSSL RSA - * structure with something we can use to look up the key. Note that we - * never ask for private components. - */ - CK_ATTRIBUTE get_templ[] = - { - {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */ - {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */ - }; - - if ((sp = pk11_get_session(OP_RSA)) == NULL) - return (NULL); - - /* - * The next function will decide whether we are going to access keys in - * the token or read them from plain files. It all depends on what is in - * the 'privkey_id' parameter. - */ - ret = pk11_process_pkcs11_uri(privkey_id, &uri_struct, &file); - - if (ret == 0) - goto err; - - /* We will try to access a key from a PKCS#11 token. */ - if (ret == 1) - { - if (pk11_check_token_attrs(&uri_struct) == 0) - goto err; - - search_templ[2].pValue = uri_struct.object; - search_templ[2].ulValueLen = strlen(search_templ[2].pValue); - - if (pk11_token_login(sp->session, &pk11_login_done, - &uri_struct, CK_TRUE) == 0) - goto err; - - /* - * Now let's try to find the key in the token. It is a failure - * if we can't find it. - */ - if (find_one_object(OP_RSA, sp->session, search_templ, 3, - &ks_key) == 0) - goto err; - - /* - * Free the structure now. Note that we use uri_struct's field - * directly in the template so we cannot free it until the find - * is done. - */ - pk11_free_pkcs11_uri(&uri_struct, 0); - - /* - * We might have a cache hit which we could confirm according to - * the 'n'/'e' params, RSA public pointer as NULL, and non-NULL - * RSA private pointer. However, it is easier just to recreate - * everything. We expect the keys to be loaded once and used - * many times. We do not check the return value because even in - * case of failure the sp structure will have both key pointer - * and object handle cleaned and pk11_destroy_object() reports - * the failure to the OpenSSL error message buffer. - */ - (void) pk11_destroy_rsa_object_priv(sp, CK_TRUE); - - sp->opdata_rsa_priv_key = ks_key; - /* This object shall not be deleted on a cache miss. */ - sp->persistent = CK_TRUE; - - if ((rsa = sp->opdata_rsa_priv = RSA_new_method(e)) == NULL) - goto err; - - if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key, - get_templ, 2)) != CKR_OK) - { - PK11err_add_data(PK11_F_LOAD_PRIVKEY, - PK11_R_GETATTRIBUTVALUE, rv); - goto err; - } - - /* - * Cache the RSA private structure pointer. We do not use it now - * for key-by-ref keys but let's do it for consistency reasons. - */ - sp->opdata_rsa_priv = rsa; - - /* - * We do not use pk11_get_private_rsa_key() here so we must take - * care of handle management ourselves. - */ - KEY_HANDLE_REFHOLD(ks_key, OP_RSA, CK_FALSE, rollback, err); - - /* - * Those are the sensitive components we do not want to export - * from the token at all: rsa->(d|p|q|dmp1|dmq1|iqmp). - */ - attr_to_BN(&get_templ[0], attr_data[0], &rsa->n); - attr_to_BN(&get_templ[1], attr_data[1], &rsa->e); - /* - * Must have 'n'/'e' components in the session structure as - * well. They serve as a public look-up key for the private key - * in the keystore. - */ - attr_to_BN(&get_templ[0], attr_data[0], &sp->opdata_rsa_n_num); - attr_to_BN(&get_templ[1], attr_data[1], &sp->opdata_rsa_e_num); - - if ((pkey = EVP_PKEY_new()) == NULL) - goto err; - - if (EVP_PKEY_set1_RSA(pkey, rsa) == 0) - goto err; - } - else - if ((privkey = fopen(file, read_mode_flags)) != NULL) - { - pkey = PEM_read_PrivateKey(privkey, NULL, NULL, NULL); - (void) fclose(privkey); - if (pkey != NULL) - { - rsa = EVP_PKEY_get1_RSA(pkey); - if (rsa != NULL) - { - (void) pk11_check_new_rsa_key_priv(sp, - rsa); - - h_priv_key = sp->opdata_rsa_priv_key = - pk11_get_private_rsa_key(rsa, sp); - if (h_priv_key == CK_INVALID_HANDLE) - goto err; - } - else - goto err; - } - } - - pk11_return_session(sp, OP_RSA); - return (pkey); -err: - if (rsa != NULL) - RSA_free(rsa); - if (pkey != NULL) - { - EVP_PKEY_free(pkey); - pkey = NULL; - } - return (pkey); - } - -/* Load RSA public key from a file or load it from the PKCS#11 token. */ -/* ARGSUSED */ -EVP_PKEY *pk11_load_pubkey(ENGINE* e, const char *pubkey_id, - UI_METHOD *ui_method, void *callback_data) - { - EVP_PKEY *pkey = NULL; - FILE *pubkey; - CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE; - RSA *rsa = NULL; - PK11_SESSION *sp; - /* everything else below needed for key by reference extension */ - int ret; - const char *file; - pkcs11_uri uri_struct; - CK_RV rv; - CK_BBOOL is_token = CK_TRUE; - CK_BYTE attr_data[2][MAXATTR]; - CK_OBJECT_CLASS key_class = CKO_PUBLIC_KEY; - CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */ - - CK_ATTRIBUTE search_templ[] = - { - {CKA_TOKEN, &is_token, sizeof (is_token)}, - {CKA_CLASS, &key_class, sizeof (key_class)}, - {CKA_LABEL, NULL, 0} - }; - - /* - * These public attributes are needed to initialize OpenSSL RSA - * structure with something we can use to look up the key. - */ - CK_ATTRIBUTE get_templ[] = - { - {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */ - {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */ - }; - - if ((sp = pk11_get_session(OP_RSA)) == NULL) - return (NULL); - - ret = pk11_process_pkcs11_uri(pubkey_id, &uri_struct, &file); - - if (ret == 0) - goto err; - - if (ret == 1) - { - if (pk11_check_token_attrs(&uri_struct) == 0) - goto err; - - search_templ[2].pValue = uri_struct.object; - search_templ[2].ulValueLen = strlen(search_templ[2].pValue); - - if (pk11_token_login(sp->session, &pk11_login_done, - &uri_struct, CK_FALSE) == 0) - goto err; - - if (find_one_object(OP_RSA, sp->session, search_templ, 3, - &ks_key) == 0) - { - goto err; - } - - /* - * Free the structure now. Note that we use uri_struct's field - * directly in the template so we can't free until find is done. - */ - pk11_free_pkcs11_uri(&uri_struct, 0); - /* - * We load a new public key so we will create a new RSA - * structure. No cache hit is possible. - */ - (void) pk11_destroy_rsa_object_pub(sp, CK_TRUE); - sp->opdata_rsa_pub_key = ks_key; - - if ((rsa = sp->opdata_rsa_pub = RSA_new_method(e)) == NULL) - goto err; - - if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key, - get_templ, 2)) != CKR_OK) - { - PK11err_add_data(PK11_F_LOAD_PUBKEY, - PK11_R_GETATTRIBUTVALUE, rv); - goto err; - } - - /* - * Cache the RSA public structure pointer. - */ - sp->opdata_rsa_pub = rsa; - - /* - * These are the sensitive components we do not want to export - * from the token at all: rsa->(d|p|q|dmp1|dmq1|iqmp). - */ - attr_to_BN(&get_templ[0], attr_data[0], &rsa->n); - attr_to_BN(&get_templ[1], attr_data[1], &rsa->e); - - if ((pkey = EVP_PKEY_new()) == NULL) - goto err; - - if (EVP_PKEY_set1_RSA(pkey, rsa) == 0) - goto err; - - /* - * Create a session object from it so that when calling - * pk11_get_public_rsa_key() the next time, we can find it. The - * reason why we do that is that we cannot tell from the RSA - * structure (OpenSSL RSA structure does not have any room for - * additional data used by the engine, for example) if it bears - * a public key stored in the keystore or not so it's better if - * we always have a session key. Note that this is different - * from what we do for the private keystore objects but in that - * case, we can tell from the RSA structure that the keystore - * object is in play - the 'd' component is NULL in that case. - */ - h_pub_key = sp->opdata_rsa_pub_key = - pk11_get_public_rsa_key(rsa, sp); - if (h_pub_key == CK_INVALID_HANDLE) - goto err; - } - else - if ((pubkey = fopen(file, read_mode_flags)) != NULL) - { - pkey = PEM_read_PUBKEY(pubkey, NULL, NULL, NULL); - (void) fclose(pubkey); - if (pkey != NULL) - { - rsa = EVP_PKEY_get1_RSA(pkey); - if (rsa != NULL) - { - /* - * This will always destroy the RSA - * object since we have a new RSA - * structure here. - */ - (void) pk11_check_new_rsa_key_pub(sp, - rsa); - - h_pub_key = sp->opdata_rsa_pub_key = - pk11_get_public_rsa_key(rsa, sp); - if (h_pub_key == CK_INVALID_HANDLE) - { - EVP_PKEY_free(pkey); - pkey = NULL; - } - } - else - { - EVP_PKEY_free(pkey); - pkey = NULL; - } - } - } - - pk11_return_session(sp, OP_RSA); - return (pkey); -err: - if (rsa != NULL) - RSA_free(rsa); - if (pkey != NULL) - { - EVP_PKEY_free(pkey); - pkey = NULL; - } - return (pkey); - } - -/* - * Get a public key object in a session from a given rsa structure. If the - * PKCS#11 session object already exists it is found, reused, and - * the counter in the active object list incremented. If not found, a new - * session object is created and put also onto the active object list. - * - * We use the session field from sp, and we cache rsa->(n|e) in - * opdata_rsa_(n|e|d)_num, respectively. - */ -static CK_OBJECT_HANDLE -pk11_get_public_rsa_key(RSA* rsa, PK11_SESSION *sp) - { - CK_RV rv; - CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE; - CK_ULONG found; - CK_OBJECT_CLASS o_key = CKO_PUBLIC_KEY; - CK_KEY_TYPE k_type = CKK_RSA; - CK_ULONG ul_key_attr_count = 7; - CK_BBOOL rollback = CK_FALSE; - - CK_ATTRIBUTE a_key_template[] = - { - {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)}, - {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)}, - {CKA_TOKEN, &pk11_false, sizeof (pk11_false)}, - {CKA_ENCRYPT, &pk11_true, sizeof (pk11_true)}, - {CKA_VERIFY_RECOVER, &pk11_true, sizeof (pk11_true)}, - {CKA_MODULUS, (void *)NULL, 0}, - {CKA_PUBLIC_EXPONENT, (void *)NULL, 0} - }; - - int i; - - a_key_template[0].pValue = &o_key; - a_key_template[1].pValue = &k_type; - - a_key_template[5].ulValueLen = BN_num_bytes(rsa->n); - a_key_template[5].pValue = (CK_VOID_PTR)OPENSSL_malloc( - (size_t)a_key_template[5].ulValueLen); - if (a_key_template[5].pValue == NULL) - { - PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE); - goto malloc_err; - } - - BN_bn2bin(rsa->n, a_key_template[5].pValue); - - a_key_template[6].ulValueLen = BN_num_bytes(rsa->e); - a_key_template[6].pValue = (CK_VOID_PTR)OPENSSL_malloc( - (size_t)a_key_template[6].ulValueLen); - if (a_key_template[6].pValue == NULL) - { - PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE); - goto malloc_err; - } - - BN_bn2bin(rsa->e, a_key_template[6].pValue); - - /* see find_lock array definition for more info on object locking */ - LOCK_OBJSTORE(OP_RSA); - - rv = pFuncList->C_FindObjectsInit(sp->session, a_key_template, - ul_key_attr_count); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_GET_PUB_RSA_KEY, - PK11_R_FINDOBJECTSINIT, rv); - goto err; - } - - rv = pFuncList->C_FindObjects(sp->session, &h_key, 1, &found); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_GET_PUB_RSA_KEY, - PK11_R_FINDOBJECTS, rv); - goto err; - } - - rv = pFuncList->C_FindObjectsFinal(sp->session); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_GET_PUB_RSA_KEY, - PK11_R_FINDOBJECTSFINAL, rv); - goto err; - } - - if (found == 0) - { - rv = pFuncList->C_CreateObject(sp->session, - a_key_template, ul_key_attr_count, &h_key); - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_GET_PUB_RSA_KEY, - PK11_R_CREATEOBJECT, rv); - goto err; - } - } - - if ((sp->opdata_rsa_n_num = BN_dup(rsa->n)) == NULL) - { - PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE); - rollback = CK_TRUE; - goto err; - } - - if ((sp->opdata_rsa_e_num = BN_dup(rsa->e)) == NULL) - { - PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE); - BN_free(sp->opdata_rsa_n_num); - sp->opdata_rsa_n_num = NULL; - rollback = CK_TRUE; - goto err; - } - - /* LINTED: E_CONSTANT_CONDITION */ - KEY_HANDLE_REFHOLD(h_key, OP_RSA, CK_FALSE, rollback, err); - sp->opdata_rsa_pub = rsa; - -err: - if (rollback) - { - /* - * We do not care about the return value from C_DestroyObject() - * since we are doing rollback. - */ - if (found == 0) - (void) pFuncList->C_DestroyObject(sp->session, h_key); - h_key = CK_INVALID_HANDLE; - } - - UNLOCK_OBJSTORE(OP_RSA); - -malloc_err: - for (i = 5; i <= 6; i++) - { - if (a_key_template[i].pValue != NULL) - { - OPENSSL_free(a_key_template[i].pValue); - a_key_template[i].pValue = NULL; - } - } - - return (h_key); - } - -/* - * Function similar to pk11_get_public_rsa_key(). In addition to 'n' and 'e' - * components, it also caches 'd' if present. Note that if RSA keys by reference - * are used, 'd' is never extracted from the token in which case it would be - * NULL here. - */ -static CK_OBJECT_HANDLE -pk11_get_private_rsa_key(RSA* rsa, PK11_SESSION *sp) - { - CK_RV rv; - CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE; - int i; - CK_ULONG found; - CK_OBJECT_CLASS o_key = CKO_PRIVATE_KEY; - CK_KEY_TYPE k_type = CKK_RSA; - CK_ULONG ul_key_attr_count = 14; - CK_BBOOL rollback = CK_FALSE; - - /* - * Both CKA_TOKEN and CKA_SENSITIVE have to be CK_FALSE for session keys - */ - CK_ATTRIBUTE a_key_template[] = - { - {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)}, - {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)}, - {CKA_TOKEN, &pk11_false, sizeof (pk11_false)}, - {CKA_SENSITIVE, &pk11_false, sizeof (pk11_false)}, - {CKA_DECRYPT, &pk11_true, sizeof (pk11_true)}, - {CKA_SIGN, &pk11_true, sizeof (pk11_true)}, - {CKA_MODULUS, (void *)NULL, 0}, - {CKA_PUBLIC_EXPONENT, (void *)NULL, 0}, - {CKA_PRIVATE_EXPONENT, (void *)NULL, 0}, - {CKA_PRIME_1, (void *)NULL, 0}, - {CKA_PRIME_2, (void *)NULL, 0}, - {CKA_EXPONENT_1, (void *)NULL, 0}, - {CKA_EXPONENT_2, (void *)NULL, 0}, - {CKA_COEFFICIENT, (void *)NULL, 0}, - }; - - a_key_template[0].pValue = &o_key; - a_key_template[1].pValue = &k_type; - - /* Put the private key components into the template */ - if (init_template_value(rsa->n, &a_key_template[6].pValue, - &a_key_template[6].ulValueLen) == 0 || - init_template_value(rsa->e, &a_key_template[7].pValue, - &a_key_template[7].ulValueLen) == 0 || - init_template_value(rsa->d, &a_key_template[8].pValue, - &a_key_template[8].ulValueLen) == 0 || - init_template_value(rsa->p, &a_key_template[9].pValue, - &a_key_template[9].ulValueLen) == 0 || - init_template_value(rsa->q, &a_key_template[10].pValue, - &a_key_template[10].ulValueLen) == 0 || - init_template_value(rsa->dmp1, &a_key_template[11].pValue, - &a_key_template[11].ulValueLen) == 0 || - init_template_value(rsa->dmq1, &a_key_template[12].pValue, - &a_key_template[12].ulValueLen) == 0 || - init_template_value(rsa->iqmp, &a_key_template[13].pValue, - &a_key_template[13].ulValueLen) == 0) - { - PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE); - goto malloc_err; - } - - /* see find_lock array definition for more info on object locking */ - LOCK_OBJSTORE(OP_RSA); - - /* - * We are getting the private key but the private 'd' component is NULL. - * That means this is key by reference RSA key. In that case, we can - * use only public components for searching for the private key handle. - */ - if (rsa->d == NULL) - { - ul_key_attr_count = 8; - /* - * We will perform the search in the token, not in the existing - * session keys. - */ - a_key_template[2].pValue = &pk11_true; - } - - rv = pFuncList->C_FindObjectsInit(sp->session, a_key_template, - ul_key_attr_count); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY, - PK11_R_FINDOBJECTSINIT, rv); - goto err; - } - - rv = pFuncList->C_FindObjects(sp->session, &h_key, 1, &found); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY, - PK11_R_FINDOBJECTS, rv); - goto err; - } - - rv = pFuncList->C_FindObjectsFinal(sp->session); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY, - PK11_R_FINDOBJECTSFINAL, rv); - goto err; - } - - if (found == 0) - { - /* - * We have an RSA structure with 'n'/'e' components only so we - * tried to find the private key in the keystore. If it was - * really a token key we have a problem. Note that for other key - * types we just create a new session key using the private - * components from the RSA structure. - */ - if (rsa->d == NULL) - { - PK11err(PK11_F_GET_PRIV_RSA_KEY, - PK11_R_PRIV_KEY_NOT_FOUND); - goto err; - } - - rv = pFuncList->C_CreateObject(sp->session, - a_key_template, ul_key_attr_count, &h_key); - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY, - PK11_R_CREATEOBJECT, rv); - goto err; - } - } - - /* - * When RSA keys by reference code is used, we never extract private - * components from the keystore. In that case 'd' was set to NULL and we - * expect the application to properly cope with that. It is documented - * in openssl(5). In general, if keys by reference are used we expect it - * to be used exclusively using the high level API and then there is no - * problem. If the application expects the private components to be read - * from the keystore then that is not a supported way of usage. - */ - if (rsa->d != NULL) - { - if ((sp->opdata_rsa_d_num = BN_dup(rsa->d)) == NULL) - { - PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE); - rollback = CK_TRUE; - goto err; - } - } - else - sp->opdata_rsa_d_num = NULL; - - /* - * For the key by reference code, we need public components as well - * since 'd' component is always NULL. For that reason, we always cache - * 'n'/'e' components as well. - */ - if ((sp->opdata_rsa_n_num = BN_dup(rsa->n)) == NULL) - { - PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE); - sp->opdata_rsa_n_num = NULL; - rollback = CK_TRUE; - goto err; - } - if ((sp->opdata_rsa_e_num = BN_dup(rsa->e)) == NULL) - { - PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE); - BN_free(sp->opdata_rsa_n_num); - sp->opdata_rsa_n_num = NULL; - rollback = CK_TRUE; - goto err; - } - - /* LINTED: E_CONSTANT_CONDITION */ - KEY_HANDLE_REFHOLD(h_key, OP_RSA, CK_FALSE, rollback, err); - sp->opdata_rsa_priv = rsa; - -err: - if (rollback) - { - /* - * We do not care about the return value from C_DestroyObject() - * since we are doing rollback. - */ - if (found == 0) - (void) pFuncList->C_DestroyObject(sp->session, h_key); - h_key = CK_INVALID_HANDLE; - } - - UNLOCK_OBJSTORE(OP_RSA); - -malloc_err: - /* - * 6 to 13 entries in the key template are key components. - * They need to be freed upon exit or error. - */ - for (i = 6; i <= 13; i++) - { - if (a_key_template[i].pValue != NULL) - { - (void) memset(a_key_template[i].pValue, 0, - a_key_template[i].ulValueLen); - OPENSSL_free(a_key_template[i].pValue); - a_key_template[i].pValue = NULL; - } - } - - return (h_key); - } - -/* - * Check for cache miss. Objects are cleaned only if we have a full cache miss, - * meaning that it's a different RSA key pair. Return 1 for cache hit, 0 for - * cache miss. - */ -static int -pk11_check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa) - { - /* - * Provide protection against RSA structure reuse by making the - * check for cache hit stronger. Only public components of RSA - * key matter here so it is sufficient to compare them with values - * cached in PK11_SESSION structure. - * - * We must check the handle as well since with key by reference, public - * components 'n'/'e' are cached in private keys as well. That means we - * could have a cache hit in a private key when looking for a public - * key. That would not work, you cannot have one PKCS#11 object for - * both data signing and verifying. - */ - if (sp->opdata_rsa_pub == rsa && - BN_cmp(sp->opdata_rsa_n_num, rsa->n) == 0 && - BN_cmp(sp->opdata_rsa_e_num, rsa->e) == 0) - { - if (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE) - return (1); - else - /* - * No public key object yet but we have the right RSA - * structure with potentially existing private key - * object. We can just create a public object and move - * on with this session structure. - */ - return (0); - } - - /* - * A different RSA key pair was using this session structure previously - * or it's an empty structure. Destroy what we can. - */ - (void) pk11_destroy_rsa_object_pub(sp, CK_TRUE); - (void) pk11_destroy_rsa_object_priv(sp, CK_TRUE); - return (0); - } - -/* - * Check for cache miss. Objects are cleaned only if we have a full cache miss, - * meaning that it's a different RSA key pair. Return 1 for cache hit, 0 for - * cache miss. - */ -static int -pk11_check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa) - { - /* - * Provide protection against RSA structure reuse by making the - * check for cache hit stronger. Comparing public exponent of RSA - * key with value cached in PK11_SESSION structure should - * be sufficient. Note that we want to compare the public component - * since with the keys by reference mechanism, private components are - * not in the RSA structure. Also, see pk11_check_new_rsa_key_pub() - * about why we compare the handle as well. - */ - if (sp->opdata_rsa_priv == rsa && - BN_cmp(sp->opdata_rsa_n_num, rsa->n) == 0 && - BN_cmp(sp->opdata_rsa_e_num, rsa->e) == 0) - { - if (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE) - return (1); - else - /* - * No private key object yet but we have the right RSA - * structure with potentially existing public key - * object. We can just create a private object and move - * on with this session structure. - */ - return (0); - } - - /* - * A different RSA key pair was using this session structure previously - * or it's an empty structure. Destroy what we can. - */ - (void) pk11_destroy_rsa_object_priv(sp, CK_TRUE); - (void) pk11_destroy_rsa_object_pub(sp, CK_TRUE); - return (0); - } -#endif - -#ifndef OPENSSL_NO_DSA -/* The DSA function implementation */ -/* ARGSUSED */ -static int pk11_DSA_init(DSA *dsa) - { - return (1); - } - -/* ARGSUSED */ -static int pk11_DSA_finish(DSA *dsa) - { - return (1); - } - - -static DSA_SIG * -pk11_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) - { - BIGNUM *r = NULL, *s = NULL; - int i; - DSA_SIG *dsa_sig = NULL; - - CK_RV rv; - CK_MECHANISM Mechanism_dsa = {CKM_DSA, NULL, 0}; - CK_MECHANISM *p_mech = &Mechanism_dsa; - CK_OBJECT_HANDLE h_priv_key; - - /* - * The signature is the concatenation of r and s, - * each is 20 bytes long - */ - unsigned char sigret[DSA_SIGNATURE_LEN]; - unsigned long siglen = DSA_SIGNATURE_LEN; - unsigned int siglen2 = DSA_SIGNATURE_LEN / 2; - - PK11_SESSION *sp = NULL; - - if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL)) - { - PK11err(PK11_F_DSA_SIGN, PK11_R_MISSING_KEY_COMPONENT); - goto ret; - } - - i = BN_num_bytes(dsa->q); /* should be 20 */ - if (dlen > i) - { - PK11err(PK11_F_DSA_SIGN, PK11_R_INVALID_SIGNATURE_LENGTH); - goto ret; - } - - if ((sp = pk11_get_session(OP_DSA)) == NULL) - goto ret; - - (void) check_new_dsa_key_priv(sp, dsa); - - h_priv_key = sp->opdata_dsa_priv_key; - if (h_priv_key == CK_INVALID_HANDLE) - h_priv_key = sp->opdata_dsa_priv_key = - pk11_get_private_dsa_key((DSA *)dsa, - &sp->opdata_dsa_priv, - &sp->opdata_dsa_priv_num, sp->session); - - if (h_priv_key != CK_INVALID_HANDLE) - { - rv = pFuncList->C_SignInit(sp->session, p_mech, h_priv_key); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_DSA_SIGN, PK11_R_SIGNINIT, rv); - goto ret; - } - - (void) memset(sigret, 0, siglen); - rv = pFuncList->C_Sign(sp->session, - (unsigned char *) dgst, dlen, sigret, - (CK_ULONG_PTR) &siglen); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_DSA_SIGN, PK11_R_SIGN, rv); - goto ret; - } - } - - - if ((s = BN_new()) == NULL) - { - PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE); - goto ret; - } - - if ((r = BN_new()) == NULL) - { - PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE); - goto ret; - } - - if ((dsa_sig = DSA_SIG_new()) == NULL) - { - PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE); - goto ret; - } - - if (BN_bin2bn(sigret, siglen2, r) == NULL || - BN_bin2bn(&sigret[siglen2], siglen2, s) == NULL) - { - PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE); - goto ret; - } - - dsa_sig->r = r; - dsa_sig->s = s; - -ret: - if (dsa_sig == NULL) - { - if (r != NULL) - BN_free(r); - if (s != NULL) - BN_free(s); - } - - pk11_return_session(sp, OP_DSA); - return (dsa_sig); - } - -static int -pk11_dsa_do_verify(const unsigned char *dgst, int dlen, DSA_SIG *sig, - DSA *dsa) - { - int i; - CK_RV rv; - int retval = 0; - CK_MECHANISM Mechanism_dsa = {CKM_DSA, NULL, 0}; - CK_MECHANISM *p_mech = &Mechanism_dsa; - CK_OBJECT_HANDLE h_pub_key; - - unsigned char sigbuf[DSA_SIGNATURE_LEN]; - unsigned long siglen = DSA_SIGNATURE_LEN; - unsigned long siglen2 = DSA_SIGNATURE_LEN/2; - - PK11_SESSION *sp = NULL; - - if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0) - { - PK11err(PK11_F_DSA_VERIFY, - PK11_R_INVALID_DSA_SIGNATURE_R); - goto ret; - } - - if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0) - { - PK11err(PK11_F_DSA_VERIFY, - PK11_R_INVALID_DSA_SIGNATURE_S); - goto ret; - } - - i = BN_num_bytes(dsa->q); /* should be 20 */ - - if (dlen > i) - { - PK11err(PK11_F_DSA_VERIFY, - PK11_R_INVALID_SIGNATURE_LENGTH); - goto ret; - } - - if ((sp = pk11_get_session(OP_DSA)) == NULL) - goto ret; - - (void) check_new_dsa_key_pub(sp, dsa); - - h_pub_key = sp->opdata_dsa_pub_key; - if (h_pub_key == CK_INVALID_HANDLE) - h_pub_key = sp->opdata_dsa_pub_key = - pk11_get_public_dsa_key((DSA *)dsa, &sp->opdata_dsa_pub, - &sp->opdata_dsa_pub_num, sp->session); - - if (h_pub_key != CK_INVALID_HANDLE) - { - rv = pFuncList->C_VerifyInit(sp->session, p_mech, - h_pub_key); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_DSA_VERIFY, PK11_R_VERIFYINIT, - rv); - goto ret; - } - - /* - * The representation of each of the two big numbers could - * be shorter than DSA_SIGNATURE_LEN/2 bytes so we need - * to act accordingly and shift if necessary. - */ - (void) memset(sigbuf, 0, siglen); - BN_bn2bin(sig->r, sigbuf + siglen2 - BN_num_bytes(sig->r)); - BN_bn2bin(sig->s, &sigbuf[siglen2] + siglen2 - - BN_num_bytes(sig->s)); - - rv = pFuncList->C_Verify(sp->session, - (unsigned char *) dgst, dlen, sigbuf, (CK_ULONG)siglen); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_DSA_VERIFY, PK11_R_VERIFY, rv); - goto ret; - } - } - - retval = 1; -ret: - - pk11_return_session(sp, OP_DSA); - return (retval); - } - - -/* - * Create a public key object in a session from a given dsa structure. - * The *dsa_pub_num pointer is non-NULL for DSA public keys. - */ -static CK_OBJECT_HANDLE pk11_get_public_dsa_key(DSA* dsa, - DSA **key_ptr, BIGNUM **dsa_pub_num, CK_SESSION_HANDLE session) - { - CK_RV rv; - CK_OBJECT_CLASS o_key = CKO_PUBLIC_KEY; - CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE; - CK_ULONG found; - CK_KEY_TYPE k_type = CKK_DSA; - CK_ULONG ul_key_attr_count = 8; - CK_BBOOL rollback = CK_FALSE; - int i; - - CK_ATTRIBUTE a_key_template[] = - { - {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)}, - {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)}, - {CKA_TOKEN, &pk11_false, sizeof (pk11_false)}, - {CKA_VERIFY, &pk11_true, sizeof (pk11_true)}, - {CKA_PRIME, (void *)NULL, 0}, /* p */ - {CKA_SUBPRIME, (void *)NULL, 0}, /* q */ - {CKA_BASE, (void *)NULL, 0}, /* g */ - {CKA_VALUE, (void *)NULL, 0} /* pub_key - y */ - }; - - a_key_template[0].pValue = &o_key; - a_key_template[1].pValue = &k_type; - - if (init_template_value(dsa->p, &a_key_template[4].pValue, - &a_key_template[4].ulValueLen) == 0 || - init_template_value(dsa->q, &a_key_template[5].pValue, - &a_key_template[5].ulValueLen) == 0 || - init_template_value(dsa->g, &a_key_template[6].pValue, - &a_key_template[6].ulValueLen) == 0 || - init_template_value(dsa->pub_key, &a_key_template[7].pValue, - &a_key_template[7].ulValueLen) == 0) - { - PK11err(PK11_F_GET_PUB_DSA_KEY, PK11_R_MALLOC_FAILURE); - goto malloc_err; - } - - /* see find_lock array definition for more info on object locking */ - LOCK_OBJSTORE(OP_DSA); - rv = pFuncList->C_FindObjectsInit(session, a_key_template, - ul_key_attr_count); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_GET_PUB_DSA_KEY, - PK11_R_FINDOBJECTSINIT, rv); - goto err; - } - - rv = pFuncList->C_FindObjects(session, &h_key, 1, &found); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_GET_PUB_DSA_KEY, - PK11_R_FINDOBJECTS, rv); - goto err; - } - - rv = pFuncList->C_FindObjectsFinal(session); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_GET_PUB_DSA_KEY, - PK11_R_FINDOBJECTSFINAL, rv); - goto err; - } - - if (found == 0) - { - rv = pFuncList->C_CreateObject(session, - a_key_template, ul_key_attr_count, &h_key); - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_GET_PUB_DSA_KEY, - PK11_R_CREATEOBJECT, rv); - goto err; - } - } - - if (dsa_pub_num != NULL) - if ((*dsa_pub_num = BN_dup(dsa->pub_key)) == NULL) - { - PK11err(PK11_F_GET_PUB_DSA_KEY, PK11_R_MALLOC_FAILURE); - rollback = CK_TRUE; - goto err; - } - - /* LINTED: E_CONSTANT_CONDITION */ - KEY_HANDLE_REFHOLD(h_key, OP_DSA, CK_FALSE, rollback, err); - if (key_ptr != NULL) - *key_ptr = dsa; - -err: - if (rollback) - { - /* - * We do not care about the return value from C_DestroyObject() - * since we are doing rollback. - */ - if (found == 0) - (void) pFuncList->C_DestroyObject(session, h_key); - h_key = CK_INVALID_HANDLE; - } - - UNLOCK_OBJSTORE(OP_DSA); - -malloc_err: - for (i = 4; i <= 7; i++) - { - if (a_key_template[i].pValue != NULL) - { - OPENSSL_free(a_key_template[i].pValue); - a_key_template[i].pValue = NULL; - } - } - - return (h_key); - } - -/* - * Create a private key object in the session from a given dsa structure - * The *dsa_priv_num pointer is non-NULL for DSA private keys. - */ -static CK_OBJECT_HANDLE pk11_get_private_dsa_key(DSA* dsa, - DSA **key_ptr, BIGNUM **dsa_priv_num, CK_SESSION_HANDLE session) - { - CK_RV rv; - CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE; - CK_OBJECT_CLASS o_key = CKO_PRIVATE_KEY; - int i; - CK_ULONG found; - CK_KEY_TYPE k_type = CKK_DSA; - CK_ULONG ul_key_attr_count = 9; - CK_BBOOL rollback = CK_FALSE; - - /* - * Both CKA_TOKEN and CKA_SENSITIVE have to be CK_FALSE for session keys - */ - CK_ATTRIBUTE a_key_template[] = - { - {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)}, - {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)}, - {CKA_TOKEN, &pk11_false, sizeof (pk11_false)}, - {CKA_SENSITIVE, &pk11_false, sizeof (pk11_false)}, - {CKA_SIGN, &pk11_true, sizeof (pk11_true)}, - {CKA_PRIME, (void *)NULL, 0}, /* p */ - {CKA_SUBPRIME, (void *)NULL, 0}, /* q */ - {CKA_BASE, (void *)NULL, 0}, /* g */ - {CKA_VALUE, (void *)NULL, 0} /* priv_key - x */ - }; - - a_key_template[0].pValue = &o_key; - a_key_template[1].pValue = &k_type; - - /* Put the private key components into the template */ - if (init_template_value(dsa->p, &a_key_template[5].pValue, - &a_key_template[5].ulValueLen) == 0 || - init_template_value(dsa->q, &a_key_template[6].pValue, - &a_key_template[6].ulValueLen) == 0 || - init_template_value(dsa->g, &a_key_template[7].pValue, - &a_key_template[7].ulValueLen) == 0 || - init_template_value(dsa->priv_key, &a_key_template[8].pValue, - &a_key_template[8].ulValueLen) == 0) - { - PK11err(PK11_F_GET_PRIV_DSA_KEY, PK11_R_MALLOC_FAILURE); - goto malloc_err; - } - - /* see find_lock array definition for more info on object locking */ - LOCK_OBJSTORE(OP_DSA); - rv = pFuncList->C_FindObjectsInit(session, a_key_template, - ul_key_attr_count); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY, - PK11_R_FINDOBJECTSINIT, rv); - goto err; - } - - rv = pFuncList->C_FindObjects(session, &h_key, 1, &found); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY, - PK11_R_FINDOBJECTS, rv); - goto err; - } - - rv = pFuncList->C_FindObjectsFinal(session); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY, - PK11_R_FINDOBJECTSFINAL, rv); - goto err; - } - - if (found == 0) - { - rv = pFuncList->C_CreateObject(session, - a_key_template, ul_key_attr_count, &h_key); - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY, - PK11_R_CREATEOBJECT, rv); - goto err; - } - } - - if (dsa_priv_num != NULL) - if ((*dsa_priv_num = BN_dup(dsa->priv_key)) == NULL) - { - PK11err(PK11_F_GET_PRIV_DSA_KEY, PK11_R_MALLOC_FAILURE); - rollback = CK_TRUE; - goto err; - } - - /* LINTED: E_CONSTANT_CONDITION */ - KEY_HANDLE_REFHOLD(h_key, OP_DSA, CK_FALSE, rollback, err); - if (key_ptr != NULL) - *key_ptr = dsa; - -err: - if (rollback) - { - /* - * We do not care about the return value from C_DestroyObject() - * since we are doing rollback. - */ - if (found == 0) - (void) pFuncList->C_DestroyObject(session, h_key); - h_key = CK_INVALID_HANDLE; - } - - UNLOCK_OBJSTORE(OP_DSA); - -malloc_err: - /* - * 5 to 8 entries in the key template are key components. - * They need to be freed apon exit or error. - */ - for (i = 5; i <= 8; i++) - { - if (a_key_template[i].pValue != NULL) - { - (void) memset(a_key_template[i].pValue, 0, - a_key_template[i].ulValueLen); - OPENSSL_free(a_key_template[i].pValue); - a_key_template[i].pValue = NULL; - } - } - - return (h_key); - } - -/* - * Check for cache miss and clean the object pointer and handle - * in such case. Return 1 for cache hit, 0 for cache miss. - */ -static int check_new_dsa_key_pub(PK11_SESSION *sp, DSA *dsa) - { - /* - * Provide protection against DSA structure reuse by making the - * check for cache hit stronger. Only public key component of DSA - * key matters here so it is sufficient to compare it with value - * cached in PK11_SESSION structure. - */ - if ((sp->opdata_dsa_pub != dsa) || - (BN_cmp(sp->opdata_dsa_pub_num, dsa->pub_key) != 0)) - { - /* - * We do not check the return value because even in case of - * failure the sp structure will have both key pointer - * and object handle cleaned and pk11_destroy_object() - * reports the failure to the OpenSSL error message buffer. - */ - (void) pk11_destroy_dsa_object_pub(sp, CK_TRUE); - return (0); - } - return (1); - } - -/* - * Check for cache miss and clean the object pointer and handle - * in such case. Return 1 for cache hit, 0 for cache miss. - */ -static int check_new_dsa_key_priv(PK11_SESSION *sp, DSA *dsa) - { - /* - * Provide protection against DSA structure reuse by making the - * check for cache hit stronger. Only private key component of DSA - * key matters here so it is sufficient to compare it with value - * cached in PK11_SESSION structure. - */ - if ((sp->opdata_dsa_priv != dsa) || - (BN_cmp(sp->opdata_dsa_priv_num, dsa->priv_key) != 0)) - { - /* - * We do not check the return value because even in case of - * failure the sp structure will have both key pointer - * and object handle cleaned and pk11_destroy_object() - * reports the failure to the OpenSSL error message buffer. - */ - (void) pk11_destroy_dsa_object_priv(sp, CK_TRUE); - return (0); - } - return (1); - } -#endif - - -#ifndef OPENSSL_NO_DH -/* The DH function implementation */ -/* ARGSUSED */ -static int pk11_DH_init(DH *dh) - { - return (1); - } - -/* ARGSUSED */ -static int pk11_DH_finish(DH *dh) - { - return (1); - } - -/* - * Generate DH key-pair. - * - * Warning: Unlike OpenSSL's DH_generate_key(3) we ignore dh->priv_key - * and override it even if it is set. OpenSSL does not touch dh->priv_key - * if set and just computes dh->pub_key. It looks like PKCS#11 standard - * is not capable of providing this functionality. This could be a problem - * for applications relying on OpenSSL's semantics. - */ -static int pk11_DH_generate_key(DH *dh) - { - CK_ULONG i; - CK_RV rv, rv1; - int reuse_mem_len = 0, ret = 0; - PK11_SESSION *sp = NULL; - CK_BYTE_PTR reuse_mem; - - CK_MECHANISM mechanism = {CKM_DH_PKCS_KEY_PAIR_GEN, NULL_PTR, 0}; - CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE; - CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE; - - CK_ULONG ul_pub_key_attr_count = 3; - CK_ATTRIBUTE pub_key_template[] = - { - {CKA_PRIVATE, &pk11_false, sizeof (pk11_false)}, - {CKA_PRIME, (void *)NULL, 0}, - {CKA_BASE, (void *)NULL, 0} - }; - - CK_ULONG ul_priv_key_attr_count = 3; - CK_ATTRIBUTE priv_key_template[] = - { - {CKA_PRIVATE, &pk11_false, sizeof (pk11_false)}, - {CKA_SENSITIVE, &pk11_false, sizeof (pk11_false)}, - {CKA_DERIVE, &pk11_true, sizeof (pk11_true)} - }; - - CK_ULONG pub_key_attr_result_count = 1; - CK_ATTRIBUTE pub_key_result[] = - { - {CKA_VALUE, (void *)NULL, 0} - }; - - CK_ULONG priv_key_attr_result_count = 1; - CK_ATTRIBUTE priv_key_result[] = - { - {CKA_VALUE, (void *)NULL, 0} - }; - - pub_key_template[1].ulValueLen = BN_num_bytes(dh->p); - if (pub_key_template[1].ulValueLen > 0) - { - /* - * We must not increase ulValueLen by DH_BUF_RESERVE since that - * could cause the same rounding problem. See definition of - * DH_BUF_RESERVE above. - */ - pub_key_template[1].pValue = - OPENSSL_malloc(pub_key_template[1].ulValueLen + - DH_BUF_RESERVE); - if (pub_key_template[1].pValue == NULL) - { - PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE); - goto err; - } - - i = BN_bn2bin(dh->p, pub_key_template[1].pValue); - } - else - goto err; - - pub_key_template[2].ulValueLen = BN_num_bytes(dh->g); - if (pub_key_template[2].ulValueLen > 0) - { - pub_key_template[2].pValue = - OPENSSL_malloc(pub_key_template[2].ulValueLen + - DH_BUF_RESERVE); - if (pub_key_template[2].pValue == NULL) - { - PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE); - goto err; - } - - i = BN_bn2bin(dh->g, pub_key_template[2].pValue); - } - else - goto err; - - /* - * Note: we are only using PK11_SESSION structure for getting - * a session handle. The objects created in this function are - * destroyed before return and thus not cached. - */ - if ((sp = pk11_get_session(OP_DH)) == NULL) - goto err; - - rv = pFuncList->C_GenerateKeyPair(sp->session, - &mechanism, - pub_key_template, - ul_pub_key_attr_count, - priv_key_template, - ul_priv_key_attr_count, - &h_pub_key, - &h_priv_key); - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_DH_GEN_KEY, PK11_R_GEN_KEY, rv); - goto err; - } - - /* - * Reuse the larger memory allocated. We know the larger memory - * should be sufficient for reuse. - */ - if (pub_key_template[1].ulValueLen > pub_key_template[2].ulValueLen) - { - reuse_mem = pub_key_template[1].pValue; - reuse_mem_len = pub_key_template[1].ulValueLen + DH_BUF_RESERVE; - } - else - { - reuse_mem = pub_key_template[2].pValue; - reuse_mem_len = pub_key_template[2].ulValueLen + DH_BUF_RESERVE; - } - - rv = pFuncList->C_GetAttributeValue(sp->session, h_pub_key, - pub_key_result, pub_key_attr_result_count); - rv1 = pFuncList->C_GetAttributeValue(sp->session, h_priv_key, - priv_key_result, priv_key_attr_result_count); - - if (rv != CKR_OK || rv1 != CKR_OK) - { - rv = (rv != CKR_OK) ? rv : rv1; - PK11err_add_data(PK11_F_DH_GEN_KEY, - PK11_R_GETATTRIBUTVALUE, rv); - goto err; - } - - if (((CK_LONG) pub_key_result[0].ulValueLen) <= 0 || - ((CK_LONG) priv_key_result[0].ulValueLen) <= 0) - { - PK11err(PK11_F_DH_GEN_KEY, PK11_R_GETATTRIBUTVALUE); - goto err; - } - - /* Reuse the memory allocated */ - pub_key_result[0].pValue = reuse_mem; - pub_key_result[0].ulValueLen = reuse_mem_len; - - rv = pFuncList->C_GetAttributeValue(sp->session, h_pub_key, - pub_key_result, pub_key_attr_result_count); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_DH_GEN_KEY, - PK11_R_GETATTRIBUTVALUE, rv); - goto err; - } - - if (pub_key_result[0].type == CKA_VALUE) - { - if (dh->pub_key == NULL) - if ((dh->pub_key = BN_new()) == NULL) - { - PK11err(PK11_F_DH_GEN_KEY, - PK11_R_MALLOC_FAILURE); - goto err; - } - dh->pub_key = BN_bin2bn(pub_key_result[0].pValue, - pub_key_result[0].ulValueLen, dh->pub_key); - if (dh->pub_key == NULL) - { - PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE); - goto err; - } - } - - /* Reuse the memory allocated */ - priv_key_result[0].pValue = reuse_mem; - priv_key_result[0].ulValueLen = reuse_mem_len; - - rv = pFuncList->C_GetAttributeValue(sp->session, h_priv_key, - priv_key_result, priv_key_attr_result_count); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_DH_GEN_KEY, - PK11_R_GETATTRIBUTVALUE, rv); - goto err; - } - - if (priv_key_result[0].type == CKA_VALUE) - { - if (dh->priv_key == NULL) - if ((dh->priv_key = BN_new()) == NULL) - { - PK11err(PK11_F_DH_GEN_KEY, - PK11_R_MALLOC_FAILURE); - goto err; - } - dh->priv_key = BN_bin2bn(priv_key_result[0].pValue, - priv_key_result[0].ulValueLen, dh->priv_key); - if (dh->priv_key == NULL) - { - PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE); - goto err; - } - } - - ret = 1; - -err: - - if (h_pub_key != CK_INVALID_HANDLE) - { - rv = pFuncList->C_DestroyObject(sp->session, h_pub_key); - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_DH_GEN_KEY, - PK11_R_DESTROYOBJECT, rv); - } - } - - if (h_priv_key != CK_INVALID_HANDLE) - { - rv = pFuncList->C_DestroyObject(sp->session, h_priv_key); - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_DH_GEN_KEY, - PK11_R_DESTROYOBJECT, rv); - } - } - - for (i = 1; i <= 2; i++) - { - if (pub_key_template[i].pValue != NULL) - { - OPENSSL_free(pub_key_template[i].pValue); - pub_key_template[i].pValue = NULL; - } - } - - pk11_return_session(sp, OP_DH); - return (ret); - } - -static int pk11_DH_compute_key(unsigned char *key, const BIGNUM *pub_key, - DH *dh) - { - int i; - CK_MECHANISM mechanism = {CKM_DH_PKCS_DERIVE, NULL_PTR, 0}; - CK_OBJECT_CLASS key_class = CKO_SECRET_KEY; - CK_KEY_TYPE key_type = CKK_GENERIC_SECRET; - CK_OBJECT_HANDLE h_derived_key = CK_INVALID_HANDLE; - CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE; - - CK_ULONG ul_priv_key_attr_count = 2; - CK_ATTRIBUTE priv_key_template[] = - { - {CKA_CLASS, (void*) NULL, sizeof (key_class)}, - {CKA_KEY_TYPE, (void*) NULL, sizeof (key_type)}, - }; - - CK_ULONG priv_key_attr_result_count = 1; - CK_ATTRIBUTE priv_key_result[] = - { - {CKA_VALUE, (void *)NULL, 0} - }; - - CK_RV rv; - int ret = -1; - PK11_SESSION *sp = NULL; - - if (dh->priv_key == NULL) - goto err; - - priv_key_template[0].pValue = &key_class; - priv_key_template[1].pValue = &key_type; - - if ((sp = pk11_get_session(OP_DH)) == NULL) - goto err; - - mechanism.ulParameterLen = BN_num_bytes(pub_key); - mechanism.pParameter = OPENSSL_malloc(mechanism.ulParameterLen); - if (mechanism.pParameter == NULL) - { - PK11err(PK11_F_DH_COMP_KEY, PK11_R_MALLOC_FAILURE); - goto err; - } - BN_bn2bin(pub_key, mechanism.pParameter); - - (void) check_new_dh_key(sp, dh); - - h_key = sp->opdata_dh_key; - if (h_key == CK_INVALID_HANDLE) - h_key = sp->opdata_dh_key = - pk11_get_dh_key((DH*) dh, &sp->opdata_dh, - &sp->opdata_dh_priv_num, sp->session); - - if (h_key == CK_INVALID_HANDLE) - { - PK11err(PK11_F_DH_COMP_KEY, PK11_R_CREATEOBJECT); - goto err; - } - - rv = pFuncList->C_DeriveKey(sp->session, - &mechanism, - h_key, - priv_key_template, - ul_priv_key_attr_count, - &h_derived_key); - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_DERIVEKEY, rv); - goto err; - } - - rv = pFuncList->C_GetAttributeValue(sp->session, h_derived_key, - priv_key_result, priv_key_attr_result_count); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE, - rv); - goto err; - } - - if (((CK_LONG) priv_key_result[0].ulValueLen) <= 0) - { - PK11err(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE); - goto err; - } - priv_key_result[0].pValue = - OPENSSL_malloc(priv_key_result[0].ulValueLen); - if (!priv_key_result[0].pValue) - { - PK11err(PK11_F_DH_COMP_KEY, PK11_R_MALLOC_FAILURE); - goto err; - } - - rv = pFuncList->C_GetAttributeValue(sp->session, h_derived_key, - priv_key_result, priv_key_attr_result_count); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE, - rv); - goto err; - } - - /* - * OpenSSL allocates the output buffer 'key' which is the same - * length of the public key. It is long enough for the derived key - */ - if (priv_key_result[0].type == CKA_VALUE) - { - /* - * CKM_DH_PKCS_DERIVE mechanism is not supposed to strip - * leading zeros from a computed shared secret. However, - * OpenSSL always did it so we must do the same here. The - * vagueness of the spec regarding leading zero bytes was - * finally cleared with TLS 1.1 (RFC 4346) saying that leading - * zeros are stripped before the computed data is used as the - * pre-master secret. - */ - for (i = 0; i < priv_key_result[0].ulValueLen; ++i) - { - if (((char *)priv_key_result[0].pValue)[i] != 0) - break; - } - - (void) memcpy(key, ((char *)priv_key_result[0].pValue) + i, - priv_key_result[0].ulValueLen - i); - ret = priv_key_result[0].ulValueLen - i; - } - -err: - - if (h_derived_key != CK_INVALID_HANDLE) - { - rv = pFuncList->C_DestroyObject(sp->session, h_derived_key); - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_DH_COMP_KEY, - PK11_R_DESTROYOBJECT, rv); - } - } - if (priv_key_result[0].pValue) - { - OPENSSL_free(priv_key_result[0].pValue); - priv_key_result[0].pValue = NULL; - } - - if (mechanism.pParameter) - { - OPENSSL_free(mechanism.pParameter); - mechanism.pParameter = NULL; - } - - pk11_return_session(sp, OP_DH); - return (ret); - } - - -static CK_OBJECT_HANDLE pk11_get_dh_key(DH* dh, - DH **key_ptr, BIGNUM **dh_priv_num, CK_SESSION_HANDLE session) - { - CK_RV rv; - CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE; - CK_OBJECT_CLASS class = CKO_PRIVATE_KEY; - CK_KEY_TYPE key_type = CKK_DH; - CK_ULONG found; - CK_BBOOL rollback = CK_FALSE; - int i; - - CK_ULONG ul_key_attr_count = 7; - CK_ATTRIBUTE key_template[] = - { - {CKA_CLASS, (void*) NULL, sizeof (class)}, - {CKA_KEY_TYPE, (void*) NULL, sizeof (key_type)}, - {CKA_DERIVE, &pk11_true, sizeof (pk11_true)}, - {CKA_PRIVATE, &pk11_false, sizeof (pk11_false)}, - {CKA_PRIME, (void *) NULL, 0}, - {CKA_BASE, (void *) NULL, 0}, - {CKA_VALUE, (void *) NULL, 0}, - }; - - key_template[0].pValue = &class; - key_template[1].pValue = &key_type; - - key_template[4].ulValueLen = BN_num_bytes(dh->p); - key_template[4].pValue = (CK_VOID_PTR)OPENSSL_malloc( - (size_t)key_template[4].ulValueLen); - if (key_template[4].pValue == NULL) - { - PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE); - goto malloc_err; - } - - BN_bn2bin(dh->p, key_template[4].pValue); - - key_template[5].ulValueLen = BN_num_bytes(dh->g); - key_template[5].pValue = (CK_VOID_PTR)OPENSSL_malloc( - (size_t)key_template[5].ulValueLen); - if (key_template[5].pValue == NULL) - { - PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE); - goto malloc_err; - } - - BN_bn2bin(dh->g, key_template[5].pValue); - - key_template[6].ulValueLen = BN_num_bytes(dh->priv_key); - key_template[6].pValue = (CK_VOID_PTR)OPENSSL_malloc( - (size_t)key_template[6].ulValueLen); - if (key_template[6].pValue == NULL) - { - PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE); - goto malloc_err; - } - - BN_bn2bin(dh->priv_key, key_template[6].pValue); - - /* see find_lock array definition for more info on object locking */ - LOCK_OBJSTORE(OP_DH); - rv = pFuncList->C_FindObjectsInit(session, key_template, - ul_key_attr_count); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTSINIT, rv); - goto err; - } - - rv = pFuncList->C_FindObjects(session, &h_key, 1, &found); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTS, rv); - goto err; - } - - rv = pFuncList->C_FindObjectsFinal(session); - - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTSFINAL, - rv); - goto err; - } - - if (found == 0) - { - rv = pFuncList->C_CreateObject(session, - key_template, ul_key_attr_count, &h_key); - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_CREATEOBJECT, - rv); - goto err; - } - } - - if (dh_priv_num != NULL) - if ((*dh_priv_num = BN_dup(dh->priv_key)) == NULL) - { - PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE); - rollback = CK_TRUE; - goto err; - } - - /* LINTED: E_CONSTANT_CONDITION */ - KEY_HANDLE_REFHOLD(h_key, OP_DH, CK_FALSE, rollback, err); - if (key_ptr != NULL) - *key_ptr = dh; - -err: - if (rollback) - { - /* - * We do not care about the return value from C_DestroyObject() - * since we are doing rollback. - */ - if (found == 0) - (void) pFuncList->C_DestroyObject(session, h_key); - h_key = CK_INVALID_HANDLE; - } - - UNLOCK_OBJSTORE(OP_DH); - -malloc_err: - for (i = 4; i <= 6; i++) - { - if (key_template[i].pValue != NULL) - { - OPENSSL_free(key_template[i].pValue); - key_template[i].pValue = NULL; - } - } - - return (h_key); - } - -/* - * Check for cache miss and clean the object pointer and handle - * in such case. Return 1 for cache hit, 0 for cache miss. - * - * Note: we rely on pk11_destroy_dh_key_objects() to set sp->opdata_dh - * to CK_INVALID_HANDLE even when it fails to destroy the object. - */ -static int check_new_dh_key(PK11_SESSION *sp, DH *dh) - { - /* - * Provide protection against DH structure reuse by making the - * check for cache hit stronger. Private key component of DH key - * is unique so it is sufficient to compare it with value cached - * in PK11_SESSION structure. - */ - if ((sp->opdata_dh != dh) || - (BN_cmp(sp->opdata_dh_priv_num, dh->priv_key) != 0)) - { - /* - * We do not check the return value because even in case of - * failure the sp structure will have both key pointer - * and object handle cleaned and pk11_destroy_object() - * reports the failure to the OpenSSL error message buffer. - */ - (void) pk11_destroy_dh_object(sp, CK_TRUE); - return (0); - } - return (1); - } -#endif - -/* - * Local function to simplify key template population - * Return 0 -- error, 1 -- no error - */ -static int -init_template_value(BIGNUM *bn, CK_VOID_PTR *p_value, - CK_ULONG *ul_value_len) - { - CK_ULONG len; - - /* - * This function can be used on non-initialized BIGNUMs. It is easier to - * check that here than individually in the callers. - */ - if (bn != NULL) - len = BN_num_bytes(bn); - - if (bn == NULL || len == 0) - return (1); - - *ul_value_len = len; - *p_value = (CK_VOID_PTR)OPENSSL_malloc((size_t)*ul_value_len); - if (*p_value == NULL) - return (0); - - BN_bn2bin(bn, *p_value); - - return (1); - } - -static void -attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn) - { - if (attr->ulValueLen > 0) - *bn = BN_bin2bn(attr_data, attr->ulValueLen, NULL); - } - -/* - * Find one object in the token. It is an error if we can not find the object or - * if we find more objects based on the template we got. - * - * Returns: - * 1 OK - * 0 no object or more than 1 object found - */ -static int -find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s, - CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey) - { - CK_RV rv; - CK_ULONG objcnt; - - LOCK_OBJSTORE(op); - if ((rv = pFuncList->C_FindObjectsInit(s, ptempl, nattr)) != CKR_OK) - { - PK11err_add_data(PK11_F_FIND_ONE_OBJECT, - PK11_R_FINDOBJECTSINIT, rv); - goto err; - } - - rv = pFuncList->C_FindObjects(s, pkey, 1, &objcnt); - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_FIND_ONE_OBJECT, PK11_R_FINDOBJECTS, - rv); - goto err; - } - - if (objcnt > 1) - { - PK11err(PK11_F_FIND_ONE_OBJECT, - PK11_R_MORE_THAN_ONE_OBJECT_FOUND); - goto err; - } - else - if (objcnt == 0) - { - PK11err(PK11_F_FIND_ONE_OBJECT, PK11_R_NO_OBJECT_FOUND); - goto err; - } - - (void) pFuncList->C_FindObjectsFinal(s); - UNLOCK_OBJSTORE(op); - return (1); -err: - UNLOCK_OBJSTORE(op); - return (0); - } - -/* - * OpenSSL 1.0.0 introduced ENGINE API for the PKEY EVP functions. Sadly, - * "openssl dgst -dss1 ..." now uses a new function EVP_DigestSignInit() which - * internally needs a PKEY method for DSA even when in the engine. So, to avoid - * a regression when moving from 0.9.8 to 1.0.0, we use an internal OpenSSL - * structure for the DSA PKEY methods to make it work. It is a future project to - * make it work with HW acceleration. - * - * Note that at the time of 1.0.0d release there is no documentation as to how - * the PKEY EVP functions are to be implemented in an engine. There is only one - * engine shipped with 1.0.0d that uses the PKEY EVP methods, the GOST engine. - * It was used as an example when fixing the above mentioned regression problem. - */ -int -pk11_engine_pkey_methods(ENGINE *e, EVP_PKEY_METHOD **pmeth, const int **nids, - int nid) - { - if (pmeth == NULL) - { - *nids = pk11_pkey_meth_nids; - return (1); - } - - switch (nid) - { - case NID_dsa: - *pmeth = (EVP_PKEY_METHOD *)EVP_PKEY_meth_find(nid); - return (1); - } - - /* Error branch. */ - *pmeth = NULL; - return (0); - } - -#endif /* OPENSSL_NO_HW_PK11 */ -#endif /* OPENSSL_NO_HW */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/engines/pkcs11/hw_pk11_uri.c --- a/components/openssl/openssl-1.0.0/engines/pkcs11/hw_pk11_uri.c Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,869 +0,0 @@ -/* - * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. - */ - -/* - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include - -#ifndef OPENSSL_NO_HW -#ifndef OPENSSL_NO_HW_PK11 - -#include -#include -#include "hw_pk11.h" -#include "hw_pk11_uri.h" - -/* - * The keystore used is always from the pubkey slot so we need to know which one - * was selected so that we can get the information needed for the URI - * processing. - */ -extern CK_SLOT_ID pubkey_SLOTID; -extern CK_FUNCTION_LIST_PTR pFuncList; - -/* - * Cached PIN so that child can use it during the re-login. Note that we do not - * cache the PIN by default. - */ -static char *token_pin; - -static int mlock_pin_in_memory(char *pin); -static char *run_askpass(char *dialog); - -/* - * Get the PIN. Either run the command and use its standard output as a PIN to - * fill in the PKCS11 URI structure, or read the PIN from the terminal. Using - * the external command is of higher precedence. The memory for PIN is allocated - * in this function and the PIN is always NULL terminated. The caller must take - * care of freeing the memory used for the PIN. The maximum PIN length accepted - * is PK11_MAX_PIN_LEN. - * - * The function is used also during the re-initialization of the engine after - * the fork. - * - * The function must not be called under the protection of the mutex "uri_lock" - * because the lock is acquired in the prefork function. - * - * Returns: - * 0 in case of troubles (and sets "*pin" to NULL) - * 1 if we got the PIN - */ -#define EXEC_SPEC "exec:" -#define BUILTIN_SPEC "builtin" -int -pk11_get_pin(char *dialog, char **pin) - { - /* Initialize as an error. */ - *pin = NULL; - - if (strcmp(dialog, BUILTIN_SPEC) == 0) - { - /* The getpassphrase() function is not MT safe. */ - (void) pthread_mutex_lock(uri_lock); - /* Note that OpenSSL is not localized at all. */ - *pin = getpassphrase("Enter token PIN: "); - if (*pin == NULL) - { - PK11err(PK11_F_GET_PIN, PK11_R_COULD_NOT_READ_PIN); - (void) pthread_mutex_unlock(uri_lock); - goto err; - } - else - { - char *pw; - - /* - * getpassphrase() uses an internal buffer to hold the - * entered password. Note that it terminates the buffer - * with '\0'. - */ - if ((pw = strdup(*pin)) == NULL) - { - PK11err(PK11_F_GET_PIN, PK11_R_MALLOC_FAILURE); - (void) pthread_mutex_unlock(uri_lock); - goto err; - } - /* Zero the internal buffer to get rid of the PIN. */ - memset(*pin, 0, strlen(*pin)); - *pin = pw; - (void) pthread_mutex_unlock(uri_lock); - } - } - else - { - /* - * This is the "exec:" case. We will get the PIN from the output - * of an external command. - */ - if (strncmp(dialog, EXEC_SPEC, strlen(EXEC_SPEC)) == 0) - { - dialog += strlen(EXEC_SPEC); - if ((*pin = run_askpass(dialog)) == NULL) - goto err; - } - else - { - /* - * Invalid specification in the passphrasedialog - * keyword. - */ - PK11err(PK11_F_GET_PIN, PK11_R_BAD_PASSPHRASE_SPEC); - goto err; - } - } - - return (1); -err: - return (0); - } - -/* - * Process the PKCS#11 URI and get the PIN. It uses information from the - * passphrasedialog keyword to get the PIN. If passphrasedialog is not present - * it is not considered an error since it depends on the token attributes - * whether C_Login() is required. The function expects an allocated 'uri_struct' - * structure. - * - * Returns: - * 0 if URI is not valid at all, or if we could not get the PIN - * 1 if all is OK - * 2 if the URI is not the PKCS#11 URI. In that case, put the string - * pointer to the filename to "*file". Note that the pointer just points - * inside of the "uristr", possibly skipping the file:// prefix if present. - */ -int -pk11_process_pkcs11_uri(const char *uristr, pkcs11_uri *uri_struct, - const char **file) - { - char *uristr2, *l1, *l2, *tok, *name; - - /* Check the "file://" case. */ - if (strncmp(uristr, FILE_URI_PREFIX, strlen(FILE_URI_PREFIX)) == 0) - { - *file = uristr + strlen(FILE_URI_PREFIX); - return (2); - } - - /* This is the "pkcs11:" case. */ - if (strncmp(uristr, PK11_URI_PREFIX, strlen(PK11_URI_PREFIX)) != 0) - { - /* Not PKCS#11 URI at all, could be a filename. */ - *file = (const char *)uristr; - return (2); - } - else - { - /* Dup the string and skip over the pkcs11: prefix then. */ - uristr2 = strdup(uristr + strlen(PK11_URI_PREFIX)); - if (uristr2 == NULL) - { - PK11err(PK11_F_CHECK_TOKEN_ATTRS, - PK11_R_MALLOC_FAILURE); - goto err; - } - } - - /* Initialize the structure. */ - memset(uri_struct, 0, sizeof (*uri_struct)); - - /* - * Using strtok_r() would silently skip over multiple semicolons. We - * must check that before moving on. We must also avoid ';' as the first - * and the last character in the URI. - */ - if (strstr(uristr2, ";;") != NULL || uristr2[0] == ';' || - (strlen(uristr2) > 0 && uristr2[strlen(uristr2) - 1] == ';')) - goto bad_uri; - - tok = strtok_r(uristr2, ";", &l1); - for (; tok != NULL; tok = strtok_r(NULL, ";", &l1)) - { - /* "tok" is not empty so there will be something in "name". */ - name = strtok_r(tok, "=", &l2); - /* Check whether there is '=' at all. */ - if (l2 == NULL) - goto bad_uri; - - /* - * Fill out the URI structure. We do not accept duplicit - * attributes. - */ - if (strcmp(name, PK11_TOKEN) == 0) - if (uri_struct->token == NULL) - { - if ((uri_struct->token = strdup(l2)) == NULL) - goto no_mem; - } - else - goto bad_uri; - else if (strcmp(name, PK11_MANUF) == 0) - if (uri_struct->manuf == NULL) - { - if ((uri_struct->manuf = strdup(l2)) == NULL) - goto no_mem; - } - else - goto bad_uri; - else if (strcmp(name, PK11_SERIAL) == 0) - if (uri_struct->serial == NULL) - { - if ((uri_struct->serial = strdup(l2)) == NULL) - goto no_mem; - } - else - goto bad_uri; - else if (strcmp(name, PK11_MODEL) == 0) - if (uri_struct->model == NULL) - { - if ((uri_struct->model = strdup(l2)) == NULL) - goto no_mem; - } - else - goto bad_uri; - else if (strcmp(name, PK11_OBJECT) == 0) - if (uri_struct->object == NULL) - { - if ((uri_struct->object = strdup(l2)) == NULL) - goto no_mem; - } - else - goto bad_uri; - else if (strcmp(name, PK11_OBJECTTYPE) == 0) - if (uri_struct->objecttype == NULL) - { - uri_struct->objecttype = strdup(l2); - if (uri_struct->objecttype == NULL) - goto no_mem; - } - else - goto bad_uri; - else if (strcmp(name, PK11_ASKPASS) == 0) - if (uri_struct->askpass == NULL) - { - if ((uri_struct->askpass = strdup(l2)) == NULL) - goto no_mem; - } - else - goto bad_uri; - else - goto bad_uri; - } - - /* The "object" token is mandatory in the PKCS#11 URI. */ - if (uri_struct->object == NULL) - { - PK11err(PK11_F_LOAD_PRIVKEY, PK11_R_MISSING_OBJECT_LABEL); - goto err; - } - - free(uristr2); - return (1); -bad_uri: - PK11err(PK11_F_LOAD_PRIVKEY, PK11_R_INVALID_PKCS11_URI); - if (uristr2 != NULL) - free(uristr2); - return (0); -no_mem: - PK11err(PK11_F_LOAD_PRIVKEY, PK11_R_MALLOC_FAILURE); -err: - pk11_free_pkcs11_uri(uri_struct, CK_FALSE); - if (uristr2 != NULL) - free(uristr2); - return (0); - } - -/* - * Free the PKCS11 URI structure and anything that might be inside. - */ -void -pk11_free_pkcs11_uri(pkcs11_uri *uri_struct, CK_BBOOL free_uri_itself) - { - if (uri_struct->token != NULL) - free(uri_struct->token); - if (uri_struct->manuf != NULL) - free(uri_struct->manuf); - if (uri_struct->serial != NULL) - free(uri_struct->serial); - if (uri_struct->model != NULL) - free(uri_struct->model); - if (uri_struct->object != NULL) - free(uri_struct->object); - if (uri_struct->objecttype != NULL) - free(uri_struct->objecttype); - if (uri_struct->askpass != NULL) - free(uri_struct->askpass); - - if (free_uri_itself == CK_TRUE) - OPENSSL_free(uri_struct); - } - -/* - * While our keystore is always the one used by the pubkey slot (which is - * usually the Metaslot) we must make sure that those URI attributes that - * specify the keystore match the real attributes of our slot keystore. Note - * that one can use the METASLOT_OBJECTSTORE_TOKEN environment variable to - * change the Metaslot's keystore from the softtoken to something else (see - * libpkcs11(3LIB)). The user might want to use such attributes in the PKCS#11 - * URI to make sure that the intended keystore is used. - * - * Returns: - * 1 on success - * 0 on failure - */ -int -pk11_check_token_attrs(pkcs11_uri *uri_struct) - { - CK_RV rv; - static CK_TOKEN_INFO_PTR token_info = NULL; - - (void) pthread_mutex_lock(uri_lock); - if (token_info == NULL) - { - token_info = OPENSSL_malloc(sizeof (CK_TOKEN_INFO)); - if (token_info == NULL) - { - PK11err(PK11_F_CHECK_TOKEN_ATTRS, - PK11_R_MALLOC_FAILURE); - goto err; - } - - rv = pFuncList->C_GetTokenInfo(pubkey_SLOTID, token_info); - if (rv != CKR_OK) - { - PK11err_add_data(PK11_F_CHECK_TOKEN_ATTRS, - PK11_R_GETTOKENINFO, rv); - goto err; - } - } - - if (uri_struct->token != NULL) - if (strncmp(uri_struct->token, (char *)token_info->label, - strlen(uri_struct->token) > 32 ? 32 : - strlen(uri_struct->token)) != 0) - { - goto urierr; - } - - if (uri_struct->manuf != NULL) - if (strncmp(uri_struct->manuf, - (char *)token_info->manufacturerID, - strlen(uri_struct->manuf) > 32 ? 32 : - strlen(uri_struct->manuf)) != 0) - goto urierr; - - if (uri_struct->model != NULL) - if (strncmp(uri_struct->model, (char *)token_info->model, - strlen(uri_struct->model) > 16 ? 16 : - strlen(uri_struct->model)) != 0) - goto urierr; - - if (uri_struct->serial != NULL) - if (strncmp(uri_struct->serial, - (char *)token_info->serialNumber, - strlen(uri_struct->serial) > 16 ? 16 : - strlen(uri_struct->serial)) != 0) - goto urierr; - - (void) pthread_mutex_unlock(uri_lock); - return (1); - -urierr: - PK11err(PK11_F_CHECK_TOKEN_ATTRS, PK11_R_TOKEN_ATTRS_DO_NOT_MATCH); - /* Correct error already set above for the "err" label. */ -err: - (void) pthread_mutex_unlock(uri_lock); - return (0); - } - -/* - * Return the process PIN caching policy. We initialize it just once so if the - * process change OPENSSL_PKCS11_PIN_CACHING_POLICY during the operation it will - * not have any affect on the policy. - * - * We assume that the "uri_lock" mutex is already locked. - * - * Returns the caching policy number. - */ -int -pk11_get_pin_caching_policy(void) - { - char *value = NULL; - static int policy = POLICY_NOT_INITIALIZED; - - if (policy != POLICY_NOT_INITIALIZED) - return (policy); - - value = getenv("OPENSSL_PKCS11_PIN_CACHING_POLICY"); - - if (value == NULL || strcmp(value, "none") == 0) - { - policy = POLICY_NONE; - goto done; - } - - if (strcmp(value, "memory") == 0) - { - policy = POLICY_MEMORY; - goto done; - } - - if (strcmp(value, "mlocked-memory") == 0) - { - policy = POLICY_MLOCKED_MEMORY; - goto done; - } - - return (POLICY_WRONG_VALUE); -done: - return (policy); - } - -/* - * Cache the PIN in memory once. We already know that we have either "memory" or - * "mlocked-memory" keyword correctly set. - * - * Returns: - * 1 on success - * 0 on failure - */ -int -pk11_cache_pin(char *pin) - { - (void) pthread_mutex_lock(uri_lock); - /* We set the PIN only once since all URIs must have it the same. */ - if (token_pin != NULL) - goto ok; - - if (pk11_get_pin_caching_policy() == POLICY_MEMORY) - if ((token_pin = strdup(pin)) == NULL) - { - PK11err(PK11_F_CACHE_PIN, PK11_R_MALLOC_FAILURE); - goto err; - } - else - if (pk11_get_pin_caching_policy() == POLICY_MLOCKED_MEMORY) - { - if (mlock_pin_in_memory(pin) == 0) - goto err; - } - -ok: - (void) pthread_mutex_unlock(uri_lock); - return (1); -err: - (void) pthread_mutex_unlock(uri_lock); - return (0); - } - -/* - * Cache the PIN in mlock(3C)ed memory. If mlock(3C) fails we will not resort to - * the normal memory caching. - * - * Note that this function must be called under the protection of the "uri_lock" - * mutex. - * - * Returns: - * 1 on success - * 0 on failure - */ -static int -mlock_pin_in_memory(char *pin) - { - void *addr = NULL; - long pagesize = 0; - - /* mlock(3C) locks pages so we need one whole page for the PIN. */ - if ((pagesize = sysconf(_SC_PAGESIZE)) == -1) - { - PK11err(PK11_F_MLOCK_PIN_IN_MEMORY, PK11_R_SYSCONF_FAILED); - goto err; - } - - /* This will ensure we have a page aligned pointer... */ - if ((addr = mmap(0, pagesize, PROT_READ | PROT_WRITE, - MAP_PRIVATE | MAP_ANON, -1, 0)) == MAP_FAILED) - { - PK11err(PK11_F_MLOCK_PIN_IN_MEMORY, PK11_R_MMAP_FAILED); - goto err; - } - - /* ...because "addr" must be page aligned here. */ - if (mlock(addr, pagesize) == -1) - { - /* - * Missing the PRIV_PROC_LOCK_MEMORY privilege might be a common - * problem so distinguish this situation from other issues. - */ - if (errno == EPERM) - PK11err(PK11_F_MLOCK_PIN_IN_MEMORY, - PK11_R_PRIV_PROC_LOCK_MEMORY_MISSING); - else - PK11err(PK11_F_MLOCK_PIN_IN_MEMORY, - PK11_R_MLOCK_FAILED); - - /* - * We already have a problem here so there is no need to check - * that we could unmap the page. The PIN is not there yet - * anyway. - */ - (void) munmap(addr, pagesize); - goto err; - } - - /* Copy the PIN to the mlocked memory. */ - token_pin = (char *)addr; - strlcpy(token_pin, pin, PK11_MAX_PIN_LEN + 1); - return (1); -err: - return (0); - } - -/* - * Log in to the keystore if we are supposed to do that at all. Take care of - * reading and caching the PIN etc. Log in only once even when called from - * multiple threads. - * - * Returns: - * 1 on success - * 0 on failure - */ -int -pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done, - pkcs11_uri *uri_struct, CK_BBOOL is_private) - { - CK_RV rv; - - if ((pubkey_token_flags & CKF_TOKEN_INITIALIZED) == 0) - { - PK11err(PK11_F_TOKEN_LOGIN, - PK11_R_TOKEN_NOT_INITIALIZED); - goto err; - } - - /* - * If login is required or needed but the PIN has not been even - * initialized we can bail out right now. Note that we are supposed to - * always log in if we are going to access private keys. However, we may - * need to log in even for accessing public keys in case that the - * CKF_LOGIN_REQUIRED flag is set. - */ - if ((pubkey_token_flags & CKF_LOGIN_REQUIRED || - is_private == CK_TRUE) && ~pubkey_token_flags & - CKF_USER_PIN_INITIALIZED) - { - PK11err(PK11_F_TOKEN_LOGIN, PK11_R_TOKEN_PIN_NOT_SET); - goto err; - } - - /* - * Note on locking: it is possible that more than one thread gets into - * pk11_get_pin() so we must deal with that. We cannot avoid it since we - * cannot guard fork() in there with a lock because we could end up in - * a dead lock in the child. Why? Remember we are in a multithreaded - * environment so we must lock all mutexes in the prefork function to - * avoid a situation in which a thread that did not call fork() held a - * lock, making future unlocking impossible. We lock right before - * C_Login(). - */ - if (pubkey_token_flags & CKF_LOGIN_REQUIRED || is_private == CK_TRUE) - { - if (*login_done == CK_FALSE && - uri_struct->askpass == NULL) - { - PK11err(PK11_F_TOKEN_LOGIN, - PK11_R_TOKEN_PIN_NOT_PROVIDED); - goto err; - } - - if (*login_done == CK_FALSE && - uri_struct->askpass != NULL) - { - if (pk11_get_pin(uri_struct->askpass, - &uri_struct->pin) == 0) - { - PK11err(PK11_F_TOKEN_LOGIN, - PK11_R_TOKEN_PIN_NOT_PROVIDED); - goto err; - } - } - - /* - * Note that what we are logging into is the keystore from - * pubkey_SLOTID because we work with OP_RSA session type here. - * That also means that we can work with only one keystore in - * the engine. - * - * We must make sure we do not try to login more than once. - * Also, see the comment above on locking strategy. - */ - (void) pthread_mutex_lock(uri_lock); - if (*login_done == CK_FALSE) - { - if ((rv = pFuncList->C_Login(session, - CKU_USER, (CK_UTF8CHAR*)uri_struct->pin, - strlen(uri_struct->pin))) != CKR_OK) - { - PK11err_add_data(PK11_F_TOKEN_LOGIN, - PK11_R_TOKEN_LOGIN_FAILED, rv); - goto err_locked; - } - - *login_done = CK_TRUE; - - /* - * Cache the passphrasedialog for possible child (which - * would need to relogin). - */ - if (passphrasedialog == NULL && - uri_struct->askpass != NULL) - { - passphrasedialog = - strdup(uri_struct->askpass); - - if (passphrasedialog == NULL) - { - PK11err_add_data(PK11_F_TOKEN_LOGIN, - PK11_R_MALLOC_FAILURE, rv); - goto err_locked; - } - } - - /* - * Check the PIN caching policy. Note that user might - * have provided a PIN even when no PIN was required - - * in that case we always remove the PIN from memory. - */ - if (pk11_get_pin_caching_policy() == - POLICY_WRONG_VALUE) - { - PK11err(PK11_F_TOKEN_LOGIN, - PK11_R_PIN_CACHING_POLICY_INVALID); - goto err_locked; - } - - if (pk11_get_pin_caching_policy() != POLICY_NONE) - if (pk11_cache_pin(uri_struct->pin) == 0) - goto err_locked; - } - (void) pthread_mutex_unlock(uri_lock); - } - else - { - /* - * If token does not require login we take it as the - * login was done. - */ - *login_done = CK_TRUE; - } - - /* - * If we raced at pk11_get_pin() we must make sure that all threads that - * called pk11_get_pin() will erase the PIN from memory, not just the - * one that called C_Login(). Note that if we were supposed to cache the - * PIN it was already cached by now so filling "uri_struct.pin" with - * zero bytes is always OK since pk11_cache_pin() makes a copy of it. - */ - if (uri_struct->pin != NULL) - memset(uri_struct->pin, 0, strlen(uri_struct->pin)); - - return (1); - -err_locked: - (void) pthread_mutex_unlock(uri_lock); -err: - /* Always get rid of the PIN. */ - if (uri_struct->pin != NULL) - memset(uri_struct->pin, 0, strlen(uri_struct->pin)); - return (0); - } - -/* - * Log in to the keystore in the child if we were logged in in the parent. There - * are similarities in the code with pk11_token_login() but still it is quite - * different so we need a separate function for this. - * - * Note that this function is called under the locked session mutex when fork is - * detected. That means that C_Login() will be called from the child just once. - * - * Returns: - * 1 on success - * 0 on failure - */ -int -pk11_token_relogin(CK_SESSION_HANDLE session) - { - CK_RV rv; - - /* - * We are in the child so check if we should login to the token again. - * Note that it is enough to log in to the token through one session - * only, all already open and all future sessions can access the token - * then. - */ - if (passphrasedialog != NULL) - { - char *pin = NULL; - - /* If we cached the PIN then use it. */ - if (token_pin != NULL) - pin = token_pin; - else if (pk11_get_pin(passphrasedialog, &pin) == 0) - goto err; - - (void) pthread_mutex_lock(uri_lock); - if ((rv = pFuncList->C_Login(session, CKU_USER, - (CK_UTF8CHAR_PTR)pin, strlen(pin))) != CKR_OK) - { - PK11err_add_data(PK11_F_TOKEN_RELOGIN, - PK11_R_TOKEN_LOGIN_FAILED, rv); - (void) pthread_mutex_unlock(uri_lock); - goto err; - } - (void) pthread_mutex_unlock(uri_lock); - - /* Forget the PIN now if we did not cache it before. */ - if (pin != token_pin) - { - memset(pin, 0, strlen(pin)); - OPENSSL_free(pin); - } - } - - return (1); -err: - return (0); - } - -/* - * This function forks and runs an external command. It would be nice if we - * could use popen(3C)/pclose(3C) for that but unfortunately we need to be able - * to get rid of the PIN from the memory. With p(open|close) function calls we - * cannot control the stdio's memory used for buffering and our tests showed - * that the PIN really stays there even after pclose(). - * - * Returns: - * allocated buffer on success - * NULL on failure - */ -static char * -run_askpass(char *dialog) - { - pid_t pid; - int n, p[2]; - char *buf = NULL; - - if (pipe(p) == -1) - { - PK11err(PK11_F_RUN_ASKPASS, PK11_R_PIPE_FAILED); - return (NULL); - } - - switch (pid = fork()) - { - case -1: - PK11err(PK11_F_RUN_ASKPASS, PK11_R_FORK_FAILED); - return (NULL); - /* child */ - case 0: - /* - * This should make sure that dup2() will not fail on - * file descriptor shortage. - */ - close(p[0]); - (void) dup2(p[1], 1); - close(p[1]); - /* - * Note that we cannot use PK11err() here since we are - * in the child. However, parent will get read() error - * so do not worry. - */ - (void) execl(dialog, basename(dialog), NULL); - exit(1); - /* parent */ - default: - /* +1 is for the terminating '\0' */ - buf = (char *)OPENSSL_malloc(PK11_MAX_PIN_LEN + 1); - if (buf == NULL) - { - PK11err(PK11_F_RUN_ASKPASS, - PK11_R_MALLOC_FAILURE); - return (NULL); - } - - close(p[1]); - n = read(p[0], buf, PK11_MAX_PIN_LEN); - if (n == -1 || n == 0) - { - PK11err(PK11_F_RUN_ASKPASS, - PK11_R_PIN_NOT_READ_FROM_COMMAND); - OPENSSL_free(buf); - return (NULL); - } - buf[n] = '\0'; - - (void) waitpid(pid, NULL, 0); - } - - return (buf); - } - -#endif /* OPENSSL_NO_HW_PK11 */ -#endif /* OPENSSL_NO_HW */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/engines/pkcs11/hw_pk11_uri.h --- a/components/openssl/openssl-1.0.0/engines/pkcs11/hw_pk11_uri.h Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,113 +0,0 @@ -/* - * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved. - */ - -/* - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef HW_PK11_URI_H -#define HW_PK11_URI_H - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* PKCS#11 URI related prefixes and attributes. */ -#define PK11_URI_PREFIX "pkcs11:" -#define FILE_URI_PREFIX "file://" -#define PK11_TOKEN "token" -#define PK11_MANUF "manuf" -#define PK11_SERIAL "serial" -#define PK11_MODEL "model" -#define PK11_OBJECT "object" -#define PK11_OBJECTTYPE "objecttype" -#define PK11_ASKPASS "passphrasedialog" - -/* PIN caching policy. */ -#define POLICY_NOT_INITIALIZED 0 -#define POLICY_NONE 1 -#define POLICY_MEMORY 2 -#define POLICY_MLOCKED_MEMORY 3 -#define POLICY_WRONG_VALUE 4 - -/* - * That's what getpassphrase(3c) supports. - */ -#define PK11_MAX_PIN_LEN 256 - -/* Add new attributes of the PKCS#11 URI here. */ -typedef struct pkcs11_uri_struct { - char *object; /* object label, the only mandatory info */ - char *objecttype; /* (private|public|cert), currently unused */ - char *token; /* token label */ - char *manuf; /* manufacturer label */ - char *serial; /* serial number label */ - char *model; /* model label */ - char *askpass; /* full path to the command to get the PIN */ - /* Not part of the PKCS11 URI itself. */ - char *pin; /* token PIN */ -} pkcs11_uri; - -/* For URI processing. */ -extern pthread_mutex_t *uri_lock; - -int pk11_get_pin(char *dialog, char **pin); -int pk11_get_pin_caching_policy(void); -int pk11_process_pkcs11_uri(const char *uristr, pkcs11_uri *uri_struct, - const char **file); -int pk11_check_token_attrs(pkcs11_uri *uri_struct); -void pk11_free_pkcs11_uri(pkcs11_uri *uri_struct, CK_BBOOL free_uri_itself); -int pk11_cache_pin(char *pin); -int pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done, - pkcs11_uri *uri_struct, CK_BBOOL is_private); -int pk11_token_relogin(CK_SESSION_HANDLE session); - -#ifdef __cplusplus -} -#endif -#endif /* HW_PK11_URI_H */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/engines/t4/eng_t4.c --- a/components/openssl/openssl-1.0.0/engines/t4/eng_t4.c Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1187 +0,0 @@ -/* - * This product includes cryptographic software developed by the OpenSSL - * Project for use in the OpenSSL Toolkit (http://www.openssl.org/). - */ - -/* - * ==================================================================== - * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -/* - * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. - */ - -/* - * This engine supports SPARC microprocessors that provide AES and other - * cipher and hash instructions, such as the T4 microprocessor. - */ - -#include - -#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AES_T4) && \ - !defined(OPENSSL_NO_AES) -#include -#include /* getisax() */ -#include -#include -#include -#include -#include -#include -#include "eng_t4_aes_asm.h" - -#define T4_LIB_NAME "SPARC T4 engine" -#include "eng_t4_err.c" - -/* Copied from Solaris aes_impl.h */ -#ifndef MAX_AES_NR -#define MAX_AES_NR 14 /* Maximum number of rounds */ -#endif -#ifndef MAX_AES_NB -#define MAX_AES_NB 4 /* Number of columns comprising a state */ -#endif - -/* Index for the supported ciphers */ -typedef enum { - T4_AES_128_CBC, - T4_AES_192_CBC, - T4_AES_256_CBC, -#ifndef SOLARIS_NO_AES_CFB128 - T4_AES_128_CFB128, - T4_AES_192_CFB128, - T4_AES_256_CFB128, -#endif /* !SOLARIS_NO_AES_CFB128 */ -#ifndef SOLARIS_NO_AES_CTR - T4_AES_128_CTR, - T4_AES_192_CTR, - T4_AES_256_CTR, -#endif - T4_AES_128_ECB, - T4_AES_192_ECB, - T4_AES_256_ECB, - T4_CIPHER_MAX -} t4_cipher_id; - -/* T4 cipher context; must be 8-byte aligned (last field must be uint64_t) */ -typedef struct t4_cipher_ctx { - t4_cipher_id index; - uint64_t *iv; - uint64_t aligned_iv_buffer[2]; /* use if original IV unaligned */ - /* Encryption and decryption key schedule are the same: */ - uint64_t t4_ks[((MAX_AES_NR) + 1) * (MAX_AES_NB)]; -} t4_cipher_ctx_t; - -typedef struct t4_cipher { - t4_cipher_id id; - int nid; - int iv_len; - int min_key_len; - int max_key_len; - unsigned long flags; -} t4_cipher_t; - -/* Constants used when creating the ENGINE */ -static const char *ENGINE_T4_ID = "t4"; -static const char *ENGINE_T4_NAME = "SPARC T4 engine support"; -static const char *ENGINE_NO_T4_NAME = "SPARC T4 engine support (no T4)"; - - -#if (defined(sun4v) || defined(__sparcv9) || defined(__sparcv8plus) || \ - defined(__sparcv8)) && !defined(OPENSSL_NO_ASM) -#define COMPILE_HW_T4 -static int t4_bind_helper(ENGINE *e, const char *id); -#pragma inline(t4_bind_helper) -#endif - -/* - * This makes the engine "built-in" with OpenSSL. - * On non-T4 CPUs this just returns. - * Called by ENGINE_load_builtin_engines(). - */ -void -ENGINE_load_t4(void) -{ -#ifdef COMPILE_HW_T4 - ENGINE *toadd = ENGINE_new(); - if (toadd != NULL) { - if (t4_bind_helper(toadd, ENGINE_T4_ID) != 0) { - (void) ENGINE_add(toadd); - (void) ENGINE_free(toadd); - ERR_clear_error(); - } else { - (void) ENGINE_free(toadd); - } - } -#endif -} - - -#ifdef COMPILE_HW_T4 -static int t4_bind(ENGINE *e); -#ifndef DYNAMIC_ENGINE -#pragma inline(t4_bind) -#endif -static t4_cipher_id get_cipher_index_by_nid(int nid); -#pragma inline(get_cipher_index_by_nid) -static void t4_instructions_present(_Bool *aes_present, _Bool *des_present, - _Bool *digest_present, _Bool *montmul_present); -#pragma inline(t4_instructions_present) - -/* Digest registration function. Called by ENGINE_set_ciphers() */ -int t4_get_all_digests(ENGINE *e, const EVP_MD **digest, - const int **nids, int nid); - -/* RSA_METHOD structure used by ENGINE_set_RSA() */ -extern RSA_METHOD *t4_RSA(void); - -/* DH_METHOD structure used by ENGINE_set_DH() */ -extern DH_METHOD *t4_DH(void); - -/* DSA_METHOD structure used by ENGINE_set_DSA() */ -extern DSA_METHOD *t4_DSA(void); - -#ifndef SOLARIS_NO_AES_CTR -/* - * NIDs for AES counter mode that will be defined during the engine - * initialization (because OpenSSL doesn't support CTR mode). - */ -static int NID_t4_aes_128_ctr = NID_undef; -static int NID_t4_aes_192_ctr = NID_undef; -static int NID_t4_aes_256_ctr = NID_undef; - -static int t4_add_NID(char *sn, char *ln); -static int t4_add_aes_ctr_NIDs(void); -#pragma inline(t4_add_aes_ctr_NIDs) -static void t4_free_aes_ctr_NIDs(void); -#define T4_FREE_AES_CTR_NIDS t4_free_aes_ctr_NIDs() -#else -#define T4_FREE_AES_CTR_NIDS -#endif /* !SOLARIS_NO_AES_CTR */ - -/* Static variables */ -/* This can't be const as NID*ctr is inserted when the engine is initialized */ -static int t4_cipher_nids[] = { - NID_aes_128_cbc, NID_aes_192_cbc, NID_aes_256_cbc, -#ifndef SOLARIS_NO_AES_CFB128 - NID_aes_128_cfb128, NID_aes_192_cfb128, NID_aes_256_cfb128, -#endif -#ifndef SOLARIS_NO_AES_CTR - /* NID_t4_aes_128_ctr, NID_t4_aes_192, NID_t4_aes_256 */ - NID_undef, NID_undef, NID_undef, -#endif - NID_aes_128_ecb, NID_aes_192_ecb, NID_aes_256_ecb, -#ifndef OPENSSL_NO_DES - /* Must be at end of list (see t4_des_cipher_count in t4_bind() */ - NID_des_cbc, NID_des_ede3_cbc, NID_des_ecb, NID_des_ede3_ecb, -#endif -}; -static const int t4_des_cipher_count = 4; -static int t4_cipher_count = - (sizeof (t4_cipher_nids) / sizeof (t4_cipher_nids[0])); - -/* - * Cipher Table for all supported symmetric ciphers. - * Must be in same order as t4_cipher_id. - */ -static t4_cipher_t t4_cipher_table[] = { - /* ID NID IV min- max-key flags */ - {T4_AES_128_CBC, NID_aes_128_cbc, 16, 16, 16, 0}, - {T4_AES_192_CBC, NID_aes_192_cbc, 16, 24, 24, 0}, - {T4_AES_256_CBC, NID_aes_256_cbc, 16, 32, 32, 0}, -#ifndef SOLARIS_NO_AES_CFB128 - {T4_AES_128_CFB128, NID_aes_128_cfb128, 16, 16, 16, - EVP_CIPH_NO_PADDING}, - {T4_AES_192_CFB128, NID_aes_192_cfb128, 16, 24, 24, - EVP_CIPH_NO_PADDING}, - {T4_AES_256_CFB128, NID_aes_256_cfb128, 16, 32, 32, - EVP_CIPH_NO_PADDING}, -#endif -#ifndef SOLARIS_NO_AES_CTR - /* We don't know the correct NIDs until the engine is initialized */ - {T4_AES_128_CTR, NID_undef, 16, 16, 16, - EVP_CIPH_NO_PADDING}, - {T4_AES_192_CTR, NID_undef, 16, 24, 24, - EVP_CIPH_NO_PADDING}, - {T4_AES_256_CTR, NID_undef, 16, 32, 32, - EVP_CIPH_NO_PADDING}, -#endif - {T4_AES_128_ECB, NID_aes_128_ecb, 0, 16, 16, 0}, - {T4_AES_192_ECB, NID_aes_192_ecb, 0, 24, 24, 0}, - {T4_AES_256_ECB, NID_aes_256_ecb, 0, 32, 32, 0}, -}; - - -/* Formal declaration for functions in EVP_CIPHER structure */ -static int t4_cipher_init_aes(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); - -static int t4_cipher_do_aes_128_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); -static int t4_cipher_do_aes_192_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); -static int t4_cipher_do_aes_256_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); -#ifndef SOLARIS_NO_AES_CFB128 -static int t4_cipher_do_aes_128_cfb128(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); -static int t4_cipher_do_aes_192_cfb128(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); -static int t4_cipher_do_aes_256_cfb128(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); -#endif -#ifndef SOLARIS_NO_AES_CTR -static int t4_cipher_do_aes_128_ctr(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); -static int t4_cipher_do_aes_192_ctr(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); -static int t4_cipher_do_aes_256_ctr(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); -#endif /* !SOLARIS_NO_AES_CTR */ -static int t4_cipher_do_aes_128_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); -static int t4_cipher_do_aes_192_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); -static int t4_cipher_do_aes_256_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); - - -/* - * Cipher Algorithms - * - * OpenSSL's libcrypto EVP stuff. This is how this engine gets wired to EVP. - * EVP_CIPHER is defined in evp.h. To maintain binary compatibility the - * definition cannot be modified. - * Stuff specific to the t4 engine is kept in t4_cipher_ctx_t, which is - * pointed to by cipher_data or md_data - * - * Fields: nid, block_size, key_len, iv_len, flags, - * init(), do_cipher(), cleanup(), - * ctx_size, - * set_asn1_parameters(), get_asn1_parameters(), ctrl(), app_data - */ - -static const EVP_CIPHER t4_aes_128_cbc = { - NID_aes_128_cbc, - 16, 16, 16, - EVP_CIPH_CBC_MODE, - t4_cipher_init_aes, t4_cipher_do_aes_128_cbc, NULL, - sizeof (t4_cipher_ctx_t), - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, - NULL, NULL -}; -static const EVP_CIPHER t4_aes_192_cbc = { - NID_aes_192_cbc, - 16, 24, 16, - EVP_CIPH_CBC_MODE, - t4_cipher_init_aes, t4_cipher_do_aes_192_cbc, NULL, - sizeof (t4_cipher_ctx_t), - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, - NULL, NULL -}; -static const EVP_CIPHER t4_aes_256_cbc = { - NID_aes_256_cbc, - 16, 32, 16, - EVP_CIPH_CBC_MODE, - t4_cipher_init_aes, t4_cipher_do_aes_256_cbc, NULL, - sizeof (t4_cipher_ctx_t), - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, - NULL, NULL -}; - -#ifndef SOLARIS_NO_AES_CFB128 -static const EVP_CIPHER t4_aes_128_cfb128 = { - NID_aes_128_cfb128, - 16, 16, 16, - EVP_CIPH_CFB_MODE, - t4_cipher_init_aes, t4_cipher_do_aes_128_cfb128, NULL, - sizeof (t4_cipher_ctx_t), - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, - NULL, NULL -}; -static const EVP_CIPHER t4_aes_192_cfb128 = { - NID_aes_192_cfb128, - 16, 24, 16, - EVP_CIPH_CFB_MODE, - t4_cipher_init_aes, t4_cipher_do_aes_192_cfb128, NULL, - sizeof (t4_cipher_ctx_t), - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, - NULL, NULL -}; -static const EVP_CIPHER t4_aes_256_cfb128 = { - NID_aes_256_cfb128, - 16, 32, 16, - EVP_CIPH_CFB_MODE, - t4_cipher_init_aes, t4_cipher_do_aes_256_cfb128, NULL, - sizeof (t4_cipher_ctx_t), - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, - NULL, NULL -}; -#endif /* !SOLARIS_NO_AES_CFB128 */ - -#ifndef SOLARIS_NO_AES_CTR -/* - * Counter mode is not defined in OpenSSL. - * NID_undef's will be changed to AES counter mode NIDs as soon as they are - * created in t4_add_aes_ctr_NIDs() when the engine is initialized. - * Note that the need to change these structures during initialization is the - * reason why we don't define them with the const keyword. - */ -static EVP_CIPHER t4_aes_128_ctr = { - NID_undef, - 16, 16, 16, - EVP_CIPH_CBC_MODE, - t4_cipher_init_aes, t4_cipher_do_aes_128_ctr, NULL, - sizeof (t4_cipher_ctx_t), - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, - NULL, NULL -}; -static EVP_CIPHER t4_aes_192_ctr = { - NID_undef, - 16, 24, 16, - EVP_CIPH_CBC_MODE, - t4_cipher_init_aes, t4_cipher_do_aes_192_ctr, NULL, - sizeof (t4_cipher_ctx_t), - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, - NULL, NULL -}; -static EVP_CIPHER t4_aes_256_ctr = { - NID_undef, - 16, 32, 16, - EVP_CIPH_CBC_MODE, - t4_cipher_init_aes, t4_cipher_do_aes_256_ctr, NULL, - sizeof (t4_cipher_ctx_t), - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, - NULL, NULL -}; -#endif /* !SOLARIS_NO_AES_CTR */ - -/* - * ECB modes don't use an Initial Vector, so that's why set_asn1_parameters, - * get_asn1_parameters, and cleanup fields are set to NULL. - */ -static const EVP_CIPHER t4_aes_128_ecb = { - NID_aes_128_ecb, - 16, 16, 0, - EVP_CIPH_ECB_MODE, - t4_cipher_init_aes, t4_cipher_do_aes_128_ecb, NULL, - sizeof (t4_cipher_ctx_t), - NULL, NULL, NULL, NULL -}; -static const EVP_CIPHER t4_aes_192_ecb = { - NID_aes_192_ecb, - 16, 24, 0, - EVP_CIPH_ECB_MODE, - t4_cipher_init_aes, t4_cipher_do_aes_192_ecb, NULL, - sizeof (t4_cipher_ctx_t), - NULL, NULL, NULL, NULL -}; -static const EVP_CIPHER t4_aes_256_ecb = { - NID_aes_256_ecb, - 16, 32, 0, - EVP_CIPH_ECB_MODE, - t4_cipher_init_aes, t4_cipher_do_aes_256_ecb, NULL, - sizeof (t4_cipher_ctx_t), - NULL, NULL, NULL, NULL -}; - -#ifndef OPENSSL_NO_DES -extern const EVP_CIPHER t4_des_cbc; -extern const EVP_CIPHER t4_des3_cbc; -extern const EVP_CIPHER t4_des_ecb; -extern const EVP_CIPHER t4_des3_ecb; -#endif /* OPENSSL_NO_DES */ - - -/* - * Message Digest variables - */ -static const int t4_digest_nids[] = { -#ifndef OPENSSL_NO_MD5 - NID_md5, -#endif -#ifndef OPENSSL_NO_SHA -#ifndef OPENSSL_NO_SHA1 - NID_sha1, -#endif -#ifndef OPENSSL_NO_SHA256 - NID_sha224, - NID_sha256, -#endif -#ifndef OPENSSL_NO_SHA512 - NID_sha384, - NID_sha512, -#endif -#endif /* !OPENSSL_NO_SHA */ -}; -static const int t4_digest_count = - (sizeof (t4_digest_nids) / sizeof (t4_digest_nids[0])); - -#ifndef OPENSSL_NO_MD5 -extern const EVP_MD t4_md5; -#endif -#ifndef OPENSSL_NO_SHA -#ifndef OPENSSL_NO_SHA1 -extern const EVP_MD t4_sha1; -#endif -#ifndef OPENSSL_NO_SHA256 -extern const EVP_MD t4_sha224; -extern const EVP_MD t4_sha256; -#endif -#ifndef OPENSSL_NO_SHA512 -extern const EVP_MD t4_sha384; -extern const EVP_MD t4_sha512; -#endif -#endif /* !OPENSSL_NO_SHA */ - -/* - * Message Digest functions - */ - -/* - * Registered by the ENGINE with ENGINE_set_digests(). - * Finds out how to deal with a particular digest NID in the ENGINE. - */ -/* ARGSUSED */ -int -t4_get_all_digests(ENGINE *e, const EVP_MD **digest, - const int **nids, int nid) -{ - if (digest == NULL) { /* return a list of all supported digests */ - *nids = (t4_digest_count > 0) ? t4_digest_nids : NULL; - return (t4_digest_count); - } - - switch (nid) { -#ifndef OPENSSL_NO_MD5 - case NID_md5: - *digest = &t4_md5; - break; -#endif -#ifndef OPENSSL_NO_SHA -#ifndef OPENSSL_NO_SHA1 - /* - * A special case. For "openssl dgst -dss1 ...", - * OpenSSL calls EVP_get_digestbyname() on "dss1" which ends up - * calling t4_get_all_digests() for NID_dsa. Internally, if an - * engine is not used, OpenSSL uses SHA1_Init() as expected for - * DSA. So, we must return t4_sha1 for NID_dsa as well. Note - * that this must have changed between 0.9.8 and 1.0.0 since we - * did not have the problem with the 0.9.8 version. - */ - case NID_dsa: - case NID_sha1: - *digest = &t4_sha1; - break; -#endif -#ifndef OPENSSL_NO_SHA256 - case NID_sha224: - *digest = &t4_sha224; - break; - case NID_sha256: - *digest = &t4_sha256; - break; -#endif -#ifndef OPENSSL_NO_SHA512 - case NID_sha384: - *digest = &t4_sha384; - break; - case NID_sha512: - *digest = &t4_sha512; - break; -#endif -#endif /* !OPENSSL_NO_SHA */ - default: - /* digest not supported */ - *digest = NULL; - return (0); - } - - return (1); -} - - -/* - * Utility Functions - */ - -/* - * Set aes_present, des_present, digest_present and montmul_present - * to B_FALSE or B_TRUE depending on - * whether the current SPARC processor supports AES, DES, - * MD5/SHA1/SHA256/SHA512 and MONTMUL, respectively. - */ -static void -t4_instructions_present(_Bool *aes_present, _Bool *des_present, - _Bool *digest_present, _Bool *montmul_present) -{ -#ifdef OPENSSL_NO_DES -#undef AV_SPARC_DES -#define AV_SPARC_DES 0 -#endif -#ifdef OPENSSL_NO_MD5 -#undef AV_SPARC_MD5 -#define AV_SPARC_MD5 0 -#endif -#ifndef OPENSSL_NO_SHA -#ifdef OPENSSL_NO_SHA1 -#undef AV_SPARC_SHA1 -#define AV_SPARC_SHA1 0 -#endif -#ifdef OPENSSL_NO_SHA256 -#undef AV_SPARC_SHA256 -#define AV_SPARC_SHA256 0 -#endif -#ifdef OPENSSL_NO_SHA512 -#undef AV_SPARC_SHA512 -#define AV_SPARC_SHA512 0 -#endif -#else -#undef AV_SPARC_SHA1 -#undef AV_SPARC_SHA256 -#undef AV_SPARC_SHA512 -#define AV_SPARC_SHA1 0 -#define AV_SPARC_SHA256 0 -#define AV_SPARC_SHA512 0 -#endif /* !OPENSSL_NO_SHA */ - -#define DIGEST_MASK (AV_SPARC_MD5 | AV_SPARC_SHA1 | AV_SPARC_SHA256 | \ - AV_SPARC_SHA512) - uint_t ui; - - (void) getisax(&ui, 1); - *aes_present = ((ui & AV_SPARC_AES) != 0); - *des_present = ((ui & AV_SPARC_DES) != 0); - *digest_present = ((ui & DIGEST_MASK) == DIGEST_MASK); - *montmul_present = ((ui & AV_SPARC_MONT) != 0); -} - - -#ifndef SOLARIS_NO_AES_CTR -/* Create a new NID when we have no OID for that mechanism */ -static int -t4_add_NID(char *sn, char *ln) -{ - ASN1_OBJECT *o; - int nid; - - if ((o = ASN1_OBJECT_create(OBJ_new_nid(1), (unsigned char *)"", - 1, sn, ln)) == NULL) { - T4err(T4_F_ADD_NID, T4_R_ASN1_OBJECT_CREATE); - return (0); - } - - /* Will return NID_undef on error */ - nid = OBJ_add_object(o); - ASN1_OBJECT_free(o); - - return (nid); -} - - -/* - * Create new NIDs for AES counter mode. - * OpenSSL doesn't support them now so we have to help ourselves here. - */ -static int -t4_add_aes_ctr_NIDs(void) -{ - /* Are we already set? */ - if (NID_t4_aes_256_ctr != NID_undef) - return (1); - - /* - * There are no official names for AES counter modes yet so we just - * follow the format of those that exist. - */ - - /* Initialize NID_t4_aes_*_ctr and t4_cipher_table[] variables */ - if ((NID_t4_aes_128_ctr = t4_add_NID("AES-128-CTR", "aes-128-ctr")) == - NID_undef) - return (0); - t4_cipher_table[T4_AES_128_CTR].nid = - t4_aes_128_ctr.nid = NID_t4_aes_128_ctr; - - if ((NID_t4_aes_192_ctr = t4_add_NID("AES-192-CTR", "aes-192-ctr")) == - NID_undef) - return (0); - t4_cipher_table[T4_AES_192_CTR].nid = - t4_aes_192_ctr.nid = NID_t4_aes_192_ctr; - - if ((NID_t4_aes_256_ctr = t4_add_NID("AES-256-CTR", "aes-256-ctr")) == - NID_undef) - return (0); - t4_cipher_table[T4_AES_256_CTR].nid = - t4_aes_256_ctr.nid = NID_t4_aes_256_ctr; - - /* Initialize t4_cipher_nids[] */ - for (int i = 0; i < t4_cipher_count; ++i) { - if (t4_cipher_nids[i] == NID_undef) { /* found */ - t4_cipher_nids[i] = NID_t4_aes_128_ctr; - t4_cipher_nids[++i] = NID_t4_aes_192_ctr; - t4_cipher_nids[++i] = NID_t4_aes_256_ctr; - break; - } - } - - return (1); -} - - -static void -t4_free_aes_ctr_NIDs(void) -{ - ASN1_OBJECT *o = NULL; - - /* Clear entries in t4_cipher_nids[] */ - for (int i = 0; i < t4_cipher_count; ++i) { - if (t4_cipher_nids[i] == NID_t4_aes_128_ctr) { - t4_cipher_nids[i] = NID_undef; - } else if (t4_cipher_nids[i] == NID_t4_aes_192_ctr) { - t4_cipher_nids[i] = NID_undef; - } else if (t4_cipher_nids[i] == NID_t4_aes_256_ctr) { - t4_cipher_nids[i] = NID_undef; - } - } - - /* Clear NID_t4_aes_*_ctr and t4_cipher_table[] variables */ - if (NID_t4_aes_128_ctr != NID_undef) { - o = OBJ_nid2obj(NID_t4_aes_128_ctr); - if (o != NULL) - ASN1_OBJECT_free(o); - NID_t4_aes_128_ctr = NID_undef; - t4_cipher_table[T4_AES_128_CTR].nid = - t4_aes_128_ctr.nid = NID_undef; - } - - if (NID_t4_aes_192_ctr != NID_undef) { - o = OBJ_nid2obj(NID_t4_aes_192_ctr); - if (o != NULL) - ASN1_OBJECT_free(o); - NID_t4_aes_192_ctr = NID_undef; - t4_cipher_table[T4_AES_192_CTR].nid = - t4_aes_192_ctr.nid = NID_undef; - } - - if (NID_t4_aes_256_ctr != NID_undef) { - o = OBJ_nid2obj(NID_t4_aes_256_ctr); - if (o != NULL) - ASN1_OBJECT_free(o); - NID_t4_aes_256_ctr = NID_undef; - t4_cipher_table[T4_AES_256_CTR].nid = - t4_aes_256_ctr.nid = NID_undef; - } -} -#endif /* !SOLARIS_NO_AES_CTR */ - - -/* - * Cipher functions - */ - - -/* - * Registered by the ENGINE with ENGINE_set_ciphers(). - * Finds out how to deal with a particular cipher NID in the ENGINE. - */ -/* ARGSUSED */ -static int -t4_get_all_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid) -{ - if (cipher == NULL) { /* return a list of all supported ciphers */ - *nids = (t4_cipher_count > 0) ? t4_cipher_nids : NULL; - return (t4_cipher_count); - } - - switch (nid) { - case NID_aes_128_cbc: - *cipher = &t4_aes_128_cbc; - break; - case NID_aes_192_cbc: - *cipher = &t4_aes_192_cbc; - break; - case NID_aes_256_cbc: - *cipher = &t4_aes_256_cbc; - break; - case NID_aes_128_ecb: - *cipher = &t4_aes_128_ecb; - break; - case NID_aes_192_ecb: - *cipher = &t4_aes_192_ecb; - break; - case NID_aes_256_ecb: - *cipher = &t4_aes_256_ecb; - break; -#ifndef SOLARIS_NO_AES_CFB128 - case NID_aes_128_cfb128: - *cipher = &t4_aes_128_cfb128; - break; - case NID_aes_192_cfb128: - *cipher = &t4_aes_192_cfb128; - break; - case NID_aes_256_cfb128: - *cipher = &t4_aes_256_cfb128; - break; -#endif /* !SOLARIS_NO_AES_CFB128 */ -#ifndef OPENSSL_NO_DES - case NID_des_cbc: - *cipher = &t4_des_cbc; - break; - case NID_des_ede3_cbc: - *cipher = &t4_des3_cbc; - break; - case NID_des_ecb: - *cipher = &t4_des_ecb; - break; - case NID_des_ede3_ecb: - *cipher = &t4_des3_ecb; - break; -#endif /* !OPENSSL_NO_DES */ - - default: -#ifndef SOLARIS_NO_AES_CTR - /* These NIDs cannot be const, so must be tested with "if" */ - if (nid == NID_t4_aes_128_ctr) { - *cipher = &t4_aes_128_ctr; - break; - } else if (nid == NID_t4_aes_192_ctr) { - *cipher = &t4_aes_192_ctr; - break; - } else if (nid == NID_t4_aes_256_ctr) { - *cipher = &t4_aes_256_ctr; - break; - } else -#endif /* !SOLARIS_NO_AES_CTR */ - { - /* cipher not supported */ - *cipher = NULL; - return (0); - } - } - - return (1); -} - - -/* Called by t4_cipher_init_aes() */ -static t4_cipher_id -get_cipher_index_by_nid(int nid) -{ - t4_cipher_id i; - - for (i = (t4_cipher_id)0; i < T4_CIPHER_MAX; ++i) - if (t4_cipher_table[i].nid == nid) - return (i); - return (T4_CIPHER_MAX); -} - - -/* ARGSUSED2 */ -static int -t4_cipher_init_aes(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - t4_cipher_ctx_t *tctx = ctx->cipher_data; - uint64_t *t4_ks = tctx->t4_ks; - t4_cipher_t *t4_cipher; - t4_cipher_id index; - int key_len = ctx->key_len; - uint64_t aligned_key_buffer[4]; /* 16, 24, or 32 bytes long */ - uint64_t *aligned_key; - - if (key == NULL) { - T4err(T4_F_CIPHER_INIT_AES, T4_R_CIPHER_KEY); - return (0); - } - - /* Get the cipher entry index in t4_cipher_table from nid */ - index = get_cipher_index_by_nid(ctx->cipher->nid); - if (index >= T4_CIPHER_MAX) { - T4err(T4_F_CIPHER_INIT_AES, T4_R_CIPHER_NID); - return (0); /* Error */ - } - t4_cipher = &t4_cipher_table[index]; - - /* Check key size and iv size */ - if (ctx->cipher->iv_len < t4_cipher->iv_len) { - T4err(T4_F_CIPHER_INIT_AES, T4_R_IV_LEN_INCORRECT); - return (0); /* Error */ - } - if ((key_len < t4_cipher->min_key_len) || - (key_len > t4_cipher->max_key_len)) { - T4err(T4_F_CIPHER_INIT_AES, T4_R_KEY_LEN_INCORRECT); - return (0); /* Error */ - } - - /* Set cipher flags, if any */ - ctx->flags |= t4_cipher->flags; - - /* Align the key */ - if (((unsigned long)key & 0x7) == 0) /* already aligned */ - aligned_key = (uint64_t *)key; - else { /* key is not 8-byte aligned */ -#ifdef DEBUG_T4 - (void) fprintf(stderr, "T4: key is not 8 byte aligned\n"); -#endif - (void) memcpy(aligned_key_buffer, key, key_len); - aligned_key = aligned_key_buffer; - } - - - /* - * Expand the key schedule. - * Copy original key to start of t4_ks key schedule. Note that the - * encryption and decryption key schedule are the same for T4. - */ - switch (key_len) { - case 16: - t4_aes_expand128(&t4_ks[2], - (const uint32_t *)aligned_key); - t4_ks[0] = aligned_key[0]; - t4_ks[1] = aligned_key[1]; - break; - case 24: - t4_aes_expand192(&t4_ks[3], - (const uint32_t *)aligned_key); - t4_ks[0] = aligned_key[0]; - t4_ks[1] = aligned_key[1]; - t4_ks[2] = aligned_key[2]; - break; - case 32: - t4_aes_expand256(&t4_ks[4], - (const uint32_t *)aligned_key); - t4_ks[0] = aligned_key[0]; - t4_ks[1] = aligned_key[1]; - t4_ks[2] = aligned_key[2]; - t4_ks[3] = aligned_key[3]; - break; - default: - T4err(T4_F_CIPHER_INIT_AES, T4_R_CIPHER_KEY); - return (0); - } - - /* Save index to cipher */ - tctx->index = index; - - /* Align IV, if needed */ - if (t4_cipher->iv_len <= 0) { /* no IV (such as with ECB mode) */ - tctx->iv = NULL; - } else if (((unsigned long)ctx->iv & 0x7) == 0) { /* already aligned */ - tctx->iv = (uint64_t *)ctx->iv; - } else { - /* IV is not 8 byte aligned */ - (void) memcpy(tctx->aligned_iv_buffer, ctx->iv, - ctx->cipher->iv_len); - tctx->iv = tctx->aligned_iv_buffer; -#ifdef DEBUG_T4 - (void) fprintf(stderr, - "t4_cipher_init_aes: IV is not 8 byte aligned\n"); - (void) fprintf(stderr, - "t4_cipher_init_aes: ctx->cipher->iv_len =%d\n", - ctx->cipher->iv_len); - (void) fprintf(stderr, "t4_cipher_init_aes: after " - "re-alignment, tctx->iv = %p\n", (void *)tctx->iv); -#endif /* DEBUG_T4 */ - } - - return (1); -} - - -/* - * ENCRYPT_UPDATE or DECRYPT_UPDATE - */ -#define T4_CIPHER_DO_AES(t4_cipher_do_aes, t4_aes_load_keys_for_encrypt, \ - t4_aes_encrypt, t4_aes_load_keys_for_decrypt, t4_aes_decrypt, iv) \ -static int \ -t4_cipher_do_aes(EVP_CIPHER_CTX *ctx, unsigned char *out, \ - const unsigned char *in, size_t inl) \ -{ \ - t4_cipher_ctx_t *tctx = ctx->cipher_data; \ - uint64_t *t4_ks = tctx->t4_ks; \ - unsigned long outl = inl; \ - unsigned char *bufin_alloc = NULL, *bufout_alloc = NULL; \ - unsigned char *bufin, *bufout; \ - \ - /* "in" and "out" must be 8 byte aligned */ \ - if (((unsigned long)in & 0x7) == 0) { /* already aligned */ \ - bufin = (unsigned char *)in; \ - } else { /* "in" is not 8 byte aligned */ \ - if (((unsigned long)out & 0x7) == 0) { /* aligned */ \ - /* use output buffer for input */ \ - bufin = out; \ - } else { \ - bufin = bufin_alloc = OPENSSL_malloc(inl); \ - if (bufin_alloc == NULL) \ - return (0); /* error */ \ - } \ - (void) memcpy(bufin, in, inl); \ - } \ - \ - if (((unsigned long)out & 0x7) == 0) { /* already aligned */ \ - bufout = out; \ - } else { /* "out" is not 8 byte aligned */ \ - if (bufin_alloc != NULL) { \ - /* use allocated input buffer for output */ \ - bufout = bufin_alloc; \ - } else { \ - bufout = bufout_alloc = OPENSSL_malloc(outl); \ - if (bufout_alloc == NULL) { \ - OPENSSL_free(bufin_alloc); \ - return (0); /* error */ \ - } \ - } \ - } \ - \ - /* Data length must be an even multiple of block size. */ \ - if ((inl & 0xf) != 0) { \ - OPENSSL_free(bufout_alloc); \ - OPENSSL_free(bufin_alloc); \ - T4err(T4_F_CIPHER_DO_AES, T4_R_NOT_BLOCKSIZE_LENGTH); \ - return (0); \ - } \ - \ - if (ctx->encrypt) { \ - t4_aes_load_keys_for_encrypt(t4_ks); \ - t4_aes_encrypt(t4_ks, (uint64_t *)bufin, \ - (uint64_t *)bufout, (size_t)inl, iv); \ - } else { /* decrypt */ \ - t4_aes_load_keys_for_decrypt(t4_ks); \ - t4_aes_decrypt(t4_ks, (uint64_t *)bufin, \ - (uint64_t *)bufout, (size_t)inl, iv); \ - } \ - \ - /* Cleanup */ \ - if (bufin_alloc != NULL) { \ - if (bufout == bufin_alloc) \ - (void) memcpy(out, bufout, outl); \ - OPENSSL_free(bufin_alloc); \ - } \ - if (bufout_alloc != NULL) { \ - (void) memcpy(out, bufout_alloc, outl); \ - OPENSSL_free(bufout_alloc); \ - } \ - \ - return (1); \ -} - - -/* AES CBC mode. */ -T4_CIPHER_DO_AES(t4_cipher_do_aes_128_cbc, - t4_aes128_load_keys_for_encrypt, t4_aes128_cbc_encrypt, - t4_aes128_load_keys_for_decrypt, t4_aes128_cbc_decrypt, tctx->iv) -T4_CIPHER_DO_AES(t4_cipher_do_aes_192_cbc, - t4_aes192_load_keys_for_encrypt, t4_aes192_cbc_encrypt, - t4_aes192_load_keys_for_decrypt, t4_aes192_cbc_decrypt, tctx->iv) -T4_CIPHER_DO_AES(t4_cipher_do_aes_256_cbc, - t4_aes256_load_keys_for_encrypt, t4_aes256_cbc_encrypt, - t4_aes256_load_keys_for_decrypt, t4_aes256_cbc_decrypt, tctx->iv) - -/* - * AES CFB128 mode. - * CFB128 decrypt uses load_keys_for_encrypt() as the mode uses - * the raw AES encrypt operation for the decryption, too. - */ -#ifndef SOLARIS_NO_AES_CFB128 -T4_CIPHER_DO_AES(t4_cipher_do_aes_128_cfb128, - t4_aes128_load_keys_for_encrypt, t4_aes128_cfb128_encrypt, - t4_aes128_load_keys_for_encrypt, t4_aes128_cfb128_decrypt, tctx->iv) -T4_CIPHER_DO_AES(t4_cipher_do_aes_192_cfb128, - t4_aes192_load_keys_for_encrypt, t4_aes192_cfb128_encrypt, - t4_aes192_load_keys_for_encrypt, t4_aes192_cfb128_decrypt, tctx->iv) -T4_CIPHER_DO_AES(t4_cipher_do_aes_256_cfb128, - t4_aes256_load_keys_for_encrypt, t4_aes256_cfb128_encrypt, - t4_aes256_load_keys_for_encrypt, t4_aes256_cfb128_decrypt, tctx->iv) -#endif /* !SOLARIS_NO_AES_CFB128 */ - -/* AES CTR mode. */ -#ifndef SOLARIS_NO_AES_CTR -T4_CIPHER_DO_AES(t4_cipher_do_aes_128_ctr, - t4_aes128_load_keys_for_encrypt, t4_aes128_ctr_crypt, - t4_aes128_load_keys_for_decrypt, t4_aes128_ctr_crypt, tctx->iv) -T4_CIPHER_DO_AES(t4_cipher_do_aes_192_ctr, - t4_aes192_load_keys_for_encrypt, t4_aes192_ctr_crypt, - t4_aes192_load_keys_for_decrypt, t4_aes192_ctr_crypt, tctx->iv) -T4_CIPHER_DO_AES(t4_cipher_do_aes_256_ctr, - t4_aes256_load_keys_for_encrypt, t4_aes256_ctr_crypt, - t4_aes256_load_keys_for_decrypt, t4_aes256_ctr_crypt, tctx->iv) -#endif /* !SOLARIS_NO_AES_CTR */ - -/* AES ECB mode. */ -T4_CIPHER_DO_AES(t4_cipher_do_aes_128_ecb, - t4_aes128_load_keys_for_encrypt, t4_aes128_ecb_encrypt, - t4_aes128_load_keys_for_decrypt, t4_aes128_ecb_decrypt, NULL) -T4_CIPHER_DO_AES(t4_cipher_do_aes_192_ecb, - t4_aes192_load_keys_for_encrypt, t4_aes192_ecb_encrypt, - t4_aes192_load_keys_for_decrypt, t4_aes192_ecb_decrypt, NULL) -T4_CIPHER_DO_AES(t4_cipher_do_aes_256_ecb, - t4_aes256_load_keys_for_encrypt, t4_aes256_ecb_encrypt, - t4_aes256_load_keys_for_decrypt, t4_aes256_ecb_decrypt, NULL) - - -/* - * Is the t4 engine available? - * Passed to ENGINE_set_init_function(). - */ -/* ARGSUSED */ -static int -t4_init(ENGINE *e) -{ - return (1); -} - - -/* Passed to ENGINE_set_destroy_function(). */ -/* ARGSUSED */ -static int -t4_destroy(ENGINE *e) -{ - T4_FREE_AES_CTR_NIDS; - ERR_unload_t4_strings(); - return (1); -} - - -/* - * Called by t4_bind_helper(). - * Note: too early to use T4err() functions on errors. - */ -/* ARGSUSED */ -static int -t4_bind(ENGINE *e) -{ - _Bool aes_engage, digest_engage, des_engage, montmul_engage; - - t4_instructions_present(&aes_engage, &des_engage, &digest_engage, - &montmul_engage); -#ifdef DEBUG_T4 - (void) fprintf(stderr, - "t4_bind: engage aes=%d, des=%d, digest=%d\n", - aes_engage, des_engage, digest_engage); -#endif -#ifndef OPENSSL_NO_DES - if (!des_engage) { /* Remove DES ciphers from list */ - t4_cipher_count -= t4_des_cipher_count; - } -#endif - -#ifndef SOLARIS_NO_AES_CTR - /* - * We must do this before we start working with slots since we need all - * NIDs there. - */ - if (aes_engage) { - if (t4_add_aes_ctr_NIDs() == 0) { - T4_FREE_AES_CTR_NIDS; - return (0); - } - } -#endif /* !SOLARIS_NO_AES_CTR */ - -#ifdef DEBUG_T4 - (void) fprintf(stderr, "t4_cipher_count = %d; t4_cipher_nids[] =\n", - t4_cipher_count); - for (int i = 0; i < t4_cipher_count; ++i) { - (void) fprintf(stderr, " %d", t4_cipher_nids[i]); - } - (void) fprintf(stderr, "\n"); -#endif /* DEBUG_T4 */ - - /* Register T4 engine ID, name, and functions */ - if (!ENGINE_set_id(e, ENGINE_T4_ID) || - !ENGINE_set_name(e, - aes_engage ? ENGINE_T4_NAME: ENGINE_NO_T4_NAME) || - !ENGINE_set_init_function(e, t4_init) || - (aes_engage && !ENGINE_set_ciphers(e, t4_get_all_ciphers)) || - (digest_engage && !ENGINE_set_digests(e, t4_get_all_digests)) || -#ifndef OPENSSL_NO_RSA - (montmul_engage && !ENGINE_set_RSA(e, t4_RSA())) || -#endif /* OPENSSL_NO_RSA */ -#ifndef OPENSSL_NO_DH - (montmul_engage && !ENGINE_set_DH(e, t4_DH())) || -#endif /* OPENSSL_NO_DH */ -#ifndef OPENSSL_NO_DSA - (montmul_engage && !ENGINE_set_DSA(e, t4_DSA())) || -#endif /* OPENSSL_NO_DSA */ - !ENGINE_set_destroy_function(e, t4_destroy)) { - T4_FREE_AES_CTR_NIDS; - return (0); - } - - return (1); -} - - -/* - * Called by ENGINE_load_t4(). - * Note: too early to use T4err() functions on errors. - */ -static int -t4_bind_helper(ENGINE *e, const char *id) -{ - if (id != NULL && (strcmp(id, ENGINE_T4_ID) != 0)) { - (void) fprintf(stderr, "T4: bad t4 engine ID\n"); - return (0); - } - if (!t4_bind(e)) { - (void) fprintf(stderr, - "T4: failed to bind t4 engine\n"); - return (0); - } - - return (1); -} - - -#ifdef DYNAMIC_ENGINE -IMPLEMENT_DYNAMIC_CHECK_FN() -IMPLEMENT_DYNAMIC_BIND_FN(t4_bind_helper) -#endif /* DYNAMIC_ENGINE */ -#endif /* COMPILE_HW_T4 */ -#endif /* !OPENSSL_NO_HW && !OPENSSL_NO_HW_AES_T4 && !OPENSSL_NO_AES */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/engines/t4/eng_t4_aes_asm.h --- a/components/openssl/openssl-1.0.0/engines/t4/eng_t4_aes_asm.h Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,147 +0,0 @@ -/* - * This product includes cryptographic software developed by the OpenSSL - * Project for use in the OpenSSL Toolkit (http://www.openssl.org/). - */ - -/* - * ==================================================================== - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -/* - * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. - */ - -#ifndef ENG_T4_AES_ASM_H -#define ENG_T4_AES_ASM_H - -/* - * SPARC AES assembly language functions. - * - * Based on Solaris file aes_impl.h. - */ - -#ifdef __cplusplus -extern "C" { -#endif - -#include - -#if (defined(sun4v) || defined(__sparcv9) || defined(__sparcv8plus) || \ - defined(__sparcv8)) && ! defined(OPENSSL_NO_ASM) - -extern void t4_aes_expand128(uint64_t *rk, const uint32_t *key); -extern void t4_aes_expand192(uint64_t *rk, const uint32_t *key); -extern void t4_aes_expand256(uint64_t *rk, const uint32_t *key); -extern void t4_aes_encrypt128(const uint64_t *rk, const uint32_t *pt, - uint32_t *ct); -extern void t4_aes_encrypt192(const uint64_t *rk, const uint32_t *pt, - uint32_t *ct); -extern void t4_aes_encrypt256(const uint64_t *rk, const uint32_t *pt, - uint32_t *ct); -extern void t4_aes_decrypt128(const uint64_t *rk, const uint32_t *ct, - uint32_t *pt); -extern void t4_aes_decrypt192(const uint64_t *rk, const uint32_t *ct, - uint32_t *pt); -extern void t4_aes_decrypt256(const uint64_t *rk, const uint32_t *ct, - uint32_t *pt); -extern void t4_aes128_load_keys_for_encrypt(uint64_t *ks); -extern void t4_aes192_load_keys_for_encrypt(uint64_t *ks); -extern void t4_aes256_load_keys_for_encrypt(uint64_t *ks); -extern void t4_aes128_ecb_encrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_encrypt, uint64_t *dummy); -extern void t4_aes192_ecb_encrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_encrypt, uint64_t *dummy); -extern void t4_aes256_ecb_encrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_encrypt, uint64_t *dummy); -extern void t4_aes128_cbc_encrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_encrypt, uint64_t *iv); -extern void t4_aes192_cbc_encrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_encrypt, uint64_t *iv); -extern void t4_aes256_cbc_encrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_encrypt, uint64_t *iv); -extern void t4_aes128_ctr_crypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_encrypt, uint64_t *iv); -extern void t4_aes192_ctr_crypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_encrypt, uint64_t *iv); -extern void t4_aes256_ctr_crypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_encrypt, uint64_t *iv); -extern void t4_aes128_cfb128_encrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_encrypt, uint64_t *iv); -extern void t4_aes192_cfb128_encrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_encrypt, uint64_t *iv); -extern void t4_aes256_cfb128_encrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_encrypt, uint64_t *iv); -extern void t4_aes128_load_keys_for_decrypt(uint64_t *ks); -extern void t4_aes192_load_keys_for_decrypt(uint64_t *ks); -extern void t4_aes256_load_keys_for_decrypt(uint64_t *ks); -extern void t4_aes128_ecb_decrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_decrypt, uint64_t *dummy); -extern void t4_aes192_ecb_decrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_decrypt, uint64_t *dummy); -extern void t4_aes256_ecb_decrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_decrypt, uint64_t *dummy); -extern void t4_aes128_cbc_decrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_decrypt, uint64_t *iv); -extern void t4_aes192_cbc_decrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_decrypt, uint64_t *iv); -extern void t4_aes256_cbc_decrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_decrypt, uint64_t *iv); -extern void t4_aes128_cfb128_decrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_decrypt, uint64_t *iv); -extern void t4_aes192_cfb128_decrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_decrypt, uint64_t *iv); -extern void t4_aes256_cfb128_decrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_decrypt, uint64_t *iv); - -#endif /* (sun4v||__sparv9||__sparcv8plus||__sparvc8) && !OPENSSL_NO_ASM */ - -#ifdef __cplusplus -} -#endif -#endif /* ENG_T4_AES_ASM_H */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/engines/t4/eng_t4_bignum.h --- a/components/openssl/openssl-1.0.0/engines/t4/eng_t4_bignum.h Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,287 +0,0 @@ -/* - * This product includes cryptographic software developed by the OpenSSL - * Project for use in the OpenSSL Toolkit (http://www.openssl.org/). - */ - -/* - * ==================================================================== - * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -/* - * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. - */ - -/* - * This file is a copy of the ON gate's usr/src/common/bignum/bignum.h file - */ - -#ifndef _BIGNUM_H -#define _BIGNUM_H - -#ifdef __cplusplus -extern "C" { -#endif - -#include - -#if defined(__sparcv9) || defined(__amd64) || defined(__sparc) - /* 64-bit chunk size */ -#ifndef UMUL64 -#define UMUL64 /* 64-bit multiplication results are supported */ -#endif -#else -#define BIGNUM_CHUNK_32 -#endif - - -#define BITSINBYTE 8 - -/* Bignum "digits" (aka "chunks" or "words") are either 32- or 64-bits */ -#ifdef BIGNUM_CHUNK_32 -#define BIG_CHUNK_SIZE 32 -#define BIG_CHUNK_TYPE uint32_t -#define BIG_CHUNK_TYPE_SIGNED int32_t -#define BIG_CHUNK_HIGHBIT 0x80000000 -#define BIG_CHUNK_ALLBITS 0xffffffff -#define BIG_CHUNK_LOWHALFBITS 0xffff -#define BIG_CHUNK_HALF_HIGHBIT 0x8000 - -#else -#define BIG_CHUNK_SIZE 64 -#define BIG_CHUNK_TYPE uint64_t -#define BIG_CHUNK_TYPE_SIGNED int64_t -#define BIG_CHUNK_HIGHBIT 0x8000000000000000ULL -#define BIG_CHUNK_ALLBITS 0xffffffffffffffffULL -#define BIG_CHUNK_LOWHALFBITS 0xffffffffULL -#define BIG_CHUNK_HALF_HIGHBIT 0x80000000ULL -#endif - -#define BITLEN2BIGNUMLEN(x) ((x) > 0 ? \ - ((((x) - 1) / BIG_CHUNK_SIZE) + 1) : 0) -#define CHARLEN2BIGNUMLEN(x) ((x) > 0 ? \ - ((((x) - 1) / sizeof (BIG_CHUNK_TYPE)) + 1) : 0) - -#define BIGNUM_WORDSIZE (BIG_CHUNK_SIZE / BITSINBYTE) /* word size in bytes */ -#define BIG_CHUNKS_FOR_160BITS BITLEN2BIGNUMLEN(160) - - -/* - * leading 0's are permitted - * 0 should be represented by size>=1, size>=len>=1, sign=1, - * value[i]=0 for 0 - -#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_DES_T4) && \ - !defined(OPENSSL_NO_DES) -#include -#include -#include -#include -#include -#include "eng_t4_des_asm.h" - -#include "eng_t4_err.c" - -/* Index for the supported DES ciphers */ -typedef enum { - T4_DES_CBC, - T4_DES3_CBC, - T4_DES_ECB, - T4_DES3_ECB, - T4_DES_MAX -} t4_des_cipher_id; - -/* From Solaris file usr/src/common/crypto/des/des_impl.c */ -typedef struct { - uint64_t ksch_encrypt[16]; - uint64_t ksch_decrypt[16]; -} t4_keysched_t; - -typedef struct { - uint64_t ksch_encrypt[16 * 3]; - uint64_t ksch_decrypt[16 * 3]; -} t4_keysched3_t; - -/* T4 cipher context; must be 8-byte aligned (last field must be uint64_t) */ -typedef struct t4_des_cipher_ctx { - t4_des_cipher_id index; - uint64_t *iv; - uint64_t aligned_iv_buffer; /* use if IV unaligned */ - union { - t4_keysched_t des; - t4_keysched3_t des3; - } ks; -} t4_des_cipher_ctx_t; - -typedef struct t4_cipher { - t4_des_cipher_id id; - int nid; - int iv_len; - int min_key_len; - int max_key_len; -} t4_des_cipher_t; - - -#if (defined(sun4v) || defined(__sparcv9) || defined(__sparcv8plus) || \ - defined(__sparcv8)) && !defined(OPENSSL_NO_ASM) -#define COMPILE_HW_T4 -#endif - -#ifdef COMPILE_HW_T4 -static t4_des_cipher_id get_des_cipher_index_by_nid(int nid); -#pragma inline(get_des_cipher_index_by_nid) - - -/* - * Cipher Table for all supported symmetric ciphers. - * Must be in same order as t4_des_cipher_id. - */ -static t4_des_cipher_t t4_des_cipher_table[] = { - /* ID NID IV min-key max-key */ - {T4_DES_CBC, NID_des_cbc, 8, 8, 8}, - {T4_DES3_CBC, NID_des_ede3_cbc, 8, 24, 24}, - {T4_DES_ECB, NID_des_ecb, 0, 8, 8}, - {T4_DES3_ECB, NID_des_ede3_ecb, 0, 24, 24}, -}; - - -/* Formal declaration for functions in EVP_CIPHER structure */ -static int t4_cipher_init_des(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); - -static int t4_cipher_do_des_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); -static int t4_cipher_do_des3_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); -static int t4_cipher_do_des_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); -static int t4_cipher_do_des3_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, size_t inl); - - -/* - * Cipher Algorithms - * - * OpenSSL's libcrypto EVP stuff. This is how this engine gets wired to EVP. - * EVP_CIPHER is defined in evp.h. To maintain binary compatibility the - * definition cannot be modified. - * Stuff specific to the t4 engine is kept in t4_des_cipher_ctx_t, which is - * pointed to by cipher_data or md_data - * - * Fields: nid, block_size, key_len, iv_len, flags, - * init(), do_cipher(), cleanup(), - * ctx_size, - * set_asn1_parameters(), get_asn1_parameters(), ctrl(), app_data - */ - -const EVP_CIPHER t4_des_cbc = { - NID_des_cbc, - 8, 8, 8, - EVP_CIPH_CBC_MODE, - t4_cipher_init_des, t4_cipher_do_des_cbc, NULL, - sizeof (t4_des_cipher_ctx_t), - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, - NULL, NULL -}; -const EVP_CIPHER t4_des3_cbc = { - NID_des_ede3_cbc, - 8, 24, 8, - EVP_CIPH_CBC_MODE, - t4_cipher_init_des, t4_cipher_do_des3_cbc, NULL, - sizeof (t4_des_cipher_ctx_t), - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, - NULL, NULL -}; - -/* - * ECB modes don't use an Initial Vector, so that's why set_asn1_parameters, - * get_asn1_parameters, and cleanup fields are set to NULL. - */ -const EVP_CIPHER t4_des_ecb = { - NID_des_ecb, - 8, 8, 8, - EVP_CIPH_ECB_MODE, - t4_cipher_init_des, t4_cipher_do_des_ecb, NULL, - sizeof (t4_des_cipher_ctx_t), - NULL, NULL, NULL, NULL -}; -const EVP_CIPHER t4_des3_ecb = { - NID_des_ede3_ecb, - 8, 24, 8, - EVP_CIPH_ECB_MODE, - t4_cipher_init_des, t4_cipher_do_des3_ecb, NULL, - sizeof (t4_des_cipher_ctx_t), - NULL, NULL, NULL, NULL -}; - - -/* - * DES Cipher functions - */ - -/* Called by t4_cipher_init_des() */ -static t4_des_cipher_id -get_des_cipher_index_by_nid(int nid) -{ - t4_des_cipher_id i; - - for (i = (t4_des_cipher_id)0; i < T4_DES_MAX; ++i) - if (t4_des_cipher_table[i].nid == nid) - return (i); - return (T4_DES_MAX); -} - - -/* - * Initialize encryption and decryption key schedules for DES or DES3. - * Called by t4_cipher_init_des(). - * - * Modified from Solaris DES function des_init_keysched(). - */ -static int -t4_des_init_keysched(const unsigned char *cipherKey, - unsigned int keysize, void *ks) -{ - uint64_t *encryption_ks, *decryption_ks; - uint64_t keysched[16 * 3]; /* 128 or 384 bytes for DES or DES3 */ - uint64_t key_uint64[3]; /* 8 or 24 bytes for DES or DES3 */ - uint64_t *aligned_key; - uint64_t tmp; - uint_t i, j; - - switch (keysize) { - case 8: /* DES */ - encryption_ks = ((t4_keysched_t *)ks)->ksch_encrypt; - decryption_ks = ((t4_keysched_t *)ks)->ksch_decrypt; - break; - case 24: /* DES3 */ - encryption_ks = ((t4_keysched3_t *)ks)->ksch_encrypt; - decryption_ks = ((t4_keysched3_t *)ks)->ksch_decrypt; - break; - default: - T4err(T4_F_CIPHER_INIT_DES, T4_R_CIPHER_KEY); - return (0); - } - - /* Align key, if needed */ - if (((unsigned long)cipherKey & 0x7) == 0) { /* aligned */ - /* LINTED: pointer alignment */ - aligned_key = (uint64_t *)cipherKey; - } else { /* unaligned--copy byte-by-byte */ - for (i = 0, j = 0; j < keysize; ++i, j += 8) { - key_uint64[i] = (((uint64_t)cipherKey[j] << 56) | - ((uint64_t)cipherKey[j + 1] << 48) | - ((uint64_t)cipherKey[j + 2] << 40) | - ((uint64_t)cipherKey[j + 3] << 32) | - ((uint64_t)cipherKey[j + 4] << 24) | - ((uint64_t)cipherKey[j + 5] << 16) | - ((uint64_t)cipherKey[j + 6] << 8) | - (uint64_t)cipherKey[j + 7]); - } - aligned_key = key_uint64; - } - - /* Expand key schedule */ - switch (keysize) { - case 8: /* DES */ - t4_des_expand(keysched, (const uint32_t *)aligned_key); - break; - - case 24: /* DES3 */ - t4_des_expand(keysched, (const uint32_t *)aligned_key); - t4_des_expand(keysched + 16, - (const uint32_t *)&aligned_key[1]); - for (i = 0; i < 8; ++i) { - tmp = keysched[16 + i]; - keysched[16 + i] = keysched[31 - i]; - keysched[31 - i] = tmp; - } - t4_des_expand(keysched + 32, - (const uint32_t *)&aligned_key[2]); - break; - - default: - T4err(T4_F_CIPHER_INIT_DES, T4_R_CIPHER_KEY); - return (0); - } - - /* Save encryption key schedule */ - memcpy(encryption_ks, keysched, keysize * 16); - - /* Reverse key schedule */ - for (i = 0; i < keysize; ++i) { - tmp = keysched[i]; - keysched[i] = keysched[2 * keysize - 1 - i]; - keysched[2 * keysize -1 -i] = tmp; - } - - /* Save decryption key schedule */ - memcpy(decryption_ks, keysched, keysize * 16); - - return (1); -} - - -/* ARGSUSED2 */ -static int -t4_cipher_init_des(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - t4_des_cipher_ctx_t *tctx = ctx->cipher_data; - uint64_t *encryption_ks, *decryption_ks; - t4_des_cipher_t *t4_cipher; - t4_des_cipher_id index; - unsigned int key_len = ctx->key_len; - uint64_t aligned_key_buffer[3]; /* 8 or 24 bytes long */ - uint64_t *aligned_key; - - if (key == NULL) { - T4err(T4_F_CIPHER_INIT_DES, T4_R_CIPHER_KEY); - return (0); - } - - /* Get the cipher entry index in t4_des_cipher_table from nid */ - index = get_des_cipher_index_by_nid(ctx->cipher->nid); - if (index >= T4_DES_MAX) { - T4err(T4_F_CIPHER_INIT_DES, T4_R_CIPHER_NID); - return (0); /* Error */ - } - t4_cipher = &t4_des_cipher_table[index]; - - /* Check key size and iv size */ - if (ctx->cipher->iv_len < t4_cipher->iv_len) { - T4err(T4_F_CIPHER_INIT_DES, T4_R_IV_LEN_INCORRECT); - return (0); /* Error */ - } - if ((key_len < t4_cipher->min_key_len) || - (key_len > t4_cipher->max_key_len)) { - T4err(T4_F_CIPHER_INIT_DES, T4_R_KEY_LEN_INCORRECT); - return (0); /* Error */ - } - - /* Expand key schedule */ - if (t4_des_init_keysched(key, key_len, &tctx->ks) == 0) - return (0); /* Error */ - - /* Save index to cipher */ - tctx->index = index; - - /* Align IV, if needed */ - if (t4_cipher->iv_len <= 0) { /* no IV (such as with ECB mode) */ - tctx->iv = NULL; - } else if (((unsigned long)ctx->iv & 0x7) == 0) { /* already aligned */ - tctx->iv = (uint64_t *)ctx->iv; - } else { - /* IV is not 8 byte aligned */ - (void) memcpy(&tctx->aligned_iv_buffer, ctx->iv, - ctx->cipher->iv_len); - tctx->iv = &tctx->aligned_iv_buffer; -#ifdef DEBUG_T4 - (void) fprintf(stderr, - "t4_cipher_init_des: IV is not 8 byte aligned\n"); - (void) fprintf(stderr, - "t4_cipher_init_des: ctx->cipher->iv_len =%d\n", - ctx->cipher->iv_len); - (void) fprintf(stderr, "t4_cipher_init_des: after " - "re-alignment, tctx->iv = %p\n", (void *)tctx->iv); -#endif /* DEBUG_T4 */ - } - - return (1); -} - - -/* - * ENCRYPT_UPDATE or DECRYPT_UPDATE - */ -#define T4_CIPHER_DO_DES(t4_cipher_do_des, t4_des_load_keys, \ - t4_des_encrypt, t4_des_decrypt, ksched_encrypt, ksched_decrypt, iv) \ -static int \ -t4_cipher_do_des(EVP_CIPHER_CTX *ctx, unsigned char *out, \ - const unsigned char *in, size_t inl) \ -{ \ - t4_des_cipher_ctx_t *tctx = ctx->cipher_data; \ - unsigned long outl = inl; \ - unsigned char *bufin_alloc = NULL, *bufout_alloc = NULL; \ - unsigned char *bufin, *bufout; \ - \ - /* "in" and "out" must be 8 byte aligned */ \ - if (((unsigned long)in & 0x7) == 0) { /* already aligned */ \ - bufin = (unsigned char *)in; \ - } else { /* "in" is not 8 byte aligned */ \ - if (((unsigned long)out & 0x7) == 0) { /* aligned */ \ - /* use output buffer for input */ \ - bufin = out; \ - } else { \ - bufin = bufin_alloc = OPENSSL_malloc(inl); \ - if (bufin_alloc == NULL) \ - return (0); /* error */ \ - } \ - (void) memcpy(bufin, in, inl); \ - } \ - \ - /* Data length must be an even multiple of block size. */ \ - if ((inl & 0x7) != 0) { \ - OPENSSL_free(bufout_alloc); \ - OPENSSL_free(bufin_alloc); \ - T4err(T4_F_CIPHER_DO_DES, T4_R_NOT_BLOCKSIZE_LENGTH); \ - return (0); \ - } \ - \ - if (((unsigned long)out & 0x7) == 0) { /* already aligned */ \ - bufout = out; \ - } else { /* "out" is not 8 byte aligned */ \ - if (bufin_alloc != NULL) { \ - /* use allocated input buffer for output */ \ - bufout = bufin_alloc; \ - } else { \ - bufout = bufout_alloc = OPENSSL_malloc(outl); \ - if (bufout_alloc == NULL) { \ - OPENSSL_free(bufin_alloc); \ - return (0); /* error */ \ - } \ - } \ - } \ - \ - if (ctx->encrypt) { \ - uint64_t *ksch_encrypt = ksched_encrypt; \ - t4_des_load_keys(ksch_encrypt); \ - t4_des_encrypt(ksch_encrypt, (uint64_t *)bufin, \ - (uint64_t *)bufout, (size_t)inl, iv); \ - } else { /* decrypt */ \ - uint64_t *ksch_decrypt = ksched_decrypt; \ - t4_des_load_keys(ksch_decrypt); \ - t4_des_decrypt(ksch_decrypt, (uint64_t *)bufin, \ - (uint64_t *)bufout, (size_t)inl, iv); \ - } \ - \ - /* Cleanup */ \ - if (bufin_alloc != NULL) { \ - if (bufout == bufin_alloc) \ - (void) memcpy(out, bufout, outl); \ - OPENSSL_free(bufin_alloc); \ - } \ - if (bufout_alloc != NULL) { \ - (void) memcpy(out, bufout_alloc, outl); \ - OPENSSL_free(bufout_alloc); \ - } \ - \ - return (1); \ -} - - -/* DES CBC mode. */ -T4_CIPHER_DO_DES(t4_cipher_do_des_cbc, t4_des_load_keys, - t4_des_cbc_encrypt, t4_des_cbc_decrypt, - tctx->ks.des.ksch_encrypt, tctx->ks.des.ksch_decrypt, tctx->iv) -T4_CIPHER_DO_DES(t4_cipher_do_des3_cbc, t4_des3_load_keys, - t4_des3_cbc_encrypt, t4_des3_cbc_decrypt, - tctx->ks.des3.ksch_encrypt, tctx->ks.des3.ksch_decrypt, tctx->iv) - -/* DES ECB mode. */ -T4_CIPHER_DO_DES(t4_cipher_do_des_ecb, t4_des_load_keys, - t4_des_ecb_crypt, t4_des_ecb_crypt, - tctx->ks.des.ksch_encrypt, tctx->ks.des.ksch_decrypt, NULL) -T4_CIPHER_DO_DES(t4_cipher_do_des3_ecb, t4_des3_load_keys, - t4_des3_ecb_crypt, t4_des3_ecb_crypt, - tctx->ks.des3.ksch_encrypt, tctx->ks.des3.ksch_decrypt, NULL) - - -#endif /* COMPILE_HW_T4 */ -#endif /* !OPENSSL_NO_HW && !OPENSSL_NO_HW_DES_T4 && !OPENSSL_NO_DES */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/engines/t4/eng_t4_des_asm.h --- a/components/openssl/openssl-1.0.0/engines/t4/eng_t4_des_asm.h Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,98 +0,0 @@ -/* - * This product includes cryptographic software developed by the OpenSSL - * Project for use in the OpenSSL Toolkit (http://www.openssl.org/). - */ - -/* - * ==================================================================== - * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -/* - * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. - */ - -#ifndef ENG_T4_DES_ASM_H -#define ENG_T4_DES_ASM_H - -/* SPARC DES assembly language functions. */ - -#ifdef __cplusplus -extern "C" { -#endif - -#include - -#if (defined(sun4v) || defined(__sparcv9) || defined(__sparcv8plus) || \ - defined(__sparcv8)) && ! defined(OPENSSL_NO_ASM) - -extern void t4_des_expand(uint64_t *rk, const uint32_t *key); -extern void t4_des_encrypt(const uint64_t *rk, const uint64_t *pt, - uint64_t *ct); -extern void t4_des_load_keys(uint64_t *ks); -void t4_des_ecb_crypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_crypt, uint64_t *iv); -extern void t4_des_cbc_encrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_crypt, uint64_t *iv); -extern void t4_des_cbc_decrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_crypt, uint64_t *iv); -extern void t4_des3_load_keys(uint64_t *ks); -extern void t4_des3_ecb_crypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_crypt, uint64_t *iv); -extern void t4_des3_cbc_encrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_crypt, uint64_t *iv); -extern void t4_des3_cbc_decrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_crypt, uint64_t *iv); - - -#endif /* (sun4v||__sparv9||__sparcv8plus||__sparvc8) && !OPENSSL_NO_ASM */ - -#ifdef __cplusplus -} -#endif -#endif /* ENG_T4_DES_ASM_H */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/engines/t4/eng_t4_err.c --- a/components/openssl/openssl-1.0.0/engines/t4/eng_t4_err.c Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,157 +0,0 @@ -/* - * This product includes cryptographic software developed by the OpenSSL - * Project for use in the OpenSSL Toolkit (http://www.openssl.org/). - */ - -/* - * ==================================================================== - * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -/* - * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. - */ - -#include -#include "eng_t4_err.h" - -/* BEGIN ERROR CODES */ - -#ifndef OPENSSL_NO_ERR - -#define ERR_FUNC(func) ERR_PACK(0, func, 0) -#define ERR_REASON(reason) ERR_PACK(0, 0, reason) - -static ERR_STRING_DATA t4_str_functs[] = { - {ERR_FUNC(T4_F_INIT), "T4_INIT"}, - {ERR_FUNC(T4_F_DESTROY), "T4_DESTROY"}, - {ERR_FUNC(T4_F_FINISH), "T4_FINISH"}, - {ERR_FUNC(T4_F_CIPHER_INIT_AES), "T4_CIPHER_INIT_AES"}, - {ERR_FUNC(T4_F_ADD_NID), "T4_ADD_NID"}, - {ERR_FUNC(T4_F_GET_ALL_CIPHERS), "T4_GET_ALL_CIPHERS"}, - {ERR_FUNC(T4_F_CIPHER_DO_AES), "T4_CIPHER_DO_AES"}, - {ERR_FUNC(T4_F_CIPHER_CLEANUP), "T4_CIPHER_CLEANUP"}, - {ERR_FUNC(T4_F_CIPHER_INIT_DES), "T4_CIPHER_INIT_DES"}, - {ERR_FUNC(T4_F_CIPHER_DO_DES), "T4_CIPHER_DO_DES"}, - {0, NULL} -}; - -static ERR_STRING_DATA t4_str_reasons[] = { - {ERR_REASON(T4_R_CIPHER_KEY), "invalid cipher key"}, - {ERR_REASON(T4_R_CIPHER_NID), "invalid cipher NID"}, - {ERR_REASON(T4_R_IV_LEN_INCORRECT), "IV length incorrect"}, - {ERR_REASON(T4_R_KEY_LEN_INCORRECT), "key length incorrect"}, - {ERR_REASON(T4_R_ASN1_OBJECT_CREATE), "ASN1_OBJECT_create failed"}, - {ERR_REASON(T4_R_NOT_BLOCKSIZE_LENGTH), "blocksize length not even"}, - {0, NULL} -}; -#endif /* OPENSSL_NO_ERR */ - - -#ifdef T4_LIB_NAME -static ERR_STRING_DATA T4_lib_name[] = { - {0, T4_LIB_NAME}, - {0, NULL} -}; -#endif - -static int t4_error_code = 0; -static int t4_error_init = 1; - - -static void -ERR_load_t4_strings(void) -{ - if (t4_error_code == 0) - t4_error_code = ERR_get_next_error_library(); - - if (t4_error_init != 0) { - t4_error_init = 0; - -#ifndef OPENSSL_NO_ERR - ERR_load_strings(t4_error_code, t4_str_functs); - ERR_load_strings(t4_error_code, t4_str_reasons); -#endif - -#ifdef T4_LIB_NAME - T4_lib_name->error = - ERR_PACK(t4_error_code, 0, 0); - ERR_load_strings(0, T4_lib_name); -#endif - } -} - - -static void -ERR_unload_t4_strings(void) -{ - if (t4_error_init == 0) { -#ifndef OPENSSL_NO_ERR - ERR_unload_strings(t4_error_code, t4_str_functs); - ERR_unload_strings(t4_error_code, t4_str_reasons); -#endif - -#ifdef T4_LIB_NAME - ERR_unload_strings(0, T4_lib_name); -#endif - t4_error_init = 1; - } -} - - -static void -ERR_t4_error(int function, int reason, char *file, int line) -{ - if (t4_error_init != 0) { - ERR_load_t4_strings(); - } - - if (t4_error_code == 0) - t4_error_code = ERR_get_next_error_library(); - ERR_PUT_error(t4_error_code, function, reason, file, line); -} diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/engines/t4/eng_t4_err.h --- a/components/openssl/openssl-1.0.0/engines/t4/eng_t4_err.h Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,97 +0,0 @@ -/* - * This product includes cryptographic software developed by the OpenSSL - * Project for use in the OpenSSL Toolkit (http://www.openssl.org/). - */ - -/* - * ==================================================================== - * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -/* - * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. - */ - -#ifndef ENG_T4_ERR_H -#define ENG_T4_ERR_H - -#ifdef __cplusplus -extern "C" { -#endif - -static void ERR_unload_t4_strings(void); -#pragma inline(ERR_unload_t4_strings) -static void ERR_t4_error(int function, int reason, char *file, int line); - -#define T4err(f, r) ERR_t4_error((f), (r), __FILE__, __LINE__) - -/* Function codes */ -#define T4_F_INIT 100 -#define T4_F_DESTROY 101 -#define T4_F_FINISH 102 -#define T4_F_CIPHER_INIT_AES 103 -#define T4_F_ADD_NID 104 -#define T4_F_GET_ALL_CIPHERS 105 -#define T4_F_CIPHER_DO_AES 106 -#define T4_F_CIPHER_CLEANUP 107 -#define T4_F_CIPHER_INIT_DES 108 -#define T4_F_CIPHER_DO_DES 109 - -/* Reason codes */ -#define T4_R_CIPHER_KEY 100 -#define T4_R_CIPHER_NID 101 -#define T4_R_IV_LEN_INCORRECT 102 -#define T4_R_KEY_LEN_INCORRECT 103 -#define T4_R_ASN1_OBJECT_CREATE 104 -#define T4_R_NOT_BLOCKSIZE_LENGTH 105 - -#ifdef __cplusplus -} -#endif - -#endif /* ENG_T4_ERR_H */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/engines/t4/eng_t4_md5.c --- a/components/openssl/openssl-1.0.0/engines/t4/eng_t4_md5.c Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,200 +0,0 @@ -/* - * This product includes cryptographic software developed by the OpenSSL - * Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This - * product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). - */ - -/* - * ==================================================================== - * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -/* - * Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved. - */ - -/* - * This engine supports SPARC microprocessors that provide AES and other - * cipher and hash instructions, such as the T4 microprocessor. - * - * This file implements the MD5 message digest operations. - */ - -#include - -#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_MD_T4) -#ifndef OPENSSL_NO_MD5 - -#include -#include -#include -#include - -#include -#include -/* - * Solaris sys/md5.h and OpenSSL openssl/md5.h both define MD5_CTX. - * The OpenSSL MD5_CTX has an extra "num" field at the end. - */ -#include - -#if (defined(sun4v) || defined(__sparcv9) || defined(__sparcv8plus) || \ - defined(__sparcv8)) && !defined(OPENSSL_NO_ASM) -#define COMPILE_HW_T4 -#endif - -#ifdef COMPILE_HW_T4 - -/* Assembly language function; replaces C function md5_block_data_order(): */ -extern void t4_md5_multiblock(MD5_CTX *ctx, const uint8_t *input, - unsigned int input_length_in_blocks); - -/* Formal declaration for functions in EVP_MD structure */ -int t4_digest_init_md5(EVP_MD_CTX *ctx); -int t4_digest_update_md5(EVP_MD_CTX *ctx, const void *data, size_t count); -int t4_digest_final_md5(EVP_MD_CTX *ctx, unsigned char *md); -int t4_digest_copy_md5(EVP_MD_CTX *to, const EVP_MD_CTX *from); - - -/* - * MD5 Message Digests - * - * OpenSSL's libcrypto EVP stuff. This is how this engine gets wired to EVP. - * EVP_MD is defined in evp.h. To maintain binary compatibility the - * definition cannot be modified. - * Stuff specific to the t4 engine is kept in t4_cipher_ctx_t, which is - * pointed to by the last field, app_data. - * - * Fields: type, pkey_type, md_size, flags, - * init(), update(), final(), - * copy(), cleanup(), sign(), verify(), - * required_pkey_type, block_size, ctx_size, md5_ctrl() - */ -const EVP_MD t4_md5 = { - NID_md5, NID_md5WithRSAEncryption, MD5_DIGEST_LENGTH, - 0, - t4_digest_init_md5, t4_digest_update_md5, t4_digest_final_md5, - t4_digest_copy_md5, NULL, - EVP_PKEY_RSA_method, MD5_CBLOCK, - sizeof (MD5_CTX), NULL - }; - -/* These functions are implemented in md32_common.h: */ -static int t4_md5_update(MD5_CTX *c, const void *data_, size_t len); -static void t4_md5_transform(MD5_CTX *c, const unsigned char *data); -static int t4_md5_final(unsigned char *md, MD5_CTX *c); -#pragma inline(t4_md5_update, t4_md5_transform, t4_md5_final) - -#define DATA_ORDER_IS_LITTLE_ENDIAN -/* HASH_LONG/MD5_LONG is a 32-bit unsigned: */ -#define HASH_LONG MD5_LONG -#define HASH_CTX MD5_CTX -#define HASH_CBLOCK MD5_CBLOCK -#define HASH_UPDATE t4_md5_update -#define HASH_TRANSFORM t4_md5_transform -#define HASH_FINAL t4_md5_final -#define HASH_BLOCK_DATA_ORDER t4_md5_multiblock -/* Hash is already byte-swapped as Little Endian for SPARC T4: */ -#define HASH_MAKE_STRING(c, s) memcpy((s), (c), MD5_DIGEST_LENGTH); - -/* This defines HASH_UPDATE, HASH_TRANSFORM, HASH_FINAL functions: */ -#include "md32_common.h" - - -/* - * MD5 functions (RFC 1321 The MD5 Message-Digest Algorithm) - */ - -int -t4_digest_init_md5(EVP_MD_CTX *ctx) -{ - MD5_CTX *c = (MD5_CTX *)ctx->md_data; - - /* Optimization: don't call memset(c, 0,...) or initialize c->data[] */ - c->Nl = c->Nh = c->num = 0; - - /* Big Endian for T4 */ - c->A = 0x01234567U; - c->B = 0x89abcdefU; - c->C = 0xfedcba98U; - c->D = 0x76543210U; - - return (1); -} - -/* - * Continue MD5 digest operation, using the message block to update context. - * MD5 crunches in 64-byte blocks. - */ -int -t4_digest_update_md5(EVP_MD_CTX *ctx, const void *data, size_t len) -{ - return (t4_md5_update((MD5_CTX *)ctx->md_data, data, len)); -} - -/* End MD5 digest operation, finalizing message digest and zeroing context. */ -int -t4_digest_final_md5(EVP_MD_CTX *ctx, unsigned char *md) -{ - return (t4_md5_final(md, (MD5_CTX *)ctx->md_data)); -} - -/* Required for Engine API */ -int -t4_digest_copy_md5(EVP_MD_CTX *to, const EVP_MD_CTX *from) -{ - if ((to->md_data != NULL) && (from->md_data != NULL)) { - (void) memcpy(to->md_data, from->md_data, sizeof (MD5_CTX)); - } - return (1); -} - -#endif /* COMPILE_HW_T4 */ -#endif /* !OPENSSL_NO_MD5 */ -#endif /* !OPENSSL_NO_HW && !OPENSSL_NO_HW_MD_T4 */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/engines/t4/eng_t4_montmul.c --- a/components/openssl/openssl-1.0.0/engines/t4/eng_t4_montmul.c Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,459 +0,0 @@ -/* - * This product includes cryptographic software developed by the OpenSSL - * Project for use in the OpenSSL Toolkit (http://www.openssl.org/). - */ - -/* - * ==================================================================== - * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -/* - * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. - */ - -/* - * This engine supports SPARC microprocessors that provide AES and other - * cipher and hash instructions, such as the T4 microprocessor. - * - * This file implements the RSA, DSA, and DH operations. - */ - -#include - -#define BIGNUM SOLARIS_BIGNUM -#include "eng_t4_bignum.h" -#undef BIGNUM - - -#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_MONTMUL_T4) -#include -#include /* getisax() */ -#include /* IS_P2ALIGNED() */ -#include /* htonl() and friends */ -#include -#include -#include -#include - -#ifndef OPENSSL_NO_RSA -#include -#endif /* !OPENSSL_NO_RSA */ - -#ifndef OPENSSL_NO_DSA -#include -#endif /* !OPENSSL_NO_DSA */ - -#ifndef OPENSSL_NO_DH -#include -#endif /* !OPENSSL_NO_DH */ - -#include -#include -#include - -#if (defined(sun4v) || defined(__sparcv9) || defined(__sparcv8plus) || \ - defined(__sparcv8)) && !defined(OPENSSL_NO_ASM) -#define COMPILE_HW_T4 -#endif - -#ifdef COMPILE_HW_T4 - -#if !(defined(OPENSSL_NO_RSA) && defined(OPENSSL_NO_DSA) && \ - defined(OPENSSL_NO_DH)) - - -/* - * Convert OpenSSL's BIGNUM to Solaris's BIGNUM.... - * It assumes that the Solaris BIGNUM has enough space - */ -static void -bn2solbn(const BIGNUM *src, SOLARIS_BIGNUM *dst) -{ - int i, j; - - if (BN_BITS2 < BIG_CHUNK_SIZE) { - for (i = 0, j = 0; i < src->top; i++) { - if ((i & 1) == 0) { - dst->value[j] = src->d[i]; - } else { - dst->value[j] += ((uint64_t)(src->d[i])) << 32; - j++; - } - } - dst->len = (src->top + 1) / 2; - dst->sign = (src->neg == 1) ? -1 : 1; - } else if (BN_BITS2 == BIG_CHUNK_SIZE) { - (void) memcpy(dst->value, src->d, src->top); - dst->len = src->top; - dst->sign = (src->neg == 1) ? -1 : 1; - } else { /* BN_BITS2 > BIG_CHUNK_SIZE */ - for (i = 0, j = 0; i < src->top; i++) { - dst->value[j++] = src->d[i] & 0xffffffffULL; - dst->value[j++] = ((uint64_t)(src->d[i])) >> 32; - } - dst->len = src->top * 2; - if (dst->value[dst->len - 1] == 0) { - dst->len--; - } - dst->sign = (src->neg == 1) ? -1 : 1; - } -} - -/* - * It assumes that OpenSSL's BIGNUM has enough space. - */ -static void -solbn2bn(const SOLARIS_BIGNUM *src, BIGNUM *dst) -{ - int i, j; - - if (BN_BITS2 < BIG_CHUNK_SIZE) { - for (i = 0, j = 0; i < src->len; i++) { - dst->d[j++] = src->value[i] & 0xffffffffULL; - dst->d[j++] = ((uint64_t)(src->value[i])) >> 32; - } - dst->top = src->len * 2; - if (dst->d[dst->top - 1] == 0) { - dst->top--; - } - dst->neg = (src->sign == -1) ? 1 : 0; - } else if (BN_BITS2 == BIG_CHUNK_SIZE) { - (void) memcpy(src->value, dst->d, src->len); - dst->top = src->len; - dst->neg = (src->sign == -1) ? 1 : 0; - } else { /* BN_BITS2 > BIG_CHUNK_SIZE */ - for (i = 0, j = 0; i < src->len; i++) { - if ((i & 1) == 0) { - dst->d[j] = src->value[i]; - } else { - dst->d[j] += ((uint64_t)(src->value[i])) << 32; - j++; - } - } - dst->top = (src->len + 1) / 2; - dst->neg = (src->sign == -1) ? 1 : 0; - } -} - - - -static int -t4_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *m_ctx) -{ - int rv = 0; - SOLARIS_BIGNUM sol_r = {0}; - SOLARIS_BIGNUM sol_a = {0}; - SOLARIS_BIGNUM sol_p = {0}; - SOLARIS_BIGNUM sol_m = {0}; - - if (big_init(&sol_r, (m->top + 3) * BN_BITS2 / BIG_CHUNK_SIZE) != - BIG_OK) { - goto cleanup; - } - if (big_init(&sol_a, (a->top + 1) * BN_BITS2 / BIG_CHUNK_SIZE) != - BIG_OK) { - goto cleanup; - } - if (big_init(&sol_p, (p->top + 1) * BN_BITS2 / BIG_CHUNK_SIZE) != - BIG_OK) { - goto cleanup; - } - if (big_init(&sol_m, (m->top + 1) * BN_BITS2 / BIG_CHUNK_SIZE) != - BIG_OK) { - goto cleanup; - } - - bn2solbn(a, &sol_a); - bn2solbn(p, &sol_p); - bn2solbn(m, &sol_m); - - /* calls libsoftcrypto's big_modexp() routine */ - if (big_modexp(&sol_r, &sol_a, &sol_p, &sol_m, NULL) != BIG_OK) { - goto cleanup; - } - - if (bn_wexpand(r, m->top + 2) == NULL) { - goto cleanup; - } - solbn2bn(&sol_r, r); - - rv = 1; - -cleanup: - - big_finish(&sol_m); - big_finish(&sol_p); - big_finish(&sol_a); - big_finish(&sol_r); - - return (rv); -} - -#endif /* !(OPENSSL_NO_RSA && OPENSSL_NO_DSA) */ - -#ifndef OPENSSL_NO_RSA - -/* Our internal RSA_METHOD that we provide pointers to */ -static RSA_METHOD t4_rsa = -{ - "Oracle T4 RSA method", - NULL, /* rsa_pub_encrypt */ - NULL, /* rsa_pub_decrypt */ - NULL, /* rsa_priv_encrypt */ - NULL, /* rsa_priv_decrypt */ - NULL, /* rsa_mod_exp */ - t4_bn_mod_exp, /* bn_mod_exp */ - NULL, /* init */ - NULL, /* finish */ - RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE | RSA_FLAG_NO_BLINDING, - /* flags */ - NULL, /* app_data */ - NULL, /* rsa_sign */ - NULL, /* rsa_verify */ - /* Internal rsa_keygen will be used if this is NULL. */ - NULL /* rsa_keygen */ -}; - -RSA_METHOD * -t4_RSA(void) -{ - const RSA_METHOD *meth1; - - meth1 = RSA_PKCS1_SSLeay(); - t4_rsa.rsa_pub_enc = meth1->rsa_pub_enc; - t4_rsa.rsa_pub_dec = meth1->rsa_pub_dec; - t4_rsa.rsa_priv_enc = meth1->rsa_priv_enc; - t4_rsa.rsa_priv_dec = meth1->rsa_priv_dec; - t4_rsa.rsa_mod_exp = meth1->rsa_mod_exp; - t4_rsa.finish = meth1->finish; - - return (&t4_rsa); -} - -#endif /* !OPENSSL_NO_RSA */ - - -#ifndef OPENSSL_NO_DSA - -static int -t4_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) -{ - return (t4_bn_mod_exp(r, a, p, m, ctx, m_ctx)); -} - - -static int -t4_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, - BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) -{ - int rv = 0; - SOLARIS_BIGNUM sol_rr = {0}; - SOLARIS_BIGNUM sol_a1 = {0}; - SOLARIS_BIGNUM sol_p1 = {0}; - SOLARIS_BIGNUM sol_a2 = {0}; - SOLARIS_BIGNUM sol_p2 = {0}; - SOLARIS_BIGNUM sol_m = {0}; - SOLARIS_BIGNUM sol_tmp = {0}; - - if (big_init(&sol_rr, (m->top + 3) * BN_BITS2 / BIG_CHUNK_SIZE) != - BIG_OK) { - goto cleanup; - } - if (big_init(&sol_a1, (a1->top + 1) * BN_BITS2 / BIG_CHUNK_SIZE) != - BIG_OK) { - goto cleanup; - } - if (big_init(&sol_p1, (p1->top + 1) * BN_BITS2 / BIG_CHUNK_SIZE) != - BIG_OK) { - goto cleanup; - } - if (big_init(&sol_a2, (a2->top + 1) * BN_BITS2 / BIG_CHUNK_SIZE) != - BIG_OK) { - goto cleanup; - } - if (big_init(&sol_p2, (p2->top + 1) * BN_BITS2 / BIG_CHUNK_SIZE) != - BIG_OK) { - goto cleanup; - } - if (big_init(&sol_m, (m->top + 1) * BN_BITS2 / BIG_CHUNK_SIZE) != - BIG_OK) { - goto cleanup; - } - if (big_init(&sol_tmp, 2 * sol_m.len + 1) != BIG_OK) { - goto cleanup; - } - - if (big_init(&sol_tmp, 2 * sol_m.len + 1) != BIG_OK) { - goto cleanup; - } - - bn2solbn(a1, &sol_a1); - bn2solbn(p1, &sol_p1); - bn2solbn(a2, &sol_a2); - bn2solbn(p2, &sol_p2); - bn2solbn(m, &sol_m); - - - /* calls libsoftcrypto's big_modexp() routine */ - if (big_modexp(&sol_rr, &sol_a1, &sol_p1, &sol_m, NULL) != - BIG_OK) { - goto cleanup; - } - - if (big_modexp(&sol_tmp, &sol_a2, &sol_p2, &sol_m, NULL) != - BIG_OK) { - goto cleanup; - } - - if (big_mul(&sol_tmp, &sol_rr, &sol_tmp) != BIG_OK) { - goto cleanup; - } - - if (big_div_pos(NULL, &sol_rr, &sol_tmp, &sol_m) != BIG_OK) { - goto cleanup; - } - - if (bn_wexpand(rr, m->top + 2) == NULL) { - goto cleanup; - } - solbn2bn(&sol_rr, rr); - - rv = 1; - -cleanup: - - big_finish(&sol_tmp); - big_finish(&sol_m); - big_finish(&sol_p2); - big_finish(&sol_a2); - big_finish(&sol_p1); - big_finish(&sol_a1); - big_finish(&sol_rr); - - return (rv); -} - -/* Our internal DSA_METHOD that we provide pointers to */ -static DSA_METHOD t4_dsa = -{ - "Oracle T4 DSA method", /* name */ - NULL, /* dsa_do_sign */ - NULL, /* dsa_sign_setup */ - NULL, /* dsa_do_verify */ - t4_dsa_mod_exp, /* dsa_mod_exp, */ - t4_dsa_bn_mod_exp, /* bn_mod_exp, */ - NULL, /* init */ - NULL, /* finish */ - NULL, /* flags */ - NULL, /* app_data */ - NULL, /* dsa_paramgen */ - NULL /* dsa_keygen */ -}; - -DSA_METHOD * -t4_DSA(void) -{ - const DSA_METHOD *meth1; - - meth1 = DSA_OpenSSL(); - t4_dsa.dsa_do_sign = meth1->dsa_do_sign; - t4_dsa.dsa_sign_setup = meth1->dsa_sign_setup; - t4_dsa.dsa_do_verify = meth1->dsa_do_verify; - t4_dsa.finish = meth1->finish; - - return (&t4_dsa); -} - -#endif /* !OPENSSL_NO_DSA */ - - -#ifndef OPENSSL_NO_DH - -static int -t4_dh_bn_mod_exp(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) -{ - return (t4_bn_mod_exp(r, a, p, m, ctx, m_ctx)); -} - - - -/* Our internal DH_METHOD that we provide pointers to */ -static DH_METHOD t4_dh = -{ - "Oracle T4 DH method", /* name */ - NULL, /* generate_key */ - NULL, /* compute_key */ - t4_dh_bn_mod_exp, /* bn_mod_exp, */ - NULL, /* init */ - NULL, /* finish */ - NULL, /* flags */ - NULL /* app_data */ -}; - -DH_METHOD * -t4_DH(void) -{ - const DH_METHOD *meth1; - - meth1 = DH_OpenSSL(); - t4_dh.generate_key = meth1->generate_key; - t4_dh.compute_key = meth1->compute_key; - t4_dh.finish = meth1->finish; - - return (&t4_dh); -} - -#endif /* !OPENSSL_NO_DH */ - -#endif /* COMPILE_HW_T4 */ - -#endif /* !OPENSSL_NO_HW && !OPENSSL_NO_HW_MONTMUL_T4 */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/engines/t4/eng_t4_sha1.c --- a/components/openssl/openssl-1.0.0/engines/t4/eng_t4_sha1.c Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,197 +0,0 @@ -/* - * This product includes cryptographic software developed by the OpenSSL - * Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This - * product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). - */ - -/* - * ==================================================================== - * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -/* - * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. - */ - -/* - * This engine supports SPARC microprocessors that provide AES and other - * cipher and hash instructions, such as the T4 microprocessor. - * - * This file implements the SHA-1 message digest operations. - */ - -#include - -#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_MD_T4) -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) -#include -#include -#include -#include - -/* - * For SHA1, OpenSSL SHA_CTX has an extra num field at the end, - * while the Solaris SHA1_CTX does not have this field. - */ -#include -#include - -#if (defined(sun4v) || defined(__sparcv9) || defined(__sparcv8plus) || \ - defined(__sparcv8)) && !defined(OPENSSL_NO_ASM) -#define COMPILE_HW_T4 -#endif - -#ifdef COMPILE_HW_T4 - -/* Assembly language function; replaces C function sha1_block_data_order(): */ -extern void t4_sha1_multiblock(SHA_CTX *ctx, const void *input, size_t num); - -/* Formal declaration for functions in EVP_MD structure */ -static int t4_digest_init_sha1(EVP_MD_CTX *ctx); -static int t4_digest_update_sha1(EVP_MD_CTX *ctx, const void *data, - size_t len); -static int t4_digest_final_sha1(EVP_MD_CTX *ctx, unsigned char *md); -static int t4_digest_copy_sha1(EVP_MD_CTX *to, const EVP_MD_CTX *from); - -/* - * OpenSSL's libcrypto EVP stuff. This is how this engine gets wired to EVP. - * EVP_MD is defined in evp.h. To maintain binary compatibility the - * definition cannot be modified. - * Stuff specific to the t4 engine is kept in t4_cipher_ctx_t, which is - * pointed to by the last field, app_data. - * - * Fields: type, pkey_type, md_size, flags, - * init(), update(), final(), - * copy(), cleanup(), sign(), verify(), - * required_pkey_type, block_size, ctx_size, md5_ctrl() - */ -const EVP_MD t4_sha1 = { - NID_sha1, NID_sha1WithRSAEncryption, SHA_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, - t4_digest_init_sha1, t4_digest_update_sha1, t4_digest_final_sha1, - t4_digest_copy_sha1, NULL, - EVP_PKEY_RSA_method, SHA_CBLOCK, - sizeof (SHA_CTX), NULL - }; - -/* These functions are defined in md32_common.h: */ -static int t4_sha1_update(SHA_CTX *c, const void *data_, size_t len); -static void t4_sha1_transform(SHA_CTX *c, const unsigned char *data); -static int t4_sha1_final(unsigned char *md, SHA_CTX *c); -#pragma inline(t4_sha1_update, t4_sha1_transform, t4_sha1_final) - -#define DATA_ORDER_IS_BIG_ENDIAN -/* HASH_LONG/SHA_LONG is unsigned int (32 bits): */ -#define HASH_LONG SHA_LONG -#define HASH_CTX SHA_CTX -#define HASH_CBLOCK SHA_CBLOCK -#define HASH_UPDATE t4_sha1_update -#define HASH_TRANSFORM t4_sha1_transform -#define HASH_FINAL t4_sha1_final -#define HASH_BLOCK_DATA_ORDER t4_sha1_multiblock -#define HASH_MAKE_STRING(c, s) do { \ - unsigned int ll; \ - ll = (c)->h0; HOST_l2c(ll, (s)); \ - ll = (c)->h1; HOST_l2c(ll, (s)); \ - ll = (c)->h2; HOST_l2c(ll, (s)); \ - ll = (c)->h3; HOST_l2c(ll, (s)); \ - ll = (c)->h4; HOST_l2c(ll, (s)); \ - } while (0) - -/* This defines HASH_UPDATE, HASH_TRANSFORM, HASH_FINAL functions: */ -#include "md32_common.h" - - -/* - * SHA-1 functions (FIPS 180-1 Secure Hash Standard) - */ - -static int -t4_digest_init_sha1(EVP_MD_CTX *ctx) -{ - SHA_CTX *c = (SHA_CTX *)ctx->md_data; - - /* Optimization: don't call memset(c, 0,...) or initialize c->data[] */ - c->Nl = c->Nh = c->num = 0; - c->h0 = 0x67452301U; - c->h1 = 0xefcdab89U; - c->h2 = 0x98badcfeU; - c->h3 = 0x10325476U; - c->h4 = 0xc3d2e1f0U; - - return (1); -} - -/* Continue SHA1 digest operation, using the message block to update context. */ -static int -t4_digest_update_sha1(EVP_MD_CTX *ctx, const void *data, size_t len) -{ - return (t4_sha1_update((SHA_CTX *)ctx->md_data, data, len)); -} - -/* End SHA1 digest operation, finalizing message digest and zeroing context. */ -static int -t4_digest_final_sha1(EVP_MD_CTX *ctx, unsigned char *md) -{ - return (t4_sha1_final(md, (SHA_CTX *)ctx->md_data)); -} - -/* Required for Engine API */ -static int -t4_digest_copy_sha1(EVP_MD_CTX *to, const EVP_MD_CTX *from) -{ - if ((to->md_data != NULL) && (from->md_data != NULL)) { - (void) memcpy(to->md_data, from->md_data, sizeof (SHA_CTX)); - } - return (1); -} - -#endif /* COMPILE_HW_T4 */ -#endif /* !OPENSSL_NO_SHA && !OPENSSL_NO_SHA1 */ -#endif /* !OPENSSL_NO_HW && !OPENSSL_NO_HW_MD_T4 */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/engines/t4/eng_t4_sha256.c --- a/components/openssl/openssl-1.0.0/engines/t4/eng_t4_sha256.c Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,246 +0,0 @@ -/* - * This product includes cryptographic software developed by the OpenSSL - * Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This - * product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). - */ - -/* - * ==================================================================== - * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -/* - * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. - */ - -/* - * This engine supports SPARC microprocessors that provide AES and other - * cipher and hash instructions, such as the T4 microprocessor. - * - * This file implements the SHA-256 message digest operations. - */ - -#include - -#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_MD_T4) -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256) -#include -#include -#include -#include -#include -/* - * Solaris sys/sha2.h and OpenSSL openssl/sha.h both define - * SHA256_CTX, SHA512_CTX, SHA256, SHA384, and SHA512. - * For SHA2, OpenSSL SHA256_CTX has extra num and md_len fields at - * the end and Solaris SHA2_CTX has an extra algotype field at the beginning. - */ -#include "eng_t4_sha2_asm.h" - -#if (defined(sun4v) || defined(__sparcv9) || defined(__sparcv8plus) || \ - defined(__sparcv8)) && !defined(OPENSSL_NO_ASM) -#define COMPILE_HW_T4 -#endif - -#ifdef COMPILE_HW_T4 - -/* Formal declaration for functions in EVP_MD structure */ -static int t4_digest_init_sha256(EVP_MD_CTX *ctx); -static int t4_digest_init_sha224(EVP_MD_CTX *ctx); -static int t4_digest_update_sha256(EVP_MD_CTX *ctx, const void *data, - size_t len); -static int t4_digest_final_sha256(EVP_MD_CTX *ctx, unsigned char *md); -static int t4_digest_copy_sha256(EVP_MD_CTX *to, const EVP_MD_CTX *from); - - -/* - * OpenSSL's libcrypto EVP stuff. This is how this engine gets wired to EVP. - * EVP_MD is defined in evp.h. To maintain binary compatibility the - * definition cannot be modified. - * Stuff specific to the t4 engine is kept in t4_cipher_ctx_t, which is - * pointed to by the last field, app_data. - * - * Fields: type, pkey_type, md_size, flags, - * init(), update(), final(), - * copy(), cleanup(), sign(), verify(), - * required_pkey_type, block_size, ctx_size, md5_ctrl() - */ -const EVP_MD t4_sha256 = { - NID_sha256, NID_sha256WithRSAEncryption, SHA256_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, - t4_digest_init_sha256, t4_digest_update_sha256, t4_digest_final_sha256, - t4_digest_copy_sha256, NULL, - EVP_PKEY_RSA_method, SHA256_CBLOCK, - sizeof (T4_SHA256_CTX), NULL - }; -/* SHA-224 uses the same context, cblock size, & update function as SHA-256: */ -const EVP_MD t4_sha224 = { - NID_sha224, NID_sha224WithRSAEncryption, SHA224_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, - t4_digest_init_sha224, t4_digest_update_sha256, t4_digest_final_sha256, - t4_digest_copy_sha256, NULL, - EVP_PKEY_RSA_method, SHA256_CBLOCK, - sizeof (T4_SHA256_CTX), NULL - }; - -/* These functions are defined in md32_common.h: */ -static int t4_sha256_update(T4_SHA256_CTX *c, const void *data_, size_t len); -static void t4_sha256_transform(T4_SHA256_CTX *c, const unsigned char *data); -static int t4_sha256_final(unsigned char *md, T4_SHA256_CTX *c); -#pragma inline(t4_sha256_update, t4_sha256_transform, t4_sha256_final) - -#define DATA_ORDER_IS_BIG_ENDIAN -/* HASH_LONG/SHA_LONG is unsigned int (32 bits): */ -#define HASH_LONG SHA_LONG -#define HASH_CTX T4_SHA256_CTX -#define HASH_CBLOCK SHA_CBLOCK -#define HASH_UPDATE t4_sha256_update -#define HASH_TRANSFORM t4_sha256_transform -#define HASH_FINAL t4_sha256_final -#define HASH_BLOCK_DATA_ORDER t4_sha256_multiblock -#define HASH_MAKE_STRING(c, s) \ - do { \ - unsigned int ll, nn; \ - switch ((c)->md_len) { \ - case SHA256_DIGEST_LENGTH: \ - for (nn = 0; nn < SHA256_DIGEST_LENGTH / 4; nn++) { \ - ll = (c)->h[nn]; HOST_l2c(ll, (s)); } \ - break; \ - case SHA224_DIGEST_LENGTH: \ - for (nn = 0; nn < SHA224_DIGEST_LENGTH / 4; nn++) { \ - ll = (c)->h[nn]; HOST_l2c(ll, (s)); } \ - break; \ - default: \ - if ((c)->md_len > SHA256_DIGEST_LENGTH) \ - return (0); \ - for (nn = 0; nn < (c)->md_len / 4; nn++) { \ - ll = (c)->h[nn]; HOST_l2c(ll, (s)); } \ - break; \ - } \ - } while (0) - -/* This defines HASH_UPDATE, HASH_TRANSFORM, HASH_FINAL functions: */ -#include "md32_common.h" - - -/* - * SHA256 functions (part of FIPS 180-2 Secure Hash Standard) - */ - -static int -t4_digest_init_sha256(EVP_MD_CTX *ctx) -{ - T4_SHA256_CTX *c = (T4_SHA256_CTX *)ctx->md_data; - - /* Optimization: don't call memset(c, 0,...) or initialize c->data[] */ - c->Nl = c->Nh = c->num = 0; - c->h[0] = 0x6a09e667U; - c->h[1] = 0xbb67ae85U; - c->h[2] = 0x3c6ef372U; - c->h[3] = 0xa54ff53aU; - c->h[4] = 0x510e527fU; - c->h[5] = 0x9b05688cU; - c->h[6] = 0x1f83d9abU; - c->h[7] = 0x5be0cd19U; - c->md_len = SHA256_DIGEST_LENGTH; - return (1); -} - - -static int -t4_digest_init_sha224(EVP_MD_CTX *ctx) -{ - T4_SHA256_CTX *c = (T4_SHA256_CTX *)ctx->md_data; - - /* Optimization: don't call memset(c, 0,...) or initialize c->data[] */ - c->Nl = c->Nh = c->num = 0; - c->h[0] = 0xc1059ed8UL; - c->h[1] = 0x367cd507UL; - c->h[2] = 0x3070dd17UL; - c->h[3] = 0xf70e5939UL; - c->h[4] = 0xffc00b31UL; - c->h[5] = 0x68581511UL; - c->h[6] = 0x64f98fa7UL; - c->h[7] = 0xbefa4fa4UL; - c->md_len = SHA224_DIGEST_LENGTH; - return (1); -} - -/* Continue SHA256 digest operation, using message block to update context. */ -static int -t4_digest_update_sha256(EVP_MD_CTX *ctx, const void *data, size_t len) -{ - T4_SHA256_CTX *sha256_ctx = (T4_SHA256_CTX *)ctx->md_data; - - return (t4_sha256_update((T4_SHA256_CTX *)ctx->md_data, data, len)); -} - -/* End SHA256 digest operation, finalizing message digest and zeroing context */ -static int -t4_digest_final_sha256(EVP_MD_CTX *ctx, unsigned char *md) -{ - T4_SHA256_CTX *sha256_ctx = (T4_SHA256_CTX *)ctx->md_data; - - return (t4_sha256_final(md, (T4_SHA256_CTX *)ctx->md_data)); -} - -/* Required for Engine API */ -static int -t4_digest_copy_sha256(EVP_MD_CTX *to, const EVP_MD_CTX *from) -{ - if ((to->md_data != NULL) && (from->md_data != NULL)) { - (void) memcpy(to->md_data, from->md_data, - sizeof (T4_SHA256_CTX)); - } - return (1); -} - -#endif /* COMPILE_HW_T4 */ -#endif /* !OPENSSL_NO_SHA && !OPENSSL_NO_SHA256 */ -#endif /* !OPENSSL_NO_HW && !OPENSSL_NO_HW_MD_T4 */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/engines/t4/eng_t4_sha2_asm.h --- a/components/openssl/openssl-1.0.0/engines/t4/eng_t4_sha2_asm.h Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,135 +0,0 @@ -/* - * This product includes cryptographic software developed by the OpenSSL - * Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This - * product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). - */ - -/* - * ==================================================================== - * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -/* - * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. - */ - -#ifndef ENG_T4_SHA2_ASM_H -#define ENG_T4_SHA2_ASM_H - -/* - * SPARC T4 SHA2 (SHA256/SHA512) assembly language functions and context. - * The context must match that used by the Solaris SPARC T4 assembly - * (except for OpenSSL-specific fields num and md_len that aren't in Solaris). - * - * Based on OpenSSL file openssl/sha.h and Solaris file sys/sha2.h. - */ - -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#ifndef OPENSSL_NO_SHA256 -/* - * The contents of this structure are a private interface between the - * Init/Update/Multiblock/Final functions. - * Callers must never attempt to read or write any of the fields - * in this structure directly. - */ -typedef struct t4_SHA256state_st { - uint32_t algotype; /* Solaris-only field; unused here */ - uint32_t algotype_pad; /* Pad to align next field 0 mod 8 */ - uint32_t h[8]; /* State (ABCDEFGH) */ - uint32_t h_pad[8]; /* Pad fields to match T4_SHA512_CTX */ - uint32_t Nl, Nh; /* Number of bits, module 2^64 */ - uint32_t Nl_pad, Nh_pad; /* Pad fields to match T4_SHA512_CTX */ - uint32_t data[SHA_LBLOCK]; /* Input */ - unsigned int num, md_len; /* Fields unused by Solaris assembly */ -} T4_SHA256_CTX; -#endif /* !OPENSSL_NO_SHA256 */ - - -#ifndef OPENSSL_NO_SHA512 -/* - * The contents of this structure are a private interface between the - * Init/Update/Multiblock/Final functions. - * Callers must never attempt to read or write any of the fields - * in this structure directly. - */ -typedef struct t4_SHA512state_st { - uint32_t algotype; /* Solaris-only field; unused here */ - uint64_t h[8]; /* State (ABCDEFGH) */ - uint64_t Nl, Nh; /* Number of bits, module 2^128 */ - union { - uint64_t d[SHA_LBLOCK]; - unsigned char p[SHA512_CBLOCK]; - } u; /* Input */ - unsigned int num, md_len; /* Fields unused by Solaris assembly */ -} T4_SHA512_CTX; -#endif /* !OPENSSL_NO_SHA512 */ - -/* - * SPARC T4 assembly language functions - */ -#ifndef OPENSSL_NO_SHA256 -extern void t4_sha256_multiblock(T4_SHA256_CTX *c, const void *input, - size_t num); -#endif -#ifndef OPENSSL_NO_SHA512 -extern void t4_sha512_multiblock(T4_SHA512_CTX *c, const void *input, - size_t num); -#endif - -#ifdef __cplusplus -} -#endif -#endif /* ENG_T4_SHA2_ASM_H */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/engines/t4/eng_t4_sha512.c --- a/components/openssl/openssl-1.0.0/engines/t4/eng_t4_sha512.c Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,325 +0,0 @@ -/* - * This product includes cryptographic software developed by the OpenSSL - * Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This - * product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). - */ - -/* - * ==================================================================== - * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -/* - * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. - */ - -/* - * This engine supports SPARC microprocessors that provide AES and other - * cipher and hash instructions, such as the T4 microprocessor. - * - * This file implements the SHA-512 message digest operations. - */ - -#include - -#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_MD_T4) -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) -#include -#include -#include -#include -#include -/* - * Solaris sys/sha2.h and OpenSSL openssl/sha.h both define - * SHA512_CTX, SHA512_CTX, SHA512, SHA384, and SHA512. - * For SHA2, OpenSSL SHA512_CTX has extra num and md_len fields at - * the end and Solaris SHA2_CTX has an extra algotype field at the beginning. - */ -#include "eng_t4_sha2_asm.h" - -#if (defined(sun4v) || defined(__sparcv9) || defined(__sparcv8plus) || \ - defined(__sparcv8)) && !defined(OPENSSL_NO_ASM) -#define COMPILE_HW_T4 -#endif - -#ifdef COMPILE_HW_T4 - -/* Formal declaration for functions in EVP_MD structure */ -static int t4_digest_init_sha384(EVP_MD_CTX *ctx); -static int t4_digest_init_sha512(EVP_MD_CTX *ctx); -static int t4_digest_update_sha512(EVP_MD_CTX *ctx, const void *data, - size_t len); -static int t4_digest_final_sha512(EVP_MD_CTX *ctx, unsigned char *md); -static int t4_digest_copy_sha512(EVP_MD_CTX *to, const EVP_MD_CTX *from); - - -/* - * OpenSSL's libcrypto EVP stuff. This is how this engine gets wired to EVP. - * EVP_MD is defined in evp.h. To maintain binary compatibility the - * definition cannot be modified. - * Stuff specific to the t4 engine is kept in t4_cipher_ctx_t, which is - * pointed to by the last field, app_data. - * - * Fields: type, pkey_type, md_size, flags, - * init(), update(), final(), - * copy(), cleanup(), sign(), verify(), - * required_pkey_type, block_size, ctx_size, md5_ctrl() - */ - -const EVP_MD t4_sha512 = { - NID_sha512, NID_sha512WithRSAEncryption, SHA512_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, - t4_digest_init_sha512, t4_digest_update_sha512, t4_digest_final_sha512, - t4_digest_copy_sha512, NULL, - EVP_PKEY_RSA_method, SHA512_CBLOCK, - sizeof (T4_SHA512_CTX), NULL - }; -/* SHA-384 uses the same context, cblock size, & update function as SHA-512: */ -const EVP_MD t4_sha384 = { - NID_sha384, NID_sha384WithRSAEncryption, SHA384_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, - t4_digest_init_sha384, t4_digest_update_sha512, t4_digest_final_sha512, - t4_digest_copy_sha512, NULL, - EVP_PKEY_RSA_method, SHA512_CBLOCK, - sizeof (T4_SHA512_CTX), NULL - }; - - -/* - * SHA512 functions (part of FIPS 180-2 Secure Hash Standard) - */ - -static int -t4_digest_init_sha512(EVP_MD_CTX *ctx) -{ - T4_SHA512_CTX *c = (T4_SHA512_CTX *)ctx->md_data; - - c->Nl = c->Nh = c->num = 0; - c->h[0] = 0x6a09e667f3bcc908ULL; - c->h[1] = 0xbb67ae8584caa73bULL; - c->h[2] = 0x3c6ef372fe94f82bULL; - c->h[3] = 0xa54ff53a5f1d36f1ULL; - c->h[4] = 0x510e527fade682d1ULL; - c->h[5] = 0x9b05688c2b3e6c1fULL; - c->h[6] = 0x1f83d9abfb41bd6bULL; - c->h[7] = 0x5be0cd19137e2179ULL; - c->md_len = SHA512_DIGEST_LENGTH; - - return (1); -} - - -static int -t4_digest_init_sha384(EVP_MD_CTX *ctx) -{ - T4_SHA512_CTX *c = (T4_SHA512_CTX *)ctx->md_data; - - c->Nl = c->Nh = c->num = 0; - c->h[0] = 0xcbbb9d5dc1059ed8ULL; - c->h[1] = 0x629a292a367cd507ULL; - c->h[2] = 0x9159015a3070dd17ULL; - c->h[3] = 0x152fecd8f70e5939ULL; - c->h[4] = 0x67332667ffc00b31ULL; - c->h[5] = 0x8eb44a8768581511ULL; - c->h[6] = 0xdb0c2e0d64f98fa7ULL; - c->h[7] = 0x47b5481dbefa4fa4ULL; - c->md_len = SHA384_DIGEST_LENGTH; - - return (1); -} - - -/* - * Continue SHA512 or SHA384 digest operation, using the message block to - * update context. - * Modified from SHA512_Update() in OpenSSL crypto/sha/sha512.c. - */ -static int -t4_digest_update_sha512(EVP_MD_CTX *ctx, const void *_data, size_t len) -{ - T4_SHA512_CTX *c = (T4_SHA512_CTX *)ctx->md_data; - SHA_LONG64 l; - unsigned char *p = c->u.p; - const unsigned char *data = (const unsigned char *)_data; - - if (len == 0) - return (1); - - l = (c->Nl + (((SHA_LONG64)len) << 3)) & 0xffffffffffffffffULL; - if (l < c->Nl) - c->Nh++; - if (sizeof (len) >= 8) { - c->Nh += (((SHA_LONG64)len) >> 61); - } - c->Nl = l; - - if (c->num != 0) { - size_t n = sizeof (c->u) - c->num; - - if (len < n) { - memcpy(p + c->num, data, len); - c->num += (unsigned int)len; - return (1); - } else { - memcpy(p + c->num, data, n); - c->num = 0; - len -= n; - data += n; - t4_sha512_multiblock(c, p, 1); - } - } - - if (len >= sizeof (c->u)) { - if ((size_t)data % sizeof (c->u.d[0]) != 0) { - /* Align unaligned data one block-at-a-time */ - while (len >= sizeof (c->u)) { - memcpy(p, data, sizeof (c->u)); - t4_sha512_multiblock(c, p, 1); - len -= sizeof (c->u); - data += sizeof (c->u); - } - } else { - t4_sha512_multiblock(c, data, len / sizeof (c->u)); - data += len; - len %= sizeof (c->u); - data -= len; - } - } - - if (len != 0) { - memcpy(p, data, len); - c->num = (int)len; - } - - return (1); -} - - -/* - * End SHA-512 or SHA-384 digest operation, finalizing message digest and - * zeroing context. - * Modified from SHA512_Final() in OpenSSL crypto/sha/sha512.c. - */ -static int -t4_digest_final_sha512(EVP_MD_CTX *ctx, unsigned char *md) -{ - T4_SHA512_CTX *c = (T4_SHA512_CTX *)ctx->md_data; - unsigned char *p = (unsigned char *)c->u.p; - size_t n = c->num; - - p[n] = 0x80; /* There always is a room for one */ - n++; - if (n > (sizeof (c->u) - 16)) { - memset(p + n, 0, sizeof (c->u) - n); - n = 0; - t4_sha512_multiblock(c, p, 1); - } - - memset(p+n, 0, sizeof (c->u) - 16 - n); - c->u.d[SHA_LBLOCK - 2] = c->Nh; - c->u.d[SHA_LBLOCK - 1] = c->Nl; - - t4_sha512_multiblock(c, p, 1); - - if (md == 0) - return (0); - - switch (c->md_len) { - /* Let compiler decide if it's appropriate to unroll... */ - case SHA384_DIGEST_LENGTH: - for (n = 0; n < SHA384_DIGEST_LENGTH / 8; n++) { - SHA_LONG64 t = c->h[n]; - - *(md++) = (unsigned char)(t >> 56); - *(md++) = (unsigned char)(t >> 48); - *(md++) = (unsigned char)(t >> 40); - *(md++) = (unsigned char)(t >> 32); - *(md++) = (unsigned char)(t >> 24); - *(md++) = (unsigned char)(t >> 16); - *(md++) = (unsigned char)(t >> 8); - *(md++) = (unsigned char)(t); - } - break; - case SHA512_DIGEST_LENGTH: - for (n = 0; n < SHA512_DIGEST_LENGTH / 8; n++) { - SHA_LONG64 t = c->h[n]; - - *(md++) = (unsigned char)(t >> 56); - *(md++) = (unsigned char)(t >> 48); - *(md++) = (unsigned char)(t >> 40); - *(md++) = (unsigned char)(t >> 32); - *(md++) = (unsigned char)(t >> 24); - *(md++) = (unsigned char)(t >> 16); - *(md++) = (unsigned char)(t >> 8); - *(md++) = (unsigned char)(t); - } - break; - /* ... as well as make sure md_len is not abused. */ - default: - return (0); - } - - return (1); -} - - -/* Required for Engine API */ -static int -t4_digest_copy_sha512(EVP_MD_CTX *to, const EVP_MD_CTX *from) -{ - if ((to->md_data != NULL) && (from->md_data != NULL)) { - (void) memcpy(to->md_data, from->md_data, - sizeof (T4_SHA512_CTX)); - } - return (1); -} - -#endif /* COMPILE_HW_T4 */ -#endif /* !OPENSSL_NO_SHA && !OPENSSL_NO_SHA512 */ -#endif /* !OPENSSL_NO_HW && !OPENSSL_NO_HW_MD_T4 */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/engines/t4/t4_aes.S --- a/components/openssl/openssl-1.0.0/engines/t4/t4_aes.S Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,3052 +0,0 @@ -/* - * ==================================================================== - * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -/* - * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. - */ - -/*LINTLIBRARY*/ - -#if defined(lint) || defined(__lint) - - -#include - -/*ARGSUSED*/ -void t4_aes_expand128(uint64_t *rk, const uint32_t *key) -{ return; } - -/*ARGSUSED*/ -void t4_aes_expand192(uint64_t *rk, const uint32_t *key) -{ return; } - -/*ARGSUSED*/ -void t4_aes_expand256(uint64_t *rk, const uint32_t *key) -{ return; } - -void t4_aes128_load_keys_for_encrypt(uint64_t *ks) -{ return; } - -/*ARGSUSED*/ -void t4_aes192_load_keys_for_encrypt(uint64_t *ks) -{ return; } - -/*ARGSUSED*/ -void t4_aes256_load_keys_for_encrypt(uint64_t *ks) -{ return; } - -/*ARGSUSED*/ -void t4_aes128_ecb_encrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) -{ return; } - -/*ARGSUSED*/ -void t4_aes192_ecb_encrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) -{ return; } - -/*ARGSUSED*/ -void t4_aes256_ecb_encrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) -{ return; } - -/*ARGSUSED*/ -void t4_aes128_cbc_encrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) -{ return; } - -/*ARGSUSED*/ -void t4_aes192_cbc_encrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) -{ return; } - -/*ARGSUSED*/ -void t4_aes256_cbc_encrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) -{ return; } - -/*ARGSUSED*/ -void t4_aes128_ctr_crypt(uint64_t *ks, uint64_t *asm_in, - uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) -{ return; } - -/*ARGSUSED*/ -void t4_aes192_ctr_crypt(uint64_t *ks, uint64_t *asm_in, - uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) -{ return; } - -/*ARGSUSED*/ -void t4_aes256_ctr_crypt(uint64_t *ks, uint64_t *asm_in, - uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) -{ return; } - -/*ARGSUSED*/ -void t4_aes128_cfb128_encrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) -{ return; } - -/*ARGSUSED*/ -void t4_aes192_cfb128_encrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) -{ return; } - -/*ARGSUSED*/ -void t4_aes256_cfb128_encrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) -{ return; } - -void t4_aes128_load_keys_for_decrypt(uint64_t *ks) -{ return; } - -/*ARGSUSED*/ -void t4_aes192_load_keys_for_decrypt(uint64_t *ks) -{ return; } - -/*ARGSUSED*/ -void t4_aes256_load_keys_for_decrypt(uint64_t *ks) -{ return; } - -/*ARGSUSED*/ -void t4_aes128_ecb_decrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) -{ return; } - -/*ARGSUSED*/ -void t4_aes192_ecb_decrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) -{ return; } - -/*ARGSUSED*/ -void t4_aes256_ecb_decrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) -{ return; } - -/*ARGSUSED*/ -void t4_aes128_cbc_decrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) -{ return; } - -/*ARGSUSED*/ -void t4_aes192_cbc_decrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) -{ return; } - -/*ARGSUSED*/ -void t4_aes256_cbc_decrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) -{ return; } - -/*ARGSUSED*/ -void t4_aes128_cfb128_decrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) -{ return; } - -/*ARGSUSED*/ -void t4_aes192_cfb128_decrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) -{ return; } - -/*ARGSUSED*/ -void t4_aes256_cfb128_decrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) -{ return; } - -#else /* lint || __lint */ - -#include - - - ENTRY(t4_aes_expand128) - -!load key - ld [%o1], %f0 - ld [%o1 + 0x4], %f1 - ld [%o1 + 0x8], %f2 - ld [%o1 + 0xc], %f3 - -!expand the key - !aes_kexpand1 %f0, %f2, 0x0, %f4 - !aes_kexpand2 %f2, %f4, %f6 - !aes_kexpand1 %f4, %f6, 0x1, %f8 - !aes_kexpand2 %f6, %f8, %f10 - !aes_kexpand1 %f8, %f10, 0x2, %f12 - !aes_kexpand2 %f10, %f12, %f14 - !aes_kexpand1 %f12, %f14, 0x3, %f16 - !aes_kexpand2 %f14, %f16, %f18 - !aes_kexpand1 %f16, %f18, 0x4, %f20 - !aes_kexpand2 %f18, %f20, %f22 - !aes_kexpand1 %f20, %f22, 0x5, %f24 - !aes_kexpand2 %f22, %f24, %f26 - !aes_kexpand1 %f24, %f26, 0x6, %f28 - !aes_kexpand2 %f26, %f28, %f30 - !aes_kexpand1 %f28, %f30, 0x7, %f32 - !aes_kexpand2 %f30, %f32, %f34 - !aes_kexpand1 %f32, %f34, 0x8, %f36 - !aes_kexpand2 %f34, %f36, %f38 - !aes_kexpand1 %f36, %f38, 0x9, %f40 - !aes_kexpand2 %f38, %f40, %f42 - .byte 0x88, 0xc8, 0x01, 0x02 - .byte 0x8d, 0xb0, 0xa6, 0x24 - .byte 0x90, 0xc9, 0x03, 0x06 - .byte 0x95, 0xb1, 0xa6, 0x28 - .byte 0x98, 0xca, 0x05, 0x0a - .byte 0x9d, 0xb2, 0xa6, 0x2c - .byte 0xa0, 0xcb, 0x07, 0x0e - .byte 0xa5, 0xb3, 0xa6, 0x30 - .byte 0xa8, 0xcc, 0x09, 0x12 - .byte 0xad, 0xb4, 0xa6, 0x34 - .byte 0xb0, 0xcd, 0x0b, 0x16 - .byte 0xb5, 0xb5, 0xa6, 0x38 - .byte 0xb8, 0xce, 0x0d, 0x1a - .byte 0xbd, 0xb6, 0xa6, 0x3c - .byte 0x82, 0xcf, 0x0f, 0x1e - .byte 0x87, 0xb7, 0xa6, 0x21 - .byte 0x8a, 0xc8, 0x51, 0x03 - .byte 0x8f, 0xb0, 0xe6, 0x25 - .byte 0x92, 0xc9, 0x53, 0x07 - .byte 0x97, 0xb1, 0xe6, 0x29 - -!copy expanded key back into array - std %f4, [%o0] - std %f6, [%o0 + 0x8] - std %f8, [%o0 + 0x10] - std %f10, [%o0 + 0x18] - std %f12, [%o0 + 0x20] - std %f14, [%o0 + 0x28] - std %f16, [%o0 + 0x30] - std %f18, [%o0 + 0x38] - std %f20, [%o0 + 0x40] - std %f22, [%o0 + 0x48] - std %f24, [%o0 + 0x50] - std %f26, [%o0 + 0x58] - std %f28, [%o0 + 0x60] - std %f30, [%o0 + 0x68] - std %f32, [%o0 + 0x70] - std %f34, [%o0 + 0x78] - std %f36, [%o0 + 0x80] - std %f38, [%o0 + 0x88] - std %f40, [%o0 + 0x90] - retl - std %f42, [%o0 + 0x98] - - SET_SIZE(t4_aes_expand128) - - - ENTRY(t4_aes_expand192) - -!load key - ld [%o1], %f0 - ld [%o1 + 0x4], %f1 - ld [%o1 + 0x8], %f2 - ld [%o1 + 0xc], %f3 - ld [%o1 + 0x10], %f4 - ld [%o1 + 0x14], %f5 - -!expand the key - !aes_kexpand1 %f0, %f4, 0x0, %f6 - !aes_kexpand2 %f2, %f6, %f8 - !aes_kexpand2 %f4, %f8, %f10 - - !aes_kexpand1 %f6, %f10, 0x1, %f12 - !aes_kexpand2 %f8, %f12, %f14 - !aes_kexpand2 %f10, %f14, %f16 - - !aes_kexpand1 %f12, %f16, 0x2, %f18 - !aes_kexpand2 %f14, %f18, %f20 - !aes_kexpand2 %f16, %f20, %f22 - - !aes_kexpand1 %f18, %f22, 0x3, %f24 - !aes_kexpand2 %f20, %f24, %f26 - !aes_kexpand2 %f22, %f26, %f28 - - !aes_kexpand1 %f24, %f28, 0x4, %f30 - !aes_kexpand2 %f26, %f30, %f32 - !aes_kexpand2 %f28, %f32, %f34 - - !aes_kexpand1 %f30, %f34, 0x5, %f36 - !aes_kexpand2 %f32, %f36, %f38 - !aes_kexpand2 %f34, %f38, %f40 - - !aes_kexpand1 %f36, %f40, 0x6, %f42 - !aes_kexpand2 %f38, %f42, %f44 - !aes_kexpand2 %f40, %f44, %f46 - - !aes_kexpand1 %f42, %f46, 0x7, %f48 - !aes_kexpand2 %f44, %f48, %f50 - .byte 0x8c, 0xc8, 0x01, 0x04 - .byte 0x91, 0xb0, 0xa6, 0x26 - .byte 0x95, 0xb1, 0x26, 0x28 - .byte 0x98, 0xc9, 0x83, 0x0a - .byte 0x9d, 0xb2, 0x26, 0x2c - .byte 0xa1, 0xb2, 0xa6, 0x2e - .byte 0xa4, 0xcb, 0x05, 0x10 - .byte 0xa9, 0xb3, 0xa6, 0x32 - .byte 0xad, 0xb4, 0x26, 0x34 - .byte 0xb0, 0xcc, 0x87, 0x16 - .byte 0xb5, 0xb5, 0x26, 0x38 - .byte 0xb9, 0xb5, 0xa6, 0x3a - .byte 0xbc, 0xce, 0x09, 0x1c - .byte 0x83, 0xb6, 0xa6, 0x3e - .byte 0x87, 0xb7, 0x26, 0x21 - .byte 0x8a, 0xcf, 0x8b, 0x03 - .byte 0x8f, 0xb0, 0x66, 0x25 - .byte 0x93, 0xb0, 0xe6, 0x27 - .byte 0x96, 0xc9, 0x4d, 0x09 - .byte 0x9b, 0xb1, 0xe6, 0x2b - .byte 0x9f, 0xb2, 0x66, 0x2d - .byte 0xa2, 0xca, 0xcf, 0x0f - .byte 0xa7, 0xb3, 0x66, 0x31 - -!copy expanded key back into array - std %f6, [%o0] - std %f8, [%o0 + 0x8] - std %f10, [%o0 + 0x10] - std %f12, [%o0 + 0x18] - std %f14, [%o0 + 0x20] - std %f16, [%o0 + 0x28] - std %f18, [%o0 + 0x30] - std %f20, [%o0 + 0x38] - std %f22, [%o0 + 0x40] - std %f24, [%o0 + 0x48] - std %f26, [%o0 + 0x50] - std %f28, [%o0 + 0x58] - std %f30, [%o0 + 0x60] - std %f32, [%o0 + 0x68] - std %f34, [%o0 + 0x70] - std %f36, [%o0 + 0x78] - std %f38, [%o0 + 0x80] - std %f40, [%o0 + 0x88] - std %f42, [%o0 + 0x90] - std %f44, [%o0 + 0x98] - std %f46, [%o0 + 0xa0] - std %f48, [%o0 + 0xa8] - retl - std %f50, [%o0 + 0xb0] - - SET_SIZE(t4_aes_expand192) - - - ENTRY(t4_aes_expand256) - -!load key - ld [%o1], %f0 - ld [%o1 + 0x4], %f1 - ld [%o1 + 0x8], %f2 - ld [%o1 + 0xc], %f3 - ld [%o1 + 0x10], %f4 - ld [%o1 + 0x14], %f5 - ld [%o1 + 0x18], %f6 - ld [%o1 + 0x1c], %f7 - -!expand the key - !aes_kexpand1 %f0, %f6, 0x0, %f8 - !aes_kexpand2 %f2, %f8, %f10 - !aes_kexpand0 %f4, %f10, %f12 - !aes_kexpand2 %f6, %f12, %f14 - - !aes_kexpand1 %f8, %f14, 0x1, %f16 - !aes_kexpand2 %f10, %f16, %f18 - !aes_kexpand0 %f12, %f18, %f20 - !aes_kexpand2 %f14, %f20, %f22 - - !aes_kexpand1 %f16, %f22, 0x2, %f24 - !aes_kexpand2 %f18, %f24, %f26 - !aes_kexpand0 %f20, %f26, %f28 - !aes_kexpand2 %f22, %f28, %f30 - - !aes_kexpand1 %f24, %f30, 0x3, %f32 - !aes_kexpand2 %f26, %f32, %f34 - !aes_kexpand0 %f28, %f34, %f36 - !aes_kexpand2 %f30, %f36, %f38 - - !aes_kexpand1 %f32, %f38, 0x4, %f40 - !aes_kexpand2 %f34, %f40, %f42 - !aes_kexpand0 %f36, %f42, %f44 - !aes_kexpand2 %f38, %f44, %f46 - - !aes_kexpand1 %f40, %f46, 0x5, %f48 - !aes_kexpand2 %f42, %f48, %f50 - !aes_kexpand0 %f44, %f50, %f52 - !aes_kexpand2 %f46, %f52, %f54 - - !aes_kexpand1 %f48, %f54, 0x6, %f56 - !aes_kexpand2 %f50, %f56, %f58 - .byte 0x90, 0xc8, 0x01, 0x06 - .byte 0x95, 0xb0, 0xa6, 0x28 - .byte 0x99, 0xb1, 0x26, 0x0a - .byte 0x9d, 0xb1, 0xa6, 0x2c - .byte 0xa0, 0xca, 0x03, 0x0e - .byte 0xa5, 0xb2, 0xa6, 0x30 - .byte 0xa9, 0xb3, 0x26, 0x12 - .byte 0xad, 0xb3, 0xa6, 0x34 - .byte 0xb0, 0xcc, 0x05, 0x16 - .byte 0xb5, 0xb4, 0xa6, 0x38 - .byte 0xb9, 0xb5, 0x26, 0x1a - .byte 0xbd, 0xb5, 0xa6, 0x3c - .byte 0x82, 0xce, 0x07, 0x1e - .byte 0x87, 0xb6, 0xa6, 0x21 - .byte 0x8b, 0xb7, 0x26, 0x03 - .byte 0x8f, 0xb7, 0xa6, 0x25 - .byte 0x92, 0xc8, 0x49, 0x07 - .byte 0x97, 0xb0, 0xe6, 0x29 - .byte 0x9b, 0xb1, 0x66, 0x0b - .byte 0x9f, 0xb1, 0xe6, 0x2d - .byte 0xa2, 0xca, 0x4b, 0x0f - .byte 0xa7, 0xb2, 0xe6, 0x31 - .byte 0xab, 0xb3, 0x66, 0x13 - .byte 0xaf, 0xb3, 0xe6, 0x35 - .byte 0xb2, 0xcc, 0x4d, 0x17 - .byte 0xb7, 0xb4, 0xe6, 0x39 - -!copy expanded key back into array - std %f8, [%o0] - std %f10, [%o0 + 0x8] - std %f12, [%o0 + 0x10] - std %f14, [%o0 + 0x18] - std %f16, [%o0 + 0x20] - std %f18, [%o0 + 0x28] - std %f20, [%o0 + 0x30] - std %f22, [%o0 + 0x38] - std %f24, [%o0 + 0x40] - std %f26, [%o0 + 0x48] - std %f28, [%o0 + 0x50] - std %f30, [%o0 + 0x58] - std %f32, [%o0 + 0x60] - std %f34, [%o0 + 0x68] - std %f36, [%o0 + 0x70] - std %f38, [%o0 + 0x78] - std %f40, [%o0 + 0x80] - std %f42, [%o0 + 0x88] - std %f44, [%o0 + 0x90] - std %f46, [%o0 + 0x98] - std %f48, [%o0 + 0xa0] - std %f50, [%o0 + 0xa8] - std %f52, [%o0 + 0xb0] - std %f54, [%o0 + 0xb8] - std %f56, [%o0 + 0xc0] - retl - std %f58, [%o0 + 0xc8] - - SET_SIZE(t4_aes_expand256) - - -#define FIRST_TWO_EROUNDS \ - .byte 0xb2, 0xc8, 0x3e, 0x1d ; \ - .byte 0xb6, 0xc8, 0xbe, 0x3d ; \ - .byte 0xba, 0xc9, 0x36, 0x19 ; \ - .byte 0xbe, 0xc9, 0xb6, 0x39 - !aes_eround01 %f0, %f60, %f62, %f56 ; \ - !aes_eround23 %f2, %f60, %f62, %f58 ; \ - !aes_eround01 %f4, %f56, %f58, %f60 ; \ - !aes_eround23 %f6, %f56, %f58, %f62 - -#define MID_TWO_EROUNDS \ - .byte 0xb2, 0xca, 0x3e, 0x1d ; \ - .byte 0xb6, 0xca, 0xbe, 0x3d ; \ - .byte 0xba, 0xcb, 0x36, 0x19 ; \ - .byte 0xbe, 0xcb, 0xb6, 0x39 - !aes_eround01 %f8, %f60, %f62, %f56 ; \ - !aes_eround23 %f10, %f60, %f62, %f58 ; \ - !aes_eround01 %f12, %f56, %f58, %f60 ; \ - !aes_eround23 %f14, %f56, %f58, %f62 - -#define MID_TWO_EROUNDS_2 \ - .byte 0x8c, 0xca, 0x04, 0x00 ; \ - .byte 0x88, 0xca, 0x84, 0x20 ; \ - .byte 0xb2, 0xca, 0x3e, 0x1d ; \ - .byte 0xb6, 0xca, 0xbe, 0x3d ; \ - .byte 0x80, 0xcb, 0x08, 0x06 ; \ - .byte 0x84, 0xcb, 0x88, 0x26 ; \ - .byte 0xba, 0xcb, 0x36, 0x19 ; \ - .byte 0xbe, 0xcb, 0xb6, 0x39 - !aes_eround01 %f8, %f0, %f2, %f6 ; \ - !aes_eround23 %f10, %f0, %f2, %f4 ; \ - !aes_eround01 %f8, %f60, %f62, %f56 ; \ - !aes_eround23 %f10, %f60, %f62, %f58 ; \ - !aes_eround01 %f12, %f6, %f4, %f0 ; \ - !aes_eround23 %f14, %f6, %f4, %f2 ; \ - !aes_eround01 %f12, %f56, %f58, %f60 ; \ - !aes_eround23 %f14, %f56, %f58, %f62 - -#define TEN_EROUNDS \ - .byte 0xb2, 0xcc, 0x3e, 0x1d ; \ - .byte 0xb6, 0xcc, 0xbe, 0x3d ; \ - .byte 0xba, 0xcd, 0x36, 0x19 ; \ - .byte 0xbe, 0xcd, 0xb6, 0x39 ; \ - .byte 0xb2, 0xce, 0x3e, 0x1d ; \ - .byte 0xb6, 0xce, 0xbe, 0x3d ; \ - .byte 0xba, 0xcf, 0x36, 0x19 ; \ - .byte 0xbe, 0xcf, 0xb6, 0x39 ; \ - .byte 0xb2, 0xc8, 0x7e, 0x1d ; \ - .byte 0xb6, 0xc8, 0xfe, 0x3d ; \ - .byte 0xba, 0xc9, 0x76, 0x19 ; \ - .byte 0xbe, 0xc9, 0xf6, 0x39 ; \ - .byte 0xb2, 0xca, 0x7e, 0x1d ; \ - .byte 0xb6, 0xca, 0xfe, 0x3d ; \ - .byte 0xba, 0xcb, 0x76, 0x19 ; \ - .byte 0xbe, 0xcb, 0xf6, 0x39 ; \ - .byte 0xb2, 0xcc, 0x7e, 0x1d ; \ - .byte 0xb6, 0xcc, 0xfe, 0x3d ; \ - .byte 0xba, 0xcd, 0x76, 0x99 ; \ - .byte 0xbe, 0xcd, 0xf6, 0xb9 - !aes_eround01 %f16, %f60, %f62, %f56 ; \ - !aes_eround23 %f18, %f60, %f62, %f58 ; \ - !aes_eround01 %f20, %f56, %f58, %f60 ; \ - !aes_eround23 %f22, %f56, %f58, %f62 ; \ - !aes_eround01 %f24, %f60, %f62, %f56 ; \ - !aes_eround23 %f26, %f60, %f62, %f58 ; \ - !aes_eround01 %f28, %f56, %f58, %f60 ; \ - !aes_eround23 %f30, %f56, %f58, %f62 ; \ - !aes_eround01 %f32, %f60, %f62, %f56 ; \ - !aes_eround23 %f34, %f60, %f62, %f58 ; \ - !aes_eround01 %f36, %f56, %f58, %f60 ; \ - !aes_eround23 %f38, %f56, %f58, %f62 ; \ - !aes_eround01 %f40, %f60, %f62, %f56 ; \ - !aes_eround23 %f42, %f60, %f62, %f58 ; \ - !aes_eround01 %f44, %f56, %f58, %f60 ; \ - !aes_eround23 %f46, %f56, %f58, %f62 ; \ - !aes_eround01 %f48, %f60, %f62, %f56 ; \ - !aes_eround23 %f50, %f60, %f62, %f58 ; \ - !aes_eround01_l %f52, %f56, %f58, %f60 ; \ - !aes_eround23_l %f54, %f56, %f58, %f62 - -#define TEN_EROUNDS_2 \ - .byte 0x8c, 0xcc, 0x04, 0x00 ; \ - .byte 0x88, 0xcc, 0x84, 0x20 ; \ - .byte 0xb2, 0xcc, 0x3e, 0x1d ; \ - .byte 0xb6, 0xcc, 0xbe, 0x3d ; \ - .byte 0x80, 0xcd, 0x08, 0x06 ; \ - .byte 0x84, 0xcd, 0x88, 0x26 ; \ - .byte 0xba, 0xcd, 0x36, 0x19 ; \ - .byte 0xbe, 0xcd, 0xb6, 0x39 ; \ - .byte 0x8c, 0xce, 0x04, 0x00 ; \ - .byte 0x88, 0xce, 0x84, 0x20 ; \ - .byte 0xb2, 0xce, 0x3e, 0x1d ; \ - .byte 0xb6, 0xce, 0xbe, 0x3d ; \ - .byte 0x80, 0xcf, 0x08, 0x06 ; \ - .byte 0x84, 0xcf, 0x88, 0x26 ; \ - .byte 0xba, 0xcf, 0x36, 0x19 ; \ - .byte 0xbe, 0xcf, 0xb6, 0x39 ; \ - .byte 0x8c, 0xc8, 0x44, 0x00 ; \ - .byte 0x88, 0xc8, 0xc4, 0x20 ; \ - .byte 0xb2, 0xc8, 0x7e, 0x1d ; \ - .byte 0xb6, 0xc8, 0xfe, 0x3d ; \ - .byte 0x80, 0xc9, 0x48, 0x06 ; \ - .byte 0x84, 0xc9, 0xc8, 0x26 ; \ - .byte 0xba, 0xc9, 0x76, 0x19 ; \ - .byte 0xbe, 0xc9, 0xf6, 0x39 ; \ - .byte 0x8c, 0xca, 0x44, 0x00 ; \ - .byte 0x88, 0xca, 0xc4, 0x20 ; \ - .byte 0xb2, 0xca, 0x7e, 0x1d ; \ - .byte 0xb6, 0xca, 0xfe, 0x3d ; \ - .byte 0x80, 0xcb, 0x48, 0x06 ; \ - .byte 0x84, 0xcb, 0xc8, 0x26 ; \ - .byte 0xba, 0xcb, 0x76, 0x19 ; \ - .byte 0xbe, 0xcb, 0xf6, 0x39 ; \ - .byte 0x8c, 0xcc, 0x44, 0x00 ; \ - .byte 0x88, 0xcc, 0xc4, 0x20 ; \ - .byte 0xb2, 0xcc, 0x7e, 0x1d ; \ - .byte 0xb6, 0xcc, 0xfe, 0x3d ; \ - .byte 0x80, 0xcd, 0x48, 0x86 ; \ - .byte 0x84, 0xcd, 0xc8, 0xa6 ; \ - .byte 0xba, 0xcd, 0x76, 0x99 ; \ - .byte 0xbe, 0xcd, 0xf6, 0xb9 - !aes_eround01 %f16, %f0, %f2, %f6 ; \ - !aes_eround23 %f18, %f0, %f2, %f4 ; \ - !aes_eround01 %f16, %f60, %f62, %f56 ; \ - !aes_eround23 %f18, %f60, %f62, %f58 ; \ - !aes_eround01 %f20, %f6, %f4, %f0 ; \ - !aes_eround23 %f22, %f6, %f4, %f2 ; \ - !aes_eround01 %f20, %f56, %f58, %f60 ; \ - !aes_eround23 %f22, %f56, %f58, %f62 ; \ - !aes_eround01 %f24, %f0, %f2, %f6 ; \ - !aes_eround23 %f26, %f0, %f2, %f4 ; \ - !aes_eround01 %f24, %f60, %f62, %f56 ; \ - !aes_eround23 %f26, %f60, %f62, %f58 ; \ - !aes_eround01 %f28, %f6, %f4, %f0 ; \ - !aes_eround23 %f30, %f6, %f4, %f2 ; \ - !aes_eround01 %f28, %f56, %f58, %f60 ; \ - !aes_eround23 %f30, %f56, %f58, %f62 ; \ - !aes_eround01 %f32, %f0, %f2, %f6 ; \ - !aes_eround23 %f34, %f0, %f2, %f4 ; \ - !aes_eround01 %f32, %f60, %f62, %f56 ; \ - !aes_eround23 %f34, %f60, %f62, %f58 ; \ - !aes_eround01 %f36, %f6, %f4, %f0 ; \ - !aes_eround23 %f38, %f6, %f4, %f2 ; \ - !aes_eround01 %f36, %f56, %f58, %f60 ; \ - !aes_eround23 %f38, %f56, %f58, %f62 ; \ - !aes_eround01 %f40, %f0, %f2, %f6 ; \ - !aes_eround23 %f42, %f0, %f2, %f4 ; \ - !aes_eround01 %f40, %f60, %f62, %f56 ; \ - !aes_eround23 %f42, %f60, %f62, %f58 ; \ - !aes_eround01 %f44, %f6, %f4, %f0 ; \ - !aes_eround23 %f46, %f6, %f4, %f2 ; \ - !aes_eround01 %f44, %f56, %f58, %f60 ; \ - !aes_eround23 %f46, %f56, %f58, %f62 ; \ - !aes_eround01 %f48, %f0, %f2, %f6 ; \ - !aes_eround23 %f50, %f0, %f2, %f4 ; \ - !aes_eround01 %f48, %f60, %f62, %f56 ; \ - !aes_eround23 %f50, %f60, %f62, %f58 ; \ - !aes_eround01_l %f52, %f6, %f4, %f0 ; \ - !aes_eround23_l %f54, %f6, %f4, %f2 ; \ - !aes_eround01_l %f52, %f56, %f58, %f60 ; \ - !aes_eround23_l %f54, %f56, %f58, %f62 - -#define TWELVE_EROUNDS \ - MID_TWO_EROUNDS ; \ - TEN_EROUNDS - -#define TWELVE_EROUNDS_2 \ - MID_TWO_EROUNDS_2 ; \ - TEN_EROUNDS_2 - -#define FOURTEEN_EROUNDS \ - FIRST_TWO_EROUNDS ; \ - TWELVE_EROUNDS - -#define FOURTEEN_EROUNDS_2 \ - .byte 0xb0, 0xc8, 0x2c, 0x14 ; \ - .byte 0xac, 0xc8, 0xac, 0x34 ; \ - ldd [%o0 + 0x60], %f20 ; \ - .byte 0xb2, 0xc8, 0x3e, 0x1d ; \ - .byte 0xb6, 0xc8, 0xbe, 0x3d ; \ - .byte 0x80, 0xc9, 0x2c, 0x18 ; \ - .byte 0x84, 0xc9, 0xac, 0x38 ;\ - ldd [%o0 + 0x68], %f22 ; \ - .byte 0xba, 0xc9, 0x36, 0x19 ; \ - ldd [%o0 + 0x70], %f24 ; \ - .byte 0xbe, 0xc9, 0xb6, 0x39 ; \ - .byte 0x8c, 0xca, 0x04, 0x00 ; \ - .byte 0x88, 0xca, 0x84, 0x20 ; \ - .byte 0xb2, 0xca, 0x3e, 0x1d ; \ - .byte 0xb6, 0xca, 0xbe, 0x3d ; \ - .byte 0x80, 0xcb, 0x08, 0x06 ; \ - .byte 0x84, 0xcb, 0x88, 0x26 ; \ - .byte 0xba, 0xcb, 0x36, 0x19 ; \ - .byte 0xbe, 0xcb, 0xb6, 0x39 ; \ - .byte 0x8c, 0xcc, 0x04, 0x00 ; \ - .byte 0x88, 0xcc, 0x84, 0x20 ; \ - .byte 0xb2, 0xcc, 0x3e, 0x1d ; \ - .byte 0xb6, 0xcc, 0xbe, 0x3d ; \ - .byte 0x80, 0xcd, 0x08, 0x06 ; \ - .byte 0x84, 0xcd, 0x88, 0x26 ; \ - .byte 0xba, 0xcd, 0x36, 0x19 ; \ - .byte 0xbe, 0xcd, 0xb6, 0x39 ; \ - .byte 0x8c, 0xce, 0x04, 0x00 ; \ - .byte 0x88, 0xce, 0x84, 0x20 ; \ - .byte 0xb2, 0xce, 0x3e, 0x1d ; \ - .byte 0xb6, 0xce, 0xbe, 0x3d ; \ - .byte 0x80, 0xcf, 0x08, 0x06 ; \ - .byte 0x84, 0xcf, 0x88, 0x26 ; \ - .byte 0xba, 0xcf, 0x36, 0x19 ; \ - .byte 0xbe, 0xcf, 0xb6, 0x39 ; \ - .byte 0x8c, 0xc8, 0x44, 0x00 ; \ - .byte 0x88, 0xc8, 0xc4, 0x20 ; \ - .byte 0xb2, 0xc8, 0x7e, 0x1d ; \ - .byte 0xb6, 0xc8, 0xfe, 0x3d ; \ - .byte 0x80, 0xc9, 0x48, 0x06 ; \ - .byte 0x84, 0xc9, 0xc8, 0x26 ; \ - .byte 0xba, 0xc9, 0x76, 0x19 ; \ - .byte 0xbe, 0xc9, 0xf6, 0x39 ; \ - .byte 0x8c, 0xca, 0x44, 0x00 ; \ - .byte 0x88, 0xca, 0xc4, 0x20 ; \ - .byte 0xb2, 0xca, 0x7e, 0x1d ; \ - .byte 0xb6, 0xca, 0xfe, 0x3d ; \ - .byte 0x80, 0xcb, 0x48, 0x06 ; \ - .byte 0x84, 0xcb, 0xc8, 0x26 ; \ - .byte 0xba, 0xcb, 0x76, 0x19 ; \ - .byte 0xbe, 0xcb, 0xf6, 0x39 ; \ - .byte 0x8c, 0xcc, 0x44, 0x00 ; \ - .byte 0x88, 0xcc, 0xc4, 0x20 ; \ - ldd [%o0 + 0x10], %f0 ; \ - .byte 0xb2, 0xcc, 0x7e, 0x1d ; \ - ldd [%o0 + 0x18], %f2 ; \ - .byte 0xb6, 0xcc, 0xfe, 0x3d ; \ - .byte 0xa8, 0xcd, 0x48, 0x86 ; \ - .byte 0xac, 0xcd, 0xc8, 0xa6 ; \ - ldd [%o0 + 0x20], %f4 ; \ - .byte 0xba, 0xcd, 0x76, 0x99 ; \ - ldd [%o0 + 0x28], %f6 ; \ - .byte 0xbe, 0xcd, 0xf6, 0xb9 - !aes_eround01 %f0, %f20, %f22, %f24 ; \ - !aes_eround23 %f2, %f20, %f22, %f22 ; \ - !ldd [%o0 + 0x60], %f20 ; \ - !aes_eround01 %f0, %f60, %f62, %f56 ; \ - !aes_eround23 %f2, %f60, %f62, %f58 ; \ - !aes_eround01 %f4, %f24, %f22, %f0 ; \ - !aes_eround23 %f6, %f24, %f22, %f2 ; \ - !ldd [%o0 + 0x68], %f22 ; \ - !aes_eround01 %f4, %f56, %f58, %f60 ; \ - !ldd [%o0 + 0x70], %f24 ; \ - !aes_eround23 %f6, %f56, %f58, %f62 ; \ - !aes_eround01 %f8, %f0, %f2, %f6 ; \ - !aes_eround23 %f10, %f0, %f2, %f4 ; \ - !aes_eround01 %f8, %f60, %f62, %f56 ; \ - !aes_eround23 %f10, %f60, %f62, %f58 ; \ - !aes_eround01 %f12, %f6, %f4, %f0 ; \ - !aes_eround23 %f14, %f6, %f4, %f2 ; \ - !aes_eround01 %f12, %f56, %f58, %f60 ; \ - !aes_eround23 %f14, %f56, %f58, %f62 ; \ - !aes_eround01 %f16, %f0, %f2, %f6 ; \ - !aes_eround23 %f18, %f0, %f2, %f4 ; \ - !aes_eround01 %f16, %f60, %f62, %f56 ; \ - !aes_eround23 %f18, %f60, %f62, %f58 ; \ - !aes_eround01 %f20, %f6, %f4, %f0 ; \ - !aes_eround23 %f22, %f6, %f4, %f2 ; \ - !aes_eround01 %f20, %f56, %f58, %f60 ; \ - !aes_eround23 %f22, %f56, %f58, %f62 ; \ - !aes_eround01 %f24, %f0, %f2, %f6 ; \ - !aes_eround23 %f26, %f0, %f2, %f4 ; \ - !aes_eround01 %f24, %f60, %f62, %f56 ; \ - !aes_eround23 %f26, %f60, %f62, %f58 ; \ - !aes_eround01 %f28, %f6, %f4, %f0 ; \ - !aes_eround23 %f30, %f6, %f4, %f2 ; \ - !aes_eround01 %f28, %f56, %f58, %f60 ; \ - !aes_eround23 %f30, %f56, %f58, %f62 ; \ - !aes_eround01 %f32, %f0, %f2, %f6 ; \ - !aes_eround23 %f34, %f0, %f2, %f4 ; \ - !aes_eround01 %f32, %f60, %f62, %f56 ; \ - !aes_eround23 %f34, %f60, %f62, %f58 ; \ - !aes_eround01 %f36, %f6, %f4, %f0 ; \ - !aes_eround23 %f38, %f6, %f4, %f2 ; \ - !aes_eround01 %f36, %f56, %f58, %f60 ; \ - !aes_eround23 %f38, %f56, %f58, %f62 ; \ - !aes_eround01 %f40, %f0, %f2, %f6 ; \ - !aes_eround23 %f42, %f0, %f2, %f4 ; \ - !aes_eround01 %f40, %f60, %f62, %f56 ; \ - !aes_eround23 %f42, %f60, %f62, %f58 ; \ - !aes_eround01 %f44, %f6, %f4, %f0 ; \ - !aes_eround23 %f46, %f6, %f4, %f2 ; \ - !aes_eround01 %f44, %f56, %f58, %f60 ; \ - !aes_eround23 %f46, %f56, %f58, %f62 ; \ - !aes_eround01 %f48, %f0, %f2, %f6 ; \ - !aes_eround23 %f50, %f0, %f2, %f4 ; \ - !ldd [%o0 + 0x10], %f0 ; \ - !aes_eround01 %f48, %f60, %f62, %f56 ; \ - !ldd [%o0 + 0x18], %f2 ; \ - !aes_eround23 %f50, %f60, %f62, %f58 ; \ - !aes_eround01_l %f52, %f6, %f4, %f20 ; \ - !aes_eround23_l %f54, %f6, %f4, %f22 ; \ - !ldd [%o0 + 0x20], %f4 ; \ - !aes_eround01_l %f52, %f56, %f58, %f60 ; \ - !ldd [%o0 + 0x28], %f6 ; \ - !aes_eround23_l %f54, %f56, %f58, %f62 - -#define FIRST_TWO_DROUNDS \ - .byte 0xb2, 0xc8, 0x3e, 0x5d ; \ - .byte 0xb6, 0xc8, 0xbe, 0x7d ; \ - .byte 0xba, 0xc9, 0x36, 0x59 ; \ - .byte 0xbe, 0xc9, 0xb6, 0x79 - !aes_dround01 %f0, %f60, %f62, %f56 ; \ - !aes_dround23 %f2, %f60, %f62, %f58 ; \ - !aes_dround01 %f4, %f56, %f58, %f60 ; \ - !aes_dround23 %f6, %f56, %f58, %f62 - -#define MID_TWO_DROUNDS \ - .byte 0xb2, 0xca, 0x3e, 0x5d ; \ - .byte 0xb6, 0xca, 0xbe, 0x7d ; \ - .byte 0xba, 0xcb, 0x36, 0x59 ; \ - .byte 0xbe, 0xcb, 0xb6, 0x79 - !aes_dround01 %f8, %f60, %f62, %f56 ; \ - !aes_dround23 %f10, %f60, %f62, %f58 ; \ - !aes_dround01 %f12, %f56, %f58, %f60 ; \ - !aes_dround23 %f14, %f56, %f58, %f62 - -#define MID_TWO_DROUNDS_2 \ - .byte 0x8c, 0xca, 0x04, 0x40 ; \ - .byte 0x88, 0xca, 0x84, 0x60 ; \ - .byte 0xb2, 0xca, 0x3e, 0x5d ; \ - .byte 0xb6, 0xca, 0xbe, 0x7d ; \ - .byte 0x80, 0xcb, 0x08, 0x46 ; \ - .byte 0x84, 0xcb, 0x88, 0x66 ; \ - .byte 0xba, 0xcb, 0x36, 0x59 ; \ - .byte 0xbe, 0xcb, 0xb6, 0x79 - !aes_dround01 %f8, %f0, %f2, %f6 ; \ - !aes_dround23 %f10, %f0, %f2, %f4 ; \ - !aes_dround01 %f8, %f60, %f62, %f56 ; \ - !aes_dround23 %f10, %f60, %f62, %f58 ; \ - !aes_dround01 %f12, %f6, %f4, %f0 ; \ - !aes_dround23 %f14, %f6, %f4, %f2 ; \ - !aes_dround01 %f12, %f56, %f58, %f60 ; \ - !aes_dround23 %f14, %f56, %f58, %f62 - -#define TEN_DROUNDS \ - .byte 0xb2, 0xcc, 0x3e, 0x5d ; \ - .byte 0xb6, 0xcc, 0xbe, 0x7d ; \ - .byte 0xba, 0xcd, 0x36, 0x59 ; \ - .byte 0xbe, 0xcd, 0xb6, 0x79 ; \ - .byte 0xb2, 0xce, 0x3e, 0x5d ; \ - .byte 0xb6, 0xce, 0xbe, 0x7d ; \ - .byte 0xba, 0xcf, 0x36, 0x59 ; \ - .byte 0xbe, 0xcf, 0xb6, 0x79 ; \ - .byte 0xb2, 0xc8, 0x7e, 0x5d ; \ - .byte 0xb6, 0xc8, 0xfe, 0x7d ; \ - .byte 0xba, 0xc9, 0x76, 0x59 ; \ - .byte 0xbe, 0xc9, 0xf6, 0x79 ; \ - .byte 0xb2, 0xca, 0x7e, 0x5d ; \ - .byte 0xb6, 0xca, 0xfe, 0x7d ; \ - .byte 0xba, 0xcb, 0x76, 0x59 ; \ - .byte 0xbe, 0xcb, 0xf6, 0x79 ; \ - .byte 0xb2, 0xcc, 0x7e, 0x5d ; \ - .byte 0xb6, 0xcc, 0xfe, 0x7d ; \ - .byte 0xba, 0xcd, 0x76, 0xd9 ; \ - .byte 0xbe, 0xcd, 0xf6, 0xf9 - !aes_dround01 %f16, %f60, %f62, %f56 ; \ - !aes_dround23 %f18, %f60, %f62, %f58 ; \ - !aes_dround01 %f20, %f56, %f58, %f60 ; \ - !aes_dround23 %f22, %f56, %f58, %f62 ; \ - !aes_dround01 %f24, %f60, %f62, %f56 ; \ - !aes_dround23 %f26, %f60, %f62, %f58 ; \ - !aes_dround01 %f28, %f56, %f58, %f60 ; \ - !aes_dround23 %f30, %f56, %f58, %f62 ; \ - !aes_dround01 %f32, %f60, %f62, %f56 ; \ - !aes_dround23 %f34, %f60, %f62, %f58 ; \ - !aes_dround01 %f36, %f56, %f58, %f60 ; \ - !aes_dround23 %f38, %f56, %f58, %f62 ; \ - !aes_dround01 %f40, %f60, %f62, %f56 ; \ - !aes_dround23 %f42, %f60, %f62, %f58 ; \ - !aes_dround01 %f44, %f56, %f58, %f60 ; \ - !aes_dround23 %f46, %f56, %f58, %f62 ; \ - !aes_dround01 %f48, %f60, %f62, %f56 ; \ - !aes_dround23 %f50, %f60, %f62, %f58 ; \ - !aes_dround01_l %f52, %f56, %f58, %f60 ; \ - !aes_dround23_l %f54, %f56, %f58, %f62 - -#define TEN_DROUNDS_2 \ - .byte 0x8c, 0xcc, 0x04, 0x40 ; \ - .byte 0x88, 0xcc, 0x84, 0x60 ; \ - .byte 0xb2, 0xcc, 0x3e, 0x5d ; \ - .byte 0xb6, 0xcc, 0xbe, 0x7d ; \ - .byte 0x80, 0xcd, 0x08, 0x46 ; \ - .byte 0x84, 0xcd, 0x88, 0x66 ; \ - .byte 0xba, 0xcd, 0x36, 0x59 ; \ - .byte 0xbe, 0xcd, 0xb6, 0x79 ; \ - .byte 0x8c, 0xce, 0x04, 0x40 ; \ - .byte 0x88, 0xce, 0x84, 0x60 ; \ - .byte 0xb2, 0xce, 0x3e, 0x5d ; \ - .byte 0xb6, 0xce, 0xbe, 0x7d ; \ - .byte 0x80, 0xcf, 0x08, 0x46 ; \ - .byte 0x84, 0xcf, 0x88, 0x66 ; \ - .byte 0xba, 0xcf, 0x36, 0x59 ; \ - .byte 0xbe, 0xcf, 0xb6, 0x79 ; \ - .byte 0x8c, 0xc8, 0x44, 0x40 ; \ - .byte 0x88, 0xc8, 0xc4, 0x60 ; \ - .byte 0xb2, 0xc8, 0x7e, 0x5d ; \ - .byte 0xb6, 0xc8, 0xfe, 0x7d ; \ - .byte 0x80, 0xc9, 0x48, 0x46 ; \ - .byte 0x84, 0xc9, 0xc8, 0x66 ; \ - .byte 0xba, 0xc9, 0x76, 0x59 ; \ - .byte 0xbe, 0xc9, 0xf6, 0x79 ; \ - .byte 0x8c, 0xca, 0x44, 0x40 ; \ - .byte 0x88, 0xca, 0xc4, 0x60 ; \ - .byte 0xb2, 0xca, 0x7e, 0x5d ; \ - .byte 0xb6, 0xca, 0xfe, 0x7d ; \ - .byte 0x80, 0xcb, 0x48, 0x46 ; \ - .byte 0x84, 0xcb, 0xc8, 0x66 ; \ - .byte 0xba, 0xcb, 0x76, 0x59 ; \ - .byte 0xbe, 0xcb, 0xf6, 0x79 ; \ - .byte 0x8c, 0xcc, 0x44, 0x40 ; \ - .byte 0x88, 0xcc, 0xc4, 0x60 ; \ - .byte 0xb2, 0xcc, 0x7e, 0x5d ; \ - .byte 0xb6, 0xcc, 0xfe, 0x7d ; \ - .byte 0x80, 0xcd, 0x48, 0xc6 ; \ - .byte 0x84, 0xcd, 0xc8, 0xe6 ; \ - .byte 0xba, 0xcd, 0x76, 0xd9 ; \ - .byte 0xbe, 0xcd, 0xf6, 0xf9 - !aes_dround01 %f16, %f0, %f2, %f6 ; \ - !aes_dround23 %f18, %f0, %f2, %f4 ; \ - !aes_dround01 %f16, %f60, %f62, %f56 ; \ - !aes_dround23 %f18, %f60, %f62, %f58 ; \ - !aes_dround01 %f20, %f6, %f4, %f0 ; \ - !aes_dround23 %f22, %f6, %f4, %f2 ; \ - !aes_dround01 %f20, %f56, %f58, %f60 ; \ - !aes_dround23 %f22, %f56, %f58, %f62 ; \ - !aes_dround01 %f24, %f0, %f2, %f6 ; \ - !aes_dround23 %f26, %f0, %f2, %f4 ; \ - !aes_dround01 %f24, %f60, %f62, %f56 ; \ - !aes_dround23 %f26, %f60, %f62, %f58 ; \ - !aes_dround01 %f28, %f6, %f4, %f0 ; \ - !aes_dround23 %f30, %f6, %f4, %f2 ; \ - !aes_dround01 %f28, %f56, %f58, %f60 ; \ - !aes_dround23 %f30, %f56, %f58, %f62 ; \ - !aes_dround01 %f32, %f0, %f2, %f6 ; \ - !aes_dround23 %f34, %f0, %f2, %f4 ; \ - !aes_dround01 %f32, %f60, %f62, %f56 ; \ - !aes_dround23 %f34, %f60, %f62, %f58 ; \ - !aes_dround01 %f36, %f6, %f4, %f0 ; \ - !aes_dround23 %f38, %f6, %f4, %f2 ; \ - !aes_dround01 %f36, %f56, %f58, %f60 ; \ - !aes_dround23 %f38, %f56, %f58, %f62 ; \ - !aes_dround01 %f40, %f0, %f2, %f6 ; \ - !aes_dround23 %f42, %f0, %f2, %f4 ; \ - !aes_dround01 %f40, %f60, %f62, %f56 ; \ - !aes_dround23 %f42, %f60, %f62, %f58 ; \ - !aes_dround01 %f44, %f6, %f4, %f0 ; \ - !aes_dround23 %f46, %f6, %f4, %f2 ; \ - !aes_dround01 %f44, %f56, %f58, %f60 ; \ - !aes_dround23 %f46, %f56, %f58, %f62 ; \ - !aes_dround01 %f48, %f0, %f2, %f6 ; \ - !aes_dround23 %f50, %f0, %f2, %f4 ; \ - !aes_dround01 %f48, %f60, %f62, %f56 ; \ - !aes_dround23 %f50, %f60, %f62, %f58 ; \ - !aes_dround01_l %f52, %f6, %f4, %f0 ; \ - !aes_dround23_l %f54, %f6, %f4, %f2 ; \ - !aes_dround01_l %f52, %f56, %f58, %f60 ; \ - !aes_dround23_l %f54, %f56, %f58, %f62 - -#define TWELVE_DROUNDS \ - MID_TWO_DROUNDS ; \ - TEN_DROUNDS - -#define TWELVE_DROUNDS_2 \ - MID_TWO_DROUNDS_2 ; \ - TEN_DROUNDS_2 - -#define FOURTEEN_DROUNDS \ - FIRST_TWO_DROUNDS ; \ - TWELVE_DROUNDS - -#define FOURTEEN_DROUNDS_2 \ - .byte 0xb0, 0xc8, 0x2c, 0x54 ; \ - .byte 0xac, 0xc8, 0xac, 0x74 ; \ - ldd [%o0 + 0x80], %f20 ; \ - .byte 0xb2, 0xc8, 0x3e, 0x5d ; \ - .byte 0xb6, 0xc8, 0xbe, 0x7d ; \ - .byte 0x80, 0xc9, 0x2c, 0x58 ; \ - .byte 0x84, 0xc9, 0xac, 0x78 ; \ - ldd [%o0 + 0x88], %f22 ; \ - .byte 0xba, 0xc9, 0x36, 0x59 ; \ - ldd [%o0 + 0x70], %f24 ; \ - .byte 0xbe, 0xc9, 0xb6, 0x79 ; \ - .byte 0x8c, 0xca, 0x04, 0x40 ; \ - .byte 0x88, 0xca, 0x84, 0x60 ; \ - .byte 0xb2, 0xca, 0x3e, 0x5d ; \ - .byte 0xb6, 0xca, 0xbe, 0x7d ; \ - .byte 0x80, 0xcb, 0x08, 0x46 ; \ - .byte 0x84, 0xcb, 0x88, 0x66 ; \ - .byte 0xba, 0xcb, 0x36, 0x59 ; \ - .byte 0xbe, 0xcb, 0xb6, 0x79 ; \ - .byte 0x8c, 0xcc, 0x04, 0x40 ; \ - .byte 0x88, 0xcc, 0x84, 0x60 ; \ - .byte 0xb2, 0xcc, 0x3e, 0x5d ; \ - .byte 0xb6, 0xcc, 0xbe, 0x7d ; \ - .byte 0x80, 0xcd, 0x08, 0x46 ; \ - .byte 0x84, 0xcd, 0x88, 0x66 ; \ - .byte 0xba, 0xcd, 0x36, 0x59 ; \ - .byte 0xbe, 0xcd, 0xb6, 0x79 ; \ - .byte 0x8c, 0xce, 0x04, 0x40 ; \ - .byte 0x88, 0xce, 0x84, 0x60 ; \ - .byte 0xb2, 0xce, 0x3e, 0x5d ; \ - .byte 0xb6, 0xce, 0xbe, 0x7d ; \ - .byte 0x80, 0xcf, 0x08, 0x46 ; \ - .byte 0x84, 0xcf, 0x88, 0x66 ; \ - .byte 0xba, 0xcf, 0x36, 0x59 ; \ - .byte 0xbe, 0xcf, 0xb6, 0x79 ; \ - .byte 0x8c, 0xc8, 0x44, 0x40 ; \ - .byte 0x88, 0xc8, 0xc4, 0x60 ; \ - .byte 0xb2, 0xc8, 0x7e, 0x5d ; \ - .byte 0xb6, 0xc8, 0xfe, 0x7d ; \ - .byte 0x80, 0xc9, 0x48, 0x46 ; \ - .byte 0x84, 0xc9, 0xc8, 0x66 ; \ - .byte 0xba, 0xc9, 0x76, 0x59 ; \ - .byte 0xbe, 0xc9, 0xf6, 0x79 ; \ - .byte 0x8c, 0xca, 0x44, 0x40 ; \ - .byte 0x88, 0xca, 0xc4, 0x60 ; \ - .byte 0xb2, 0xca, 0x7e, 0x5d ; \ - .byte 0xb6, 0xca, 0xfe, 0x7d ; \ - .byte 0x80, 0xcb, 0x48, 0x46 ; \ - .byte 0x84, 0xcb, 0xc8, 0x66 ; \ - .byte 0xba, 0xcb, 0x76, 0x59 ; \ - .byte 0xbe, 0xcb, 0xf6, 0x79 ; \ - .byte 0x8c, 0xcc, 0x44, 0x40 ; \ - .byte 0x88, 0xcc, 0xc4, 0x60 ; \ - ldd [%o0 + 0xd0], %f0 ; \ - .byte 0xb2, 0xcc, 0x7e, 0x5d ; \ - ldd [%o0 + 0xd8], %f2 ; \ - .byte 0xb6, 0xcc, 0xfe, 0x7d ; \ - .byte 0xa8, 0xcd, 0x48, 0xc6 ; \ - .byte 0xac, 0xcd, 0xc8, 0xe6 ; \ - ldd [%o0 + 0xc0], %f4 ; \ - .byte 0xba, 0xcd, 0x76, 0xd9 ; \ - ldd [%o0 + 0xc8], %f6 ; \ - .byte 0xbe, 0xcd, 0xf6, 0xf9 - !aes_dround01 %f0, %f20, %f22, %f24 ; \ - !aes_dround23 %f2, %f20, %f22, %f22 ; \ - !ldd [%o0 + 0x80], %f20 ; \ - !aes_dround01 %f0, %f60, %f62, %f56 ; \ - !aes_dround23 %f2, %f60, %f62, %f58 ; \ - !aes_dround01 %f4, %f24, %f22, %f0 ; \ - !aes_dround23 %f6, %f24, %f22, %f2 ; \ - !ldd [%o0 + 0x88], %f22 ; \ - !aes_dround01 %f4, %f56, %f58, %f60 ; \ - !ldd [%o0 + 0x70], %f24 ; \ - !aes_dround23 %f6, %f56, %f58, %f62 ; \ - !aes_dround01 %f8, %f0, %f2, %f6 ; \ - !aes_dround23 %f10, %f0, %f2, %f4 ; \ - !aes_dround01 %f8, %f60, %f62, %f56 ; \ - !aes_dround23 %f10, %f60, %f62, %f58 ; \ - !aes_dround01 %f12, %f6, %f4, %f0 ; \ - !aes_dround23 %f14, %f6, %f4, %f2 ; \ - !aes_dround01 %f12, %f56, %f58, %f60 ; \ - !aes_dround23 %f14, %f56, %f58, %f62 ; \ - !aes_dround01 %f16, %f0, %f2, %f6 ; \ - !aes_dround23 %f18, %f0, %f2, %f4 ; \ - !aes_dround01 %f16, %f60, %f62, %f56 ; \ - !aes_dround23 %f18, %f60, %f62, %f58 ; \ - !aes_dround01 %f20, %f6, %f4, %f0 ; \ - !aes_dround23 %f22, %f6, %f4, %f2 ; \ - !aes_dround01 %f20, %f56, %f58, %f60 ; \ - !aes_dround23 %f22, %f56, %f58, %f62 ; \ - !aes_dround01 %f24, %f0, %f2, %f6 ; \ - !aes_dround23 %f26, %f0, %f2, %f4 ; \ - !aes_dround01 %f24, %f60, %f62, %f56 ; \ - !aes_dround23 %f26, %f60, %f62, %f58 ; \ - !aes_dround01 %f28, %f6, %f4, %f0 ; \ - !aes_dround23 %f30, %f6, %f4, %f2 ; \ - !aes_dround01 %f28, %f56, %f58, %f60 ; \ - !aes_dround23 %f30, %f56, %f58, %f62 ; \ - !aes_dround01 %f32, %f0, %f2, %f6 ; \ - !aes_dround23 %f34, %f0, %f2, %f4 ; \ - !aes_dround01 %f32, %f60, %f62, %f56 ; \ - !aes_dround23 %f34, %f60, %f62, %f58 ; \ - !aes_dround01 %f36, %f6, %f4, %f0 ; \ - !aes_dround23 %f38, %f6, %f4, %f2 ; \ - !aes_dround01 %f36, %f56, %f58, %f60 ; \ - !aes_dround23 %f38, %f56, %f58, %f62 ; \ - !aes_dround01 %f40, %f0, %f2, %f6 ; \ - !aes_dround23 %f42, %f0, %f2, %f4 ; \ - !aes_dround01 %f40, %f60, %f62, %f56 ; \ - !aes_dround23 %f42, %f60, %f62, %f58 ; \ - !aes_dround01 %f44, %f6, %f4, %f0 ; \ - !aes_dround23 %f46, %f6, %f4, %f2 ; \ - !aes_dround01 %f44, %f56, %f58, %f60 ; \ - !aes_dround23 %f46, %f56, %f58, %f62 ; \ - !aes_dround01 %f48, %f0, %f2, %f6 ; \ - !aes_dround23 %f50, %f0, %f2, %f4 ; \ - !ldd [%o0 + 0xd0], %f0 ; \ - !aes_dround01 %f48, %f60, %f62, %f56 ; \ - !ldd [%o0 + 0xd8], %f2 ; \ - !aes_dround23 %f50, %f60, %f62, %f58 ; \ - !aes_dround01_l %f52, %f6, %f4, %f20 ; \ - !aes_dround23_l %f54, %f6, %f4, %f22 ; \ - !ldd [%o0 + 0xc0], %f4 ; \ - !aes_dround01_l %f52, %f56, %f58, %f60 ; \ - !ldd [%o0 + 0xc8], %f6 ; \ - !aes_dround23_l %f54, %f56, %f58, %f62 - - - ENTRY(t4_aes128_load_keys_for_encrypt) - - ldd [%o0 + 0x10], %f16 - ldd [%o0 + 0x18], %f18 - ldd [%o0 + 0x20], %f20 - ldd [%o0 + 0x28], %f22 - ldd [%o0 + 0x30], %f24 - ldd [%o0 + 0x38], %f26 - ldd [%o0 + 0x40], %f28 - ldd [%o0 + 0x48], %f30 - ldd [%o0 + 0x50], %f32 - ldd [%o0 + 0x58], %f34 - ldd [%o0 + 0x60], %f36 - ldd [%o0 + 0x68], %f38 - ldd [%o0 + 0x70], %f40 - ldd [%o0 + 0x78], %f42 - ldd [%o0 + 0x80], %f44 - ldd [%o0 + 0x88], %f46 - ldd [%o0 + 0x90], %f48 - ldd [%o0 + 0x98], %f50 - ldd [%o0 + 0xa0], %f52 - retl - ldd [%o0 + 0xa8], %f54 - - SET_SIZE(t4_aes128_load_keys_for_encrypt) - - - ENTRY(t4_aes192_load_keys_for_encrypt) - - ldd [%o0 + 0x10], %f8 - ldd [%o0 + 0x18], %f10 - ldd [%o0 + 0x20], %f12 - ldd [%o0 + 0x28], %f14 - ldd [%o0 + 0x30], %f16 - ldd [%o0 + 0x38], %f18 - ldd [%o0 + 0x40], %f20 - ldd [%o0 + 0x48], %f22 - ldd [%o0 + 0x50], %f24 - ldd [%o0 + 0x58], %f26 - ldd [%o0 + 0x60], %f28 - ldd [%o0 + 0x68], %f30 - ldd [%o0 + 0x70], %f32 - ldd [%o0 + 0x78], %f34 - ldd [%o0 + 0x80], %f36 - ldd [%o0 + 0x88], %f38 - ldd [%o0 + 0x90], %f40 - ldd [%o0 + 0x98], %f42 - ldd [%o0 + 0xa0], %f44 - ldd [%o0 + 0xa8], %f46 - ldd [%o0 + 0xb0], %f48 - ldd [%o0 + 0xb8], %f50 - ldd [%o0 + 0xc0], %f52 - retl - ldd [%o0 + 0xc8], %f54 - - SET_SIZE(t4_aes192_load_keys_for_encrypt) - - - ENTRY(t4_aes256_load_keys_for_encrypt) - - ldd [%o0 + 0x10], %f0 - ldd [%o0 + 0x18], %f2 - ldd [%o0 + 0x20], %f4 - ldd [%o0 + 0x28], %f6 - ldd [%o0 + 0x30], %f8 - ldd [%o0 + 0x38], %f10 - ldd [%o0 + 0x40], %f12 - ldd [%o0 + 0x48], %f14 - ldd [%o0 + 0x50], %f16 - ldd [%o0 + 0x58], %f18 - ldd [%o0 + 0x60], %f20 - ldd [%o0 + 0x68], %f22 - ldd [%o0 + 0x70], %f24 - ldd [%o0 + 0x78], %f26 - ldd [%o0 + 0x80], %f28 - ldd [%o0 + 0x88], %f30 - ldd [%o0 + 0x90], %f32 - ldd [%o0 + 0x98], %f34 - ldd [%o0 + 0xa0], %f36 - ldd [%o0 + 0xa8], %f38 - ldd [%o0 + 0xb0], %f40 - ldd [%o0 + 0xb8], %f42 - ldd [%o0 + 0xc0], %f44 - ldd [%o0 + 0xc8], %f46 - ldd [%o0 + 0xd0], %f48 - ldd [%o0 + 0xd8], %f50 - ldd [%o0 + 0xe0], %f52 - retl - ldd [%o0 + 0xe8], %f54 - - SET_SIZE(t4_aes256_load_keys_for_encrypt) - - -#define TEST_PARALLEL_ECB_ENCRYPT -#ifdef TEST_PARALLEL_ECB_ENCRYPT - ENTRY(t4_aes128_ecb_encrypt) - - ldx [%o0], %g1 ! ks[0] - ldx [%o0 + 8], %g2 ! ks[1] - and %o3, 16, %o4 - brz %o4, ecbenc128_loop - nop - - ldx [%o1], %g3 !input - ldx [%o1 + 8], %g4 !input - xor %g1, %g3, %g3 !input ^ ks[0-1] - xor %g2, %g4, %g4 !input ^ ks[0-1] - movxtod %g3, %f60 - movxtod %g4, %f62 - - TEN_EROUNDS - - std %f60, [%o2] - std %f62, [%o2 + 8] - - add %o1, 16, %o1 - subcc %o3, 16, %o3 - be ecbenc128_loop_end - add %o2, 16, %o2 - -ecbenc128_loop: - ldx [%o1], %g3 !input - ldx [%o1 + 8], %g4 !input - xor %g1, %g3, %g3 !input ^ ks[0-1] - xor %g2, %g4, %g4 !input ^ ks[0-1] - movxtod %g3, %f0 - movxtod %g4, %f2 - ldx [%o1 + 16], %g3 !input - ldx [%o1 + 24], %g4 !input - xor %g1, %g3, %g3 !input ^ ks[0-1] - xor %g2, %g4, %g4 !input ^ ks[0-1] - movxtod %g3, %f60 - movxtod %g4, %f62 - - TEN_EROUNDS_2 - - std %f0, [%o2] - std %f2, [%o2 + 8] - - std %f60, [%o2 + 16] - std %f62, [%o2 + 24] - - add %o1, 32, %o1 - subcc %o3, 32, %o3 - bne ecbenc128_loop - add %o2, 32, %o2 -ecbenc128_loop_end: - retl - nop - - SET_SIZE(t4_aes128_ecb_encrypt) - - - ENTRY(t4_aes192_ecb_encrypt) - - ldx [%o0], %g1 ! ks[0] - ldx [%o0 + 8], %g2 ! ks[1] - and %o3, 16, %o4 - brz %o4, ecbenc192_loop - nop - - ldx [%o1], %g3 !input - ldx [%o1 + 8], %g4 !input - xor %g1, %g3, %g3 !input ^ ks[0-1] - xor %g2, %g4, %g4 !input ^ ks[0-1] - movxtod %g3, %f60 - movxtod %g4, %f62 - - TWELVE_EROUNDS - - std %f60, [%o2] - std %f62, [%o2 + 8] - - add %o1, 16, %o1 - subcc %o3, 16, %o3 - be ecbenc192_loop_end - add %o2, 16, %o2 - -ecbenc192_loop: - ldx [%o1], %g3 !input - ldx [%o1 + 8], %g4 !input - xor %g1, %g3, %g3 !input ^ ks[0-1] - xor %g2, %g4, %g4 !input ^ ks[0-1] - movxtod %g3, %f0 - movxtod %g4, %f2 - ldx [%o1 + 16], %g3 !input - ldx [%o1 + 24], %g4 !input - xor %g1, %g3, %g3 !input ^ ks[0-1] - xor %g2, %g4, %g4 !input ^ ks[0-1] - movxtod %g3, %f60 - movxtod %g4, %f62 - - TWELVE_EROUNDS_2 - - std %f0, [%o2] - std %f2, [%o2 + 8] - - std %f60, [%o2 + 16] - std %f62, [%o2 + 24] - - add %o1, 32, %o1 - subcc %o3, 32, %o3 - bne ecbenc192_loop - add %o2, 32, %o2 -ecbenc192_loop_end: - retl - nop - - SET_SIZE(t4_aes192_ecb_encrypt) - - - ENTRY(t4_aes256_ecb_encrypt) - - ldx [%o0], %g1 ! ks[0] - ldx [%o0 + 8], %g2 ! ks[1] - and %o3, 16, %o4 - brz %o4, ecbenc256_loop - nop - - ldx [%o1], %g3 !input - ldx [%o1 + 8], %g4 !input - xor %g1, %g3, %g3 !input ^ ks[0-1] - xor %g2, %g4, %g4 !input ^ ks[0-1] - movxtod %g3, %f60 - movxtod %g4, %f62 - - FOURTEEN_EROUNDS - - std %f60, [%o2] - std %f62, [%o2 + 8] - - add %o1, 16, %o1 - subcc %o3, 16, %o3 - be ecbenc256_loop_end - add %o2, 16, %o2 - -ecbenc256_loop: - ldx [%o1], %g3 !input - ldx [%o1 + 8], %g4 !input - xor %g1, %g3, %g3 !input ^ ks[0-1] - xor %g2, %g4, %g4 !input ^ ks[0-1] - movxtod %g3, %f20 - movxtod %g4, %f22 - ldx [%o1 + 16], %g3 !input - ldx [%o1 + 24], %g4 !input - xor %g1, %g3, %g3 !input ^ ks[0-1] - xor %g2, %g4, %g4 !input ^ ks[0-1] - movxtod %g3, %f60 - movxtod %g4, %f62 - - FOURTEEN_EROUNDS_2 - - std %f20, [%o2] - std %f22, [%o2 + 8] - - std %f60, [%o2 + 16] - std %f62, [%o2 + 24] - - add %o1, 32, %o1 - subcc %o3, 32, %o3 - bne ecbenc256_loop - add %o2, 32, %o2 - - ldd [%o0 + 0x60], %f20 - ldd [%o0 + 0x68], %f22 - -ecbenc256_loop_end: - retl - nop - - SET_SIZE(t4_aes256_ecb_encrypt) - -#else - - ENTRY(t4_aes128_ecb_encrypt) - - ldx [%o0], %g1 ! ks[0] - ldx [%o0 + 8], %g2 ! ks[1] - -ecbenc128_loop: - ldx [%o1], %g3 !input - ldx [%o1 + 8], %g4 !input - xor %g1, %g3, %g3 !input ^ ks[0-1] - xor %g2, %g4, %g4 !input ^ ks[0-1] - movxtod %g3, %f60 - movxtod %g4, %f62 - - TEN_EROUNDS - - std %f60, [%o2] - std %f62, [%o2 + 8] - - add %o1, 16, %o1 - subcc %o3, 16, %o3 - bne ecbenc128_loop - add %o2, 16, %o2 - - retl - nop - - SET_SIZE(t4_aes128_ecb_encrypt) - - - ENTRY(t4_aes192_ecb_encrypt) - - ldx [%o0], %g1 ! ks[0] - ldx [%o0 + 8], %g2 ! ks[1] - -ecbenc192_loop: - ldx [%o1], %g3 !input - ldx [%o1 + 8], %g4 !input - xor %g1, %g3, %g3 !input ^ ks[0-1] - xor %g2, %g4, %g4 !input ^ ks[0-1] - movxtod %g3, %f60 - movxtod %g4, %f62 - - TWELVE_EROUNDS - - std %f60, [%o2] - std %f62, [%o2 + 8] - - add %o1, 16, %o1 - subcc %o3, 16, %o3 - bne ecbenc192_loop - add %o2, 16, %o2 - - retl - nop - - SET_SIZE(t4_aes192_ecb_encrypt) - - - ENTRY(t4_aes256_ecb_encrypt) - - ldx [%o0], %g1 ! ks[0] - ldx [%o0 + 8], %g2 ! ks[1] - -ecbenc256_loop: - ldx [%o1], %g3 !input - ldx [%o1 + 8], %g4 !input - xor %g1, %g3, %g3 !input ^ ks[0-1] - xor %g2, %g4, %g4 !input ^ ks[0-1] - movxtod %g3, %f60 - movxtod %g4, %f62 - - FOURTEEN_EROUNDS - - std %f60, [%o2] - std %f62, [%o2 + 8] - - add %o1, 16, %o1 - subcc %o3, 16, %o3 - bne ecbenc256_loop - add %o2, 16, %o2 - - retl - nop - - SET_SIZE(t4_aes256_ecb_encrypt) -#endif - - - ENTRY(t4_aes128_cbc_encrypt) - - ldd [%o4], %f60 ! IV - ldd [%o4 +8], %f62 ! IV - ldx [%o0], %g1 ! ks[0] - ldx [%o0 + 8], %g2 ! ks[1] - -cbcenc128_loop: - ldx [%o1], %g3 !input - ldx [%o1 + 8], %g4 !input - xor %g1, %g3, %g3 !input ^ ks[0-1] - xor %g2, %g4, %g4 !input ^ ks[0-1] - movxtod %g3, %f56 - movxtod %g4, %f58 - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - - TEN_EROUNDS - - std %f60, [%o2] - std %f62, [%o2 + 8] - - add %o1, 16, %o1 - subcc %o3, 16, %o3 - bne cbcenc128_loop - add %o2, 16, %o2 - - std %f60, [%o4] - retl - std %f62, [%o4 + 8] - - SET_SIZE(t4_aes128_cbc_encrypt) - - - ENTRY(t4_aes192_cbc_encrypt) - - ldd [%o4], %f60 ! IV - ldd [%o4 + 8], %f62 ! IV - ldx [%o0], %g1 ! ks[0] - ldx [%o0 + 8], %g2 ! ks[1] - -cbcenc192_loop: - ldx [%o1], %g3 !input - ldx [%o1 + 8], %g4 !input - xor %g1, %g3, %g3 !input ^ ks[0-1] - xor %g2, %g4, %g4 !input ^ ks[0-1] - movxtod %g3, %f56 - movxtod %g4, %f58 - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - - TWELVE_EROUNDS - - std %f60, [%o2] - std %f62, [%o2 + 8] - - add %o1, 16, %o1 - subcc %o3, 16, %o3 - bne cbcenc192_loop - add %o2, 16, %o2 - - std %f60, [%o4] - retl - std %f62, [%o4 + 8] - - SET_SIZE(t4_aes192_cbc_encrypt) - - - ENTRY(t4_aes256_cbc_encrypt) - - ldd [%o4], %f60 ! IV - ldd [%o4 + 8], %f62 ! IV - ldx [%o0], %g1 ! ks[0] - ldx [%o0 + 8], %g2 ! ks[1] - -cbcenc256_loop: - ldx [%o1], %g3 !input - ldx [%o1 + 8], %g4 !input - xor %g1, %g3, %g3 !input ^ ks[0-1] - xor %g2, %g4, %g4 !input ^ ks[0-1] - movxtod %g3, %f56 - movxtod %g4, %f58 - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - - FOURTEEN_EROUNDS - - std %f60, [%o2] - std %f62, [%o2 + 8] - - add %o1, 16, %o1 - subcc %o3, 16, %o3 - bne cbcenc256_loop - add %o2, 16, %o2 - - std %f60, [%o4] - retl - std %f62, [%o4 + 8] - - SET_SIZE(t4_aes256_cbc_encrypt) - - -#define TEST_PARALLEL_CTR_CRYPT -#ifdef TEST_PARALLEL_CTR_CRYPT - ENTRY(t4_aes128_ctr_crypt) - - ldx [%o4], %g3 ! IV - ldx [%o4 +8], %g4 ! IV - ldx [%o0], %g1 ! ks[0] - ldx [%o0 + 8], %g2 ! ks[1] - and %o3, 16, %g5 - brz, %g5, ctr128_loop - - xor %g1, %g3, %g5 - movxtod %g5, %f60 - xor %g2, %g4, %g5 - movxtod %g5, %f62 - inc %g4 - - TEN_EROUNDS - - ldd [%o1], %f56 !input - ldd [%o1 + 8], %f58 !input - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - std %f60, [%o2] - std %f62, [%o2 + 8] - - add %o1, 16, %o1 - subcc %o3, 16, %o3 - be ctr128_loop_end - add %o2, 16, %o2 - -ctr128_loop: - xor %g1, %g3, %g5 - movxtod %g5, %f0 - xor %g2, %g4, %g5 - movxtod %g5, %f2 - inc %g4 - - xor %g1, %g3, %g5 - movxtod %g5, %f60 - xor %g2, %g4, %g5 - movxtod %g5, %f62 - inc %g4 - - TEN_EROUNDS_2 - - ldd [%o1], %f6 !input - ldd [%o1 + 8], %f4 !input - ldd [%o1 + 16], %f56 !input - ldd [%o1 + 24], %f58 !input - fxor %f0, %f6, %f0 - fxor %f2, %f4, %f2 - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - std %f0, [%o2] - std %f2, [%o2 + 8] - std %f60, [%o2 + 16] - std %f62, [%o2 + 24] - - add %o1, 32, %o1 - subcc %o3, 32, %o3 - bne ctr128_loop - add %o2, 32, %o2 - -ctr128_loop_end: - stx %g3, [%o4] - retl - stx %g4, [%o4 + 8] - - SET_SIZE(t4_aes128_ctr_crypt) - - - ENTRY(t4_aes192_ctr_crypt) - - ldx [%o4], %g3 ! IV - ldx [%o4 +8], %g4 ! IV - ldx [%o0], %g1 ! ks[0] - ldx [%o0 + 8], %g2 ! ks[1] - and %o3, 16, %g5 - brz, %g5, ctr192_loop - - xor %g1, %g3, %g5 - movxtod %g5, %f60 - xor %g2, %g4, %g5 - movxtod %g5, %f62 - inc %g4 - - TWELVE_EROUNDS - - ldd [%o1], %f56 !input - ldd [%o1 + 8], %f58 !input - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - std %f60, [%o2] - std %f62, [%o2 + 8] - - add %o1, 16, %o1 - subcc %o3, 16, %o3 - be ctr192_loop_end - add %o2, 16, %o2 - -ctr192_loop: - xor %g1, %g3, %g5 - movxtod %g5, %f0 - xor %g2, %g4, %g5 - movxtod %g5, %f2 - inc %g4 - - xor %g1, %g3, %g5 - movxtod %g5, %f60 - xor %g2, %g4, %g5 - movxtod %g5, %f62 - inc %g4 - - TWELVE_EROUNDS_2 - - ldd [%o1], %f6 !input - ldd [%o1 + 8], %f4 !input - ldd [%o1 + 16], %f56 !input - ldd [%o1 + 24], %f58 !input - fxor %f0, %f6, %f0 - fxor %f2, %f4, %f2 - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - std %f0, [%o2] - std %f2, [%o2 + 8] - std %f60, [%o2 + 16] - std %f62, [%o2 + 24] - - add %o1, 32, %o1 - subcc %o3, 32, %o3 - bne ctr192_loop - add %o2, 32, %o2 - -ctr192_loop_end: - stx %g3, [%o4] - retl - stx %g4, [%o4 + 8] - - SET_SIZE(t4_aes192_ctr_crypt) - - - ENTRY(t4_aes256_ctr_crypt) - - ldx [%o4], %g3 ! IV - ldx [%o4 +8], %g4 ! IV - ldx [%o0], %g1 ! ks[0] - ldx [%o0 + 8], %g2 ! ks[1] - and %o3, 16, %g5 - brz, %g5, ctr256_loop - - xor %g1, %g3, %g5 - movxtod %g5, %f60 - xor %g2, %g4, %g5 - movxtod %g5, %f62 - inc %g4 - - FOURTEEN_EROUNDS - - ldd [%o1], %f56 !input - ldd [%o1 + 8], %f58 !input - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - std %f60, [%o2] - std %f62, [%o2 + 8] - - add %o1, 16, %o1 - subcc %o3, 16, %o3 - be ctr256_loop_end - add %o2, 16, %o2 - -ctr256_loop: - xor %g1, %g3, %g5 - movxtod %g5, %f20 - xor %g2, %g4, %g5 - movxtod %g5, %f22 - inc %g4 - - xor %g1, %g3, %g5 - movxtod %g5, %f60 - xor %g2, %g4, %g5 - movxtod %g5, %f62 - inc %g4 - - FOURTEEN_EROUNDS_2 - - ldd [%o1], %f56 !input - ldd [%o1 + 8], %f58 !input - fxor %f20, %f56, %f20 - fxor %f22, %f58, %f22 - ldd [%o1 + 16], %f56 !input - ldd [%o1 + 24], %f58 !input - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - std %f20, [%o2] - std %f22, [%o2 + 8] - std %f60, [%o2 + 16] - std %f62, [%o2 + 24] - - add %o1, 32, %o1 - subcc %o3, 32, %o3 - bne ctr256_loop - add %o2, 32, %o2 - - ldd [%o0 + 0x60], %f20 - ldd [%o0 + 0x68], %f22 - -ctr256_loop_end: - stx %g3, [%o4] - retl - stx %g4, [%o4 + 8] - - SET_SIZE(t4_aes256_ctr_crypt) - -#else - - ENTRY(t4_aes128_ctr_crypt) - - ldx [%o4], %g3 ! IV - ldx [%o4 +8], %g4 ! IV - ldx [%o0], %g1 ! ks[0] - ldx [%o0 + 8], %g2 ! ks[1] - -ctr128_loop: - xor %g1, %g3, %g5 - movxtod %g5, %f60 - xor %g2, %g4, %g5 - movxtod %g5, %f62 - inc %g4 - - TEN_EROUNDS - - ldd [%o1], %f56 !input - ldd [%o1 + 8], %f58 !input - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - std %f60, [%o2] - std %f62, [%o2 + 8] - - add %o1, 16, %o1 - subcc %o3, 16, %o3 - bne ctr128_loop - add %o2, 16, %o2 - - stx %g3, [%o4] - retl - stx %g4, [%o4 + 8] - - SET_SIZE(t4_aes128_ctr_crypt) - - ENTRY(t4_aes192_ctr_crypt) - - ldx [%o4], %g3 ! IV - ldx [%o4 +8], %g4 ! IV - ldx [%o0], %g1 ! ks[0] - ldx [%o0 + 8], %g2 ! ks[1] - -ctr192_loop: - xor %g1, %g3, %g5 - movxtod %g5, %f60 - xor %g2, %g4, %g5 - movxtod %g5, %f62 - inc %g4 - - TWELVE_EROUNDS - - ldd [%o1], %f56 !input - ldd [%o1 + 8], %f58 !input - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - std %f60, [%o2] - std %f62, [%o2 + 8] - - add %o1, 16, %o1 - subcc %o3, 16, %o3 - bne ctr192_loop - add %o2, 16, %o2 - - stx %g3, [%o4] - retl - stx %g4, [%o4 + 8] - - SET_SIZE(t4_aes192_ctr_crypt) - - - ENTRY(t4_aes256_ctr_crypt) - - ldx [%o4], %g3 ! IV - ldx [%o4 +8], %g4 ! IV - ldx [%o0], %g1 ! ks[0] - ldx [%o0 + 8], %g2 ! ks[1] - -ctr256_loop: - xor %g1, %g3, %g5 - movxtod %g5, %f60 - xor %g2, %g4, %g5 - movxtod %g5, %f62 - inc %g4 - - FOURTEEN_EROUNDS - - ldd [%o1], %f56 !input - ldd [%o1 + 8], %f58 !input - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - std %f60, [%o2] - std %f62, [%o2 + 8] - - add %o1, 16, %o1 - subcc %o3, 16, %o3 - bne ctr256_loop - add %o2, 16, %o2 - - stx %g3, [%o4] - retl - stx %g4, [%o4 + 8] - - SET_SIZE(t4_aes256_ctr_crypt) - -#endif - - ENTRY(t4_aes128_cfb128_encrypt) - - ldd [%o4], %f60 ! IV - ldd [%o4 +8], %f62 ! IV - ldx [%o0], %g1 ! ks[0] - ldx [%o0 + 8], %g2 ! ks[1] - -cfb128_128_loop: - movxtod %g1, %f56 - movxtod %g2, %f58 - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - - TEN_EROUNDS - - ldd [%o1], %f56 !input - ldd [%o1 + 8], %f58 !input - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - - std %f60, [%o2] - std %f62, [%o2 + 8] - - add %o1, 16, %o1 - subcc %o3, 16, %o3 - bne cfb128_128_loop - add %o2, 16, %o2 - - std %f60, [%o4] - retl - std %f62, [%o4 + 8] - - SET_SIZE(t4_aes128_cfb128_encrypt) - - - ENTRY(t4_aes192_cfb128_encrypt) - - ldd [%o4], %f60 ! IV - ldd [%o4 +8], %f62 ! IV - ldx [%o0], %g1 ! ks[0] - ldx [%o0 + 8], %g2 ! ks[1] - -cfb128_192_loop: - movxtod %g1, %f56 - movxtod %g2, %f58 - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - - TWELVE_EROUNDS - - ldd [%o1], %f56 !input - ldd [%o1 + 8], %f58 !input - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - - std %f60, [%o2] - std %f62, [%o2 + 8] - - add %o1, 16, %o1 - subcc %o3, 16, %o3 - bne cfb128_192_loop - add %o2, 16, %o2 - - std %f60, [%o4] - retl - std %f62, [%o4 + 8] - - SET_SIZE(t4_aes192_cfb128_encrypt) - - - ENTRY(t4_aes256_cfb128_encrypt) - - ldd [%o4], %f60 ! IV - ldd [%o4 +8], %f62 ! IV - ldx [%o0], %g1 ! ks[0] - ldx [%o0 + 8], %g2 ! ks[1] - -cfb128_256_loop: - movxtod %g1, %f56 - movxtod %g2, %f58 - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - - FOURTEEN_EROUNDS - - ldd [%o1], %f56 !input - ldd [%o1 + 8], %f58 !input - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - - std %f60, [%o2] - std %f62, [%o2 + 8] - - add %o1, 16, %o1 - subcc %o3, 16, %o3 - bne cfb128_256_loop - add %o2, 16, %o2 - - std %f60, [%o4] - retl - std %f62, [%o4 + 8] - - SET_SIZE(t4_aes256_cfb128_encrypt) - - - ENTRY(t4_aes128_load_keys_for_decrypt) - - ldd [%o0], %f52 - ldd [%o0 + 0x8], %f54 - ldd [%o0 + 0x10], %f48 - ldd [%o0 + 0x18], %f50 - ldd [%o0 + 0x20], %f44 - ldd [%o0 + 0x28], %f46 - ldd [%o0 + 0x30], %f40 - ldd [%o0 + 0x38], %f42 - ldd [%o0 + 0x40], %f36 - ldd [%o0 + 0x48], %f38 - ldd [%o0 + 0x50], %f32 - ldd [%o0 + 0x58], %f34 - ldd [%o0 + 0x60], %f28 - ldd [%o0 + 0x68], %f30 - ldd [%o0 + 0x70], %f24 - ldd [%o0 + 0x78], %f26 - ldd [%o0 + 0x80], %f20 - ldd [%o0 + 0x88], %f22 - ldd [%o0 + 0x90], %f16 - retl - ldd [%o0 + 0x98], %f18 - - SET_SIZE(t4_aes128_load_keys_for_decrypt) - - - ENTRY(t4_aes192_load_keys_for_decrypt) - - ldd [%o0], %f52 - ldd [%o0 + 0x8], %f54 - ldd [%o0 + 0x10], %f48 - ldd [%o0 + 0x18], %f50 - ldd [%o0 + 0x20], %f44 - ldd [%o0 + 0x28], %f46 - ldd [%o0 + 0x30], %f40 - ldd [%o0 + 0x38], %f42 - ldd [%o0 + 0x40], %f36 - ldd [%o0 + 0x48], %f38 - ldd [%o0 + 0x50], %f32 - ldd [%o0 + 0x58], %f34 - ldd [%o0 + 0x60], %f28 - ldd [%o0 + 0x68], %f30 - ldd [%o0 + 0x70], %f24 - ldd [%o0 + 0x78], %f26 - ldd [%o0 + 0x80], %f20 - ldd [%o0 + 0x88], %f22 - ldd [%o0 + 0x90], %f16 - ldd [%o0 + 0x98], %f18 - ldd [%o0 + 0xa0], %f12 - ldd [%o0 + 0xa8], %f14 - ldd [%o0 + 0xb0], %f8 - retl - ldd [%o0 + 0xb8], %f10 - - SET_SIZE(t4_aes192_load_keys_for_decrypt) - - - ENTRY(t4_aes256_load_keys_for_decrypt) - - - ldd [%o0], %f52 - ldd [%o0 + 0x8], %f54 - ldd [%o0 + 0x10], %f48 - ldd [%o0 + 0x18], %f50 - ldd [%o0 + 0x20], %f44 - ldd [%o0 + 0x28], %f46 - ldd [%o0 + 0x30], %f40 - ldd [%o0 + 0x38], %f42 - ldd [%o0 + 0x40], %f36 - ldd [%o0 + 0x48], %f38 - ldd [%o0 + 0x50], %f32 - ldd [%o0 + 0x58], %f34 - ldd [%o0 + 0x60], %f28 - ldd [%o0 + 0x68], %f30 - ldd [%o0 + 0x70], %f24 - ldd [%o0 + 0x78], %f26 - ldd [%o0 + 0x80], %f20 - ldd [%o0 + 0x88], %f22 - ldd [%o0 + 0x90], %f16 - ldd [%o0 + 0x98], %f18 - ldd [%o0 + 0xa0], %f12 - ldd [%o0 + 0xa8], %f14 - ldd [%o0 + 0xb0], %f8 - ldd [%o0 + 0xb8], %f10 - ldd [%o0 + 0xc0], %f4 - ldd [%o0 + 0xc8], %f6 - ldd [%o0 + 0xd0], %f0 - retl - ldd [%o0 + 0xd8], %f2 - - SET_SIZE(t4_aes256_load_keys_for_decrypt) - - -#define TEST_PARALLEL_ECB_DECRYPT -#ifdef TEST_PARALLEL_ECB_DECRYPT - ENTRY(t4_aes128_ecb_decrypt) - - ldx [%o0 + 0xa0], %g1 !ks[last-1] - ldx [%o0 + 0xa8], %g2 !ks[last] - and %o3, 16, %o4 - brz %o4, ecbdec128_loop - nop - - ldx [%o1], %o4 - ldx [%o1 + 8], %o5 - xor %g1, %o4, %g3 !initial ARK - movxtod %g3, %f60 - xor %g2, %o5, %g3 !initial ARK - movxtod %g3, %f62 - - TEN_DROUNDS - - std %f60, [%o2] - std %f62, [%o2 + 0x8] - - add %o1, 16, %o1 - subcc %o3, 16, %o3 - be ecbdec128_loop_end - add %o2, 16, %o2 - -ecbdec128_loop: - ldx [%o1], %o4 - ldx [%o1 + 8], %o5 - xor %g1, %o4, %g3 !initial ARK - movxtod %g3, %f0 - xor %g2, %o5, %g3 !initial ARK - movxtod %g3, %f2 - ldx [%o1 + 16], %o4 - ldx [%o1 + 24], %o5 - xor %g1, %o4, %g3 !initial ARK - movxtod %g3, %f60 - xor %g2, %o5, %g3 !initial ARK - movxtod %g3, %f62 - - TEN_DROUNDS_2 - - std %f0, [%o2] - std %f2, [%o2 + 8] - std %f60, [%o2 + 16] - std %f62, [%o2 + 24] - - add %o1, 32, %o1 - subcc %o3, 32, %o3 - bne ecbdec128_loop - add %o2, 32, %o2 -ecbdec128_loop_end: - - retl - nop - - SET_SIZE(t4_aes128_ecb_decrypt) - - ENTRY(t4_aes192_ecb_decrypt) - - ldx [%o0 + 0xc0], %g1 !ks[last-1] - ldx [%o0 + 0xc8], %g2 !ks[last] - and %o3, 16, %o4 - brz %o4, ecbdec192_loop - nop - - ldx [%o1], %o4 - ldx [%o1 + 8], %o5 - xor %g1, %o4, %g3 !initial ARK - movxtod %g3, %f60 - xor %g2, %o5, %g3 !initial ARK - movxtod %g3, %f62 - - TWELVE_DROUNDS - - std %f60, [%o2] - std %f62, [%o2 + 0x8] - - add %o1, 16, %o1 - subcc %o3, 16, %o3 - be ecbdec192_loop_end - add %o2, 16, %o2 - -ecbdec192_loop: - ldx [%o1], %o4 - ldx [%o1 + 8], %o5 - xor %g1, %o4, %g3 !initial ARK - movxtod %g3, %f0 - xor %g2, %o5, %g3 !initial ARK - movxtod %g3, %f2 - ldx [%o1 + 16], %o4 - ldx [%o1 + 24], %o5 - xor %g1, %o4, %g3 !initial ARK - movxtod %g3, %f60 - xor %g2, %o5, %g3 !initial ARK - movxtod %g3, %f62 - - TWELVE_DROUNDS_2 - - std %f0, [%o2] - std %f2, [%o2 + 8] - std %f60, [%o2 + 16] - std %f62, [%o2 + 24] - - add %o1, 32, %o1 - subcc %o3, 32, %o3 - bne ecbdec192_loop - add %o2, 32, %o2 -ecbdec192_loop_end: - - retl - nop - - SET_SIZE(t4_aes192_ecb_decrypt) - - - ENTRY(t4_aes256_ecb_decrypt) - - ldx [%o0 + 0xe0], %g1 !ks[last-1] - ldx [%o0 + 0xe8], %g2 !ks[last] - and %o3, 16, %o4 - brz %o4, ecbdec256_loop - nop - - ldx [%o1], %o4 - ldx [%o1 + 8], %o5 - xor %g1, %o4, %g3 !initial ARK - movxtod %g3, %f60 - xor %g2, %o5, %g3 !initial ARK - movxtod %g3, %f62 - - FOURTEEN_DROUNDS - - std %f60, [%o2] - std %f62, [%o2 + 0x8] - - add %o1, 16, %o1 - subcc %o3, 16, %o3 - be ecbdec256_loop_end - add %o2, 16, %o2 - -ecbdec256_loop: - ldx [%o1], %o4 - ldx [%o1 + 8], %o5 - xor %g1, %o4, %g3 !initial ARK - movxtod %g3, %f20 - xor %g2, %o5, %g3 !initial ARK - movxtod %g3, %f22 - ldx [%o1 + 16], %o4 - ldx [%o1 + 24], %o5 - xor %g1, %o4, %g3 !initial ARK - movxtod %g3, %f60 - xor %g2, %o5, %g3 !initial ARK - movxtod %g3, %f62 - - FOURTEEN_DROUNDS_2 - - std %f20, [%o2] - std %f22, [%o2 + 8] - std %f60, [%o2 + 16] - std %f62, [%o2 + 24] - - add %o1, 32, %o1 - subcc %o3, 32, %o3 - bne ecbdec256_loop - add %o2, 32, %o2 - - ldd [%o0 + 0x80], %f20 - ldd [%o0 + 0x88], %f22 - -ecbdec256_loop_end: - - retl - nop - - SET_SIZE(t4_aes256_ecb_decrypt) - -#else - - ENTRY(t4_aes128_ecb_decrypt) - - ldx [%o0 + 0xa0], %g1 !ks[last-1] - ldx [%o0 + 0xa8], %g2 !ks[last] - -ecbdec128_loop: - ldx [%o1], %o4 - ldx [%o1 + 8], %o5 - xor %g1, %o4, %g3 !initial ARK - movxtod %g3, %f60 - xor %g2, %o5, %g3 !initial ARK - movxtod %g3, %f62 - - TEN_DROUNDS - - std %f60, [%o2] - std %f62, [%o2 + 0x8] - - add %o1, 16, %o1 - subcc %o3, 16, %o3 - bne ecbdec128_loop - add %o2, 16, %o2 - - retl - nop - - SET_SIZE(t4_aes128_ecb_decrypt) - - - ENTRY(t4_aes192_ecb_decrypt) - - ldx [%o0 + 0xc0], %g1 !ks[last-1] - ldx [%o0 + 0xc8], %g2 !ks[last] - -ecbdec192_loop: - ldx [%o1], %o4 - ldx [%o1 + 8], %o5 - xor %g1, %o4, %g3 !initial ARK - movxtod %g3, %f60 - xor %g2, %o5, %g3 !initial ARK - movxtod %g3, %f62 - - TWELVE_DROUNDS - - std %f60, [%o2] - std %f62, [%o2 + 0x8] - - add %o1, 16, %o1 - subcc %o3, 16, %o3 - bne ecbdec192_loop - add %o2, 16, %o2 - - retl - nop - - SET_SIZE(t4_aes192_ecb_decrypt) - - - ENTRY(t4_aes256_ecb_decrypt) - - ldx [%o0 + 0xe0], %g1 !ks[last-1] - ldx [%o0 + 0xe8], %g2 !ks[last] - -ecbdec256_loop: - ldx [%o1], %o4 - ldx [%o1 + 8], %o5 - xor %g1, %o4, %g3 !initial ARK - movxtod %g3, %f60 - xor %g2, %o5, %g3 !initial ARK - movxtod %g3, %f62 - - FOURTEEN_DROUNDS - - std %f60, [%o2] - std %f62, [%o2 + 0x8] - - add %o1, 16, %o1 - subcc %o3, 16, %o3 - bne ecbdec256_loop - add %o2, 16, %o2 - - retl - nop - - SET_SIZE(t4_aes256_ecb_decrypt) - -#endif - -#define TEST_PARALLEL_CBC_DECRYPT -#ifdef EST_PARALLEL_CBC_DECRYPT - ENTRY(t4_aes128_cbc_decrypt) - - save %sp, -SA(MINFRAME), %sp - ldx [%i4], %o0 !IV - ldx [%i4 + 8], %o1 !IV - ldx [%i0 + 0xa0], %o2 !ks[last-1] - ldx [%i0 + 0xa8], %o3 !ks[last] - and %i3, 16, %o4 - brz %o4, cbcdec128_loop - nop - - ldx [%i1], %o4 - ldx [%i1 + 8], %o5 - xor %o2, %o4, %g1 !initial ARK - movxtod %g1, %f60 - xor %o3, %o5, %g1 !initial ARK - movxtod %g1, %f62 - - TEN_DROUNDS - - movxtod %o0, %f56 - movxtod %o1, %f58 - mov %o4, %o0 !save last block as next IV - mov %o5, %o1 - fxor %f56, %f60, %f60 !add in previous IV - fxor %f58, %f62, %f62 - - std %f60, [%i2] - std %f62, [%i2 + 0x8] - - add %i1, 16, %i1 - subcc %i3, 16, %i3 - be cbcdec128_loop_end - add %i2, 16, %i2 - - -cbcdec128_loop: - ldx [%i1], %g4 - ldx [%i1 + 8], %g5 - xor %o2, %g4, %g1 !initial ARK - movxtod %g1, %f0 - xor %o3, %g5, %g1 !initial ARK - movxtod %g1, %f2 - - ldx [%i1 + 16], %o4 - ldx [%i1 + 24], %o5 - xor %o2, %o4, %g1 !initial ARK - movxtod %g1, %f60 - xor %o3, %o5, %g1 !initial ARK - movxtod %g1, %f62 - - TEN_DROUNDS_2 - - movxtod %o0, %f6 - movxtod %o1, %f4 - fxor %f6, %f0, %f0 !add in previous IV - fxor %f4, %f2, %f2 - - std %f0, [%i2] - std %f2, [%i2 + 8] - - movxtod %g4, %f56 - movxtod %g5, %f58 - mov %o4, %o0 !save last block as next IV - mov %o5, %o1 - fxor %f56, %f60, %f60 !add in previous IV - fxor %f58, %f62, %f62 - - std %f60, [%i2 + 16] - std %f62, [%i2 + 24] - - add %i1, 32, %i1 - subcc %i3, 32, %i3 - bne cbcdec128_loop - add %i2, 32, %i2 - -cbcdec128_loop_end: - stx %o0, [%i4] - stx %o1, [%i4 + 8] - ret - restore - - SET_SIZE(t4_aes128_cbc_decrypt) - - - ENTRY(t4_aes192_cbc_decrypt) - - save %sp, -SA(MINFRAME), %sp - ldx [%i4], %o0 !IV - ldx [%i4 + 8], %o1 !IV - ldx [%i0 + 0xc0], %o2 !ks[last-1] - ldx [%i0 + 0xc8], %o3 !ks[last] - and %i3, 16, %o4 - brz %o4, cbcdec192_loop - nop - - ldx [%i1], %o4 - ldx [%i1 + 8], %o5 - xor %o2, %o4, %g1 !initial ARK - movxtod %g1, %f60 - xor %o3, %o5, %g1 !initial ARK - movxtod %g1, %f62 - - TWELVE_DROUNDS - - movxtod %o0, %f56 - movxtod %o1, %f58 - mov %o4, %o0 !save last block as next IV - mov %o5, %o1 - fxor %f56, %f60, %f60 !add in previous IV - fxor %f58, %f62, %f62 - - std %f60, [%i2] - std %f62, [%i2 + 0x8] - - add %i1, 16, %i1 - subcc %i3, 16, %i3 - be cbcdec192_loop_end - add %i2, 16, %i2 - - -cbcdec192_loop: - ldx [%i1], %g4 - ldx [%i1 + 8], %g5 - xor %o2, %g4, %g1 !initial ARK - movxtod %g1, %f0 - xor %o3, %g5, %g1 !initial ARK - movxtod %g1, %f2 - - ldx [%i1 + 16], %o4 - ldx [%i1 + 24], %o5 - xor %o2, %o4, %g1 !initial ARK - movxtod %g1, %f60 - xor %o3, %o5, %g1 !initial ARK - movxtod %g1, %f62 - - TWELVE_DROUNDS_2 - - movxtod %o0, %f6 - movxtod %o1, %f4 - fxor %f6, %f0, %f0 !add in previous IV - fxor %f4, %f2, %f2 - - std %f0, [%i2] - std %f2, [%i2 + 8] - - movxtod %g4, %f56 - movxtod %g5, %f58 - mov %o4, %o0 !save last block as next IV - mov %o5, %o1 - fxor %f56, %f60, %f60 !add in previous IV - fxor %f58, %f62, %f62 - - std %f60, [%i2 + 16] - std %f62, [%i2 + 24] - - add %i1, 32, %i1 - subcc %i3, 32, %i3 - bne cbcdec192_loop - add %i2, 32, %i2 - -cbcdec192_loop_end: - stx %o0, [%i4] - stx %o1, [%i4 + 8] - ret - restore - - SET_SIZE(t4_aes192_cbc_decrypt) - - - ENTRY(t4_aes256_cbc_decrypt) - - save %sp, -SA(MINFRAME), %sp - mov %i0, %o0 !FOURTEEN_DROUNDS uses %o0 - ldx [%i4], %g2 !IV - ldx [%i4 + 8], %o1 !IV - ldx [%o0 + 0xe0], %o2 !ks[last-1] - ldx [%o0 + 0xe8], %o3 !ks[last] - and %i3, 16, %o4 - brz %o4, cbcdec256_loop - nop - - ldx [%i1], %o4 - ldx [%i1 + 8], %o5 - xor %o2, %o4, %g1 !initial ARK - movxtod %g1, %f60 - xor %o3, %o5, %g1 !initial ARK - movxtod %g1, %f62 - - FOURTEEN_DROUNDS - - movxtod %g2, %f56 - movxtod %o1, %f58 - mov %o4, %g2 !save last block as next IV - mov %o5, %o1 - fxor %f56, %f60, %f60 !add in previous IV - fxor %f58, %f62, %f62 - - std %f60, [%i2] - std %f62, [%i2 + 0x8] - - add %i1, 16, %i1 - subcc %i3, 16, %i3 - be cbcdec256_loop_end - add %i2, 16, %i2 - - -cbcdec256_loop: - ldx [%i1], %g4 - ldx [%i1 + 8], %g5 - xor %o2, %g4, %g1 !initial ARK - movxtod %g1, %f20 - xor %o3, %g5, %g1 !initial ARK - movxtod %g1, %f22 - - ldx [%i1 + 16], %o4 - ldx [%i1 + 24], %o5 - xor %o2, %o4, %g1 !initial ARK - movxtod %g1, %f60 - xor %o3, %o5, %g1 !initial ARK - movxtod %g1, %f62 - - FOURTEEN_DROUNDS_2 - - movxtod %g2, %f56 - movxtod %o1, %f58 - fxor %f56, %f20, %f20 !add in previous IV - fxor %f58, %f22, %f22 - - std %f20, [%i2] - std %f22, [%i2 + 8] - - movxtod %g4, %f56 - movxtod %g5, %f58 - mov %o4, %g2 !save last block as next IV - mov %o5, %o1 - fxor %f56, %f60, %f60 !add in previous IV - fxor %f58, %f62, %f62 - - std %f60, [%i2 + 16] - std %f62, [%i2 + 24] - - add %i1, 32, %i1 - subcc %i3, 32, %i3 - bne cbcdec256_loop - add %i2, 32, %i2 - - ldd [%o0 + 0x80], %f20 - ldd [%o0 + 0x88], %f22 - -cbcdec256_loop_end: - stx %g2, [%i4] - stx %o1, [%i4 + 8] - ret - restore - - SET_SIZE(t4_aes256_cbc_decrypt) - -#else - - ENTRY(t4_aes128_cbc_decrypt) - - save %sp, -SA(MINFRAME), %sp - ldx [%i4], %o0 !IV - ldx [%i4 + 8], %o1 !IV - ldx [%i0 + 0xa0], %o2 !ks[last-1] - ldx [%i0 + 0xa8], %o3 !ks[last] - -cbcdec128_loop: - ldx [%i1], %o4 - ldx [%i1 + 8], %o5 - xor %o2, %o4, %g1 !initial ARK - movxtod %g1, %f60 - xor %o3, %o5, %g1 !initial ARK - movxtod %g1, %f62 - - TEN_DROUNDS - - movxtod %o0, %f56 - movxtod %o1, %f58 - mov %o4, %o0 !save last block as next IV - mov %o5, %o1 - fxor %f56, %f60, %f60 !add in previous IV - fxor %f58, %f62, %f62 - - std %f60, [%i2] - std %f62, [%i2 + 0x8] - - add %i1, 16, %i1 - subcc %i3, 16, %i3 - bne cbcdec128_loop - add %i2, 16, %i2 - - stx %o0, [%i4] - stx %o1, [%i4 + 8] - ret - restore - - SET_SIZE(t4_aes128_cbc_decrypt) - - - ENTRY(t4_aes192_cbc_decrypt) - - save %sp, -SA(MINFRAME), %sp - ldx [%i4], %o0 !IV - ldx [%i4 + 8], %o1 !IV - ldx [%i0 + 0xc0], %o2 !ks[last-1] - ldx [%i0 + 0xc8], %o3 !ks[last] - -cbcdec192_loop: - ldx [%i1], %o4 - ldx [%i1 + 8], %o5 - xor %o2, %o4, %g1 !initial ARK - movxtod %g1, %f60 - xor %o3, %o5, %g1 !initial ARK - movxtod %g1, %f62 - - TWELVE_DROUNDS - - movxtod %o0, %f56 - movxtod %o1, %f58 - mov %o4, %o0 !save last block as next IV - mov %o5, %o1 - fxor %f56, %f60, %f60 !add in previous IV - fxor %f58, %f62, %f62 - - std %f60, [%i2] - std %f62, [%i2 + 0x8] - - add %i1, 16, %i1 - subcc %i3, 16, %i3 - bne cbcdec192_loop - add %i2, 16, %i2 - - stx %o0, [%i4] - stx %o1, [%i4 + 8] - ret - restore - - SET_SIZE(t4_aes192_cbc_decrypt) - - - ENTRY(t4_aes256_cbc_decrypt) - - save %sp, -SA(MINFRAME), %sp - ldx [%i4], %o0 !IV - ldx [%i4 + 8], %o1 !IV - ldx [%i0 + 0xe0], %o2 !ks[last-1] - ldx [%i0 + 0xe8], %o3 !ks[last] - -cbcdec256_loop: - ldx [%i1], %o4 - ldx [%i1 + 8], %o5 - xor %o2, %o4, %g1 !initial ARK - movxtod %g1, %f60 - xor %o3, %o5, %g1 !initial ARK - movxtod %g1, %f62 - - FOURTEEN_DROUNDS - - movxtod %o0, %f56 - movxtod %o1, %f58 - mov %o4, %o0 !save last block as next IV - mov %o5, %o1 - fxor %f56, %f60, %f60 !add in previous IV - fxor %f58, %f62, %f62 - - std %f60, [%i2] - std %f62, [%i2 + 0x8] - - add %i1, 16, %i1 - subcc %i3, 16, %i3 - bne cbcdec256_loop - add %i2, 16, %i2 - - stx %o0, [%i4] - stx %o1, [%i4 + 8] - ret - restore - - SET_SIZE(t4_aes256_cbc_decrypt) - -#endif - -#define TEST_PARALLEL_CFB128_DECRYPT -#ifdef TEST_PARALLEL_CFB128_DECRYPT - - ENTRY(t4_aes128_cfb128_decrypt) - - ldd [%o4], %f56 !IV - ldd [%o4 + 8], %f58 !IV - ldx [%o0], %g1 ! ks[0] - ldx [%o0 + 8], %g2 ! ks[1] - and %o3, 16, %o5 - brz %o5, cfb128dec_128_loop - - movxtod %g1, %f60 - movxtod %g2, %f62 - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - - /* CFB mode uses encryption for the decrypt operation */ - TEN_EROUNDS - - ldd [%o1], %f56 !input - ldd [%o1 + 8], %f58 !input - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - - std %f60, [%o2] - std %f62, [%o2 + 8] - - add %o1, 16, %o1 - subcc %o3, 16, %o3 - be cfb128dec_128_loop_end - add %o2, 16, %o2 - -cfb128dec_128_loop: - ldd [%o1], %f6 !input - ldd [%o1 + 8], %f4 !input - movxtod %g1, %f60 - movxtod %g2, %f62 - fxor %f60, %f6, %f0 - fxor %f62, %f4, %f2 - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - - /* CFB mode uses encryption for the decrypt operation */ - TEN_EROUNDS_2 - - ldd [%o1], %f6 !input - ldd [%o1 + 8], %f4 !input - ldd [%o1 + 16], %f56 !input - ldd [%o1 + 24], %f58 !input - - fxor %f60, %f6, %f6 - fxor %f62, %f4, %f4 - fxor %f0, %f56, %f60 - fxor %f2, %f58, %f62 - - std %f6, [%o2] - std %f4, [%o2 + 8] - std %f60, [%o2 + 16] - std %f62, [%o2 + 24] - - add %o1, 32, %o1 - subcc %o3, 32, %o3 - bne cfb128dec_128_loop - add %o2, 32, %o2 - -cfb128dec_128_loop_end: - std %f56, [%o4] - retl - std %f58, [%o4 + 8] - - SET_SIZE(t4_aes128_cfb128_decrypt) - - - ENTRY(t4_aes192_cfb128_decrypt) - - ldd [%o4], %f56 !IV - ldd [%o4 + 8], %f58 !IV - ldx [%o0], %g1 ! ks[0] - ldx [%o0 + 8], %g2 ! ks[1] - and %o3, 16, %o5 - brz %o5, cfb128dec_192_loop - - movxtod %g1, %f60 - movxtod %g2, %f62 - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - - /* CFB mode uses encryption for the decrypt operation */ - TWELVE_EROUNDS - - ldd [%o1], %f56 !input - ldd [%o1 + 8], %f58 !input - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - - std %f60, [%o2] - std %f62, [%o2 + 8] - - add %o1, 16, %o1 - subcc %o3, 16, %o3 - be cfb128dec_192_loop_end - add %o2, 16, %o2 - -cfb128dec_192_loop: - ldd [%o1], %f6 !input - ldd [%o1 + 8], %f4 !input - movxtod %g1, %f60 - movxtod %g2, %f62 - fxor %f60, %f6, %f0 - fxor %f62, %f4, %f2 - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - - /* CFB mode uses encryption for the decrypt operation */ - TWELVE_EROUNDS_2 - - ldd [%o1], %f6 !input - ldd [%o1 + 8], %f4 !input - ldd [%o1 + 16], %f56 !input - ldd [%o1 + 24], %f58 !input - - fxor %f60, %f6, %f6 - fxor %f62, %f4, %f4 - fxor %f0, %f56, %f60 - fxor %f2, %f58, %f62 - - std %f6, [%o2] - std %f4, [%o2 + 8] - std %f60, [%o2 + 16] - std %f62, [%o2 + 24] - - add %o1, 32, %o1 - subcc %o3, 32, %o3 - bne cfb128dec_192_loop - add %o2, 32, %o2 - -cfb128dec_192_loop_end: - std %f56, [%o4] - retl - std %f58, [%o4 + 8] - - SET_SIZE(t4_aes192_cfb128_decrypt) - - - ENTRY(t4_aes256_cfb128_decrypt) - - ldd [%o4], %f56 !IV - ldd [%o4 + 8], %f58 !IV - ldx [%o0], %g1 ! ks[0] - ldx [%o0 + 8], %g2 ! ks[1] - and %o3, 16, %o5 - brz %o5, cfb128dec_256_loop - - movxtod %g1, %f60 - movxtod %g2, %f62 - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - - /* CFB mode uses encryption for the decrypt operation */ - FOURTEEN_EROUNDS - - ldd [%o1], %f56 !input - ldd [%o1 + 8], %f58 !input - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - - std %f60, [%o2] - std %f62, [%o2 + 8] - - add %o1, 16, %o1 - subcc %o3, 16, %o3 - be cfb128dec_256_loop_end - add %o2, 16, %o2 - -cfb128dec_256_loop: - ldd [%o1], %f20 !input - ldd [%o1 + 8], %f22 !input - movxtod %g1, %f60 - movxtod %g2, %f62 - fxor %f60, %f20, %f20 - fxor %f62, %f22, %f22 - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - - /* CFB mode uses encryption for the decrypt operation */ - FOURTEEN_EROUNDS_2 - - ldd [%o1 + 16], %f56 !input - ldd [%o1 + 24], %f58 !input - fxor %f20, %f56, %f20 - fxor %f22, %f58, %f22 - std %f20, [%o2 + 16] - std %f22, [%o2 + 24] - - ldd [%o1], %f20 !input - ldd [%o1 + 8], %f22 !input - - fxor %f60, %f20, %f20 - fxor %f62, %f22, %f22 - - std %f20, [%o2] - std %f22, [%o2 + 8] - - add %o1, 32, %o1 - subcc %o3, 32, %o3 - bne cfb128dec_256_loop - add %o2, 32, %o2 - - ldd [%o0 + 0x60], %f20 - ldd [%o0 + 0x68], %f22 - -cfb128dec_256_loop_end: - std %f56, [%o4] - retl - std %f58, [%o4 + 8] - - SET_SIZE(t4_aes256_cfb128_decrypt) - -#else - ENTRY(t4_aes128_cfb128_decrypt) - - ldd [%o4], %f56 !IV - ldd [%o4 + 8], %f58 !IV - ldx [%o0], %g1 ! ks[0] - ldx [%o0 + 8], %g2 ! ks[1] - -cfb128dec_128_loop: - movxtod %g1, %f60 - movxtod %g2, %f62 - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - - /* CFB mode uses encryption for the decrypt operation */ - TEN_EROUNDS - - ldd [%o1], %f56 !input - ldd [%o1 + 8], %f58 !input - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - - std %f60, [%o2] - std %f62, [%o2 + 8] - - add %o1, 16, %o1 - subcc %o3, 16, %o3 - bne cfb128dec_128_loop - add %o2, 16, %o2 - - std %f56, [%o4] - retl - std %f58, [%o4 + 8] - - SET_SIZE(t4_aes128_cfb128_decrypt) - - - ENTRY(t4_aes192_cfb128_decrypt) - - ldd [%o4], %f56 !IV - ldd [%o4 + 8], %f58 !IV - ldx [%o0], %g1 ! ks[0] - ldx [%o0 + 8], %g2 ! ks[1] - -cfb128dec_192_loop: - movxtod %g1, %f60 - movxtod %g2, %f62 - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - - /* CFB mode uses encryption for the decrypt operation */ - TWELVE_EROUNDS - - ldd [%o1], %f56 !input - ldd [%o1 + 8], %f58 !input - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - - std %f60, [%o2] - std %f62, [%o2 + 8] - - add %o1, 16, %o1 - subcc %o3, 16, %o3 - bne cfb128dec_192_loop - add %o2, 16, %o2 - - std %f56, [%o4] - retl - std %f58, [%o4 + 8] - - SET_SIZE(t4_aes192_cfb128_decrypt) - - - ENTRY(t4_aes256_cfb128_decrypt) - - ldd [%o4], %f56 !IV - ldd [%o4 + 8], %f58 !IV - ldx [%o0], %g1 ! ks[0] - ldx [%o0 + 8], %g2 ! ks[1] - -cfb128dec_256_loop: - movxtod %g1, %f60 - movxtod %g2, %f62 - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - - /* CFB mode uses encryption for the decrypt operation */ - FOURTEEN_EROUNDS - - ldd [%o1], %f56 !input - ldd [%o1 + 8], %f58 !input - fxor %f60, %f56, %f60 - fxor %f62, %f58, %f62 - - std %f60, [%o2] - std %f62, [%o2 + 8] - - add %o1, 16, %o1 - subcc %o3, 16, %o3 - bne cfb128dec_256_loop - add %o2, 16, %o2 - - std %f56, [%o4] - retl - std %f58, [%o4 + 8] - - SET_SIZE(t4_aes256_cfb128_decrypt) - -#endif - -#endif /* lint || __lint */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/engines/t4/t4_des.S --- a/components/openssl/openssl-1.0.0/engines/t4/t4_des.S Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,786 +0,0 @@ -/* - * ==================================================================== - * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -/* - * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. - */ - -/*LINTLIBRARY*/ - -#if defined(lint) || defined(__lint) - -#include -#include "../engine/eng_t4_des_asm.h" - -/*ARGSUSED*/ -void t4_des_expand(uint64_t *rk, const uint32_t *key) -{ return; } - -/*ARGSUSED*/ -void t4_des_encrypt(const uint64_t *rk, const uint64_t *pt, uint64_t *ct) -{ return; } - - -/*ARGSUSED*/ -void t4_des_load_keys(uint64_t *ks) -{ return; } - -/*ARGSUSED*/ -void t4_des_ecb_crypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_crypt, uint64_t *iv) -{ return; } - -/*ARGSUSED*/ -void t4_des_cbc_encrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_crypt, uint64_t *iv) -{ return; } - -/*ARGSUSED*/ -void t4_des_cbc_decrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_crypt, uint64_t *iv) -{ return; } - -/*ARGSUSED*/ -void t4_des3_load_keys(uint64_t *ks) -{ return; } - -/*ARGSUSED*/ -void t4_des3_ecb_crypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_crypt, uint64_t *iv) -{ return; } - -/*ARGSUSED*/ -void t4_des3_cbc_encrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_crypt, uint64_t *iv) -{ return; } - -/*ARGSUSED*/ -void t4_des3_cbc_decrypt(uint64_t *ks, uint64_t *asm_in, - uint64_t *asm_out, size_t amount_to_crypt, uint64_t *iv) -{ return; } - -#else /* lint || __lint */ - -#include - - - ENTRY(t4_des_expand) - -!load key - ld [%o1], %f0 - ld [%o1 + 0x4], %f1 - -!expand the key - !des_kexpand %f0, 0, %f0 - !des_kexpand %f0, 1, %f2 - !des_kexpand %f2, 3, %f6 - !des_kexpand %f2, 2, %f4 - !des_kexpand %f6, 3, %f10 - !des_kexpand %f6, 2, %f8 - !des_kexpand %f10, 3, %f14 - !des_kexpand %f10, 2, %f12 - !des_kexpand %f14, 1, %f16 - !des_kexpand %f16, 3, %f20 - !des_kexpand %f16, 2, %f18 - !des_kexpand %f20, 3, %f24 - !des_kexpand %f20, 2, %f22 - !des_kexpand %f24, 3, %f28 - !des_kexpand %f24, 2, %f26 - !des_kexpand %f28, 1, %f30 - .byte 0x81, 0xb0, 0x26, 0xc0 - .byte 0x85, 0xb0, 0x26, 0xc1 - .byte 0x8d, 0xb0, 0xa6, 0xc3 - .byte 0x89, 0xb0, 0xa6, 0xc2 - .byte 0x95, 0xb1, 0xa6, 0xc3 - .byte 0x91, 0xb1, 0xa6, 0xc2 - .byte 0x9d, 0xb2, 0xa6, 0xc3 - .byte 0x99, 0xb2, 0xa6, 0xc2 - .byte 0xa1, 0xb3, 0xa6, 0xc1 - .byte 0xa9, 0xb4, 0x26, 0xc3 - .byte 0xa5, 0xb4, 0x26, 0xc2 - .byte 0xb1, 0xb5, 0x26, 0xc3 - .byte 0xad, 0xb5, 0x26, 0xc2 - .byte 0xb9, 0xb6, 0x26, 0xc3 - .byte 0xb5, 0xb6, 0x26, 0xc2 - .byte 0xbd, 0xb7, 0x26, 0xc1 - -!copy expanded key back into array - std %f0, [%o0] - std %f2, [%o0 + 0x8] - std %f4, [%o0 + 0x10] - std %f6, [%o0 + 0x18] - std %f8, [%o0 + 0x20] - std %f10, [%o0 + 0x28] - std %f12, [%o0 + 0x30] - std %f14, [%o0 + 0x38] - std %f16, [%o0 + 0x40] - std %f18, [%o0 + 0x48] - std %f20, [%o0 + 0x50] - std %f22, [%o0 + 0x58] - std %f24, [%o0 + 0x60] - std %f26, [%o0 + 0x68] - std %f28, [%o0 + 0x70] - retl - std %f30, [%o0 + 0x78] - - SET_SIZE(t4_des_expand) - - - ENTRY(t4_des_encrypt) - -!load expanded key - ldd [%o0], %f0 - ldd [%o0 + 0x8], %f2 - ldd [%o0 + 0x10], %f4 - ldd [%o0 + 0x18], %f6 - ldd [%o0 + 0x20], %f8 - ldd [%o0 + 0x28], %f10 - ldd [%o0 + 0x30], %f12 - ldd [%o0 + 0x38], %f14 - ldd [%o0 + 0x40], %f16 - ldd [%o0 + 0x48], %f18 - ldd [%o0 + 0x50], %f20 - ldd [%o0 + 0x58], %f22 - ldd [%o0 + 0x60], %f24 - ldd [%o0 + 0x68], %f26 - ldd [%o0 + 0x70], %f28 - ldd [%o0 + 0x78], %f30 - -!load input - ldd [%o1], %f32 - -!perform the cipher transformation - !des_ip %f32, %f32 - !des_round %f0, %f2, %f32, %f32 - !des_round %f4, %f6, %f32, %f32 - !des_round %f8, %f10, %f32, %f32 - !des_round %f12, %f14, %f32, %f32 - !des_round %f16, %f18, %f32, %f32 - !des_round %f20, %f22, %f32, %f32 - !des_round %f24, %f26, %f32, %f32 - !des_round %f28, %f30, %f32, %f32 - !des_iip %f32, %f32 - .byte 0x83, 0xb0, 0x66, 0x80 - .byte 0x82, 0xc8, 0x03, 0x22 - .byte 0x82, 0xc9, 0x03, 0x26 - .byte 0x82, 0xca, 0x03, 0x2a - .byte 0x82, 0xcb, 0x03, 0x2e - .byte 0x82, 0xcc, 0x03, 0x32 - .byte 0x82, 0xcd, 0x03, 0x36 - .byte 0x82, 0xce, 0x03, 0x3a - .byte 0x82, 0xcf, 0x03, 0x3e - .byte 0x83, 0xb0, 0x66, 0xa0 - -!copy output back to array - retl - std %f32, [%o2] - - SET_SIZE(t4_des_encrypt) - - ENTRY(t4_des_load_keys) - -!load expanded key - ldd [%o0], %f0 - ldd [%o0 + 0x8], %f2 - ldd [%o0 + 0x10], %f4 - ldd [%o0 + 0x18], %f6 - ldd [%o0 + 0x20], %f8 - ldd [%o0 + 0x28], %f10 - ldd [%o0 + 0x30], %f12 - ldd [%o0 + 0x38], %f14 - ldd [%o0 + 0x40], %f16 - ldd [%o0 + 0x48], %f18 - ldd [%o0 + 0x50], %f20 - ldd [%o0 + 0x58], %f22 - ldd [%o0 + 0x60], %f24 - ldd [%o0 + 0x68], %f26 - ldd [%o0 + 0x70], %f28 - retl - ldd [%o0 + 0x78], %f30 - - SET_SIZE(t4_des_load_keys) - - ENTRY(t4_des3_load_keys) - -!load first 30 pieces of the expanded key - ldd [%o0], %f0 - ldd [%o0 + 0x8], %f2 - ldd [%o0 + 0x10], %f4 - ldd [%o0 + 0x18], %f6 - ldd [%o0 + 0x20], %f8 - ldd [%o0 + 0x28], %f10 - ldd [%o0 + 0x30], %f12 - ldd [%o0 + 0x38], %f14 - ldd [%o0 + 0x40], %f16 - ldd [%o0 + 0x48], %f18 - ldd [%o0 + 0x50], %f20 - ldd [%o0 + 0x58], %f22 - ldd [%o0 + 0x60], %f24 - ldd [%o0 + 0x68], %f26 - ldd [%o0 + 0x70], %f28 - ldd [%o0 + 0x78], %f30 - ldd [%o0 + 0x80], %f32 - ldd [%o0 + 0x88], %f34 - ldd [%o0 + 0x90], %f36 - ldd [%o0 + 0x98], %f38 - ldd [%o0 + 0xa0], %f40 - ldd [%o0 + 0xa8], %f42 - ldd [%o0 + 0xb0], %f44 - ldd [%o0 + 0xb8], %f46 - ldd [%o0 + 0xc0], %f48 - ldd [%o0 + 0xc8], %f50 - ldd [%o0 + 0xd0], %f52 - ldd [%o0 + 0xd8], %f54 - ldd [%o0 + 0xe0], %f56 - retl - ldd [%o0 + 0xe8], %f58 - - SET_SIZE(t4_des3_load_keys) - - ENTRY(t4_des_ecb_crypt) - -des_ecb_loop: -!load input - ldd [%o1], %f62 - -!perform the cipher transformation - !des_ip %f62, %f62 - !des_round %f0, %f2, %f62, %f62 - !des_round %f4, %f6, %f62, %f62 - !des_round %f8, %f10, %f62, %f62 - !des_round %f12, %f14, %f62, %f62 - !des_round %f16, %f18, %f62, %f62 - !des_round %f20, %f22, %f62, %f62 - !des_round %f24, %f26, %f62, %f62 - !des_round %f28, %f30, %f62, %f62 - !des_iip %f62, %f62 - .byte 0xbf, 0xb7, 0xe6, 0x80 - .byte 0xbe, 0xc8, 0x3f, 0x22 - .byte 0xbe, 0xc9, 0x3f, 0x26 - .byte 0xbe, 0xca, 0x3f, 0x2a - .byte 0xbe, 0xcb, 0x3f, 0x2e - .byte 0xbe, 0xcc, 0x3f, 0x32 - .byte 0xbe, 0xcd, 0x3f, 0x36 - .byte 0xbe, 0xce, 0x3f, 0x3a - .byte 0xbe, 0xcf, 0x3f, 0x3e - .byte 0xbf, 0xb7, 0xe6, 0xa0 - -!copy output back to array - std %f62, [%o2] - sub %o3, 8, %o3 - add %o1, 8, %o1 - brnz %o3, des_ecb_loop - add %o2, 8, %o2 - - retl - nop - - SET_SIZE(t4_des_ecb_crypt) - - - ENTRY(t4_des_cbc_encrypt) - - ldd [%o4], %f60 -des_cbc_encrypt_loop: -!load input - ldd [%o1], %f58 - fxor %f58, %f60, %f62 - -!perform the cipher transformation - !des_ip %f62, %f62 - !des_round %f0, %f2, %f62, %f62 - !des_round %f4, %f6, %f62, %f62 - !des_round %f8, %f10, %f62, %f62 - !des_round %f12, %f14, %f62, %f62 - !des_round %f16, %f18, %f62, %f62 - !des_round %f20, %f22, %f62, %f62 - !des_round %f24, %f26, %f62, %f62 - !des_round %f28, %f30, %f62, %f62 - !des_iip %f62, %f60 - .byte 0xbf, 0xb7, 0xe6, 0x80 - .byte 0xbe, 0xc8, 0x3f, 0x22 - .byte 0xbe, 0xc9, 0x3f, 0x26 - .byte 0xbe, 0xca, 0x3f, 0x2a - .byte 0xbe, 0xcb, 0x3f, 0x2e - .byte 0xbe, 0xcc, 0x3f, 0x32 - .byte 0xbe, 0xcd, 0x3f, 0x36 - .byte 0xbe, 0xce, 0x3f, 0x3a - .byte 0xbe, 0xcf, 0x3f, 0x3e - .byte 0xbb, 0xb7, 0xe6, 0xa0 - -!copy output back to array - std %f60, [%o2] - sub %o3, 8, %o3 - add %o1, 8, %o1 - brnz %o3, des_cbc_encrypt_loop - add %o2, 8, %o2 - - retl - std %f60, [%o4] - - SET_SIZE(t4_des_cbc_encrypt) - - - - ENTRY(t4_des_cbc_decrypt) - - ldd [%o4], %f60 -des_cbc_decrypt_loop: -!load input - ldd [%o1], %f62 - ldx [%o1], %o5 - -!perform the cipher transformation - !des_ip %f62, %f62 - !des_round %f0, %f2, %f62, %f62 - !des_round %f4, %f6, %f62, %f62 - !des_round %f8, %f10, %f62, %f62 - !des_round %f12, %f14, %f62, %f62 - !des_round %f16, %f18, %f62, %f62 - !des_round %f20, %f22, %f62, %f62 - !des_round %f24, %f26, %f62, %f62 - !des_round %f28, %f30, %f62, %f62 - !des_iip %f62, %f62 - .byte 0xbf, 0xb7, 0xe6, 0x80 - .byte 0xbe, 0xc8, 0x3f, 0x22 - .byte 0xbe, 0xc9, 0x3f, 0x26 - .byte 0xbe, 0xca, 0x3f, 0x2a - .byte 0xbe, 0xcb, 0x3f, 0x2e - .byte 0xbe, 0xcc, 0x3f, 0x32 - .byte 0xbe, 0xcd, 0x3f, 0x36 - .byte 0xbe, 0xce, 0x3f, 0x3a - .byte 0xbe, 0xcf, 0x3f, 0x3e - .byte 0xbf, 0xb7, 0xe6, 0xa0 - fxor %f60, %f62, %f62 - movxtod %o5, %f60 - -!copy output back to array - std %f62, [%o2] - sub %o3, 8, %o3 - add %o1, 8, %o1 - brnz %o3, des_cbc_decrypt_loop - add %o2, 8, %o2 - - retl - std %f60, [%o4] - - SET_SIZE(t4_des_cbc_decrypt) - - - - ENTRY(t4_des3_ecb_crypt) - -des3_ecb_loop: -!load input - ldd [%o1], %f62 - -!perform the cipher transformation - !des_ip %f62, %f62 - !des_round %f0, %f2, %f62, %f62 - !des_round %f4, %f6, %f62, %f62 - !des_round %f8, %f10, %f62, %f62 - !des_round %f12, %f14, %f62, %f62 - !des_round %f16, %f18, %f62, %f62 - .byte 0xbf, 0xb7, 0xe6, 0x80 - .byte 0xbe, 0xc8, 0x3f, 0x22 - .byte 0xbe, 0xc9, 0x3f, 0x26 - .byte 0xbe, 0xca, 0x3f, 0x2a - .byte 0xbe, 0xcb, 0x3f, 0x2e - .byte 0xbe, 0xcc, 0x3f, 0x32 - - ldd [%o0 + 0xf0], %f16 - ldd [%o0 + 0xf8], %f18 - !des_round %f20, %f22, %f62, %f62 - .byte 0xbe, 0xcd, 0x3f, 0x36 - ldd [%o0 + 0x100], %f20 - ldd [%o0 + 0x108], %f22 - !des_round %f24, %f26, %f62, %f62 - .byte 0xbe, 0xce, 0x3f, 0x3a - ldd [%o0 + 0x110], %f24 - ldd [%o0 + 0x118], %f26 - !des_round %f28, %f30, %f62, %f62 - .byte 0xbe, 0xcf, 0x3f, 0x3e - ldd [%o0 + 0x120], %f28 - ldd [%o0 + 0x128], %f30 - - !des_iip %f62, %f62 - !des_ip %f62, %f62 - .byte 0xbf, 0xb7, 0xe6, 0xa0 - .byte 0xbf, 0xb7, 0xe6, 0x80 - - !des_round %f32, %f34, %f62, %f62 - .byte 0xbe, 0xc8, 0x7f, 0x23 - ldd [%o0 + 0x130], %f0 - ldd [%o0 + 0x138], %f2 - !des_round %f36, %f38, %f62, %f62 - .byte 0xbe, 0xc9, 0x7f, 0x27 - ldd [%o0 + 0x140], %f4 - ldd [%o0 + 0x148], %f6 - !des_round %f40, %f42, %f62, %f62 - .byte 0xbe, 0xca, 0x7f, 0x2b - ldd [%o0 + 0x150], %f8 - ldd [%o0 + 0x158], %f10 - !des_round %f44, %f46, %f62, %f62 - .byte 0xbe, 0xcb, 0x7f, 0x2f - ldd [%o0 + 0x160], %f12 - ldd [%o0 + 0x168], %f14 - !des_round %f48, %f50, %f62, %f62 - !des_round %f52, %f54, %f62, %f62 - !des_round %f56, %f58, %f62, %f62 - !des_round %f16, %f18, %f62, %f62 - .byte 0xbe, 0xcc, 0x7f, 0x33 - .byte 0xbe, 0xcd, 0x7f, 0x37 - .byte 0xbe, 0xce, 0x7f, 0x3b - .byte 0xbe, 0xcc, 0x3f, 0x32 - ldd [%o0 + 0x170], %f16 - ldd [%o0 + 0x178], %f18 - - !des_iip %f62, %f62 - !des_ip %f62, %f62 - .byte 0xbf, 0xb7, 0xe6, 0xa0 - .byte 0xbf, 0xb7, 0xe6, 0x80 - - !des_round %f20, %f22, %f62, %f62 - .byte 0xbe, 0xcd, 0x3f, 0x36 - ldd [%o0 + 0x50], %f20 - ldd [%o0 + 0x58], %f22 - !des_round %f24, %f26, %f62, %f62 - .byte 0xbe, 0xce, 0x3f, 0x3a - ldd [%o0 + 0x60], %f24 - ldd [%o0 + 0x68], %f26 - !des_round %f28, %f30, %f62, %f62 - .byte 0xbe, 0xcf, 0x3f, 0x3e - ldd [%o0 + 0x70], %f28 - ldd [%o0 + 0x78], %f30 - !des_round %f0, %f2, %f62, %f62 - .byte 0xbe, 0xc8, 0x3f, 0x22 - ldd [%o0], %f0 - ldd [%o0 + 0x8], %f2 - !des_round %f4, %f6, %f62, %f62 - .byte 0xbe, 0xc9, 0x3f, 0x26 - - ldd [%o0 + 0x10], %f4 - ldd [%o0 + 0x18], %f6 - !des_round %f8, %f10, %f62, %f62 - .byte 0xbe, 0xca, 0x3f, 0x2a - ldd [%o0 + 0x20], %f8 - ldd [%o0 + 0x28], %f10 - !des_round %f12, %f14, %f62, %f62 - .byte 0xbe, 0xcb, 0x3f, 0x2e - ldd [%o0 + 0x30], %f12 - ldd [%o0 + 0x38], %f14 - !des_round %f16, %f18, %f62, %f62 - .byte 0xbe, 0xcc, 0x3f, 0x32 - ldd [%o0 + 0x40], %f16 - ldd [%o0 + 0x48], %f18 - - !des_iip %f62, %f62 - .byte 0xbf, 0xb7, 0xe6, 0xa0 - -!copy output back to array - std %f62, [%o2] - sub %o3, 8, %o3 - add %o1, 8, %o1 - brnz %o3, des3_ecb_loop - add %o2, 8, %o2 - - retl - nop - - SET_SIZE(t4_des3_ecb_crypt) - - - ENTRY(t4_des3_cbc_encrypt) - - ldd [%o4], %f62 -des3_cbc_encrypt_loop: -!load input - ldd [%o1], %f60 - fxor %f60, %f62, %f62 - -!perform the cipher transformation - !des_ip %f62, %f62 - .byte 0xbf, 0xb7, 0xe6, 0x80 - !des_round %f0, %f2, %f62, %f62 - !des_round %f4, %f6, %f62, %f62 - !des_round %f8, %f10, %f62, %f62 - !des_round %f12, %f14, %f62, %f62 - !des_round %f16, %f18, %f62, %f62 - .byte 0xbe, 0xc8, 0x3f, 0x22 - .byte 0xbe, 0xc9, 0x3f, 0x26 - .byte 0xbe, 0xca, 0x3f, 0x2a - .byte 0xbe, 0xcb, 0x3f, 0x2e - .byte 0xbe, 0xcc, 0x3f, 0x32 - ldd [%o0 + 0xf0], %f16 - ldd [%o0 + 0xf8], %f18 - !des_round %f20, %f22, %f62, %f62 - .byte 0xbe, 0xcd, 0x3f, 0x36 - ldd [%o0 + 0x100], %f20 - ldd [%o0 + 0x108], %f22 - !des_round %f24, %f26, %f62, %f62 - .byte 0xbe, 0xce, 0x3f, 0x3a - ldd [%o0 + 0x110], %f24 - ldd [%o0 + 0x118], %f26 - !des_round %f28, %f30, %f62, %f62 - .byte 0xbe, 0xcf, 0x3f, 0x3e - ldd [%o0 + 0x120], %f28 - ldd [%o0 + 0x128], %f30 - - !des_iip %f62, %f62 - !des_ip %f62, %f62 - .byte 0xbf, 0xb7, 0xe6, 0xa0 - .byte 0xbf, 0xb7, 0xe6, 0x80 - - !des_round %f32, %f34, %f62, %f62 - .byte 0xbe, 0xc8, 0x7f, 0x23 - ldd [%o0 + 0x130], %f0 - ldd [%o0 + 0x138], %f2 - !des_round %f36, %f38, %f62, %f62 - .byte 0xbe, 0xc9, 0x7f, 0x27 - ldd [%o0 + 0x140], %f4 - ldd [%o0 + 0x148], %f6 - !des_round %f40, %f42, %f62, %f62 - .byte 0xbe, 0xca, 0x7f, 0x2b - ldd [%o0 + 0x150], %f8 - ldd [%o0 + 0x158], %f10 - !des_round %f44, %f46, %f62, %f62 - .byte 0xbe, 0xcb, 0x7f, 0x2f - ldd [%o0 + 0x160], %f12 - ldd [%o0 + 0x168], %f14 - !des_round %f48, %f50, %f62, %f62 - !des_round %f52, %f54, %f62, %f62 - !des_round %f56, %f58, %f62, %f62 - !des_round %f16, %f18, %f62, %f62 - .byte 0xbe, 0xcc, 0x7f, 0x33 - .byte 0xbe, 0xcd, 0x7f, 0x37 - .byte 0xbe, 0xce, 0x7f, 0x3b - .byte 0xbe, 0xcc, 0x3f, 0x32 - ldd [%o0 + 0x170], %f16 - ldd [%o0 + 0x178], %f18 - - !des_iip %f62, %f62 - !des_ip %f62, %f62 - .byte 0xbf, 0xb7, 0xe6, 0xa0 - .byte 0xbf, 0xb7, 0xe6, 0x80 - - !des_round %f20, %f22, %f62, %f62 - .byte 0xbe, 0xcd, 0x3f, 0x36 - ldd [%o0 + 0x50], %f20 - ldd [%o0 + 0x58], %f22 - !des_round %f24, %f26, %f62, %f62 - .byte 0xbe, 0xce, 0x3f, 0x3a - ldd [%o0 + 0x60], %f24 - ldd [%o0 + 0x68], %f26 - !des_round %f28, %f30, %f62, %f62 - .byte 0xbe, 0xcf, 0x3f, 0x3e - ldd [%o0 + 0x70], %f28 - ldd [%o0 + 0x78], %f30 - !des_round %f0, %f2, %f62, %f62 - .byte 0xbe, 0xc8, 0x3f, 0x22 - ldd [%o0], %f0 - ldd [%o0 + 0x8], %f2 - !des_round %f4, %f6, %f62, %f62 - .byte 0xbe, 0xc9, 0x3f, 0x26 - ldd [%o0 + 0x10], %f4 - ldd [%o0 + 0x18], %f6 - !des_round %f8, %f10, %f62, %f62 - .byte 0xbe, 0xca, 0x3f, 0x2a - ldd [%o0 + 0x20], %f8 - ldd [%o0 + 0x28], %f10 - !des_round %f12, %f14, %f62, %f62 - .byte 0xbe, 0xcb, 0x3f, 0x2e - ldd [%o0 + 0x30], %f12 - ldd [%o0 + 0x38], %f14 - !des_round %f16, %f18, %f62, %f62 - .byte 0xbe, 0xcc, 0x3f, 0x32 - ldd [%o0 + 0x40], %f16 - ldd [%o0 + 0x48], %f18 - - !des_iip %f62, %f62 - .byte 0xbf, 0xb7, 0xe6, 0xa0 - -!copy output back to array - std %f62, [%o2] - sub %o3, 8, %o3 - add %o1, 8, %o1 - brnz %o3, des3_cbc_encrypt_loop - add %o2, 8, %o2 - - retl - std %f62, [%o4] - - SET_SIZE(t4_des3_cbc_encrypt) - - - ENTRY(t4_des3_cbc_decrypt) - - ldd [%o4], %f60 -des3_cbc_decrypt_loop: -!load input - ldx [%o1], %o5 - movxtod %o5, %f62 - -!perform the cipher transformation - !des_ip %f62, %f62 - .byte 0xbf, 0xb7, 0xe6, 0x80 - !des_round %f0, %f2, %f62, %f62 - !des_round %f4, %f6, %f62, %f62 - !des_round %f8, %f10, %f62, %f62 - !des_round %f12, %f14, %f62, %f62 - !des_round %f16, %f18, %f62, %f62 - .byte 0xbe, 0xc8, 0x3f, 0x22 - .byte 0xbe, 0xc9, 0x3f, 0x26 - .byte 0xbe, 0xca, 0x3f, 0x2a - .byte 0xbe, 0xcb, 0x3f, 0x2e - .byte 0xbe, 0xcc, 0x3f, 0x32 - ldd [%o0 + 0xf0], %f16 - ldd [%o0 + 0xf8], %f18 - !des_round %f20, %f22, %f62, %f62 - .byte 0xbe, 0xcd, 0x3f, 0x36 - ldd [%o0 + 0x100], %f20 - ldd [%o0 + 0x108], %f22 - !des_round %f24, %f26, %f62, %f62 - .byte 0xbe, 0xce, 0x3f, 0x3a - ldd [%o0 + 0x110], %f24 - ldd [%o0 + 0x118], %f26 - !des_round %f28, %f30, %f62, %f62 - .byte 0xbe, 0xcf, 0x3f, 0x3e - ldd [%o0 + 0x120], %f28 - ldd [%o0 + 0x128], %f30 - - !des_iip %f62, %f62 - !des_ip %f62, %f62 - .byte 0xbf, 0xb7, 0xe6, 0xa0 - .byte 0xbf, 0xb7, 0xe6, 0x80 - - !des_round %f32, %f34, %f62, %f62 - .byte 0xbe, 0xc8, 0x7f, 0x23 - ldd [%o0 + 0x130], %f0 - ldd [%o0 + 0x138], %f2 - !des_round %f36, %f38, %f62, %f62 - .byte 0xbe, 0xc9, 0x7f, 0x27 - ldd [%o0 + 0x140], %f4 - ldd [%o0 + 0x148], %f6 - !des_round %f40, %f42, %f62, %f62 - .byte 0xbe, 0xca, 0x7f, 0x2b - ldd [%o0 + 0x150], %f8 - ldd [%o0 + 0x158], %f10 - !des_round %f44, %f46, %f62, %f62 - .byte 0xbe, 0xcb, 0x7f, 0x2f - ldd [%o0 + 0x160], %f12 - ldd [%o0 + 0x168], %f14 - !des_round %f48, %f50, %f62, %f62 - !des_round %f52, %f54, %f62, %f62 - !des_round %f56, %f58, %f62, %f62 - !des_round %f16, %f18, %f62, %f62 - .byte 0xbe, 0xcc, 0x7f, 0x33 - .byte 0xbe, 0xcd, 0x7f, 0x37 - .byte 0xbe, 0xce, 0x7f, 0x3b - .byte 0xbe, 0xcc, 0x3f, 0x32 - ldd [%o0 + 0x170], %f16 - ldd [%o0 + 0x178], %f18 - - !des_iip %f62, %f62 - !des_ip %f62, %f62 - .byte 0xbf, 0xb7, 0xe6, 0xa0 - .byte 0xbf, 0xb7, 0xe6, 0x80 - - !des_round %f20, %f22, %f62, %f62 - .byte 0xbe, 0xcd, 0x3f, 0x36 - ldd [%o0 + 0x50], %f20 - ldd [%o0 + 0x58], %f22 - !des_round %f24, %f26, %f62, %f62 - .byte 0xbe, 0xce, 0x3f, 0x3a - ldd [%o0 + 0x60], %f24 - ldd [%o0 + 0x68], %f26 - !des_round %f28, %f30, %f62, %f62 - .byte 0xbe, 0xcf, 0x3f, 0x3e - ldd [%o0 + 0x70], %f28 - ldd [%o0 + 0x78], %f30 - !des_round %f0, %f2, %f62, %f62 - .byte 0xbe, 0xc8, 0x3f, 0x22 - ldd [%o0], %f0 - ldd [%o0 + 0x8], %f2 - !des_round %f4, %f6, %f62, %f62 - .byte 0xbe, 0xc9, 0x3f, 0x26 - ldd [%o0 + 0x10], %f4 - ldd [%o0 + 0x18], %f6 - !des_round %f8, %f10, %f62, %f62 - .byte 0xbe, 0xca, 0x3f, 0x2a - ldd [%o0 + 0x20], %f8 - ldd [%o0 + 0x28], %f10 - !des_round %f12, %f14, %f62, %f62 - .byte 0xbe, 0xcb, 0x3f, 0x2e - ldd [%o0 + 0x30], %f12 - ldd [%o0 + 0x38], %f14 - !des_round %f16, %f18, %f62, %f62 - .byte 0xbe, 0xcc, 0x3f, 0x32 - ldd [%o0 + 0x40], %f16 - ldd [%o0 + 0x48], %f18 - - !des_iip %f62, %f62 - .byte 0xbf, 0xb7, 0xe6, 0xa0 - fxor %f60, %f62, %f62 - movxtod %o5, %f60 - -!copy output back to array - std %f62, [%o2] - sub %o3, 8, %o3 - add %o1, 8, %o1 - brnz %o3, des3_cbc_decrypt_loop - add %o2, 8, %o2 - - retl - stx %o5, [%o4] - - SET_SIZE(t4_des3_cbc_decrypt) - - -#endif /* lint || __lint */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/engines/t4/t4_md5.S --- a/components/openssl/openssl-1.0.0/engines/t4/t4_md5.S Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,151 +0,0 @@ -/* - * ==================================================================== - * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -/* - * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. - */ - -/*LINTLIBRARY*/ - -#if defined(lint) || defined(__lint) - -#include -#include - -/*ARGSUSED*/ -void -t4_md5_multiblock(MD5_CTX *ctx, const uint8_t *input, - unsigned int input_length_in_blocks) -{ return; } - -#else /* lint || __lint */ - -#include - - ENTRY(t4_md5_multiblock) - -!load result from previous digest (stored in ctx) - ld [%o0], %f0 - ld [%o0 + 0x4], %f1 - ld [%o0 + 0x8], %f2 - ld [%o0 + 0xc], %f3 - - and %o1, 7, %o3 - brnz %o3, md5_unaligned_input - nop - -md5_loop: - -!load 64 bytes of data - ldd [%o1], %f8 !load 8 bytes of data - ldd [%o1 + 0x8], %f10 !load 8 bytes of data - ldd [%o1 + 0x10], %f12 !load 8 bytes of data - ldd [%o1 + 0x18], %f14 !load 8 bytes of data - ldd [%o1 + 0x20], %f16 !load 8 bytes of data - ldd [%o1 + 0x28], %f18 !load 8 bytes of data - ldd [%o1 + 0x30], %f20 !load 8 bytes of data - ldd [%o1 + 0x38], %f22 !load 8 bytes of data - -!perform crypto instruction here - !md5 - .byte 0x81, 0xb0, 0x28, 0x00 - - dec %o2 - brnz %o2, md5_loop - add %o1, 0x40, %o1 - -!copy digest back into ctx - st %f0, [%o0] - st %f1, [%o0 + 0x4] - st %f2, [%o0 + 0x8] - retl - st %f3, [%o0 + 0xc] - -md5_unaligned_input: - alignaddr %o1, %g0, %g0 ! generate %gsr - andn %o1, 7, %o1 - -md5_unaligned_input_loop: - ldd [%o1], %f8 !load 8 bytes of data - ldd [%o1 + 0x8], %f10 !load 8 bytes of data - ldd [%o1 + 0x10], %f12 !load 8 bytes of data - ldd [%o1 + 0x18], %f14 !load 8 bytes of data - ldd [%o1 + 0x20], %f16 !load 8 bytes of data - ldd [%o1 + 0x28], %f18 !load 8 bytes of data - ldd [%o1 + 0x30], %f20 !load 8 bytes of data - ldd [%o1 + 0x38], %f22 !load 8 bytes of data - ldd [%o1 + 0x40], %f24 !load 8 bytes of data - faligndata %f8, %f10, %f8 - faligndata %f10, %f12, %f10 - faligndata %f12, %f14, %f12 - faligndata %f14, %f16, %f14 - faligndata %f16, %f18, %f16 - faligndata %f18, %f20, %f18 - faligndata %f20, %f22, %f20 - faligndata %f22, %f24, %f22 - -!perform crypto instruction here - !md5 - .byte 0x81, 0xb0, 0x28, 0x00 - - dec %o2 - brnz %o2, md5_unaligned_input_loop - add %o1, 0x40, %o1 - -!copy digest back into ctx - st %f0, [%o0] - st %f1, [%o0 + 0x4] - st %f2, [%o0 + 0x8] - retl - st %f3, [%o0 + 0xc] - - SET_SIZE(t4_md5_multiblock) - -#endif /* lint || __lint */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/engines/t4/t4_sha1.S --- a/components/openssl/openssl-1.0.0/engines/t4/t4_sha1.S Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,153 +0,0 @@ -/* - * ==================================================================== - * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -/* - * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. - */ - -/*LINTLIBRARY*/ - -#if defined(lint) || defined(__lint) - -#include -#include - -/*ARGSUSED*/ -void -t4_sha1_multiblock(SHA_CTX *ctx, const void *input, size_t num) -{ return; } - -#else /* lint || __lint */ - -#include - - ENTRY(t4_sha1_multiblock) - -!load result from previous digest (stored in ctx) - ld [%o0], %f0 - ld [%o0 + 0x4], %f1 - ld [%o0 + 0x8], %f2 - ld [%o0 + 0xc], %f3 - ld [%o0 + 0x10], %f4 - - and %o1, 7, %o3 - brnz %o3, sha1_unaligned_input - nop - -sha1_loop: - -!load 64 bytes of data - ldd [%o1], %f8 !load 8 bytes of data - ldd [%o1 + 0x8], %f10 !load 8 bytes of data - ldd [%o1 + 0x10], %f12 !load 8 bytes of data - ldd [%o1 + 0x18], %f14 !load 8 bytes of data - ldd [%o1 + 0x20], %f16 !load 8 bytes of data - ldd [%o1 + 0x28], %f18 !load 8 bytes of data - ldd [%o1 + 0x30], %f20 !load 8 bytes of data - ldd [%o1 + 0x38], %f22 !load 8 bytes of data - -!perform crypto instruction here - !sha1 - .byte 0x81, 0xb0, 0x28, 0x20 - - dec %o2 - brnz %o2, sha1_loop - add %o1, 0x40, %o1 - -!copy digest back into ctx - st %f0, [%o0] - st %f1, [%o0 + 0x4] - st %f2, [%o0 + 0x8] - st %f3, [%o0 + 0xc] - retl - st %f4, [%o0 + 0x10] - -sha1_unaligned_input: - alignaddr %o1, %g0, %g0 ! generate %gsr - andn %o1, 7, %o1 - -sha1_unaligned_input_loop: - ldd [%o1], %f8 !load 8 bytes of data - ldd [%o1 + 0x8], %f10 !load 8 bytes of data - ldd [%o1 + 0x10], %f12 !load 8 bytes of data - ldd [%o1 + 0x18], %f14 !load 8 bytes of data - ldd [%o1 + 0x20], %f16 !load 8 bytes of data - ldd [%o1 + 0x28], %f18 !load 8 bytes of data - ldd [%o1 + 0x30], %f20 !load 8 bytes of data - ldd [%o1 + 0x38], %f22 !load 8 bytes of data - ldd [%o1 + 0x40], %f24 !load 8 bytes of data - faligndata %f8, %f10, %f8 - faligndata %f10, %f12, %f10 - faligndata %f12, %f14, %f12 - faligndata %f14, %f16, %f14 - faligndata %f16, %f18, %f16 - faligndata %f18, %f20, %f18 - faligndata %f20, %f22, %f20 - faligndata %f22, %f24, %f22 - -!perform crypto instruction here - !sha1 - .byte 0x81, 0xb0, 0x28, 0x20 - - dec %o2 - brnz %o2, sha1_unaligned_input_loop - add %o1, 0x40, %o1 - -!copy digest back into ctx - st %f0, [%o0] - st %f1, [%o0 + 0x4] - st %f2, [%o0 + 0x8] - st %f3, [%o0 + 0xc] - retl - st %f4, [%o0 + 0x10] - - SET_SIZE(t4_sha1_multiblock) - -#endif /* lint || __lint */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/engines/t4/t4_sha2.S --- a/components/openssl/openssl-1.0.0/engines/t4/t4_sha2.S Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,314 +0,0 @@ -/* - * ==================================================================== - * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -/* - * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. - */ - -/*LINTLIBRARY*/ - -#if defined(lint) || defined(__lint) - -#include -#include -#include "../engine/eng_t4_sha2_asm.h" - -/*ARGSUSED*/ -void -t4_sha256_multiblock(T4_SHA256_CTX *c, const void *input, - size_t num) -{ return; } - -/*ARGSUSED*/ -void -t4_sha512_multiblock(T4_SHA512_CTX *c, const void *input, - size_t num) -{ return; } - -#else /* lint || __lint */ - -#include - - ENTRY(t4_sha256_multiblock) - - add %o0, 0x8, %o0 !skip over first field in ctx - -!load result from previous digest (stored in ctx) - ld [%o0], %f0 - ld [%o0 + 0x4], %f1 - ld [%o0 + 0x8], %f2 - ld [%o0 + 0xc], %f3 - ld [%o0 + 0x10], %f4 - ld [%o0 + 0x14], %f5 - ld [%o0 + 0x18], %f6 - ld [%o0 + 0x1c], %f7 - - and %o1, 7, %o3 - brnz %o3, sha256_unaligned_input - nop - -sha256_loop: - -!load 64 bytes of data - ldd [%o1], %f8 !load 8 bytes of data - ldd [%o1 + 0x8], %f10 !load 8 bytes of data - ldd [%o1 + 0x10], %f12 !load 8 bytes of data - ldd [%o1 + 0x18], %f14 !load 8 bytes of data - ldd [%o1 + 0x20], %f16 !load 8 bytes of data - ldd [%o1 + 0x28], %f18 !load 8 bytes of data - ldd [%o1 + 0x30], %f20 !load 8 bytes of data - ldd [%o1 + 0x38], %f22 !load 8 bytes of data - -!perform crypto instruction here - !sha256 - .byte 0x81, 0xb0, 0x28, 0x40 - - dec %o2 - brnz %o2, sha256_loop - add %o1, 0x40, %o1 - -!copy digest back into ctx - st %f0, [%o0] - st %f1, [%o0 + 0x4] - st %f2, [%o0 + 0x8] - st %f3, [%o0 + 0xc] - st %f4, [%o0 + 0x10] - st %f5, [%o0 + 0x14] - st %f6, [%o0 + 0x18] - retl - st %f7, [%o0 + 0x1c] - -sha256_unaligned_input: - alignaddr %o1, %g0, %g0 ! generate %gsr - andn %o1, 7, %o1 - -sha256_unaligned_input_loop: - ldd [%o1], %f8 !load 8 bytes of data - ldd [%o1 + 0x8], %f10 !load 8 bytes of data - ldd [%o1 + 0x10], %f12 !load 8 bytes of data - ldd [%o1 + 0x18], %f14 !load 8 bytes of data - ldd [%o1 + 0x20], %f16 !load 8 bytes of data - ldd [%o1 + 0x28], %f18 !load 8 bytes of data - ldd [%o1 + 0x30], %f20 !load 8 bytes of data - ldd [%o1 + 0x38], %f22 !load 8 bytes of data - ldd [%o1 + 0x40], %f24 !load 8 bytes of data - faligndata %f8, %f10, %f8 - faligndata %f10, %f12, %f10 - faligndata %f12, %f14, %f12 - faligndata %f14, %f16, %f14 - faligndata %f16, %f18, %f16 - faligndata %f18, %f20, %f18 - faligndata %f20, %f22, %f20 - faligndata %f22, %f24, %f22 - -!perform crypto instruction here - !sha256 - .byte 0x81, 0xb0, 0x28, 0x40 - - dec %o2 - brnz %o2, sha256_unaligned_input_loop - add %o1, 0x40, %o1 - -!copy digest back into ctx - st %f0, [%o0] - st %f1, [%o0 + 0x4] - st %f2, [%o0 + 0x8] - st %f3, [%o0 + 0xc] - st %f4, [%o0 + 0x10] - st %f5, [%o0 + 0x14] - st %f6, [%o0 + 0x18] - retl - st %f7, [%o0 + 0x1c] - - SET_SIZE(t4_sha256_multiblock) - - - ENTRY(t4_sha512_multiblock) - - add %o0, 0x8, %o0 !skip over first field in ctx - -!load result from previous digest (stored in ctx) - ld [%o0], %f0 - ld [%o0 + 0x4], %f1 - ld [%o0 + 0x8], %f2 - ld [%o0 + 0xc], %f3 - ld [%o0 + 0x10], %f4 - ld [%o0 + 0x14], %f5 - ld [%o0 + 0x18], %f6 - ld [%o0 + 0x1c], %f7 - ld [%o0 + 0x20], %f8 - ld [%o0 + 0x24], %f9 - ld [%o0 + 0x28], %f10 - ld [%o0 + 0x2c], %f11 - ld [%o0 + 0x30], %f12 - ld [%o0 + 0x34], %f13 - ld [%o0 + 0x38], %f14 - ld [%o0 + 0x3c], %f15 - - and %o1, 7, %o3 - brnz %o3, sha512_unaligned_input - nop - -sha512_loop: - -!load 128 bytes of data - ldd [%o1], %f16 !load 8 bytes of data - ldd [%o1 + 0x8], %f18 !load 8 bytes of data - ldd [%o1 + 0x10], %f20 !load 8 bytes of data - ldd [%o1 + 0x18], %f22 !load 8 bytes of data - ldd [%o1 + 0x20], %f24 !load 8 bytes of data - ldd [%o1 + 0x28], %f26 !load 8 bytes of data - ldd [%o1 + 0x30], %f28 !load 8 bytes of data - ldd [%o1 + 0x38], %f30 !load 8 bytes of data - ldd [%o1 + 0x40], %f32 !load 8 bytes of data - ldd [%o1 + 0x48], %f34 !load 8 bytes of data - ldd [%o1 + 0x50], %f36 !load 8 bytes of data - ldd [%o1 + 0x58], %f38 !load 8 bytes of data - ldd [%o1 + 0x60], %f40 !load 8 bytes of data - ldd [%o1 + 0x68], %f42 !load 8 bytes of data - ldd [%o1 + 0x70], %f44 !load 8 bytes of data - ldd [%o1 + 0x78], %f46 !load 8 bytes of data - -!perform crypto instruction here - !sha512 - .byte 0x81, 0xb0, 0x28, 0x60 - - dec %o2 - brnz %o2, sha512_loop - add %o1, 0x80, %o1 - -!copy digest back into ctx - st %f0, [%o0] - st %f1, [%o0 + 0x4] - st %f2, [%o0 + 0x8] - st %f3, [%o0 + 0xc] - st %f4, [%o0 + 0x10] - st %f5, [%o0 + 0x14] - st %f6, [%o0 + 0x18] - st %f7, [%o0+ 0x1c] - st %f8, [%o0+ 0x20] - st %f9, [%o0+ 0x24] - st %f10, [%o0+ 0x28] - st %f11, [%o0+ 0x2c] - st %f12, [%o0+ 0x30] - st %f13, [%o0+ 0x34] - st %f14, [%o0+ 0x38] - retl - st %f15, [%o0+ 0x3c] - -sha512_unaligned_input: - alignaddr %o1, %g0, %g0 ! generate %gsr - andn %o1, 7, %o1 - -sha512_unaligned_input_loop: - ldd [%o1], %f16 !load 8 bytes of data - ldd [%o1 + 0x8], %f18 !load 8 bytes of data - ldd [%o1 + 0x10], %f20 !load 8 bytes of data - ldd [%o1 + 0x18], %f22 !load 8 bytes of data - ldd [%o1 + 0x20], %f24 !load 8 bytes of data - ldd [%o1 + 0x28], %f26 !load 8 bytes of data - ldd [%o1 + 0x30], %f28 !load 8 bytes of data - ldd [%o1 + 0x38], %f30 !load 8 bytes of data - ldd [%o1 + 0x40], %f32 !load 8 bytes of data - ldd [%o1 + 0x48], %f34 !load 8 bytes of data - ldd [%o1 + 0x50], %f36 !load 8 bytes of data - ldd [%o1 + 0x58], %f38 !load 8 bytes of data - ldd [%o1 + 0x60], %f40 !load 8 bytes of data - ldd [%o1 + 0x68], %f42 !load 8 bytes of data - ldd [%o1 + 0x70], %f44 !load 8 bytes of data - ldd [%o1 + 0x78], %f46 !load 8 bytes of data - ldd [%o1 + 0x80], %f48 !load 8 bytes of data - faligndata %f16, %f18, %f16 - faligndata %f18, %f20, %f18 - faligndata %f20, %f22, %f20 - faligndata %f22, %f24, %f22 - faligndata %f24, %f26, %f24 - faligndata %f26, %f28, %f26 - faligndata %f28, %f30, %f28 - faligndata %f30, %f32, %f30 - faligndata %f32, %f34, %f32 - faligndata %f34, %f36, %f34 - faligndata %f36, %f38, %f36 - faligndata %f38, %f40, %f38 - faligndata %f40, %f42, %f40 - faligndata %f42, %f44, %f42 - faligndata %f44, %f46, %f44 - faligndata %f46, %f48, %f46 - -!perform crypto instruction here - !sha512 - .byte 0x81, 0xb0, 0x28, 0x60 - - dec %o2 - brnz %o2, sha512_unaligned_input_loop - add %o1, 0x80, %o1 - -!copy digest back into ctx - st %f0, [%o0] - st %f1, [%o0 + 0x4] - st %f2, [%o0 + 0x8] - st %f3, [%o0 + 0xc] - st %f4, [%o0 + 0x10] - st %f5, [%o0 + 0x14] - st %f6, [%o0 + 0x18] - st %f7, [%o0+ 0x1c] - st %f8, [%o0+ 0x20] - st %f9, [%o0+ 0x24] - st %f10, [%o0+ 0x28] - st %f11, [%o0+ 0x2c] - st %f12, [%o0+ 0x30] - st %f13, [%o0+ 0x34] - st %f14, [%o0+ 0x38] - retl - st %f15, [%o0+ 0x3c] - - SET_SIZE(t4_sha512_multiblock) - -#endif /* lint || __lint */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/llib-lcrypto --- a/components/openssl/openssl-1.0.0/llib-lcrypto Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,83 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ - -/* - * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. - */ - -/* LINTLIBRARY */ -/* PROTOLIB1 */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/llib-lssl --- a/components/openssl/openssl-1.0.0/llib-lssl Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,33 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ - -/* - * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. - */ - -/* LINTLIBRARY */ -/* PROTOLIB1 */ - -#include -#include -#include -#include -#include diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/mapfile.wanboot --- a/components/openssl/openssl-1.0.0/mapfile.wanboot Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,126 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License (the "License"). -# You may not use this file except in compliance with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. -# - -# -# This file defines interface requirements of wanboot on OpenSSL. -# - -$mapfile_version 2 -SYMBOL_SCOPE { - ERR_clear_error; - SSL_CTX_set_default_passwd_cb; - SSL_load_error_strings; - EVP_PKEY_free; - SSL_get_peer_certificate; - SSL_CIPHER_get_name; - sk_value; - RAND_load_file; - X509_NAME_oneline; - SSL_write; - X509_NAME_get_text_by_NID; - OPENSSL_uni2asc; - SSL_CTX_set_default_passwd_cb_userdata; - SSL_CTX_use_PrivateKey_file; - OPENSSL_asc2uni; - SSL_get_error; - ASN1_UTF8STRING_free; - ASN1_mbstring_copy; - ERR_error_string; - PKCS12_unpack_p7data; - X509_free; - ERR_get_error; - ERR_put_error; - PKCS12_free; - ASN1_UTF8STRING_new; - OPENSSL_add_all_algorithms_noconf; - OBJ_nid2obj; - PKCS12_SAFEBAG_free; - ASN1_STRING_free; - sk_delete; - OBJ_obj2nid; - SSL_CTX_set_verify_depth; - PKCS8_PRIV_KEY_INFO_free; - SSL_set_connect_state; - sk_pop_free; - BIO_s_file; - SSL_set_fd; - SSL_CTX_use_PrivateKey; - ASN1_STRING_to_UTF8; - PKCS12_certbag2x509; - PKCS7_free; - PKCS12_decrypt_skey; - BIO_new; - RAND_status; - sk_num; - SSL_get_verify_result; - SSL_free; - SSL_read; - SSL_new; - SSLv3_client_method; - X509_check_private_key; - SSL_CTX_new; - ASN1_TYPE_set; - ASN1_TYPE_new; - ERR_peek_error; - CRYPTO_free; - SSL_CTX_load_verify_locations; - PKCS12_unpack_authsafes; - X509_ATTRIBUTE_new; - PKCS12_unpack_p7encdata; - sk_push; - SSL_connect; - SSL_shutdown; - SSL_CTX_use_certificate_file; - PKCS12_get_attr_gen; - X509_verify_cert_error_string; - X509_ATTRIBUTE_free; - X509_alias_set1; - PKCS12_verify_mac; - ASN1_TIME_print; - SSL_CTX_use_certificate; - SSL_get_ciphers; - SSL_CTX_ctrl; - SSL_CTX_free; - X509_keyid_set1; - ERR_load_strings; - EVP_EncodeBlock; - ASN1_TYPE_free; - sk_new_null; - SSL_get_current_cipher; - ASN1_STRING_cmp; - ASN1_STRING_set; - ERR_get_next_error_library; - EVP_PKCS82PKEY; - X509_get_issuer_name; - CRYPTO_malloc; - BIO_ctrl; - BIO_free; - X509_STORE_add_cert; - ASN1_STRING_type_new; - SSL_CTX_set_cipher_list; - X509_get_subject_name; - SSL_library_init; - d2i_PKCS12_fp; - local: - *; -}; diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/openssl-1.0.0.license --- a/components/openssl/openssl-1.0.0/openssl-1.0.0.license Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,127 +0,0 @@ - - LICENSE ISSUES - ============== - - The OpenSSL toolkit stays under a dual license, i.e. both the conditions of - the OpenSSL License and the original SSLeay license apply to the toolkit. - See below for the actual license texts. Actually both licenses are BSD-style - Open Source licenses. In case of any license issues related to OpenSSL - please contact openssl-core@openssl.org. - - OpenSSL License - --------------- - -/* ==================================================================== - * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - - Original SSLeay License - ----------------------- - -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/openssl-1.0.0.p5m --- a/components/openssl/openssl-1.0.0/openssl-1.0.0.p5m Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1417 +0,0 @@ -# -# CDDL HEADER START -# -# The contents of this file are subject to the terms of the -# Common Development and Distribution License (the "License"). -# You may not use this file except in compliance with the License. -# -# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE -# or http://www.opensolaris.org/os/licensing. -# See the License for the specific language governing permissions -# and limitations under the License. -# -# When distributing Covered Code, include this CDDL HEADER in each -# file and include the License file at usr/src/OPENSOLARIS.LICENSE. -# If applicable, add the following below this CDDL HEADER, with the -# fields enclosed by brackets "[]" replaced with your own identifying -# information: Portions Copyright [yyyy] [name of copyright owner] -# -# CDDL HEADER END -# -# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved. -# - - default mangler.man.stability uncommitted> -set name=pkg.fmri \ - value=pkg:/library/security/openssl@$(IPS_COMPONENT_VERSION),$(BUILD_VERSION) -set name=pkg.human-version value=$(COMPONENT_VERSION) -set name=pkg.description \ - value="OpenSSL is a full-featured toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library." -set name=pkg.summary value="OpenSSL - a Toolkit for Secure Sockets Layer (SSL v2/v3) and Transport Layer (TLS v1) protocols and general purpose cryptographic library" -set name=com.oracle.info.description value="OpenSSL" -set name=info.classification \ - value="org.opensolaris.category.2008:System/Security" -set name=info.source-url value=$(COMPONENT_ARCHIVE_URL) -set name=info.upstream-url value=$(COMPONENT_PROJECT_URL) -set name=org.opensolaris.arc-caseid \ - value=PSARC/2011/025 -set name=org.opensolaris.consolidation value=$(CONSOLIDATION) -# Basic directories, links, and a configuration file. -dir path=etc -dir path=etc/openssl group=sys -file path=etc/openssl/openssl.cnf group=sys mode=0644 original_name=SUNWopenssl:etc/sfw/openssl/openssl.cnf preserve=true -dir path=etc/openssl/certs group=sys -dir path=etc/openssl/private group=sys mode=0700 -dir path=etc/sfw -link path=etc/sfw/openssl target=../openssl -dir path=lib -dir path=lib/$(MACH64) -dir path=lib/openssl -dir path=lib/openssl/engines -link path=lib/openssl/engines/64 target=$(MACH64) -dir path=lib/openssl/engines/$(MACH64) -dir path=usr/lib -dir path=usr/lib/$(MACH64) -# Commands. -dir path=usr -dir path=usr/bin -file $(MACH64)/apps/openssl path=usr/bin/openssl -file etc/openssl/misc/CA.pl path=usr/bin/CA.pl -dir path=usr/sfw -dir path=usr/sfw/bin -link path=usr/sfw/bin/openssl target=../../bin/openssl -dir path=usr/bin/$(MACH32) -file $(MACH32)/apps/openssl path=usr/bin/$(MACH32)/openssl -dir path=usr/bin/$(MACH64) -dir path=usr/sfw/bin/$(MACH64) -link path=usr/bin/$(MACH64)/openssl target=../openssl -link path=usr/sfw/bin/$(MACH64)/openssl target=../../../bin/openssl -# 32 bit libraries, lint libraries, and engines. -file $(MACH32)/libcrypto.so.1.0.0 path=lib/libcrypto.so.1.0.0 -link path=lib/libcrypto.so target=libcrypto.so.1.0.0 -file $(MACH32)/libssl.so.1.0.0 path=lib/libssl.so.1.0.0 -link path=lib/libssl.so target=libssl.so.1.0.0 -file llib-lcrypto path=lib/llib-lcrypto -file $(MACH32)/llib-lcrypto.ln path=lib/llib-lcrypto.ln -file llib-lssl path=lib/llib-lssl -file $(MACH32)/llib-lssl.ln path=lib/llib-lssl.ln -file $(MACH32)/engines/libdevcrypto.so path=lib/openssl/engines/libdevcrypto.so.1 -link path=lib/openssl/engines/libdevcrypto.so target=libdevcrypto.so.1 -link path=usr/lib/libcrypto.so target=../../lib/libcrypto.so -link path=usr/lib/libcrypto.so.1.0.0 target=../../lib/libcrypto.so.1.0.0 -link path=usr/lib/libssl.so target=../../lib/libssl.so -link path=usr/lib/libssl.so.1.0.0 target=../../lib/libssl.so.1.0.0 -# 64 bit libraries, lint libraries, and engines. -file $(MACH64)/libcrypto.so.1.0.0 path=lib/$(MACH64)/libcrypto.so.1.0.0 -link path=lib/$(MACH64)/libcrypto.so target=libcrypto.so.1.0.0 -file $(MACH64)/libssl.so.1.0.0 path=lib/$(MACH64)/libssl.so.1.0.0 -link path=lib/$(MACH64)/libssl.so target=libssl.so.1.0.0 -file llib-lcrypto path=lib/$(MACH64)/llib-lcrypto -file $(MACH64)/llib-lcrypto.ln path=lib/$(MACH64)/llib-lcrypto.ln -file llib-lssl path=lib/$(MACH64)/llib-lssl -file $(MACH64)/llib-lssl.ln path=lib/$(MACH64)/llib-lssl.ln -file $(MACH64)/engines/libdevcrypto.so path=lib/openssl/engines/$(MACH64)/libdevcrypto.so.1 -link path=lib/openssl/engines/$(MACH64)/libdevcrypto.so target=libdevcrypto.so.1 -link path=usr/lib/$(MACH64)/libcrypto.so target=../../../lib/$(MACH64)/libcrypto.so -link path=usr/lib/$(MACH64)/libcrypto.so.1.0.0 target=../../../lib/$(MACH64)/libcrypto.so.1.0.0 -link path=usr/lib/$(MACH64)/libssl.so target=../../../lib/$(MACH64)/libssl.so -link path=usr/lib/$(MACH64)/libssl.so.1.0.0 target=../../../lib/$(MACH64)/libssl.so.1.0.0 -# Header and pkg files. -dir path=usr/include -dir path=usr/include/openssl -dir path=usr/lib/pkgconfig -dir path=usr/lib/$(MACH64)/pkgconfig -file $(MACH32)/openssl.pc path=usr/lib/pkgconfig/openssl.pc -file $(MACH64)/openssl.pc path=usr/lib/$(MACH64)/pkgconfig/openssl.pc -file path=usr/include/openssl/aes.h -file path=usr/include/openssl/asn1.h -file path=usr/include/openssl/asn1_mac.h -file path=usr/include/openssl/asn1t.h -file path=usr/include/openssl/bio.h -file path=usr/include/openssl/blowfish.h -file path=usr/include/openssl/bn.h -file path=usr/include/openssl/buffer.h -file path=usr/include/openssl/camellia.h -file path=usr/include/openssl/cast.h -file path=usr/include/openssl/cms.h -file path=usr/include/openssl/comp.h -file path=usr/include/openssl/conf.h -file path=usr/include/openssl/conf_api.h -file path=usr/include/openssl/crypto.h -file path=usr/include/openssl/des.h -file path=usr/include/openssl/des_old.h -file path=usr/include/openssl/dh.h -file path=usr/include/openssl/dsa.h -file path=usr/include/openssl/dso.h -file path=usr/include/openssl/dtls1.h -file path=usr/include/openssl/e_os2.h -file path=usr/include/openssl/ebcdic.h -file path=usr/include/openssl/engine.h -file path=usr/include/openssl/err.h -file path=usr/include/openssl/evp.h -file path=usr/include/openssl/hmac.h -file path=usr/include/openssl/krb5_asn.h -file path=usr/include/openssl/kssl.h -file path=usr/include/openssl/lhash.h -file path=usr/include/openssl/md2.h -file path=usr/include/openssl/md4.h -file path=usr/include/openssl/md5.h -file path=usr/include/openssl/modes.h -file path=usr/include/openssl/obj_mac.h -file path=usr/include/openssl/objects.h -file path=usr/include/openssl/ocsp.h -# A special case. This header file is patched but possibly overwritten in the -# proto are with the 64 bit install. We must use the one from the 32 bit build -# which is the one we have a patch for. -file $(MACH32)/include/openssl/opensslconf.h path=usr/include/openssl/opensslconf.h -file path=usr/include/openssl/opensslv.h -file path=usr/include/openssl/ossl_typ.h -file path=usr/include/openssl/pem.h -file path=usr/include/openssl/pem2.h -file path=usr/include/openssl/pkcs12.h -file path=usr/include/openssl/pkcs7.h -file path=usr/include/openssl/pqueue.h -file path=usr/include/openssl/rand.h -file path=usr/include/openssl/rc2.h -file path=usr/include/openssl/rc4.h -file path=usr/include/openssl/ripemd.h -file path=usr/include/openssl/rsa.h -file path=usr/include/openssl/safestack.h -file path=usr/include/openssl/sha.h -file path=usr/include/openssl/ssl.h -file path=usr/include/openssl/ssl2.h -file path=usr/include/openssl/ssl23.h -file path=usr/include/openssl/ssl3.h -file path=usr/include/openssl/stack.h -file path=usr/include/openssl/symhacks.h -file path=usr/include/openssl/tls1.h -file path=usr/include/openssl/ts.h -file path=usr/include/openssl/txt_db.h -file path=usr/include/openssl/ui.h -file path=usr/include/openssl/ui_compat.h -file path=usr/include/openssl/x509.h -file path=usr/include/openssl/x509_vfy.h -file path=usr/include/openssl/x509v3.h -# Wanboot static standalone openssl binaries -dir path=/lib -dir path=/lib/openssl -dir path=/lib/openssl/wanboot -dir path=/lib/openssl/wanboot/$(MACH64) -file path=/lib/openssl/wanboot/$(MACH64)/wanboot-openssl.o \ - variant.arch=sparc \ - pkg.depend.bypass-generate=.* \ - pkg.linted.userland.action001=true -# Manual pages. -dir path=usr/share -dir path=usr/share/man -dir path=usr/share/man/man1openssl -dir path=usr/share/man/man3openssl -dir path=usr/share/man/man5openssl -dir path=usr/share/man/man7openssl -file path=usr/share/man/man1openssl/CA.pl.1openssl -file path=usr/share/man/man1openssl/asn1parse.1openssl -file path=usr/share/man/man1openssl/ca.1openssl -file path=usr/share/man/man1openssl/ciphers.1openssl -file path=usr/share/man/man1openssl/crl.1openssl -file path=usr/share/man/man1openssl/crl2pkcs7.1openssl -file path=usr/share/man/man1openssl/dgst.1openssl -file path=usr/share/man/man1openssl/dhparam.1openssl -file path=usr/share/man/man1openssl/dsa.1openssl -file path=usr/share/man/man1openssl/dsaparam.1openssl -file path=usr/share/man/man1openssl/ec.1openssl -file path=usr/share/man/man1openssl/ecparam.1openssl -file path=usr/share/man/man1openssl/enc.1openssl -file path=usr/share/man/man1openssl/errstr.1openssl -file path=usr/share/man/man1openssl/gendsa.1openssl -file path=usr/share/man/man1openssl/genrsa.1openssl -file path=usr/share/man/man1openssl/nseq.1openssl -file path=usr/share/man/man1openssl/ocsp.1openssl -file path=usr/share/man/man1openssl/openssl.1openssl -file path=usr/share/man/man1openssl/passwd.1openssl -file path=usr/share/man/man1openssl/pkcs12.1openssl -file path=usr/share/man/man1openssl/pkcs7.1openssl -file path=usr/share/man/man1openssl/pkcs8.1openssl -file path=usr/share/man/man1openssl/rand.1openssl -file path=usr/share/man/man1openssl/req.1openssl -file path=usr/share/man/man1openssl/rsa.1openssl -file path=usr/share/man/man1openssl/rsautl.1openssl -file path=usr/share/man/man1openssl/s_client.1openssl -file path=usr/share/man/man1openssl/s_server.1openssl -file path=usr/share/man/man1openssl/s_time.1openssl -file path=usr/share/man/man1openssl/sess_id.1openssl -file path=usr/share/man/man1openssl/smime.1openssl -file path=usr/share/man/man1openssl/speed.1openssl -file path=usr/share/man/man1openssl/spkac.1openssl -file path=usr/share/man/man1openssl/verify.1openssl -file path=usr/share/man/man1openssl/version.1openssl -file path=usr/share/man/man1openssl/x509.1openssl -file path=usr/share/man/man1openssl/genpkey.1openssl -file path=usr/share/man/man1openssl/pkeyutl.1openssl -file path=usr/share/man/man1openssl/pkey.1openssl -file path=usr/share/man/man1openssl/tsget.1openssl -file path=usr/share/man/man1openssl/cms.1openssl -file path=usr/share/man/man1openssl/ts.1openssl -file path=usr/share/man/man3openssl/ASN1_OBJECT_new.3openssl -file path=usr/share/man/man3openssl/ASN1_STRING_length.3openssl -file path=usr/share/man/man3openssl/ASN1_STRING_new.3openssl -file path=usr/share/man/man3openssl/ASN1_STRING_print_ex.3openssl -file path=usr/share/man/man3openssl/ASN1_generate_nconf.3openssl -file path=usr/share/man/man3openssl/BIO_ctrl.3openssl -file path=usr/share/man/man3openssl/BIO_f_base64.3openssl -file path=usr/share/man/man3openssl/BIO_f_buffer.3openssl -file path=usr/share/man/man3openssl/BIO_f_cipher.3openssl -file path=usr/share/man/man3openssl/BIO_f_md.3openssl -file path=usr/share/man/man3openssl/BIO_f_null.3openssl -file path=usr/share/man/man3openssl/BIO_f_ssl.3openssl -file path=usr/share/man/man3openssl/BIO_find_type.3openssl -file path=usr/share/man/man3openssl/BIO_new.3openssl -file path=usr/share/man/man3openssl/BIO_push.3openssl -file path=usr/share/man/man3openssl/BIO_read.3openssl -file path=usr/share/man/man3openssl/BIO_s_accept.3openssl -file path=usr/share/man/man3openssl/BIO_s_bio.3openssl -file path=usr/share/man/man3openssl/BIO_s_connect.3openssl -file path=usr/share/man/man3openssl/BIO_s_fd.3openssl -file path=usr/share/man/man3openssl/BIO_s_file.3openssl -file path=usr/share/man/man3openssl/BIO_s_mem.3openssl -file path=usr/share/man/man3openssl/BIO_s_null.3openssl -file path=usr/share/man/man3openssl/BIO_s_socket.3openssl -file path=usr/share/man/man3openssl/BIO_set_callback.3openssl -file path=usr/share/man/man3openssl/BIO_should_retry.3openssl -file path=usr/share/man/man3openssl/BN_BLINDING_new.3openssl -file path=usr/share/man/man3openssl/BN_CTX_new.3openssl -file path=usr/share/man/man3openssl/BN_CTX_start.3openssl -file path=usr/share/man/man3openssl/BN_add.3openssl -file path=usr/share/man/man3openssl/BN_add_word.3openssl -file path=usr/share/man/man3openssl/BN_bn2bin.3openssl -file path=usr/share/man/man3openssl/BN_cmp.3openssl -file path=usr/share/man/man3openssl/BN_copy.3openssl -file path=usr/share/man/man3openssl/BN_generate_prime.3openssl -file path=usr/share/man/man3openssl/BN_mod_inverse.3openssl -file path=usr/share/man/man3openssl/BN_mod_mul_montgomery.3openssl -file path=usr/share/man/man3openssl/BN_mod_mul_reciprocal.3openssl -file path=usr/share/man/man3openssl/BN_new.3openssl -file path=usr/share/man/man3openssl/BN_num_bytes.3openssl -file path=usr/share/man/man3openssl/BN_rand.3openssl -file path=usr/share/man/man3openssl/BN_set_bit.3openssl -file path=usr/share/man/man3openssl/BN_swap.3openssl -file path=usr/share/man/man3openssl/BN_zero.3openssl -file path=usr/share/man/man3openssl/CONF_modules_free.3openssl -file path=usr/share/man/man3openssl/CONF_modules_load_file.3openssl -file path=usr/share/man/man3openssl/CRYPTO_set_ex_data.3openssl -file path=usr/share/man/man3openssl/DH_generate_key.3openssl -file path=usr/share/man/man3openssl/DH_generate_parameters.3openssl -file path=usr/share/man/man3openssl/DH_get_ex_new_index.3openssl -file path=usr/share/man/man3openssl/DH_new.3openssl -file path=usr/share/man/man3openssl/DH_set_method.3openssl -file path=usr/share/man/man3openssl/DH_size.3openssl -file path=usr/share/man/man3openssl/DSA_SIG_new.3openssl -file path=usr/share/man/man3openssl/DSA_do_sign.3openssl -file path=usr/share/man/man3openssl/DSA_dup_DH.3openssl -file path=usr/share/man/man3openssl/DSA_generate_key.3openssl -file path=usr/share/man/man3openssl/DSA_generate_parameters.3openssl -file path=usr/share/man/man3openssl/DSA_get_ex_new_index.3openssl -file path=usr/share/man/man3openssl/DSA_new.3openssl -file path=usr/share/man/man3openssl/DSA_set_method.3openssl -file path=usr/share/man/man3openssl/DSA_sign.3openssl -file path=usr/share/man/man3openssl/DSA_size.3openssl -file path=usr/share/man/man3openssl/ERR_GET_LIB.3openssl -file path=usr/share/man/man3openssl/ERR_clear_error.3openssl -file path=usr/share/man/man3openssl/ERR_error_string.3openssl -file path=usr/share/man/man3openssl/ERR_get_error.3openssl -file path=usr/share/man/man3openssl/ERR_load_crypto_strings.3openssl -file path=usr/share/man/man3openssl/ERR_load_strings.3openssl -file path=usr/share/man/man3openssl/ERR_print_errors.3openssl -file path=usr/share/man/man3openssl/ERR_put_error.3openssl -file path=usr/share/man/man3openssl/ERR_remove_state.3openssl -file path=usr/share/man/man3openssl/ERR_set_mark.3openssl -file path=usr/share/man/man3openssl/EVP_BytesToKey.3openssl -file path=usr/share/man/man3openssl/EVP_DigestInit.3openssl -file path=usr/share/man/man3openssl/EVP_EncryptInit.3openssl -file path=usr/share/man/man3openssl/EVP_OpenInit.3openssl -file path=usr/share/man/man3openssl/EVP_PKEY_new.3openssl -file path=usr/share/man/man3openssl/EVP_PKEY_set1_RSA.3openssl -file path=usr/share/man/man3openssl/EVP_SealInit.3openssl -file path=usr/share/man/man3openssl/EVP_SignInit.3openssl -file path=usr/share/man/man3openssl/EVP_VerifyInit.3openssl -file path=usr/share/man/man3openssl/OBJ_nid2obj.3openssl -file path=usr/share/man/man3openssl/OPENSSL_Applink.3openssl -file path=usr/share/man/man3openssl/OPENSSL_VERSION_NUMBER.3openssl -file path=usr/share/man/man3openssl/OPENSSL_config.3openssl -file path=usr/share/man/man3openssl/OPENSSL_ia32cap.3openssl -file path=usr/share/man/man3openssl/OPENSSL_load_builtin_modules.3openssl -file path=usr/share/man/man3openssl/OpenSSL_add_all_algorithms.3openssl -file path=usr/share/man/man3openssl/PKCS12_create.3openssl -file path=usr/share/man/man3openssl/PKCS12_parse.3openssl -file path=usr/share/man/man3openssl/PKCS7_decrypt.3openssl -file path=usr/share/man/man3openssl/PKCS7_encrypt.3openssl -file path=usr/share/man/man3openssl/PKCS7_sign.3openssl -file path=usr/share/man/man3openssl/PKCS7_verify.3openssl -file path=usr/share/man/man3openssl/RAND_add.3openssl -file path=usr/share/man/man3openssl/RAND_bytes.3openssl -file path=usr/share/man/man3openssl/RAND_cleanup.3openssl -file path=usr/share/man/man3openssl/RAND_egd.3openssl -file path=usr/share/man/man3openssl/RAND_load_file.3openssl -file path=usr/share/man/man3openssl/RAND_set_rand_method.3openssl -file path=usr/share/man/man3openssl/RSA_blinding_on.3openssl -file path=usr/share/man/man3openssl/RSA_check_key.3openssl -file path=usr/share/man/man3openssl/RSA_generate_key.3openssl -file path=usr/share/man/man3openssl/RSA_get_ex_new_index.3openssl -file path=usr/share/man/man3openssl/RSA_new.3openssl -file path=usr/share/man/man3openssl/RSA_padding_add_PKCS1_type_1.3openssl -file path=usr/share/man/man3openssl/RSA_print.3openssl -file path=usr/share/man/man3openssl/RSA_private_encrypt.3openssl -file path=usr/share/man/man3openssl/RSA_public_encrypt.3openssl -file path=usr/share/man/man3openssl/RSA_set_method.3openssl -file path=usr/share/man/man3openssl/RSA_sign.3openssl -file path=usr/share/man/man3openssl/RSA_sign_ASN1_OCTET_STRING.3openssl -file path=usr/share/man/man3openssl/RSA_size.3openssl -file path=usr/share/man/man3openssl/SMIME_read_PKCS7.3openssl -file path=usr/share/man/man3openssl/SMIME_write_PKCS7.3openssl -file path=usr/share/man/man3openssl/SSL_CIPHER_get_name.3openssl -file path=usr/share/man/man3openssl/SSL_COMP_add_compression_method.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_add_extra_chain_cert.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_add_session.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_ctrl.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_flush_sessions.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_free.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_get_ex_new_index.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_get_verify_mode.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_load_verify_locations.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_new.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_sess_number.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_sess_set_cache_size.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_sess_set_get_cb.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_sessions.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_set_cert_store.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_set_cert_verify_callback.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_set_cipher_list.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_set_client_CA_list.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_set_client_cert_cb.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_set_default_passwd_cb.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_set_generate_session_id.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_set_info_callback.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_set_max_cert_list.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_set_mode.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_set_msg_callback.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_set_options.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_set_quiet_shutdown.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_set_session_cache_mode.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_set_session_id_context.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_set_ssl_version.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_set_timeout.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_set_tmp_dh_callback.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_set_tmp_rsa_callback.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_set_verify.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_use_certificate.3openssl -file path=usr/share/man/man3openssl/SSL_SESSION_free.3openssl -file path=usr/share/man/man3openssl/SSL_SESSION_get_ex_new_index.3openssl -file path=usr/share/man/man3openssl/SSL_SESSION_get_time.3openssl -file path=usr/share/man/man3openssl/SSL_accept.3openssl -file path=usr/share/man/man3openssl/SSL_alert_type_string.3openssl -file path=usr/share/man/man3openssl/SSL_clear.3openssl -file path=usr/share/man/man3openssl/SSL_connect.3openssl -file path=usr/share/man/man3openssl/SSL_do_handshake.3openssl -file path=usr/share/man/man3openssl/SSL_free.3openssl -file path=usr/share/man/man3openssl/SSL_get_SSL_CTX.3openssl -file path=usr/share/man/man3openssl/SSL_get_ciphers.3openssl -file path=usr/share/man/man3openssl/SSL_get_client_CA_list.3openssl -file path=usr/share/man/man3openssl/SSL_get_current_cipher.3openssl -file path=usr/share/man/man3openssl/SSL_get_default_timeout.3openssl -file path=usr/share/man/man3openssl/SSL_get_error.3openssl -file path=usr/share/man/man3openssl/SSL_get_ex_data_X509_STORE_CTX_idx.3openssl -file path=usr/share/man/man3openssl/SSL_get_ex_new_index.3openssl -file path=usr/share/man/man3openssl/SSL_get_fd.3openssl -file path=usr/share/man/man3openssl/SSL_get_peer_cert_chain.3openssl -file path=usr/share/man/man3openssl/SSL_get_peer_certificate.3openssl -file path=usr/share/man/man3openssl/SSL_get_rbio.3openssl -file path=usr/share/man/man3openssl/SSL_get_session.3openssl -file path=usr/share/man/man3openssl/SSL_get_verify_result.3openssl -file path=usr/share/man/man3openssl/SSL_get_version.3openssl -file path=usr/share/man/man3openssl/SSL_library_init.3openssl -file path=usr/share/man/man3openssl/SSL_load_client_CA_file.3openssl -file path=usr/share/man/man3openssl/SSL_new.3openssl -file path=usr/share/man/man3openssl/SSL_pending.3openssl -file path=usr/share/man/man3openssl/SSL_read.3openssl -file path=usr/share/man/man3openssl/SSL_rstate_string.3openssl -file path=usr/share/man/man3openssl/SSL_session_reused.3openssl -file path=usr/share/man/man3openssl/SSL_set_bio.3openssl -file path=usr/share/man/man3openssl/SSL_set_connect_state.3openssl -file path=usr/share/man/man3openssl/SSL_set_fd.3openssl -file path=usr/share/man/man3openssl/SSL_set_session.3openssl -file path=usr/share/man/man3openssl/SSL_set_shutdown.3openssl -file path=usr/share/man/man3openssl/SSL_set_verify_result.3openssl -file path=usr/share/man/man3openssl/SSL_shutdown.3openssl -file path=usr/share/man/man3openssl/SSL_state_string.3openssl -file path=usr/share/man/man3openssl/SSL_want.3openssl -file path=usr/share/man/man3openssl/SSL_write.3openssl -file path=usr/share/man/man3openssl/X509_NAME_ENTRY_get_object.3openssl -file path=usr/share/man/man3openssl/X509_NAME_add_entry_by_txt.3openssl -file path=usr/share/man/man3openssl/X509_NAME_get_index_by_NID.3openssl -file path=usr/share/man/man3openssl/X509_NAME_print_ex.3openssl -file path=usr/share/man/man3openssl/X509_new.3openssl -file path=usr/share/man/man3openssl/bio.3openssl -file path=usr/share/man/man3openssl/blowfish.3openssl -file path=usr/share/man/man3openssl/bn.3openssl -file path=usr/share/man/man3openssl/bn_internal.3openssl -file path=usr/share/man/man3openssl/buffer.3openssl -file path=usr/share/man/man3openssl/crypto.3openssl -file path=usr/share/man/man3openssl/d2i_ASN1_OBJECT.3openssl -file path=usr/share/man/man3openssl/d2i_DHparams.3openssl -file path=usr/share/man/man3openssl/d2i_DSAPublicKey.3openssl -file path=usr/share/man/man3openssl/d2i_PKCS8PrivateKey.3openssl -file path=usr/share/man/man3openssl/d2i_RSAPublicKey.3openssl -file path=usr/share/man/man3openssl/d2i_X509.3openssl -file path=usr/share/man/man3openssl/d2i_X509_ALGOR.3openssl -file path=usr/share/man/man3openssl/d2i_X509_CRL.3openssl -file path=usr/share/man/man3openssl/d2i_X509_NAME.3openssl -file path=usr/share/man/man3openssl/d2i_X509_REQ.3openssl -file path=usr/share/man/man3openssl/d2i_X509_SIG.3openssl -file path=usr/share/man/man3openssl/des.3openssl -file path=usr/share/man/man3openssl/dh.3openssl -file path=usr/share/man/man3openssl/dsa.3openssl -file path=usr/share/man/man3openssl/ecdsa.3openssl -file path=usr/share/man/man3openssl/engine.3openssl -file path=usr/share/man/man3openssl/err.3openssl -file path=usr/share/man/man3openssl/evp.3openssl -file path=usr/share/man/man3openssl/hmac.3openssl -file path=usr/share/man/man3openssl/lh_stats.3openssl -file path=usr/share/man/man3openssl/lhash.3openssl -file path=usr/share/man/man3openssl/md5.3openssl -file path=usr/share/man/man3openssl/mdc2.3openssl -file path=usr/share/man/man3openssl/pem.3openssl -file path=usr/share/man/man3openssl/rand.3openssl -file path=usr/share/man/man3openssl/rc4.3openssl -file path=usr/share/man/man3openssl/ripemd.3openssl -file path=usr/share/man/man3openssl/rsa.3openssl -file path=usr/share/man/man3openssl/sha.3openssl -file path=usr/share/man/man3openssl/threads.3openssl -file path=usr/share/man/man3openssl/ui.3openssl -file path=usr/share/man/man3openssl/ui_compat.3openssl -file path=usr/share/man/man3openssl/x509.3openssl -file path=usr/share/man/man3openssl/d2i_SSL_SESSION.3openssl -file path=usr/share/man/man3openssl/ssl.3openssl -file path=usr/share/man/man3openssl/CMS_sign.3openssl -file path=usr/share/man/man3openssl/CMS_final.3openssl -file path=usr/share/man/man3openssl/BIO_new_CMS.3openssl -file path=usr/share/man/man1openssl/pkeyparam.1openssl -file path=usr/share/man/man3openssl/CMS_verify.3openssl -file path=usr/share/man/man3openssl/EVP_PKEY_cmp.3openssl -file path=usr/share/man/man3openssl/CMS_decrypt.3openssl -file path=usr/share/man/man3openssl/CMS_encrypt.3openssl -file path=usr/share/man/man3openssl/EVP_PKEY_sign.3openssl -file path=usr/share/man/man3openssl/CMS_add0_cert.3openssl -file path=usr/share/man/man3openssl/CMS_compress.3openssl -file path=usr/share/man/man3openssl/SMIME_read_CMS.3openssl -file path=usr/share/man/man3openssl/CMS_get0_type.3openssl -file path=usr/share/man/man3openssl/SMIME_write_CMS.3openssl -file path=usr/share/man/man3openssl/EVP_PKEY_derive.3openssl -file path=usr/share/man/man3openssl/EVP_PKEY_keygen.3openssl -file path=usr/share/man/man3openssl/EVP_PKEY_verify.3openssl -file path=usr/share/man/man3openssl/EVP_PKEY_CTX_new.3openssl -file path=usr/share/man/man3openssl/CMS_uncompress.3openssl -file path=usr/share/man/man3openssl/X509_STORE_CTX_new.3openssl -file path=usr/share/man/man3openssl/EVP_PKEY_decrypt.3openssl -file path=usr/share/man/man3openssl/EVP_PKEY_CTX_ctrl.3openssl -file path=usr/share/man/man3openssl/EVP_PKEY_encrypt.3openssl -file path=usr/share/man/man3openssl/X509_verify_cert.3openssl -file path=usr/share/man/man3openssl/CMS_sign_receipt.3openssl -file path=usr/share/man/man3openssl/i2d_CMS_bio_stream.3openssl -file path=usr/share/man/man3openssl/EVP_DigestSignInit.3openssl -file path=usr/share/man/man3openssl/CMS_verify_receipt.3openssl -file path=usr/share/man/man3openssl/i2d_PKCS7_bio_stream.3openssl -file path=usr/share/man/man3openssl/CMS_get0_SignerInfos.3openssl -file path=usr/share/man/man3openssl/CMS_sign_add1_signer.3openssl -file path=usr/share/man/man3openssl/EVP_DigestVerifyInit.3openssl -file path=usr/share/man/man3openssl/PKCS7_sign_add_signer.3openssl -file path=usr/share/man/man3openssl/SSL_get_psk_identity.3openssl -file path=usr/share/man/man3openssl/X509_STORE_CTX_get_error.3openssl -file path=usr/share/man/man3openssl/EVP_PKEY_print_private.3openssl -file path=usr/share/man/man3openssl/EVP_PKEY_verify_recover.3openssl -file path=usr/share/man/man3openssl/CMS_get0_RecipientInfos.3openssl -file path=usr/share/man/man3openssl/CMS_get1_ReceiptRequest.3openssl -file path=usr/share/man/man3openssl/CMS_add1_recipient_cert.3openssl -file path=usr/share/man/man3openssl/X509_VERIFY_PARAM_set_flags.3openssl -file path=usr/share/man/man3openssl/PEM_write_bio_CMS_stream.3openssl -file path=usr/share/man/man3openssl/PEM_write_bio_PKCS7_stream.3openssl -file path=usr/share/man/man3openssl/X509_STORE_CTX_set_verify_cb.3openssl -file path=usr/share/man/man3openssl/EVP_PKEY_get_default_digest.3openssl -file path=usr/share/man/man3openssl/X509_STORE_set_verify_cb_func.3openssl -file path=usr/share/man/man3openssl/X509_STORE_CTX_get_ex_new_index.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_use_psk_identity_hint.3openssl -file path=usr/share/man/man3openssl/SSL_CTX_set_psk_client_callback.3openssl -file path=usr/share/man/man5openssl/config.5openssl -file path=usr/share/man/man5openssl/x509v3_config.5openssl -file path=usr/share/man/man7openssl/des_modes.7openssl -link path=usr/share/man/man1openssl/md5.1openssl target=dgst.1openssl -link path=usr/share/man/man1openssl/md4.1openssl target=dgst.1openssl -link path=usr/share/man/man1openssl/md2.1openssl target=dgst.1openssl -link path=usr/share/man/man1openssl/sha1.1openssl target=dgst.1openssl -link path=usr/share/man/man1openssl/sha.1openssl target=dgst.1openssl -link path=usr/share/man/man1openssl/mdc2.1openssl target=dgst.1openssl -link path=usr/share/man/man1openssl/ripemd160.1openssl target=dgst.1openssl -link path=usr/share/man/man3openssl/ASN1_OBJECT_free.3openssl target=ASN1_OBJECT_new.3openssl -link path=usr/share/man/man3openssl/ASN1_STRING_cmp.3openssl target=ASN1_STRING_length.3openssl -link path=usr/share/man/man3openssl/ASN1_STRING_data.3openssl target=ASN1_STRING_length.3openssl -link path=usr/share/man/man3openssl/ASN1_STRING_dup.3openssl target=ASN1_STRING_length.3openssl -link path=usr/share/man/man3openssl/ASN1_STRING_free.3openssl target=ASN1_STRING_new.3openssl -link path=usr/share/man/man3openssl/ASN1_STRING_length_set.3openssl target=ASN1_STRING_length.3openssl -link path=usr/share/man/man3openssl/ASN1_STRING_print_ex_fp.3openssl target=ASN1_STRING_print_ex.3openssl -link path=usr/share/man/man3openssl/ASN1_STRING_set.3openssl target=ASN1_STRING_length.3openssl -link path=usr/share/man/man3openssl/ASN1_STRING_type.3openssl target=ASN1_STRING_length.3openssl -link path=usr/share/man/man3openssl/ASN1_STRING_type_new.3openssl target=ASN1_STRING_new.3openssl -link path=usr/share/man/man3openssl/ASN1_generate_v3.3openssl target=ASN1_generate_nconf.3openssl -link path=usr/share/man/man3openssl/BF_cbc_encrypt.3openssl target=blowfish.3openssl -link path=usr/share/man/man3openssl/BF_cfb64_encrypt.3openssl target=blowfish.3openssl -link path=usr/share/man/man3openssl/BF_decrypt.3openssl target=blowfish.3openssl -link path=usr/share/man/man3openssl/BF_ecb_encrypt.3openssl target=blowfish.3openssl -link path=usr/share/man/man3openssl/BF_encrypt.3openssl target=blowfish.3openssl -link path=usr/share/man/man3openssl/BF_ofb64_encrypt.3openssl target=blowfish.3openssl -link path=usr/share/man/man3openssl/BF_options.3openssl target=blowfish.3openssl -link path=usr/share/man/man3openssl/BF_set_key.3openssl target=blowfish.3openssl -link path=usr/share/man/man3openssl/BIO_append_filename.3openssl target=BIO_s_file.3openssl -link path=usr/share/man/man3openssl/BIO_callback_ctrl.3openssl target=BIO_ctrl.3openssl -link path=usr/share/man/man3openssl/BIO_ctrl_get_read_request.3openssl target=BIO_s_bio.3openssl -link path=usr/share/man/man3openssl/BIO_ctrl_get_write_guarantee.3openssl target=BIO_s_bio.3openssl -link path=usr/share/man/man3openssl/BIO_ctrl_pending.3openssl target=BIO_ctrl.3openssl -link path=usr/share/man/man3openssl/BIO_ctrl_reset_read_request.3openssl target=BIO_s_bio.3openssl -link path=usr/share/man/man3openssl/BIO_ctrl_wpending.3openssl target=BIO_ctrl.3openssl -link path=usr/share/man/man3openssl/BIO_debug_callback.3openssl target=BIO_set_callback.3openssl -link path=usr/share/man/man3openssl/BIO_destroy_bio_pair.3openssl target=BIO_s_bio.3openssl -link path=usr/share/man/man3openssl/BIO_do_accept.3openssl target=BIO_s_accept.3openssl -link path=usr/share/man/man3openssl/BIO_do_connect.3openssl target=BIO_s_connect.3openssl -link path=usr/share/man/man3openssl/BIO_eof.3openssl target=BIO_ctrl.3openssl -link path=usr/share/man/man3openssl/BIO_flush.3openssl target=BIO_ctrl.3openssl -link path=usr/share/man/man3openssl/BIO_free.3openssl target=BIO_new.3openssl -link path=usr/share/man/man3openssl/BIO_free_all.3openssl target=BIO_new.3openssl -link path=usr/share/man/man3openssl/BIO_get_accept_port.3openssl target=BIO_s_accept.3openssl -link path=usr/share/man/man3openssl/BIO_get_bind_mode.3openssl target=BIO_s_accept.3openssl -link path=usr/share/man/man3openssl/BIO_get_callback.3openssl target=BIO_set_callback.3openssl -link path=usr/share/man/man3openssl/BIO_get_callback_arg.3openssl target=BIO_set_callback.3openssl -link path=usr/share/man/man3openssl/BIO_get_cipher_ctx.3openssl target=BIO_f_cipher.3openssl -link path=usr/share/man/man3openssl/BIO_get_cipher_status.3openssl target=BIO_f_cipher.3openssl -link path=usr/share/man/man3openssl/BIO_get_close.3openssl target=BIO_ctrl.3openssl -link path=usr/share/man/man3openssl/BIO_get_conn_hostname.3openssl target=BIO_s_connect.3openssl -link path=usr/share/man/man3openssl/BIO_get_conn_int_port.3openssl target=BIO_s_connect.3openssl -link path=usr/share/man/man3openssl/BIO_get_conn_ip.3openssl target=BIO_s_connect.3openssl -link path=usr/share/man/man3openssl/BIO_get_conn_port.3openssl target=BIO_s_connect.3openssl -link path=usr/share/man/man3openssl/BIO_get_fd.3openssl target=BIO_s_fd.3openssl -link path=usr/share/man/man3openssl/BIO_get_fp.3openssl target=BIO_s_file.3openssl -link path=usr/share/man/man3openssl/BIO_get_info_callback.3openssl target=BIO_ctrl.3openssl -link path=usr/share/man/man3openssl/BIO_get_md.3openssl target=BIO_f_md.3openssl -link path=usr/share/man/man3openssl/BIO_get_md_ctx.3openssl target=BIO_f_md.3openssl -link path=usr/share/man/man3openssl/BIO_get_mem_data.3openssl target=BIO_s_mem.3openssl -link path=usr/share/man/man3openssl/BIO_get_mem_ptr.3openssl target=BIO_s_mem.3openssl -link path=usr/share/man/man3openssl/BIO_get_num_renegotiates.3openssl target=BIO_f_ssl.3openssl -link path=usr/share/man/man3openssl/BIO_get_read_request.3openssl target=BIO_s_bio.3openssl -link path=usr/share/man/man3openssl/BIO_get_retry_BIO.3openssl target=BIO_should_retry.3openssl -link path=usr/share/man/man3openssl/BIO_get_retry_reason.3openssl target=BIO_should_retry.3openssl -link path=usr/share/man/man3openssl/BIO_get_ssl.3openssl target=BIO_f_ssl.3openssl -link path=usr/share/man/man3openssl/BIO_get_write_buf_size.3openssl target=BIO_s_bio.3openssl -link path=usr/share/man/man3openssl/BIO_get_write_guarantee.3openssl target=BIO_s_bio.3openssl -link path=usr/share/man/man3openssl/BIO_gets.3openssl target=BIO_read.3openssl -link path=usr/share/man/man3openssl/BIO_int_ctrl.3openssl target=BIO_ctrl.3openssl -link path=usr/share/man/man3openssl/BIO_make_bio_pair.3openssl target=BIO_s_bio.3openssl -link path=usr/share/man/man3openssl/BIO_new_bio_pair.3openssl target=BIO_s_bio.3openssl -link path=usr/share/man/man3openssl/BIO_new_buffer_ssl_connect.3openssl target=BIO_f_ssl.3openssl -link path=usr/share/man/man3openssl/BIO_new_fd.3openssl target=BIO_s_fd.3openssl -link path=usr/share/man/man3openssl/BIO_new_file.3openssl target=BIO_s_file.3openssl -link path=usr/share/man/man3openssl/BIO_new_fp.3openssl target=BIO_s_file.3openssl -link path=usr/share/man/man3openssl/BIO_new_mem_buf.3openssl target=BIO_s_mem.3openssl -link path=usr/share/man/man3openssl/BIO_new_socket.3openssl target=BIO_s_socket.3openssl -link path=usr/share/man/man3openssl/BIO_new_ssl.3openssl target=BIO_f_ssl.3openssl -link path=usr/share/man/man3openssl/BIO_new_ssl_connect.3openssl target=BIO_f_ssl.3openssl -link path=usr/share/man/man3openssl/BIO_next.3openssl target=BIO_find_type.3openssl -link path=usr/share/man/man3openssl/BIO_pending.3openssl target=BIO_ctrl.3openssl -link path=usr/share/man/man3openssl/BIO_pop.3openssl target=BIO_push.3openssl -link path=usr/share/man/man3openssl/BIO_ptr_ctrl.3openssl target=BIO_ctrl.3openssl -link path=usr/share/man/man3openssl/BIO_puts.3openssl target=BIO_read.3openssl -link path=usr/share/man/man3openssl/BIO_read_filename.3openssl target=BIO_s_file.3openssl -link path=usr/share/man/man3openssl/BIO_reset.3openssl target=BIO_ctrl.3openssl -link path=usr/share/man/man3openssl/BIO_retry_type.3openssl target=BIO_should_retry.3openssl -link path=usr/share/man/man3openssl/BIO_rw_filename.3openssl target=BIO_s_file.3openssl -link path=usr/share/man/man3openssl/BIO_seek.3openssl target=BIO_ctrl.3openssl -link path=usr/share/man/man3openssl/BIO_set.3openssl target=BIO_new.3openssl -link path=usr/share/man/man3openssl/BIO_set_accept_bios.3openssl target=BIO_s_accept.3openssl -link path=usr/share/man/man3openssl/BIO_set_accept_port.3openssl target=BIO_s_accept.3openssl -link path=usr/share/man/man3openssl/BIO_set_bind_mode.3openssl target=BIO_s_accept.3openssl -link path=usr/share/man/man3openssl/BIO_set_callback_arg.3openssl target=BIO_set_callback.3openssl -link path=usr/share/man/man3openssl/BIO_set_cipher.3openssl target=BIO_f_cipher.3openssl -link path=usr/share/man/man3openssl/BIO_set_close.3openssl target=BIO_ctrl.3openssl -link path=usr/share/man/man3openssl/BIO_set_conn_hostname.3openssl target=BIO_s_connect.3openssl -link path=usr/share/man/man3openssl/BIO_set_conn_int_port.3openssl target=BIO_s_connect.3openssl -link path=usr/share/man/man3openssl/BIO_set_conn_ip.3openssl target=BIO_s_connect.3openssl -link path=usr/share/man/man3openssl/BIO_set_conn_port.3openssl target=BIO_s_connect.3openssl -link path=usr/share/man/man3openssl/BIO_set_fd.3openssl target=BIO_s_fd.3openssl -link path=usr/share/man/man3openssl/BIO_set_fp.3openssl target=BIO_s_file.3openssl -link path=usr/share/man/man3openssl/BIO_set_info_callback.3openssl target=BIO_ctrl.3openssl -link path=usr/share/man/man3openssl/BIO_set_md.3openssl target=BIO_f_md.3openssl -link path=usr/share/man/man3openssl/BIO_set_mem_buf.3openssl target=BIO_s_mem.3openssl -link path=usr/share/man/man3openssl/BIO_set_mem_eof_return.3openssl target=BIO_s_mem.3openssl -link path=usr/share/man/man3openssl/BIO_set_nbio.3openssl target=BIO_s_connect.3openssl -link path=usr/share/man/man3openssl/BIO_set_nbio_accept.3openssl target=BIO_s_accept.3openssl -link path=usr/share/man/man3openssl/BIO_set_ssl.3openssl target=BIO_f_ssl.3openssl -link path=usr/share/man/man3openssl/BIO_set_ssl_mode.3openssl target=BIO_f_ssl.3openssl -link path=usr/share/man/man3openssl/BIO_set_ssl_renegotiate_bytes.3openssl target=BIO_f_ssl.3openssl -link path=usr/share/man/man3openssl/BIO_set_ssl_renegotiate_timeout.3openssl target=BIO_f_ssl.3openssl -link path=usr/share/man/man3openssl/BIO_set_write_buf_size.3openssl target=BIO_s_bio.3openssl -link path=usr/share/man/man3openssl/BIO_should_io_special.3openssl target=BIO_should_retry.3openssl -link path=usr/share/man/man3openssl/BIO_should_read.3openssl target=BIO_should_retry.3openssl -link path=usr/share/man/man3openssl/BIO_should_write.3openssl target=BIO_should_retry.3openssl -link path=usr/share/man/man3openssl/BIO_shutdown_wr.3openssl target=BIO_s_bio.3openssl -link path=usr/share/man/man3openssl/BIO_ssl_copy_session_id.3openssl target=BIO_f_ssl.3openssl -link path=usr/share/man/man3openssl/BIO_ssl_shutdown.3openssl target=BIO_f_ssl.3openssl -link path=usr/share/man/man3openssl/BIO_tell.3openssl target=BIO_ctrl.3openssl -link path=usr/share/man/man3openssl/BIO_vfree.3openssl target=BIO_new.3openssl -link path=usr/share/man/man3openssl/BIO_wpending.3openssl target=BIO_ctrl.3openssl -link path=usr/share/man/man3openssl/BIO_write.3openssl target=BIO_read.3openssl -link path=usr/share/man/man3openssl/BIO_write_filename.3openssl target=BIO_s_file.3openssl -link path=usr/share/man/man3openssl/BN_BLINDING_convert.3openssl target=BN_BLINDING_new.3openssl -link path=usr/share/man/man3openssl/BN_BLINDING_convert_ex.3openssl target=BN_BLINDING_new.3openssl -link path=usr/share/man/man3openssl/BN_BLINDING_create_param.3openssl target=BN_BLINDING_new.3openssl -link path=usr/share/man/man3openssl/BN_BLINDING_free.3openssl target=BN_BLINDING_new.3openssl -link path=usr/share/man/man3openssl/BN_BLINDING_get_flags.3openssl target=BN_BLINDING_new.3openssl -link path=usr/share/man/man3openssl/BN_BLINDING_get_thread_id.3openssl target=BN_BLINDING_new.3openssl -link path=usr/share/man/man3openssl/BN_BLINDING_invert.3openssl target=BN_BLINDING_new.3openssl -link path=usr/share/man/man3openssl/BN_BLINDING_invert_ex.3openssl target=BN_BLINDING_new.3openssl -link path=usr/share/man/man3openssl/BN_BLINDING_set_flags.3openssl target=BN_BLINDING_new.3openssl -link path=usr/share/man/man3openssl/BN_BLINDING_set_thread_id.3openssl target=BN_BLINDING_new.3openssl -link path=usr/share/man/man3openssl/BN_BLINDING_update.3openssl target=BN_BLINDING_new.3openssl -link path=usr/share/man/man3openssl/BN_CTX_end.3openssl target=BN_CTX_start.3openssl -link path=usr/share/man/man3openssl/BN_CTX_free.3openssl target=BN_CTX_new.3openssl -link path=usr/share/man/man3openssl/BN_CTX_get.3openssl target=BN_CTX_start.3openssl -link path=usr/share/man/man3openssl/BN_CTX_init.3openssl target=BN_CTX_new.3openssl -link path=usr/share/man/man3openssl/BN_MONT_CTX_copy.3openssl target=BN_mod_mul_montgomery.3openssl -link path=usr/share/man/man3openssl/BN_MONT_CTX_free.3openssl target=BN_mod_mul_montgomery.3openssl -link path=usr/share/man/man3openssl/BN_MONT_CTX_init.3openssl target=BN_mod_mul_montgomery.3openssl -link path=usr/share/man/man3openssl/BN_MONT_CTX_new.3openssl target=BN_mod_mul_montgomery.3openssl -link path=usr/share/man/man3openssl/BN_MONT_CTX_set.3openssl target=BN_mod_mul_montgomery.3openssl -link path=usr/share/man/man3openssl/BN_RECP_CTX_free.3openssl target=BN_mod_mul_reciprocal.3openssl -link path=usr/share/man/man3openssl/BN_RECP_CTX_init.3openssl target=BN_mod_mul_reciprocal.3openssl -link path=usr/share/man/man3openssl/BN_RECP_CTX_new.3openssl target=BN_mod_mul_reciprocal.3openssl -link path=usr/share/man/man3openssl/BN_RECP_CTX_set.3openssl target=BN_mod_mul_reciprocal.3openssl -link path=usr/share/man/man3openssl/BN_bin2bn.3openssl target=BN_bn2bin.3openssl -link path=usr/share/man/man3openssl/BN_bn2dec.3openssl target=BN_bn2bin.3openssl -link path=usr/share/man/man3openssl/BN_bn2hex.3openssl target=BN_bn2bin.3openssl -link path=usr/share/man/man3openssl/BN_bn2mpi.3openssl target=BN_bn2bin.3openssl -link path=usr/share/man/man3openssl/BN_clear.3openssl target=BN_new.3openssl -link path=usr/share/man/man3openssl/BN_clear_bit.3openssl target=BN_set_bit.3openssl -link path=usr/share/man/man3openssl/BN_clear_free.3openssl target=BN_new.3openssl -link path=usr/share/man/man3openssl/BN_dec2bn.3openssl target=BN_bn2bin.3openssl -link path=usr/share/man/man3openssl/BN_div.3openssl target=BN_add.3openssl -link path=usr/share/man/man3openssl/BN_div_recp.3openssl target=BN_mod_mul_reciprocal.3openssl -link path=usr/share/man/man3openssl/BN_div_word.3openssl target=BN_add_word.3openssl -link path=usr/share/man/man3openssl/BN_dup.3openssl target=BN_copy.3openssl -link path=usr/share/man/man3openssl/BN_exp.3openssl target=BN_add.3openssl -link path=usr/share/man/man3openssl/BN_free.3openssl target=BN_new.3openssl -link path=usr/share/man/man3openssl/BN_from_montgomery.3openssl target=BN_mod_mul_montgomery.3openssl -link path=usr/share/man/man3openssl/BN_gcd.3openssl target=BN_add.3openssl -link path=usr/share/man/man3openssl/BN_get_word.3openssl target=BN_zero.3openssl -link path=usr/share/man/man3openssl/BN_hex2bn.3openssl target=BN_bn2bin.3openssl -link path=usr/share/man/man3openssl/BN_init.3openssl target=BN_new.3openssl -link path=usr/share/man/man3openssl/BN_is_bit_set.3openssl target=BN_set_bit.3openssl -link path=usr/share/man/man3openssl/BN_is_odd.3openssl target=BN_cmp.3openssl -link path=usr/share/man/man3openssl/BN_is_one.3openssl target=BN_cmp.3openssl -link path=usr/share/man/man3openssl/BN_is_prime.3openssl target=BN_generate_prime.3openssl -link path=usr/share/man/man3openssl/BN_is_prime_fasttest.3openssl target=BN_generate_prime.3openssl -link path=usr/share/man/man3openssl/BN_is_word.3openssl target=BN_cmp.3openssl -link path=usr/share/man/man3openssl/BN_is_zero.3openssl target=BN_cmp.3openssl -link path=usr/share/man/man3openssl/BN_lshift.3openssl target=BN_set_bit.3openssl -link path=usr/share/man/man3openssl/BN_lshift1.3openssl target=BN_set_bit.3openssl -link path=usr/share/man/man3openssl/BN_mask_bits.3openssl target=BN_set_bit.3openssl -link path=usr/share/man/man3openssl/BN_mod.3openssl target=BN_add.3openssl -link path=usr/share/man/man3openssl/BN_mod_add.3openssl target=BN_add.3openssl -link path=usr/share/man/man3openssl/BN_mod_exp.3openssl target=BN_add.3openssl -link path=usr/share/man/man3openssl/BN_mod_mul.3openssl target=BN_add.3openssl -link path=usr/share/man/man3openssl/BN_mod_sqr.3openssl target=BN_add.3openssl -link path=usr/share/man/man3openssl/BN_mod_sub.3openssl target=BN_add.3openssl -link path=usr/share/man/man3openssl/BN_mod_word.3openssl target=BN_add_word.3openssl -link path=usr/share/man/man3openssl/BN_mpi2bn.3openssl target=BN_bn2bin.3openssl -link path=usr/share/man/man3openssl/BN_mul.3openssl target=BN_add.3openssl -link path=usr/share/man/man3openssl/BN_mul_word.3openssl target=BN_add_word.3openssl -link path=usr/share/man/man3openssl/BN_nnmod.3openssl target=BN_add.3openssl -link path=usr/share/man/man3openssl/BN_num_bits.3openssl target=BN_num_bytes.3openssl -link path=usr/share/man/man3openssl/BN_num_bits_word.3openssl target=BN_num_bytes.3openssl -link path=usr/share/man/man3openssl/BN_one.3openssl target=BN_zero.3openssl -link path=usr/share/man/man3openssl/BN_print.3openssl target=BN_bn2bin.3openssl -link path=usr/share/man/man3openssl/BN_print_fp.3openssl target=BN_bn2bin.3openssl -link path=usr/share/man/man3openssl/BN_pseudo_rand.3openssl target=BN_rand.3openssl -link path=usr/share/man/man3openssl/BN_rshift.3openssl target=BN_set_bit.3openssl -link path=usr/share/man/man3openssl/BN_rshift1.3openssl target=BN_set_bit.3openssl -link path=usr/share/man/man3openssl/BN_set_word.3openssl target=BN_zero.3openssl -link path=usr/share/man/man3openssl/BN_sqr.3openssl target=BN_add.3openssl -link path=usr/share/man/man3openssl/BN_sub.3openssl target=BN_add.3openssl -link path=usr/share/man/man3openssl/BN_sub_word.3openssl target=BN_add_word.3openssl -link path=usr/share/man/man3openssl/BN_to_montgomery.3openssl target=BN_mod_mul_montgomery.3openssl -link path=usr/share/man/man3openssl/BN_ucmp.3openssl target=BN_cmp.3openssl -link path=usr/share/man/man3openssl/BN_value_one.3openssl target=BN_zero.3openssl -link path=usr/share/man/man3openssl/BUF_MEM_free.3openssl target=buffer.3openssl -link path=usr/share/man/man3openssl/BUF_MEM_grow.3openssl target=buffer.3openssl -link path=usr/share/man/man3openssl/BUF_MEM_new.3openssl target=buffer.3openssl -link path=usr/share/man/man3openssl/BUF_strdup.3openssl target=buffer.3openssl -link path=usr/share/man/man3openssl/CONF_modules_finish.3openssl target=CONF_modules_free.3openssl -link path=usr/share/man/man3openssl/CONF_modules_load.3openssl target=CONF_modules_load_file.3openssl -link path=usr/share/man/man3openssl/CONF_modules_unload.3openssl target=CONF_modules_free.3openssl -link path=usr/share/man/man3openssl/CRYPTO_destroy_dynlockid.3openssl target=threads.3openssl -link path=usr/share/man/man3openssl/CRYPTO_get_ex_data.3openssl target=CRYPTO_set_ex_data.3openssl -link path=usr/share/man/man3openssl/CRYPTO_get_new_dynlockid.3openssl target=threads.3openssl -link path=usr/share/man/man3openssl/CRYPTO_lock.3openssl target=threads.3openssl -link path=usr/share/man/man3openssl/CRYPTO_num_locks.3openssl target=threads.3openssl -link path=usr/share/man/man3openssl/CRYPTO_set_dynlock_create_callback.3openssl target=threads.3openssl -link path=usr/share/man/man3openssl/CRYPTO_set_dynlock_destroy_callback.3openssl target=threads.3openssl -link path=usr/share/man/man3openssl/CRYPTO_set_dynlock_lock_callback.3openssl target=threads.3openssl -link path=usr/share/man/man3openssl/CRYPTO_set_locking_callback.3openssl target=threads.3openssl -link path=usr/share/man/man3openssl/DES_cbc_cksum.3openssl target=des.3openssl -link path=usr/share/man/man3openssl/DES_cfb64_encrypt.3openssl target=des.3openssl -link path=usr/share/man/man3openssl/DES_cfb_encrypt.3openssl target=des.3openssl -link path=usr/share/man/man3openssl/DES_crypt.3openssl target=des.3openssl -link path=usr/share/man/man3openssl/DES_ecb2_encrypt.3openssl target=des.3openssl -link path=usr/share/man/man3openssl/DES_ecb3_encrypt.3openssl target=des.3openssl -link path=usr/share/man/man3openssl/DES_ecb_encrypt.3openssl target=des.3openssl -link path=usr/share/man/man3openssl/DES_ede2_cbc_encrypt.3openssl target=des.3openssl -link path=usr/share/man/man3openssl/DES_ede2_cfb64_encrypt.3openssl target=des.3openssl -link path=usr/share/man/man3openssl/DES_ede2_ofb64_encrypt.3openssl target=des.3openssl -link path=usr/share/man/man3openssl/DES_ede3_cbc_encrypt.3openssl target=des.3openssl -link path=usr/share/man/man3openssl/DES_ede3_cbcm_encrypt.3openssl target=des.3openssl -link path=usr/share/man/man3openssl/DES_ede3_cfb64_encrypt.3openssl target=des.3openssl -link path=usr/share/man/man3openssl/DES_ede3_ofb64_encrypt.3openssl target=des.3openssl -link path=usr/share/man/man3openssl/DES_enc_read.3openssl target=des.3openssl -link path=usr/share/man/man3openssl/DES_enc_write.3openssl target=des.3openssl -link path=usr/share/man/man3openssl/DES_fcrypt.3openssl target=des.3openssl -link path=usr/share/man/man3openssl/DES_is_weak_key.3openssl target=des.3openssl -link path=usr/share/man/man3openssl/DES_key_sched.3openssl target=des.3openssl -link path=usr/share/man/man3openssl/DES_ncbc_encrypt.3openssl target=des.3openssl -link path=usr/share/man/man3openssl/DES_ofb64_encrypt.3openssl target=des.3openssl -link path=usr/share/man/man3openssl/DES_ofb_encrypt.3openssl target=des.3openssl -link path=usr/share/man/man3openssl/DES_pcbc_encrypt.3openssl target=des.3openssl -link path=usr/share/man/man3openssl/DES_quad_cksum.3openssl target=des.3openssl -link path=usr/share/man/man3openssl/DES_random_key.3openssl target=des.3openssl -link path=usr/share/man/man3openssl/DES_set_key.3openssl target=des.3openssl -link path=usr/share/man/man3openssl/DES_set_key_checked.3openssl target=des.3openssl -link path=usr/share/man/man3openssl/DES_set_key_unchecked.3openssl target=des.3openssl -link path=usr/share/man/man3openssl/DES_set_odd_parity.3openssl target=des.3openssl -link path=usr/share/man/man3openssl/DES_string_to_2keys.3openssl target=des.3openssl -link path=usr/share/man/man3openssl/DES_string_to_key.3openssl target=des.3openssl -link path=usr/share/man/man3openssl/DES_xcbc_encrypt.3openssl target=des.3openssl -link path=usr/share/man/man3openssl/DH_OpenSSL.3openssl target=DH_set_method.3openssl -link path=usr/share/man/man3openssl/DH_check.3openssl target=DH_generate_parameters.3openssl -link path=usr/share/man/man3openssl/DH_compute_key.3openssl target=DH_generate_key.3openssl -link path=usr/share/man/man3openssl/DH_free.3openssl target=DH_new.3openssl -link path=usr/share/man/man3openssl/DH_get_default_method.3openssl target=DH_set_method.3openssl -link path=usr/share/man/man3openssl/DH_get_ex_data.3openssl target=DH_get_ex_new_index.3openssl -link path=usr/share/man/man3openssl/DH_new_method.3openssl target=DH_set_method.3openssl -link path=usr/share/man/man3openssl/DH_set_default_method.3openssl target=DH_set_method.3openssl -link path=usr/share/man/man3openssl/DH_set_ex_data.3openssl target=DH_get_ex_new_index.3openssl -link path=usr/share/man/man3openssl/DHparams_print.3openssl target=RSA_print.3openssl -link path=usr/share/man/man3openssl/DHparams_print_fp.3openssl target=RSA_print.3openssl -link path=usr/share/man/man3openssl/DSA_OpenSSL.3openssl target=DSA_set_method.3openssl -link path=usr/share/man/man3openssl/DSA_SIG_free.3openssl target=DSA_SIG_new.3openssl -link path=usr/share/man/man3openssl/DSA_do_verify.3openssl target=DSA_do_sign.3openssl -link path=usr/share/man/man3openssl/DSA_free.3openssl target=DSA_new.3openssl -link path=usr/share/man/man3openssl/DSA_get_default_method.3openssl target=DSA_set_method.3openssl -link path=usr/share/man/man3openssl/DSA_get_ex_data.3openssl target=DSA_get_ex_new_index.3openssl -link path=usr/share/man/man3openssl/DSA_new_method.3openssl target=DSA_set_method.3openssl -link path=usr/share/man/man3openssl/DSA_print.3openssl target=RSA_print.3openssl -link path=usr/share/man/man3openssl/DSA_print_fp.3openssl target=RSA_print.3openssl -link path=usr/share/man/man3openssl/DSA_set_default_method.3openssl target=DSA_set_method.3openssl -link path=usr/share/man/man3openssl/DSA_set_ex_data.3openssl target=DSA_get_ex_new_index.3openssl -link path=usr/share/man/man3openssl/DSA_sign_setup.3openssl target=DSA_sign.3openssl -link path=usr/share/man/man3openssl/DSA_verify.3openssl target=DSA_sign.3openssl -link path=usr/share/man/man3openssl/DSAparams_print.3openssl target=RSA_print.3openssl -link path=usr/share/man/man3openssl/DSAparams_print_fp.3openssl target=RSA_print.3openssl -link path=usr/share/man/man3openssl/ERR_GET_FUNC.3openssl target=ERR_GET_LIB.3openssl -link path=usr/share/man/man3openssl/ERR_GET_REASON.3openssl target=ERR_GET_LIB.3openssl -link path=usr/share/man/man3openssl/ERR_PACK.3openssl target=ERR_load_strings.3openssl -link path=usr/share/man/man3openssl/ERR_add_error_data.3openssl target=ERR_put_error.3openssl -link path=usr/share/man/man3openssl/ERR_error_string_n.3openssl target=ERR_error_string.3openssl -link path=usr/share/man/man3openssl/ERR_free_strings.3openssl target=ERR_load_crypto_strings.3openssl -link path=usr/share/man/man3openssl/ERR_func_error_string.3openssl target=ERR_error_string.3openssl -link path=usr/share/man/man3openssl/ERR_get_error_line.3openssl target=ERR_get_error.3openssl -link path=usr/share/man/man3openssl/ERR_get_error_line_data.3openssl target=ERR_get_error.3openssl -link path=usr/share/man/man3openssl/ERR_get_next_error_library.3openssl target=ERR_load_strings.3openssl -link path=usr/share/man/man3openssl/ERR_lib_error_string.3openssl target=ERR_error_string.3openssl -link path=usr/share/man/man3openssl/ERR_load_UI_strings.3openssl target=ui.3openssl -link path=usr/share/man/man3openssl/ERR_peek_error.3openssl target=ERR_get_error.3openssl -link path=usr/share/man/man3openssl/ERR_peek_error_line.3openssl target=ERR_get_error.3openssl -link path=usr/share/man/man3openssl/ERR_peek_error_line_data.3openssl target=ERR_get_error.3openssl -link path=usr/share/man/man3openssl/ERR_peek_last_error.3openssl target=ERR_get_error.3openssl -link path=usr/share/man/man3openssl/ERR_peek_last_error_line.3openssl target=ERR_get_error.3openssl -link path=usr/share/man/man3openssl/ERR_peek_last_error_line_data.3openssl target=ERR_get_error.3openssl -link path=usr/share/man/man3openssl/ERR_pop_to_mark.3openssl target=ERR_set_mark.3openssl -link path=usr/share/man/man3openssl/ERR_print_errors_fp.3openssl target=ERR_print_errors.3openssl -link path=usr/share/man/man3openssl/ERR_reason_error_string.3openssl target=ERR_error_string.3openssl -link path=usr/share/man/man3openssl/EVP_CIPHER_CTX_block_size.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_CIPHER_CTX_cipher.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_CIPHER_CTX_cleanup.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_CIPHER_CTX_ctrl.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_CIPHER_CTX_flags.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_CIPHER_CTX_get_app_data.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_CIPHER_CTX_init.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_CIPHER_CTX_iv_length.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_CIPHER_CTX_key_length.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_CIPHER_CTX_mode.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_CIPHER_CTX_nid.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_CIPHER_CTX_set_app_data.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_CIPHER_CTX_set_key_length.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_CIPHER_CTX_set_padding.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_CIPHER_CTX_type.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_CIPHER_asn1_to_param.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_CIPHER_block_size.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_CIPHER_flags.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_CIPHER_iv_length.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_CIPHER_key_length.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_CIPHER_mode.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_CIPHER_nid.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_CIPHER_param_to_asn1.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_CIPHER_type.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_CipherFinal.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_CipherFinal_ex.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_CipherInit.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_CipherInit_ex.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_CipherUpdate.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_DecryptFinal.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_DecryptFinal_ex.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_DecryptInit.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_DecryptInit_ex.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_DecryptUpdate.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_DigestFinal_ex.3openssl target=EVP_DigestInit.3openssl -link path=usr/share/man/man3openssl/EVP_DigestInit_ex.3openssl target=EVP_DigestInit.3openssl -link path=usr/share/man/man3openssl/EVP_DigestUpdate.3openssl target=EVP_DigestInit.3openssl -link path=usr/share/man/man3openssl/EVP_EncryptFinal.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_EncryptFinal_ex.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_EncryptInit_ex.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_EncryptUpdate.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_MAX_MD_SIZE.3openssl target=EVP_DigestInit.3openssl -link path=usr/share/man/man3openssl/EVP_MD_CTX_block_size.3openssl target=EVP_DigestInit.3openssl -link path=usr/share/man/man3openssl/EVP_MD_CTX_cleanup.3openssl target=EVP_DigestInit.3openssl -link path=usr/share/man/man3openssl/EVP_MD_CTX_copy.3openssl target=EVP_DigestInit.3openssl -link path=usr/share/man/man3openssl/EVP_MD_CTX_copy_ex.3openssl target=EVP_DigestInit.3openssl -link path=usr/share/man/man3openssl/EVP_MD_CTX_create.3openssl target=EVP_DigestInit.3openssl -link path=usr/share/man/man3openssl/EVP_MD_CTX_destroy.3openssl target=EVP_DigestInit.3openssl -link path=usr/share/man/man3openssl/EVP_MD_CTX_init.3openssl target=EVP_DigestInit.3openssl -link path=usr/share/man/man3openssl/EVP_MD_CTX_md.3openssl target=EVP_DigestInit.3openssl -link path=usr/share/man/man3openssl/EVP_MD_CTX_size.3openssl target=EVP_DigestInit.3openssl -link path=usr/share/man/man3openssl/EVP_MD_CTX_type.3openssl target=EVP_DigestInit.3openssl -link path=usr/share/man/man3openssl/EVP_MD_block_size.3openssl target=EVP_DigestInit.3openssl -link path=usr/share/man/man3openssl/EVP_MD_pkey_type.3openssl target=EVP_DigestInit.3openssl -link path=usr/share/man/man3openssl/EVP_MD_size.3openssl target=EVP_DigestInit.3openssl -link path=usr/share/man/man3openssl/EVP_MD_type.3openssl target=EVP_DigestInit.3openssl -link path=usr/share/man/man3openssl/EVP_OpenFinal.3openssl target=EVP_OpenInit.3openssl -link path=usr/share/man/man3openssl/EVP_OpenUpdate.3openssl target=EVP_OpenInit.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_assign_DH.3openssl target=EVP_PKEY_set1_RSA.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_assign_DSA.3openssl target=EVP_PKEY_set1_RSA.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_assign_EC_KEY.3openssl target=EVP_PKEY_set1_RSA.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_assign_RSA.3openssl target=EVP_PKEY_set1_RSA.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_free.3openssl target=EVP_PKEY_new.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_get1_DH.3openssl target=EVP_PKEY_set1_RSA.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_get1_DSA.3openssl target=EVP_PKEY_set1_RSA.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_get1_EC_KEY.3openssl target=EVP_PKEY_set1_RSA.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_get1_RSA.3openssl target=EVP_PKEY_set1_RSA.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_set1_DH.3openssl target=EVP_PKEY_set1_RSA.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_set1_DSA.3openssl target=EVP_PKEY_set1_RSA.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_set1_EC_KEY.3openssl target=EVP_PKEY_set1_RSA.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_type.3openssl target=EVP_PKEY_set1_RSA.3openssl -link path=usr/share/man/man3openssl/EVP_SealFinal.3openssl target=EVP_SealInit.3openssl -link path=usr/share/man/man3openssl/EVP_SealUpdate.3openssl target=EVP_SealInit.3openssl -link path=usr/share/man/man3openssl/EVP_SignFinal.3openssl target=EVP_SignInit.3openssl -link path=usr/share/man/man3openssl/EVP_SignUpdate.3openssl target=EVP_SignInit.3openssl -link path=usr/share/man/man3openssl/EVP_VerifyFinal.3openssl target=EVP_VerifyInit.3openssl -link path=usr/share/man/man3openssl/EVP_VerifyUpdate.3openssl target=EVP_VerifyInit.3openssl -link path=usr/share/man/man3openssl/EVP_dss.3openssl target=EVP_DigestInit.3openssl -link path=usr/share/man/man3openssl/EVP_dss1.3openssl target=EVP_DigestInit.3openssl -link path=usr/share/man/man3openssl/EVP_get_cipherbyname.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_get_cipherbynid.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_get_cipherbyobj.3openssl target=EVP_EncryptInit.3openssl -link path=usr/share/man/man3openssl/EVP_get_digestbyname.3openssl target=EVP_DigestInit.3openssl -link path=usr/share/man/man3openssl/EVP_get_digestbynid.3openssl target=EVP_DigestInit.3openssl -link path=usr/share/man/man3openssl/EVP_get_digestbyobj.3openssl target=EVP_DigestInit.3openssl -link path=usr/share/man/man3openssl/EVP_md2.3openssl target=EVP_DigestInit.3openssl -link path=usr/share/man/man3openssl/EVP_md5.3openssl target=EVP_DigestInit.3openssl -link path=usr/share/man/man3openssl/EVP_md_null.3openssl target=EVP_DigestInit.3openssl -link path=usr/share/man/man3openssl/EVP_mdc2.3openssl target=EVP_DigestInit.3openssl -link path=usr/share/man/man3openssl/EVP_ripemd160.3openssl target=EVP_DigestInit.3openssl -link path=usr/share/man/man3openssl/EVP_sha.3openssl target=EVP_DigestInit.3openssl -link path=usr/share/man/man3openssl/EVP_sha1.3openssl target=EVP_DigestInit.3openssl -link path=usr/share/man/man3openssl/HMAC.3openssl target=hmac.3openssl -link path=usr/share/man/man3openssl/HMAC_CTX_cleanup.3openssl target=hmac.3openssl -link path=usr/share/man/man3openssl/HMAC_CTX_init.3openssl target=hmac.3openssl -link path=usr/share/man/man3openssl/HMAC_Final.3openssl target=hmac.3openssl -link path=usr/share/man/man3openssl/HMAC_Init.3openssl target=hmac.3openssl -link path=usr/share/man/man3openssl/HMAC_Init_ex.3openssl target=hmac.3openssl -link path=usr/share/man/man3openssl/HMAC_Update.3openssl target=hmac.3openssl -link path=usr/share/man/man3openssl/HMAC_cleanup.3openssl target=hmac.3openssl -link path=usr/share/man/man3openssl/MD2.3openssl target=md5.3openssl -link path=usr/share/man/man3openssl/MD2_Final.3openssl target=md5.3openssl -link path=usr/share/man/man3openssl/MD2_Init.3openssl target=md5.3openssl -link path=usr/share/man/man3openssl/MD2_Update.3openssl target=md5.3openssl -link path=usr/share/man/man3openssl/MD4.3openssl target=md5.3openssl -link path=usr/share/man/man3openssl/MD4_Final.3openssl target=md5.3openssl -link path=usr/share/man/man3openssl/MD4_Init.3openssl target=md5.3openssl -link path=usr/share/man/man3openssl/MD4_Update.3openssl target=md5.3openssl -link path=usr/share/man/man3openssl/MD5.3openssl target=md5.3openssl -link path=usr/share/man/man3openssl/MD5_Final.3openssl target=md5.3openssl -link path=usr/share/man/man3openssl/MD5_Init.3openssl target=md5.3openssl -link path=usr/share/man/man3openssl/MD5_Update.3openssl target=md5.3openssl -link path=usr/share/man/man3openssl/MDC2.3openssl target=mdc2.3openssl -link path=usr/share/man/man3openssl/MDC2_Final.3openssl target=mdc2.3openssl -link path=usr/share/man/man3openssl/MDC2_Init.3openssl target=mdc2.3openssl -link path=usr/share/man/man3openssl/MDC2_Update.3openssl target=mdc2.3openssl -link path=usr/share/man/man3openssl/OBJ_cleanup.3openssl target=OBJ_nid2obj.3openssl -link path=usr/share/man/man3openssl/OBJ_cmp.3openssl target=OBJ_nid2obj.3openssl -link path=usr/share/man/man3openssl/OBJ_create.3openssl target=OBJ_nid2obj.3openssl -link path=usr/share/man/man3openssl/OBJ_dup.3openssl target=OBJ_nid2obj.3openssl -link path=usr/share/man/man3openssl/OBJ_ln2nid.3openssl target=OBJ_nid2obj.3openssl -link path=usr/share/man/man3openssl/OBJ_nid2ln.3openssl target=OBJ_nid2obj.3openssl -link path=usr/share/man/man3openssl/OBJ_nid2sn.3openssl target=OBJ_nid2obj.3openssl -link path=usr/share/man/man3openssl/OBJ_obj2nid.3openssl target=OBJ_nid2obj.3openssl -link path=usr/share/man/man3openssl/OBJ_obj2txt.3openssl target=OBJ_nid2obj.3openssl -link path=usr/share/man/man3openssl/OBJ_sn2nid.3openssl target=OBJ_nid2obj.3openssl -link path=usr/share/man/man3openssl/OBJ_txt2nid.3openssl target=OBJ_nid2obj.3openssl -link path=usr/share/man/man3openssl/OBJ_txt2obj.3openssl target=OBJ_nid2obj.3openssl -link path=usr/share/man/man3openssl/OPENSSL_no_config.3openssl target=OPENSSL_config.3openssl -link path=usr/share/man/man3openssl/OpenSSL_add_all_ciphers.3openssl target=OpenSSL_add_all_algorithms.3openssl -link path=usr/share/man/man3openssl/OpenSSL_add_all_digests.3openssl target=OpenSSL_add_all_algorithms.3openssl -link path=usr/share/man/man3openssl/OpenSSL_add_ssl_algorithms.3openssl target=SSL_library_init.3openssl -link path=usr/share/man/man3openssl/PEM.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_read_DHparams.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_read_DSAPrivateKey.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_read_DSA_PUBKEY.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_read_DSAparams.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_read_NETSCAPE_CERT_SEQUENCE.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_read_PKCS7.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_read_PUBKEY.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_read_PrivateKey.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_read_RSAPrivateKey.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_read_RSAPublicKey.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_read_RSA_PUBKEY.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_read_X509.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_read_X509_AUX.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_read_X509_CRL.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_read_X509_REQ.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_read_bio_DHparams.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_read_bio_DSAPrivateKey.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_read_bio_DSA_PUBKEY.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_read_bio_DSAparams.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_read_bio_NETSCAPE_CERT_SEQUENCE.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_read_bio_PKCS7.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_read_bio_PUBKEY.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_read_bio_PrivateKey.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_read_bio_RSAPrivateKey.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_read_bio_RSAPublicKey.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_read_bio_RSA_PUBKEY.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_read_bio_X509.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_read_bio_X509_AUX.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_read_bio_X509_CRL.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_read_bio_X509_REQ.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_DHparams.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_DSAPrivateKey.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_DSA_PUBKEY.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_DSAparams.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_NETSCAPE_CERT_SEQUENCE.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_PKCS7.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_PKCS8PrivateKey.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_PKCS8PrivateKey_nid.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_PUBKEY.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_PrivateKey.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_RSAPrivateKey.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_RSAPublicKey.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_RSA_PUBKEY.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_X509.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_X509_AUX.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_X509_CRL.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_X509_REQ.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_X509_REQ_NEW.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_bio_DHparams.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_bio_DSAPrivateKey.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_bio_DSA_PUBKEY.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_bio_DSAparams.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_bio_NETSCAPE_CERT_SEQUENCE.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_bio_PKCS7.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_bio_PKCS8PrivateKey.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_bio_PKCS8PrivateKey_nid.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_bio_PUBKEY.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_bio_PrivateKey.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_bio_RSAPrivateKey.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_bio_RSAPublicKey.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_bio_RSA_PUBKEY.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_bio_X509.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_bio_X509_AUX.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_bio_X509_CRL.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_bio_X509_REQ.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/PEM_write_bio_X509_REQ_NEW.3openssl target=pem.3openssl -link path=usr/share/man/man3openssl/RAND_SSLeay.3openssl target=RAND_set_rand_method.3openssl -link path=usr/share/man/man3openssl/RAND_event.3openssl target=RAND_add.3openssl -link path=usr/share/man/man3openssl/RAND_file_name.3openssl target=RAND_load_file.3openssl -link path=usr/share/man/man3openssl/RAND_get_rand_method.3openssl target=RAND_set_rand_method.3openssl -link path=usr/share/man/man3openssl/RAND_pseudo_bytes.3openssl target=RAND_bytes.3openssl -link path=usr/share/man/man3openssl/RAND_screen.3openssl target=RAND_add.3openssl -link path=usr/share/man/man3openssl/RAND_seed.3openssl target=RAND_add.3openssl -link path=usr/share/man/man3openssl/RAND_status.3openssl target=RAND_add.3openssl -link path=usr/share/man/man3openssl/RAND_write_file.3openssl target=RAND_load_file.3openssl -link path=usr/share/man/man3openssl/RC4.3openssl target=rc4.3openssl -link path=usr/share/man/man3openssl/RC4_set_key.3openssl target=rc4.3openssl -link path=usr/share/man/man3openssl/RIPEMD160.3openssl target=ripemd.3openssl -link path=usr/share/man/man3openssl/RIPEMD160_Final.3openssl target=ripemd.3openssl -link path=usr/share/man/man3openssl/RIPEMD160_Init.3openssl target=ripemd.3openssl -link path=usr/share/man/man3openssl/RIPEMD160_Update.3openssl target=ripemd.3openssl -link path=usr/share/man/man3openssl/RSA_PKCS1_SSLeay.3openssl target=RSA_set_method.3openssl -link path=usr/share/man/man3openssl/RSA_blinding_off.3openssl target=RSA_blinding_on.3openssl -link path=usr/share/man/man3openssl/RSA_flags.3openssl target=RSA_set_method.3openssl -link path=usr/share/man/man3openssl/RSA_free.3openssl target=RSA_new.3openssl -link path=usr/share/man/man3openssl/RSA_get_default_method.3openssl target=RSA_set_method.3openssl -link path=usr/share/man/man3openssl/RSA_get_ex_data.3openssl target=RSA_get_ex_new_index.3openssl -link path=usr/share/man/man3openssl/RSA_get_method.3openssl target=RSA_set_method.3openssl -link path=usr/share/man/man3openssl/RSA_new_method.3openssl target=RSA_set_method.3openssl -link path=usr/share/man/man3openssl/RSA_null_method.3openssl target=RSA_set_method.3openssl -link path=usr/share/man/man3openssl/RSA_padding_add_PKCS1_OAEP.3openssl target=RSA_padding_add_PKCS1_type_1.3openssl -link path=usr/share/man/man3openssl/RSA_padding_add_PKCS1_type_2.3openssl target=RSA_padding_add_PKCS1_type_1.3openssl -link path=usr/share/man/man3openssl/RSA_padding_add_SSLv23.3openssl target=RSA_padding_add_PKCS1_type_1.3openssl -link path=usr/share/man/man3openssl/RSA_padding_add_none.3openssl target=RSA_padding_add_PKCS1_type_1.3openssl -link path=usr/share/man/man3openssl/RSA_padding_check_PKCS1_OAEP.3openssl target=RSA_padding_add_PKCS1_type_1.3openssl -link path=usr/share/man/man3openssl/RSA_padding_check_PKCS1_type_1.3openssl target=RSA_padding_add_PKCS1_type_1.3openssl -link path=usr/share/man/man3openssl/RSA_padding_check_PKCS1_type_2.3openssl target=RSA_padding_add_PKCS1_type_1.3openssl -link path=usr/share/man/man3openssl/RSA_padding_check_SSLv23.3openssl target=RSA_padding_add_PKCS1_type_1.3openssl -link path=usr/share/man/man3openssl/RSA_padding_check_none.3openssl target=RSA_padding_add_PKCS1_type_1.3openssl -link path=usr/share/man/man3openssl/RSA_print_fp.3openssl target=RSA_print.3openssl -link path=usr/share/man/man3openssl/RSA_private_decrypt.3openssl target=RSA_public_encrypt.3openssl -link path=usr/share/man/man3openssl/RSA_public_decrypt.3openssl target=RSA_private_encrypt.3openssl -link path=usr/share/man/man3openssl/RSA_set_default_method.3openssl target=RSA_set_method.3openssl -link path=usr/share/man/man3openssl/RSA_set_ex_data.3openssl target=RSA_get_ex_new_index.3openssl -link path=usr/share/man/man3openssl/RSA_verify.3openssl target=RSA_sign.3openssl -link path=usr/share/man/man3openssl/RSA_verify_ASN1_OCTET_STRING.3openssl target=RSA_sign_ASN1_OCTET_STRING.3openssl -link path=usr/share/man/man3openssl/SHA1.3openssl target=sha.3openssl -link path=usr/share/man/man3openssl/SHA1_Final.3openssl target=sha.3openssl -link path=usr/share/man/man3openssl/SHA1_Init.3openssl target=sha.3openssl -link path=usr/share/man/man3openssl/SHA1_Update.3openssl target=sha.3openssl -link path=usr/share/man/man3openssl/SSL.3openssl target=ssl.3openssl -link path=usr/share/man/man3openssl/SSL_CIPHER_description.3openssl target=SSL_CIPHER_get_name.3openssl -link path=usr/share/man/man3openssl/SSL_CIPHER_get_bits.3openssl target=SSL_CIPHER_get_name.3openssl -link path=usr/share/man/man3openssl/SSL_CIPHER_get_version.3openssl target=SSL_CIPHER_get_name.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_add_client_CA.3openssl target=SSL_CTX_set_client_CA_list.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_callback_ctrl.3openssl target=SSL_CTX_ctrl.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_check_private_key.3openssl target=SSL_CTX_use_certificate.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_clear_options.3openssl target=SSL_CTX_set_options.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_get_cert_store.3openssl target=SSL_CTX_set_cert_store.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_get_client_CA_list.3openssl target=SSL_get_client_CA_list.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_get_client_cert_cb.3openssl target=SSL_CTX_set_client_cert_cb.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_get_ex_data.3openssl target=SSL_CTX_get_ex_new_index.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_get_info_callback.3openssl target=SSL_CTX_set_info_callback.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_get_max_cert_list.3openssl target=SSL_CTX_set_max_cert_list.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_get_mode.3openssl target=SSL_CTX_set_mode.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_get_options.3openssl target=SSL_CTX_set_options.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_get_quiet_shutdown.3openssl target=SSL_CTX_set_quiet_shutdown.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_get_session_cache_mode.3openssl target=SSL_CTX_set_session_cache_mode.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_get_timeout.3openssl target=SSL_CTX_set_timeout.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_get_verify_callback.3openssl target=SSL_CTX_get_verify_mode.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_get_verify_depth.3openssl target=SSL_CTX_get_verify_mode.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_need_tmp_rsa.3openssl target=SSL_CTX_set_tmp_rsa_callback.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_remove_session.3openssl target=SSL_CTX_add_session.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_sess_accept.3openssl target=SSL_CTX_sess_number.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_sess_accept_good.3openssl target=SSL_CTX_sess_number.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_sess_accept_renegotiate.3openssl target=SSL_CTX_sess_number.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_sess_cache_full.3openssl target=SSL_CTX_sess_number.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_sess_cb_hits.3openssl target=SSL_CTX_sess_number.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_sess_connect.3openssl target=SSL_CTX_sess_number.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_sess_connect_good.3openssl target=SSL_CTX_sess_number.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_sess_connect_renegotiate.3openssl target=SSL_CTX_sess_number.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_sess_get_cache_size.3openssl target=SSL_CTX_sess_set_cache_size.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_sess_get_get_cb.3openssl target=SSL_CTX_sess_set_get_cb.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_sess_get_new_cb.3openssl target=SSL_CTX_sess_set_get_cb.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_sess_get_remove_cb.3openssl target=SSL_CTX_sess_set_get_cb.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_sess_hits.3openssl target=SSL_CTX_sess_number.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_sess_misses.3openssl target=SSL_CTX_sess_number.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_sess_set_new_cb.3openssl target=SSL_CTX_sess_set_get_cb.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_sess_set_remove_cb.3openssl target=SSL_CTX_sess_set_get_cb.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_sess_timeouts.3openssl target=SSL_CTX_sess_number.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_set_default_passwd_cb_userdata.3openssl target=SSL_CTX_set_default_passwd_cb.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_set_ex_data.3openssl target=SSL_CTX_get_ex_new_index.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_set_msg_callback_arg.3openssl target=SSL_CTX_set_msg_callback.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_set_tmp_dh.3openssl target=SSL_CTX_set_tmp_dh_callback.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_set_tmp_rsa.3openssl target=SSL_CTX_set_tmp_rsa_callback.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_set_verify_depth.3openssl target=SSL_CTX_set_verify.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_use_PrivateKey.3openssl target=SSL_CTX_use_certificate.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_use_PrivateKey_ASN1.3openssl target=SSL_CTX_use_certificate.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_use_PrivateKey_file.3openssl target=SSL_CTX_use_certificate.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_use_RSAPrivateKey.3openssl target=SSL_CTX_use_certificate.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_use_RSAPrivateKey_ASN1.3openssl target=SSL_CTX_use_certificate.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_use_RSAPrivateKey_file.3openssl target=SSL_CTX_use_certificate.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_use_certificate_ASN1.3openssl target=SSL_CTX_use_certificate.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_use_certificate_chain_file.3openssl target=SSL_CTX_use_certificate.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_use_certificate_file.3openssl target=SSL_CTX_use_certificate.3openssl -link path=usr/share/man/man3openssl/SSL_SESSION_get_ex_data.3openssl target=SSL_SESSION_get_ex_new_index.3openssl -link path=usr/share/man/man3openssl/SSL_SESSION_get_timeout.3openssl target=SSL_SESSION_get_time.3openssl -link path=usr/share/man/man3openssl/SSL_SESSION_set_ex_data.3openssl target=SSL_SESSION_get_ex_new_index.3openssl -link path=usr/share/man/man3openssl/SSL_SESSION_set_time.3openssl target=SSL_SESSION_get_time.3openssl -link path=usr/share/man/man3openssl/SSL_SESSION_set_timeout.3openssl target=SSL_SESSION_get_time.3openssl -link path=usr/share/man/man3openssl/SSL_add_client_CA.3openssl target=SSL_CTX_set_client_CA_list.3openssl -link path=usr/share/man/man3openssl/SSL_add_session.3openssl target=SSL_CTX_add_session.3openssl -link path=usr/share/man/man3openssl/SSL_alert_desc_string.3openssl target=SSL_alert_type_string.3openssl -link path=usr/share/man/man3openssl/SSL_alert_desc_string_long.3openssl target=SSL_alert_type_string.3openssl -link path=usr/share/man/man3openssl/SSL_alert_type_string_long.3openssl target=SSL_alert_type_string.3openssl -link path=usr/share/man/man3openssl/SSL_callback_ctrl.3openssl target=SSL_CTX_ctrl.3openssl -link path=usr/share/man/man3openssl/SSL_check_private_key.3openssl target=SSL_CTX_use_certificate.3openssl -link path=usr/share/man/man3openssl/SSL_clear_options.3openssl target=SSL_CTX_set_options.3openssl -link path=usr/share/man/man3openssl/SSL_ctrl.3openssl target=SSL_CTX_ctrl.3openssl -link path=usr/share/man/man3openssl/SSL_flush_sessions.3openssl target=SSL_CTX_flush_sessions.3openssl -link path=usr/share/man/man3openssl/SSL_get_accept_state.3openssl target=SSL_set_connect_state.3openssl -link path=usr/share/man/man3openssl/SSL_get_cipher.3openssl target=SSL_get_current_cipher.3openssl -link path=usr/share/man/man3openssl/SSL_get_cipher_bits.3openssl target=SSL_get_current_cipher.3openssl -link path=usr/share/man/man3openssl/SSL_get_cipher_list.3openssl target=SSL_get_ciphers.3openssl -link path=usr/share/man/man3openssl/SSL_get_cipher_name.3openssl target=SSL_get_current_cipher.3openssl -link path=usr/share/man/man3openssl/SSL_get_cipher_version.3openssl target=SSL_get_current_cipher.3openssl -link path=usr/share/man/man3openssl/SSL_get_ex_data.3openssl target=SSL_get_ex_new_index.3openssl -link path=usr/share/man/man3openssl/SSL_get_info_callback.3openssl target=SSL_CTX_set_info_callback.3openssl -link path=usr/share/man/man3openssl/SSL_get_max_cert_list.3openssl target=SSL_CTX_set_max_cert_list.3openssl -link path=usr/share/man/man3openssl/SSL_get_mode.3openssl target=SSL_CTX_set_mode.3openssl -link path=usr/share/man/man3openssl/SSL_get_msg_callback_arg.3openssl target=SSL_CTX_set_msg_callback.3openssl -link path=usr/share/man/man3openssl/SSL_get_options.3openssl target=SSL_CTX_set_options.3openssl -link path=usr/share/man/man3openssl/SSL_get_quiet_shutdown.3openssl target=SSL_CTX_set_quiet_shutdown.3openssl -link path=usr/share/man/man3openssl/SSL_get_secure_renegotiation_support.3openssl target=SSL_CTX_set_options.3openssl -link path=usr/share/man/man3openssl/SSL_get_shutdown.3openssl target=SSL_set_shutdown.3openssl -link path=usr/share/man/man3openssl/SSL_get_ssl_method.3openssl target=SSL_CTX_set_ssl_version.3openssl -link path=usr/share/man/man3openssl/SSL_get_verify_callback.3openssl target=SSL_CTX_get_verify_mode.3openssl -link path=usr/share/man/man3openssl/SSL_get_verify_depth.3openssl target=SSL_CTX_get_verify_mode.3openssl -link path=usr/share/man/man3openssl/SSL_get_verify_mode.3openssl target=SSL_CTX_get_verify_mode.3openssl -link path=usr/share/man/man3openssl/SSL_has_matching_session_id.3openssl target=SSL_CTX_set_generate_session_id.3openssl -link path=usr/share/man/man3openssl/SSL_load_error_strings.3openssl target=ERR_load_crypto_strings.3openssl -link path=usr/share/man/man3openssl/SSL_need_tmp_rsa.3openssl target=SSL_CTX_set_tmp_rsa_callback.3openssl -link path=usr/share/man/man3openssl/SSL_remove_session.3openssl target=SSL_CTX_add_session.3openssl -link path=usr/share/man/man3openssl/SSL_rstate_string_long.3openssl target=SSL_rstate_string.3openssl -link path=usr/share/man/man3openssl/SSL_set_cipher_list.3openssl target=SSL_CTX_set_cipher_list.3openssl -link path=usr/share/man/man3openssl/SSL_set_client_CA_list.3openssl target=SSL_CTX_set_client_CA_list.3openssl -link path=usr/share/man/man3openssl/SSL_set_ex_data.3openssl target=SSL_get_ex_new_index.3openssl -link path=usr/share/man/man3openssl/SSL_set_generate_session_id.3openssl target=SSL_CTX_set_generate_session_id.3openssl -link path=usr/share/man/man3openssl/SSL_set_info_callback.3openssl target=SSL_CTX_set_info_callback.3openssl -link path=usr/share/man/man3openssl/SSL_set_max_cert_list.3openssl target=SSL_CTX_set_max_cert_list.3openssl -link path=usr/share/man/man3openssl/SSL_set_mode.3openssl target=SSL_CTX_set_mode.3openssl -link path=usr/share/man/man3openssl/SSL_set_msg_callback.3openssl target=SSL_CTX_set_msg_callback.3openssl -link path=usr/share/man/man3openssl/SSL_set_options.3openssl target=SSL_CTX_set_options.3openssl -link path=usr/share/man/man3openssl/SSL_set_quiet_shutdown.3openssl target=SSL_CTX_set_quiet_shutdown.3openssl -link path=usr/share/man/man3openssl/SSL_set_session_id_context.3openssl target=SSL_CTX_set_session_id_context.3openssl -link path=usr/share/man/man3openssl/SSL_set_ssl_method.3openssl target=SSL_CTX_set_ssl_version.3openssl -link path=usr/share/man/man3openssl/SSL_set_tmp_dh.3openssl target=SSL_CTX_set_tmp_dh_callback.3openssl -link path=usr/share/man/man3openssl/SSL_set_tmp_dh_callback.3openssl target=SSL_CTX_set_tmp_dh_callback.3openssl -link path=usr/share/man/man3openssl/SSL_set_tmp_rsa.3openssl target=SSL_CTX_set_tmp_rsa_callback.3openssl -link path=usr/share/man/man3openssl/SSL_set_tmp_rsa_callback.3openssl target=SSL_CTX_set_tmp_rsa_callback.3openssl -link path=usr/share/man/man3openssl/SSL_set_verify.3openssl target=SSL_CTX_set_verify.3openssl -link path=usr/share/man/man3openssl/SSL_set_verify_depth.3openssl target=SSL_CTX_set_verify.3openssl -link path=usr/share/man/man3openssl/SSL_state_string_long.3openssl target=SSL_state_string.3openssl -link path=usr/share/man/man3openssl/SSL_use_PrivateKey.3openssl target=SSL_CTX_use_certificate.3openssl -link path=usr/share/man/man3openssl/SSL_use_PrivateKey_ASN1.3openssl target=SSL_CTX_use_certificate.3openssl -link path=usr/share/man/man3openssl/SSL_use_PrivateKey_file.3openssl target=SSL_CTX_use_certificate.3openssl -link path=usr/share/man/man3openssl/SSL_use_RSAPrivateKey.3openssl target=SSL_CTX_use_certificate.3openssl -link path=usr/share/man/man3openssl/SSL_use_RSAPrivateKey_ASN1.3openssl target=SSL_CTX_use_certificate.3openssl -link path=usr/share/man/man3openssl/SSL_use_RSAPrivateKey_file.3openssl target=SSL_CTX_use_certificate.3openssl -link path=usr/share/man/man3openssl/SSL_use_certificate.3openssl target=SSL_CTX_use_certificate.3openssl -link path=usr/share/man/man3openssl/SSL_use_certificate_ASN1.3openssl target=SSL_CTX_use_certificate.3openssl -link path=usr/share/man/man3openssl/SSL_use_certificate_file.3openssl target=SSL_CTX_use_certificate.3openssl -link path=usr/share/man/man3openssl/SSL_want_nothing.3openssl target=SSL_want.3openssl -link path=usr/share/man/man3openssl/SSL_want_read.3openssl target=SSL_want.3openssl -link path=usr/share/man/man3openssl/SSL_want_write.3openssl target=SSL_want.3openssl -link path=usr/share/man/man3openssl/SSL_want_x509_lookup.3openssl target=SSL_want.3openssl -link path=usr/share/man/man3openssl/SSLeay.3openssl target=OPENSSL_VERSION_NUMBER.3openssl -link path=usr/share/man/man3openssl/SSLeay_add_ssl_algorithms.3openssl target=SSL_library_init.3openssl -link path=usr/share/man/man3openssl/SSLeay_version.3openssl target=OPENSSL_VERSION_NUMBER.3openssl -link path=usr/share/man/man3openssl/UI_OpenSSL.3openssl target=ui.3openssl -link path=usr/share/man/man3openssl/UI_add_error_string.3openssl target=ui.3openssl -link path=usr/share/man/man3openssl/UI_add_info_string.3openssl target=ui.3openssl -link path=usr/share/man/man3openssl/UI_add_input_boolean.3openssl target=ui.3openssl -link path=usr/share/man/man3openssl/UI_add_input_string.3openssl target=ui.3openssl -link path=usr/share/man/man3openssl/UI_add_user_data.3openssl target=ui.3openssl -link path=usr/share/man/man3openssl/UI_add_verify_string.3openssl target=ui.3openssl -link path=usr/share/man/man3openssl/UI_construct_prompt.3openssl target=ui.3openssl -link path=usr/share/man/man3openssl/UI_ctrl.3openssl target=ui.3openssl -link path=usr/share/man/man3openssl/UI_dup_error_string.3openssl target=ui.3openssl -link path=usr/share/man/man3openssl/UI_dup_info_string.3openssl target=ui.3openssl -link path=usr/share/man/man3openssl/UI_dup_input_boolean.3openssl target=ui.3openssl -link path=usr/share/man/man3openssl/UI_dup_input_string.3openssl target=ui.3openssl -link path=usr/share/man/man3openssl/UI_dup_verify_string.3openssl target=ui.3openssl -link path=usr/share/man/man3openssl/UI_free.3openssl target=ui.3openssl -link path=usr/share/man/man3openssl/UI_get0_result.3openssl target=ui.3openssl -link path=usr/share/man/man3openssl/UI_get0_user_data.3openssl target=ui.3openssl -link path=usr/share/man/man3openssl/UI_get_default_method.3openssl target=ui.3openssl -link path=usr/share/man/man3openssl/UI_get_method.3openssl target=ui.3openssl -link path=usr/share/man/man3openssl/UI_new.3openssl target=ui.3openssl -link path=usr/share/man/man3openssl/UI_new_method.3openssl target=ui.3openssl -link path=usr/share/man/man3openssl/UI_process.3openssl target=ui.3openssl -link path=usr/share/man/man3openssl/UI_set_default_method.3openssl target=ui.3openssl -link path=usr/share/man/man3openssl/UI_set_method.3openssl target=ui.3openssl -link path=usr/share/man/man3openssl/X509_NAME_ENTRY_create_by_NID.3openssl target=X509_NAME_ENTRY_get_object.3openssl -link path=usr/share/man/man3openssl/X509_NAME_ENTRY_create_by_OBJ.3openssl target=X509_NAME_ENTRY_get_object.3openssl -link path=usr/share/man/man3openssl/X509_NAME_ENTRY_create_by_txt.3openssl target=X509_NAME_ENTRY_get_object.3openssl -link path=usr/share/man/man3openssl/X509_NAME_ENTRY_get_data.3openssl target=X509_NAME_ENTRY_get_object.3openssl -link path=usr/share/man/man3openssl/X509_NAME_ENTRY_set_data.3openssl target=X509_NAME_ENTRY_get_object.3openssl -link path=usr/share/man/man3openssl/X509_NAME_ENTRY_set_object.3openssl target=X509_NAME_ENTRY_get_object.3openssl -link path=usr/share/man/man3openssl/X509_NAME_add_entry.3openssl target=X509_NAME_add_entry_by_txt.3openssl -link path=usr/share/man/man3openssl/X509_NAME_add_entry_by_NID.3openssl target=X509_NAME_add_entry_by_txt.3openssl -link path=usr/share/man/man3openssl/X509_NAME_add_entry_by_OBJ.3openssl target=X509_NAME_add_entry_by_txt.3openssl -link path=usr/share/man/man3openssl/X509_NAME_delete_entry.3openssl target=X509_NAME_add_entry_by_txt.3openssl -link path=usr/share/man/man3openssl/X509_NAME_entry_count.3openssl target=X509_NAME_get_index_by_NID.3openssl -link path=usr/share/man/man3openssl/X509_NAME_get_entry.3openssl target=X509_NAME_get_index_by_NID.3openssl -link path=usr/share/man/man3openssl/X509_NAME_get_index_by_OBJ.3openssl target=X509_NAME_get_index_by_NID.3openssl -link path=usr/share/man/man3openssl/X509_NAME_get_text_by_NID.3openssl target=X509_NAME_get_index_by_NID.3openssl -link path=usr/share/man/man3openssl/X509_NAME_get_text_by_OBJ.3openssl target=X509_NAME_get_index_by_NID.3openssl -link path=usr/share/man/man3openssl/X509_NAME_oneline.3openssl target=X509_NAME_print_ex.3openssl -link path=usr/share/man/man3openssl/X509_NAME_print.3openssl target=X509_NAME_print_ex.3openssl -link path=usr/share/man/man3openssl/X509_NAME_print_ex_fp.3openssl target=X509_NAME_print_ex.3openssl -link path=usr/share/man/man3openssl/X509_free.3openssl target=X509_new.3openssl -link path=usr/share/man/man3openssl/bn_add_words.3openssl target=bn_internal.3openssl -link path=usr/share/man/man3openssl/bn_check_top.3openssl target=bn_internal.3openssl -link path=usr/share/man/man3openssl/bn_cmp_words.3openssl target=bn_internal.3openssl -link path=usr/share/man/man3openssl/bn_div_words.3openssl target=bn_internal.3openssl -link path=usr/share/man/man3openssl/bn_dump.3openssl target=bn_internal.3openssl -link path=usr/share/man/man3openssl/bn_expand.3openssl target=bn_internal.3openssl -link path=usr/share/man/man3openssl/bn_expand2.3openssl target=bn_internal.3openssl -link path=usr/share/man/man3openssl/bn_fix_top.3openssl target=bn_internal.3openssl -link path=usr/share/man/man3openssl/bn_mul_add_words.3openssl target=bn_internal.3openssl -link path=usr/share/man/man3openssl/bn_mul_comba4.3openssl target=bn_internal.3openssl -link path=usr/share/man/man3openssl/bn_mul_comba8.3openssl target=bn_internal.3openssl -link path=usr/share/man/man3openssl/bn_mul_high.3openssl target=bn_internal.3openssl -link path=usr/share/man/man3openssl/bn_mul_low_normal.3openssl target=bn_internal.3openssl -link path=usr/share/man/man3openssl/bn_mul_low_recursive.3openssl target=bn_internal.3openssl -link path=usr/share/man/man3openssl/bn_mul_normal.3openssl target=bn_internal.3openssl -link path=usr/share/man/man3openssl/bn_mul_part_recursive.3openssl target=bn_internal.3openssl -link path=usr/share/man/man3openssl/bn_mul_recursive.3openssl target=bn_internal.3openssl -link path=usr/share/man/man3openssl/bn_mul_words.3openssl target=bn_internal.3openssl -link path=usr/share/man/man3openssl/bn_print.3openssl target=bn_internal.3openssl -link path=usr/share/man/man3openssl/bn_set_high.3openssl target=bn_internal.3openssl -link path=usr/share/man/man3openssl/bn_set_low.3openssl target=bn_internal.3openssl -link path=usr/share/man/man3openssl/bn_set_max.3openssl target=bn_internal.3openssl -link path=usr/share/man/man3openssl/bn_sqr_comba4.3openssl target=bn_internal.3openssl -link path=usr/share/man/man3openssl/bn_sqr_comba8.3openssl target=bn_internal.3openssl -link path=usr/share/man/man3openssl/bn_sqr_normal.3openssl target=bn_internal.3openssl -link path=usr/share/man/man3openssl/bn_sqr_recursive.3openssl target=bn_internal.3openssl -link path=usr/share/man/man3openssl/bn_sqr_words.3openssl target=bn_internal.3openssl -link path=usr/share/man/man3openssl/bn_sub_words.3openssl target=bn_internal.3openssl -link path=usr/share/man/man3openssl/bn_wexpand.3openssl target=bn_internal.3openssl -link path=usr/share/man/man3openssl/d2i_509_CRL_fp.3openssl target=d2i_X509_CRL.3openssl -link path=usr/share/man/man3openssl/d2i_DSAPrivateKey.3openssl target=d2i_DSAPublicKey.3openssl -link path=usr/share/man/man3openssl/d2i_DSA_PUBKEY.3openssl target=d2i_DSAPublicKey.3openssl -link path=usr/share/man/man3openssl/d2i_DSA_SIG.3openssl target=d2i_DSAPublicKey.3openssl -link path=usr/share/man/man3openssl/d2i_Netscape_RSA.3openssl target=d2i_RSAPublicKey.3openssl -link path=usr/share/man/man3openssl/d2i_PKCS8PrivateKey_bio.3openssl target=d2i_PKCS8PrivateKey.3openssl -link path=usr/share/man/man3openssl/d2i_PKCS8PrivateKey_fp.3openssl target=d2i_PKCS8PrivateKey.3openssl -link path=usr/share/man/man3openssl/d2i_RSAPrivateKey.3openssl target=d2i_RSAPublicKey.3openssl -link path=usr/share/man/man3openssl/d2i_RSA_PUBKEY.3openssl target=d2i_RSAPublicKey.3openssl -link path=usr/share/man/man3openssl/d2i_X509_CRL_bio.3openssl target=d2i_X509_CRL.3openssl -link path=usr/share/man/man3openssl/d2i_X509_REQ_bio.3openssl target=d2i_X509_REQ.3openssl -link path=usr/share/man/man3openssl/d2i_X509_REQ_fp.3openssl target=d2i_X509_REQ.3openssl -link path=usr/share/man/man3openssl/d2i_X509_bio.3openssl target=d2i_X509.3openssl -link path=usr/share/man/man3openssl/d2i_X509_fp.3openssl target=d2i_X509.3openssl -link path=usr/share/man/man3openssl/des_read_2passwords.3openssl target=ui_compat.3openssl -link path=usr/share/man/man3openssl/des_read_password.3openssl target=ui_compat.3openssl -link path=usr/share/man/man3openssl/des_read_pw.3openssl target=ui_compat.3openssl -link path=usr/share/man/man3openssl/des_read_pw_string.3openssl target=ui_compat.3openssl -link path=usr/share/man/man3openssl/i2d_ASN1_OBJECT.3openssl target=d2i_ASN1_OBJECT.3openssl -link path=usr/share/man/man3openssl/i2d_DHparams.3openssl target=d2i_DHparams.3openssl -link path=usr/share/man/man3openssl/i2d_DSAPrivateKey.3openssl target=d2i_DSAPublicKey.3openssl -link path=usr/share/man/man3openssl/i2d_DSAPublicKey.3openssl target=d2i_DSAPublicKey.3openssl -link path=usr/share/man/man3openssl/i2d_DSA_PUBKEY.3openssl target=d2i_DSAPublicKey.3openssl -link path=usr/share/man/man3openssl/i2d_DSA_SIG.3openssl target=d2i_DSAPublicKey.3openssl -link path=usr/share/man/man3openssl/i2d_Netscape_RSA.3openssl target=d2i_RSAPublicKey.3openssl -link path=usr/share/man/man3openssl/i2d_PKCS8PrivateKey_bio.3openssl target=d2i_PKCS8PrivateKey.3openssl -link path=usr/share/man/man3openssl/i2d_PKCS8PrivateKey_fp.3openssl target=d2i_PKCS8PrivateKey.3openssl -link path=usr/share/man/man3openssl/i2d_PKCS8PrivateKey_nid_bio.3openssl target=d2i_PKCS8PrivateKey.3openssl -link path=usr/share/man/man3openssl/i2d_PKCS8PrivateKey_nid_fp.3openssl target=d2i_PKCS8PrivateKey.3openssl -link path=usr/share/man/man3openssl/i2d_RSAPrivateKey.3openssl target=d2i_RSAPublicKey.3openssl -link path=usr/share/man/man3openssl/i2d_RSAPublicKey.3openssl target=d2i_RSAPublicKey.3openssl -link path=usr/share/man/man3openssl/i2d_RSA_PUBKEY.3openssl target=d2i_RSAPublicKey.3openssl -link path=usr/share/man/man3openssl/i2d_SSL_SESSION.3openssl target=d2i_SSL_SESSION.3openssl -link path=usr/share/man/man3openssl/i2d_X509.3openssl target=d2i_X509.3openssl -link path=usr/share/man/man3openssl/i2d_X509_ALGOR.3openssl target=d2i_X509_ALGOR.3openssl -link path=usr/share/man/man3openssl/i2d_X509_CRL.3openssl target=d2i_X509_CRL.3openssl -link path=usr/share/man/man3openssl/i2d_X509_CRL_bio.3openssl target=d2i_X509_CRL.3openssl -link path=usr/share/man/man3openssl/i2d_X509_CRL_fp.3openssl target=d2i_X509_CRL.3openssl -link path=usr/share/man/man3openssl/i2d_X509_NAME.3openssl target=d2i_X509_NAME.3openssl -link path=usr/share/man/man3openssl/i2d_X509_REQ.3openssl target=d2i_X509_REQ.3openssl -link path=usr/share/man/man3openssl/i2d_X509_REQ_bio.3openssl target=d2i_X509_REQ.3openssl -link path=usr/share/man/man3openssl/i2d_X509_REQ_fp.3openssl target=d2i_X509_REQ.3openssl -link path=usr/share/man/man3openssl/i2d_X509_SIG.3openssl target=d2i_X509_SIG.3openssl -link path=usr/share/man/man3openssl/i2d_X509_bio.3openssl target=d2i_X509.3openssl -link path=usr/share/man/man3openssl/i2d_X509_fp.3openssl target=d2i_X509.3openssl -link path=usr/share/man/man3openssl/lh_delete.3openssl target=lhash.3openssl -link path=usr/share/man/man3openssl/lh_doall.3openssl target=lhash.3openssl -link path=usr/share/man/man3openssl/lh_doall_arg.3openssl target=lhash.3openssl -link path=usr/share/man/man3openssl/lh_error.3openssl target=lhash.3openssl -link path=usr/share/man/man3openssl/lh_free.3openssl target=lhash.3openssl -link path=usr/share/man/man3openssl/lh_insert.3openssl target=lhash.3openssl -link path=usr/share/man/man3openssl/lh_new.3openssl target=lhash.3openssl -link path=usr/share/man/man3openssl/lh_node_stats.3openssl target=lh_stats.3openssl -link path=usr/share/man/man3openssl/lh_node_stats_bio.3openssl target=lh_stats.3openssl -link path=usr/share/man/man3openssl/lh_node_usage_stats.3openssl target=lh_stats.3openssl -link path=usr/share/man/man3openssl/lh_node_usage_stats_bio.3openssl target=lh_stats.3openssl -link path=usr/share/man/man3openssl/lh_retrieve.3openssl target=lhash.3openssl -link path=usr/share/man/man3openssl/lh_stats_bio.3openssl target=lh_stats.3openssl -link path=usr/share/man/man3openssl/CMS_add0_crl.3openssl target=CMS_add0_cert.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_ctrl.3openssl target=EVP_PKEY_CTX_ctrl.3openssl -link path=usr/share/man/man3openssl/CMS_add1_cert.3openssl target=CMS_add0_cert.3openssl -link path=usr/share/man/man3openssl/CMS_get1_crls.3openssl target=CMS_add0_cert.3openssl -link path=usr/share/man/man3openssl/CMS_get1_certs.3openssl target=CMS_add0_cert.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_CTX_dup.3openssl target=EVP_PKEY_CTX_new.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_CTX_free.3openssl target=EVP_PKEY_CTX_new.3openssl -link path=usr/share/man/man3openssl/CRYPTO_THREADID_cmp.3openssl target=threads.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_paramgen.3openssl target=EVP_PKEY_keygen.3openssl -link path=usr/share/man/man3openssl/CRYPTO_THREADID_cpy.3openssl target=threads.3openssl -link path=usr/share/man/man3openssl/X509_STORE_CTX_free.3openssl target=X509_STORE_CTX_new.3openssl -link path=usr/share/man/man3openssl/X509_STORE_CTX_init.3openssl target=X509_STORE_CTX_new.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_ctrl_str.3openssl target=EVP_PKEY_CTX_ctrl.3openssl -link path=usr/share/man/man3openssl/CRYPTO_THREADID_hash.3openssl target=threads.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_CTX_get_cb.3openssl target=EVP_PKEY_keygen.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_CTX_set_cb.3openssl target=EVP_PKEY_keygen.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_CTX_new_id.3openssl target=EVP_PKEY_CTX_new.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_sign_init.3openssl target=EVP_PKEY_sign.3openssl -link path=usr/share/man/man3openssl/EVP_DigestSignFinal.3openssl target=EVP_DigestSignInit.3openssl -link path=usr/share/man/man3openssl/CMS_SignerInfo_sign.3openssl target=CMS_sign_add1_signer.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_derive_init.3openssl target=EVP_PKEY_derive.3openssl -link path=usr/share/man/man3openssl/X509_STORE_CTX_cleanup.3openssl target=X509_STORE_CTX_new.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_keygen_init.3openssl target=EVP_PKEY_keygen.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_verify_init.3openssl target=EVP_PKEY_verify.3openssl -link path=usr/share/man/man3openssl/EVP_DigestSignUpdate.3openssl target=EVP_DigestSignInit.3openssl -link path=usr/share/man/man3openssl/CRYPTO_THREADID_current.3openssl target=threads.3openssl -link path=usr/share/man/man3openssl/X509_STORE_CTX_set_cert.3openssl target=X509_STORE_CTX_new.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_print_public.3openssl target=EVP_PKEY_print_private.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_decrypt_init.3openssl target=EVP_PKEY_decrypt.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_print_params.3openssl target=EVP_PKEY_print_private.3openssl -link path=usr/share/man/man3openssl/CMS_get0_eContentType.3openssl target=CMS_get0_type.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_encrypt_init.3openssl target=EVP_PKEY_encrypt.3openssl -link path=usr/share/man/man3openssl/CMS_set1_eContentType.3openssl target=CMS_get0_type.3openssl -link path=usr/share/man/man3openssl/EVP_DigestVerifyFinal.3openssl target=EVP_DigestVerifyInit.3openssl -link path=usr/share/man/man3openssl/X509_STORE_CTX_set0_crls.3openssl target=X509_STORE_CTX_new.3openssl -link path=usr/share/man/man3openssl/CMS_set1_signer_certs.3openssl target=CMS_get0_SignerInfos.3openssl -link path=usr/share/man/man3openssl/X509_STORE_CTX_set_chain.3openssl target=X509_STORE_CTX_new.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_paramgen_init.3openssl target=EVP_PKEY_keygen.3openssl -link path=usr/share/man/man3openssl/X509_STORE_CTX_get1_chain.3openssl target=X509_STORE_CTX_get_error.3openssl -link path=usr/share/man/man3openssl/X509_STORE_CTX_set_error.3openssl target=X509_STORE_CTX_get_error.3openssl -link path=usr/share/man/man3openssl/CMS_add0_recipient_key.3openssl target=CMS_add1_recipient_cert.3openssl -link path=usr/share/man/man3openssl/X509_STORE_CTX_get0_param.3openssl target=X509_STORE_CTX_new.3openssl -link path=usr/share/man/man3openssl/X509_STORE_CTX_set0_param.3openssl target=X509_STORE_CTX_new.3openssl -link path=usr/share/man/man3openssl/EVP_DigestVerifyUpdate.3openssl target=EVP_DigestVerifyInit.3openssl -link path=usr/share/man/man3openssl/CMS_RecipientInfo_type.3openssl target=CMS_get0_RecipientInfos.3openssl -link path=usr/share/man/man3openssl/X509_STORE_set_verify_cb.3openssl target=X509_STORE_set_verify_cb_func.3openssl -link path=usr/share/man/man3openssl/CMS_add1_ReceiptRequest.3openssl target=CMS_get1_ReceiptRequest.3openssl -link path=usr/share/man/man3openssl/X509_VERIFY_PARAM_set_time.3openssl target=X509_VERIFY_PARAM_set_flags.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_cmp_parameters.3openssl target=EVP_PKEY_cmp.3openssl -link path=usr/share/man/man3openssl/CMS_SignerInfo_cert_cmp.3openssl target=CMS_get0_SignerInfos.3openssl -link path=usr/share/man/man3openssl/X509_STORE_CTX_get_ex_data.3openssl target=X509_STORE_CTX_get_ex_new_index.3openssl -link path=usr/share/man/man3openssl/X509_VERIFY_PARAM_get_flags.3openssl target=X509_VERIFY_PARAM_set_flags.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_CTX_get_app_data.3openssl target=EVP_PKEY_keygen.3openssl -link path=usr/share/man/man3openssl/X509_VERIFY_PARAM_get_depth.3openssl target=X509_VERIFY_PARAM_set_flags.3openssl -link path=usr/share/man/man3openssl/X509_STORE_CTX_set_ex_data.3openssl target=X509_STORE_CTX_get_ex_new_index.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_derive_set_peer.3openssl target=EVP_PKEY_derive.3openssl -link path=usr/share/man/man3openssl/X509_VERIFY_PARAM_set_depth.3openssl target=X509_VERIFY_PARAM_set_flags.3openssl -link path=usr/share/man/man3openssl/X509_STORE_CTX_set_default.3openssl target=X509_STORE_CTX_new.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_copy_parameters.3openssl target=EVP_PKEY_cmp.3openssl -link path=usr/share/man/man3openssl/X509_VERIFY_PARAM_set_trust.3openssl target=X509_VERIFY_PARAM_set_flags.3openssl -link path=usr/share/man/man3openssl/X509_VERIFY_PARAM_add0_policy.3openssl target=X509_VERIFY_PARAM_set_flags.3openssl -link path=usr/share/man/man3openssl/CRYPTO_THREADID_get_callback.3openssl target=threads.3openssl -link path=usr/share/man/man3openssl/CRYPTO_THREADID_set_callback.3openssl target=threads.3openssl -link path=usr/share/man/man3openssl/CMS_RecipientInfo_decrypt.3openssl target=CMS_get0_RecipientInfos.3openssl -link path=usr/share/man/man3openssl/X509_VERIFY_PARAM_clear_flags.3openssl target=X509_VERIFY_PARAM_set_flags.3openssl -link path=usr/share/man/man3openssl/CMS_RecipientInfo_set0_key.3openssl target=CMS_get0_RecipientInfos.3openssl -link path=usr/share/man/man3openssl/CMS_ReceiptRequest_create0.3openssl target=CMS_get1_ReceiptRequest.3openssl -link path=usr/share/man/man3openssl/X509_STORE_CTX_trusted_stack.3openssl target=X509_STORE_CTX_new.3openssl -link path=usr/share/man/man3openssl/X509_VERIFY_PARAM_set_purpose.3openssl target=X509_VERIFY_PARAM_set_flags.3openssl -link path=usr/share/man/man3openssl/SSL_get_psk_identity_hint.3openssl target=SSL_get_psk_identity.3openssl -link path=usr/share/man/man3openssl/SSL_use_psk_identity_hint.3openssl target=SSL_CTX_use_psk_identity_hint.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_CTX_get_keygen_info.3openssl target=EVP_PKEY_keygen.3openssl -link path=usr/share/man/man3openssl/CMS_RecipientInfo_set0_pkey.3openssl target=CMS_get0_RecipientInfos.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_missing_parameters.3openssl target=EVP_PKEY_cmp.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_verify_recover_init.3openssl target=EVP_PKEY_verify_recover.3openssl -link path=usr/share/man/man3openssl/X509_VERIFY_PARAM_set1_policies.3openssl target=X509_VERIFY_PARAM_set_flags.3openssl -link path=usr/share/man/man3openssl/SSL_set_psk_client_callback.3openssl target=SSL_CTX_set_psk_client_callback.3openssl -link path=usr/share/man/man3openssl/SSL_set_psk_server_callback.3openssl target=SSL_CTX_use_psk_identity_hint.3openssl -link path=usr/share/man/man3openssl/X509_STORE_CTX_get_error_depth.3openssl target=X509_STORE_CTX_get_error.3openssl -link path=usr/share/man/man3openssl/EVP_PKEVP_PKEY_CTX_set_app_data.3openssl target=EVP_PKEY_keygen.3openssl -link path=usr/share/man/man3openssl/CMS_SignerInfo_get0_signer_id.3openssl target=CMS_get0_SignerInfos.3openssl -link path=usr/share/man/man3openssl/X509_STORE_CTX_get_current_cert.3openssl target=X509_STORE_CTX_get_error.3openssl -link path=usr/share/man/man3openssl/X509_verify_cert_error_string.3openssl target=X509_STORE_CTX_get_error.3openssl -link path=usr/share/man/man3openssl/CMS_RecipientInfo_kekri_id_cmp.3openssl target=CMS_get0_RecipientInfos.3openssl -link path=usr/share/man/man3openssl/CMS_ReceiptRequest_get0_values.3openssl target=CMS_get1_ReceiptRequest.3openssl -link path=usr/share/man/man3openssl/EVP_PKEY_get_default_digest_nid.3openssl target=EVP_PKEY_get_default_digest.3openssl -link path=usr/share/man/man3openssl/CMS_RecipientInfo_kekri_get0_id.3openssl target=CMS_get0_RecipientInfos.3openssl -link path=usr/share/man/man3openssl/SSL_CTX_set_psk_server_callback.3openssl target=SSL_CTX_use_psk_identity_hint.3openssl -link path=usr/share/man/man3openssl/CMS_RecipientInfo_ktri_cert_cmp.3openssl target=CMS_get0_RecipientInfos.3openssl -link path=usr/share/man/man3openssl/CMS_RecipientInfo_ktri_get0_signer_id.3openssl target=CMS_get0_RecipientInfos.3openssl -license openssl-1.0.0.license license="OpenSSL, SSLeay" -legacy pkg=SUNWopensslr \ - desc="OpenSSL Libraries (Root)" \ - name="OpenSSL Libraries (Root)" diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/patches-post-config/opensslconf.patch --- a/components/openssl/openssl-1.0.0/patches-post-config/opensslconf.patch Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,54 +0,0 @@ ---- /tmp/opensslconf.h Fri Feb 11 15:36:12 2011 -+++ openssl-1.0.0d/crypto/opensslconf.h Fri Feb 11 16:58:36 2011 -@@ -181,7 +181,11 @@ - - #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ - #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) -+#if defined(__sparcv9) || defined(__x86_64) -+#define ENGINESDIR "/lib/openssl/engines/64" -+#else - #define ENGINESDIR "/lib/openssl/engines" -+#endif - #define OPENSSLDIR "/etc/openssl" - #endif - #endif -@@ -228,21 +232,39 @@ - /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a - * %20 speed up (longs are 8 bytes, int's are 4). */ - #ifndef DES_LONG -+#if defined(__sparcv9) || defined(__x86_64) -+#define DES_LONG unsigned int -+#else - #define DES_LONG unsigned long - #endif - #endif -+#endif - - #if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) - #define CONFIG_HEADER_BN_H -+/* -+ * OpenSSL revision 1.521 from 2005-12-15 in OpenSSL_1_0_0-stable branch changed -+ * 64 bit sparcv9 configuration from SIXTY_FOUR_BIT_LONG to BN_LLONG. -+ */ -+#if defined(__x86_64) -+#undef BN_LLONG -+#else - #define BN_LLONG -+#endif - - /* Should we define BN_DIV2W here? */ - - /* Only one for the following should be defined */ -+#if defined(__x86_64) -+#define SIXTY_FOUR_BIT_LONG -+#undef THIRTY_TWO_BIT -+#else - #undef SIXTY_FOUR_BIT_LONG - #undef SIXTY_FOUR_BIT - #define THIRTY_TWO_BIT - #endif -+#undef SIXTY_FOUR_BIT -+#endif - - #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) - #define CONFIG_HEADER_RC4_LOCL_H diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/patches/08-6193522.patch --- a/components/openssl/openssl-1.0.0/patches/08-6193522.patch Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,54 +0,0 @@ -diff -ruN openssl-0.9.8a/apps/CA.pl.in openssl-0.9.8a/apps/CA.pl.in ---- openssl-0.9.8a/apps/CA.pl.in 2005-07-04 23:44:22.000000000 +0200 -+++ openssl-0.9.8a/apps/CA.pl.in 2009-04-21 16:08:45.354925289 +0200 -@@ -53,7 +53,7 @@ - $X509="$openssl x509"; - $PKCS12="$openssl pkcs12"; - --$CATOP="./demoCA"; -+$CATOP="/etc/openssl"; - $CAKEY="cakey.pem"; - $CAREQ="careq.pem"; - $CACERT="cacert.pem"; -diff -ruN openssl-0.9.8a/apps/openssl.cnf openssl-0.9.8a/apps/openssl.cnf ---- openssl-0.9.8a/apps/openssl.cnf 2005-09-16 14:20:24.000000000 +0200 -+++ openssl-0.9.8a/apps/openssl.cnf 2009-04-21 16:07:13.910980196 +0200 -@@ -34,7 +34,7 @@ - #################################################################### - [ CA_default ] - --dir = ./demoCA # Where everything is kept -+dir = /etc/openssl # Where everything is kept - certs = $dir/certs # Where the issued certs are kept - crl_dir = $dir/crl # Where the issued crl are kept - database = $dir/index.txt # database index file. -@@ -44,7 +44,7 @@ - - certificate = $dir/cacert.pem # The CA certificate - serial = $dir/serial # The current serial number --crlnumber = $dir/crlnumber # the current crl number -+#crlnumber = $dir/crlnumber # the current crl number - # must be commented out to leave a V1 CRL - crl = $dir/crl.pem # The current CRL - private_key = $dir/private/cakey.pem# The private key -@@ -122,17 +122,17 @@ - - [ req_distinguished_name ] - countryName = Country Name (2 letter code) --countryName_default = AU -+#countryName_default = US - countryName_min = 2 - countryName_max = 2 - - stateOrProvinceName = State or Province Name (full name) --stateOrProvinceName_default = Some-State -+#stateOrProvinceName_default = Some-State - - localityName = Locality Name (eg, city) - - 0.organizationName = Organization Name (eg, company) --0.organizationName_default = Internet Widgits Pty Ltd -+#0.organizationName_default = Unconfigured OpenSSL Installation - - # we can do this but it is not needed normally :-) - #1.organizationName = Second Organization Name (eg, company) diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/patches/11-6546806.patch --- a/components/openssl/openssl-1.0.0/patches/11-6546806.patch Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,12 +0,0 @@ -diff -ruN openssl-0.9.8a/doc/crypto/hmac.pod openssl-0.9.8a/doc/crypto/hmac.pod ---- openssl-0.9.8a/doc/crypto/hmac.pod 2002-07-18 20:54:45.000000000 +0200 -+++ openssl-0.9.8a/doc/crypto/hmac.pod 2009-04-10 11:09:46.449071541 +0200 -@@ -2,7 +2,7 @@ - - =head1 NAME - --HMAC, HMAC_Init, HMAC_Update, HMAC_Final, HMAC_cleanup - HMAC message -+HMAC, HMAC_CTX_init, HMAC_Init, HMAC_Init_ex, HMAC_Update, HMAC_Final, HMAC_CTX_cleanup, HMAC_cleanup - HMAC message - authentication code - - =head1 SYNOPSIS diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/patches/14-manpage_openssl.patch --- a/components/openssl/openssl-1.0.0/patches/14-manpage_openssl.patch Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,16 +0,0 @@ -diff -ruN openssl-0.9.8a/util/extract-section.pl openssl-0.9.8a/util/extract-section.pl ---- openssl-0.9.8a/util/extract-section.pl 2004-11-25 18:47:31.000000000 +0100 -+++ openssl-0.9.8a/util/extract-section.pl 2009-04-08 12:05:03.128230348 +0200 -@@ -3,10 +3,10 @@ - while() { - if (/=for\s+comment\s+openssl_manual_section:(\S+)/) - { -- print "$1\n"; -+ print "${1}openssl\n"; - exit 0; - } - } - --print "$ARGV[0]\n"; -+print "${ARGV[0]}openssl\n"; - diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/patches/15-pkcs11_engine-0.9.8a.patch --- a/components/openssl/openssl-1.0.0/patches/15-pkcs11_engine-0.9.8a.patch Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,126 +0,0 @@ ---- /tmp/Configure Fri Feb 11 14:40:39 2011 -+++ openssl-1.0.0d/Configure Fri Feb 11 14:41:36 2011 -@@ -10,7 +10,7 @@ - - # see INSTALL for instructions. - --my $usage="Usage: Configure [no- ...] [enable- ...] [experimental- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; -+my $usage="Usage: Configure --pk11-libname=PK11_LIB_LOCATION [no- ...] [enable- ...] [experimental- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; - - # Options: - # -@@ -19,6 +19,9 @@ - # --prefix prefix for the OpenSSL include, lib and bin directories - # (Default: the OPENSSLDIR directory) - # -+# --pk11-libname PKCS#11 library name. -+# (Default: none) -+# - # --install_prefix Additional prefix for package builders (empty by - # default). This needn't be set in advance, you can - # just as well use "make INSTALL_PREFIX=/whatever install". -@@ -622,6 +625,9 @@ - my $idx_arflags = $idx++; - my $idx_multilib = $idx++; - -+# PKCS#11 engine patch -+my $pk11_libname=""; -+ - my $prefix=""; - my $libdir=""; - my $openssldir=""; -@@ -824,6 +830,10 @@ - { - $flags.=$_." "; - } -+ elsif (/^--pk11-libname=(.*)$/) -+ { -+ $pk11_libname=$1; -+ } - elsif (/^--prefix=(.*)$/) - { - $prefix=$1; -@@ -961,6 +971,13 @@ - exit 0; - } - -+if (! $pk11_libname) -+ { -+ print STDERR "You must set --pk11-libname for PKCS#11 library.\n"; -+ print STDERR "See README.pkcs11 for more information.\n"; -+ exit 1; -+ } -+ - if ($target =~ m/^CygWin32(-.*)$/) { - $target = "Cygwin".$1; - } -@@ -1123,6 +1140,8 @@ - if ($flags ne "") { $cflags="$flags$cflags"; } - else { $no_user_cflags=1; } - -+$cflags="-DPK11_LIB_LOCATION=\"$pk11_libname\" $cflags"; -+ - # Kerberos settings. The flavor must be provided from outside, either through - # the script "config" or manually. - if (!$no_krb5) -@@ -1492,6 +1511,7 @@ - s/^VERSION=.*/VERSION=$version/; - s/^MAJOR=.*/MAJOR=$major/; - s/^MINOR=.*/MINOR=$minor/; -+ s/^PK11_LIB_LOCATION=.*/PK11_LIB_LOCATION=$pk11_libname/; - s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/; - s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/; - s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/; ---- /tmp/Makefile.org Fri Feb 11 14:41:54 2011 -+++ openssl-1.0.0d/Makefile.org Fri Feb 11 14:38:01 2011 -@@ -26,6 +26,9 @@ - INSTALL_PREFIX= - INSTALLTOP=/usr/local/ssl - -+# You must set this through --pk11-libname configure option. -+PK11_LIB_LOCATION= -+ - # Do not edit this manually. Use Configure --openssldir=DIR do change this! - OPENSSLDIR=/usr/local/ssl - ---- /tmp/Makefile Fri Feb 11 14:42:03 2011 -+++ openssl-1.0.0d/crypto/engine/Makefile Fri Feb 11 14:45:43 2011 -@@ -21,12 +21,14 @@ - eng_table.c eng_pkey.c eng_fat.c eng_all.c \ - tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \ - tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \ -- eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c -+ eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c \ -+ hw_pk11.c hw_pk11_pub.c hw_pk11_uri.c - LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \ - eng_table.o eng_pkey.o eng_fat.o eng_all.o \ - tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \ - tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \ -- eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o -+ eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o \ -+ hw_pk11.o hw_pk11_pub.o hw_pk11_uri.o - - SRC= $(LIBSRC) - ---- /tmp/eng_all.c Fri Feb 11 14:46:11 2011 -+++ openssl-1.0.0d/crypto/engine/eng_all.c Fri Feb 11 14:38:01 2011 -@@ -72,6 +72,9 @@ - ENGINE_load_cryptodev(); - #endif - ENGINE_load_dynamic(); -+#ifndef OPENSSL_NO_HW_PKCS11 -+ ENGINE_load_pk11(); -+#endif - #ifndef OPENSSL_NO_STATIC_ENGINE - #ifndef OPENSSL_NO_HW - #ifndef OPENSSL_NO_HW_4758_CCA ---- /tmp/engine.h Fri Feb 11 14:46:24 2011 -+++ openssl-1.0.0d/crypto/engine/engine.h Fri Feb 11 14:47:32 2011 -@@ -344,6 +344,7 @@ - #endif - #endif - void ENGINE_load_cryptodev(void); -+void ENGINE_load_pk11(void); - void ENGINE_load_builtin_engines(void); - - /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/patches/18-compiler_opts.patch --- a/components/openssl/openssl-1.0.0/patches/18-compiler_opts.patch Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,22 +0,0 @@ ---- openssl-1.0.0d/Configure Thu Feb 10 20:02:41 2011 -+++ /tmp/Configure Thu Feb 10 20:01:51 2011 -@@ -249,6 +255,19 @@ - #"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::", - "sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::", - -+#### Solaris configs, used for OpenSSL as delivered by S11. -+"solaris-x86-cc-sunw","cc:-m32 -xO3 -xspace -Xa::-D_REENTRANT::-lsocket -lnsl -lc:BN_LLONG RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${x86_elf_asm}:dlfcn:solaris-shared:-KPIC:-m32 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign -M/usr/lib/ld/map.noexdata:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+# -+"solaris64-x86_64-cc-sunw","cc:-xO3 -m64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -lc:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR DES_PTR DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign -M/usr/lib/ld/map.noexdata:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+# -+"solaris-sparcv9-cc-sunw","cc:-xtarget=ultra -m32 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -lc:BN_LLONG RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m32 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+# -+"solaris64-sparcv9-cc-sunw","cc:-xtarget=ultra -m64 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -xspace -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -lc:BN_LLONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs::/64", -+# Option -xF=%all instructs the compiler to place functions and data -+# variables into separate section fragments. This enables the link editor -+# to discard unused sections and files when linking wanboot-openssl.o -+"solaris64-sparcv9-cc-sunw-wanboot","cc:-xtarget=ultra -m64 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -xspace -xF=%all -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl:BN_LLONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/bin/ar rs::/64", -+ - #### IRIX 5.x configs - # -mips2 flag is added by ./config when appropriate. - "irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/patches/20-remove_rpath.patch --- a/components/openssl/openssl-1.0.0/patches/20-remove_rpath.patch Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,11 +0,0 @@ ---- /export/openssl/openssl-1.0.0d/Makefile.shared Sat Aug 21 13:36:49 2010 -+++ openssl-1.0.0d/Makefile.shared Mon Feb 14 14:25:51 2011 -@@ -393,7 +393,7 @@ - @ if $(DETECT_GNU_LD); then \ - $(DO_GNU_APP); \ - else \ -- LDFLAGS="$(CFLAGS) -R $(LIBRPATH)"; \ -+ LDFLAGS="$(CFLAGS)"; \ - fi; \ - $(LINK_APP) - diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/patches/23-noexstack.patch --- a/components/openssl/openssl-1.0.0/patches/23-noexstack.patch Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,21 +0,0 @@ ---- /tmp/Makefile.shared Mon Feb 14 14:33:05 2011 -+++ openssl-1.0.0d/Makefile.shared Mon Feb 14 14:35:56 2011 -@@ -389,6 +389,7 @@ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \ - fi; \ - $(LINK_SO_A) -+# Make sure the apps have non-executable stacks and data (x86/x64 only). - link_app.solaris: - @ if $(DETECT_GNU_LD); then \ - $(DO_GNU_APP); \ -@@ -395,6 +396,10 @@ - else \ - LDFLAGS="$(CFLAGS)"; \ - fi; \ -+ if expr $(PLATFORM) : '.*x86.*' > /dev/null; then \ -+ LDFLAGS="$${LDFLAGS} -M/usr/lib/ld/map.noexdata"; \ -+ fi; \ -+ LDFLAGS="$${LDFLAGS} -M/usr/lib/ld/map.noexstk -M/usr/lib/ld/map.pagealign"; \ - $(LINK_APP) - - # OpenServer 5 native compilers used diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/patches/27-6978791.patch --- a/components/openssl/openssl-1.0.0/patches/27-6978791.patch Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,12 +0,0 @@ ---- /tmp/Makefile.shared Mon Feb 14 14:39:29 2011 -+++ openssl-1.0.0d/Makefile.shared Mon Feb 14 14:50:52 2011 -@@ -387,6 +387,9 @@ - ALLSYMSFLAGS="$${MINUSZ}allextract"; \ - NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \ -+ if [ $(LIBNAME) = "ssl" ]; then \ -+ SHAREDFLAGS="$$SHAREDFLAGS $${MINUSZ}nodelete"; \ -+ fi; \ - fi; \ - $(LINK_SO_A) - # Make sure the apps have non-executable stacks and data (x86/x64 only). diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/patches/28-enginesdir.patch --- a/components/openssl/openssl-1.0.0/patches/28-enginesdir.patch Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,50 +0,0 @@ ---- /tmp/18/Configure Fri Feb 11 15:15:50 2011 -+++ openssl-1.0.0d/Configure Fri Feb 11 15:18:09 2011 -@@ -18,6 +18,8 @@ - # --prefix option is given; /usr/local/ssl otherwise) - # --prefix prefix for the OpenSSL include, lib and bin directories - # (Default: the OPENSSLDIR directory) -+# --enginesdir engines shared library location -+# (Default: $prefix/lib/engines) - # - # --pk11-libname PKCS#11 library name. - # (Default: none) -@@ -640,6 +642,7 @@ - my $prefix=""; - my $libdir=""; - my $openssldir=""; -+my $enginesdir=""; - my $exe_ext=""; - my $install_prefix= "$ENV{'INSTALL_PREFIX'}"; - my $cross_compile_prefix=""; -@@ -855,6 +858,10 @@ - { - $openssldir=$1; - } -+ elsif (/^--enginesdir=(.*)$/) -+ { -+ $enginesdir=$1; -+ } - elsif (/^--install.prefix=(.*)$/) - { - $install_prefix=$1; -@@ -1128,6 +1135,10 @@ - # we're ready to tolerate, so don't... - $multilib="" if !-d "$prefix/lib$multilib"; - -+if ($enginesdir eq "") { -+ $enginesdir = "$prefix/lib/engines"; -+} -+ - $libdir="lib$multilib" if $libdir eq ""; - - $cflags = "$cflags$exp_cflags"; -@@ -1717,7 +1728,7 @@ - } - elsif (/^#define\s+ENGINESDIR/) - { -- my $foo = "$prefix/$libdir/engines"; -+ my $foo = "$enginesdir"; - $foo =~ s/\\/\\\\/g; - print OUT "#define ENGINESDIR \"$foo\"\n"; - } diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/patches/29-devcrypto_engine.patch --- a/components/openssl/openssl-1.0.0/patches/29-devcrypto_engine.patch Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,51 +0,0 @@ ---- /tmp/Makefile Mon Feb 14 14:59:22 2011 -+++ openssl-1.0.0d/engines/Makefile Mon Feb 14 15:00:35 2011 -@@ -26,7 +26,8 @@ - APPS= - - LIB=$(TOP)/libcrypto.a --LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock capi -+LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock capi \ -+ devcrypto - - LIBSRC= e_4758cca.c \ - e_aep.c \ -@@ -38,7 +39,8 @@ - e_sureware.c \ - e_ubsec.c \ - e_padlock.c \ -- e_capi.c -+ e_capi.c \ -+ e_devcrypto.c - LIBOBJ= e_4758cca.o \ - e_aep.o \ - e_atalla.o \ -@@ -49,7 +51,8 @@ - e_sureware.o \ - e_ubsec.o \ - e_padlock.o \ -- e_capi.o -+ e_capi.o \ -+ e_devcrypto.o - - SRC= $(LIBSRC) - -@@ -63,7 +66,8 @@ - e_nuron_err.c e_nuron_err.h \ - e_sureware_err.c e_sureware_err.h \ - e_ubsec_err.c e_ubsec_err.h \ -- e_capi_err.c e_capi_err.h -+ e_capi_err.c e_capi_err.h \ -+ e_devcrypto_err.c e_devcrypto_err.h - - ALL= $(GENERAL) $(SRC) $(HEADER) - -@@ -78,7 +82,7 @@ - for l in $(LIBNAMES); do \ - $(MAKE) -f ../Makefile.shared -e \ - LIBNAME=$$l LIBEXTRAS=e_$$l.o \ -- LIBDEPS='-L.. -lcrypto $(EX_LIBS)' \ -+ LIBDEPS='-L.. -lcrypto -lcryptoutil $(EX_LIBS)' \ - link_o.$(SHLIB_TARGET); \ - done; \ - else \ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/patches/30_wanboot.patch --- a/components/openssl/openssl-1.0.0/patches/30_wanboot.patch Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,350 +0,0 @@ ---- openssl-1.0.0g/Makefile.org 2010-01-27 08:06:58.000000000 -0800 -+++ openssl-1.0.0g-1/Makefile.org 2012-03-26 03:04:08.440194448 -0700 -@@ -109,7 +109,13 @@ - ZLIB_INCLUDE= - LIBZLIB= - -+# For wanboot, we only need crypto and ssl. -+# 'apps' are not patched to work in stand-alone environment anyway. -+ifeq ($(PLATFORM), solaris64-sparcv9-cc-sunw-wanboot) -+DIRS= crypto ssl -+else - DIRS= crypto ssl engines apps test tools -+endif - ENGDIRS= ccgost - SHLIBDIRS= crypto ssl - ---- openssl-1.0.0g/Makefile 2012-01-18 05:42:28.000000000 -0800 -+++ openssl-1.0.0g-1/Makefile 2012-03-26 03:03:59.170540344 -0700 -@@ -111,7 +111,13 @@ - ZLIB_INCLUDE= - LIBZLIB= - -+# For wanboot, we only need crypto and ssl. -+# 'apps' are not patched to work in stand-alone environment anyway. -+ifeq ($(PLATFORM), solaris64-sparcv9-cc-sunw-wanboot) -+DIRS= crypto ssl -+else - DIRS= crypto ssl engines apps test tools -+endif - ENGDIRS= ccgost - SHLIBDIRS= crypto ssl - ---- openssl-1.0.0e/crypto/cryptlib.c 2011-06-22 08:39:00.000000000 -0700 -+++ openssl-1.0.0e_patched/crypto/cryptlib.c 2011-12-12 06:17:45.422476900 -0800 -@@ -871,6 +871,10 @@ - MessageBox (NULL,buf,_T("OpenSSL: FATAL"),MB_OK|MB_ICONSTOP); - } - #else -+/* Solaris libsa.a used for WAN boot doesn't provide for vfprintf(). Since -+ * * OPENSSL_showfatal() is not used anywhere else then here we can safely use -+ * * the code from 0.9.7d version. */ -+#ifndef _BOOT - void OPENSSL_showfatal (const char *fmta,...) - { va_list ap; - -@@ -878,14 +882,21 @@ - vfprintf (stderr,fmta,ap); - va_end (ap); - } -+#endif /* _BOOT */ - int OPENSSL_isservice (void) { return 0; } - #endif - - void OpenSSLDie(const char *file,int line,const char *assertion) - { -+#ifndef _BOOT - OPENSSL_showfatal( - "%s(%d): OpenSSL internal error, assertion failed: %s\n", - file,line,assertion); -+#else -+ fprintf(stderr, -+ "%s(%d): OpenSSL internal error, assertion failed: %s\n", -+ file,line,assertion); -+#endif - #if !defined(_WIN32) || defined(__CYGWIN__) - abort(); - #else ---- openssl-1.0.0e/crypto/err/err_all.c 2009-08-09 07:58:05.000000000 -0700 -+++ openssl-1.0.0e_patched/crypto/err/err_all.c 2011-12-13 05:22:01.205351400 -0800 -@@ -142,7 +142,9 @@ - ERR_load_X509V3_strings(); - ERR_load_PKCS12_strings(); - ERR_load_RAND_strings(); -+#ifndef _BOOT - ERR_load_DSO_strings(); -+#endif /* _BOOT */ - ERR_load_TS_strings(); - #ifndef OPENSSL_NO_ENGINE - ERR_load_ENGINE_strings(); ---- openssl-1.0.0e/crypto/evp/evp_key.c 2010-03-27 12:27:50.000000000 -0700 -+++ openssl-1.0.0e_patched/crypto/evp/evp_key.c 2011-12-13 05:19:32.956908600 -0800 -@@ -84,7 +84,7 @@ - else - return(prompt_string); - } -- -+#ifndef _BOOT - /* For historical reasons, the standard function for reading passwords is - * in the DES library -- if someone ever wants to disable DES, - * this function will fail */ -@@ -111,6 +111,7 @@ - OPENSSL_cleanse(buff,BUFSIZ); - return ret; - } -+#endif /* !_BOOT */ - - int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, - const unsigned char *salt, const unsigned char *data, int datal, ---- openssl-1.0.0e/crypto/rand/rand_unix.c 2009-04-06 07:31:36.000000000 -0700 -+++ openssl-1.0.0e_patched/crypto/rand/rand_unix.c 2011-12-19 07:28:39.988944800 -0800 -@@ -122,7 +122,11 @@ - #include - #include - #include -+#ifdef _BOOT -+#include -+#else - #include -+#endif - #include - #include - #if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually everywhere */ -@@ -253,6 +257,11 @@ - const char **egdsocket = NULL; - #endif - -+#ifdef _BOOT -+/* open() is provided by standalone libsa not visible from here */ -+extern int open(const char *, int); -+#endif -+ - #ifdef DEVRANDOM - memset(randomstats,0,sizeof(randomstats)); - /* Use a random entropy pool device. Linux, FreeBSD and OpenBSD -@@ -295,9 +304,13 @@ - { - int try_read = 0; - --#if defined(OPENSSL_SYS_BEOS_R5) -+#if defined(OPENSSL_SYS_BEOS_R5) || defined(_BOOT) - /* select() is broken in BeOS R5, so we simply - * try to read something and snooze if we couldn't */ -+ /* -+ * select() is not available when linking stand-alone -+ * library for wanboot -+ */ - try_read = 1; - - #elif defined(OPENSSL_SYS_LINUX) -@@ -355,6 +368,7 @@ - else - r = -1; - -+#ifndef _BOOT - /* Some Unixen will update t in select(), some - won't. For those who won't, or if we - didn't use select() in the first place, -@@ -366,13 +380,17 @@ - } - while ((r > 0 || - (errno == EINTR || errno == EAGAIN)) && usec != 0 && n < ENTROPY_NEEDED); -+#else /* _BOOT */ -+ } -+ while (r > 0 && n < ENTROPY_NEEDED); -+#endif /* _BOOT */ - - close(fd); - } - } - #endif /* defined(DEVRANDOM) */ - --#ifdef DEVRANDOM_EGD -+#if defined(DEVRANDOM_EGD) && !defined(_BOOT) - /* Use an EGD socket to read entropy from an EGD or PRNGD entropy - * collecting daemon. */ - -@@ -395,6 +413,7 @@ - } - #endif - -+#ifndef _BOOT - /* put in some default random data, we need more than just this */ - l=curr_pid; - RAND_add(&l,sizeof(l),0.0); -@@ -403,6 +422,7 @@ - - l=time(NULL); - RAND_add(&l,sizeof(l),0.0); -+#endif /* !_BOOT */ - - #if defined(OPENSSL_SYS_BEOS) - { - ---- openssl-1.0.0e/crypto/rand/randfile.c 2011-03-19 02:44:37.000000000 -0700 -+++ openssl-1.0.0e_patched/crypto/rand/randfile.c 2011-12-13 05:26:51.884824200 -0800 -@@ -57,7 +57,9 @@ - */ - - /* We need to define this to get macros like S_IFBLK and S_IFCHR */ -+#ifndef _BOOT - #define _XOPEN_SOURCE 500 -+#endif /* _BOOT */ - - #include - #include ---- openssl-1.0.0e/crypto/x509v3/v3_utl.c 2009-07-27 14:08:53.000000000 -0700 -+++ openssl-1.0.0e_patched/crypto/x509v3/v3_utl.c 2011-12-13 05:10:08.844191400 -0800 -@@ -659,9 +659,52 @@ - } - } - -+#if defined(_BOOT) -+/* This function was copied from bio/b_sock.c */ -+static int get_ip(const char *str, unsigned char ip[4]) -+ { -+ unsigned int tmp[4]; -+ int num=0,c,ok=0; -+ -+ tmp[0]=tmp[1]=tmp[2]=tmp[3]=0; -+ -+ for (;;) -+ { -+ c= *(str++); -+ if ((c >= '0') && (c <= '9')) -+ { -+ ok=1; -+ tmp[num]=tmp[num]*10+c-'0'; -+ if (tmp[num] > 255) return(0); -+ } -+ else if (c == '.') -+ { -+ if (!ok) return(-1); -+ if (num == 3) return(0); -+ num++; -+ ok=0; -+ } -+ else if (c == '\0' && (num == 3) && ok) -+ break; -+ else -+ return(0); -+ } -+ ip[0]=tmp[0]; -+ ip[1]=tmp[1]; -+ ip[2]=tmp[2]; -+ ip[3]=tmp[3]; -+ return(1); -+ } -+#endif /* _BOOT */ -+ - static int ipv4_from_asc(unsigned char *v4, const char *in) - { - int a0, a1, a2, a3; -+ -+#if defined(_BOOT) -+ if (get_ip(in, v4) != 1) -+ return 0; -+#else /* _BOOT */ - if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4) - return 0; - if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255) -@@ -671,6 +716,7 @@ - v4[1] = a1; - v4[2] = a2; - v4[3] = a3; -+#endif /* _BOOT */ - return 1; - } - ---- openssl-1.0.0e/e_os.h 2011-12-19 04:17:51.631087400 -0800 -+++ openssl-1.0.0e_patched/e_os.h 2011-12-19 04:15:15.776668900 -0800 -@@ -207,10 +207,19 @@ - #define get_last_socket_error() errno - #define clear_socket_error() errno=0 - #define ioctlsocket(a,b,c) ioctl(a,b,c) -+#ifdef _BOOT -+#include -+extern int socket_read(int, void *, size_t, int); -+extern int socket_close(int); -+#define closesocket(s) socket_close(s) -+#define readsocket(s,b,n) socket_read((s),(b),(n), 200) -+#define writesocket(s,b,n) send((s),(b),(n), 0) -+#else /* !_BOOT */ - #define closesocket(s) close(s) - #define readsocket(s,b,n) read((s),(b),(n)) - #define writesocket(s,b,n) write((s),(b),(n)) - #endif -+#endif - - #ifdef WIN16 /* never the case */ - # define MS_CALLBACK _far _loadds ---- openssl-1.0.0e/crypto/sparcv9cap.c 2010-09-05 12:48:01.000000000 -0700 -+++ openssl-1.0.0e_patched/crypto/sparcv9cap.c 2011-12-23 05:24:02.011607700 -0800 -@@ -12,7 +12,11 @@ - #define SPARCV9_VIS2 (1<<3) /* reserved */ - #define SPARCV9_FMADD (1<<4) /* reserved for SPARC64 V */ - -+#ifndef _BOOT - static int OPENSSL_sparcv9cap_P=SPARCV9_TICK_PRIVILEGED; -+#else -+static int OPENSSL_sparcv9cap_P = SPARCV9_VIS1; -+#endif - - int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num) - { -@@ -32,6 +36,7 @@ - void _sparcv9_vis2_probe(void); - void _sparcv9_fmadd_probe(void); - -+#ifndef _BOOT - unsigned long OPENSSL_rdtsc(void) - { - if (OPENSSL_sparcv9cap_P&SPARCV9_TICK_PRIVILEGED) -@@ -43,8 +48,19 @@ - else - return _sparcv9_rdtick(); - } -+#endif -+ -+#if defined(_BOOT) -+/* -+ * Hardcoding sparc capabilities for wanboot. -+ * Older CPUs are EOLed anyway. -+ */ -+void OPENSSL_cpuid_setup(void) -+ { -+ OPENSSL_sparcv9cap_P = SPARCV9_VIS1; -+ } - --#if 0 && defined(__sun) && defined(__SVR4) -+#elif 0 && defined(__sun) && defined(__SVR4) - /* This code path is disabled, because of incompatibility of - * libdevinfo.so.1 and libmalloc.so.1 (see below for details) - */ ---- openssl-1.0.0e/crypto/sparccpuid.S 2010-09-05 12:48:01.000000000 -0700 -+++ openssl-1.0.0e_patched/crypto/sparccpuid.S 2012-02-13 07:42:58.259478325 -0800 -@@ -397,6 +397,11 @@ - .type OPENSSL_cleanse,#function - .size OPENSSL_cleanse,.-OPENSSL_cleanse - -+#ifndef _BOOT - .section ".init",#alloc,#execinstr - call OPENSSL_cpuid_setup - nop -+#else -+ nop -+ nop -+#endif ---- openssl-1.0.0e/crypto/Makefile 2010-07-26 15:09:59.000000000 -0700 -+++ openssl-1.0.0e_patched/crypto/Makefile 2011-12-22 08:26:22.041955800 -0800 -@@ -34,8 +34,8 @@ - - LIB= $(TOP)/libcrypto.a - SHARED_LIB= libcrypto$(SHLIB_EXT) --LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c o_dir.c --LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o $(CPUID_OBJ) -+LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c o_dir.c wanboot-stubs.c -+LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o wanboot-stubs.o $(CPUID_OBJ) - - SRC= $(LIBSRC) - diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/patches/31_dtls_version-1.0.0.patch --- a/components/openssl/openssl-1.0.0/patches/31_dtls_version-1.0.0.patch Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,12 +0,0 @@ ---- openssl-1.0.0k/ssl/s3_cbc.c.orig 2013-02-05 03:58:46.000000000 -0800 -+++ openssl-1.0.0k/ssl/s3_cbc.c 2013-02-27 17:25:37.618740089 -0800 -@@ -137,7 +137,8 @@ - unsigned mac_size) - { - unsigned padding_length, good, to_check, i; -- const char has_explicit_iv = s->version == DTLS1_VERSION; -+ const char has_explicit_iv = -+ (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER); - const unsigned overhead = 1 /* padding length byte */ + - mac_size + - (has_explicit_iv ? block_size : 0); diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/patches/openssl-1.0.0d-aesni-v4.i386-patch --- a/components/openssl/openssl-1.0.0/patches/openssl-1.0.0d-aesni-v4.i386-patch Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,161 +0,0 @@ -# -# Engine aesni patch openssl-1.0.0d-aesni-v4.i386-patch. -# openssl-1.0.0-aesni-v4.patch updated for openssl-1.0.0d. -# This engine is X86-only. -# -Index: Configure -=================================================================== -diff -ru openssl-1.0.0d/Configure openssl-1.0.0d/Configure ---- openssl-1.0.0d/Configure 2010-11-30 14:19:26.000000000 -0800 -+++ openssl-1.0.0d/Configure 2011-05-20 10:32:38.598770000 -0700 -@@ -123,11 +123,11 @@ - my $bits1="THIRTY_TWO_BIT "; - my $bits2="SIXTY_FOUR_BIT "; - --my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes-586.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o"; -+my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes-586.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o"; - - my $x86_elf_asm="$x86_asm:elf"; - --my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o"; -+my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o aesni-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o"; - my $ia64_asm="ia64cpuid.o:bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::void"; - my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o:des_enc-sparc.o fcrypt_b.o:aes_core.o aes_cbc.o aes-sparcv9.o:::sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::void"; - my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::::void"; -@@ -491,7 +491,7 @@ - # - # Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64 - "VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ias:win32", --"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32", -+"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o aesni-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32", - "debug-VC-WIN64I","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ias:win32", - "debug-VC-WIN64A","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32", - # x86 Win32 target defaults to ANSI API, if you want UNICODE, complement -@@ -1410,6 +1410,7 @@ - if ($aes_obj =~ /\.o$/) - { - $cflags.=" -DAES_ASM"; -+ $aes_obj =~ s/\s*aesni\-x86\.o// if ($no_sse2); - } - else { - $aes_obj=$aes_enc; -Index: crypto/aes/Makefile -=================================================================== -diff -ru openssl-1.0.0d/crypto/aes/Makefile openssl-1.0.0d/crypto/aes/Makefile ---- openssl-1.0.0d/crypto/aes/Makefile 2008-12-23 03:33:00.000000000 -0800 -+++ openssl-1.0.0d/crypto/aes/Makefile 2011-06-30 16:52:09.000000000 -0700 -@@ -50,9 +50,16 @@ - - aes-586.s: asm/aes-586.pl ../perlasm/x86asm.pl - $(PERL) asm/aes-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ -+aesni-x86.s: asm/aesni-x86.pl ../perlasm/x86asm.pl -+ $(PERL) asm/aesni-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ -+aesni-x86.o: aesni-x86.s -+ $(CC) $(CFLAGS) -o $@ -c $< -+ elfedit -e 'cap:hw1 -and -cmp aes' $@ - - aes-x86_64.s: asm/aes-x86_64.pl - $(PERL) asm/aes-x86_64.pl $(PERLASM_SCHEME) > $@ -+aesni-x86_64.s: asm/aesni-x86_64.pl -+ $(PERL) asm/aesni-x86_64.pl $(PERLASM_SCHEME) > $@ - - aes-sparcv9.s: asm/aes-sparcv9.pl - $(PERL) asm/aes-sparcv9.pl $(CFLAGS) > $@ -Index: crypto/engine/Makefile -=================================================================== -diff -ru openssl-1.0.0d/crypto/engine/Makefile openssl-1.0.0d/crypto/engine/Makefile ---- openssl-1.0.0d/crypto/engine/Makefile 2010-12-02 10:26:11.000000000 -0800 -+++ openssl-1.0.0d/crypto/engine/Makefile 2011-05-20 10:37:14.716792000 -0700 -@@ -22,6 +22,7 @@ - tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \ - tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \ - eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c \ -+ eng_aesni.c \ - hw_pk11.c hw_pk11_pub.c hw_pk11_uri.c - LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \ - eng_table.o eng_pkey.o eng_fat.o eng_all.o \ -@@ -28,6 +29,7 @@ - tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \ - tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \ - eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o \ -+ eng_aesni.o \ - hw_pk11.o hw_pk11_pub.o hw_pk11_uri.o - - SRC= $(LIBSRC) -Index: crypto/engine/eng_all.c -=================================================================== -diff -ru openssl-1.0.0d/crypto/engine/eng_all.c openssl-1.0.0d/crypto/engine/eng_all.c ---- openssl-1.0.0d/crypto/engine/eng_all.c 2009-07-01 07:55:58.000000000 -0700 -+++ openssl-1.0.0d/crypto/engine/eng_all.c 2011-06-22 17:34:25.145829355 -0700 -@@ -61,6 +61,8 @@ - - void ENGINE_load_builtin_engines(void) - { -+ /* Engines may depend on CPU capabilities */ -+ OPENSSL_cpuid_setup(); - #if 0 - /* There's no longer any need for an "openssl" ENGINE unless, one day, - * it is the *only* way for standard builtin implementations to be be -@@ -71,6 +73,10 @@ - #if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)) - ENGINE_load_cryptodev(); - #endif -+#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AESNI) -+ ENGINE_load_aesni(); -+ ENGINE_register_all_complete(); -+#endif - ENGINE_load_dynamic(); - #ifndef OPENSSL_NO_HW_PKCS11 - ENGINE_load_pk11(); -Index: crypto/engine/engine.h -=================================================================== -diff -ru openssl-1.0.0d/crypto/engine/engine.h openssl-1.0.0d/crypto/engine/engine.h ---- openssl-1.0.0d/crypto/engine/engine.h 2011-01-29 17:05:37.000000000 -0800 -+++ openssl-1.0.0d/crypto/engine/engine.h 2011-05-20 10:55:13.878159000 -0700 -@@ -344,6 +344,7 @@ - #endif - #endif - void ENGINE_load_cryptodev(void); -+void ENGINE_load_aesni(void); - void ENGINE_load_pk11(void); - void ENGINE_load_builtin_engines(void); - -Index: crypto/evp/evp.h -=================================================================== -diff -ru openssl-1.0.0d/crypto/evp/evp.h openssl-1.0.0d/crypto/evp/evp.h ---- openssl-1.0.0d/crypto/evp/evp.h 2010-03-27 12:27:50.000000000 -0700 -+++ openssl-1.0.0d/crypto/evp/evp.h 2011-05-20 10:55:56.075662000 -0700 -@@ -1190,6 +1190,7 @@ - /* Error codes for the EVP functions. */ - - /* Function codes. */ -+#define EVP_F_AESNI_INIT_KEY 165 - #define EVP_F_AES_INIT_KEY 133 - #define EVP_F_CAMELLIA_INIT_KEY 159 - #define EVP_F_D2I_PKEY 100 -Index: crypto/evp/evp_err.c -=================================================================== -diff -ru openssl-1.0.0d/crypto/evp/evp_err.c openssl-1.0.0d/crypto/evp/evp_err.c ---- openssl-1.0.0d/crypto/evp/evp_err.c 2010-02-07 05:41:23.000000000 -0800 -+++ openssl-1.0.0d/crypto/evp/evp_err.c 2011-05-20 10:56:21.674385000 -0700 -@@ -70,6 +70,7 @@ - - static ERR_STRING_DATA EVP_str_functs[]= - { -+{ERR_FUNC(EVP_F_AESNI_INIT_KEY), "AESNI_INIT_KEY"}, - {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, - {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"}, - {ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, -Index: util/libeay.num -=================================================================== -diff -ru openssl-1.0.0d/util/libeay.num openssl-1.0.0d/util/libeay.num ---- openssl-1.0.0d/util/libeay.num 2010-07-25 09:56:06.000000000 -0700 -+++ openssl-1.0.0d/util/libeay.num 2011-05-20 11:01:11.198890000 -0700 -@@ -4178,6 +4178,7 @@ - UI_method_set_prompt_constructor 4551 EXIST:!VMS:FUNCTION: - UI_method_set_prompt_constructr 4551 EXIST:VMS:FUNCTION: - EVP_read_pw_string_min 4552 EXIST::FUNCTION: -+ENGINE_load_aesni 4553 EXIST::FUNCTION:ENGINE - CRYPTO_cts128_encrypt 4553 EXIST::FUNCTION: - CRYPTO_cts128_decrypt_block 4554 EXIST::FUNCTION: - CRYPTO_cfb128_1_encrypt 4555 EXIST::FUNCTION: diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/patches/openssl-1.0.0d-t4-engine.sparc-patch --- a/components/openssl/openssl-1.0.0/patches/openssl-1.0.0d-t4-engine.sparc-patch Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,216 +0,0 @@ -# -# Engine t4 patch openssl-1.0.0d-t4-engine.sparc-patch. -# This engine is SPARC-only. -# -Index: Configure -=================================================================== -diff -ru openssl-1.0.0d/Configure openssl-1.0.0d/Configure ---- openssl-1.0.0d/Configure 2011-05-24 17:02:24.000000000 -0700 -+++ openssl-1.0.0d/Configure 2011-07-27 10:48:17.817470000 -0700 -@@ -134,8 +134,8 @@ - - my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o"; - my $ia64_asm="ia64cpuid.o:bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::void"; --my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o:des_enc-sparc.o fcrypt_b.o:aes_core.o aes_cbc.o aes-sparcv9.o:::sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::void"; --my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::::void"; -+my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o:des_enc-sparc.o fcrypt_b.o t4_des.o:aes_core.o aes_cbc.o aes-sparcv9.o t4_aes.o::t4_md5.o:sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o t4_sha1.o t4_sha2.o:::::::void"; -+my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o t4_des.o:t4_aes.o::t4_md5.o:t4_sha1.o t4_sha2.o:::::::void"; - my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o::::::::::::void"; - my $mips3_asm=":bn-mips3.o::::::::::::void"; - my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o::aes-s390x.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::void"; -@@ -256,9 +256,9 @@ - # - "solaris64-x86_64-cc-sunw","cc:-xO3 -m64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -lc:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR DES_PTR DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign -M/usr/lib/ld/map.noexdata:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - # --"solaris-sparcv9-cc-sunw","cc:-xtarget=ultra -m32 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -lc:BN_LLONG RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m32 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"solaris-sparcv9-cc-sunw","cc:-xtarget=ultra -m32 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -lc -lsoftcrypto:BN_LLONG RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m32 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - # --"solaris64-sparcv9-cc-sunw","cc:-xtarget=ultra -m64 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -xspace -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -lc:BN_LLONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs::/64", -+"solaris64-sparcv9-cc-sunw","cc:-xtarget=ultra -m64 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -xspace -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -lc -lsoftcrypto:BN_LLONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs::/64", - # Option -xF=%all instructs the compiler to place functions and data - # variables into separate section fragments. This enables the link editor - # to discard unused sections and files when linking wanboot-openssl.o -=================================================================== -diff -ru openssl-1.0.0d/crypto/aes/ openssl-1.0.0d/crypto/aes/Makefile ---- openssl-1.0.0d/crypto/aes/Makefile 2011-05-24 17:03:31.000000000 -0700 -+++ openssl-1.0.0d/crypto/aes/Makefile 2011-06-30 17:26:34.980110000 -0700 -@@ -17,6 +17,10 @@ - ASFLAGS= $(INCLUDES) $(ASFLAG) - AFLAGS= $(ASFLAGS) - -+BITS:= $(shell if grep '^SHARED_LDFLAGS.*=.*-m32' ../../Makefile >/dev/null; \ -+ then echo 32; else echo 64; fi) -+ASFLAGSYF= -xregsym=no -K pic -P -xarch=v9v -D_sparcv9 -D_ASM -Dsparc -m$(BITS) -+ - GENERAL=Makefile - #TEST=aestest.c - TEST= -@@ -57,6 +61,10 @@ - aes-sparcv9.s: asm/aes-sparcv9.pl - $(PERL) asm/aes-sparcv9.pl $(CFLAGS) > $@ - -+t4_aes.o: asm/t4_aes.S -+ as $(ASFLAGSYF) -o $@ asm/t4_aes.S -+ elfedit -e 'cap:hw1 -and -cmp vis vis3' $@ -+ - aes-ppc.s: asm/aes-ppc.pl - $(PERL) asm/aes-ppc.pl $(PERLASM_SCHEME) $@ - -Index: crypto/des/Makefile -=================================================================== -diff -ru openssl-1.0.0d/crypto/des/ openssl-1.0.0d/crypto/des/Makefile ---- openssl-1.0.0d/crypto/des/Makefile 2011-07-26 17:47:28.530315349 -0700 -+++ openssl-1.0.0d/crypto/des/Makefile 2011-07-27 10:41:47.362058958 -0700 -@@ -17,6 +17,10 @@ - ASFLAGS= $(INCLUDES) $(ASFLAG) - AFLAGS= $(ASFLAGS) - -+BITS:= $(shell if grep '^SHARED_LDFLAGS.*=.*-m32' ../../Makefile >/dev/null; \ -+ then echo 32; else echo 64; fi) -+ASFLAGSYF= -xregsym=no -K pic -P -xarch=v9v -D_sparcv9 -D_ASM -Dsparc -m$(BITS) -+ - GENERAL=Makefile - TEST=destest.c - APPS= -@@ -61,6 +65,10 @@ - - des_enc-sparc.S: asm/des_enc.m4 - m4 -B 8192 asm/des_enc.m4 > des_enc-sparc.S -+ -+t4_des.o: asm/t4_des.S -+ as $(ASFLAGSYF) -o $@ asm/t4_des.S -+ elfedit -e 'cap:hw1 -and -cmp vis vis3' $@ - - des-586.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - $(PERL) asm/des-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@ -Index: crypto/engine/Makefile -=================================================================== -diff -ru openssl-1.0.0d/crypto/engine/Makefile openssl-1.0.0d/crypto/engine/Makefile ---- openssl-1.0.0d/crypto/engine/Makefile 2011-05-24 17:04:12.000000000 -0700 -+++ openssl-1.0.0d/crypto/engine/Makefile 2011-07-28 10:10:00.000000000 -0700 -@@ -22,12 +22,16 @@ - tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \ - tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \ - eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c \ -+ eng_t4.c eng_t4_des.c eng_t4_md5.c \ -+ eng_t4_sha1.c eng_t4_sha256.c eng_t4_sha512.c eng_t4_montmul.c \ - hw_pk11.c hw_pk11_pub.c hw_pk11_uri.c - LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \ - eng_table.o eng_pkey.o eng_fat.o eng_all.o \ - tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \ - tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \ - eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o \ -+ eng_t4.o eng_t4_des.o eng_t4_md5.o \ -+ eng_t4_sha1.o eng_t4_sha256.o eng_t4_sha512.o eng_t4_montmul.o \ - hw_pk11.o hw_pk11_pub.o hw_pk11_uri.o - - SRC= $(LIBSRC) -Index: crypto/engine/eng_all.c -=================================================================== -diff -ru openssl-1.0.0d/crypto/engine/eng_all.c openssl-1.0.0d/crypto/engine/eng_all.c ---- openssl-1.0.0d/crypto/engine/eng_all.c 2011-05-24 17:02:20.000000000 -0700 -+++ openssl-1.0.0d/crypto/engine/eng_all.c 2011-06-22 17:34:25.145829355 -0700 -@@ -61,6 +61,8 @@ - - void ENGINE_load_builtin_engines(void) - { -+ /* Engines may depend on CPU capabilities */ -+ OPENSSL_cpuid_setup(); - #if 0 - /* There's no longer any need for an "openssl" ENGINE unless, one day, - * it is the *only* way for standard builtin implementations to be be -@@ -71,6 +73,10 @@ - #if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)) - ENGINE_load_cryptodev(); - #endif -+#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_T4) -+ ENGINE_load_t4(); -+ ENGINE_register_all_complete(); -+#endif - ENGINE_load_dynamic(); - #ifndef OPENSSL_NO_HW_PKCS11 - ENGINE_load_pk11(); -Index: crypto/engine/engine.h -================================================================== -diff -ru openssl-1.0.0d/crypto/engine/engine.h openssl-1.0.0d/crypto/engine/engine.h ---- openssl-1.0.0d/crypto/engine/engine.h 2011-05-24 17:02:20.000000000 -0700 -+++ openssl-1.0.0d/crypto/engine/engine.h 2011-05-24 18:05:29.075766123 -0700 -@@ -344,6 +344,7 @@ - #endif - #endif - void ENGINE_load_cryptodev(void); -+void ENGINE_load_t4(void); - void ENGINE_load_pk11(void); - void ENGINE_load_builtin_engines(void); - -Index: crypto/md5/Makefile -================================================================== -diff -ru openssl-1.0.0d/crypto/md5/Makefile openssl-1.0.0d/crypto/md5/Makefile ---- openssl-1.0.0d/crypto/md5/Makefile 2011-05-24 17:03:14.000000000 -0700 -+++ openssl-1.0.0d/crypto/md5/Makefile 2011-08-27 16:01:49.000000000 -0700 -@@ -17,6 +17,10 @@ - ASFLAGS= $(INCLUDES) $(ASFLAG) - AFLAGS= $(ASFLAGS) - -+BITS:= $(shell if grep '^SHARED_LDFLAGS.*=.*-m32' ../../Makefile >/dev/null; \ -+ then echo 32; else echo 64; fi) -+ASFLAGSYF= -xregsym=no -K pic -P -xarch=v9v -D_sparcv9 -D_ASM -Dsparc -m$(BITS) -+ - GENERAL=Makefile - TEST=md5test.c - APPS= -@@ -52,6 +58,10 @@ - $(CC) $(CFLAGS) -E asm/md5-ia64.S | \ - $(PERL) -ne 's/;\s+/;\n/g; print;' > $@ - -+t4_md5.o: asm/t4_md5.S -+ as $(ASFLAGSYF) -o $@ asm/t4_md5.S -+ elfedit -e 'cap:hw1 -and -cmp vis vis3' $@ -+ - files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO - -Index: crypto/sha/Makefile -================================================================== -diff -ru openssl-1.0.0d/crypto/sha/Makefile openssl-1.0.0d/crypto/sha/Makefile ---- openssl-1.0.0d/crypto/sha/Makefile 2011-05-24 17:03:18.000000000 -0700 -+++ openssl-1.0.0d/crypto/sha/Makefile 2011-08-27 16:01:49.000000000 -0700 -@@ -17,6 +17,10 @@ - ASFLAGS= $(INCLUDES) $(ASFLAG) - AFLAGS= $(ASFLAGS) - -+BITS:= $(shell if grep '^SHARED_LDFLAGS.*=.*-m32' ../../Makefile >/dev/null; \ -+ then echo 32; else echo 64; fi) -+ASFLAGSYF= -xregsym=no -K pic -P -xarch=v9v -D_sparcv9 -D_ASM -Dsparc -m$(BITS) -+ - GENERAL=Makefile - TEST=shatest.c sha1test.c sha256t.c sha512t.c - APPS= -@@ -76,6 +82,14 @@ - sha256-%.s: asm/sha512-%.pl; $(PERL) $< $@ - sha512-%.s: asm/sha512-%.pl; $(PERL) $< $@ - -+t4_sha1.o: asm/t4_sha1.S -+ as $(ASFLAGSYF) -o $@ asm/t4_sha1.S -+ elfedit -e 'cap:hw1 -and -cmp vis vis3' $@ -+ -+t4_sha2.o: asm/t4_sha2.S -+ as $(ASFLAGSYF) -o $@ asm/t4_sha2.S -+ elfedit -e 'cap:hw1 -and -cmp vis vis3' $@ -+ - files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO - -Index: util/libeay.num -================================================================== -diff -ru openssl-1.0.0d/util/libeay.num openssl-1.0.0d/util/libeay.num ---- openssl-1.0.0d/util/libeay.num 2010-07-25 09:56:06.000000000 -0700 -+++ openssl-1.0.0d/util/libeay.num 2011-05-25 11:19:15.585211842 -0700 -@@ -4178,6 +4178,7 @@ - UI_method_set_prompt_constructor 4551 EXIST:!VMS:FUNCTION: - UI_method_set_prompt_constructr 4551 EXIST:VMS:FUNCTION: - EVP_read_pw_string_min 4552 EXIST::FUNCTION: -+ENGINE_load_t4 4553 EXIST::FUNCTION:ENGINE - CRYPTO_cts128_encrypt 4553 EXIST::FUNCTION: - CRYPTO_cts128_decrypt_block 4554 EXIST::FUNCTION: - CRYPTO_cfb128_1_encrypt 4555 EXIST::FUNCTION: diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.0/wanboot-openssl/wanboot-stubs.c --- a/components/openssl/openssl-1.0.0/wanboot-openssl/wanboot-stubs.c Fri May 03 15:46:38 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,122 +0,0 @@ -/* - * CDDL HEADER START - * - * The contents of this file are subject to the terms of the - * Common Development and Distribution License (the "License"). - * You may not use this file except in compliance with the License. - * - * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE - * or http://www.opensolaris.org/os/licensing. - * See the License for the specific language governing permissions - * and limitations under the License. - * - * When distributing Covered Code, include this CDDL HEADER in each - * file and include the License file at usr/src/OPENSOLARIS.LICENSE. - * If applicable, add the following below this CDDL HEADER, with the - * fields enclosed by brackets "[]" replaced with your own identifying - * information: Portions Copyright [yyyy] [name of copyright owner] - * - * CDDL HEADER END - */ -/* - * Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved. - */ - -/* Content of this file is only needed for wanboot. */ -#ifdef _BOOT - -#include -#include -#include -#include - -/* - * In OpenSSL 0.9.7 the EVP_read_pw_string now calls into the new "ui" - * routines of 0.9.7, which is not compiled in the standalone, so it is - * stubbed out here to avoid having to add a bunch of #ifndef's elsewhere. - */ -/* ARGSUSED */ -int -EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, int - verify) -{ - return (-1); /* failure */ -} - -/* - * In standalone issetugid() is always false. - */ -int -OPENSSL_issetugid(void) -{ - return (1); -} - -/* - * Directory routines -- currently, the only consumer of these interfaces - * is $SRC/common/openssl/ssl/ssl_cert.c, and it has fallback code in the - * case of failure, so we just fail opendir() and stub out the rest. At - * some point, we may need to provide a real implementation. - */ -/* ARGSUSED */ -DIR * -opendir(const char *dirname) -{ - errno = EACCES; - return (NULL); -} - -/* ARGSUSED */ -struct dirent * -readdir(DIR *dirp) -{ - return (NULL); -} - -/* ARGSUSED */ -int -closedir(DIR *dirp) -{ - return (0); -} - -/* - * Atoi is used on multiple places in libcrypto. - * This implementation is taken from stand-alone libsock library: - * usr/src/stand/lib/sock/sock_test.c - * Alternative solution: just extern it here, wanboot has -lsock anyway. - */ -#ifndef isdigit -#define isdigit(c) ((c) >= '0' && (c) <= '9') -#endif - -#ifndef isspace -#define isspace(c) ((c) == ' ' || (c) == '\t' || (c) == '\n' || \ - (c) == '\r' || (c) == '\f' || (c) == '\013') -#endif -int -atoi(const char *p) -{ - int n; - int c = *p++, neg = 0; - - while (isspace(c)) { - c = *p++; - } - if (!isdigit(c)) { - switch (c) { - case '-': - neg++; - /* FALLTHROUGH */ - case '+': - c = *p++; - } - } - for (n = 0; isdigit(c); c = *p++) { - n *= 10; /* two steps to avoid unnecessary overflow */ - n += '0' - c; /* accum neg to avoid surprises at MAX */ - } - return (neg ? n : -n); -} - -#endif /* _BOOT */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/Makefile --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/Makefile Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,392 @@ +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved. +# +include ../../../make-rules/shared-macros.mk + +COMPONENT_NAME = openssl +# When new version of OpenSSL comes in, you must update both COMPONENT_VERSION +# and IPS_COMPONENT_VERSION. +# When upgrading OpenSSL, please, DON'T FORGET TO TEST WANBOOT too. +# For more information about wanboot-openssl testing, please refer to +# ../README. +COMPONENT_VERSION = 1.0.1e +# Version for IPS. It is easier to do it manually than convert the letter to a +# number while taking into account that there might be no letter at all. +IPS_COMPONENT_VERSION = 1.0.1.5 +COMPONENT_PROJECT_URL= http://www.openssl.org/ +COMPONENT_SRC = $(COMPONENT_NAME)-$(COMPONENT_VERSION) +COMPONENT_ARCHIVE = $(COMPONENT_SRC).tar.gz +COMPONENT_ARCHIVE_HASH= \ + sha256:f74f15e8c8ff11aa3d5bb5f276d202ec18d7246e95f961db76054199c69c1ae3 +COMPONENT_ARCHIVE_URL = $(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE) +COMPONENT_BUGDB= utility/openssl + +# Architecture-specific patches +EXTRA_PATCHES.sparc = $(PATCH_DIR)/openssl-1.0.1e-t4-engine.sparc-patch +EXTRA_PATCHES = $(EXTRA_PATCHES.$(MACH)) + +include $(WS_TOP)/make-rules/prep.mk +include $(WS_TOP)/make-rules/configure.mk +include $(WS_TOP)/make-rules/ips.mk +include $(WS_TOP)/make-rules/lint-libraries.mk + +PATH=$(SPRO_VROOT)/bin:/usr/bin:/usr/gnu/bin:/usr/perl5/bin + +# Variant of OpenSSL for wanboot is built in build/sparcv9-wanboot. +BUILD_DIR_WANBOOT = $(BUILD_DIR)/$(MACH64)-wanboot + +# OpenSSL does not use autoconf but its own configure system. +CONFIGURE_SCRIPT = $(SOURCE_DIR)/Configure + +# This is to force OpenSSL's Configure script to use gmake for 'make links'. +# Otherwise it fails with: +# mksh: Fatal error in reader: Unmatched `(' on line +CONFIGURE_ENV += MAKE="$(GMAKE)" + +# Used in the configure options below. +PKCS11_LIB32 = /usr/lib/libpkcs11.so.1 +PKCS11_LIB64 = /usr/lib/64/libpkcs11.so.1 +ENGINESDIR_32 = /lib/openssl/engines +ENGINESDIR_64 = /lib/openssl/engines/64 + +# Configure options common to both regular OpenSSL and OpenSSL for wanboot. +CONFIGURE_OPTIONS = -DSOLARIS_OPENSSL -DNO_WINDOWS_BRAINDEATH +CONFIGURE_OPTIONS += --openssldir=/etc/openssl +CONFIGURE_OPTIONS += --prefix=/usr +# We use OpenSSL install code for installing only manual pages and we do that +# for 32-bit version only. +CONFIGURE_OPTIONS += --install_prefix=$(PROTO_DIR) +CONFIGURE_OPTIONS += no-ec +CONFIGURE_OPTIONS += no-ecdh +CONFIGURE_OPTIONS += no-ecdsa +CONFIGURE_OPTIONS += no-rc3 +CONFIGURE_OPTIONS += no-rc5 +CONFIGURE_OPTIONS += no-mdc2 +CONFIGURE_OPTIONS += no-idea +CONFIGURE_OPTIONS += no-hw_4758_cca +CONFIGURE_OPTIONS += no-hw_aep +CONFIGURE_OPTIONS += no-hw_atalla +CONFIGURE_OPTIONS += no-hw_chil +CONFIGURE_OPTIONS += no-hw_gmp +CONFIGURE_OPTIONS += no-hw_ncipher +CONFIGURE_OPTIONS += no-hw_nuron +CONFIGURE_OPTIONS += no-hw_padlock +CONFIGURE_OPTIONS += no-hw_sureware +CONFIGURE_OPTIONS += no-hw_ubsec +CONFIGURE_OPTIONS += no-hw_cswift +# MD2 is not enabled by default in OpensSSL but some software we have in +# Userland needs it. One example is nmap. +CONFIGURE_OPTIONS += enable-md2 +CONFIGURE_OPTIONS += no-seed +# We use both no-whirlpool and no-whrlpool since there is an inconsistency in +# the OpenSSL code and one needs both to build OpenSSL successfully with +# Whirlpool implementation removed. +CONFIGURE_OPTIONS += no-whirlpool +CONFIGURE_OPTIONS += no-whrlpool +# Some additional options needed for our engines. +CONFIGURE_OPTIONS += --pk11-libname=$(PKCS11_LIB$(BITS)) +CONFIGURE_OPTIONS += --enginesdir=$(ENGINESDIR_$(BITS)) + +# We define our own compiler and linker option sets for Solaris. See Configure +# for more information. +CONFIGURE_OPTIONS32_i386 = solaris-x86-cc-sunw +CONFIGURE_OPTIONS32_sparc = solaris-sparcv9-cc-sunw +CONFIGURE_OPTIONS64_i386 = solaris64-x86_64-cc-sunw +CONFIGURE_OPTIONS64_sparc = solaris64-sparcv9-cc-sunw + +# Options specific to regular build. +# They must not be specified as common, as they cannot be overridden. +$(BUILD_DIR)/$(MACH32)/.configured: CONFIGURE_OPTIONS += threads +$(BUILD_DIR)/$(MACH64)/.configured: CONFIGURE_OPTIONS += threads +$(BUILD_DIR)/$(MACH32)/.configured: CONFIGURE_OPTIONS += shared +$(BUILD_DIR)/$(MACH64)/.configured: CONFIGURE_OPTIONS += shared +$(BUILD_DIR)/$(MACH32)/.configured: CONFIGURE_OPTIONS += shared +$(BUILD_DIR)/$(MACH64)/.configured: CONFIGURE_OPTIONS += shared +$(BUILD_DIR)/$(MACH32)/.configured: CONFIGURE_OPTIONS += \ + $(CONFIGURE_OPTIONS32_$(MACH)) +$(BUILD_DIR)/$(MACH64)/.configured: CONFIGURE_OPTIONS += \ + $(CONFIGURE_OPTIONS64_$(MACH)) + +# OpenSSL for wanboot specific options +$(BUILD_DIR_WANBOOT)/.configured: BITS=64 +$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += -DNO_CHMOD +$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += -D_BOOT +$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += -DOPENSSL_NO_DTLS1 +$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += -DOPENSSL_NO_HEARTBEATS +$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += -DOPENSSL_NO_SRP +$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += no-cast +$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += no-dso +$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += no-rc4 +$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += no-ripemd +$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += no-hw +$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += no-threads +$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += no-shared +$(BUILD_DIR_WANBOOT)/.configured: CONFIGURE_OPTIONS += \ + solaris64-sparcv9-cc-sunw-wanboot + + +# OpenSSL has its own configure system which must be run from the fully +# populated source code directory. However, the Userland configuration phase is +# run from the build directory. So, we must get the full source code into the +# build directory. +COMPONENT_PRE_CONFIGURE_ACTION = \ + ( $(CLONEY) $(SOURCE_DIR) $(BUILD_DIR)/$(MACH$(BITS)); ) + +$(BUILD_DIR_WANBOOT)/.configured: COMPONENT_PRE_CONFIGURE_ACTION = \ + ( $(CLONEY) $(SOURCE_DIR) $(BUILD_DIR_WANBOOT); ) + +# We deliver only one opensslconf.h file which must be suitable for both 32 and +# 64 bits. Depending on the configuration option, OpenSSL's Configure script +# creates opensslconf.h for either 32 or 64 bits. A patch makes the resulting +# header file usable on both architectures. The patch was generated against the +# opensslconf.h version from the 32 bit build. +COMPONENT_POST_CONFIGURE_ACTION = \ + ( [ $(BITS) -eq 32 ] && $(GPATCH) -p1 $(@D)/crypto/opensslconf.h \ + patches-post-config/opensslconf.patch; cd $(@D); $(MAKE) depend; ) + + +# We do not ship our engines as patches since it would be more difficult to +# update the files which have been under continuous development. We rather copy +# the files to the right directories. +# Same holds for wanboot-stubs.c, which stubs out several functions, that are +# not available in the stand-alone environment of wanboot. +COMPONENT_PRE_BUILD_ACTION = \ + ( echo "Cloning engines..."; \ + $(LN) -fs $(COMPONENT_DIR)/engines/devcrypto/*.[ch] $(@D)/engines; \ + $(LN) -fs $(COMPONENT_DIR)/engines/pkcs11/*.[ch] $(@D)/crypto/engine; \ + $(LN) -fs $(COMPONENT_DIR)/engines/t4/eng_t4*.[ch] $(@D)/crypto/engine; \ + $(LN) -fs $(COMPONENT_DIR)/engines/t4/t4_aes.S $(@D)/crypto/aes/asm; \ + $(LN) -fs $(COMPONENT_DIR)/engines/t4/t4_des.S $(@D)/crypto/des/asm; \ + $(LN) -fs $(COMPONENT_DIR)/engines/t4/t4_md5.S $(@D)/crypto/md5/asm; \ + $(LN) -fs $(COMPONENT_DIR)/engines/t4/t4_sha?.S $(@D)/crypto/sha/asm; \ + $(LN) -fs $(COMPONENT_DIR)/wanboot-openssl/wanboot-stubs.c $(@D)/crypto; ) + +# OpenSSL for wanboot is built on sparc only. +ifeq ($(MACH), sparc) +BUILD_64 += $(BUILD_DIR_WANBOOT)/.built +endif + +build: $(BUILD_32_and_64) + +# Object files for wanboot-openssl.o have to be listed explicitly. +WANBOOT_OBJS = \ + crypto/aes/aes-sparcv9.o crypto/aes/aes_cbc.o crypto/aes/aes_core.o \ + crypto/aes/aes_misc.o crypto/aes/aes_wrap.o crypto/asn1/a_bitstr.o \ + crypto/asn1/a_bool.o crypto/asn1/a_bytes.o crypto/asn1/a_d2i_fp.o \ + crypto/asn1/a_digest.o crypto/asn1/a_dup.o crypto/asn1/a_enum.o \ + crypto/asn1/a_gentm.o crypto/asn1/a_i2d_fp.o crypto/asn1/a_int.o \ + crypto/asn1/a_mbstr.o crypto/asn1/a_object.o crypto/asn1/a_octet.o \ + crypto/asn1/a_print.o crypto/asn1/a_set.o crypto/asn1/a_sign.o \ + crypto/asn1/a_strex.o crypto/asn1/a_strnid.o crypto/asn1/a_time.o \ + crypto/asn1/a_type.o crypto/asn1/a_utctm.o crypto/asn1/a_utf8.o \ + crypto/asn1/a_verify.o crypto/asn1/ameth_lib.o crypto/asn1/asn1_err.o \ + crypto/asn1/asn1_gen.o crypto/asn1/asn1_lib.o crypto/asn1/asn1_par.o \ + crypto/asn1/asn_mime.o crypto/asn1/asn_pack.o crypto/asn1/bio_asn1.o \ + crypto/asn1/bio_ndef.o crypto/asn1/d2i_pr.o crypto/asn1/evp_asn1.o \ + crypto/asn1/f_int.o crypto/asn1/f_string.o crypto/asn1/i2d_pr.o \ + crypto/asn1/nsseq.o crypto/asn1/p5_pbe.o crypto/asn1/p5_pbev2.o \ + crypto/asn1/p8_pkey.o crypto/asn1/t_pkey.o crypto/asn1/t_x509.o \ + crypto/asn1/t_x509a.o crypto/asn1/tasn_dec.o crypto/asn1/tasn_enc.o \ + crypto/asn1/tasn_fre.o crypto/asn1/tasn_new.o crypto/asn1/tasn_prn.o \ + crypto/asn1/tasn_typ.o crypto/asn1/tasn_utl.o crypto/asn1/x_algor.o \ + crypto/asn1/x_attrib.o crypto/asn1/x_bignum.o crypto/asn1/x_crl.o \ + crypto/asn1/x_exten.o crypto/asn1/x_info.o crypto/asn1/x_long.o \ + crypto/asn1/x_name.o crypto/asn1/x_pkey.o crypto/asn1/x_pubkey.o \ + crypto/asn1/x_req.o crypto/asn1/x_sig.o crypto/asn1/x_spki.o \ + crypto/asn1/x_val.o crypto/asn1/x_x509.o crypto/asn1/x_x509a.o \ + crypto/bf/bf_cfb64.o crypto/bf/bf_ecb.o crypto/bf/bf_enc.o \ + crypto/bf/bf_ofb64.o crypto/bf/bf_skey.o crypto/bio/b_dump.o \ + crypto/bio/b_print.o crypto/bio/bf_buff.o crypto/bio/bio_err.o \ + crypto/bio/bio_lib.o crypto/bio/bss_file.o crypto/bio/bss_mem.o \ + crypto/bio/bss_null.o crypto/bio/bss_sock.o crypto/bn/bn-sparcv9.o \ + crypto/bn/bn_add.o crypto/bn/bn_blind.o crypto/bn/bn_ctx.o \ + crypto/bn/bn_div.o crypto/bn/bn_err.o crypto/bn/bn_exp.o \ + crypto/bn/bn_exp2.o crypto/bn/bn_gcd.o crypto/bn/bn_lib.o \ + crypto/bn/bn_mod.o crypto/bn/bn_mont.o crypto/bn/bn_mul.o \ + crypto/bn/bn_prime.o crypto/bn/bn_print.o crypto/bn/bn_rand.o \ + crypto/bn/bn_recp.o crypto/bn/bn_shift.o crypto/bn/bn_sqr.o \ + crypto/bn/bn_word.o crypto/bn/sparcv9-mont.o crypto/bn/sparcv9a-mont.o \ + crypto/buffer/buf_err.o crypto/buffer/buf_str.o crypto/buffer/buffer.o \ + crypto/camellia/camellia.o crypto/camellia/cmll_cbc.o \ + crypto/camellia/cmll_cfb.o crypto/camellia/cmll_ecb.o \ + crypto/camellia/cmll_misc.o crypto/camellia/cmll_ofb.o \ + crypto/camellia/cmll_utl.o crypto/cmac/cm_ameth.o crypto/cmac/cm_pmeth.o \ + crypto/cmac/cmac.o crypto/cms/cms_asn1.o crypto/cms/cms_att.o \ + crypto/cms/cms_dd.o crypto/cms/cms_enc.o crypto/cms/cms_env.o \ + crypto/cms/cms_err.o crypto/cms/cms_io.o crypto/cms/cms_lib.o \ + crypto/cms/cms_pwri.o crypto/cms/cms_sd.o crypto/comp/c_zlib.o \ + crypto/comp/comp_err.o crypto/comp/comp_lib.o crypto/conf/conf_api.o \ + crypto/conf/conf_def.o crypto/conf/conf_err.o crypto/conf/conf_lib.o \ + crypto/conf/conf_mod.o crypto/cpt_err.o crypto/cryptlib.o \ + crypto/des/cfb64ede.o crypto/des/cfb64enc.o crypto/des/cfb_enc.o \ + crypto/des/des_enc-sparc.o crypto/des/ecb3_enc.o crypto/des/ecb_enc.o \ + crypto/des/ofb64ede.o crypto/des/ofb64enc.o crypto/des/set_key.o \ + crypto/des/xcbc_enc.o crypto/dh/dh_ameth.o crypto/dh/dh_asn1.o \ + crypto/dh/dh_check.o crypto/dh/dh_err.o crypto/dh/dh_gen.o \ + crypto/dh/dh_key.o crypto/dh/dh_lib.o crypto/dh/dh_pmeth.o \ + crypto/dsa/dsa_ameth.o crypto/dsa/dsa_asn1.o crypto/dsa/dsa_err.o \ + crypto/dsa/dsa_gen.o crypto/dsa/dsa_key.o crypto/dsa/dsa_lib.o \ + crypto/dsa/dsa_ossl.o crypto/dsa/dsa_pmeth.o crypto/dsa/dsa_sign.o \ + crypto/dsa/dsa_vrf.o crypto/dso/dso_lib.o crypto/dso/dso_null.o \ + crypto/dso/dso_openssl.o crypto/engine/eng_ctrl.o crypto/engine/eng_err.o \ + crypto/engine/eng_init.o crypto/engine/eng_lib.o crypto/engine/eng_list.o \ + crypto/engine/eng_pkey.o crypto/engine/eng_table.o \ + crypto/engine/tb_asnmth.o crypto/engine/tb_cipher.o crypto/engine/tb_dh.o \ + crypto/engine/tb_digest.o crypto/engine/tb_dsa.o \ + crypto/engine/tb_pkmeth.o crypto/engine/tb_rand.o crypto/engine/tb_rsa.o \ + crypto/err/err.o crypto/err/err_all.o crypto/err/err_prn.o \ + crypto/evp/bio_b64.o crypto/evp/bio_enc.o crypto/evp/bio_md.o \ + crypto/evp/c_all.o crypto/evp/c_allc.o crypto/evp/c_alld.o \ + crypto/evp/digest.o crypto/evp/e_aes.o crypto/evp/e_aes_cbc_hmac_sha1.o \ + crypto/evp/e_bf.o crypto/evp/e_camellia.o crypto/evp/e_des.o \ + crypto/evp/e_des3.o crypto/evp/e_null.o crypto/evp/e_rc2.o \ + crypto/evp/e_xcbc_d.o crypto/evp/encode.o crypto/evp/evp_enc.o \ + crypto/evp/evp_err.o crypto/evp/evp_key.o crypto/evp/evp_lib.o \ + crypto/evp/evp_pbe.o crypto/evp/evp_pkey.o crypto/evp/m_dss.o \ + crypto/evp/m_dss1.o crypto/evp/m_md4.o crypto/evp/m_md5.o \ + crypto/evp/m_sha.o crypto/evp/m_sha1.o crypto/evp/m_sigver.o \ + crypto/evp/names.o crypto/evp/p5_crpt.o crypto/evp/p5_crpt2.o \ + crypto/evp/p_lib.o crypto/evp/p_sign.o crypto/evp/p_verify.o \ + crypto/evp/pmeth_fn.o crypto/evp/pmeth_gn.o crypto/evp/pmeth_lib.o \ + crypto/ex_data.o crypto/hmac/hm_ameth.o crypto/hmac/hm_pmeth.o \ + crypto/hmac/hmac.o crypto/lhash/lhash.o crypto/md4/md4_dgst.o \ + crypto/md5/md5_dgst.o crypto/mem.o crypto/mem_dbg.o crypto/modes/cbc128.o \ + crypto/modes/ccm128.o crypto/modes/cfb128.o crypto/modes/ctr128.o \ + crypto/modes/gcm128.o crypto/modes/ghash-sparcv9.o crypto/modes/ofb128.o \ + crypto/modes/xts128.o crypto/o_dir.o crypto/o_init.o crypto/o_time.o \ + crypto/objects/o_names.o crypto/objects/obj_dat.o \ + crypto/objects/obj_err.o crypto/objects/obj_lib.o \ + crypto/objects/obj_xref.o crypto/ocsp/ocsp_asn.o crypto/ocsp/ocsp_err.o \ + crypto/pem/pem_all.o crypto/pem/pem_err.o crypto/pem/pem_info.o \ + crypto/pem/pem_lib.o crypto/pem/pem_oth.o crypto/pem/pem_pk8.o \ + crypto/pem/pem_pkey.o crypto/pem/pem_x509.o crypto/pem/pem_xaux.o \ + crypto/pkcs12/p12_add.o crypto/pkcs12/p12_asn.o crypto/pkcs12/p12_attr.o \ + crypto/pkcs12/p12_crpt.o crypto/pkcs12/p12_decr.o crypto/pkcs12/p12_key.o \ + crypto/pkcs12/p12_mutl.o crypto/pkcs12/p12_p8d.o crypto/pkcs12/p12_p8e.o \ + crypto/pkcs12/p12_utl.o crypto/pkcs12/pk12err.o crypto/pkcs7/pk7_asn1.o \ + crypto/pkcs7/pk7_attr.o crypto/pkcs7/pk7_doit.o crypto/pkcs7/pk7_lib.o \ + crypto/pkcs7/pkcs7err.o crypto/pqueue/pqueue.o crypto/rand/md_rand.o \ + crypto/rand/rand_err.o crypto/rand/rand_lib.o crypto/rand/rand_unix.o \ + crypto/rand/randfile.o crypto/rc2/rc2_cbc.o crypto/rc2/rc2_ecb.o \ + crypto/rc2/rc2_skey.o crypto/rc2/rc2cfb64.o crypto/rc2/rc2ofb64.o \ + crypto/rsa/rsa_ameth.o crypto/rsa/rsa_asn1.o crypto/rsa/rsa_crpt.o \ + crypto/rsa/rsa_eay.o crypto/rsa/rsa_err.o crypto/rsa/rsa_gen.o \ + crypto/rsa/rsa_lib.o crypto/rsa/rsa_none.o crypto/rsa/rsa_oaep.o \ + crypto/rsa/rsa_pk1.o crypto/rsa/rsa_pmeth.o crypto/rsa/rsa_pss.o \ + crypto/rsa/rsa_saos.o crypto/rsa/rsa_sign.o crypto/rsa/rsa_ssl.o \ + crypto/rsa/rsa_x931.o crypto/sha/sha1-sparcv9.o crypto/sha/sha1dgst.o \ + crypto/sha/sha256-sparcv9.o crypto/sha/sha256.o \ + crypto/sha/sha512-sparcv9.o crypto/sha/sha512.o crypto/sha/sha_dgst.o \ + crypto/sparccpuid.o crypto/sparcv9cap.o crypto/srp/srp_lib.o \ + crypto/srp/srp_vfy.o crypto/stack/stack.o crypto/ts/ts_err.o \ + crypto/txt_db/txt_db.o crypto/ui/ui_err.o crypto/wanboot-stubs.o \ + crypto/x509/by_dir.o crypto/x509/by_file.o crypto/x509/x509_att.o \ + crypto/x509/x509_cmp.o crypto/x509/x509_d2.o crypto/x509/x509_def.o \ + crypto/x509/x509_err.o crypto/x509/x509_ext.o crypto/x509/x509_lu.o \ + crypto/x509/x509_obj.o crypto/x509/x509_req.o crypto/x509/x509_trs.o \ + crypto/x509/x509_txt.o crypto/x509/x509_v3.o crypto/x509/x509_vfy.o \ + crypto/x509/x509_vpm.o crypto/x509/x509name.o crypto/x509/x509rset.o \ + crypto/x509/x509type.o crypto/x509/x_all.o crypto/x509v3/pcy_cache.o \ + crypto/x509v3/pcy_data.o crypto/x509v3/pcy_lib.o crypto/x509v3/pcy_map.o \ + crypto/x509v3/pcy_node.o crypto/x509v3/pcy_tree.o crypto/x509v3/v3_akey.o \ + crypto/x509v3/v3_akeya.o crypto/x509v3/v3_alt.o crypto/x509v3/v3_bcons.o \ + crypto/x509v3/v3_bitst.o crypto/x509v3/v3_conf.o crypto/x509v3/v3_cpols.o \ + crypto/x509v3/v3_crld.o crypto/x509v3/v3_enum.o crypto/x509v3/v3_extku.o \ + crypto/x509v3/v3_genn.o crypto/x509v3/v3_ia5.o crypto/x509v3/v3_info.o \ + crypto/x509v3/v3_int.o crypto/x509v3/v3_lib.o crypto/x509v3/v3_ncons.o \ + crypto/x509v3/v3_ocsp.o crypto/x509v3/v3_pci.o crypto/x509v3/v3_pcia.o \ + crypto/x509v3/v3_pcons.o crypto/x509v3/v3_pku.o crypto/x509v3/v3_pmaps.o \ + crypto/x509v3/v3_prn.o crypto/x509v3/v3_purp.o crypto/x509v3/v3_skey.o \ + crypto/x509v3/v3_sxnet.o crypto/x509v3/v3_utl.o crypto/x509v3/v3err.o \ + ssl/s3_both.o ssl/s3_clnt.o ssl/s3_enc.o ssl/s3_lib.o ssl/s3_pkt.o \ + ssl/ssl_algs.o ssl/ssl_asn1.o ssl/ssl_cert.o ssl/ssl_ciph.o ssl/ssl_err.o \ + ssl/ssl_err2.o ssl/ssl_lib.o ssl/ssl_rsa.o ssl/ssl_sess.o ssl/t1_enc.o \ + ssl/t1_lib.o ssl/t1_reneg.o ssl/d1_srtp.o + +# Linking of openssl bits for wanboot. +# Interface for wanboot is specified in mapfile.wanboot. Object files are +# compiled to have functions in separate sections, unused sections get +# discarded. +CREATE_BIG_OBJECT_FILE = ( \ + cd $(BUILD_DIR_WANBOOT); \ + $(LD) -o wanboot-openssl.o -r -M../../mapfile.wanboot -Breduce \ + -zdiscard-unused=sections,files -zguidance \ + $(WANBOOT_OBJS); \ + ) + +$(BUILD_DIR_WANBOOT)/.built: COMPONENT_POST_BUILD_ACTION = \ + ($(CREATE_BIG_OBJECT_FILE); ) + +# OpenSSL uses sections man[1357] by default so we must create the man +# directories we use for OpenSSL man pages in Solaris. Note that we patch the +# OpenSSL man page install script to use the correct directories. +MANDIR_SECTIONS = $(PROTO_DIR)/usr/share/man/man1openssl +MANDIR_SECTIONS += $(PROTO_DIR)/usr/share/man/man3openssl +MANDIR_SECTIONS += $(PROTO_DIR)/usr/share/man/man5openssl +MANDIR_SECTIONS += $(PROTO_DIR)/usr/share/man/man7openssl + +# We must create man page directories manually since we patched OpenSSL install +# code to install into manXopenssl instead of manX. Also, OpenSSL does not +# install into /$(MACH64) for 64-bit install so no such directory is +# created and Userland install code would fail when installing lint libraries. +COMPONENT_PRE_INSTALL_ACTION = ( $(MKDIR) $(MANDIR_SECTIONS); \ + $(MKDIR) $(PROTO_DIR)/usr/lib/$(MACH64); ) + +# The install_docs target will install man pages into $(PROTO_DIR)/$(MANDIR). We +# also add /usr/perl5/bin to PATH so that OpenSSL install code can locate the +# system pod2man. If not set, OpenSSL make would use an internal implementation +# from the tarball which would corrupt some man pages. +COMPONENT_INSTALL_ARGS += PATH=$(PATH) MANDIR=/usr/share/man + +WANBOOT_TO = $(PROTO_DIR)/lib/openssl/wanboot/$(MACH64) + +# We could run OpenSSL install code for 32 bits only to process header files and +# manual pages. However, lint libraries depend on install stamps so we run +# install for 64 bit as well. Note that we must take built binary files from +# build directories, not from the proto area which contains whatever was +# installed first. +# OpenSSL for wanboot is built on sparc only. +ifeq ($(MACH), sparc) +install: $(INSTALL_32_and_64) $(BUILD_DIR_WANBOOT)/.built + $(MKDIR) -p $(WANBOOT_TO); + $(CP) $(BUILD_DIR_WANBOOT)/wanboot-openssl.o $(WANBOOT_TO); +else +install: $(INSTALL_32_and_64) +endif + +# We need to modify the default lint flags to include patched opensslconf.h from +# the build directory. If we do not do that, lint will complain about md2.h +# which is not enabled by default but it is in our opensslconf.h. +LFLAGS_32 := -I$(BUILD_DIR_32)/include $(LINT_FLAGS) -lsoftcrypto +LFLAGS_64 := -I$(BUILD_DIR_64)/include $(LINT_FLAGS) -lsoftcrypto + +# Set modified lint flags for our lint library targets. +$(BUILD_DIR_32)/llib-lcrypto.ln: LINT_FLAGS=$(LFLAGS_32) +$(BUILD_DIR_32)/llib-lssl.ln: LINT_FLAGS=$(LFLAGS_32) +$(BUILD_DIR_64)/llib-lcrypto.ln: LINT_FLAGS=$(LFLAGS_64) +$(BUILD_DIR_64)/llib-lssl.ln: LINT_FLAGS=$(LFLAGS_64) + +test: $(NO_TESTS) + +BUILD_PKG_DEPENDENCIES = $(BUILD_TOOLS) + +include $(WS_TOP)/make-rules/depend.mk diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/engines/devcrypto/e_devcrypto.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/engines/devcrypto/e_devcrypto.c Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,1195 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + * + * Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define DEVCRYPTO_LIB_NAME "devcrypto engine" +#include "e_devcrypto_err.c" + +/* DEVCRYPTO CONTEXT */ +typedef struct devcrypto_ctx { + uint_t session_id; +} devcrypto_ctx_t; + +/* Index for the supported ciphers */ +typedef enum { + DEV_DES_CBC, + DEV_DES3_CBC, + DEV_DES_ECB, + DEV_DES3_ECB, + DEV_RC4, + DEV_AES_128_CBC, + DEV_AES_192_CBC, + DEV_AES_256_CBC, + DEV_AES_128_ECB, + DEV_AES_192_ECB, + DEV_AES_256_ECB, + DEV_BLOWFISH_CBC, + DEV_AES_128_CTR, + DEV_AES_192_CTR, + DEV_AES_256_CTR, + DEV_CIPHER_MAX +} DEV_CIPHER_ID; + +typedef struct devcrypto_cipher { + DEV_CIPHER_ID id; + int nid; + int iv_len; + int min_key_len; + int max_key_len; + CK_KEY_TYPE key_type; + CK_MECHANISM_TYPE mech_type; + unsigned long flags; + crypto_mech_type_t pn_internal_number; +} devcrypto_cipher_t; + + +/* Constants used when creating the ENGINE */ +static const char *ENGINE_DEVCRYPTO_ID = "devcrypto"; +static const char *ENGINE_DEVCRYPTO_NAME = "/dev/crypto engine support"; +static const char *CRYPTO_DEVICE = "/dev/crypto"; + +/* static variables */ +static int kernel_fd = -1; +static int kernel_fd_ref = 0; +static int slot_count = 0; +static CK_SLOT_ID *kernel_provider_id = NULL; +static int cipher_count = 0; +static int *cipher_nids = NULL; +pthread_mutex_t *kernel_fd_lock; + +/* + * Cipher Table for all supported symmetric ciphers. + */ +static devcrypto_cipher_t cipher_table[] = { + /* id, nid, iv_len, min_, max_key_len, */ + /* key_type, mech_type, flags, pn_internal_number */ + { DEV_DES_CBC, NID_des_cbc, 8, 8, 8, + CKK_DES, CKM_DES_CBC, 0, CRYPTO_MECH_INVALID}, + { DEV_DES3_CBC, NID_des_ede3_cbc, 8, 24, 24, + CKK_DES3, CKM_DES3_CBC, 0, CRYPTO_MECH_INVALID}, + { DEV_DES_ECB, NID_des_ecb, 0, 8, 8, + CKK_DES, CKM_DES_ECB, 0, CRYPTO_MECH_INVALID}, + { DEV_DES3_ECB, NID_des_ede3_ecb, 0, 24, 24, + CKK_DES3, CKM_DES3_ECB, 0, CRYPTO_MECH_INVALID}, + { DEV_RC4, NID_rc4, 0, 16, 256, + CKK_RC4, CKM_RC4, 0, CRYPTO_MECH_INVALID}, + { DEV_AES_128_CBC, NID_aes_128_cbc, 16, 16, 16, + CKK_AES, CKM_AES_CBC, 0, CRYPTO_MECH_INVALID}, + { DEV_AES_192_CBC, NID_aes_192_cbc, 16, 24, 24, + CKK_AES, CKM_AES_CBC, 0, CRYPTO_MECH_INVALID}, + { DEV_AES_256_CBC, NID_aes_256_cbc, 16, 32, 32, + CKK_AES, CKM_AES_CBC, 0, CRYPTO_MECH_INVALID}, + { DEV_AES_128_ECB, NID_aes_128_ecb, 0, 16, 16, + CKK_AES, CKM_AES_ECB, 0, CRYPTO_MECH_INVALID}, + { DEV_AES_192_ECB, NID_aes_192_ecb, 0, 24, 24, + CKK_AES, CKM_AES_ECB, 0, CRYPTO_MECH_INVALID}, + { DEV_AES_256_ECB, NID_aes_256_ecb, 0, 32, 32, + CKK_AES, CKM_AES_ECB, 0, CRYPTO_MECH_INVALID}, + { DEV_BLOWFISH_CBC, NID_bf_cbc, 8, 16, 16, + CKK_BLOWFISH, CKM_BLOWFISH_CBC, 0, CRYPTO_MECH_INVALID}, + { DEV_AES_128_CTR, NID_aes_128_ctr, 16, 16, 16, + CKK_AES, CKM_AES_CTR, EVP_CIPH_NO_PADDING, + CRYPTO_MECH_INVALID}, + { DEV_AES_192_CTR, NID_aes_192_ctr, 16, 24, 24, + CKK_AES, CKM_AES_CTR, EVP_CIPH_NO_PADDING, + CRYPTO_MECH_INVALID}, + { DEV_AES_256_CTR, NID_aes_256_ctr, 16, 32, 32, + CKK_AES, CKM_AES_CTR, EVP_CIPH_NO_PADDING, + CRYPTO_MECH_INVALID}, + }; + + +/* Formal declaration for functions in EVP_CIPHER structure */ +static int devcrypto_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); +static int devcrypto_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); +static int devcrypto_cipher_cleanup(EVP_CIPHER_CTX *ctx); + +/* + * Cipher Algorithms + * + * OpenSSL's libcrypto EVP stuff. This is how this engine gets wired to EVP. + * EVP_CIPHER is defined in evp.h. To maintain binary compatibility the + * definition cannot be modified. + * Stuff specific to the devcrypto engine is kept in devcrypto_ctx_t, which is + * pointed to by cipher_data or md_data. + * + * Fields: nid, block_size, key_len, iv_len, flags, + * init(), do_cipher(), cleanup(), + * ctx_size, + * set_asn1_parameters(), get_asn1_parameters(), ctrl(), app_data + */ +static const EVP_CIPHER dev_des_cbc = { + NID_des_cbc, + 8, 8, 8, + EVP_CIPH_CBC_MODE, + devcrypto_cipher_init, + devcrypto_cipher_do_cipher, + devcrypto_cipher_cleanup, + sizeof (devcrypto_ctx_t), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL +}; + +static const EVP_CIPHER dev_3des_cbc = { + NID_des_ede3_cbc, + 8, 24, 8, + EVP_CIPH_CBC_MODE, + devcrypto_cipher_init, + devcrypto_cipher_do_cipher, + devcrypto_cipher_cleanup, + sizeof (devcrypto_ctx_t), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL +}; + +/* + * ECB modes don't use an Initial Vector, therefore set_asn1_parameters and + * get_asn1_parameters fields are set to NULL. + */ +static const EVP_CIPHER dev_des_ecb = { + NID_des_ecb, + 8, 8, 8, + EVP_CIPH_ECB_MODE, + devcrypto_cipher_init, + devcrypto_cipher_do_cipher, + devcrypto_cipher_cleanup, + sizeof (devcrypto_ctx_t), + NULL, + NULL, + NULL +}; + +static const EVP_CIPHER dev_3des_ecb = { + NID_des_ede3_ecb, + 8, 24, 8, + EVP_CIPH_ECB_MODE, + devcrypto_cipher_init, + devcrypto_cipher_do_cipher, + devcrypto_cipher_cleanup, + sizeof (devcrypto_ctx_t), + NULL, + NULL, + NULL +}; + +static const EVP_CIPHER dev_rc4 = { + NID_rc4, + 1, 16, 0, + EVP_CIPH_VARIABLE_LENGTH, + devcrypto_cipher_init, + devcrypto_cipher_do_cipher, + devcrypto_cipher_cleanup, + sizeof (devcrypto_ctx_t), + NULL, + NULL, + NULL +}; + +static const EVP_CIPHER dev_aes_128_cbc = { + NID_aes_128_cbc, + 16, 16, 16, + EVP_CIPH_CBC_MODE, + devcrypto_cipher_init, + devcrypto_cipher_do_cipher, + devcrypto_cipher_cleanup, + sizeof (devcrypto_ctx_t), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL +}; + +static const EVP_CIPHER dev_aes_192_cbc = { + NID_aes_192_cbc, + 16, 24, 16, + EVP_CIPH_CBC_MODE, + devcrypto_cipher_init, + devcrypto_cipher_do_cipher, + devcrypto_cipher_cleanup, + sizeof (devcrypto_ctx_t), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL +}; + +static const EVP_CIPHER dev_aes_256_cbc = { + NID_aes_256_cbc, + 16, 32, 16, + EVP_CIPH_CBC_MODE, + devcrypto_cipher_init, + devcrypto_cipher_do_cipher, + devcrypto_cipher_cleanup, + sizeof (devcrypto_ctx_t), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL +}; + + +/* + * ECB modes don't use IV, therefore set_asn1_parameters and + * get_asn1_parameters are set to NULL. + */ +static const EVP_CIPHER dev_aes_128_ecb = { + NID_aes_128_ecb, + 16, 16, 0, + EVP_CIPH_ECB_MODE, + devcrypto_cipher_init, + devcrypto_cipher_do_cipher, + devcrypto_cipher_cleanup, + sizeof (devcrypto_ctx_t), + NULL, + NULL, + NULL +}; + +static const EVP_CIPHER dev_aes_192_ecb = { + NID_aes_192_ecb, + 16, 24, 0, + EVP_CIPH_ECB_MODE, + devcrypto_cipher_init, + devcrypto_cipher_do_cipher, + devcrypto_cipher_cleanup, + sizeof (devcrypto_ctx_t), + NULL, + NULL, + NULL +}; + +static const EVP_CIPHER dev_aes_256_ecb = { + NID_aes_256_ecb, + 16, 32, 0, + EVP_CIPH_ECB_MODE, + devcrypto_cipher_init, + devcrypto_cipher_do_cipher, + devcrypto_cipher_cleanup, + sizeof (devcrypto_ctx_t), + NULL, + NULL, + NULL +}; + +static const EVP_CIPHER dev_bf_cbc = { + NID_bf_cbc, + 8, 16, 8, + EVP_CIPH_VARIABLE_LENGTH, + devcrypto_cipher_init, + devcrypto_cipher_do_cipher, + devcrypto_cipher_cleanup, + sizeof (devcrypto_ctx_t), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL +}; + + +/* + * NID_undef's will be changed for AES counter mode, as soon they are created. + */ +static EVP_CIPHER dev_aes_128_ctr = { + NID_aes_128_ctr, + 16, 16, 16, + EVP_CIPH_CTR_MODE, + devcrypto_cipher_init, + devcrypto_cipher_do_cipher, + devcrypto_cipher_cleanup, + sizeof (devcrypto_ctx_t), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL +}; + +static EVP_CIPHER dev_aes_192_ctr = { + NID_aes_192_ctr, + 16, 24, 16, + EVP_CIPH_CTR_MODE, + devcrypto_cipher_init, + devcrypto_cipher_do_cipher, + devcrypto_cipher_cleanup, + sizeof (devcrypto_ctx_t), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL +}; + +static EVP_CIPHER dev_aes_256_ctr = { + NID_aes_256_ctr, + 16, 32, 16, + EVP_CIPH_CTR_MODE, + devcrypto_cipher_init, + devcrypto_cipher_do_cipher, + devcrypto_cipher_cleanup, + sizeof (devcrypto_ctx_t), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL +}; + + +/* + * Open the /dev/crypto device + */ +static int +devcrypto_open(void) +{ + int fd = -1; + + if (kernel_fd != -1) { /* already open */ + (void) pthread_mutex_lock(kernel_fd_lock); + kernel_fd_ref++; + (void) pthread_mutex_unlock(kernel_fd_lock); + return (1); + } + + (void) pthread_mutex_lock(kernel_fd_lock); + fd = open(CRYPTO_DEVICE, O_RDWR); + if (fd == -1) { +#ifdef DEBUG + (void) fprintf(stderr, + "libdevcrypto: open /dev/crypto failed, errno=%x\n", + errno); +#endif + (void) pthread_mutex_unlock(kernel_fd_lock); + return (0); + } + + if (fcntl(fd, F_SETFD, FD_CLOEXEC) != 0) { +#ifdef DEBUG + (void) fprintf(stderr, "libdevcrypto: failed to fcntl\n"); +#endif + (void) close(fd); + (void) pthread_mutex_unlock(kernel_fd_lock); + return (0); + } + + kernel_fd = fd; + kernel_fd_ref++; + (void) pthread_mutex_unlock(kernel_fd_lock); + return (1); +} + + +/* + * This function gets the total number of hardware providers presented in + * the system first. If there is any hardware providers, then it will get + * the kernel provider id for each hardware slot also. + */ +static int +devcrypto_get_slot_info(void) +{ + crypto_get_provider_list_t *pl = NULL; + int ret = 1; + int r; + int i; + + /* Already have the information */ + if (kernel_provider_id != NULL) + return (1); + + /* Find out how many hardware slots are presented. */ + pl = OPENSSL_malloc(sizeof (crypto_get_provider_list_t)); + if (pl == NULL) + return (0); + + pl->pl_count = 0; + while ((r = ioctl(kernel_fd, CRYPTO_GET_PROVIDER_LIST, pl)) < 0) { + if (errno != EINTR) + break; + } + if (r < 0 || pl->pl_return_value != CRYPTO_SUCCESS) { +#ifdef DEBUG + (void) fprintf(stderr, "libdevcrypto:CRYPTO_GET_PROVIDER_LIST:" + "ret (r) = 0x%x, (rv) = 0x%x\n", r, pl->pl_return_value); +#endif /* DEBUG */ + ret = 0; + goto out; + } + + slot_count = pl->pl_count; + if (slot_count == 0) { +#ifdef DEBUG + (void) fprintf(stderr, "libdevcrypto: no hw providers\n"); +#endif /* DEBUG */ + ret = 0; + goto out; + } + + /* Get the provider ID for each slot from kernel and save it */ + kernel_provider_id = OPENSSL_malloc(sizeof (CK_SLOT_ID) * slot_count); + if (kernel_provider_id == NULL) { + ret = 0; + goto out; + } + + (void) OPENSSL_free(pl); + pl = OPENSSL_malloc(slot_count * sizeof (crypto_get_provider_list_t)); + if (pl == NULL) { + ret = 0; + goto out; + } + + pl->pl_count = slot_count; + while ((r = ioctl(kernel_fd, CRYPTO_GET_PROVIDER_LIST, pl)) < 0) { + if (errno != EINTR) + break; + } + if (r < 0 || (pl->pl_return_value != CRYPTO_SUCCESS)) { +#ifdef DEBUG + (void) fprintf(stderr, "libdevcrypto:CRYPTO_GET_PROVIDER_LIST:" + "ret (r) = 0x%x, (rv) = 0x%x\n", r, pl->pl_return_value); +#endif /* DEBUG */ + ret = 0; + goto out; + } + + for (i = 0; i < slot_count; i++) { + kernel_provider_id[i] = pl->pl_list[i].pe_provider_id; +#ifdef DEBUG + (void) fprintf(stderr, "libdevcrypto: i = %d, " + "kernel_provider_id = %d\n", i, kernel_provider_id[i]); +#endif /* DEBUG */ + } + +out: + if (pl != NULL) + (void) OPENSSL_free(pl); + + if (ret == 0 && kernel_provider_id != NULL) { + (void) OPENSSL_free(kernel_provider_id); + kernel_provider_id = NULL; + } + + return (ret); +} + + +/* + * This function checks if the "nid" is already in the nid list. + */ +static int +nid_in_list(int nid, int *nid_list, int count) +{ + int i = 0; + + if (nid_list == NULL || count <= 0) + return (0); + + while (i < count) { + if (nid == nid_list[i]) + break; + i++; + } + return (i < count ? 1 : 0); +} + +/* + * This function is to get all the ciphers supported by hardware providers. + * If this function is successfully completed, then the following 2 global + * variables will be set. + * cipher_count - the number of ciphers found in all hardware providers. + * cipher_nids - the nid list for all the ciphers. + */ +static int +devcrypto_get_hw_ciphers(void) +{ + crypto_get_provider_mechanism_info_t mechinfo; + int max_cipher_count; + int *tmp_nids = NULL; + const char *mech_string; + int r; + int i, j; + + if (slot_count <= 0) /* no hardware provider */ + return (0); + + max_cipher_count = slot_count * DEV_CIPHER_MAX + 1; + tmp_nids = OPENSSL_malloc(max_cipher_count * sizeof (int)); + if (tmp_nids == NULL) { + /* not enough memory */ + goto failed; + } + + for (i = 0; i < slot_count; i++) { + mechinfo.mi_provider_id = kernel_provider_id[i]; + for (j = 0; j < DEV_CIPHER_MAX; j++) { + mech_string = + pkcs11_mech2str(cipher_table[j].mech_type); + if (mech_string == NULL) { + continue; /* shouldn't happen; skip it */ + } + + (void) strlcpy(mechinfo.mi_mechanism_name, + mech_string, CRYPTO_MAX_MECH_NAME); + while ((r = ioctl(kernel_fd, + CRYPTO_GET_PROVIDER_MECHANISM_INFO, + &mechinfo)) < 0) { + if (errno != EINTR) + break; + } + if (r < 0) { + goto failed; + } + + if (mechinfo.mi_return_value == CRYPTO_SUCCESS) { + /* + * Found this mechanism in hardware providers. + * If it is not in the nid list yet, add it. + */ + if (!nid_in_list(cipher_table[j].nid, + tmp_nids, cipher_count)) { + tmp_nids[cipher_count] = + cipher_table[j].nid; + cipher_count++; + } + } + } + } + + if (cipher_count > 0) { + cipher_nids = tmp_nids; + } + + return (1); + +failed: + if (r < 0 || cipher_count == 0) { + if (tmp_nids != NULL) + OPENSSL_free(tmp_nids); + } + return (0); +} + +/* + * Registered by the ENGINE when used to find out how to deal with + * a particular NID in the ENGINE. This says what we'll do at the + * top level - note, that list is restricted by what we answer with. + */ +static int +devcrypto_get_all_ciphers(ENGINE *e, const EVP_CIPHER **cipher, + const int **nids, int nid) +{ + if (!cipher) { + *nids = (cipher_count > 0) ? cipher_nids : NULL; + return (cipher_count); + } + + switch (nid) { + case NID_des_cbc: + *cipher = &dev_des_cbc; + break; + case NID_des_ede3_cbc: + *cipher = &dev_3des_cbc; + break; + case NID_des_ecb: + *cipher = &dev_des_ecb; + break; + case NID_des_ede3_ecb: + *cipher = &dev_3des_ecb; + break; + case NID_rc4: + *cipher = &dev_rc4; + break; + case NID_aes_128_cbc: + *cipher = &dev_aes_128_cbc; + break; + case NID_aes_192_cbc: + *cipher = &dev_aes_192_cbc; + break; + case NID_aes_256_cbc: + *cipher = &dev_aes_256_cbc; + break; + case NID_aes_128_ecb: + *cipher = &dev_aes_128_ecb; + break; + case NID_aes_192_ecb: + *cipher = &dev_aes_192_ecb; + break; + case NID_aes_256_ecb: + *cipher = &dev_aes_256_ecb; + break; + case NID_bf_cbc: + *cipher = &dev_bf_cbc; + break; + default: + /* + * We cannot put the NIDs for AES counter mode in separated + * cases as above because they are not constants. + */ + if (nid == NID_aes_128_ctr) + *cipher = &dev_aes_128_ctr; + else if (nid == NID_aes_192_ctr) + *cipher = &dev_aes_192_ctr; + else if (nid == NID_aes_256_ctr) + *cipher = &dev_aes_256_ctr; + else + *cipher = NULL; + break; + } + + return (*cipher != NULL); +} + + +static int +get_cipher_id_by_nid(int nid) +{ + int i; + + for (i = 0; i < DEV_CIPHER_MAX; i++) + if (cipher_table[i].nid == nid) + return (cipher_table[i].id); + return (-1); +} + + +static int +get_slotid_by_mechanism(const char *mech_string, CK_SLOT_ID *slot_id) +{ + crypto_get_provider_mechanism_info_t mechanism_info; + uint_t rv; + int r; + int i = 0; + + (void) strlcpy(mechanism_info.mi_mechanism_name, mech_string, + CRYPTO_MAX_MECH_NAME); + while (i < slot_count) { + mechanism_info.mi_provider_id = kernel_provider_id[i]; + while ((r = ioctl(kernel_fd, + CRYPTO_GET_PROVIDER_MECHANISM_INFO, + &mechanism_info)) < 0) { + if (errno != EINTR) + break; + } + if (r < 0) { + return (0); /* ioctl function failed */ + } + rv = mechanism_info.mi_return_value; + if (rv == 0) { /* found it */ + *slot_id = kernel_provider_id[i]; + return (1); + } + i++; + } + + return (0); +} + + +static int +devcrypto_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + devcrypto_ctx_t *devc_ctx = ctx->cipher_data; + crypto_encrypt_init_t encrypt_init; + crypto_decrypt_init_t decrypt_init; + crypto_open_session_t session; + crypto_get_mechanism_number_t get_number; + CK_AES_CTR_PARAMS aes_ctr_params; + devcrypto_cipher_t *the_cipher; + const char *mech_string; + CK_SLOT_ID slot_id; + int index; + int r; + uint_t rv = 0; + + if (key == NULL) { + DEVCRYPTOerr(DEVC_F_CIPHER_INIT, DEVC_R_CIPHER_KEY); + return (0); + } + + /* get the cipher entry index in cipher_table from nid */ + index = get_cipher_id_by_nid(ctx->cipher->nid); + if (index < 0 || index >= DEV_CIPHER_MAX) { + DEVCRYPTOerr(DEVC_F_CIPHER_INIT, DEVC_R_CIPHER_NID); + return (0); + } + the_cipher = &cipher_table[index]; + + /* check key size */ + if (ctx->cipher->iv_len < the_cipher->iv_len || + ctx->key_len < the_cipher->min_key_len || + ctx->key_len > the_cipher->max_key_len) { + DEVCRYPTOerr(DEVC_F_CIPHER_INIT, DEVC_R_KEY_OR_IV_LEN_PROBLEM); + return (0); + } + + /* Set cipher flags, if any */ + ctx->flags |= the_cipher->flags; + + /* get the mechanism string */ + mech_string = pkcs11_mech2str(the_cipher->mech_type); + if (mech_string == NULL) { + DEVCRYPTOerr(DEVC_F_CIPHER_INIT, DEVC_R_MECH_STRING); + return (0); + } + +#ifdef DEBUG + (void) fprintf(stderr, "libdevcrypto: mech_string=%s\n", mech_string); +#endif + + /* Find the slot that supports this mechanism */ + if (!get_slotid_by_mechanism(mech_string, &slot_id)) { + DEVCRYPTOerr(DEVC_F_CIPHER_INIT, DEVC_R_FIND_SLOT_BY_MECH); +#ifdef DEBUG + (void) fprintf(stderr, + "libdevcrypto: failed to find a slot with %s\n", + mech_string); +#endif + return (0); + } + +#ifdef DEBUG + (void) fprintf(stderr, "libdevcrypto: found a slot with %s, " + "slot_id = %d\n", mech_string, slot_id); +#endif + + /* Open a session on this slot */ + session.os_provider_id = slot_id; + session.os_flags = CKF_RW_SESSION | CKF_SERIAL_SESSION; + while ((r = ioctl(kernel_fd, CRYPTO_OPEN_SESSION, &session)) < 0) { + if (errno != EINTR) + break; + } + rv = session.os_return_value; + if (r || rv) { + DEVCRYPTOerr(DEVC_F_CIPHER_INIT, DEVC_R_OPEN_SESSION); +#ifdef DEBUG + (void) fprintf(stderr, + "libdevcrypto:cipher_init:failed to open a session\n"); +#endif /* DEBUG */ + goto failed; + } + +#ifdef DEBUG + (void) fprintf(stderr, "libdevcrypto:cipher_init: open session = %d\n", + session.os_session); +#endif /* DEBUG */ + + /* save the session_id */ + devc_ctx->session_id = session.os_session; + + /* + * Get the kernel mechanism number for this mechanism, if it has not + * been retrieved yet. + */ + if (the_cipher->pn_internal_number == CRYPTO_MECH_INVALID) { + get_number.pn_mechanism_string = (char *)mech_string; + get_number.pn_mechanism_len = strlen(mech_string) + 1; + while ((r = ioctl(kernel_fd, CRYPTO_GET_MECHANISM_NUMBER, + &get_number)) < 0) { + if (errno != EINTR) + break; + } + rv = get_number.pn_return_value; + if (r || rv) { + DEVCRYPTOerr(DEVC_F_CIPHER_INIT, + DEVC_R_GET_MECHANISM_NUMBER); +#ifdef DEBUG + (void) fprintf(stderr, "libdevcrypto:cipher_init: " + "failed to get the kernel mech number.\n"); +#endif /* DEBUG */ + goto failed; + } + + the_cipher->pn_internal_number = get_number.pn_internal_number; + } + + /* Crypto Init */ + if (ctx->encrypt) { + encrypt_init.ei_session = session.os_session; + encrypt_init.ei_key.ck_format = CRYPTO_KEY_RAW; + encrypt_init.ei_key.ck_obj_id = 0; + encrypt_init.ei_key.ck_data = (void *) key; + encrypt_init.ei_key.ck_length = ctx->key_len * 8; + encrypt_init.ei_mech.cm_type = the_cipher->pn_internal_number; + + if (ctx->cipher->nid == NID_aes_128_ctr || + ctx->cipher->nid == NID_aes_192_ctr || + ctx->cipher->nid == NID_aes_256_ctr) { + encrypt_init.ei_mech.cm_param = + (void *) (&aes_ctr_params); + encrypt_init.ei_mech.cm_param_len = + sizeof (aes_ctr_params); + + aes_ctr_params.ulCounterBits = AES_BLOCK_SIZE * 8; + OPENSSL_assert(ctx->cipher->iv_len == AES_BLOCK_SIZE); + (void) memcpy(aes_ctr_params.cb, ctx->iv, + AES_BLOCK_SIZE); + } else { + if (the_cipher->iv_len > 0) { + encrypt_init.ei_mech.cm_param = + (char *)ctx->iv; + encrypt_init.ei_mech.cm_param_len = + ctx->cipher->iv_len; + } else { + encrypt_init.ei_mech.cm_param = NULL; + encrypt_init.ei_mech.cm_param_len = 0; + } + } + + while ((r = ioctl(kernel_fd, CRYPTO_ENCRYPT_INIT, + &encrypt_init)) < 0) { + if (errno != EINTR) + break; + } + rv = encrypt_init.ei_return_value; + + } else { + decrypt_init.di_session = session.os_session; + decrypt_init.di_key.ck_format = CRYPTO_KEY_RAW; + decrypt_init.di_key.ck_obj_id = 0; + decrypt_init.di_key.ck_data = (void *) key; + decrypt_init.di_key.ck_length = ctx->key_len * 8; + decrypt_init.di_mech.cm_type = the_cipher->pn_internal_number; + + if (ctx->cipher->nid == NID_aes_128_ctr || + ctx->cipher->nid == NID_aes_192_ctr || + ctx->cipher->nid == NID_aes_256_ctr) { + decrypt_init.di_mech.cm_param = + (void *)(&aes_ctr_params); + decrypt_init.di_mech.cm_param_len = + sizeof (aes_ctr_params); + aes_ctr_params.ulCounterBits = AES_BLOCK_SIZE * 8; + OPENSSL_assert(ctx->cipher->iv_len == AES_BLOCK_SIZE); + (void) memcpy(aes_ctr_params.cb, ctx->iv, + AES_BLOCK_SIZE); + } else { + if (the_cipher->iv_len > 0) { + decrypt_init.di_mech.cm_param = + (char *)ctx->iv; + decrypt_init.di_mech.cm_param_len = + ctx->cipher->iv_len; + } else { + decrypt_init.di_mech.cm_param = NULL; + decrypt_init.di_mech.cm_param_len = 0; + } + } + + while ((r = ioctl(kernel_fd, CRYPTO_DECRYPT_INIT, + &decrypt_init)) < 0) { + if (errno != EINTR) + break; + } + rv = decrypt_init.di_return_value; + } + +failed: + if (r || rv) { + if (ctx->encrypt) + DEVCRYPTOerr(DEVC_F_CIPHER_INIT, DEVC_R_ENCRYPT_INIT); + else + DEVCRYPTOerr(DEVC_F_CIPHER_INIT, DEVC_R_DECRYPT_INIT); + + return (0); + } + + return (1); +} + + +/* + * ENCRYPT_UPDATE or DECRYPT_UPDATE + */ +static int +devcrypto_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) +{ + crypto_encrypt_update_t encrypt_update; + crypto_decrypt_update_t decrypt_update; + devcrypto_ctx_t *devc_ctx = ctx->cipher_data; + int r = 0, rv = 0; + + if (ctx->encrypt) { + encrypt_update.eu_session = devc_ctx->session_id; + encrypt_update.eu_databuf = (char *)in; + encrypt_update.eu_datalen = inl; + encrypt_update.eu_encrbuf = (char *)out; + encrypt_update.eu_encrlen = inl; + + while ((r = ioctl(kernel_fd, CRYPTO_ENCRYPT_UPDATE, + &encrypt_update)) < 0) { + if (errno != EINTR) + break; + } + rv = encrypt_update.eu_return_value; + + } else { /* decrypt */ + decrypt_update.du_session = devc_ctx->session_id; + decrypt_update.du_encrbuf = (char *)in; + decrypt_update.du_encrlen = inl; + decrypt_update.du_databuf = (char *)out; + decrypt_update.du_datalen = inl; + + while ((r = ioctl(kernel_fd, CRYPTO_DECRYPT_UPDATE, + &decrypt_update)) < 0) { + if (errno != EINTR) + break; + } + rv = decrypt_update.du_return_value; + } + + if (r || rv) { + if (ctx->encrypt) + DEVCRYPTOerr(DEVC_F_CIPHER_DO_CIPHER, + DEVC_R_ENCRYPT_UPDATE); + else + DEVCRYPTOerr(DEVC_F_CIPHER_DO_CIPHER, + DEVC_R_DECRYPT_UPDATE); + +#ifdef DEBUG + (void) fprintf(stderr, "libdevcrypto:crypto_do ret (r) = 0x%x," + "crypto ret (rv) = 0x%x,", r, rv); +#endif /* DEBUG */ + return (0); + } + + return (1); +} + + +/* + * ENCRYPT_FINAL or DECRYPT_FINAL + */ +static int +devcrypto_cipher_cleanup(EVP_CIPHER_CTX *ctx) +{ + crypto_encrypt_final_t encrypt_final; + crypto_decrypt_final_t decrypt_final; + crypto_close_session_t session; + devcrypto_ctx_t *devc_ctx = ctx->cipher_data; + char buf[EVP_MAX_BLOCK_LENGTH]; + int r; + uint_t rv = 0; + int ret = 1; + + if (ctx->encrypt) { + encrypt_final.ef_session = devc_ctx->session_id; + encrypt_final.ef_encrbuf = buf; + encrypt_final.ef_encrlen = sizeof (buf); + while ((r = ioctl(kernel_fd, CRYPTO_ENCRYPT_FINAL, + &encrypt_final)) < 0) { + if (errno != EINTR) + break; + } + rv = encrypt_final.ef_return_value; + + } else { + decrypt_final.df_session = devc_ctx->session_id; + decrypt_final.df_databuf = buf; + decrypt_final.df_datalen = sizeof (buf); + while ((r = ioctl(kernel_fd, CRYPTO_DECRYPT_FINAL, + &decrypt_final)) < 0) { + if (errno != EINTR) + break; + } + rv = decrypt_final.df_return_value; + } + +#ifdef DEBUG + if (ctx->encrypt) + (void) fprintf(stderr, "libdevcrypto:CRYPTO_ENCRYPT_FINAL " + "ret (r) = 0x%x, (rv) = 0x%x\n", r, rv); + else + (void) fprintf(stderr, "libdevcrypto:CRYPTO_DECRYPT_FINAL " + "ret (r) = 0x%x, (rv) = 0x%x\n", r, rv); +#endif /* DEBUG */ + + if (r || rv) { + if (ctx->encrypt) + DEVCRYPTOerr(DEVC_F_CIPHER_CLEANUP, + DEVC_R_ENCRYPT_FINAL); + else + DEVCRYPTOerr(DEVC_F_CIPHER_CLEANUP, + DEVC_R_DECRYPT_FINAL); + ret = 0; + } + + /* close the session */ + session.cs_session = devc_ctx->session_id; + while ((r = ioctl(kernel_fd, CRYPTO_CLOSE_SESSION, &session)) < 0) { + if (errno != EINTR) + break; + } + +#ifdef DEBUG + (void) fprintf(stderr, "libdevcrypto:CRYPTO_CLOSE_SESSION, " + "session id = %d ret (r) = 0x%x, crypto ret (rv) = 0x%x\n", + devc_ctx->session_id, r, rv); +#endif /* DEBUG */ + + if (r || rv) { + DEVCRYPTOerr(DEVC_F_CIPHER_CLEANUP, DEVC_R_CLOSE_SESSION); + ret = 0; + } + + return (ret); +} + +static void +devcrypto_cleanup(void) +{ + if (kernel_fd == -1) + return; + + (void) pthread_mutex_lock(kernel_fd_lock); + kernel_fd_ref--; + (void) pthread_mutex_unlock(kernel_fd_lock); + + if (kernel_fd_ref == 0) { + (void) pthread_mutex_lock(kernel_fd_lock); + (void) close(kernel_fd); + kernel_fd = -1; + if (kernel_provider_id != NULL) { + OPENSSL_free(kernel_provider_id); + kernel_provider_id = NULL; + } + if (cipher_nids != NULL) { + OPENSSL_free(cipher_nids); + cipher_nids = NULL; + } + (void) pthread_mutex_unlock(kernel_fd_lock); + (void) pthread_mutex_destroy(kernel_fd_lock); + OPENSSL_free(kernel_fd_lock); + kernel_fd_lock = NULL; + } +} + +static int +devcrypto_destroy(ENGINE *e) +{ + ERR_unload_devcrypto_strings(); + return (1); +} + +static int +devcrypto_finish(ENGINE *e) +{ + devcrypto_cleanup(); + return (1); +} + +/* + * Set up the engine info and get the /dev/crypto engine ready. + */ +static int +devcrypto_bind(ENGINE *e) +{ +#ifdef DEBUG + int i; +#endif + + /* Create a lock for the devcrypto device file descriptor */ + if (kernel_fd_lock == NULL) { + kernel_fd_lock = OPENSSL_malloc(sizeof (pthread_mutex_t)); + if (kernel_fd_lock == NULL) { + return (0); + } + + if (pthread_mutex_init(kernel_fd_lock, NULL) != 0) { + OPENSSL_free(kernel_fd_lock); + kernel_fd_lock = NULL; + return (0); + } + } + + /* Open the /dev/crypto device */ + if (devcrypto_open() == 0) { + pthread_mutex_destroy(kernel_fd_lock); + OPENSSL_free(kernel_fd_lock); + kernel_fd_lock = NULL; + return (0); + } + + /* Get all hardware providers' information */ + if (devcrypto_get_slot_info() == 0) { + goto failed; + } + + if (devcrypto_get_hw_ciphers() == 0) { + goto failed; + } + +#ifdef DEBUG + (void) fprintf(stderr, "cipher_count = %d\n", cipher_count); + for (i = 0; i < cipher_count; i++) { + (void) fprintf(stderr, + "cipher_nids[i] = %d\n", cipher_nids[i]); + } +#endif /* DEBUG */ + + if (!ENGINE_set_id(e, ENGINE_DEVCRYPTO_ID) || + !ENGINE_set_name(e, ENGINE_DEVCRYPTO_NAME) || + !ENGINE_set_ciphers(e, devcrypto_get_all_ciphers) || + !ENGINE_set_destroy_function(e, devcrypto_destroy) || + !ENGINE_set_finish_function(e, devcrypto_finish)) { + goto failed; + } + + /* Set up the devcrypto error handling */ + ERR_load_devcrypto_strings(); + return (1); + +failed: + devcrypto_cleanup(); + return (0); +} + + +static int +bind_helper(ENGINE *e, const char *id) +{ + if (id != NULL && (strcmp(id, ENGINE_DEVCRYPTO_ID) != 0)) { +#ifdef DEBUG + (void) fprintf(stderr, "libdevcrypto - bad engine id\n"); +#endif /* DEBUG */ + return (0); + } + if (!devcrypto_bind(e)) { +#ifdef DEBUG + (void) fprintf(stderr, + "libdevcrypto - failed to bind engine\n"); +#endif /* DEBUG */ + return (0); + } + + return (1); +} + +IMPLEMENT_DYNAMIC_CHECK_FN() +IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/engines/devcrypto/e_devcrypto_err.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/engines/devcrypto/e_devcrypto_err.c Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,122 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + * + * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. + */ + +#include "e_devcrypto_err.h" + +/* BEGIN ERROR CODES */ + +#ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(0, func, 0) +#define ERR_REASON(reason) ERR_PACK(0, 0, reason) + +static ERR_STRING_DATA devcrypto_str_functs[]= +{ +{ ERR_FUNC(DEVC_F_INIT), "DEVCRYPTO_INIT"}, +{ ERR_FUNC(DEVC_F_DESTROY), "DEVCRYPTO_DESTROY"}, +{ ERR_FUNC(DEVC_F_FINISH), "DEVCRYPTO_FINISH"}, +{ ERR_FUNC(DEVC_F_CIPHER_INIT), "DEVCRYPTO_CIPHER_INIT"}, +{ ERR_FUNC(DEVC_F_CIPHER_DO_CIPHER), "DEVCRYPTO_CIPHER_DO_CIPHER"}, +{ ERR_FUNC(DEVC_F_CIPHER_CLEANUP), "DEVCRYPTO_CIPHER_CLEANUP"}, +{ 0, NULL} +}; + +static ERR_STRING_DATA devcrypto_str_reasons[]= +{ +{ ERR_REASON(DEVC_R_CIPHER_KEY), "invalid cipher key"}, +{ ERR_REASON(DEVC_R_CIPHER_NID), "invalid cipher nid"}, +{ ERR_REASON(DEVC_R_KEY_OR_IV_LEN_PROBLEM), "IV or key length incorrect"}, +{ ERR_REASON(DEVC_R_MECH_STRING), "convert cipher type to string failed"}, +{ ERR_REASON(DEVC_R_FIND_SLOT_BY_MECH), + "no hardware providers support this cipher"}, +{ ERR_REASON(DEVC_R_OPEN_SESSION), "CRYPTO_OPEN_SESSION failed"}, +{ ERR_REASON(DEVC_R_GET_MECHANISM_NUMBER), + "CRYPTO_GET_MECHANISM_NUMBER failed"}, +{ ERR_REASON(DEVC_R_ENCRYPT_INIT), "CRYPTO_ENCRYPT_INIT failed"}, +{ ERR_REASON(DEVC_R_ENCRYPT_UPDATE), "CRYPTO_ENCRYPT_UPDATE failed"}, +{ ERR_REASON(DEVC_R_ENCRYPT_FINAL), "CRYPTO_ENCRYPT_FINAL failed"}, +{ ERR_REASON(DEVC_R_DECRYPT_INIT), "CRYPTO_DECRYPT_INIT failed"}, +{ ERR_REASON(DEVC_R_DECRYPT_UPDATE), "CRYPTO_DECRYPT_UPDATE failed"}, +{ ERR_REASON(DEVC_R_DECRYPT_FINAL), "CRYPTO_DECRYPT_FINAL failed"}, +{ ERR_REASON(DEVC_R_CLOSE_SESSION), "CRYPTO_CLOSE_SESSION failed"}, +{ 0, NULL} +}; +#endif /* OPENSSL_NO_ERR */ + + +#ifdef DEVCRYPTO_LIB_NAME +static ERR_STRING_DATA DEVCRYPTO_lib_name[]= +{ +{0, DEVCRYPTO_LIB_NAME}, +{0, NULL} +}; +#endif + +static int devcrypto_error_code = 0; +static int devcrypto_error_init = 1; + +static void +ERR_load_devcrypto_strings(void) +{ + if (devcrypto_error_code == 0) + devcrypto_error_code = ERR_get_next_error_library(); + + if (devcrypto_error_init) { + devcrypto_error_init = 0; + +#ifndef OPENSSL_NO_ERR + ERR_load_strings(devcrypto_error_code, devcrypto_str_functs); + ERR_load_strings(devcrypto_error_code, devcrypto_str_reasons); +#endif + +#ifdef DEVCRYPTO_LIB_NAME + DEVCRYPTO_lib_name->error = + ERR_PACK(devcrypto_error_code, 0, 0); + ERR_load_strings(0, DEVCRYPTO_lib_name); +#endif + } +} + +static void +ERR_unload_devcrypto_strings(void) +{ + if (devcrypto_error_init == 0) { +#ifndef OPENSSL_NO_ERR + ERR_unload_strings(devcrypto_error_code, devcrypto_str_functs); + ERR_unload_strings(devcrypto_error_code, devcrypto_str_reasons); +#endif + +#ifdef DEVCRYPTO_LIB_NAME + ERR_unload_strings(0, DEVCRYPTO_lib_name); +#endif + devcrypto_error_init = 1; + } +} + +static void +ERR_devcrypto_error(int function, int reason, char *file, int line) +{ + if (devcrypto_error_code == 0) + devcrypto_error_code = ERR_get_next_error_library(); + ERR_PUT_error(devcrypto_error_code, function, reason, file, line); +} diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/engines/devcrypto/e_devcrypto_err.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/engines/devcrypto/e_devcrypto_err.h Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,59 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + * + * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. + */ + +#ifndef HEADER_DEVCRYPTO_ERR_H +#define HEADER_DEVCRYPTO_ERR_H + +static void ERR_load_devcrypto_strings(void); +static void ERR_unload_devcrypto_strings(void); +static void ERR_devcrypto_error(int function, int reason, char *file, int line); + +#define DEVCRYPTOerr(f, r) ERR_devcrypto_error((f), (r), __FILE__, __LINE__) + + +/* Function codes */ +#define DEVC_F_INIT 100 +#define DEVC_F_DESTROY 101 +#define DEVC_F_FINISH 102 +#define DEVC_F_CIPHER_INIT 103 +#define DEVC_F_CIPHER_DO_CIPHER 104 +#define DEVC_F_CIPHER_CLEANUP 105 + + +/* Reason codes */ +#define DEVC_R_CIPHER_KEY 100 +#define DEVC_R_CIPHER_NID 101 +#define DEVC_R_KEY_OR_IV_LEN_PROBLEM 102 +#define DEVC_R_MECH_STRING 103 +#define DEVC_R_FIND_SLOT_BY_MECH 104 +#define DEVC_R_OPEN_SESSION 105 +#define DEVC_R_GET_MECHANISM_NUMBER 106 +#define DEVC_R_ENCRYPT_INIT 107 +#define DEVC_R_ENCRYPT_UPDATE 108 +#define DEVC_R_ENCRYPT_FINAL 109 +#define DEVC_R_DECRYPT_INIT 110 +#define DEVC_R_DECRYPT_UPDATE 111 +#define DEVC_R_DECRYPT_FINAL 112 +#define DEVC_R_CLOSE_SESSION 113 + +#endif /* HEADER_DEVCRYPTO_ERR_H */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/engines/pkcs11/hw_pk11.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/engines/pkcs11/hw_pk11.c Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,3804 @@ +/* + * Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved. + */ + +/* crypto/engine/hw_pk11.c */ +/* + * This product includes software developed by the OpenSSL Project for + * use in the OpenSSL Toolkit (http://www.openssl.org/). + * + * This project also referenced hw_pkcs11-0.9.7b.patch written by + * Afchine Madjlessi. + */ +/* + * ==================================================================== + * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#ifndef OPENSSL_NO_RSA +#include +#endif +#ifndef OPENSSL_NO_DSA +#include +#endif +#ifndef OPENSSL_NO_DH +#include +#endif +#include +#include +#include +#include +#include +#include +#include + +#ifndef OPENSSL_NO_HW +#ifndef OPENSSL_NO_HW_PK11 + +/* label for debug messages printed on stderr */ +#define PK11_DBG "PKCS#11 ENGINE DEBUG" +/* prints a lot of debug messages on stderr about slot selection process */ +#undef DEBUG_SLOT_SELECTION +/* + * Solaris specific code. See comment at check_hw_mechanisms() for more + * information. + */ +#if defined(__SVR4) && defined(__sun) +#define SOLARIS_HW_SLOT_SELECTION +#endif + +#ifdef SOLARIS_HW_SLOT_SELECTION +#include +#endif + +#ifdef DEBUG_SLOT_SELECTION +#define DEBUG_SLOT_SEL(...) fprintf(stderr, __VA_ARGS__) +#else +#define DEBUG_SLOT_SEL(...) +#endif + +#include +#include +#include "hw_pk11.h" +#include "hw_pk11_uri.h" + +#define PK11_ENGINE_LIB_NAME "PKCS#11 engine" +#include "hw_pk11_err.c" + +/* + * We use this lock to prevent multiple C_Login()s, guard getpassphrase(), + * uri_struct manipulation, and static token info. All of that is used by the + * RSA keys by reference feature. + */ +pthread_mutex_t *uri_lock = NULL; + +#ifdef SOLARIS_HW_SLOT_SELECTION +/* + * Tables for symmetric ciphers and digest mechs found in the pkcs11_kernel + * library. See comment at check_hw_mechanisms() for more information. + */ +int *hw_cnids; +int *hw_dnids; +#endif /* SOLARIS_HW_SLOT_SELECTION */ + +/* PKCS#11 session caches and their locks for all operation types */ +static PK11_CACHE session_cache[OP_MAX]; + +/* + * We cache the flags so that we do not have to run C_GetTokenInfo() again when + * logging into the token. + */ +CK_FLAGS pubkey_token_flags; + +/* + * As stated in v2.20, 11.7 Object Management Function, in section for + * C_FindObjectsInit(), at most one search operation may be active at a given + * time in a given session. Therefore, C_Find{,Init,Final}Objects() should be + * grouped together to form one atomic search operation. This is already + * ensured by the property of unique PKCS#11 session handle used for each + * PK11_SESSION object. + * + * This is however not the biggest concern - maintaining consistency of the + * underlying object store is more important. The same section of the spec also + * says that one thread can be in the middle of a search operation while another + * thread destroys the object matching the search template which would result in + * invalid handle returned from the search operation. + * + * Hence, the following locks are used for both protection of the object stores. + * They are also used for active list protection. + */ +pthread_mutex_t *find_lock[OP_MAX] = { NULL }; + +/* + * lists of asymmetric key handles which are active (referenced by at least one + * PK11_SESSION structure, either held by a thread or present in free_session + * list) for given algorithm type + */ +PK11_active *active_list[OP_MAX] = { NULL }; + +/* + * Create all secret key objects in a global session so that they are available + * to use for other sessions. These other sessions may be opened or closed + * without losing the secret key objects. + */ +static CK_SESSION_HANDLE global_session = CK_INVALID_HANDLE; + +/* Index for the supported ciphers */ +enum pk11_cipher_id { + PK11_DES_CBC, + PK11_DES3_CBC, + PK11_DES_ECB, + PK11_DES3_ECB, + PK11_RC4, + PK11_AES_128_CBC, + PK11_AES_192_CBC, + PK11_AES_256_CBC, + PK11_AES_128_ECB, + PK11_AES_192_ECB, + PK11_AES_256_ECB, + PK11_BLOWFISH_CBC, + PK11_AES_128_CTR, + PK11_AES_192_CTR, + PK11_AES_256_CTR, + PK11_CIPHER_MAX +}; + +/* Index for the supported digests */ +enum pk11_digest_id { + PK11_MD5, + PK11_SHA1, + PK11_SHA224, + PK11_SHA256, + PK11_SHA384, + PK11_SHA512, + PK11_DIGEST_MAX +}; + +typedef struct PK11_CIPHER_st + { + enum pk11_cipher_id id; + int nid; + int iv_len; + int min_key_len; + int max_key_len; + CK_KEY_TYPE key_type; + CK_MECHANISM_TYPE mech_type; + } PK11_CIPHER; + +typedef struct PK11_DIGEST_st + { + enum pk11_digest_id id; + int nid; + CK_MECHANISM_TYPE mech_type; + } PK11_DIGEST; + +/* ENGINE level stuff */ +static int pk11_init(ENGINE *e); +static int pk11_library_init(ENGINE *e); +static int pk11_finish(ENGINE *e); +static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +static int pk11_destroy(ENGINE *e); + +/* RAND stuff */ +static void pk11_rand_seed(const void *buf, int num); +static void pk11_rand_add(const void *buf, int num, double add_entropy); +static void pk11_rand_cleanup(void); +static int pk11_rand_bytes(unsigned char *buf, int num); +static int pk11_rand_status(void); + +/* These functions are also used in other files */ +PK11_SESSION *pk11_get_session(PK11_OPTYPE optype); +void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype); + +/* active list manipulation functions used in this file */ +extern int pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type); +extern void pk11_free_active_list(PK11_OPTYPE type); + +#ifndef OPENSSL_NO_RSA +int pk11_destroy_rsa_key_objects(PK11_SESSION *session); +int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock); +int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock); +#endif +#ifndef OPENSSL_NO_DSA +int pk11_destroy_dsa_key_objects(PK11_SESSION *session); +int pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock); +int pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock); +#endif +#ifndef OPENSSL_NO_DH +int pk11_destroy_dh_key_objects(PK11_SESSION *session); +int pk11_destroy_dh_object(PK11_SESSION *session, CK_BBOOL uselock); +#endif + +/* Local helper functions */ +static int pk11_free_all_sessions(void); +static int pk11_free_session_list(PK11_OPTYPE optype); +static int pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype); +static int pk11_destroy_cipher_key_objects(PK11_SESSION *session); +static int pk11_destroy_object(CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE oh, + CK_BBOOL persistent); +static const char *get_PK11_LIBNAME(void); +static void free_PK11_LIBNAME(void); +static long set_PK11_LIBNAME(const char *name); + +/* Symmetric cipher and digest support functions */ +static int cipher_nid_to_pk11(int nid); +static int pk11_usable_ciphers(const int **nids); +static int pk11_usable_digests(const int **nids); +static int pk11_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); +static int pk11_cipher_final(PK11_SESSION *sp); +static int pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); +static int pk11_cipher_cleanup(EVP_CIPHER_CTX *ctx); +static int pk11_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, + const int **nids, int nid); +static int pk11_engine_digests(ENGINE *e, const EVP_MD **digest, + const int **nids, int nid); +static CK_OBJECT_HANDLE pk11_get_cipher_key(EVP_CIPHER_CTX *ctx, + const unsigned char *key, CK_KEY_TYPE key_type, PK11_SESSION *sp); +static int check_new_cipher_key(PK11_SESSION *sp, const unsigned char *key, + int key_len); +static int md_nid_to_pk11(int nid); +static int pk11_digest_init(EVP_MD_CTX *ctx); +static int pk11_digest_update(EVP_MD_CTX *ctx, const void *data, + size_t count); +static int pk11_digest_final(EVP_MD_CTX *ctx, unsigned char *md); +static int pk11_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from); +static int pk11_digest_cleanup(EVP_MD_CTX *ctx); + +static int pk11_choose_slots(int *any_slot_found); +static void pk11_find_symmetric_ciphers(CK_FUNCTION_LIST_PTR pflist, + CK_SLOT_ID current_slot, int *current_slot_n_cipher, + int *local_cipher_nids); +static void pk11_find_digests(CK_FUNCTION_LIST_PTR pflist, + CK_SLOT_ID current_slot, int *current_slot_n_digest, + int *local_digest_nids); +static void pk11_get_symmetric_cipher(CK_FUNCTION_LIST_PTR, int slot_id, + int *current_slot_n_cipher, int *local_cipher_nids, + PK11_CIPHER *cipher); +static void pk11_get_digest(CK_FUNCTION_LIST_PTR pflist, int slot_id, + int *current_slot_n_digest, int *local_digest_nids, + PK11_DIGEST *digest); + +static int pk11_init_all_locks(void); +static void pk11_free_all_locks(void); + +#ifdef SOLARIS_HW_SLOT_SELECTION +static int check_hw_mechanisms(void); +static int nid_in_table(int nid, int *nid_table); +static int hw_aes_instruction_set_present(void); +#endif /* SOLARIS_HW_SLOT_SELECTION */ + +#define TRY_OBJ_DESTROY(sp, obj_hdl, retval, uselock, alg_type) \ + { \ + if (uselock) \ + LOCK_OBJSTORE(alg_type); \ + if (pk11_active_delete(obj_hdl, alg_type) == 1) \ + { \ + retval = pk11_destroy_object(sp->session, obj_hdl, \ + sp->persistent); \ + } \ + if (uselock) \ + UNLOCK_OBJSTORE(alg_type); \ + } + +static int cipher_nids[PK11_CIPHER_MAX]; +static int digest_nids[PK11_DIGEST_MAX]; +static int cipher_count = 0; +static int digest_count = 0; +static CK_BBOOL pk11_have_rsa = CK_FALSE; +static CK_BBOOL pk11_have_dsa = CK_FALSE; +static CK_BBOOL pk11_have_dh = CK_FALSE; +static CK_BBOOL pk11_have_random = CK_FALSE; + +/* + * Static list of ciphers. + * Note, that ciphers array is indexed by member PK11_CIPHER.id, + * thus ciphers[i].id == i + * Rows must be kept in sync with enum pk11_cipher_id. + */ +static PK11_CIPHER ciphers[] = + { + { PK11_DES_CBC, NID_des_cbc, 8, 8, 8, + CKK_DES, CKM_DES_CBC, }, + { PK11_DES3_CBC, NID_des_ede3_cbc, 8, 24, 24, + CKK_DES3, CKM_DES3_CBC, }, + { PK11_DES_ECB, NID_des_ecb, 0, 8, 8, + CKK_DES, CKM_DES_ECB, }, + { PK11_DES3_ECB, NID_des_ede3_ecb, 0, 24, 24, + CKK_DES3, CKM_DES3_ECB, }, + { PK11_RC4, NID_rc4, 0, 16, 256, + CKK_RC4, CKM_RC4, }, + { PK11_AES_128_CBC, NID_aes_128_cbc, 16, 16, 16, + CKK_AES, CKM_AES_CBC, }, + { PK11_AES_192_CBC, NID_aes_192_cbc, 16, 24, 24, + CKK_AES, CKM_AES_CBC, }, + { PK11_AES_256_CBC, NID_aes_256_cbc, 16, 32, 32, + CKK_AES, CKM_AES_CBC, }, + { PK11_AES_128_ECB, NID_aes_128_ecb, 0, 16, 16, + CKK_AES, CKM_AES_ECB, }, + { PK11_AES_192_ECB, NID_aes_192_ecb, 0, 24, 24, + CKK_AES, CKM_AES_ECB, }, + { PK11_AES_256_ECB, NID_aes_256_ecb, 0, 32, 32, + CKK_AES, CKM_AES_ECB, }, + { PK11_BLOWFISH_CBC, NID_bf_cbc, 8, 16, 16, + CKK_BLOWFISH, CKM_BLOWFISH_CBC, }, + { PK11_AES_128_CTR, NID_aes_128_ctr, 16, 16, 16, + CKK_AES, CKM_AES_CTR, }, + { PK11_AES_192_CTR, NID_aes_192_ctr, 16, 24, 24, + CKK_AES, CKM_AES_CTR, }, + { PK11_AES_256_CTR, NID_aes_256_ctr, 16, 32, 32, + CKK_AES, CKM_AES_CTR, }, + }; + +/* + * Static list of digests. + * Note, that digests array is indexed by member PK11_DIGEST.id, + * thus digests[i].id == i + * Rows must be kept in sync with enum pk11_digest_id. + */ +static PK11_DIGEST digests[] = + { + {PK11_MD5, NID_md5, CKM_MD5, }, + {PK11_SHA1, NID_sha1, CKM_SHA_1, }, + {PK11_SHA224, NID_sha224, CKM_SHA224, }, + {PK11_SHA256, NID_sha256, CKM_SHA256, }, + {PK11_SHA384, NID_sha384, CKM_SHA384, }, + {PK11_SHA512, NID_sha512, CKM_SHA512, }, + {0, NID_undef, 0xFFFF, }, + }; + +/* + * Structure to be used for the cipher_data/md_data in + * EVP_CIPHER_CTX/EVP_MD_CTX structures in order to use the same pk11 + * session in multiple cipher_update calls + */ +typedef struct PK11_CIPHER_STATE_st + { + PK11_SESSION *sp; + } PK11_CIPHER_STATE; + + +/* + * libcrypto EVP stuff - this is how we get wired to EVP so the engine gets + * called when libcrypto requests a cipher NID. + * + * Note how the PK11_CIPHER_STATE is used here. + */ + +/* DES CBC EVP */ +static const EVP_CIPHER pk11_des_cbc = + { + NID_des_cbc, + 8, 8, 8, + EVP_CIPH_CBC_MODE, + pk11_cipher_init, + pk11_cipher_do_cipher, + pk11_cipher_cleanup, + sizeof (PK11_CIPHER_STATE), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL + }; + +/* 3DES CBC EVP */ +static const EVP_CIPHER pk11_3des_cbc = + { + NID_des_ede3_cbc, + 8, 24, 8, + EVP_CIPH_CBC_MODE, + pk11_cipher_init, + pk11_cipher_do_cipher, + pk11_cipher_cleanup, + sizeof (PK11_CIPHER_STATE), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL + }; + +/* + * ECB modes don't use an Initial Vector so that's why set_asn1_parameters and + * get_asn1_parameters fields are set to NULL. + */ +static const EVP_CIPHER pk11_des_ecb = + { + NID_des_ecb, + 8, 8, 8, + EVP_CIPH_ECB_MODE, + pk11_cipher_init, + pk11_cipher_do_cipher, + pk11_cipher_cleanup, + sizeof (PK11_CIPHER_STATE), + NULL, + NULL, + NULL + }; + +static const EVP_CIPHER pk11_3des_ecb = + { + NID_des_ede3_ecb, + 8, 24, 8, + EVP_CIPH_ECB_MODE, + pk11_cipher_init, + pk11_cipher_do_cipher, + pk11_cipher_cleanup, + sizeof (PK11_CIPHER_STATE), + NULL, + NULL, + NULL + }; + + +static const EVP_CIPHER pk11_aes_128_cbc = + { + NID_aes_128_cbc, + 16, 16, 16, + EVP_CIPH_CBC_MODE, + pk11_cipher_init, + pk11_cipher_do_cipher, + pk11_cipher_cleanup, + sizeof (PK11_CIPHER_STATE), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL + }; + +static const EVP_CIPHER pk11_aes_192_cbc = + { + NID_aes_192_cbc, + 16, 24, 16, + EVP_CIPH_CBC_MODE, + pk11_cipher_init, + pk11_cipher_do_cipher, + pk11_cipher_cleanup, + sizeof (PK11_CIPHER_STATE), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL + }; + +static const EVP_CIPHER pk11_aes_256_cbc = + { + NID_aes_256_cbc, + 16, 32, 16, + EVP_CIPH_CBC_MODE, + pk11_cipher_init, + pk11_cipher_do_cipher, + pk11_cipher_cleanup, + sizeof (PK11_CIPHER_STATE), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL + }; + +/* + * ECB modes don't use IV so that's why set_asn1_parameters and + * get_asn1_parameters are set to NULL. + */ +static const EVP_CIPHER pk11_aes_128_ecb = + { + NID_aes_128_ecb, + 16, 16, 0, + EVP_CIPH_ECB_MODE, + pk11_cipher_init, + pk11_cipher_do_cipher, + pk11_cipher_cleanup, + sizeof (PK11_CIPHER_STATE), + NULL, + NULL, + NULL + }; + +static const EVP_CIPHER pk11_aes_192_ecb = + { + NID_aes_192_ecb, + 16, 24, 0, + EVP_CIPH_ECB_MODE, + pk11_cipher_init, + pk11_cipher_do_cipher, + pk11_cipher_cleanup, + sizeof (PK11_CIPHER_STATE), + NULL, + NULL, + NULL + }; + +static const EVP_CIPHER pk11_aes_256_ecb = + { + NID_aes_256_ecb, + 16, 32, 0, + EVP_CIPH_ECB_MODE, + pk11_cipher_init, + pk11_cipher_do_cipher, + pk11_cipher_cleanup, + sizeof (PK11_CIPHER_STATE), + NULL, + NULL, + NULL + }; + +static EVP_CIPHER pk11_aes_128_ctr = + { + NID_aes_128_ctr, + 16, 16, 16, + EVP_CIPH_CTR_MODE, + pk11_cipher_init, + pk11_cipher_do_cipher, + pk11_cipher_cleanup, + sizeof (PK11_CIPHER_STATE), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL + }; + +static EVP_CIPHER pk11_aes_192_ctr = + { + NID_aes_192_ctr, + 16, 24, 16, + EVP_CIPH_CTR_MODE, + pk11_cipher_init, + pk11_cipher_do_cipher, + pk11_cipher_cleanup, + sizeof (PK11_CIPHER_STATE), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL + }; + +static EVP_CIPHER pk11_aes_256_ctr = + { + NID_aes_256_ctr, + 16, 32, 16, + EVP_CIPH_CTR_MODE, + pk11_cipher_init, + pk11_cipher_do_cipher, + pk11_cipher_cleanup, + sizeof (PK11_CIPHER_STATE), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL + }; + +static const EVP_CIPHER pk11_bf_cbc = + { + NID_bf_cbc, + 8, 16, 8, + EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CBC_MODE, + pk11_cipher_init, + pk11_cipher_do_cipher, + pk11_cipher_cleanup, + sizeof (PK11_CIPHER_STATE), + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL + }; + +static const EVP_CIPHER pk11_rc4 = + { + NID_rc4, + 1, 16, 0, + EVP_CIPH_VARIABLE_LENGTH, + pk11_cipher_init, + pk11_cipher_do_cipher, + pk11_cipher_cleanup, + sizeof (PK11_CIPHER_STATE), + NULL, + NULL, + NULL + }; + +static const EVP_MD pk11_md5 = + { + NID_md5, + NID_md5WithRSAEncryption, + MD5_DIGEST_LENGTH, + 0, + pk11_digest_init, + pk11_digest_update, + pk11_digest_final, + pk11_digest_copy, + pk11_digest_cleanup, + EVP_PKEY_RSA_method, + MD5_CBLOCK, + sizeof (PK11_CIPHER_STATE), + }; + +static const EVP_MD pk11_sha1 = + { + NID_sha1, + NID_sha1WithRSAEncryption, + SHA_DIGEST_LENGTH, + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, + pk11_digest_init, + pk11_digest_update, + pk11_digest_final, + pk11_digest_copy, + pk11_digest_cleanup, + EVP_PKEY_RSA_method, + SHA_CBLOCK, + sizeof (PK11_CIPHER_STATE), + }; + +static const EVP_MD pk11_sha224 = + { + NID_sha224, + NID_sha224WithRSAEncryption, + SHA224_DIGEST_LENGTH, + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, + pk11_digest_init, + pk11_digest_update, + pk11_digest_final, + pk11_digest_copy, + pk11_digest_cleanup, + EVP_PKEY_RSA_method, + /* SHA-224 uses the same cblock size as SHA-256 */ + SHA256_CBLOCK, + sizeof (PK11_CIPHER_STATE), + }; + +static const EVP_MD pk11_sha256 = + { + NID_sha256, + NID_sha256WithRSAEncryption, + SHA256_DIGEST_LENGTH, + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, + pk11_digest_init, + pk11_digest_update, + pk11_digest_final, + pk11_digest_copy, + pk11_digest_cleanup, + EVP_PKEY_RSA_method, + SHA256_CBLOCK, + sizeof (PK11_CIPHER_STATE), + }; + +static const EVP_MD pk11_sha384 = + { + NID_sha384, + NID_sha384WithRSAEncryption, + SHA384_DIGEST_LENGTH, + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, + pk11_digest_init, + pk11_digest_update, + pk11_digest_final, + pk11_digest_copy, + pk11_digest_cleanup, + EVP_PKEY_RSA_method, + /* SHA-384 uses the same cblock size as SHA-512 */ + SHA512_CBLOCK, + sizeof (PK11_CIPHER_STATE), + }; + +static const EVP_MD pk11_sha512 = + { + NID_sha512, + NID_sha512WithRSAEncryption, + SHA512_DIGEST_LENGTH, + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, + pk11_digest_init, + pk11_digest_update, + pk11_digest_final, + pk11_digest_copy, + pk11_digest_cleanup, + EVP_PKEY_RSA_method, + SHA512_CBLOCK, + sizeof (PK11_CIPHER_STATE), + }; + +/* + * Initialization function. Sets up various PKCS#11 library components. + * The definitions for control commands specific to this engine + */ +#define PK11_CMD_SO_PATH ENGINE_CMD_BASE +static const ENGINE_CMD_DEFN pk11_cmd_defns[] = + { + { + PK11_CMD_SO_PATH, + "SO_PATH", + "Specifies the path to the 'pkcs#11' shared library", + ENGINE_CMD_FLAG_STRING + }, + {0, NULL, NULL, 0} + }; + + +static RAND_METHOD pk11_random = + { + pk11_rand_seed, + pk11_rand_bytes, + pk11_rand_cleanup, + pk11_rand_add, + pk11_rand_bytes, + pk11_rand_status + }; + + +/* Constants used when creating the ENGINE */ +static const char *engine_pk11_id = "pkcs11"; +static const char *engine_pk11_name = "PKCS #11 engine support"; + +CK_FUNCTION_LIST_PTR pFuncList = NULL; +static const char PK11_GET_FUNCTION_LIST[] = "C_GetFunctionList"; + +/* + * This is a static string constant for the DSO file name and the function + * symbol names to bind to. We set it in the Configure script based on whether + * this is 32 or 64 bit build. + */ +static const char def_PK11_LIBNAME[] = PK11_LIB_LOCATION; + +static CK_BBOOL pk11_true = CK_TRUE; +static CK_BBOOL pk11_false = CK_FALSE; +/* Needed in hw_pk11_pub.c as well so that's why it is not static. */ +CK_SLOT_ID pubkey_SLOTID = 0; +static CK_SLOT_ID rand_SLOTID = 0; +static CK_SLOT_ID SLOTID = 0; +static CK_BBOOL pk11_library_initialized = CK_FALSE; +static CK_BBOOL pk11_atfork_initialized = CK_FALSE; +static int pk11_pid = 0; +static ENGINE* pk11_engine = NULL; + +static DSO *pk11_dso = NULL; + +/* allocate and initialize all locks used by the engine itself */ +static int pk11_init_all_locks(void) + { + int type; + +#ifndef OPENSSL_NO_RSA + find_lock[OP_RSA] = OPENSSL_malloc(sizeof (pthread_mutex_t)); + if (find_lock[OP_RSA] == NULL) + goto malloc_err; + (void) pthread_mutex_init(find_lock[OP_RSA], NULL); +#endif /* OPENSSL_NO_RSA */ + + if ((uri_lock = OPENSSL_malloc(sizeof (pthread_mutex_t))) == NULL) + goto malloc_err; + (void) pthread_mutex_init(uri_lock, NULL); + +#ifndef OPENSSL_NO_DSA + find_lock[OP_DSA] = OPENSSL_malloc(sizeof (pthread_mutex_t)); + if (find_lock[OP_DSA] == NULL) + goto malloc_err; + (void) pthread_mutex_init(find_lock[OP_DSA], NULL); +#endif /* OPENSSL_NO_DSA */ + +#ifndef OPENSSL_NO_DH + find_lock[OP_DH] = OPENSSL_malloc(sizeof (pthread_mutex_t)); + if (find_lock[OP_DH] == NULL) + goto malloc_err; + (void) pthread_mutex_init(find_lock[OP_DH], NULL); +#endif /* OPENSSL_NO_DH */ + + for (type = 0; type < OP_MAX; type++) + { + session_cache[type].lock = + OPENSSL_malloc(sizeof (pthread_mutex_t)); + if (session_cache[type].lock == NULL) + goto malloc_err; + (void) pthread_mutex_init(session_cache[type].lock, NULL); + } + + return (1); + +malloc_err: + pk11_free_all_locks(); + PK11err(PK11_F_INIT_ALL_LOCKS, PK11_R_MALLOC_FAILURE); + return (0); + } + +static void pk11_free_all_locks(void) + { + int type; + +#ifndef OPENSSL_NO_RSA + if (find_lock[OP_RSA] != NULL) + { + (void) pthread_mutex_destroy(find_lock[OP_RSA]); + OPENSSL_free(find_lock[OP_RSA]); + find_lock[OP_RSA] = NULL; + } +#endif /* OPENSSL_NO_RSA */ +#ifndef OPENSSL_NO_DSA + if (find_lock[OP_DSA] != NULL) + { + (void) pthread_mutex_destroy(find_lock[OP_DSA]); + OPENSSL_free(find_lock[OP_DSA]); + find_lock[OP_DSA] = NULL; + } +#endif /* OPENSSL_NO_DSA */ +#ifndef OPENSSL_NO_DH + if (find_lock[OP_DH] != NULL) + { + (void) pthread_mutex_destroy(find_lock[OP_DH]); + OPENSSL_free(find_lock[OP_DH]); + find_lock[OP_DH] = NULL; + } +#endif /* OPENSSL_NO_DH */ + + for (type = 0; type < OP_MAX; type++) + { + if (session_cache[type].lock != NULL) + { + (void) pthread_mutex_destroy(session_cache[type].lock); + OPENSSL_free(session_cache[type].lock); + session_cache[type].lock = NULL; + } + } + /* Free uri_lock */ + (void) pthread_mutex_destroy(uri_lock); + OPENSSL_free(uri_lock); + uri_lock = NULL; + } + +/* + * This internal function is used by ENGINE_pk11() and "dynamic" ENGINE support. + */ +static int bind_pk11(ENGINE *e) + { +#ifndef OPENSSL_NO_RSA + const RSA_METHOD *rsa = NULL; + RSA_METHOD *pk11_rsa = PK11_RSA(); +#endif /* OPENSSL_NO_RSA */ + if (!pk11_library_initialized) + if (!pk11_library_init(e)) + return (0); + + if (!ENGINE_set_id(e, engine_pk11_id) || + !ENGINE_set_name(e, engine_pk11_name) || + !ENGINE_set_ciphers(e, pk11_engine_ciphers) || + !ENGINE_set_digests(e, pk11_engine_digests)) + return (0); + + if (!ENGINE_set_pkey_meths(e, pk11_engine_pkey_methods)) + return (0); + +#ifndef OPENSSL_NO_RSA + if (pk11_have_rsa == CK_TRUE) + { + if (!ENGINE_set_RSA(e, PK11_RSA()) || + !ENGINE_set_load_privkey_function(e, pk11_load_privkey) || + !ENGINE_set_load_pubkey_function(e, pk11_load_pubkey)) + return (0); + DEBUG_SLOT_SEL("%s: registered RSA\n", PK11_DBG); + } +#endif /* OPENSSL_NO_RSA */ +#ifndef OPENSSL_NO_DSA + if (pk11_have_dsa == CK_TRUE) + { + if (!ENGINE_set_DSA(e, PK11_DSA())) + return (0); + DEBUG_SLOT_SEL("%s: registered DSA\n", PK11_DBG); + } +#endif /* OPENSSL_NO_DSA */ +#ifndef OPENSSL_NO_DH + if (pk11_have_dh == CK_TRUE) + { + if (!ENGINE_set_DH(e, PK11_DH())) + return (0); + DEBUG_SLOT_SEL("%s: registered DH\n", PK11_DBG); + } +#endif /* OPENSSL_NO_DH */ + if (pk11_have_random) + { + if (!ENGINE_set_RAND(e, &pk11_random)) + return (0); + DEBUG_SLOT_SEL("%s: registered random\n", PK11_DBG); + } + if (!ENGINE_set_init_function(e, pk11_init) || + !ENGINE_set_destroy_function(e, pk11_destroy) || + !ENGINE_set_finish_function(e, pk11_finish) || + !ENGINE_set_ctrl_function(e, pk11_ctrl) || + !ENGINE_set_cmd_defns(e, pk11_cmd_defns)) + return (0); + +/* + * Apache calls OpenSSL function RSA_blinding_on() once during startup + * which in turn calls bn_mod_exp. Since we do not implement bn_mod_exp + * here, we wire it back to the OpenSSL software implementation. + * Since it is used only once, performance is not a concern. + */ +#ifndef OPENSSL_NO_RSA + rsa = RSA_PKCS1_SSLeay(); + pk11_rsa->rsa_mod_exp = rsa->rsa_mod_exp; + pk11_rsa->bn_mod_exp = rsa->bn_mod_exp; +#endif /* OPENSSL_NO_RSA */ + + /* Ensure the pk11 error handling is set up */ + ERR_load_pk11_strings(); + + return (1); + } + +/* Dynamic engine support is disabled at a higher level for Solaris */ +#ifdef ENGINE_DYNAMIC_SUPPORT +static int bind_helper(ENGINE *e, const char *id) + { + if (id && (strcmp(id, engine_pk11_id) != 0)) + return (0); + + if (!bind_pk11(e)) + return (0); + + return (1); + } + +IMPLEMENT_DYNAMIC_CHECK_FN() +IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) + +#else +static ENGINE *engine_pk11(void) + { + ENGINE *ret = ENGINE_new(); + + if (!ret) + return (NULL); + + if (!bind_pk11(ret)) + { + ENGINE_free(ret); + return (NULL); + } + + return (ret); + } + +int +pk11_engine_loaded() + { + ENGINE *e; + int rtrn = 0; + + if ((e = ENGINE_by_id(engine_pk11_id)) != NULL) + { + rtrn = 1; + ENGINE_free(e); + } + return (rtrn); + } + +void +ENGINE_load_pk11(void) + { + ENGINE *e_pk11 = NULL; + + /* + * Do not attempt to load the engine twice! + * Multiple instances would share static variables from this file. + */ + if (pk11_engine_loaded()) + return; + + /* + * Do not use dynamic PKCS#11 library on Solaris due to + * security reasons. We will link it in statically. + */ + /* Attempt to load PKCS#11 library */ + if (!pk11_dso) + pk11_dso = DSO_load(NULL, get_PK11_LIBNAME(), NULL, 0); + + if (pk11_dso == NULL) + { + PK11err(PK11_F_LOAD, PK11_R_DSO_FAILURE); + return; + } + + e_pk11 = engine_pk11(); + if (!e_pk11) + { + DSO_free(pk11_dso); + pk11_dso = NULL; + return; + } + + /* + * At this point, the pk11 shared library is either dynamically + * loaded or statically linked in. So, initialize the pk11 + * library before calling ENGINE_set_default since the latter + * needs cipher and digest algorithm information + */ + if (!pk11_library_init(e_pk11)) + { + DSO_free(pk11_dso); + pk11_dso = NULL; + ENGINE_free(e_pk11); + return; + } + + ENGINE_add(e_pk11); + + ENGINE_free(e_pk11); + ERR_clear_error(); + } +#endif /* ENGINE_DYNAMIC_SUPPORT */ + +/* + * These are the static string constants for the DSO file name and + * the function symbol names to bind to. + */ +static const char *PK11_LIBNAME = NULL; + +static const char *get_PK11_LIBNAME(void) + { + if (PK11_LIBNAME) + return (PK11_LIBNAME); + + return (def_PK11_LIBNAME); + } + +static void free_PK11_LIBNAME(void) + { + if (PK11_LIBNAME) + OPENSSL_free((void*)PK11_LIBNAME); + + PK11_LIBNAME = NULL; + } + +static long set_PK11_LIBNAME(const char *name) + { + free_PK11_LIBNAME(); + + return ((PK11_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0); + } + +/* acquire all engine specific mutexes before fork */ +static void pk11_fork_prepare(void) + { + int i; + + if (!pk11_library_initialized) + return; + + LOCK_OBJSTORE(OP_RSA); + LOCK_OBJSTORE(OP_DSA); + LOCK_OBJSTORE(OP_DH); + (void) pthread_mutex_lock(uri_lock); + for (i = 0; i < OP_MAX; i++) + { + (void) pthread_mutex_lock(session_cache[i].lock); + } + } + +/* release all engine specific mutexes */ +static void pk11_fork_parent(void) + { + int i; + + if (!pk11_library_initialized) + return; + + for (i = OP_MAX - 1; i >= 0; i--) + { + (void) pthread_mutex_unlock(session_cache[i].lock); + } + UNLOCK_OBJSTORE(OP_DH); + UNLOCK_OBJSTORE(OP_DSA); + UNLOCK_OBJSTORE(OP_RSA); + (void) pthread_mutex_unlock(uri_lock); + } + +/* + * same situation as in parent - we need to unlock all locks to make them + * accessible to all threads. + */ +static void pk11_fork_child(void) + { + int i; + + if (!pk11_library_initialized) + return; + + for (i = OP_MAX - 1; i >= 0; i--) + { + (void) pthread_mutex_unlock(session_cache[i].lock); + } + UNLOCK_OBJSTORE(OP_DH); + UNLOCK_OBJSTORE(OP_DSA); + UNLOCK_OBJSTORE(OP_RSA); + (void) pthread_mutex_unlock(uri_lock); + } + +/* Initialization function for the pk11 engine */ +static int pk11_init(ENGINE *e) +{ + return (pk11_library_init(e)); +} + +/* + * Helper function that unsets reference to current engine (pk11_engine = NULL). + * + * Use of local variable only seems clumsy, it needs to be this way! + * This is to prevent double free in the unlucky scenario: + * ENGINE_free calls pk11_destroy calls pk11_finish calls ENGINE_free + * Setting pk11_engine to NULL prior to ENGINE_free() avoids this. + */ +static void pk11_engine_free() + { + ENGINE* old_engine = pk11_engine; + + if (old_engine) { + pk11_engine = NULL; + } + } + +/* + * Initialization function. Sets up various PKCS#11 library components. + * It selects a slot based on predefined critiera. In the process, it also + * count how many ciphers and digests to support. Since the cipher and + * digest information is needed when setting default engine, this function + * needs to be called before calling ENGINE_set_default. + */ +/* ARGSUSED */ +static int pk11_library_init(ENGINE *e) + { + CK_C_GetFunctionList p; + CK_RV rv = CKR_OK; + CK_INFO info; + CK_ULONG ul_state_len; + int any_slot_found; + int i; + + if (e != pk11_engine) + { + pk11_engine_free(); + pk11_engine = e; + } + + /* + * pk11_library_initialized is set to 0 in pk11_finish() which is called + * from ENGINE_finish(). However, if there is still at least one + * existing functional reference to the engine (see engine(3) for more + * information), pk11_finish() is skipped. For example, this can happen + * if an application forgets to clear one cipher context. In case of a + * fork() when the application is finishing the engine so that it can be + * reinitialized in the child, forgotten functional reference causes + * pk11_library_initialized to stay 1. In that case we need the PID + * check so that we properly initialize the engine again. + */ + if (pk11_library_initialized) + { + if (pk11_pid == getpid()) + { + return (1); + } + else + { + global_session = CK_INVALID_HANDLE; + /* + * free the locks first to prevent memory leak in case + * the application calls fork() without finishing the + * engine first. + */ + pk11_free_all_locks(); + } + } + + + /* Attempt to load PKCS#11 library */ + if (!pk11_dso) + { + pk11_dso = DSO_load(NULL, get_PK11_LIBNAME(), NULL, 0); + if (pk11_dso == NULL) + { + PK11err(PK11_F_LOAD, PK11_R_DSO_FAILURE); + goto err; + } + } + +#ifdef SOLARIS_HW_SLOT_SELECTION + if (check_hw_mechanisms() == 0) + goto err; +#endif /* SOLARIS_HW_SLOT_SELECTION */ + + /* get the C_GetFunctionList function from the loaded library */ + p = (CK_C_GetFunctionList)DSO_bind_func(pk11_dso, + PK11_GET_FUNCTION_LIST); + if (!p) + { + PK11err(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE); + goto err; + } + + /* get the full function list from the loaded library */ + rv = p(&pFuncList); + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_DSO_FAILURE, rv); + goto err; + } + + rv = pFuncList->C_Initialize(NULL_PTR); + if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED)) + { + PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_INITIALIZE, rv); + goto err; + } + + rv = pFuncList->C_GetInfo(&info); + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_LIBRARY_INIT, PK11_R_GETINFO, rv); + goto err; + } + + if (pk11_choose_slots(&any_slot_found) == 0) + goto err; + + /* + * The library we use, set in def_PK11_LIBNAME, may not offer any + * slot(s). In that case, we must not proceed but we must not return an + * error. The reason is that applications that try to set up the PKCS#11 + * engine don't exit on error during the engine initialization just + * because no slot was present. + */ + if (any_slot_found == 0) + return (1); + + if (global_session == CK_INVALID_HANDLE) + { + /* Open the global_session for the new process */ + rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION, + NULL_PTR, NULL_PTR, &global_session); + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_LIBRARY_INIT, + PK11_R_OPENSESSION, rv); + goto err; + } + } + + /* + * Disable digest if C_GetOperationState is not supported since + * this function is required by OpenSSL digest copy function + */ + if (pFuncList->C_GetOperationState(global_session, NULL, &ul_state_len) + == CKR_FUNCTION_NOT_SUPPORTED) { + DEBUG_SLOT_SEL("%s: C_GetOperationState() not supported, " + "setting digest_count to 0\n", PK11_DBG); + digest_count = 0; + } + + pk11_library_initialized = CK_TRUE; + pk11_pid = getpid(); + /* + * if initialization of the locks fails pk11_init_all_locks() + * will do the cleanup. + */ + if (!pk11_init_all_locks()) + goto err; + for (i = 0; i < OP_MAX; i++) + session_cache[i].head = NULL; + /* + * initialize active lists. We only use active lists + * for asymmetric ciphers. + */ + for (i = 0; i < OP_MAX; i++) + active_list[i] = NULL; + + if (!pk11_atfork_initialized) + { + if (pthread_atfork(pk11_fork_prepare, pk11_fork_parent, + pk11_fork_child) != 0) + { + PK11err(PK11_F_LIBRARY_INIT, PK11_R_ATFORK_FAILED); + goto err; + } + pk11_atfork_initialized = CK_TRUE; + } + + return (1); + +err: + return (0); + } + +/* Destructor (complements the "ENGINE_pk11()" constructor) */ +/* ARGSUSED */ +static int pk11_destroy(ENGINE *e) + { + int rtn = 1; + + free_PK11_LIBNAME(); + ERR_unload_pk11_strings(); + if (pk11_library_initialized == CK_TRUE) + rtn = pk11_finish(e); + + return (rtn); + } + +/* + * Termination function to clean up the session, the token, and the pk11 + * library. + */ +/* ARGSUSED */ +static int pk11_finish(ENGINE *e) + { + int i; + + /* + * Make sure, right engine instance is being destroyed. + * Engine e may be the wrong instance if + * 1) either someone calls ENGINE_load_pk11 twice + * 2) or last ref. to an already finished engine is being destroyed + */ + if (e != pk11_engine) + goto err; + + if (pk11_dso == NULL) + { + PK11err(PK11_F_FINISH, PK11_R_NOT_LOADED); + goto err; + } + + OPENSSL_assert(pFuncList != NULL); + + if (pk11_free_all_sessions() == 0) + goto err; + + /* free all active lists */ + for (i = 0; i < OP_MAX; i++) + pk11_free_active_list(i); + + pFuncList->C_CloseSession(global_session); + global_session = CK_INVALID_HANDLE; + + /* + * Since we are part of a library (libcrypto.so), calling this function + * may have side-effects. + */ +#if 0 + pFuncList->C_Finalize(NULL); +#endif + + if (!DSO_free(pk11_dso)) + { + PK11err(PK11_F_FINISH, PK11_R_DSO_FAILURE); + goto err; + } + pk11_dso = NULL; + pFuncList = NULL; + pk11_library_initialized = CK_FALSE; + pk11_pid = 0; + pk11_engine_free(); + /* + * There is no way how to unregister atfork handlers (other than + * unloading the library) so we just free the locks. For this reason + * the atfork handlers check if the engine is initialized and bail out + * immediately if not. This is necessary in case a process finishes + * the engine before calling fork(). + */ + pk11_free_all_locks(); + + return (1); + +err: + return (0); + } + +/* Standard engine interface function to set the dynamic library path */ +/* ARGSUSED */ +static int pk11_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) + { + int initialized = ((pk11_dso == NULL) ? 0 : 1); + + switch (cmd) + { + case PK11_CMD_SO_PATH: + if (p == NULL) + { + PK11err(PK11_F_CTRL, ERR_R_PASSED_NULL_PARAMETER); + return (0); + } + + if (initialized) + { + PK11err(PK11_F_CTRL, PK11_R_ALREADY_LOADED); + return (0); + } + + return (set_PK11_LIBNAME((const char *)p)); + default: + break; + } + + PK11err(PK11_F_CTRL, PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED); + + return (0); + } + + +/* Required function by the engine random interface. It does nothing here */ +static void pk11_rand_cleanup(void) + { + return; + } + +/* ARGSUSED */ +static void pk11_rand_add(const void *buf, int num, double add) + { + PK11_SESSION *sp; + + if ((sp = pk11_get_session(OP_RAND)) == NULL) + return; + + /* + * Ignore any errors (e.g. CKR_RANDOM_SEED_NOT_SUPPORTED) since + * the calling functions do not care anyway + */ + pFuncList->C_SeedRandom(sp->session, (unsigned char *) buf, num); + pk11_return_session(sp, OP_RAND); + + return; + } + +static void pk11_rand_seed(const void *buf, int num) + { + pk11_rand_add(buf, num, 0); + } + +static int pk11_rand_bytes(unsigned char *buf, int num) + { + CK_RV rv; + PK11_SESSION *sp; + + if ((sp = pk11_get_session(OP_RAND)) == NULL) + return (0); + + rv = pFuncList->C_GenerateRandom(sp->session, buf, num); + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_RAND_BYTES, PK11_R_GENERATERANDOM, rv); + pk11_return_session(sp, OP_RAND); + return (0); + } + + pk11_return_session(sp, OP_RAND); + return (1); + } + +/* Required function by the engine random interface. It does nothing here */ +static int pk11_rand_status(void) + { + return (1); + } + +/* Free all BIGNUM structures from PK11_SESSION. */ +static void pk11_free_nums(PK11_SESSION *sp, PK11_OPTYPE optype) + { + switch (optype) + { +#ifndef OPENSSL_NO_RSA + case OP_RSA: + if (sp->opdata_rsa_n_num != NULL) + { + BN_free(sp->opdata_rsa_n_num); + sp->opdata_rsa_n_num = NULL; + } + if (sp->opdata_rsa_e_num != NULL) + { + BN_free(sp->opdata_rsa_e_num); + sp->opdata_rsa_e_num = NULL; + } + if (sp->opdata_rsa_d_num != NULL) + { + BN_free(sp->opdata_rsa_d_num); + sp->opdata_rsa_d_num = NULL; + } + break; +#endif +#ifndef OPENSSL_NO_DSA + case OP_DSA: + if (sp->opdata_dsa_pub_num != NULL) + { + BN_free(sp->opdata_dsa_pub_num); + sp->opdata_dsa_pub_num = NULL; + } + if (sp->opdata_dsa_priv_num != NULL) + { + BN_free(sp->opdata_dsa_priv_num); + sp->opdata_dsa_priv_num = NULL; + } + break; +#endif +#ifndef OPENSSL_NO_DH + case OP_DH: + if (sp->opdata_dh_priv_num != NULL) + { + BN_free(sp->opdata_dh_priv_num); + sp->opdata_dh_priv_num = NULL; + } + break; +#endif + default: + break; + } + } + +/* + * Get new PK11_SESSION structure ready for use. Every process must have + * its own freelist of PK11_SESSION structures so handle fork() here + * by destroying the old and creating new freelist. + * The returned PK11_SESSION structure is disconnected from the freelist. + */ +PK11_SESSION * +pk11_get_session(PK11_OPTYPE optype) + { + PK11_SESSION *sp = NULL, *sp1, *freelist; + pthread_mutex_t *freelist_lock; + static pid_t pid = 0; + pid_t new_pid; + CK_RV rv; + + switch (optype) + { + case OP_RSA: + case OP_DSA: + case OP_DH: + case OP_RAND: + case OP_DIGEST: + case OP_CIPHER: + freelist_lock = session_cache[optype].lock; + break; + default: + PK11err(PK11_F_GET_SESSION, + PK11_R_INVALID_OPERATION_TYPE); + return (NULL); + } + (void) pthread_mutex_lock(freelist_lock); + + /* + * Will use it to find out if we forked. We cannot use the PID field in + * the session structure because we could get a newly allocated session + * here, with no PID information. + */ + if (pid == 0) + pid = getpid(); + + freelist = session_cache[optype].head; + sp = freelist; + + /* + * If the free list is empty, allocate new uninitialized (filled + * with zeroes) PK11_SESSION structure otherwise return first + * structure from the freelist. + */ + if (sp == NULL) + { + if ((sp = OPENSSL_malloc(sizeof (PK11_SESSION))) == NULL) + { + PK11err(PK11_F_GET_SESSION, + PK11_R_MALLOC_FAILURE); + goto err; + } + (void) memset(sp, 0, sizeof (PK11_SESSION)); + + /* + * It is a new session so it will look like a cache miss to the + * code below. So, we must not try to to destroy its members so + * mark them as unused. + */ + sp->opdata_rsa_priv_key = CK_INVALID_HANDLE; + sp->opdata_rsa_pub_key = CK_INVALID_HANDLE; + } + else + freelist = sp->next; + + /* + * Check whether we have forked. In that case, we must get rid of all + * inherited sessions and start allocating new ones. + */ + if (pid != (new_pid = getpid())) + { + pid = new_pid; + + /* + * We are a new process and thus need to free any inherited + * PK11_SESSION objects aside from the first session (sp) which + * is the only PK11_SESSION structure we will reuse (for the + * head of the list). + */ + while ((sp1 = freelist) != NULL) + { + freelist = sp1->next; + /* + * NOTE: we do not want to call pk11_free_all_sessions() + * here because it would close underlying PKCS#11 + * sessions and destroy all objects. + */ + pk11_free_nums(sp1, optype); + OPENSSL_free(sp1); + } + + /* we have to free the active list as well. */ + pk11_free_active_list(optype); + + /* Initialize the process */ + rv = pFuncList->C_Initialize(NULL_PTR); + if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED)) + { + PK11err_add_data(PK11_F_GET_SESSION, PK11_R_INITIALIZE, + rv); + OPENSSL_free(sp); + sp = NULL; + goto err; + } + + /* + * Choose slot here since the slot table is different on this + * process. If we are here then we must have found at least one + * usable slot before so we don't need to check any_slot_found. + * See pk11_library_init()'s usage of this function for more + * information. + */ +#ifdef SOLARIS_HW_SLOT_SELECTION + if (check_hw_mechanisms() == 0) + goto err; +#endif /* SOLARIS_HW_SLOT_SELECTION */ + if (pk11_choose_slots(NULL) == 0) + goto err; + + /* Open the global_session for the new process */ + rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION, + NULL_PTR, NULL_PTR, &global_session); + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_GET_SESSION, PK11_R_OPENSESSION, + rv); + OPENSSL_free(sp); + sp = NULL; + goto err; + } + + /* + * It is an inherited session from our parent so it needs + * re-initialization. + */ + if (pk11_setup_session(sp, optype) == 0) + { + OPENSSL_free(sp); + sp = NULL; + goto err; + } + if (pk11_token_relogin(sp->session) == 0) + { + /* + * We will keep the session in the cache list and let + * the caller cope with the situation. + */ + freelist = sp; + sp = NULL; + goto err; + } + } + + if (sp->pid == 0) + { + /* It is a new session and needs initialization. */ + if (pk11_setup_session(sp, optype) == 0) + { + OPENSSL_free(sp); + sp = NULL; + } + } + + /* set new head for the list of PK11_SESSION objects */ + session_cache[optype].head = freelist; + +err: + if (sp != NULL) + sp->next = NULL; + + (void) pthread_mutex_unlock(freelist_lock); + + return (sp); + } + + +void +pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype) + { + pthread_mutex_t *freelist_lock; + PK11_SESSION *freelist; + + /* + * If this is a session from the parent it will be taken care of and + * freed in pk11_get_session() as part of the post-fork clean up the + * next time we will ask for a new session. + */ + if (sp == NULL || sp->pid != getpid()) + return; + + switch (optype) + { + case OP_RSA: + case OP_DSA: + case OP_DH: + case OP_RAND: + case OP_DIGEST: + case OP_CIPHER: + freelist_lock = session_cache[optype].lock; + break; + default: + PK11err(PK11_F_RETURN_SESSION, + PK11_R_INVALID_OPERATION_TYPE); + return; + } + + (void) pthread_mutex_lock(freelist_lock); + freelist = session_cache[optype].head; + sp->next = freelist; + session_cache[optype].head = sp; + (void) pthread_mutex_unlock(freelist_lock); + } + + +/* Destroy all objects. This function is called when the engine is finished */ +static int pk11_free_all_sessions() + { + int ret = 1; + int type; + +#ifndef OPENSSL_NO_RSA + (void) pk11_destroy_rsa_key_objects(NULL); +#endif /* OPENSSL_NO_RSA */ +#ifndef OPENSSL_NO_DSA + (void) pk11_destroy_dsa_key_objects(NULL); +#endif /* OPENSSL_NO_DSA */ +#ifndef OPENSSL_NO_DH + (void) pk11_destroy_dh_key_objects(NULL); +#endif /* OPENSSL_NO_DH */ + (void) pk11_destroy_cipher_key_objects(NULL); + + /* + * We try to release as much as we can but any error means that we will + * return 0 on exit. + */ + for (type = 0; type < OP_MAX; type++) + { + if (pk11_free_session_list(type) == 0) + ret = 0; + } + + return (ret); + } + +/* + * Destroy session structures from the linked list specified. Free as many + * sessions as possible but any failure in C_CloseSession() means that we + * return an error on return. + */ +static int pk11_free_session_list(PK11_OPTYPE optype) + { + CK_RV rv; + PK11_SESSION *sp = NULL; + PK11_SESSION *freelist = NULL; + pid_t mypid = getpid(); + pthread_mutex_t *freelist_lock; + int ret = 1; + + switch (optype) + { + case OP_RSA: + case OP_DSA: + case OP_DH: + case OP_RAND: + case OP_DIGEST: + case OP_CIPHER: + freelist_lock = session_cache[optype].lock; + break; + default: + PK11err(PK11_F_FREE_ALL_SESSIONS, + PK11_R_INVALID_OPERATION_TYPE); + return (0); + } + + (void) pthread_mutex_lock(freelist_lock); + freelist = session_cache[optype].head; + while ((sp = freelist) != NULL) + { + if (sp->session != CK_INVALID_HANDLE && sp->pid == mypid) + { + rv = pFuncList->C_CloseSession(sp->session); + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_FREE_ALL_SESSIONS, + PK11_R_CLOSESESSION, rv); + ret = 0; + } + } + freelist = sp->next; + pk11_free_nums(sp, optype); + OPENSSL_free(sp); + } + + (void) pthread_mutex_unlock(freelist_lock); + return (ret); + } + + +static int +pk11_setup_session(PK11_SESSION *sp, PK11_OPTYPE optype) + { + CK_RV rv; + CK_SLOT_ID myslot; + + switch (optype) + { + case OP_RSA: + case OP_DSA: + case OP_DH: + myslot = pubkey_SLOTID; + break; + case OP_RAND: + myslot = rand_SLOTID; + break; + case OP_DIGEST: + case OP_CIPHER: + myslot = SLOTID; + break; + default: + PK11err(PK11_F_SETUP_SESSION, + PK11_R_INVALID_OPERATION_TYPE); + return (0); + } + + sp->session = CK_INVALID_HANDLE; + DEBUG_SLOT_SEL("%s: myslot=%d optype=%d\n", PK11_DBG, myslot, optype); + rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION, + NULL_PTR, NULL_PTR, &sp->session); + if (rv == CKR_CRYPTOKI_NOT_INITIALIZED) + { + /* + * We are probably a child process so force the + * reinitialize of the session + */ + pk11_library_initialized = CK_FALSE; + if (!pk11_library_init(NULL)) + return (0); + rv = pFuncList->C_OpenSession(myslot, CKF_SERIAL_SESSION, + NULL_PTR, NULL_PTR, &sp->session); + } + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_SETUP_SESSION, PK11_R_OPENSESSION, rv); + return (0); + } + + sp->pid = getpid(); + + switch (optype) + { +#ifndef OPENSSL_NO_RSA + case OP_RSA: + sp->opdata_rsa_pub_key = CK_INVALID_HANDLE; + sp->opdata_rsa_priv_key = CK_INVALID_HANDLE; + sp->opdata_rsa_pub = NULL; + sp->opdata_rsa_n_num = NULL; + sp->opdata_rsa_e_num = NULL; + sp->opdata_rsa_priv = NULL; + sp->opdata_rsa_d_num = NULL; + break; +#endif /* OPENSSL_NO_RSA */ +#ifndef OPENSSL_NO_DSA + case OP_DSA: + sp->opdata_dsa_pub_key = CK_INVALID_HANDLE; + sp->opdata_dsa_priv_key = CK_INVALID_HANDLE; + sp->opdata_dsa_pub = NULL; + sp->opdata_dsa_pub_num = NULL; + sp->opdata_dsa_priv = NULL; + sp->opdata_dsa_priv_num = NULL; + break; +#endif /* OPENSSL_NO_DSA */ +#ifndef OPENSSL_NO_DH + case OP_DH: + sp->opdata_dh_key = CK_INVALID_HANDLE; + sp->opdata_dh = NULL; + sp->opdata_dh_priv_num = NULL; + break; +#endif /* OPENSSL_NO_DH */ + case OP_CIPHER: + sp->opdata_cipher_key = CK_INVALID_HANDLE; + sp->opdata_encrypt = -1; + break; + } + + /* + * We always initialize the session as containing a non-persistent + * object. The key load functions set it to persistent if that is so. + */ + sp->persistent = CK_FALSE; + return (1); + } + +#ifndef OPENSSL_NO_RSA +/* + * Destroy all non-NULL RSA parameters. For the RSA keys by reference code, + * public components 'n'/'e' are the key components we use to check for the + * cache hit even for the private keys. So, no matter whether we are destroying + * a public or a private key, we always free what we can. + */ +static void +destroy_all_rsa_params(PK11_SESSION *sp) + { + if (sp->opdata_rsa_n_num != NULL) + { + BN_free(sp->opdata_rsa_n_num); + sp->opdata_rsa_n_num = NULL; + } + if (sp->opdata_rsa_e_num != NULL) + { + BN_free(sp->opdata_rsa_e_num); + sp->opdata_rsa_e_num = NULL; + } + if (sp->opdata_rsa_d_num != NULL) + { + BN_free(sp->opdata_rsa_d_num); + sp->opdata_rsa_d_num = NULL; + } + } + +/* Destroy RSA public key from single session. */ +int +pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock) + { + int ret = 0; + + if (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE) + { + TRY_OBJ_DESTROY(sp, sp->opdata_rsa_pub_key, + ret, uselock, OP_RSA); + sp->opdata_rsa_pub_key = CK_INVALID_HANDLE; + sp->opdata_rsa_pub = NULL; + destroy_all_rsa_params(sp); + } + + return (ret); + } + +/* Destroy RSA private key from single session. */ +int +pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock) + { + int ret = 0; + + if (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE) + { + TRY_OBJ_DESTROY(sp, sp->opdata_rsa_priv_key, + ret, uselock, OP_RSA); + sp->opdata_rsa_priv_key = CK_INVALID_HANDLE; + sp->opdata_rsa_priv = NULL; + destroy_all_rsa_params(sp); + } + + return (ret); + } + +/* + * Destroy RSA key object wrapper. If session is NULL, try to destroy all + * objects in the free list. + */ +int +pk11_destroy_rsa_key_objects(PK11_SESSION *session) + { + int ret = 1; + PK11_SESSION *sp = NULL; + PK11_SESSION *local_free_session; + CK_BBOOL uselock = CK_TRUE; + + if (session != NULL) + local_free_session = session; + else + { + (void) pthread_mutex_lock(session_cache[OP_RSA].lock); + local_free_session = session_cache[OP_RSA].head; + uselock = CK_FALSE; + } + + /* + * go through the list of sessions and delete key objects + */ + while ((sp = local_free_session) != NULL) + { + local_free_session = sp->next; + + /* + * Do not terminate list traversal if one of the + * destroy operations fails. + */ + if (pk11_destroy_rsa_object_pub(sp, uselock) == 0) + { + ret = 0; + continue; + } + if (pk11_destroy_rsa_object_priv(sp, uselock) == 0) + { + ret = 0; + continue; + } + } + + if (session == NULL) + (void) pthread_mutex_unlock(session_cache[OP_RSA].lock); + + return (ret); + } +#endif /* OPENSSL_NO_RSA */ + +#ifndef OPENSSL_NO_DSA +/* Destroy DSA public key from single session. */ +int +pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock) + { + int ret = 0; + + if (sp->opdata_dsa_pub_key != CK_INVALID_HANDLE) + { + TRY_OBJ_DESTROY(sp, sp->opdata_dsa_pub_key, + ret, uselock, OP_DSA); + sp->opdata_dsa_pub_key = CK_INVALID_HANDLE; + sp->opdata_dsa_pub = NULL; + if (sp->opdata_dsa_pub_num != NULL) + { + BN_free(sp->opdata_dsa_pub_num); + sp->opdata_dsa_pub_num = NULL; + } + } + + return (ret); + } + +/* Destroy DSA private key from single session. */ +int +pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock) + { + int ret = 0; + + if (sp->opdata_dsa_priv_key != CK_INVALID_HANDLE) + { + TRY_OBJ_DESTROY(sp, sp->opdata_dsa_priv_key, + ret, uselock, OP_DSA); + sp->opdata_dsa_priv_key = CK_INVALID_HANDLE; + sp->opdata_dsa_priv = NULL; + if (sp->opdata_dsa_priv_num != NULL) + { + BN_free(sp->opdata_dsa_priv_num); + sp->opdata_dsa_priv_num = NULL; + } + } + + return (ret); + } + +/* + * Destroy DSA key object wrapper. If session is NULL, try to destroy all + * objects in the free list. + */ +int +pk11_destroy_dsa_key_objects(PK11_SESSION *session) + { + int ret = 1; + PK11_SESSION *sp = NULL; + PK11_SESSION *local_free_session; + CK_BBOOL uselock = CK_TRUE; + + if (session != NULL) + local_free_session = session; + else + { + (void) pthread_mutex_lock(session_cache[OP_DSA].lock); + local_free_session = session_cache[OP_DSA].head; + uselock = CK_FALSE; + } + + /* + * go through the list of sessions and delete key objects + */ + while ((sp = local_free_session) != NULL) + { + local_free_session = sp->next; + + /* + * Do not terminate list traversal if one of the + * destroy operations fails. + */ + if (pk11_destroy_dsa_object_pub(sp, uselock) == 0) + { + ret = 0; + continue; + } + if (pk11_destroy_dsa_object_priv(sp, uselock) == 0) + { + ret = 0; + continue; + } + } + + if (session == NULL) + (void) pthread_mutex_unlock(session_cache[OP_DSA].lock); + + return (ret); + } +#endif /* OPENSSL_NO_DSA */ + +#ifndef OPENSSL_NO_DH +/* Destroy DH key from single session. */ +int +pk11_destroy_dh_object(PK11_SESSION *sp, CK_BBOOL uselock) + { + int ret = 0; + + if (sp->opdata_dh_key != CK_INVALID_HANDLE) + { + TRY_OBJ_DESTROY(sp, sp->opdata_dh_key, + ret, uselock, OP_DH); + sp->opdata_dh_key = CK_INVALID_HANDLE; + sp->opdata_dh = NULL; + if (sp->opdata_dh_priv_num != NULL) + { + BN_free(sp->opdata_dh_priv_num); + sp->opdata_dh_priv_num = NULL; + } + } + + return (ret); + } + +/* + * Destroy DH key object wrapper. + * + * arg0: pointer to PKCS#11 engine session structure + * if session is NULL, try to destroy all objects in the free list + */ +int +pk11_destroy_dh_key_objects(PK11_SESSION *session) + { + int ret = 1; + PK11_SESSION *sp = NULL; + PK11_SESSION *local_free_session; + CK_BBOOL uselock = CK_TRUE; + + if (session != NULL) + local_free_session = session; + else + { + (void) pthread_mutex_lock(session_cache[OP_DH].lock); + local_free_session = session_cache[OP_DH].head; + uselock = CK_FALSE; + } + + while ((sp = local_free_session) != NULL) + { + local_free_session = sp->next; + + /* + * Do not terminate list traversal if one of the + * destroy operations fails. + */ + if (pk11_destroy_dh_object(sp, uselock) == 0) + { + ret = 0; + continue; + } + } +err: + if (session == NULL) + (void) pthread_mutex_unlock(session_cache[OP_DH].lock); + + return (ret); + } +#endif /* OPENSSL_NO_DH */ + +static int +pk11_destroy_object(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE oh, + CK_BBOOL persistent) + { + CK_RV rv; + + /* + * We never try to destroy persistent objects which are the objects + * stored in the keystore. Also, we always use read-only sessions so + * C_DestroyObject() would be returning CKR_SESSION_READ_ONLY here. + */ + if (persistent == CK_TRUE) + return (1); + + rv = pFuncList->C_DestroyObject(session, oh); + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_DESTROY_OBJECT, PK11_R_DESTROYOBJECT, + rv); + return (0); + } + + return (1); + } + + +/* Symmetric ciphers and digests support functions */ + +static int +cipher_nid_to_pk11(int nid) + { + int i; + + for (i = 0; i < PK11_CIPHER_MAX; i++) + if (ciphers[i].nid == nid) + return (ciphers[i].id); + return (-1); + } + +static int +pk11_usable_ciphers(const int **nids) + { + if (cipher_count > 0) + *nids = cipher_nids; + else + *nids = NULL; + return (cipher_count); + } + +static int +pk11_usable_digests(const int **nids) + { + if (digest_count > 0) + *nids = digest_nids; + else + *nids = NULL; + return (digest_count); + } + +/* + * Init context for encryption or decryption using a symmetric key. + */ +static int pk11_init_symmetric(EVP_CIPHER_CTX *ctx, PK11_CIPHER *pcipher, + PK11_SESSION *sp, CK_MECHANISM_PTR pmech) + { + CK_RV rv; + CK_AES_CTR_PARAMS ctr_params; + + /* + * We expect pmech->mechanism to be already set and + * pParameter/ulParameterLen initialized to NULL/0 before + * pk11_init_symmetric() is called. + */ + OPENSSL_assert(pmech->mechanism != NULL); + OPENSSL_assert(pmech->pParameter == NULL); + OPENSSL_assert(pmech->ulParameterLen == 0); + + if (ctx->cipher->nid == NID_aes_128_ctr || + ctx->cipher->nid == NID_aes_192_ctr || + ctx->cipher->nid == NID_aes_256_ctr) + { + pmech->pParameter = (void *)(&ctr_params); + pmech->ulParameterLen = sizeof (ctr_params); + /* + * For now, we are limited to the fixed length of the counter, + * it covers the whole counter block. That's what RFC 4344 + * needs. For more information on internal structure of the + * counter block, see RFC 3686. If needed in the future, we can + * add code so that the counter length can be set via + * ENGINE_ctrl() function. + */ + ctr_params.ulCounterBits = AES_BLOCK_SIZE * 8; + OPENSSL_assert(pcipher->iv_len == AES_BLOCK_SIZE); + (void) memcpy(ctr_params.cb, ctx->iv, AES_BLOCK_SIZE); + } + else + { + if (pcipher->iv_len > 0) + { + pmech->pParameter = (void *)ctx->iv; + pmech->ulParameterLen = pcipher->iv_len; + } + } + + /* if we get here, the encryption needs to be reinitialized */ + if (ctx->encrypt) + rv = pFuncList->C_EncryptInit(sp->session, pmech, + sp->opdata_cipher_key); + else + rv = pFuncList->C_DecryptInit(sp->session, pmech, + sp->opdata_cipher_key); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_CIPHER_INIT, ctx->encrypt ? + PK11_R_ENCRYPTINIT : PK11_R_DECRYPTINIT, rv); + pk11_return_session(sp, OP_CIPHER); + return (0); + } + + return (1); + } + +/* ARGSUSED */ +static int +pk11_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { + CK_MECHANISM mech; + int index; + PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->cipher_data; + PK11_SESSION *sp; + PK11_CIPHER *p_ciph_table_row; + + state->sp = NULL; + + index = cipher_nid_to_pk11(ctx->cipher->nid); + if (index < 0 || index >= PK11_CIPHER_MAX) + return (0); + + p_ciph_table_row = &ciphers[index]; + /* + * iv_len in the ctx->cipher structure is the maximum IV length for the + * current cipher and it must be less or equal to the IV length in our + * ciphers table. The key length must be in the allowed interval. From + * all cipher modes that the PKCS#11 engine supports only RC4 allows a + * key length to be in some range, all other NIDs have a precise key + * length. Every application can define its own EVP functions so this + * code serves as a sanity check. + * + * Note that the reason why the IV length in ctx->cipher might be + * greater than the actual length is that OpenSSL uses BLOCK_CIPHER_defs + * macro to define functions that return EVP structures for all DES + * modes. So, even ECB modes get 8 byte IV. + */ + if (ctx->cipher->iv_len < p_ciph_table_row->iv_len || + ctx->key_len < p_ciph_table_row->min_key_len || + ctx->key_len > p_ciph_table_row->max_key_len) { + PK11err(PK11_F_CIPHER_INIT, PK11_R_KEY_OR_IV_LEN_PROBLEM); + return (0); + } + + if ((sp = pk11_get_session(OP_CIPHER)) == NULL) + return (0); + + /* if applicable, the mechanism parameter is used for IV */ + mech.mechanism = p_ciph_table_row->mech_type; + mech.pParameter = NULL; + mech.ulParameterLen = 0; + + /* The key object is destroyed here if it is not the current key. */ + (void) check_new_cipher_key(sp, key, ctx->key_len); + + /* + * If the key is the same and the encryption is also the same, then + * just reuse it. However, we must not forget to reinitialize the + * context that was finalized in pk11_cipher_cleanup(). + */ + if (sp->opdata_cipher_key != CK_INVALID_HANDLE && + sp->opdata_encrypt == ctx->encrypt) + { + state->sp = sp; + if (pk11_init_symmetric(ctx, p_ciph_table_row, sp, &mech) == 0) + return (0); + + return (1); + } + + /* + * Check if the key has been invalidated. If so, a new key object + * needs to be created. + */ + if (sp->opdata_cipher_key == CK_INVALID_HANDLE) + { + sp->opdata_cipher_key = pk11_get_cipher_key( + ctx, key, p_ciph_table_row->key_type, sp); + } + + if (sp->opdata_encrypt != ctx->encrypt && sp->opdata_encrypt != -1) + { + /* + * The previous encryption/decryption is different. Need to + * terminate the previous * active encryption/decryption here. + */ + if (!pk11_cipher_final(sp)) + { + pk11_return_session(sp, OP_CIPHER); + return (0); + } + } + + if (sp->opdata_cipher_key == CK_INVALID_HANDLE) + { + pk11_return_session(sp, OP_CIPHER); + return (0); + } + + /* now initialize the context with a new key */ + if (pk11_init_symmetric(ctx, p_ciph_table_row, sp, &mech) == 0) + return (0); + + sp->opdata_encrypt = ctx->encrypt; + state->sp = sp; + + return (1); + } + +/* + * When reusing the same key in an encryption/decryption session for a + * decryption/encryption session, we need to close the active session + * and recreate a new one. Note that the key is in the global session so + * that it needs not be recreated. + * + * It is more appropriate to use C_En/DecryptFinish here. At the time of this + * development, these two functions in the PKCS#11 libraries used return + * unexpected errors when passing in 0 length output. It may be a good + * idea to try them again if performance is a problem here and fix + * C_En/DecryptFinial if there are bugs there causing the problem. + */ +static int +pk11_cipher_final(PK11_SESSION *sp) + { + CK_RV rv; + + rv = pFuncList->C_CloseSession(sp->session); + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_CIPHER_FINAL, PK11_R_CLOSESESSION, rv); + return (0); + } + + rv = pFuncList->C_OpenSession(SLOTID, CKF_SERIAL_SESSION, + NULL_PTR, NULL_PTR, &sp->session); + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_CIPHER_FINAL, PK11_R_OPENSESSION, rv); + return (0); + } + + return (1); + } + +/* + * An engine interface function. The calling function allocates sufficient + * memory for the output buffer "out" to hold the results. + */ +static int +pk11_cipher_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) + { + PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->cipher_data; + PK11_SESSION *sp; + CK_RV rv; + unsigned long outl = inl; + + if (state == NULL || state->sp == NULL) + return (0); + + sp = (PK11_SESSION *) state->sp; + + if (!inl) + return (1); + + /* RC4 is the only stream cipher we support */ + if (ctx->cipher->nid != NID_rc4 && (inl % ctx->cipher->block_size) != 0) + return (0); + + if (ctx->encrypt) + { + rv = pFuncList->C_EncryptUpdate(sp->session, + (unsigned char *)in, inl, out, &outl); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_CIPHER_DO_CIPHER, + PK11_R_ENCRYPTUPDATE, rv); + return (0); + } + } + else + { + rv = pFuncList->C_DecryptUpdate(sp->session, + (unsigned char *)in, inl, out, &outl); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_CIPHER_DO_CIPHER, + PK11_R_DECRYPTUPDATE, rv); + return (0); + } + } + + /* + * For DES_CBC, DES3_CBC, AES_CBC, and RC4, the output size is always + * the same size of input. + * The application has guaranteed to call the block ciphers with + * correctly aligned buffers. + */ + if (inl != outl) + return (0); + + return (1); + } + +/* + * Return the session to the pool. Calling C_EncryptFinal() and C_DecryptFinal() + * here is the right thing because in EVP_DecryptFinal_ex(), engine's + * do_cipher() is not even called, and in EVP_EncryptFinal_ex() it is called but + * the engine can't find out that it's the finalizing call. We wouldn't + * necessarily have to finalize the context here since reinitializing it with + * C_(Encrypt|Decrypt)Init() should be fine but for the sake of correctness, + * let's do it. Some implementations might leak memory if the previously used + * context is initialized without finalizing it first. + */ +static int +pk11_cipher_cleanup(EVP_CIPHER_CTX *ctx) + { + CK_RV rv; + CK_ULONG len = EVP_MAX_BLOCK_LENGTH; + CK_BYTE buf[EVP_MAX_BLOCK_LENGTH]; + PK11_CIPHER_STATE *state = ctx->cipher_data; + + if (state != NULL && state->sp != NULL) + { + /* + * We are not interested in the data here, we just need to get + * rid of the context. + */ + if (ctx->encrypt) + rv = pFuncList->C_EncryptFinal( + state->sp->session, buf, &len); + else + rv = pFuncList->C_DecryptFinal( + state->sp->session, buf, &len); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_CIPHER_CLEANUP, ctx->encrypt ? + PK11_R_ENCRYPTFINAL : PK11_R_DECRYPTFINAL, rv); + pk11_return_session(state->sp, OP_CIPHER); + return (0); + } + + pk11_return_session(state->sp, OP_CIPHER); + state->sp = NULL; + } + + return (1); + } + +/* + * Registered by the ENGINE when used to find out how to deal with + * a particular NID in the ENGINE. This says what we'll do at the + * top level - note, that list is restricted by what we answer with + */ +/* ARGSUSED */ +static int +pk11_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, + const int **nids, int nid) + { + if (!cipher) + return (pk11_usable_ciphers(nids)); + + switch (nid) + { + case NID_des_ede3_cbc: + *cipher = &pk11_3des_cbc; + break; + case NID_des_cbc: + *cipher = &pk11_des_cbc; + break; + case NID_des_ede3_ecb: + *cipher = &pk11_3des_ecb; + break; + case NID_des_ecb: + *cipher = &pk11_des_ecb; + break; + case NID_aes_128_cbc: + *cipher = &pk11_aes_128_cbc; + break; + case NID_aes_192_cbc: + *cipher = &pk11_aes_192_cbc; + break; + case NID_aes_256_cbc: + *cipher = &pk11_aes_256_cbc; + break; + case NID_aes_128_ecb: + *cipher = &pk11_aes_128_ecb; + break; + case NID_aes_192_ecb: + *cipher = &pk11_aes_192_ecb; + break; + case NID_aes_256_ecb: + *cipher = &pk11_aes_256_ecb; + break; + case NID_aes_128_ctr: + *cipher = &pk11_aes_128_ctr; + break; + case NID_aes_192_ctr: + *cipher = &pk11_aes_192_ctr; + break; + case NID_aes_256_ctr: + *cipher = &pk11_aes_256_ctr; + break; + case NID_bf_cbc: + *cipher = &pk11_bf_cbc; + break; + case NID_rc4: + *cipher = &pk11_rc4; + break; + default: + *cipher = NULL; + break; + } + return (*cipher != NULL); + } + +/* ARGSUSED */ +static int +pk11_engine_digests(ENGINE *e, const EVP_MD **digest, + const int **nids, int nid) + { + if (!digest) + return (pk11_usable_digests(nids)); + + switch (nid) + { + case NID_md5: + *digest = &pk11_md5; + break; + /* + * A special case. For "openssl dgst -dss1 -engine pkcs11 ...", + * OpenSSL calls EVP_get_digestbyname() on "dss1" which ends up + * calling pk11_engine_digests() for NID_dsa. Internally, if an + * engine is not used, OpenSSL uses SHA1_Init() as expected for + * DSA. So, we must return pk11_sha1() for NID_dsa as well. Note + * that this must have changed between 0.9.8 and 1.0.0 since we + * did not have the problem with the 0.9.8 version. + */ + case NID_sha1: + case NID_dsa: + *digest = &pk11_sha1; + break; + case NID_sha224: + *digest = &pk11_sha224; + break; + case NID_sha256: + *digest = &pk11_sha256; + break; + case NID_sha384: + *digest = &pk11_sha384; + break; + case NID_sha512: + *digest = &pk11_sha512; + break; + default: + *digest = NULL; + break; + } + return (*digest != NULL); + } + + +/* Create a secret key object in a PKCS#11 session */ +static CK_OBJECT_HANDLE pk11_get_cipher_key(EVP_CIPHER_CTX *ctx, + const unsigned char *key, CK_KEY_TYPE key_type, PK11_SESSION *sp) + { + CK_RV rv; + CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE; + CK_OBJECT_CLASS obj_key = CKO_SECRET_KEY; + CK_ULONG ul_key_attr_count = 6; + + CK_ATTRIBUTE a_key_template[] = + { + {CKA_CLASS, (void*) NULL, sizeof (CK_OBJECT_CLASS)}, + {CKA_KEY_TYPE, (void*) NULL, sizeof (CK_KEY_TYPE)}, + {CKA_TOKEN, &pk11_false, sizeof (pk11_false)}, + {CKA_ENCRYPT, &pk11_true, sizeof (pk11_true)}, + {CKA_DECRYPT, &pk11_true, sizeof (pk11_true)}, + {CKA_VALUE, (void*) NULL, 0}, + }; + + /* + * Create secret key object in global_session. All other sessions + * can use the key handles. Here is why: + * OpenSSL will call EncryptInit and EncryptUpdate using a secret key. + * It may then call DecryptInit and DecryptUpdate using the same key. + * To use the same key object, we need to call EncryptFinal with + * a 0 length message. Currently, this does not work for 3DES + * mechanism. To get around this problem, we close the session and + * then create a new session to use the same key object. When a session + * is closed, all the object handles will be invalid. Thus, create key + * objects in a global session, an individual session may be closed to + * terminate the active operation. + */ + CK_SESSION_HANDLE session = global_session; + a_key_template[0].pValue = &obj_key; + a_key_template[1].pValue = &key_type; + a_key_template[5].pValue = (void *) key; + a_key_template[5].ulValueLen = (unsigned long) ctx->key_len; + + rv = pFuncList->C_CreateObject(session, + a_key_template, ul_key_attr_count, &h_key); + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_GET_CIPHER_KEY, PK11_R_CREATEOBJECT, + rv); + goto err; + } + + /* + * Save the key information used in this session. + * The max can be saved is PK11_KEY_LEN_MAX. + */ + sp->opdata_key_len = ctx->key_len > PK11_KEY_LEN_MAX ? + PK11_KEY_LEN_MAX : ctx->key_len; + (void) memcpy(sp->opdata_key, key, sp->opdata_key_len); +err: + + return (h_key); + } + +static int +md_nid_to_pk11(int nid) + { + int i; + + for (i = 0; i < PK11_DIGEST_MAX; i++) + if (digests[i].nid == nid) + return (digests[i].id); + return (-1); + } + +static int +pk11_digest_init(EVP_MD_CTX *ctx) + { + CK_RV rv; + CK_MECHANISM mech; + int index; + PK11_SESSION *sp; + PK11_DIGEST *pdp; + PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data; + + state->sp = NULL; + + index = md_nid_to_pk11(ctx->digest->type); + if (index < 0 || index >= PK11_DIGEST_MAX) + return (0); + + pdp = &digests[index]; + if ((sp = pk11_get_session(OP_DIGEST)) == NULL) + return (0); + + /* at present, no parameter is needed for supported digests */ + mech.mechanism = pdp->mech_type; + mech.pParameter = NULL; + mech.ulParameterLen = 0; + + rv = pFuncList->C_DigestInit(sp->session, &mech); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_DIGEST_INIT, PK11_R_DIGESTINIT, rv); + pk11_return_session(sp, OP_DIGEST); + return (0); + } + + state->sp = sp; + + return (1); + } + +static int +pk11_digest_update(EVP_MD_CTX *ctx, const void *data, size_t count) + { + CK_RV rv; + PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data; + + /* 0 length message will cause a failure in C_DigestFinal */ + if (count == 0) + return (1); + + if (state == NULL || state->sp == NULL) + return (0); + + rv = pFuncList->C_DigestUpdate(state->sp->session, (CK_BYTE *) data, + count); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_DIGEST_UPDATE, PK11_R_DIGESTUPDATE, rv); + pk11_return_session(state->sp, OP_DIGEST); + state->sp = NULL; + return (0); + } + + return (1); + } + +static int +pk11_digest_final(EVP_MD_CTX *ctx, unsigned char *md) + { + CK_RV rv; + unsigned long len; + PK11_CIPHER_STATE *state = (PK11_CIPHER_STATE *) ctx->md_data; + len = ctx->digest->md_size; + + if (state == NULL || state->sp == NULL) + return (0); + + rv = pFuncList->C_DigestFinal(state->sp->session, md, &len); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_DIGEST_FINAL, PK11_R_DIGESTFINAL, rv); + pk11_return_session(state->sp, OP_DIGEST); + state->sp = NULL; + return (0); + } + + if (ctx->digest->md_size != len) + return (0); + + /* + * Final is called and digest is returned, so return the session + * to the pool + */ + pk11_return_session(state->sp, OP_DIGEST); + state->sp = NULL; + + return (1); + } + +static int +pk11_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) + { + CK_RV rv; + int ret = 0; + PK11_CIPHER_STATE *state, *state_to; + CK_BYTE_PTR pstate = NULL; + CK_ULONG ul_state_len; + + if (from->md_data == NULL || to->digest->ctx_size == 0) + return (1); + + /* The copy-from state */ + state = (PK11_CIPHER_STATE *) from->md_data; + if (state->sp == NULL) + goto err; + + /* Initialize the copy-to state */ + if (!pk11_digest_init(to)) + goto err; + state_to = (PK11_CIPHER_STATE *) to->md_data; + + /* Get the size of the operation state of the copy-from session */ + rv = pFuncList->C_GetOperationState(state->sp->session, NULL, + &ul_state_len); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_DIGEST_COPY, PK11_R_GET_OPERATION_STATE, + rv); + goto err; + } + if (ul_state_len == 0) + { + goto err; + } + + pstate = OPENSSL_malloc(ul_state_len); + if (pstate == NULL) + { + PK11err(PK11_F_DIGEST_COPY, PK11_R_MALLOC_FAILURE); + goto err; + } + + /* Get the operation state of the copy-from session */ + rv = pFuncList->C_GetOperationState(state->sp->session, pstate, + &ul_state_len); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_DIGEST_COPY, PK11_R_GET_OPERATION_STATE, + rv); + goto err; + } + + /* Set the operation state of the copy-to session */ + rv = pFuncList->C_SetOperationState(state_to->sp->session, pstate, + ul_state_len, 0, 0); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_DIGEST_COPY, + PK11_R_SET_OPERATION_STATE, rv); + goto err; + } + + ret = 1; +err: + if (pstate != NULL) + OPENSSL_free(pstate); + + return (ret); + } + +/* Return any pending session state to the pool */ +static int +pk11_digest_cleanup(EVP_MD_CTX *ctx) + { + PK11_CIPHER_STATE *state = ctx->md_data; + unsigned char buf[EVP_MAX_MD_SIZE]; + + if (state != NULL && state->sp != NULL) + { + /* + * If state->sp is not NULL then pk11_digest_final() has not + * been called yet. We must call it now to free any memory + * that might have been allocated in the token when + * pk11_digest_init() was called. pk11_digest_final() + * will return the session to the cache. + */ + if (!pk11_digest_final(ctx, buf)) + return (0); + } + + return (1); + } + +/* + * Check if the new key is the same as the key object in the session. If the key + * is the same, no need to create a new key object. Otherwise, the old key + * object needs to be destroyed and a new one will be created. Return 1 for + * cache hit, 0 for cache miss. Note that we must check the key length first + * otherwise we could end up reusing a different, longer key with the same + * prefix. + */ +static int check_new_cipher_key(PK11_SESSION *sp, const unsigned char *key, + int key_len) + { + if (sp->opdata_key_len != key_len || + memcmp(sp->opdata_key, key, key_len) != 0) + { + (void) pk11_destroy_cipher_key_objects(sp); + return (0); + } + return (1); + } + +/* Destroy one or more secret key objects. */ +static int pk11_destroy_cipher_key_objects(PK11_SESSION *session) + { + int ret = 0; + PK11_SESSION *sp = NULL; + PK11_SESSION *local_free_session; + + if (session != NULL) + local_free_session = session; + else + { + (void) pthread_mutex_lock(session_cache[OP_CIPHER].lock); + local_free_session = session_cache[OP_CIPHER].head; + } + + while ((sp = local_free_session) != NULL) + { + local_free_session = sp->next; + + if (sp->opdata_cipher_key != CK_INVALID_HANDLE) + { + /* + * The secret key object is created in the + * global_session. See pk11_get_cipher_key(). + */ + if (pk11_destroy_object(global_session, + sp->opdata_cipher_key, CK_FALSE) == 0) + goto err; + sp->opdata_cipher_key = CK_INVALID_HANDLE; + } + } + ret = 1; +err: + + if (session == NULL) + (void) pthread_mutex_unlock(session_cache[OP_CIPHER].lock); + + return (ret); + } + + +/* + * Public key mechanisms optionally supported + * + * CKM_RSA_X_509 + * CKM_RSA_PKCS + * CKM_DSA + * + * The first slot that supports at least one of those mechanisms is chosen as a + * public key slot. + * + * Symmetric ciphers optionally supported + * + * CKM_DES3_CBC + * CKM_DES_CBC + * CKM_AES_CBC + * CKM_DES3_ECB + * CKM_DES_ECB + * CKM_AES_ECB + * CKM_AES_CTR + * CKM_RC4 + * CKM_BLOWFISH_CBC + * + * Digests optionally supported + * + * CKM_MD5 + * CKM_SHA_1 + * CKM_SHA224 + * CKM_SHA256 + * CKM_SHA384 + * CKM_SHA512 + * + * The output of this function is a set of global variables indicating which + * mechanisms from RSA, DSA, DH and RAND are present, and also two arrays of + * mechanisms, one for symmetric ciphers and one for digests. Also, 3 global + * variables carry information about which slot was chosen for (a) public key + * mechanisms, (b) random operations, and (c) symmetric ciphers and digests. + */ +static int +pk11_choose_slots(int *any_slot_found) + { + CK_SLOT_ID_PTR pSlotList = NULL_PTR; + CK_ULONG ulSlotCount = 0; + CK_MECHANISM_INFO mech_info; + CK_TOKEN_INFO token_info; + int i; + CK_RV rv; + CK_SLOT_ID best_slot_sofar; + CK_BBOOL found_candidate_slot = CK_FALSE; + int slot_n_cipher = 0; + int slot_n_digest = 0; + CK_SLOT_ID current_slot = 0; + int current_slot_n_cipher = 0; + int current_slot_n_digest = 0; + + int local_cipher_nids[PK11_CIPHER_MAX]; + int local_digest_nids[PK11_DIGEST_MAX]; + + /* let's initialize the output parameter */ + if (any_slot_found != NULL) + *any_slot_found = 0; + + /* Get slot list for memory allocation */ + rv = pFuncList->C_GetSlotList(CK_FALSE, NULL_PTR, &ulSlotCount); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv); + return (0); + } + + /* it's not an error if we didn't find any providers */ + if (ulSlotCount == 0) + { + DEBUG_SLOT_SEL("%s: no crypto providers found\n", PK11_DBG); + return (1); + } + + pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID)); + + if (pSlotList == NULL) + { + PK11err(PK11_F_CHOOSE_SLOT, PK11_R_MALLOC_FAILURE); + return (0); + } + + /* Get the slot list for processing */ + rv = pFuncList->C_GetSlotList(CK_FALSE, pSlotList, &ulSlotCount); + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_CHOOSE_SLOT, PK11_R_GETSLOTLIST, rv); + OPENSSL_free(pSlotList); + return (0); + } + + DEBUG_SLOT_SEL("%s: provider: %s\n", PK11_DBG, def_PK11_LIBNAME); + DEBUG_SLOT_SEL("%s: number of slots: %d\n", PK11_DBG, ulSlotCount); + + DEBUG_SLOT_SEL("%s: == checking rand slots ==\n", PK11_DBG); + for (i = 0; i < ulSlotCount; i++) + { + current_slot = pSlotList[i]; + + DEBUG_SLOT_SEL("%s: checking slot: %d\n", PK11_DBG, i); + /* Check if slot has random support. */ + rv = pFuncList->C_GetTokenInfo(current_slot, &token_info); + if (rv != CKR_OK) + continue; + + DEBUG_SLOT_SEL("%s: token label: %.32s\n", PK11_DBG, + token_info.label); + + if (token_info.flags & CKF_RNG) + { + DEBUG_SLOT_SEL( + "%s: this token has CKF_RNG flag\n", PK11_DBG); + pk11_have_random = CK_TRUE; + rand_SLOTID = current_slot; + break; + } + } + + DEBUG_SLOT_SEL("%s: == checking pubkey slots ==\n", PK11_DBG); + + pubkey_SLOTID = pSlotList[0]; + for (i = 0; i < ulSlotCount; i++) + { + CK_BBOOL slot_has_rsa = CK_FALSE; + CK_BBOOL slot_has_dsa = CK_FALSE; + CK_BBOOL slot_has_dh = CK_FALSE; + current_slot = pSlotList[i]; + + DEBUG_SLOT_SEL("%s: checking slot: %d\n", PK11_DBG, i); + rv = pFuncList->C_GetTokenInfo(current_slot, &token_info); + if (rv != CKR_OK) + continue; + + DEBUG_SLOT_SEL("%s: token label: %.32s\n", PK11_DBG, + token_info.label); + +#ifndef OPENSSL_NO_RSA + /* + * Check if this slot is capable of signing and + * verifying with CKM_RSA_PKCS. + */ + rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_RSA_PKCS, + &mech_info); + + if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) && + (mech_info.flags & CKF_VERIFY))) + { + /* + * Check if this slot is capable of encryption, + * decryption, sign, and verify with CKM_RSA_X_509. + */ + rv = pFuncList->C_GetMechanismInfo(current_slot, + CKM_RSA_X_509, &mech_info); + + if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) && + (mech_info.flags & CKF_VERIFY) && + (mech_info.flags & CKF_ENCRYPT) && + (mech_info.flags & CKF_VERIFY_RECOVER) && + (mech_info.flags & CKF_DECRYPT))) + { + slot_has_rsa = CK_TRUE; + } + } +#endif /* OPENSSL_NO_RSA */ + +#ifndef OPENSSL_NO_DSA + /* + * Check if this slot is capable of signing and + * verifying with CKM_DSA. + */ + rv = pFuncList->C_GetMechanismInfo(current_slot, CKM_DSA, + &mech_info); + if (rv == CKR_OK && ((mech_info.flags & CKF_SIGN) && + (mech_info.flags & CKF_VERIFY))) + { + slot_has_dsa = CK_TRUE; + } + +#endif /* OPENSSL_NO_DSA */ + +#ifndef OPENSSL_NO_DH + /* + * Check if this slot is capable of DH key generataion and + * derivation. + */ + rv = pFuncList->C_GetMechanismInfo(current_slot, + CKM_DH_PKCS_KEY_PAIR_GEN, &mech_info); + + if (rv == CKR_OK && (mech_info.flags & CKF_GENERATE_KEY_PAIR)) + { + rv = pFuncList->C_GetMechanismInfo(current_slot, + CKM_DH_PKCS_DERIVE, &mech_info); + if (rv == CKR_OK && (mech_info.flags & CKF_DERIVE)) + { + slot_has_dh = CK_TRUE; + } + } +#endif /* OPENSSL_NO_DH */ + + if (!found_candidate_slot && + (slot_has_rsa || slot_has_dsa || slot_has_dh)) + { + DEBUG_SLOT_SEL( + "%s: potential slot: %d\n", PK11_DBG, current_slot); + best_slot_sofar = current_slot; + pk11_have_rsa = slot_has_rsa; + pk11_have_dsa = slot_has_dsa; + pk11_have_dh = slot_has_dh; + found_candidate_slot = CK_TRUE; + /* + * Cache the flags for later use. We might need those if + * RSA keys by reference feature is used. + */ + pubkey_token_flags = token_info.flags; + DEBUG_SLOT_SEL( + "%s: setting found_candidate_slot to CK_TRUE\n", + PK11_DBG); + DEBUG_SLOT_SEL("%s: best slot so far: %d\n", PK11_DBG, + best_slot_sofar); + DEBUG_SLOT_SEL("%s: pubkey flags changed to " + "%lu.\n", PK11_DBG, pubkey_token_flags); + } + else + { + DEBUG_SLOT_SEL("%s: no rsa/dsa/dh\n", PK11_DBG); + } + } /* for */ + + if (found_candidate_slot == CK_TRUE) + { + pubkey_SLOTID = best_slot_sofar; + } + + found_candidate_slot = CK_FALSE; + best_slot_sofar = 0; + + DEBUG_SLOT_SEL("%s: == checking cipher/digest ==\n", PK11_DBG); + + SLOTID = pSlotList[0]; + for (i = 0; i < ulSlotCount; i++) + { + DEBUG_SLOT_SEL("%s: checking slot: %d\n", PK11_DBG, i); + + current_slot = pSlotList[i]; + current_slot_n_cipher = 0; + current_slot_n_digest = 0; + (void) memset(local_cipher_nids, 0, sizeof (local_cipher_nids)); + (void) memset(local_digest_nids, 0, sizeof (local_digest_nids)); + + pk11_find_symmetric_ciphers(pFuncList, current_slot, + ¤t_slot_n_cipher, local_cipher_nids); + + pk11_find_digests(pFuncList, current_slot, + ¤t_slot_n_digest, local_digest_nids); + + DEBUG_SLOT_SEL("%s: current_slot_n_cipher %d\n", PK11_DBG, + current_slot_n_cipher); + DEBUG_SLOT_SEL("%s: current_slot_n_digest %d\n", PK11_DBG, + current_slot_n_digest); + DEBUG_SLOT_SEL("%s: best cipher/digest slot so far: %d\n", + PK11_DBG, best_slot_sofar); + + /* + * If the current slot supports more ciphers/digests than + * the previous best one we change the current best to this one, + * otherwise leave it where it is. + */ + if ((current_slot_n_cipher + current_slot_n_digest) > + (slot_n_cipher + slot_n_digest)) + { + DEBUG_SLOT_SEL("%s: changing best slot to %d\n", + PK11_DBG, current_slot); + best_slot_sofar = SLOTID = current_slot; + cipher_count = slot_n_cipher = current_slot_n_cipher; + digest_count = slot_n_digest = current_slot_n_digest; + (void) memcpy(cipher_nids, local_cipher_nids, + sizeof (local_cipher_nids)); + (void) memcpy(digest_nids, local_digest_nids, + sizeof (local_digest_nids)); + } + } + + DEBUG_SLOT_SEL("%s: chosen pubkey slot: %d\n", PK11_DBG, pubkey_SLOTID); + DEBUG_SLOT_SEL("%s: chosen rand slot: %d\n", PK11_DBG, rand_SLOTID); + DEBUG_SLOT_SEL("%s: chosen cipher/digest slot: %d\n", PK11_DBG, SLOTID); + DEBUG_SLOT_SEL("%s: pk11_have_rsa %d\n", PK11_DBG, pk11_have_rsa); + DEBUG_SLOT_SEL("%s: pk11_have_dsa %d\n", PK11_DBG, pk11_have_dsa); + DEBUG_SLOT_SEL("%s: pk11_have_dh %d\n", PK11_DBG, pk11_have_dh); + DEBUG_SLOT_SEL("%s: pk11_have_random %d\n", PK11_DBG, pk11_have_random); + DEBUG_SLOT_SEL("%s: cipher_count %d\n", PK11_DBG, cipher_count); + DEBUG_SLOT_SEL("%s: digest_count %d\n", PK11_DBG, digest_count); + + if (pSlotList != NULL) + OPENSSL_free(pSlotList); + +#ifdef SOLARIS_HW_SLOT_SELECTION + OPENSSL_free(hw_cnids); + OPENSSL_free(hw_dnids); +#endif /* SOLARIS_HW_SLOT_SELECTION */ + + if (any_slot_found != NULL) + *any_slot_found = 1; + return (1); + } + +static void pk11_get_symmetric_cipher(CK_FUNCTION_LIST_PTR pflist, + int slot_id, int *current_slot_n_cipher, int *local_cipher_nids, + PK11_CIPHER *cipher) + { + CK_MECHANISM_INFO mech_info; + CK_RV rv; + + DEBUG_SLOT_SEL("%s: checking mech: %x", PK11_DBG, cipher->mech_type); + rv = pflist->C_GetMechanismInfo(slot_id, cipher->mech_type, &mech_info); + + if (rv != CKR_OK) + { + DEBUG_SLOT_SEL(" not found\n"); + return; + } + + if ((mech_info.flags & CKF_ENCRYPT) && + (mech_info.flags & CKF_DECRYPT)) + { + if (mech_info.ulMinKeySize > cipher->min_key_len || + mech_info.ulMaxKeySize < cipher->max_key_len) + { + DEBUG_SLOT_SEL(" engine key size range <%i-%i> does not" + " match mech range <%lu-%lu>\n", + cipher->min_key_len, cipher->max_key_len, + mech_info.ulMinKeySize, mech_info.ulMaxKeySize); + return; + } +#ifdef SOLARIS_HW_SLOT_SELECTION + if (nid_in_table(cipher->nid, hw_cnids)) +#endif /* SOLARIS_HW_SLOT_SELECTION */ + { + DEBUG_SLOT_SEL(" usable\n"); + local_cipher_nids[(*current_slot_n_cipher)++] = + cipher->nid; + } +#ifdef SOLARIS_HW_SLOT_SELECTION + else + { + DEBUG_SLOT_SEL( + " rejected, software implementation only\n"); + } +#endif /* SOLARIS_HW_SLOT_SELECTION */ + } + else + { + DEBUG_SLOT_SEL(" unusable\n"); + } + + return; + } + +static void pk11_get_digest(CK_FUNCTION_LIST_PTR pflist, int slot_id, + int *current_slot_n_digest, int *local_digest_nids, PK11_DIGEST *digest) + { + CK_MECHANISM_INFO mech_info; + CK_RV rv; + + DEBUG_SLOT_SEL("%s: checking mech: %x", PK11_DBG, digest->mech_type); + rv = pflist->C_GetMechanismInfo(slot_id, digest->mech_type, &mech_info); + + if (rv != CKR_OK) + { + DEBUG_SLOT_SEL(" not found\n"); + return; + } + + if (mech_info.flags & CKF_DIGEST) + { +#ifdef SOLARIS_HW_SLOT_SELECTION + if (nid_in_table(digest->nid, hw_dnids)) +#endif /* SOLARIS_HW_SLOT_SELECTION */ + { + DEBUG_SLOT_SEL(" usable\n"); + local_digest_nids[(*current_slot_n_digest)++] = + digest->nid; + } +#ifdef SOLARIS_HW_SLOT_SELECTION + else + { + DEBUG_SLOT_SEL( + " rejected, software implementation only\n"); + } +#endif /* SOLARIS_HW_SLOT_SELECTION */ + } + else + { + DEBUG_SLOT_SEL(" unusable\n"); + } + + return; + } + +/* Find what symmetric ciphers this slot supports. */ +static void pk11_find_symmetric_ciphers(CK_FUNCTION_LIST_PTR pflist, + CK_SLOT_ID current_slot, int *current_slot_n_cipher, int *local_cipher_nids) + { + int i; + + for (i = 0; i < PK11_CIPHER_MAX; ++i) + { + pk11_get_symmetric_cipher(pflist, current_slot, + current_slot_n_cipher, local_cipher_nids, &ciphers[i]); + } + } + +/* Find what digest algorithms this slot supports. */ +static void pk11_find_digests(CK_FUNCTION_LIST_PTR pflist, + CK_SLOT_ID current_slot, int *current_slot_n_digest, int *local_digest_nids) + { + int i; + + for (i = 0; i < PK11_DIGEST_MAX; ++i) + { + pk11_get_digest(pflist, current_slot, current_slot_n_digest, + local_digest_nids, &digests[i]); + } + } + +#ifdef SOLARIS_HW_SLOT_SELECTION +/* + * It would be great if we could use pkcs11_kernel directly since this library + * offers hardware slots only. That's the easiest way to achieve the situation + * where we use the hardware accelerators when present and OpenSSL native code + * otherwise. That presumes the fact that OpenSSL native code is faster than the + * code in the soft token. It's a logical assumption - Crypto Framework has some + * inherent overhead so going there for the software implementation of a + * mechanism should be logically slower in contrast to the OpenSSL native code, + * presuming that both implementations are of similar speed. For example, the + * soft token for AES is roughly three times slower than OpenSSL for 64 byte + * blocks and still 20% slower for 8KB blocks. So, if we want to ship products + * that use the PKCS#11 engine by default, we must somehow avoid that regression + * on machines without hardware acceleration. That's why switching to the + * pkcs11_kernel library seems like a very good idea. + * + * The problem is that OpenSSL built with SunStudio is roughly 2x slower for + * asymmetric operations (RSA/DSA/DH) than the soft token built with the same + * compiler. That means that if we switched to pkcs11_kernel from the libpkcs11 + * library, we would have had a performance regression on machines without + * hardware acceleration for asymmetric operations for all applications that use + * the PKCS#11 engine. There is one such application - Apache web server since + * it's shipped configured to use the PKCS#11 engine by default. Having said + * that, we can't switch to the pkcs11_kernel library now and have to come with + * a solution that, on non-accelerated machines, uses the OpenSSL native code + * for all symmetric ciphers and digests while it uses the soft token for + * asymmetric operations. + * + * This is the idea: dlopen() pkcs11_kernel directly and find out what + * mechanisms are there. We don't care about duplications (more slots can + * support the same mechanism), we just want to know what mechanisms can be + * possibly supported in hardware on that particular machine. As said before, + * pkcs11_kernel will show you hardware providers only. + * + * Then, we rely on the fact that since we use libpkcs11 library we will find + * the metaslot. When we go through the metaslot's mechanisms for symmetric + * ciphers and digests, we check that any found mechanism is in the table + * created using the pkcs11_kernel library. So, as a result we have two arrays + * of mechanisms that were advertised as supported in hardware which was the + * goal of that whole exercise. Thus, we can use libpkcs11 but avoid soft token + * code for symmetric ciphers and digests. See pk11_choose_slots() for more + * information. + * + * This is Solaris specific code, if SOLARIS_HW_SLOT_SELECTION is not defined + * the code won't be used. + */ +#if defined(__sparcv9) || defined(__x86_64) || defined(__amd64) +static const char pkcs11_kernel[] = "/usr/lib/security/64/pkcs11_kernel.so.1"; +#else +static const char pkcs11_kernel[] = "/usr/lib/security/pkcs11_kernel.so.1"; +#endif + +/* + * Check hardware capabilities of the machines. The output are two lists, + * hw_cnids and hw_dnids, that contain hardware mechanisms found in all hardware + * providers together. They are not sorted and may contain duplicate mechanisms. + */ +static int check_hw_mechanisms(void) + { + int i; + CK_RV rv; + void *handle; + CK_C_GetFunctionList p; + CK_TOKEN_INFO token_info; + CK_ULONG ulSlotCount = 0; + int n_cipher = 0, n_digest = 0; + CK_FUNCTION_LIST_PTR pflist = NULL; + CK_SLOT_ID_PTR pSlotList = NULL_PTR; + int *tmp_hw_cnids = NULL, *tmp_hw_dnids = NULL; + int hw_ctable_size, hw_dtable_size; + + DEBUG_SLOT_SEL("%s: SOLARIS_HW_SLOT_SELECTION code running\n", + PK11_DBG); + /* + * Use RTLD_GROUP to limit the pkcs11_kernel provider to its own + * symbols, which prevents it from mistakenly accessing C_* functions + * from the top-level PKCS#11 library. + */ + if ((handle = dlopen(pkcs11_kernel, RTLD_LAZY | RTLD_GROUP)) == NULL) + { + PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE); + goto err; + } + + if ((p = (CK_C_GetFunctionList)dlsym(handle, + PK11_GET_FUNCTION_LIST)) == NULL) + { + PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE); + goto err; + } + + /* get the full function list from the loaded library */ + if (p(&pflist) != CKR_OK) + { + PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_DSO_FAILURE); + goto err; + } + + rv = pflist->C_Initialize(NULL_PTR); + if ((rv != CKR_OK) && (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED)) + { + PK11err_add_data(PK11_F_CHECK_HW_MECHANISMS, + PK11_R_INITIALIZE, rv); + goto err; + } + + if (pflist->C_GetSlotList(0, NULL_PTR, &ulSlotCount) != CKR_OK) + { + PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_GETSLOTLIST); + goto err; + } + + /* no slots, set the hw mechanism tables as empty */ + if (ulSlotCount == 0) + { + DEBUG_SLOT_SEL("%s: no hardware mechanisms found\n", PK11_DBG); + hw_cnids = OPENSSL_malloc(sizeof (int)); + hw_dnids = OPENSSL_malloc(sizeof (int)); + if (hw_cnids == NULL || hw_dnids == NULL) + { + PK11err(PK11_F_CHECK_HW_MECHANISMS, + PK11_R_MALLOC_FAILURE); + return (0); + } + /* this means empty tables */ + hw_cnids[0] = NID_undef; + hw_dnids[0] = NID_undef; + return (1); + } + + pSlotList = OPENSSL_malloc(ulSlotCount * sizeof (CK_SLOT_ID)); + if (pSlotList == NULL) + { + PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_MALLOC_FAILURE); + goto err; + } + + /* Get the slot list for processing */ + if (pflist->C_GetSlotList(0, pSlotList, &ulSlotCount) != CKR_OK) + { + PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_GETSLOTLIST); + goto err; + } + + /* + * We don't care about duplicate mechanisms in multiple slots and also + * reserve one slot for the terminal NID_undef which we use to stop the + * search. + */ + hw_ctable_size = ulSlotCount * PK11_CIPHER_MAX + 1; + hw_dtable_size = ulSlotCount * PK11_DIGEST_MAX + 1; + tmp_hw_cnids = OPENSSL_malloc(hw_ctable_size * sizeof (int)); + tmp_hw_dnids = OPENSSL_malloc(hw_dtable_size * sizeof (int)); + if (tmp_hw_cnids == NULL || tmp_hw_dnids == NULL) + { + PK11err(PK11_F_CHECK_HW_MECHANISMS, PK11_R_MALLOC_FAILURE); + goto err; + } + + /* + * Do not use memset since we should not rely on the fact that NID_undef + * is zero now. + */ + for (i = 0; i < hw_ctable_size; ++i) + tmp_hw_cnids[i] = NID_undef; + for (i = 0; i < hw_dtable_size; ++i) + tmp_hw_dnids[i] = NID_undef; + + DEBUG_SLOT_SEL("%s: provider: %s\n", PK11_DBG, pkcs11_kernel); + DEBUG_SLOT_SEL("%s: found %d hardware slots\n", PK11_DBG, ulSlotCount); + DEBUG_SLOT_SEL("%s: now looking for mechs supported in hw\n", + PK11_DBG); + + for (i = 0; i < ulSlotCount; i++) + { + if (pflist->C_GetTokenInfo(pSlotList[i], &token_info) != CKR_OK) + continue; + + DEBUG_SLOT_SEL("%s: token label: %.32s\n", PK11_DBG, + token_info.label); + + /* + * We are filling the hw mech tables here. Global tables are + * still NULL so all mechanisms are put into tmp tables. + */ + pk11_find_symmetric_ciphers(pflist, pSlotList[i], + &n_cipher, tmp_hw_cnids); + pk11_find_digests(pflist, pSlotList[i], + &n_digest, tmp_hw_dnids); + } + + /* + * Since we are part of a library (libcrypto.so), calling this function + * may have side-effects. Also, C_Finalize() is triggered by + * dlclose(3C). + */ +#if 0 + pflist->C_Finalize(NULL); +#endif + OPENSSL_free(pSlotList); + (void) dlclose(handle); + hw_cnids = tmp_hw_cnids; + hw_dnids = tmp_hw_dnids; + + DEBUG_SLOT_SEL("%s: hw mechs check complete\n", PK11_DBG); + return (1); + +err: + if (pSlotList != NULL) + OPENSSL_free(pSlotList); + if (tmp_hw_cnids != NULL) + OPENSSL_free(tmp_hw_cnids); + if (tmp_hw_dnids != NULL) + OPENSSL_free(tmp_hw_dnids); + + return (0); + } + +/* + * Check presence of a NID in the table of NIDs unless the mechanism is + * supported directly in a CPU instruction set. The table may be NULL (i.e., + * non-existent). + */ +static int nid_in_table(int nid, int *nid_table) + { + int i = 0; + + /* + * Special case first. NULL means that we are initializing a new table. + */ + if (nid_table == NULL) + return (1); + + /* + * If we have an AES instruction set on SPARC we route everything + * through the Crypto Framework (ie., through pkcs11_softtoken in this + * case). This is for T4 which has HW instructions for AES, DES, MD5, + * SHA1, SHA256, SHA512, MONTMUL, and MPMUL. + * + * On Intel, if we have AES-NI instruction set we route AES to the + * Crypto Framework. Intel CPUs do not have other instruction sets for + * HW crypto acceleration so we check the HW NID table for any other + * mechanism. + */ +#if defined(__x86) + if (hw_aes_instruction_set_present() == 1) + { + switch (nid) + { + case NID_aes_128_ecb: + case NID_aes_192_ecb: + case NID_aes_256_ecb: + case NID_aes_128_cbc: + case NID_aes_192_cbc: + case NID_aes_256_cbc: + return (1); + } + /* + * These are variables, cannot be used as case expressions. + */ + if (nid == NID_aes_128_ctr || + nid == NID_aes_192_ctr || + nid == NID_aes_256_ctr) + { + return (1); + } + } +#elif defined(__sparc) + if (hw_aes_instruction_set_present() == 1) + return (1); +#endif + + /* The table is never full, there is always at least one NID_undef. */ + while (nid_table[i] != NID_undef) + { + if (nid_table[i++] == nid) + { + DEBUG_SLOT_SEL(" (NID %d in hw table, idx %d)", nid, i); + return (1); + } + } + + return (0); + } + +/* Do we have an AES instruction set? */ +static int +hw_aes_instruction_set_present(void) + { + static int present = -1; + + if (present == -1) + { + uint_t ui = 0; + + (void) getisax(&ui, 1); + +#if defined(__amd64) || defined(__i386) + present = (ui & AV_386_AES) > 0; +#elif defined(__sparc) + present = (ui & (AV_SPARC_AES|AV_SPARC_FJAES)) > 0; +#endif + } + + return (present); + } + +#endif /* SOLARIS_HW_SLOT_SELECTION */ + +#endif /* OPENSSL_NO_HW_PK11 */ +#endif /* OPENSSL_NO_HW */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/engines/pkcs11/hw_pk11.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/engines/pkcs11/hw_pk11.h Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,257 @@ +/* + * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved. + */ + +/* crypto/engine/hw_pk11.h */ +/* + * This product includes software developed by the OpenSSL Project for + * use in the OpenSSL Toolkit (http://www.openssl.org/). + * + * This project also referenced hw_pkcs11-0.9.7b.patch written by + * Afchine Madjlessi. + */ +/* + * ==================================================================== + * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HW_PK11_H +#define HW_PK11_H + +#include "hw_pk11_err.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/* max byte length of a symmetric key we support */ +#define PK11_KEY_LEN_MAX 32 + +/* + * This structure encapsulates all reusable information for a PKCS#11 + * session. A list of these objects is created on behalf of the + * calling application using an on-demand method. Each operation + * type (see PK11_OPTYPE below) has its own per-process list. + * Each of the lists is basically a cache for faster PKCS#11 object + * access to avoid expensive C_Find{,Init,Final}Object() calls. + * + * When a new request comes in, an object will be taken from the list + * (if there is one) or a new one is created to handle the request + * (if the list is empty). See pk11_get_session() on how it is done. + */ +typedef struct PK11_st_SESSION + { + struct PK11_st_SESSION *next; + CK_SESSION_HANDLE session; /* PK11 session handle */ + pid_t pid; /* Current process ID */ + CK_BBOOL persistent; /* is that a keystore object? */ + union + { +#ifndef OPENSSL_NO_RSA + struct + { + CK_OBJECT_HANDLE rsa_pub_key; /* pub handle */ + CK_OBJECT_HANDLE rsa_priv_key; /* priv handle */ + RSA *rsa_pub; /* pub key addr */ + BIGNUM *rsa_n_num; /* pub modulus */ + BIGNUM *rsa_e_num; /* pub exponent */ + RSA *rsa_priv; /* priv key addr */ + BIGNUM *rsa_d_num; /* priv exponent */ + } u_RSA; +#endif /* OPENSSL_NO_RSA */ +#ifndef OPENSSL_NO_DSA + struct + { + CK_OBJECT_HANDLE dsa_pub_key; /* pub handle */ + CK_OBJECT_HANDLE dsa_priv_key; /* priv handle */ + DSA *dsa_pub; /* pub key addr */ + BIGNUM *dsa_pub_num; /* pub key */ + DSA *dsa_priv; /* priv key addr */ + BIGNUM *dsa_priv_num; /* priv key */ + } u_DSA; +#endif /* OPENSSL_NO_DSA */ +#ifndef OPENSSL_NO_DH + struct + { + CK_OBJECT_HANDLE dh_key; /* key handle */ + DH *dh; /* dh key addr */ + BIGNUM *dh_priv_num; /* priv dh key */ + } u_DH; +#endif /* OPENSSL_NO_DH */ + struct + { + CK_OBJECT_HANDLE cipher_key; /* key handle */ + unsigned char key[PK11_KEY_LEN_MAX]; + int key_len; /* priv key len */ + int encrypt; /* 1/0 enc/decr */ + } u_cipher; + } opdata_u; + } PK11_SESSION; + +#define opdata_rsa_pub_key opdata_u.u_RSA.rsa_pub_key +#define opdata_rsa_priv_key opdata_u.u_RSA.rsa_priv_key +#define opdata_rsa_pub opdata_u.u_RSA.rsa_pub +#define opdata_rsa_priv opdata_u.u_RSA.rsa_priv +#define opdata_rsa_n_num opdata_u.u_RSA.rsa_n_num +#define opdata_rsa_e_num opdata_u.u_RSA.rsa_e_num +#define opdata_rsa_d_num opdata_u.u_RSA.rsa_d_num +#define opdata_dsa_pub_key opdata_u.u_DSA.dsa_pub_key +#define opdata_dsa_priv_key opdata_u.u_DSA.dsa_priv_key +#define opdata_dsa_pub opdata_u.u_DSA.dsa_pub +#define opdata_dsa_pub_num opdata_u.u_DSA.dsa_pub_num +#define opdata_dsa_priv opdata_u.u_DSA.dsa_priv +#define opdata_dsa_priv_num opdata_u.u_DSA.dsa_priv_num +#define opdata_dh_key opdata_u.u_DH.dh_key +#define opdata_dh opdata_u.u_DH.dh +#define opdata_dh_priv_num opdata_u.u_DH.dh_priv_num +#define opdata_cipher_key opdata_u.u_cipher.cipher_key +#define opdata_key opdata_u.u_cipher.key +#define opdata_key_len opdata_u.u_cipher.key_len +#define opdata_encrypt opdata_u.u_cipher.encrypt + +/* + * We have 3 different groups of operation types: + * 1) asymmetric operations + * 2) random operations + * 3) symmetric and digest operations + * + * This division into groups stems from the fact that it's common that hardware + * providers may support operations from one group only. For example, hardware + * providers on UltraSPARC T2, n2rng(7d), ncp(7d), and n2cp(7d), each support + * only a single group of operations. + * + * For every group a different slot can be chosen. That means that we must have + * at least 3 different lists of cached PKCS#11 sessions since sessions from + * different groups may be initialized in different slots. + * + * To provide locking granularity in multithreaded environment, the groups are + * further split into types with each type having a separate session cache. + */ +typedef enum PK11_OPTYPE_ENUM + { + OP_RAND, + OP_RSA, + OP_DSA, + OP_DH, + OP_CIPHER, + OP_DIGEST, + OP_MAX + } PK11_OPTYPE; + +/* + * This structure contains the heads of the lists forming the object caches + * and locks associated with the lists. + */ +typedef struct PK11_st_CACHE + { + PK11_SESSION *head; + pthread_mutex_t *lock; + } PK11_CACHE; + +/* structure for tracking handles of asymmetric key objects */ +typedef struct PK11_active_st + { + CK_OBJECT_HANDLE h; + unsigned int refcnt; + struct PK11_active_st *prev; + struct PK11_active_st *next; + } PK11_active; + +extern pthread_mutex_t *find_lock[]; +extern PK11_active *active_list[]; +/* + * These variables are specific for the RSA keys by reference code. See + * hw_pk11_pub.c for explanation. + */ +extern char *passphrasedialog; +extern CK_FLAGS pubkey_token_flags; + +#define LOCK_OBJSTORE(alg_type) \ + (void) pthread_mutex_lock(find_lock[alg_type]) +#define UNLOCK_OBJSTORE(alg_type) \ + (void) pthread_mutex_unlock(find_lock[alg_type]) + +extern PK11_SESSION *pk11_get_session(PK11_OPTYPE optype); +extern void pk11_return_session(PK11_SESSION *sp, PK11_OPTYPE optype); + +#ifndef OPENSSL_NO_RSA +extern int pk11_destroy_rsa_key_objects(PK11_SESSION *session); +extern int pk11_destroy_rsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock); +extern int pk11_destroy_rsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock); +extern EVP_PKEY *pk11_load_privkey(ENGINE *e, const char *pubkey_file, + UI_METHOD *ui_method, void *callback_data); +extern EVP_PKEY *pk11_load_pubkey(ENGINE *e, const char *pubkey_file, + UI_METHOD *ui_method, void *callback_data); +extern RSA_METHOD *PK11_RSA(void); +#endif /* OPENSSL_NO_RSA */ +#ifndef OPENSSL_NO_DSA +extern int pk11_destroy_dsa_key_objects(PK11_SESSION *session); +extern int pk11_destroy_dsa_object_pub(PK11_SESSION *sp, CK_BBOOL uselock); +extern int pk11_destroy_dsa_object_priv(PK11_SESSION *sp, CK_BBOOL uselock); +extern DSA_METHOD *PK11_DSA(void); +#endif /* OPENSSL_NO_DSA */ +#ifndef OPENSSL_NO_DH +extern int pk11_destroy_dh_key_objects(PK11_SESSION *session); +extern int pk11_destroy_dh_object(PK11_SESSION *sp, CK_BBOOL uselock); +extern DH_METHOD *PK11_DH(void); +#endif /* OPENSSL_NO_DH */ + +extern int pk11_engine_pkey_methods(ENGINE *e, EVP_PKEY_METHOD **pmeth, + const int **nids, int nid); + +extern CK_FUNCTION_LIST_PTR pFuncList; + +#ifdef __cplusplus +} +#endif +#endif /* HW_PK11_H */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/engines/pkcs11/hw_pk11_err.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/engines/pkcs11/hw_pk11_err.c Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,306 @@ +/* + * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved. + */ + +/* crypto/engine/hw_pk11_err.c */ +/* + * This product includes software developed by the OpenSSL Project for + * use in the OpenSSL Toolkit (http://www.openssl.org/). + * + * This project also referenced hw_pkcs11-0.9.7b.patch written by + * Afchine Madjlessi. + */ +/* + * ==================================================================== + * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include "hw_pk11_err.h" + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR +static ERR_STRING_DATA pk11_str_functs[]= +{ +{ ERR_PACK(0, PK11_F_INIT, 0), "PK11_INIT"}, +{ ERR_PACK(0, PK11_F_FINISH, 0), "PK11_FINISH"}, +{ ERR_PACK(0, PK11_F_DESTROY, 0), "PK11_DESTROY"}, +{ ERR_PACK(0, PK11_F_CTRL, 0), "PK11_CTRL"}, +{ ERR_PACK(0, PK11_F_RSA_INIT, 0), "PK11_RSA_INIT"}, +{ ERR_PACK(0, PK11_F_RSA_FINISH, 0), "PK11_RSA_FINISH"}, +{ ERR_PACK(0, PK11_F_GET_PUB_RSA_KEY, 0), "PK11_GET_PUB_RSA_KEY"}, +{ ERR_PACK(0, PK11_F_GET_PRIV_RSA_KEY, 0), "PK11_GET_PRIV_RSA_KEY"}, +{ ERR_PACK(0, PK11_F_RSA_GEN_KEY, 0), "PK11_RSA_GEN_KEY"}, +{ ERR_PACK(0, PK11_F_RSA_PUB_ENC, 0), "PK11_RSA_PUB_ENC"}, +{ ERR_PACK(0, PK11_F_RSA_PRIV_ENC, 0), "PK11_RSA_PRIV_ENC"}, +{ ERR_PACK(0, PK11_F_RSA_PUB_DEC, 0), "PK11_RSA_PUB_DEC"}, +{ ERR_PACK(0, PK11_F_RSA_PRIV_DEC, 0), "PK11_RSA_PRIV_DEC"}, +{ ERR_PACK(0, PK11_F_RSA_SIGN, 0), "PK11_RSA_SIGN"}, +{ ERR_PACK(0, PK11_F_RSA_VERIFY, 0), "PK11_RSA_VERIFY"}, +{ ERR_PACK(0, PK11_F_RAND_ADD, 0), "PK11_RAND_ADD"}, +{ ERR_PACK(0, PK11_F_RAND_BYTES, 0), "PK11_RAND_BYTES"}, +{ ERR_PACK(0, PK11_F_GET_SESSION, 0), "PK11_GET_SESSION"}, +{ ERR_PACK(0, PK11_F_FREE_SESSION, 0), "PK11_FREE_SESSION"}, +{ ERR_PACK(0, PK11_F_LOAD_PUBKEY, 0), "PK11_LOAD_PUBKEY"}, +{ ERR_PACK(0, PK11_F_LOAD_PRIVKEY, 0), "PK11_LOAD_PRIV_KEY"}, +{ ERR_PACK(0, PK11_F_RSA_PUB_ENC_LOW, 0), "PK11_RSA_PUB_ENC_LOW"}, +{ ERR_PACK(0, PK11_F_RSA_PRIV_ENC_LOW, 0), "PK11_RSA_PRIV_ENC_LOW"}, +{ ERR_PACK(0, PK11_F_RSA_PUB_DEC_LOW, 0), "PK11_RSA_PUB_DEC_LOW"}, +{ ERR_PACK(0, PK11_F_RSA_PRIV_DEC_LOW, 0), "PK11_RSA_PRIV_DEC_LOW"}, +{ ERR_PACK(0, PK11_F_DSA_SIGN, 0), "PK11_DSA_SIGN"}, +{ ERR_PACK(0, PK11_F_DSA_VERIFY, 0), "PK11_DSA_VERIFY"}, +{ ERR_PACK(0, PK11_F_DSA_INIT, 0), "PK11_DSA_INIT"}, +{ ERR_PACK(0, PK11_F_DSA_FINISH, 0), "PK11_DSA_FINISH"}, +{ ERR_PACK(0, PK11_F_GET_PUB_DSA_KEY, 0), "PK11_GET_PUB_DSA_KEY"}, +{ ERR_PACK(0, PK11_F_GET_PRIV_DSA_KEY, 0), "PK11_GET_PRIV_DSA_KEY"}, +{ ERR_PACK(0, PK11_F_DH_INIT, 0), "PK11_DH_INIT"}, +{ ERR_PACK(0, PK11_F_DH_FINISH, 0), "PK11_DH_FINISH"}, +{ ERR_PACK(0, PK11_F_MOD_EXP_DH, 0), "PK11_MOD_EXP_DH"}, +{ ERR_PACK(0, PK11_F_GET_DH_KEY, 0), "PK11_GET_DH_KEY"}, +{ ERR_PACK(0, PK11_F_FREE_ALL_SESSIONS, 0), "PK11_FREE_ALL_SESSIONS"}, +{ ERR_PACK(0, PK11_F_SETUP_SESSION, 0), "PK11_SETUP_SESSION"}, +{ ERR_PACK(0, PK11_F_DESTROY_OBJECT, 0), "PK11_DESTROY_OBJECT"}, +{ ERR_PACK(0, PK11_F_CIPHER_INIT, 0), "PK11_CIPHER_INIT"}, +{ ERR_PACK(0, PK11_F_CIPHER_DO_CIPHER, 0), "PK11_CIPHER_DO_CIPHER"}, +{ ERR_PACK(0, PK11_F_GET_CIPHER_KEY, 0), "PK11_GET_CIPHER_KEY"}, +{ ERR_PACK(0, PK11_F_DIGEST_INIT, 0), "PK11_DIGEST_INIT"}, +{ ERR_PACK(0, PK11_F_DIGEST_UPDATE, 0), "PK11_DIGEST_UPDATE"}, +{ ERR_PACK(0, PK11_F_DIGEST_FINAL, 0), "PK11_DIGEST_FINAL"}, +{ ERR_PACK(0, PK11_F_CHOOSE_SLOT, 0), "PK11_CHOOSE_SLOT"}, +{ ERR_PACK(0, PK11_F_CIPHER_FINAL, 0), "PK11_CIPHER_FINAL"}, +{ ERR_PACK(0, PK11_F_LIBRARY_INIT, 0), "PK11_LIBRARY_INIT"}, +{ ERR_PACK(0, PK11_F_LOAD, 0), "ENGINE_LOAD_PK11"}, +{ ERR_PACK(0, PK11_F_DH_GEN_KEY, 0), "PK11_DH_GEN_KEY"}, +{ ERR_PACK(0, PK11_F_DH_COMP_KEY, 0), "PK11_DH_COMP_KEY"}, +{ ERR_PACK(0, PK11_F_DIGEST_COPY, 0), "PK11_DIGEST_COPY"}, +{ ERR_PACK(0, PK11_F_CIPHER_CLEANUP, 0), "PK11_CIPHER_CLEANUP"}, +{ ERR_PACK(0, PK11_F_ACTIVE_ADD, 0), "PK11_ACTIVE_ADD"}, +{ ERR_PACK(0, PK11_F_ACTIVE_DELETE, 0), "PK11_ACTIVE_DELETE"}, +{ ERR_PACK(0, PK11_F_CHECK_HW_MECHANISMS, 0), "PK11_CHECK_HW_MECHANISMS"}, +{ ERR_PACK(0, PK11_F_INIT_SYMMETRIC, 0), "PK11_INIT_SYMMETRIC"}, +{ ERR_PACK(0, PK11_F_ADD_AES_CTR_NIDS, 0), "PK11_ADD_AES_CTR_NIDS"}, +{ ERR_PACK(0, PK11_F_INIT_ALL_LOCKS, 0), "PK11_INIT_ALL_LOCKS"}, +{ ERR_PACK(0, PK11_F_RETURN_SESSION, 0), "PK11_RETURN_SESSION"}, +{ ERR_PACK(0, PK11_F_GET_PIN, 0), "PK11_GET_PIN"}, +{ ERR_PACK(0, PK11_F_FIND_ONE_OBJECT, 0), "PK11_FIND_ONE_OBJECT"}, +{ ERR_PACK(0, PK11_F_CHECK_TOKEN_ATTRS, 0), "PK11_CHECK_TOKEN_ATTRS"}, +{ ERR_PACK(0, PK11_F_CACHE_PIN, 0), "PK11_CACHE_PIN"}, +{ ERR_PACK(0, PK11_F_MLOCK_PIN_IN_MEMORY, 0), "PK11_MLOCK_PIN_IN_MEMORY"}, +{ ERR_PACK(0, PK11_F_TOKEN_LOGIN, 0), "PK11_TOKEN_LOGIN"}, +{ ERR_PACK(0, PK11_F_TOKEN_RELOGIN, 0), "PK11_TOKEN_RELOGIN"}, +{ ERR_PACK(0, PK11_F_RUN_ASKPASS, 0), "PK11_F_RUN_ASKPASS"}, +{ 0, NULL} +}; + +static ERR_STRING_DATA pk11_str_reasons[]= +{ +{ PK11_R_ALREADY_LOADED, "PKCS#11 DSO already loaded"}, +{ PK11_R_DSO_FAILURE, "unable to load PKCS#11 DSO"}, +{ PK11_R_NOT_LOADED, "PKCS#11 DSO not loaded"}, +{ PK11_R_PASSED_NULL_PARAMETER, "null parameter passed"}, +{ PK11_R_COMMAND_NOT_IMPLEMENTED, "command not implemented"}, +{ PK11_R_INITIALIZE, "C_Initialize failed"}, +{ PK11_R_FINALIZE, "C_Finalize failed"}, +{ PK11_R_GETINFO, "C_GetInfo faile"}, +{ PK11_R_GETSLOTLIST, "C_GetSlotList failed"}, +{ PK11_R_NO_MODULUS_OR_NO_EXPONENT, "no modulus or no exponent"}, +{ PK11_R_ATTRIBUT_SENSITIVE_OR_INVALID, "attr sensitive or invalid"}, +{ PK11_R_GETATTRIBUTVALUE, "C_GetAttributeValue failed"}, +{ PK11_R_NO_MODULUS, "no modulus"}, +{ PK11_R_NO_EXPONENT, "no exponent"}, +{ PK11_R_FINDOBJECTSINIT, "C_FindObjectsInit failed"}, +{ PK11_R_FINDOBJECTS, "C_FindObjects failed"}, +{ PK11_R_FINDOBJECTSFINAL, "C_FindObjectsFinal failed"}, +{ PK11_R_CREATEOBJECT, "C_CreateObject failed"}, +{ PK11_R_DESTROYOBJECT, "C_DestroyObject failed"}, +{ PK11_R_OPENSESSION, "C_OpenSession failed"}, +{ PK11_R_CLOSESESSION, "C_CloseSession failed"}, +{ PK11_R_ENCRYPTINIT, "C_EncryptInit failed"}, +{ PK11_R_ENCRYPT, "C_Encrypt failed"}, +{ PK11_R_SIGNINIT, "C_SignInit failed"}, +{ PK11_R_SIGN, "C_Sign failed"}, +{ PK11_R_DECRYPTINIT, "C_DecryptInit failed"}, +{ PK11_R_DECRYPT, "C_Decrypt failed"}, +{ PK11_R_VERIFYINIT, "C_VerifyRecover failed"}, +{ PK11_R_VERIFY, "C_Verify failed"}, +{ PK11_R_VERIFYRECOVERINIT, "C_VerifyRecoverInit failed"}, +{ PK11_R_VERIFYRECOVER, "C_VerifyRecover failed"}, +{ PK11_R_GEN_KEY, "C_GenerateKeyPair failed"}, +{ PK11_R_SEEDRANDOM, "C_SeedRandom failed"}, +{ PK11_R_GENERATERANDOM, "C_GenerateRandom failed"}, +{ PK11_R_INVALID_MESSAGE_LENGTH, "invalid message length"}, +{ PK11_R_UNKNOWN_ALGORITHM_TYPE, "unknown algorithm type"}, +{ PK11_R_UNKNOWN_ASN1_OBJECT_ID, "unknown asn1 onject id"}, +{ PK11_R_UNKNOWN_PADDING_TYPE, "unknown padding type"}, +{ PK11_R_PADDING_CHECK_FAILED, "padding check failed"}, +{ PK11_R_DIGEST_TOO_BIG, "digest too big"}, +{ PK11_R_MALLOC_FAILURE, "malloc failure"}, +{ PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED, "ctl command not implemented"}, +{ PK11_R_DATA_GREATER_THAN_MOD_LEN, "data is bigger than mod"}, +{ PK11_R_DATA_TOO_LARGE_FOR_MODULUS, "data is too larger for mod"}, +{ PK11_R_MISSING_KEY_COMPONENT, "a dsa component is missing"}, +{ PK11_R_INVALID_SIGNATURE_LENGTH, "invalid signature length"}, +{ PK11_R_INVALID_DSA_SIGNATURE_R, "missing r in dsa verify"}, +{ PK11_R_INVALID_DSA_SIGNATURE_S, "missing s in dsa verify"}, +{ PK11_R_INCONSISTENT_KEY, "inconsistent key type"}, +{ PK11_R_ENCRYPTUPDATE, "C_EncryptUpdate failed"}, +{ PK11_R_DECRYPTUPDATE, "C_DecryptUpdate failed"}, +{ PK11_R_DIGESTINIT, "C_DigestInit failed"}, +{ PK11_R_DIGESTUPDATE, "C_DigestUpdate failed"}, +{ PK11_R_DIGESTFINAL, "C_DigestFinal failed"}, +{ PK11_R_ENCRYPTFINAL, "C_EncryptFinal failed"}, +{ PK11_R_DECRYPTFINAL, "C_DecryptFinal failed"}, +{ PK11_R_NO_PRNG_SUPPORT, "Slot does not support PRNG"}, +{ PK11_R_GETTOKENINFO, "C_GetTokenInfo failed"}, +{ PK11_R_DERIVEKEY, "C_DeriveKey failed"}, +{ PK11_R_GET_OPERATION_STATE, "C_GetOperationState failed"}, +{ PK11_R_SET_OPERATION_STATE, "C_SetOperationState failed"}, +{ PK11_R_INVALID_HANDLE, "invalid PKCS#11 object handle"}, +{ PK11_R_KEY_OR_IV_LEN_PROBLEM, "IV or key length incorrect"}, +{ PK11_R_INVALID_OPERATION_TYPE, "invalid operation type"}, +{ PK11_R_ADD_NID_FAILED, "failed to add NID" }, +{ PK11_R_ATFORK_FAILED, "atfork failed" }, +{ PK11_R_TOKEN_LOGIN_FAILED, "C_Login failed on token" }, +{ PK11_R_MORE_THAN_ONE_OBJECT_FOUND, "more than one object found" }, +{ PK11_R_INVALID_PKCS11_URI, "pkcs11 URI provided is invalid" }, +{ PK11_R_COULD_NOT_READ_PIN, "could not read PIN from terminal" }, +{ PK11_R_PIN_NOT_READ_FROM_COMMAND, "PIN not read from external command" }, +{ PK11_R_COULD_NOT_OPEN_COMMAND, "could not popen dialog command" }, +{ PK11_R_PIPE_FAILED, "pipe failed" }, +{ PK11_R_BAD_PASSPHRASE_SPEC, "bad passphrasedialog specification" }, +{ PK11_R_TOKEN_NOT_INITIALIZED, "token not initialized" }, +{ PK11_R_TOKEN_PIN_NOT_SET, "token PIN required but not set" }, +{ PK11_R_TOKEN_PIN_NOT_PROVIDED, "token PIN required but not provided" }, +{ PK11_R_MISSING_OBJECT_LABEL, "missing mandatory 'object' keyword" }, +{ PK11_R_TOKEN_ATTRS_DO_NOT_MATCH, "token attrs provided do not match" }, +{ PK11_R_PRIV_KEY_NOT_FOUND, "private key not found in keystore" }, +{ PK11_R_NO_OBJECT_FOUND, "specified object not found" }, +{ PK11_R_PIN_CACHING_POLICY_INVALID, "PIN set but caching policy invalid" }, +{ PK11_R_SYSCONF_FAILED, "sysconf failed" }, +{ PK11_R_MMAP_FAILED, "mmap failed" }, +{ PK11_R_PRIV_PROC_LOCK_MEMORY_MISSING, "PROC_LOCK_MEMORY privilege missing" }, +{ PK11_R_MLOCK_FAILED, "mlock failed" }, +{ PK11_R_FORK_FAILED, "fork failed" }, +{ 0, NULL} +}; +#endif /* OPENSSL_NO_ERR */ + +static int pk11_lib_error_code = 0; +static int pk11_error_init = 1; + +#ifdef PK11_ENGINE_LIB_NAME +static ERR_STRING_DATA pk11_engine_lib_name[] = +{ +{0, PK11_ENGINE_LIB_NAME}, +{0, NULL} +}; +#endif + +static void +ERR_load_pk11_strings(void) + { + if (pk11_lib_error_code == 0) + pk11_lib_error_code = ERR_get_next_error_library(); + + if (pk11_error_init) + { + pk11_error_init = 0; +#ifndef OPENSSL_NO_ERR + ERR_load_strings(pk11_lib_error_code, pk11_str_functs); + ERR_load_strings(pk11_lib_error_code, pk11_str_reasons); +#endif + +#ifdef PK11_ENGINE_LIB_NAME + pk11_engine_lib_name->error = + ERR_PACK(pk11_lib_error_code, 0, 0); + ERR_load_strings(0, pk11_engine_lib_name); +#endif + } +} + +static void +ERR_unload_pk11_strings(void) + { + if (pk11_error_init == 0) + { +#ifndef OPENSSL_NO_ERR + ERR_unload_strings(pk11_lib_error_code, pk11_str_functs); + ERR_unload_strings(pk11_lib_error_code, pk11_str_reasons); +#endif + +#ifdef PK11_ENGINE_LIB_NAME + ERR_unload_strings(0, pk11_engine_lib_name); +#endif + + pk11_error_init = 1; + } +} + +void +ERR_pk11_error(int function, int reason, char *file, int line) +{ + if (pk11_lib_error_code == 0) + pk11_lib_error_code = ERR_get_next_error_library(); + ERR_PUT_error(pk11_lib_error_code, function, reason, file, line); +} + +void +PK11err_add_data(int function, int reason, CK_RV rv) +{ + char tmp_buf[20]; + + PK11err(function, reason); + (void) snprintf(tmp_buf, sizeof (tmp_buf), "%lx", rv); + ERR_add_error_data(2, "PK11 CK_RV=0X", tmp_buf); +} diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/engines/pkcs11/hw_pk11_err.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/engines/pkcs11/hw_pk11_err.h Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,242 @@ +/* + * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved. + */ + +/* + * This product includes software developed by the OpenSSL Project for + * use in the OpenSSL Toolkit (http://www.openssl.org/). + * + * This project also referenced hw_pkcs11-0.9.7b.patch written by + * Afchine Madjlessi. + */ +/* + * ==================================================================== + * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HW_PK11_ERR_H +#define HW_PK11_ERR_H + +#ifdef __cplusplus +extern "C" { +#endif + +void ERR_pk11_error(int function, int reason, char *file, int line); +void PK11err_add_data(int function, int reason, CK_RV rv); +#define PK11err(f, r) ERR_pk11_error((f), (r), __FILE__, __LINE__) + +/* Error codes for the PK11 functions. */ + +/* Function codes. */ + +#define PK11_F_INIT 100 +#define PK11_F_FINISH 101 +#define PK11_F_DESTROY 102 +#define PK11_F_CTRL 103 +#define PK11_F_RSA_INIT 104 +#define PK11_F_RSA_FINISH 105 +#define PK11_F_GET_PUB_RSA_KEY 106 +#define PK11_F_GET_PRIV_RSA_KEY 107 +#define PK11_F_RSA_GEN_KEY 108 +#define PK11_F_RSA_PUB_ENC 109 +#define PK11_F_RSA_PRIV_ENC 110 +#define PK11_F_RSA_PUB_DEC 111 +#define PK11_F_RSA_PRIV_DEC 112 +#define PK11_F_RSA_SIGN 113 +#define PK11_F_RSA_VERIFY 114 +#define PK11_F_RAND_ADD 115 +#define PK11_F_RAND_BYTES 116 +#define PK11_F_GET_SESSION 117 +#define PK11_F_FREE_SESSION 118 +#define PK11_F_LOAD_PUBKEY 119 +#define PK11_F_LOAD_PRIVKEY 120 +#define PK11_F_RSA_PUB_ENC_LOW 121 +#define PK11_F_RSA_PRIV_ENC_LOW 122 +#define PK11_F_RSA_PUB_DEC_LOW 123 +#define PK11_F_RSA_PRIV_DEC_LOW 124 +#define PK11_F_DSA_SIGN 125 +#define PK11_F_DSA_VERIFY 126 +#define PK11_F_DSA_INIT 127 +#define PK11_F_DSA_FINISH 128 +#define PK11_F_GET_PUB_DSA_KEY 129 +#define PK11_F_GET_PRIV_DSA_KEY 130 +#define PK11_F_DH_INIT 131 +#define PK11_F_DH_FINISH 132 +#define PK11_F_MOD_EXP_DH 133 +#define PK11_F_GET_DH_KEY 134 +#define PK11_F_FREE_ALL_SESSIONS 135 +#define PK11_F_SETUP_SESSION 136 +#define PK11_F_DESTROY_OBJECT 137 +#define PK11_F_CIPHER_INIT 138 +#define PK11_F_CIPHER_DO_CIPHER 139 +#define PK11_F_GET_CIPHER_KEY 140 +#define PK11_F_DIGEST_INIT 141 +#define PK11_F_DIGEST_UPDATE 142 +#define PK11_F_DIGEST_FINAL 143 +#define PK11_F_CHOOSE_SLOT 144 +#define PK11_F_CIPHER_FINAL 145 +#define PK11_F_LIBRARY_INIT 146 +#define PK11_F_LOAD 147 +#define PK11_F_DH_GEN_KEY 148 +#define PK11_F_DH_COMP_KEY 149 +#define PK11_F_DIGEST_COPY 150 +#define PK11_F_CIPHER_CLEANUP 151 +#define PK11_F_ACTIVE_ADD 152 +#define PK11_F_ACTIVE_DELETE 153 +#define PK11_F_CHECK_HW_MECHANISMS 154 +#define PK11_F_INIT_SYMMETRIC 155 +#define PK11_F_ADD_AES_CTR_NIDS 156 +#define PK11_F_INIT_ALL_LOCKS 157 +#define PK11_F_RETURN_SESSION 158 +#define PK11_F_GET_PIN 159 +#define PK11_F_FIND_ONE_OBJECT 160 +#define PK11_F_CHECK_TOKEN_ATTRS 161 +#define PK11_F_CACHE_PIN 162 +#define PK11_F_MLOCK_PIN_IN_MEMORY 163 +#define PK11_F_TOKEN_LOGIN 164 +#define PK11_F_TOKEN_RELOGIN 165 +#define PK11_F_RUN_ASKPASS 166 + +/* Reason codes. */ +#define PK11_R_ALREADY_LOADED 100 +#define PK11_R_DSO_FAILURE 101 +#define PK11_R_NOT_LOADED 102 +#define PK11_R_PASSED_NULL_PARAMETER 103 +#define PK11_R_COMMAND_NOT_IMPLEMENTED 104 +#define PK11_R_INITIALIZE 105 +#define PK11_R_FINALIZE 106 +#define PK11_R_GETINFO 107 +#define PK11_R_GETSLOTLIST 108 +#define PK11_R_NO_MODULUS_OR_NO_EXPONENT 109 +#define PK11_R_ATTRIBUT_SENSITIVE_OR_INVALID 110 +#define PK11_R_GETATTRIBUTVALUE 111 +#define PK11_R_NO_MODULUS 112 +#define PK11_R_NO_EXPONENT 113 +#define PK11_R_FINDOBJECTSINIT 114 +#define PK11_R_FINDOBJECTS 115 +#define PK11_R_FINDOBJECTSFINAL 116 +#define PK11_R_CREATEOBJECT 118 +#define PK11_R_DESTROYOBJECT 119 +#define PK11_R_OPENSESSION 120 +#define PK11_R_CLOSESESSION 121 +#define PK11_R_ENCRYPTINIT 122 +#define PK11_R_ENCRYPT 123 +#define PK11_R_SIGNINIT 124 +#define PK11_R_SIGN 125 +#define PK11_R_DECRYPTINIT 126 +#define PK11_R_DECRYPT 127 +#define PK11_R_VERIFYINIT 128 +#define PK11_R_VERIFY 129 +#define PK11_R_VERIFYRECOVERINIT 130 +#define PK11_R_VERIFYRECOVER 131 +#define PK11_R_GEN_KEY 132 +#define PK11_R_SEEDRANDOM 133 +#define PK11_R_GENERATERANDOM 134 +#define PK11_R_INVALID_MESSAGE_LENGTH 135 +#define PK11_R_UNKNOWN_ALGORITHM_TYPE 136 +#define PK11_R_UNKNOWN_ASN1_OBJECT_ID 137 +#define PK11_R_UNKNOWN_PADDING_TYPE 138 +#define PK11_R_PADDING_CHECK_FAILED 139 +#define PK11_R_DIGEST_TOO_BIG 140 +#define PK11_R_MALLOC_FAILURE 141 +#define PK11_R_CTRL_COMMAND_NOT_IMPLEMENTED 142 +#define PK11_R_DATA_GREATER_THAN_MOD_LEN 143 +#define PK11_R_DATA_TOO_LARGE_FOR_MODULUS 144 +#define PK11_R_MISSING_KEY_COMPONENT 145 +#define PK11_R_INVALID_SIGNATURE_LENGTH 146 +#define PK11_R_INVALID_DSA_SIGNATURE_R 147 +#define PK11_R_INVALID_DSA_SIGNATURE_S 148 +#define PK11_R_INCONSISTENT_KEY 149 +#define PK11_R_ENCRYPTUPDATE 150 +#define PK11_R_DECRYPTUPDATE 151 +#define PK11_R_DIGESTINIT 152 +#define PK11_R_DIGESTUPDATE 153 +#define PK11_R_DIGESTFINAL 154 +#define PK11_R_ENCRYPTFINAL 155 +#define PK11_R_DECRYPTFINAL 156 +#define PK11_R_NO_PRNG_SUPPORT 157 +#define PK11_R_GETTOKENINFO 158 +#define PK11_R_DERIVEKEY 159 +#define PK11_R_GET_OPERATION_STATE 160 +#define PK11_R_SET_OPERATION_STATE 161 +#define PK11_R_INVALID_HANDLE 162 +#define PK11_R_KEY_OR_IV_LEN_PROBLEM 163 +#define PK11_R_INVALID_OPERATION_TYPE 164 +#define PK11_R_ADD_NID_FAILED 165 +#define PK11_R_ATFORK_FAILED 166 +#define PK11_R_TOKEN_LOGIN_FAILED 167 +#define PK11_R_MORE_THAN_ONE_OBJECT_FOUND 168 +#define PK11_R_INVALID_PKCS11_URI 169 +#define PK11_R_COULD_NOT_READ_PIN 170 +#define PK11_R_COULD_NOT_OPEN_COMMAND 171 +#define PK11_R_PIPE_FAILED 172 +#define PK11_R_PIN_NOT_READ_FROM_COMMAND 173 +#define PK11_R_BAD_PASSPHRASE_SPEC 174 +#define PK11_R_TOKEN_NOT_INITIALIZED 175 +#define PK11_R_TOKEN_PIN_NOT_SET 176 +#define PK11_R_TOKEN_PIN_NOT_PROVIDED 177 +#define PK11_R_MISSING_OBJECT_LABEL 178 +#define PK11_R_TOKEN_ATTRS_DO_NOT_MATCH 179 +#define PK11_R_PRIV_KEY_NOT_FOUND 180 +#define PK11_R_NO_OBJECT_FOUND 181 +#define PK11_R_PIN_CACHING_POLICY_INVALID 182 +#define PK11_R_SYSCONF_FAILED 183 +#define PK11_R_MMAP_FAILED 183 +#define PK11_R_PRIV_PROC_LOCK_MEMORY_MISSING 184 +#define PK11_R_MLOCK_FAILED 185 +#define PK11_R_FORK_FAILED 186 + +#ifdef __cplusplus +} +#endif +#endif /* HW_PK11_ERR_H */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/engines/pkcs11/hw_pk11_pub.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/engines/pkcs11/hw_pk11_pub.c Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,3277 @@ +/* + * Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved. + */ + +/* crypto/engine/hw_pk11_pub.c */ +/* + * This product includes software developed by the OpenSSL Project for + * use in the OpenSSL Toolkit (http://www.openssl.org/). + * + * This project also referenced hw_pkcs11-0.9.7b.patch written by + * Afchine Madjlessi. + */ +/* + * ==================================================================== + * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#ifndef OPENSSL_NO_RSA +#include +#endif /* OPENSSL_NO_RSA */ +#ifndef OPENSSL_NO_DSA +#include +#endif /* OPENSSL_NO_DSA */ +#ifndef OPENSSL_NO_DH +#include +#endif /* OPENSSL_NO_DH */ +#include +#include +#include +#include +#include +#include + +#ifndef OPENSSL_NO_HW +#ifndef OPENSSL_NO_HW_PK11 + +#include +#include +#include "hw_pk11.h" +#include "hw_pk11_uri.h" + +static CK_BBOOL pk11_login_done = CK_FALSE; +extern CK_SLOT_ID pubkey_SLOTID; + +/* + * During the reinitialization after a detected fork we will try to login to the + * token using the passphrasedialog keyword that we inherit from the parent. + */ +char *passphrasedialog; + +#ifndef OPENSSL_NO_RSA +/* RSA stuff */ +static int pk11_RSA_public_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +static int pk11_RSA_private_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +static int pk11_RSA_public_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +static int pk11_RSA_private_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +static int pk11_RSA_init(RSA *rsa); +static int pk11_RSA_finish(RSA *rsa); +static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len, + unsigned char *sigret, unsigned int *siglen, const RSA *rsa); +static int pk11_RSA_verify(int dtype, const unsigned char *m, + unsigned int m_len, const unsigned char *sigbuf, unsigned int siglen, + const RSA *rsa); +EVP_PKEY *pk11_load_privkey(ENGINE*, const char *privkey_id, + UI_METHOD *ui_method, void *callback_data); +EVP_PKEY *pk11_load_pubkey(ENGINE*, const char *pubkey_id, + UI_METHOD *ui_method, void *callback_data); + +static int pk11_RSA_public_encrypt_low(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa); +static int pk11_RSA_private_encrypt_low(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa); +static int pk11_RSA_public_decrypt_low(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa); +static int pk11_RSA_private_decrypt_low(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa); + +static CK_OBJECT_HANDLE pk11_get_public_rsa_key(RSA* rsa, PK11_SESSION *sp); +static CK_OBJECT_HANDLE pk11_get_private_rsa_key(RSA* rsa, PK11_SESSION *sp); + +static int pk11_check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa); +static int pk11_check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa); +#endif + +/* DSA stuff */ +#ifndef OPENSSL_NO_DSA +static int pk11_DSA_init(DSA *dsa); +static int pk11_DSA_finish(DSA *dsa); +static DSA_SIG *pk11_dsa_do_sign(const unsigned char *dgst, int dlen, + DSA *dsa); +static int pk11_dsa_do_verify(const unsigned char *dgst, int dgst_len, + DSA_SIG *sig, DSA *dsa); + +static CK_OBJECT_HANDLE pk11_get_public_dsa_key(DSA* dsa, DSA **key_ptr, + BIGNUM **dsa_pub_num, CK_SESSION_HANDLE session); +static CK_OBJECT_HANDLE pk11_get_private_dsa_key(DSA* dsa, DSA **key_ptr, + BIGNUM **dsa_priv_num, CK_SESSION_HANDLE session); + +static int check_new_dsa_key_pub(PK11_SESSION *sp, DSA *dsa); +static int check_new_dsa_key_priv(PK11_SESSION *sp, DSA *dsa); +#endif + +/* DH stuff */ +#ifndef OPENSSL_NO_DH +static int pk11_DH_init(DH *dh); +static int pk11_DH_finish(DH *dh); +static int pk11_DH_generate_key(DH *dh); +static int pk11_DH_compute_key(unsigned char *key, + const BIGNUM *pub_key, DH *dh); + +static CK_OBJECT_HANDLE pk11_get_dh_key(DH* dh, DH **key_ptr, + BIGNUM **priv_key, CK_SESSION_HANDLE session); + +static int check_new_dh_key(PK11_SESSION *sp, DH *dh); +#endif + +static int find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s, + CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey); +static int init_template_value(BIGNUM *bn, CK_VOID_PTR *pValue, + CK_ULONG *ulValueLen); +static void attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn); + +static int pk11_pkey_meth_nids[] = {NID_dsa}; + +/* Read mode string to be used for fopen() */ +#if SOLARIS_OPENSSL +static char *read_mode_flags = "rF"; +#else +static char *read_mode_flags = "r"; +#endif + +/* + * Increment existing or create a new reference for an asymmetric key PKCS#11 + * object handle in the active object list. If the operation fails, unlock (if + * locked), set error variable and jump to the specified label. We use this list + * so that we can track how many references to the PKCS#11 objects are used from + * all our sessions structures. If we are replacing an object reference in the + * session structure and the ref count for the reference being replaced gets to + * 0 we know that we can safely free the object itself via C_ObjectDestroy(). + * See also TRY_OBJ_DESTROY. + */ +#define KEY_HANDLE_REFHOLD(key_handle, alg_type, unlock, var, label) \ + { \ + if (pk11_active_add(key_handle, alg_type) < 0) \ + { \ + var = CK_TRUE; \ + if (unlock) \ + UNLOCK_OBJSTORE(alg_type); \ + goto label; \ + } \ + } + +/* + * Find active list entry according to object handle and return pointer to the + * entry otherwise return NULL. + * + * This function presumes it is called with lock protecting the active list + * held. + */ +static PK11_active *pk11_active_find(CK_OBJECT_HANDLE h, PK11_OPTYPE type) + { + PK11_active *entry; + + for (entry = active_list[type]; entry != NULL; entry = entry->next) + if (entry->h == h) + return (entry); + + return (NULL); + } + +/* + * Search for an entry in the active list using PKCS#11 object handle as a + * search key and return refcnt of the found/created entry or -1 in case of + * failure. + * + * This function presumes it is called with lock protecting the active list + * held. + */ +int +pk11_active_add(CK_OBJECT_HANDLE h, PK11_OPTYPE type) + { + PK11_active *entry = NULL; + + if (h == CK_INVALID_HANDLE) + { + PK11err(PK11_F_ACTIVE_ADD, PK11_R_INVALID_HANDLE); + return (-1); + } + + /* search for entry in the active list */ + if ((entry = pk11_active_find(h, type)) != NULL) + entry->refcnt++; + else + { + /* not found, create new entry and add it to the list */ + entry = OPENSSL_malloc(sizeof (PK11_active)); + if (entry == NULL) + { + PK11err(PK11_F_ACTIVE_ADD, PK11_R_MALLOC_FAILURE); + return (-1); + } + entry->h = h; + entry->refcnt = 1; + entry->prev = NULL; + entry->next = NULL; + /* connect the newly created entry to the list */ + if (active_list[type] == NULL) + active_list[type] = entry; + else /* make the entry first in the list */ + { + entry->next = active_list[type]; + active_list[type]->prev = entry; + active_list[type] = entry; + } + } + + return (entry->refcnt); + } + +/* + * Remove active list entry from the list and free it. + * + * This function presumes it is called with lock protecting the active list + * held. + */ +void +pk11_active_remove(PK11_active *entry, PK11_OPTYPE type) + { + PK11_active *prev_entry; + + /* remove the entry from the list and free it */ + if ((prev_entry = entry->prev) != NULL) + { + prev_entry->next = entry->next; + if (entry->next != NULL) + entry->next->prev = prev_entry; + } + else + { + active_list[type] = entry->next; + /* we were the first but not the only one */ + if (entry->next != NULL) + entry->next->prev = NULL; + } + + /* sanitization */ + entry->h = CK_INVALID_HANDLE; + entry->prev = NULL; + entry->next = NULL; + OPENSSL_free(entry); + } + +/* Free all entries from the active list. */ +void +pk11_free_active_list(PK11_OPTYPE type) + { + PK11_active *entry; + + /* only for asymmetric types since only they have C_Find* locks. */ + switch (type) + { + case OP_RSA: + case OP_DSA: + case OP_DH: + break; + default: + return; + } + + /* see find_lock array definition for more info on object locking */ + LOCK_OBJSTORE(type); + while ((entry = active_list[type]) != NULL) + pk11_active_remove(entry, type); + UNLOCK_OBJSTORE(type); + } + +/* + * Search for active list entry associated with given PKCS#11 object handle, + * decrement its refcnt and if it drops to 0, disconnect the entry and free it. + * + * Return 1 if the PKCS#11 object associated with the entry has no references, + * return 0 if there is at least one reference, -1 on error. + * + * This function presumes it is called with lock protecting the active list + * held. + */ +int +pk11_active_delete(CK_OBJECT_HANDLE h, PK11_OPTYPE type) + { + PK11_active *entry = NULL; + + if ((entry = pk11_active_find(h, type)) == NULL) + { + PK11err(PK11_F_ACTIVE_DELETE, PK11_R_INVALID_HANDLE); + return (-1); + } + + OPENSSL_assert(entry->refcnt > 0); + entry->refcnt--; + if (entry->refcnt == 0) + { + pk11_active_remove(entry, type); + return (1); + } + + return (0); + } + +#ifndef OPENSSL_NO_RSA +/* Our internal RSA_METHOD that we provide pointers to */ +static RSA_METHOD pk11_rsa = + { + "PKCS#11 RSA method", + pk11_RSA_public_encrypt, /* rsa_pub_encrypt */ + pk11_RSA_public_decrypt, /* rsa_pub_decrypt */ + pk11_RSA_private_encrypt, /* rsa_priv_encrypt */ + pk11_RSA_private_decrypt, /* rsa_priv_decrypt */ + NULL, /* rsa_mod_exp */ + NULL, /* bn_mod_exp */ + pk11_RSA_init, /* init */ + pk11_RSA_finish, /* finish */ + RSA_FLAG_SIGN_VER, /* flags */ + NULL, /* app_data */ + pk11_RSA_sign, /* rsa_sign */ + pk11_RSA_verify, /* rsa_verify */ + /* Internal rsa_keygen will be used if this is NULL. */ + NULL /* rsa_keygen */ + }; + +RSA_METHOD * +PK11_RSA(void) + { + return (&pk11_rsa); + } +#endif + +#ifndef OPENSSL_NO_DSA +/* Our internal DSA_METHOD that we provide pointers to */ +static DSA_METHOD pk11_dsa = + { + "PKCS#11 DSA method", + pk11_dsa_do_sign, /* dsa_do_sign */ + NULL, /* dsa_sign_setup */ + pk11_dsa_do_verify, /* dsa_do_verify */ + NULL, /* dsa_mod_exp */ + NULL, /* bn_mod_exp */ + pk11_DSA_init, /* init */ + pk11_DSA_finish, /* finish */ + 0, /* flags */ + NULL /* app_data */ + }; + +DSA_METHOD * +PK11_DSA(void) + { + return (&pk11_dsa); + } +#endif + +#ifndef OPENSSL_NO_DH +/* + * PKCS #11 V2.20, section 11.2 specifies that the number of bytes needed for + * output buffer may somewhat exceed the precise number of bytes needed, but + * should not exceed it by a large amount. That may be caused, for example, by + * rounding it up to multiple of X in the underlying bignum library. 8 should be + * enough. + */ +#define DH_BUF_RESERVE 8 + +/* Our internal DH_METHOD that we provide pointers to */ +static DH_METHOD pk11_dh = + { + "PKCS#11 DH method", + pk11_DH_generate_key, /* generate_key */ + pk11_DH_compute_key, /* compute_key */ + NULL, /* bn_mod_exp */ + pk11_DH_init, /* init */ + pk11_DH_finish, /* finish */ + 0, /* flags */ + NULL, /* app_data */ + NULL /* generate_params */ + }; + +DH_METHOD * +PK11_DH(void) + { + return (&pk11_dh); + } +#endif + +/* Size of an SSL signature: MD5+SHA1 */ +#define SSL_SIG_LENGTH 36 + +/* Lengths of DSA data and signature */ +#define DSA_DATA_LEN 20 +#define DSA_SIGNATURE_LEN 40 + +static CK_BBOOL pk11_true = CK_TRUE; +static CK_BBOOL pk11_false = CK_FALSE; + +#ifndef OPENSSL_NO_RSA +/* + * Similar to OpenSSL to take advantage of the paddings. The goal is to + * support all paddings in this engine although PK11 library does not + * support all the paddings used in OpenSSL. + * The input errors should have been checked in the padding functions. + */ +static int pk11_RSA_public_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding) + { + int i, num = 0, r = -1; + unsigned char *buf = NULL; + + num = BN_num_bytes(rsa->n); + if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL) + { + PK11err(PK11_F_RSA_PUB_ENC, PK11_R_MALLOC_FAILURE); + goto err; + } + + switch (padding) + { + case RSA_PKCS1_PADDING: + i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen); + break; +#ifndef OPENSSL_NO_SHA + case RSA_PKCS1_OAEP_PADDING: + i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0); + break; +#endif + case RSA_SSLV23_PADDING: + i = RSA_padding_add_SSLv23(buf, num, from, flen); + break; + case RSA_NO_PADDING: + i = RSA_padding_add_none(buf, num, from, flen); + break; + default: + PK11err(PK11_F_RSA_PUB_ENC, PK11_R_UNKNOWN_PADDING_TYPE); + goto err; + } + if (i <= 0) goto err; + + /* PK11 functions are called here */ + r = pk11_RSA_public_encrypt_low(num, buf, to, rsa); +err: + if (buf != NULL) + { + OPENSSL_cleanse(buf, num); + OPENSSL_free(buf); + } + return (r); + } + + +/* + * Similar to Openssl to take advantage of the paddings. The input errors + * should be caught in the padding functions + */ +static int pk11_RSA_private_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding) + { + int i, num = 0, r = -1; + unsigned char *buf = NULL; + + num = BN_num_bytes(rsa->n); + if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL) + { + PK11err(PK11_F_RSA_PRIV_ENC, PK11_R_MALLOC_FAILURE); + goto err; + } + + switch (padding) + { + case RSA_PKCS1_PADDING: + i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen); + break; + case RSA_NO_PADDING: + i = RSA_padding_add_none(buf, num, from, flen); + break; + case RSA_SSLV23_PADDING: + default: + PK11err(PK11_F_RSA_PRIV_ENC, PK11_R_UNKNOWN_PADDING_TYPE); + goto err; + } + if (i <= 0) goto err; + + /* PK11 functions are called here */ + r = pk11_RSA_private_encrypt_low(num, buf, to, rsa); +err: + if (buf != NULL) + { + OPENSSL_cleanse(buf, num); + OPENSSL_free(buf); + } + return (r); + } + +/* Similar to OpenSSL code. Input errors are also checked here */ +static int pk11_RSA_private_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding) + { + BIGNUM f; + int j, num = 0, r = -1; + unsigned char *p; + unsigned char *buf = NULL; + + BN_init(&f); + + num = BN_num_bytes(rsa->n); + + if ((buf = (unsigned char *)OPENSSL_malloc(num)) == NULL) + { + PK11err(PK11_F_RSA_PRIV_DEC, PK11_R_MALLOC_FAILURE); + goto err; + } + + /* + * This check was for equality but PGP does evil things + * and chops off the top '0' bytes + */ + if (flen > num) + { + PK11err(PK11_F_RSA_PRIV_DEC, + PK11_R_DATA_GREATER_THAN_MOD_LEN); + goto err; + } + + /* make data into a big number */ + if (BN_bin2bn(from, (int)flen, &f) == NULL) + goto err; + + if (BN_ucmp(&f, rsa->n) >= 0) + { + PK11err(PK11_F_RSA_PRIV_DEC, + PK11_R_DATA_TOO_LARGE_FOR_MODULUS); + goto err; + } + + /* PK11 functions are called here */ + r = pk11_RSA_private_decrypt_low(flen, from, buf, rsa); + + /* + * PK11 CKM_RSA_X_509 mechanism pads 0's at the beginning. + * Needs to skip these 0's paddings here. + */ + for (j = 0; j < r; j++) + if (buf[j] != 0) + break; + + p = buf + j; + j = r - j; /* j is only used with no-padding mode */ + + switch (padding) + { + case RSA_PKCS1_PADDING: + r = RSA_padding_check_PKCS1_type_2(to, num, p, j, num); + break; +#ifndef OPENSSL_NO_SHA + case RSA_PKCS1_OAEP_PADDING: + r = RSA_padding_check_PKCS1_OAEP(to, num, p, j, num, NULL, 0); + break; +#endif + case RSA_SSLV23_PADDING: + r = RSA_padding_check_SSLv23(to, num, p, j, num); + break; + case RSA_NO_PADDING: + r = RSA_padding_check_none(to, num, p, j, num); + break; + default: + PK11err(PK11_F_RSA_PRIV_DEC, PK11_R_UNKNOWN_PADDING_TYPE); + goto err; + } + if (r < 0) + PK11err(PK11_F_RSA_PRIV_DEC, PK11_R_PADDING_CHECK_FAILED); + +err: + BN_clear_free(&f); + if (buf != NULL) + { + OPENSSL_cleanse(buf, num); + OPENSSL_free(buf); + } + return (r); + } + +/* Similar to OpenSSL code. Input errors are also checked here */ +static int pk11_RSA_public_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding) + { + BIGNUM f; + int i, num = 0, r = -1; + unsigned char *p; + unsigned char *buf = NULL; + + BN_init(&f); + num = BN_num_bytes(rsa->n); + buf = (unsigned char *)OPENSSL_malloc(num); + if (buf == NULL) + { + PK11err(PK11_F_RSA_PUB_DEC, PK11_R_MALLOC_FAILURE); + goto err; + } + + /* + * This check was for equality but PGP does evil things + * and chops off the top '0' bytes + */ + if (flen > num) + { + PK11err(PK11_F_RSA_PUB_DEC, PK11_R_DATA_GREATER_THAN_MOD_LEN); + goto err; + } + + if (BN_bin2bn(from, flen, &f) == NULL) + goto err; + + if (BN_ucmp(&f, rsa->n) >= 0) + { + PK11err(PK11_F_RSA_PUB_DEC, + PK11_R_DATA_TOO_LARGE_FOR_MODULUS); + goto err; + } + + /* PK11 functions are called here */ + r = pk11_RSA_public_decrypt_low(flen, from, buf, rsa); + + /* + * PK11 CKM_RSA_X_509 mechanism pads 0's at the beginning. + * Needs to skip these 0's here + */ + for (i = 0; i < r; i++) + if (buf[i] != 0) + break; + + p = buf + i; + i = r - i; /* i is only used with no-padding mode */ + + switch (padding) + { + case RSA_PKCS1_PADDING: + r = RSA_padding_check_PKCS1_type_1(to, num, p, i, num); + break; + case RSA_NO_PADDING: + r = RSA_padding_check_none(to, num, p, i, num); + break; + default: + PK11err(PK11_F_RSA_PUB_DEC, PK11_R_UNKNOWN_PADDING_TYPE); + goto err; + } + if (r < 0) + PK11err(PK11_F_RSA_PUB_DEC, PK11_R_PADDING_CHECK_FAILED); + +err: + BN_clear_free(&f); + if (buf != NULL) + { + OPENSSL_cleanse(buf, num); + OPENSSL_free(buf); + } + return (r); + } + +/* + * This function implements RSA public encryption using C_EncryptInit and + * C_Encrypt pk11 interfaces. Note that the CKM_RSA_X_509 is used here. + * The calling function allocated sufficient memory in "to" to store results. + */ +static int pk11_RSA_public_encrypt_low(int flen, + const unsigned char *from, unsigned char *to, RSA *rsa) + { + CK_ULONG bytes_encrypted = flen; + int retval = -1; + CK_RV rv; + CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0}; + CK_MECHANISM *p_mech = &mech_rsa; + CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE; + PK11_SESSION *sp; + + if ((sp = pk11_get_session(OP_RSA)) == NULL) + return (-1); + + (void) pk11_check_new_rsa_key_pub(sp, rsa); + + h_pub_key = sp->opdata_rsa_pub_key; + if (h_pub_key == CK_INVALID_HANDLE) + h_pub_key = sp->opdata_rsa_pub_key = + pk11_get_public_rsa_key(rsa, sp); + + if (h_pub_key != CK_INVALID_HANDLE) + { + rv = pFuncList->C_EncryptInit(sp->session, p_mech, + h_pub_key); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_RSA_PUB_ENC_LOW, + PK11_R_ENCRYPTINIT, rv); + pk11_return_session(sp, OP_RSA); + return (-1); + } + + rv = pFuncList->C_Encrypt(sp->session, + (unsigned char *)from, flen, to, &bytes_encrypted); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_RSA_PUB_ENC_LOW, + PK11_R_ENCRYPT, rv); + pk11_return_session(sp, OP_RSA); + return (-1); + } + retval = bytes_encrypted; + } + + pk11_return_session(sp, OP_RSA); + return (retval); + } + + +/* + * This function implements RSA private encryption using C_SignInit and + * C_Sign pk11 APIs. Note that CKM_RSA_X_509 is used here. + * The calling function allocated sufficient memory in "to" to store results. + */ +static int pk11_RSA_private_encrypt_low(int flen, + const unsigned char *from, unsigned char *to, RSA *rsa) + { + CK_ULONG ul_sig_len = flen; + int retval = -1; + CK_RV rv; + CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0}; + CK_MECHANISM *p_mech = &mech_rsa; + CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE; + PK11_SESSION *sp; + + if ((sp = pk11_get_session(OP_RSA)) == NULL) + return (-1); + + (void) pk11_check_new_rsa_key_priv(sp, rsa); + + h_priv_key = sp->opdata_rsa_priv_key; + if (h_priv_key == CK_INVALID_HANDLE) + h_priv_key = sp->opdata_rsa_priv_key = + pk11_get_private_rsa_key(rsa, sp); + + if (h_priv_key != CK_INVALID_HANDLE) + { + rv = pFuncList->C_SignInit(sp->session, p_mech, + h_priv_key); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_RSA_PRIV_ENC_LOW, + PK11_R_SIGNINIT, rv); + pk11_return_session(sp, OP_RSA); + return (-1); + } + + rv = pFuncList->C_Sign(sp->session, + (unsigned char *)from, flen, to, &ul_sig_len); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_RSA_PRIV_ENC_LOW, PK11_R_SIGN, + rv); + pk11_return_session(sp, OP_RSA); + return (-1); + } + + retval = ul_sig_len; + } + + pk11_return_session(sp, OP_RSA); + return (retval); + } + + +/* + * This function implements RSA private decryption using C_DecryptInit and + * C_Decrypt pk11 APIs. Note that CKM_RSA_X_509 mechanism is used here. + * The calling function allocated sufficient memory in "to" to store results. + */ +static int pk11_RSA_private_decrypt_low(int flen, + const unsigned char *from, unsigned char *to, RSA *rsa) + { + CK_ULONG bytes_decrypted = flen; + int retval = -1; + CK_RV rv; + CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0}; + CK_MECHANISM *p_mech = &mech_rsa; + CK_OBJECT_HANDLE h_priv_key; + PK11_SESSION *sp; + + if ((sp = pk11_get_session(OP_RSA)) == NULL) + return (-1); + + (void) pk11_check_new_rsa_key_priv(sp, rsa); + + h_priv_key = sp->opdata_rsa_priv_key; + if (h_priv_key == CK_INVALID_HANDLE) + h_priv_key = sp->opdata_rsa_priv_key = + pk11_get_private_rsa_key(rsa, sp); + + if (h_priv_key != CK_INVALID_HANDLE) + { + rv = pFuncList->C_DecryptInit(sp->session, p_mech, + h_priv_key); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_RSA_PRIV_DEC_LOW, + PK11_R_DECRYPTINIT, rv); + pk11_return_session(sp, OP_RSA); + return (-1); + } + + rv = pFuncList->C_Decrypt(sp->session, + (unsigned char *)from, flen, to, &bytes_decrypted); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_RSA_PRIV_DEC_LOW, + PK11_R_DECRYPT, rv); + pk11_return_session(sp, OP_RSA); + return (-1); + } + retval = bytes_decrypted; + } + + pk11_return_session(sp, OP_RSA); + return (retval); + } + + +/* + * This function implements RSA public decryption using C_VerifyRecoverInit + * and C_VerifyRecover pk11 APIs. Note that CKM_RSA_X_509 is used here. + * The calling function allocated sufficient memory in "to" to store results. + */ +static int pk11_RSA_public_decrypt_low(int flen, + const unsigned char *from, unsigned char *to, RSA *rsa) + { + CK_ULONG bytes_decrypted = flen; + int retval = -1; + CK_RV rv; + CK_MECHANISM mech_rsa = {CKM_RSA_X_509, NULL, 0}; + CK_MECHANISM *p_mech = &mech_rsa; + CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE; + PK11_SESSION *sp; + + if ((sp = pk11_get_session(OP_RSA)) == NULL) + return (-1); + + (void) pk11_check_new_rsa_key_pub(sp, rsa); + + h_pub_key = sp->opdata_rsa_pub_key; + if (h_pub_key == CK_INVALID_HANDLE) + h_pub_key = sp->opdata_rsa_pub_key = + pk11_get_public_rsa_key(rsa, sp); + + if (h_pub_key != CK_INVALID_HANDLE) + { + rv = pFuncList->C_VerifyRecoverInit(sp->session, + p_mech, h_pub_key); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_RSA_PUB_DEC_LOW, + PK11_R_VERIFYRECOVERINIT, rv); + pk11_return_session(sp, OP_RSA); + return (-1); + } + + rv = pFuncList->C_VerifyRecover(sp->session, + (unsigned char *)from, flen, to, &bytes_decrypted); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_RSA_PUB_DEC_LOW, + PK11_R_VERIFYRECOVER, rv); + pk11_return_session(sp, OP_RSA); + return (-1); + } + retval = bytes_decrypted; + } + + pk11_return_session(sp, OP_RSA); + return (retval); + } + +static int pk11_RSA_init(RSA *rsa) + { + /* + * This flag in the RSA_METHOD enables the new rsa_sign, + * rsa_verify functions. See rsa.h for details. + */ + rsa->flags |= RSA_FLAG_SIGN_VER; + + return (1); + } + +static int pk11_RSA_finish(RSA *rsa) + { + /* + * Since we are overloading OpenSSL's native RSA_eay_finish() we need + * to do the same as in the original function, i.e. to free bignum + * structures. + */ + if (rsa->_method_mod_n != NULL) + BN_MONT_CTX_free(rsa->_method_mod_n); + if (rsa->_method_mod_p != NULL) + BN_MONT_CTX_free(rsa->_method_mod_p); + if (rsa->_method_mod_q != NULL) + BN_MONT_CTX_free(rsa->_method_mod_q); + + return (1); + } + +/* + * Standard engine interface function. Majority codes here are from + * rsa/rsa_sign.c. We replaced the decrypt function call by C_Sign of PKCS#11. + * See more details in rsa/rsa_sign.c + */ +static int pk11_RSA_sign(int type, const unsigned char *m, unsigned int m_len, + unsigned char *sigret, unsigned int *siglen, const RSA *rsa) + { + X509_SIG sig; + ASN1_TYPE parameter; + int i, j; + unsigned char *p, *s = NULL; + X509_ALGOR algor; + ASN1_OCTET_STRING digest; + CK_RV rv; + CK_MECHANISM mech_rsa = {CKM_RSA_PKCS, NULL, 0}; + CK_MECHANISM *p_mech = &mech_rsa; + CK_OBJECT_HANDLE h_priv_key; + PK11_SESSION *sp = NULL; + int ret = 0; + unsigned long ulsiglen; + + /* Encode the digest */ + /* Special case: SSL signature, just check the length */ + if (type == NID_md5_sha1) + { + if (m_len != SSL_SIG_LENGTH) + { + PK11err(PK11_F_RSA_SIGN, + PK11_R_INVALID_MESSAGE_LENGTH); + goto err; + } + i = SSL_SIG_LENGTH; + s = (unsigned char *)m; + } + else + { + sig.algor = &algor; + sig.algor->algorithm = OBJ_nid2obj(type); + if (sig.algor->algorithm == NULL) + { + PK11err(PK11_F_RSA_SIGN, + PK11_R_UNKNOWN_ALGORITHM_TYPE); + goto err; + } + if (sig.algor->algorithm->length == 0) + { + PK11err(PK11_F_RSA_SIGN, + PK11_R_UNKNOWN_ASN1_OBJECT_ID); + goto err; + } + parameter.type = V_ASN1_NULL; + parameter.value.ptr = NULL; + sig.algor->parameter = ¶meter; + + sig.digest = &digest; + sig.digest->data = (unsigned char *)m; + sig.digest->length = m_len; + + i = i2d_X509_SIG(&sig, NULL); + } + + j = RSA_size(rsa); + if ((i - RSA_PKCS1_PADDING) > j) + { + PK11err(PK11_F_RSA_SIGN, PK11_R_DIGEST_TOO_BIG); + goto err; + } + + if (type != NID_md5_sha1) + { + s = (unsigned char *)OPENSSL_malloc((unsigned int)(j + 1)); + if (s == NULL) + { + PK11err(PK11_F_RSA_SIGN, PK11_R_MALLOC_FAILURE); + goto err; + } + p = s; + (void) i2d_X509_SIG(&sig, &p); + } + + if ((sp = pk11_get_session(OP_RSA)) == NULL) + goto err; + + (void) pk11_check_new_rsa_key_priv(sp, rsa); + + h_priv_key = sp->opdata_rsa_priv_key; + if (h_priv_key == CK_INVALID_HANDLE) + h_priv_key = sp->opdata_rsa_priv_key = + pk11_get_private_rsa_key((RSA *)rsa, sp); + + if (h_priv_key != CK_INVALID_HANDLE) + { + rv = pFuncList->C_SignInit(sp->session, p_mech, h_priv_key); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGNINIT, rv); + goto err; + } + + ulsiglen = j; + rv = pFuncList->C_Sign(sp->session, s, i, sigret, + (CK_ULONG_PTR) &ulsiglen); + *siglen = ulsiglen; + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_RSA_SIGN, PK11_R_SIGN, rv); + goto err; + } + ret = 1; + } + +err: + if (type != NID_md5_sha1) + { + (void) memset(s, 0, (unsigned int)(j + 1)); + OPENSSL_free(s); + } + + pk11_return_session(sp, OP_RSA); + return (ret); + } + +static int pk11_RSA_verify(int type, const unsigned char *m, + unsigned int m_len, const unsigned char *sigbuf, unsigned int siglen, + const RSA *rsa) + { + X509_SIG sig; + ASN1_TYPE parameter; + int i, j; + unsigned char *p, *s = NULL; + X509_ALGOR algor; + ASN1_OCTET_STRING digest; + CK_RV rv; + CK_MECHANISM mech_rsa = {CKM_RSA_PKCS, NULL, 0}; + CK_MECHANISM *p_mech = &mech_rsa; + CK_OBJECT_HANDLE h_pub_key; + PK11_SESSION *sp = NULL; + int ret = 0; + + /* Encode the digest */ + /* Special case: SSL signature, just check the length */ + if (type == NID_md5_sha1) + { + if (m_len != SSL_SIG_LENGTH) + { + PK11err(PK11_F_RSA_VERIFY, + PK11_R_INVALID_MESSAGE_LENGTH); + goto err; + } + i = SSL_SIG_LENGTH; + s = (unsigned char *)m; + } + else + { + sig.algor = &algor; + sig.algor->algorithm = OBJ_nid2obj(type); + if (sig.algor->algorithm == NULL) + { + PK11err(PK11_F_RSA_VERIFY, + PK11_R_UNKNOWN_ALGORITHM_TYPE); + goto err; + } + if (sig.algor->algorithm->length == 0) + { + PK11err(PK11_F_RSA_VERIFY, + PK11_R_UNKNOWN_ASN1_OBJECT_ID); + goto err; + } + parameter.type = V_ASN1_NULL; + parameter.value.ptr = NULL; + sig.algor->parameter = ¶meter; + sig.digest = &digest; + sig.digest->data = (unsigned char *)m; + sig.digest->length = m_len; + i = i2d_X509_SIG(&sig, NULL); + } + + j = RSA_size(rsa); + if ((i - RSA_PKCS1_PADDING) > j) + { + PK11err(PK11_F_RSA_VERIFY, PK11_R_DIGEST_TOO_BIG); + goto err; + } + + if (type != NID_md5_sha1) + { + s = (unsigned char *)OPENSSL_malloc((unsigned int)(j + 1)); + if (s == NULL) + { + PK11err(PK11_F_RSA_VERIFY, PK11_R_MALLOC_FAILURE); + goto err; + } + p = s; + (void) i2d_X509_SIG(&sig, &p); + } + + if ((sp = pk11_get_session(OP_RSA)) == NULL) + goto err; + + (void) pk11_check_new_rsa_key_pub(sp, rsa); + + h_pub_key = sp->opdata_rsa_pub_key; + if (h_pub_key == CK_INVALID_HANDLE) + h_pub_key = sp->opdata_rsa_pub_key = + pk11_get_public_rsa_key((RSA *)rsa, sp); + + if (h_pub_key != CK_INVALID_HANDLE) + { + rv = pFuncList->C_VerifyInit(sp->session, p_mech, + h_pub_key); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_RSA_VERIFY, PK11_R_VERIFYINIT, + rv); + goto err; + } + rv = pFuncList->C_Verify(sp->session, s, i, + (CK_BYTE_PTR)sigbuf, (CK_ULONG)siglen); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_RSA_VERIFY, PK11_R_VERIFY, rv); + goto err; + } + ret = 1; + } + +err: + if (type != NID_md5_sha1) + { + (void) memset(s, 0, (unsigned int)siglen); + OPENSSL_free(s); + } + + pk11_return_session(sp, OP_RSA); + return (ret); + } + +#define MAXATTR 1024 +/* + * Load RSA private key from a file or get its PKCS#11 handle if stored in the + * PKCS#11 token. + */ +/* ARGSUSED */ +EVP_PKEY *pk11_load_privkey(ENGINE* e, const char *privkey_id, + UI_METHOD *ui_method, void *callback_data) + { + EVP_PKEY *pkey = NULL; + FILE *privkey; + CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE; + RSA *rsa = NULL; + PK11_SESSION *sp; + /* Anything else below is needed for the key by reference extension. */ + const char *file; + int ret; + pkcs11_uri uri_struct; + CK_RV rv; + CK_BBOOL is_token = CK_TRUE; + CK_BBOOL rollback = CK_FALSE; + CK_BYTE attr_data[8][MAXATTR]; + CK_OBJECT_CLASS key_class = CKO_PRIVATE_KEY; + CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */ + + /* We look for private keys only. */ + CK_ATTRIBUTE search_templ[] = + { + {CKA_TOKEN, &is_token, sizeof (is_token)}, + {CKA_CLASS, &key_class, sizeof (key_class)}, + {CKA_LABEL, NULL, 0} + }; + + /* + * These public attributes are needed to initialize the OpenSSL RSA + * structure with something we can use to look up the key. Note that we + * never ask for private components. + */ + CK_ATTRIBUTE get_templ[] = + { + {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */ + {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */ + }; + + if ((sp = pk11_get_session(OP_RSA)) == NULL) + return (NULL); + + /* + * The next function will decide whether we are going to access keys in + * the token or read them from plain files. It all depends on what is in + * the 'privkey_id' parameter. + */ + ret = pk11_process_pkcs11_uri(privkey_id, &uri_struct, &file); + + if (ret == 0) + goto err; + + /* We will try to access a key from a PKCS#11 token. */ + if (ret == 1) + { + if (pk11_check_token_attrs(&uri_struct) == 0) + goto err; + + search_templ[2].pValue = uri_struct.object; + search_templ[2].ulValueLen = strlen(search_templ[2].pValue); + + if (pk11_token_login(sp->session, &pk11_login_done, + &uri_struct, CK_TRUE) == 0) + goto err; + + /* + * Now let's try to find the key in the token. It is a failure + * if we can't find it. + */ + if (find_one_object(OP_RSA, sp->session, search_templ, 3, + &ks_key) == 0) + goto err; + + /* + * Free the structure now. Note that we use uri_struct's field + * directly in the template so we cannot free it until the find + * is done. + */ + pk11_free_pkcs11_uri(&uri_struct, 0); + + /* + * We might have a cache hit which we could confirm according to + * the 'n'/'e' params, RSA public pointer as NULL, and non-NULL + * RSA private pointer. However, it is easier just to recreate + * everything. We expect the keys to be loaded once and used + * many times. We do not check the return value because even in + * case of failure the sp structure will have both key pointer + * and object handle cleaned and pk11_destroy_object() reports + * the failure to the OpenSSL error message buffer. + */ + (void) pk11_destroy_rsa_object_priv(sp, CK_TRUE); + + sp->opdata_rsa_priv_key = ks_key; + /* This object shall not be deleted on a cache miss. */ + sp->persistent = CK_TRUE; + + if ((rsa = sp->opdata_rsa_priv = RSA_new_method(e)) == NULL) + goto err; + + if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key, + get_templ, 2)) != CKR_OK) + { + PK11err_add_data(PK11_F_LOAD_PRIVKEY, + PK11_R_GETATTRIBUTVALUE, rv); + goto err; + } + + /* + * Cache the RSA private structure pointer. We do not use it now + * for key-by-ref keys but let's do it for consistency reasons. + */ + sp->opdata_rsa_priv = rsa; + + /* + * We do not use pk11_get_private_rsa_key() here so we must take + * care of handle management ourselves. + */ + KEY_HANDLE_REFHOLD(ks_key, OP_RSA, CK_FALSE, rollback, err); + + /* + * Those are the sensitive components we do not want to export + * from the token at all: rsa->(d|p|q|dmp1|dmq1|iqmp). + */ + attr_to_BN(&get_templ[0], attr_data[0], &rsa->n); + attr_to_BN(&get_templ[1], attr_data[1], &rsa->e); + /* + * Must have 'n'/'e' components in the session structure as + * well. They serve as a public look-up key for the private key + * in the keystore. + */ + attr_to_BN(&get_templ[0], attr_data[0], &sp->opdata_rsa_n_num); + attr_to_BN(&get_templ[1], attr_data[1], &sp->opdata_rsa_e_num); + + if ((pkey = EVP_PKEY_new()) == NULL) + goto err; + + if (EVP_PKEY_set1_RSA(pkey, rsa) == 0) + goto err; + } + else + if ((privkey = fopen(file, read_mode_flags)) != NULL) + { + pkey = PEM_read_PrivateKey(privkey, NULL, NULL, NULL); + (void) fclose(privkey); + if (pkey != NULL) + { + rsa = EVP_PKEY_get1_RSA(pkey); + if (rsa != NULL) + { + (void) pk11_check_new_rsa_key_priv(sp, + rsa); + + h_priv_key = sp->opdata_rsa_priv_key = + pk11_get_private_rsa_key(rsa, sp); + if (h_priv_key == CK_INVALID_HANDLE) + goto err; + } + else + goto err; + } + } + + pk11_return_session(sp, OP_RSA); + return (pkey); +err: + if (rsa != NULL) + RSA_free(rsa); + if (pkey != NULL) + { + EVP_PKEY_free(pkey); + pkey = NULL; + } + return (pkey); + } + +/* Load RSA public key from a file or load it from the PKCS#11 token. */ +/* ARGSUSED */ +EVP_PKEY *pk11_load_pubkey(ENGINE* e, const char *pubkey_id, + UI_METHOD *ui_method, void *callback_data) + { + EVP_PKEY *pkey = NULL; + FILE *pubkey; + CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE; + RSA *rsa = NULL; + PK11_SESSION *sp; + /* everything else below needed for key by reference extension */ + int ret; + const char *file; + pkcs11_uri uri_struct; + CK_RV rv; + CK_BBOOL is_token = CK_TRUE; + CK_BYTE attr_data[2][MAXATTR]; + CK_OBJECT_CLASS key_class = CKO_PUBLIC_KEY; + CK_OBJECT_HANDLE ks_key = CK_INVALID_HANDLE; /* key in keystore */ + + CK_ATTRIBUTE search_templ[] = + { + {CKA_TOKEN, &is_token, sizeof (is_token)}, + {CKA_CLASS, &key_class, sizeof (key_class)}, + {CKA_LABEL, NULL, 0} + }; + + /* + * These public attributes are needed to initialize OpenSSL RSA + * structure with something we can use to look up the key. + */ + CK_ATTRIBUTE get_templ[] = + { + {CKA_MODULUS, (void *)attr_data[0], MAXATTR}, /* n */ + {CKA_PUBLIC_EXPONENT, (void *)attr_data[1], MAXATTR}, /* e */ + }; + + if ((sp = pk11_get_session(OP_RSA)) == NULL) + return (NULL); + + ret = pk11_process_pkcs11_uri(pubkey_id, &uri_struct, &file); + + if (ret == 0) + goto err; + + if (ret == 1) + { + if (pk11_check_token_attrs(&uri_struct) == 0) + goto err; + + search_templ[2].pValue = uri_struct.object; + search_templ[2].ulValueLen = strlen(search_templ[2].pValue); + + if (pk11_token_login(sp->session, &pk11_login_done, + &uri_struct, CK_FALSE) == 0) + goto err; + + if (find_one_object(OP_RSA, sp->session, search_templ, 3, + &ks_key) == 0) + { + goto err; + } + + /* + * Free the structure now. Note that we use uri_struct's field + * directly in the template so we can't free until find is done. + */ + pk11_free_pkcs11_uri(&uri_struct, 0); + /* + * We load a new public key so we will create a new RSA + * structure. No cache hit is possible. + */ + (void) pk11_destroy_rsa_object_pub(sp, CK_TRUE); + sp->opdata_rsa_pub_key = ks_key; + + if ((rsa = sp->opdata_rsa_pub = RSA_new_method(e)) == NULL) + goto err; + + if ((rv = pFuncList->C_GetAttributeValue(sp->session, ks_key, + get_templ, 2)) != CKR_OK) + { + PK11err_add_data(PK11_F_LOAD_PUBKEY, + PK11_R_GETATTRIBUTVALUE, rv); + goto err; + } + + /* + * Cache the RSA public structure pointer. + */ + sp->opdata_rsa_pub = rsa; + + /* + * These are the sensitive components we do not want to export + * from the token at all: rsa->(d|p|q|dmp1|dmq1|iqmp). + */ + attr_to_BN(&get_templ[0], attr_data[0], &rsa->n); + attr_to_BN(&get_templ[1], attr_data[1], &rsa->e); + + if ((pkey = EVP_PKEY_new()) == NULL) + goto err; + + if (EVP_PKEY_set1_RSA(pkey, rsa) == 0) + goto err; + + /* + * Create a session object from it so that when calling + * pk11_get_public_rsa_key() the next time, we can find it. The + * reason why we do that is that we cannot tell from the RSA + * structure (OpenSSL RSA structure does not have any room for + * additional data used by the engine, for example) if it bears + * a public key stored in the keystore or not so it's better if + * we always have a session key. Note that this is different + * from what we do for the private keystore objects but in that + * case, we can tell from the RSA structure that the keystore + * object is in play - the 'd' component is NULL in that case. + */ + h_pub_key = sp->opdata_rsa_pub_key = + pk11_get_public_rsa_key(rsa, sp); + if (h_pub_key == CK_INVALID_HANDLE) + goto err; + } + else + if ((pubkey = fopen(file, read_mode_flags)) != NULL) + { + pkey = PEM_read_PUBKEY(pubkey, NULL, NULL, NULL); + (void) fclose(pubkey); + if (pkey != NULL) + { + rsa = EVP_PKEY_get1_RSA(pkey); + if (rsa != NULL) + { + /* + * This will always destroy the RSA + * object since we have a new RSA + * structure here. + */ + (void) pk11_check_new_rsa_key_pub(sp, + rsa); + + h_pub_key = sp->opdata_rsa_pub_key = + pk11_get_public_rsa_key(rsa, sp); + if (h_pub_key == CK_INVALID_HANDLE) + { + EVP_PKEY_free(pkey); + pkey = NULL; + } + } + else + { + EVP_PKEY_free(pkey); + pkey = NULL; + } + } + } + + pk11_return_session(sp, OP_RSA); + return (pkey); +err: + if (rsa != NULL) + RSA_free(rsa); + if (pkey != NULL) + { + EVP_PKEY_free(pkey); + pkey = NULL; + } + return (pkey); + } + +/* + * Get a public key object in a session from a given rsa structure. If the + * PKCS#11 session object already exists it is found, reused, and + * the counter in the active object list incremented. If not found, a new + * session object is created and put also onto the active object list. + * + * We use the session field from sp, and we cache rsa->(n|e) in + * opdata_rsa_(n|e|d)_num, respectively. + */ +static CK_OBJECT_HANDLE +pk11_get_public_rsa_key(RSA* rsa, PK11_SESSION *sp) + { + CK_RV rv; + CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE; + CK_ULONG found; + CK_OBJECT_CLASS o_key = CKO_PUBLIC_KEY; + CK_KEY_TYPE k_type = CKK_RSA; + CK_ULONG ul_key_attr_count = 7; + CK_BBOOL rollback = CK_FALSE; + + CK_ATTRIBUTE a_key_template[] = + { + {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)}, + {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)}, + {CKA_TOKEN, &pk11_false, sizeof (pk11_false)}, + {CKA_ENCRYPT, &pk11_true, sizeof (pk11_true)}, + {CKA_VERIFY_RECOVER, &pk11_true, sizeof (pk11_true)}, + {CKA_MODULUS, (void *)NULL, 0}, + {CKA_PUBLIC_EXPONENT, (void *)NULL, 0} + }; + + int i; + + a_key_template[0].pValue = &o_key; + a_key_template[1].pValue = &k_type; + + a_key_template[5].ulValueLen = BN_num_bytes(rsa->n); + a_key_template[5].pValue = (CK_VOID_PTR)OPENSSL_malloc( + (size_t)a_key_template[5].ulValueLen); + if (a_key_template[5].pValue == NULL) + { + PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE); + goto malloc_err; + } + + BN_bn2bin(rsa->n, a_key_template[5].pValue); + + a_key_template[6].ulValueLen = BN_num_bytes(rsa->e); + a_key_template[6].pValue = (CK_VOID_PTR)OPENSSL_malloc( + (size_t)a_key_template[6].ulValueLen); + if (a_key_template[6].pValue == NULL) + { + PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE); + goto malloc_err; + } + + BN_bn2bin(rsa->e, a_key_template[6].pValue); + + /* see find_lock array definition for more info on object locking */ + LOCK_OBJSTORE(OP_RSA); + + rv = pFuncList->C_FindObjectsInit(sp->session, a_key_template, + ul_key_attr_count); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_GET_PUB_RSA_KEY, + PK11_R_FINDOBJECTSINIT, rv); + goto err; + } + + rv = pFuncList->C_FindObjects(sp->session, &h_key, 1, &found); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_GET_PUB_RSA_KEY, + PK11_R_FINDOBJECTS, rv); + goto err; + } + + rv = pFuncList->C_FindObjectsFinal(sp->session); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_GET_PUB_RSA_KEY, + PK11_R_FINDOBJECTSFINAL, rv); + goto err; + } + + if (found == 0) + { + rv = pFuncList->C_CreateObject(sp->session, + a_key_template, ul_key_attr_count, &h_key); + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_GET_PUB_RSA_KEY, + PK11_R_CREATEOBJECT, rv); + goto err; + } + } + + if ((sp->opdata_rsa_n_num = BN_dup(rsa->n)) == NULL) + { + PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE); + rollback = CK_TRUE; + goto err; + } + + if ((sp->opdata_rsa_e_num = BN_dup(rsa->e)) == NULL) + { + PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE); + BN_free(sp->opdata_rsa_n_num); + sp->opdata_rsa_n_num = NULL; + rollback = CK_TRUE; + goto err; + } + + /* LINTED: E_CONSTANT_CONDITION */ + KEY_HANDLE_REFHOLD(h_key, OP_RSA, CK_FALSE, rollback, err); + sp->opdata_rsa_pub = rsa; + +err: + if (rollback) + { + /* + * We do not care about the return value from C_DestroyObject() + * since we are doing rollback. + */ + if (found == 0) + (void) pFuncList->C_DestroyObject(sp->session, h_key); + h_key = CK_INVALID_HANDLE; + } + + UNLOCK_OBJSTORE(OP_RSA); + +malloc_err: + for (i = 5; i <= 6; i++) + { + if (a_key_template[i].pValue != NULL) + { + OPENSSL_free(a_key_template[i].pValue); + a_key_template[i].pValue = NULL; + } + } + + return (h_key); + } + +/* + * Function similar to pk11_get_public_rsa_key(). In addition to 'n' and 'e' + * components, it also caches 'd' if present. Note that if RSA keys by reference + * are used, 'd' is never extracted from the token in which case it would be + * NULL here. + */ +static CK_OBJECT_HANDLE +pk11_get_private_rsa_key(RSA* rsa, PK11_SESSION *sp) + { + CK_RV rv; + CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE; + int i; + CK_ULONG found; + CK_OBJECT_CLASS o_key = CKO_PRIVATE_KEY; + CK_KEY_TYPE k_type = CKK_RSA; + CK_ULONG ul_key_attr_count = 14; + CK_BBOOL rollback = CK_FALSE; + + /* + * Both CKA_TOKEN and CKA_SENSITIVE have to be CK_FALSE for session keys + */ + CK_ATTRIBUTE a_key_template[] = + { + {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)}, + {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)}, + {CKA_TOKEN, &pk11_false, sizeof (pk11_false)}, + {CKA_SENSITIVE, &pk11_false, sizeof (pk11_false)}, + {CKA_DECRYPT, &pk11_true, sizeof (pk11_true)}, + {CKA_SIGN, &pk11_true, sizeof (pk11_true)}, + {CKA_MODULUS, (void *)NULL, 0}, + {CKA_PUBLIC_EXPONENT, (void *)NULL, 0}, + {CKA_PRIVATE_EXPONENT, (void *)NULL, 0}, + {CKA_PRIME_1, (void *)NULL, 0}, + {CKA_PRIME_2, (void *)NULL, 0}, + {CKA_EXPONENT_1, (void *)NULL, 0}, + {CKA_EXPONENT_2, (void *)NULL, 0}, + {CKA_COEFFICIENT, (void *)NULL, 0}, + }; + + a_key_template[0].pValue = &o_key; + a_key_template[1].pValue = &k_type; + + /* Put the private key components into the template */ + if (init_template_value(rsa->n, &a_key_template[6].pValue, + &a_key_template[6].ulValueLen) == 0 || + init_template_value(rsa->e, &a_key_template[7].pValue, + &a_key_template[7].ulValueLen) == 0 || + init_template_value(rsa->d, &a_key_template[8].pValue, + &a_key_template[8].ulValueLen) == 0 || + init_template_value(rsa->p, &a_key_template[9].pValue, + &a_key_template[9].ulValueLen) == 0 || + init_template_value(rsa->q, &a_key_template[10].pValue, + &a_key_template[10].ulValueLen) == 0 || + init_template_value(rsa->dmp1, &a_key_template[11].pValue, + &a_key_template[11].ulValueLen) == 0 || + init_template_value(rsa->dmq1, &a_key_template[12].pValue, + &a_key_template[12].ulValueLen) == 0 || + init_template_value(rsa->iqmp, &a_key_template[13].pValue, + &a_key_template[13].ulValueLen) == 0) + { + PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE); + goto malloc_err; + } + + /* see find_lock array definition for more info on object locking */ + LOCK_OBJSTORE(OP_RSA); + + /* + * We are getting the private key but the private 'd' component is NULL. + * That means this is key by reference RSA key. In that case, we can + * use only public components for searching for the private key handle. + */ + if (rsa->d == NULL) + { + ul_key_attr_count = 8; + /* + * We will perform the search in the token, not in the existing + * session keys. + */ + a_key_template[2].pValue = &pk11_true; + } + + rv = pFuncList->C_FindObjectsInit(sp->session, a_key_template, + ul_key_attr_count); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY, + PK11_R_FINDOBJECTSINIT, rv); + goto err; + } + + rv = pFuncList->C_FindObjects(sp->session, &h_key, 1, &found); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY, + PK11_R_FINDOBJECTS, rv); + goto err; + } + + rv = pFuncList->C_FindObjectsFinal(sp->session); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY, + PK11_R_FINDOBJECTSFINAL, rv); + goto err; + } + + if (found == 0) + { + /* + * We have an RSA structure with 'n'/'e' components only so we + * tried to find the private key in the keystore. If it was + * really a token key we have a problem. Note that for other key + * types we just create a new session key using the private + * components from the RSA structure. + */ + if (rsa->d == NULL) + { + PK11err(PK11_F_GET_PRIV_RSA_KEY, + PK11_R_PRIV_KEY_NOT_FOUND); + goto err; + } + + rv = pFuncList->C_CreateObject(sp->session, + a_key_template, ul_key_attr_count, &h_key); + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_GET_PRIV_RSA_KEY, + PK11_R_CREATEOBJECT, rv); + goto err; + } + } + + /* + * When RSA keys by reference code is used, we never extract private + * components from the keystore. In that case 'd' was set to NULL and we + * expect the application to properly cope with that. It is documented + * in openssl(5). In general, if keys by reference are used we expect it + * to be used exclusively using the high level API and then there is no + * problem. If the application expects the private components to be read + * from the keystore then that is not a supported way of usage. + */ + if (rsa->d != NULL) + { + if ((sp->opdata_rsa_d_num = BN_dup(rsa->d)) == NULL) + { + PK11err(PK11_F_GET_PRIV_RSA_KEY, PK11_R_MALLOC_FAILURE); + rollback = CK_TRUE; + goto err; + } + } + else + sp->opdata_rsa_d_num = NULL; + + /* + * For the key by reference code, we need public components as well + * since 'd' component is always NULL. For that reason, we always cache + * 'n'/'e' components as well. + */ + if ((sp->opdata_rsa_n_num = BN_dup(rsa->n)) == NULL) + { + PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE); + sp->opdata_rsa_n_num = NULL; + rollback = CK_TRUE; + goto err; + } + if ((sp->opdata_rsa_e_num = BN_dup(rsa->e)) == NULL) + { + PK11err(PK11_F_GET_PUB_RSA_KEY, PK11_R_MALLOC_FAILURE); + BN_free(sp->opdata_rsa_n_num); + sp->opdata_rsa_n_num = NULL; + rollback = CK_TRUE; + goto err; + } + + /* LINTED: E_CONSTANT_CONDITION */ + KEY_HANDLE_REFHOLD(h_key, OP_RSA, CK_FALSE, rollback, err); + sp->opdata_rsa_priv = rsa; + +err: + if (rollback) + { + /* + * We do not care about the return value from C_DestroyObject() + * since we are doing rollback. + */ + if (found == 0) + (void) pFuncList->C_DestroyObject(sp->session, h_key); + h_key = CK_INVALID_HANDLE; + } + + UNLOCK_OBJSTORE(OP_RSA); + +malloc_err: + /* + * 6 to 13 entries in the key template are key components. + * They need to be freed upon exit or error. + */ + for (i = 6; i <= 13; i++) + { + if (a_key_template[i].pValue != NULL) + { + (void) memset(a_key_template[i].pValue, 0, + a_key_template[i].ulValueLen); + OPENSSL_free(a_key_template[i].pValue); + a_key_template[i].pValue = NULL; + } + } + + return (h_key); + } + +/* + * Check for cache miss. Objects are cleaned only if we have a full cache miss, + * meaning that it's a different RSA key pair. Return 1 for cache hit, 0 for + * cache miss. + */ +static int +pk11_check_new_rsa_key_pub(PK11_SESSION *sp, const RSA *rsa) + { + /* + * Provide protection against RSA structure reuse by making the + * check for cache hit stronger. Only public components of RSA + * key matter here so it is sufficient to compare them with values + * cached in PK11_SESSION structure. + * + * We must check the handle as well since with key by reference, public + * components 'n'/'e' are cached in private keys as well. That means we + * could have a cache hit in a private key when looking for a public + * key. That would not work, you cannot have one PKCS#11 object for + * both data signing and verifying. + */ + if (sp->opdata_rsa_pub == rsa && + BN_cmp(sp->opdata_rsa_n_num, rsa->n) == 0 && + BN_cmp(sp->opdata_rsa_e_num, rsa->e) == 0) + { + if (sp->opdata_rsa_pub_key != CK_INVALID_HANDLE) + return (1); + else + /* + * No public key object yet but we have the right RSA + * structure with potentially existing private key + * object. We can just create a public object and move + * on with this session structure. + */ + return (0); + } + + /* + * A different RSA key pair was using this session structure previously + * or it's an empty structure. Destroy what we can. + */ + (void) pk11_destroy_rsa_object_pub(sp, CK_TRUE); + (void) pk11_destroy_rsa_object_priv(sp, CK_TRUE); + return (0); + } + +/* + * Check for cache miss. Objects are cleaned only if we have a full cache miss, + * meaning that it's a different RSA key pair. Return 1 for cache hit, 0 for + * cache miss. + */ +static int +pk11_check_new_rsa_key_priv(PK11_SESSION *sp, const RSA *rsa) + { + /* + * Provide protection against RSA structure reuse by making the + * check for cache hit stronger. Comparing public exponent of RSA + * key with value cached in PK11_SESSION structure should + * be sufficient. Note that we want to compare the public component + * since with the keys by reference mechanism, private components are + * not in the RSA structure. Also, see pk11_check_new_rsa_key_pub() + * about why we compare the handle as well. + */ + if (sp->opdata_rsa_priv == rsa && + BN_cmp(sp->opdata_rsa_n_num, rsa->n) == 0 && + BN_cmp(sp->opdata_rsa_e_num, rsa->e) == 0) + { + if (sp->opdata_rsa_priv_key != CK_INVALID_HANDLE) + return (1); + else + /* + * No private key object yet but we have the right RSA + * structure with potentially existing public key + * object. We can just create a private object and move + * on with this session structure. + */ + return (0); + } + + /* + * A different RSA key pair was using this session structure previously + * or it's an empty structure. Destroy what we can. + */ + (void) pk11_destroy_rsa_object_priv(sp, CK_TRUE); + (void) pk11_destroy_rsa_object_pub(sp, CK_TRUE); + return (0); + } +#endif + +#ifndef OPENSSL_NO_DSA +/* The DSA function implementation */ +/* ARGSUSED */ +static int pk11_DSA_init(DSA *dsa) + { + return (1); + } + +/* ARGSUSED */ +static int pk11_DSA_finish(DSA *dsa) + { + return (1); + } + + +static DSA_SIG * +pk11_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) + { + BIGNUM *r = NULL, *s = NULL; + int i; + DSA_SIG *dsa_sig = NULL; + + CK_RV rv; + CK_MECHANISM Mechanism_dsa = {CKM_DSA, NULL, 0}; + CK_MECHANISM *p_mech = &Mechanism_dsa; + CK_OBJECT_HANDLE h_priv_key; + + /* + * The signature is the concatenation of r and s, + * each is 20 bytes long + */ + unsigned char sigret[DSA_SIGNATURE_LEN]; + unsigned long siglen = DSA_SIGNATURE_LEN; + unsigned int siglen2 = DSA_SIGNATURE_LEN / 2; + + PK11_SESSION *sp = NULL; + + if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL)) + { + PK11err(PK11_F_DSA_SIGN, PK11_R_MISSING_KEY_COMPONENT); + goto ret; + } + + i = BN_num_bytes(dsa->q); /* should be 20 */ + if (dlen > i) + { + PK11err(PK11_F_DSA_SIGN, PK11_R_INVALID_SIGNATURE_LENGTH); + goto ret; + } + + if ((sp = pk11_get_session(OP_DSA)) == NULL) + goto ret; + + (void) check_new_dsa_key_priv(sp, dsa); + + h_priv_key = sp->opdata_dsa_priv_key; + if (h_priv_key == CK_INVALID_HANDLE) + h_priv_key = sp->opdata_dsa_priv_key = + pk11_get_private_dsa_key((DSA *)dsa, + &sp->opdata_dsa_priv, + &sp->opdata_dsa_priv_num, sp->session); + + if (h_priv_key != CK_INVALID_HANDLE) + { + rv = pFuncList->C_SignInit(sp->session, p_mech, h_priv_key); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_DSA_SIGN, PK11_R_SIGNINIT, rv); + goto ret; + } + + (void) memset(sigret, 0, siglen); + rv = pFuncList->C_Sign(sp->session, + (unsigned char *) dgst, dlen, sigret, + (CK_ULONG_PTR) &siglen); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_DSA_SIGN, PK11_R_SIGN, rv); + goto ret; + } + } + + + if ((s = BN_new()) == NULL) + { + PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE); + goto ret; + } + + if ((r = BN_new()) == NULL) + { + PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE); + goto ret; + } + + if ((dsa_sig = DSA_SIG_new()) == NULL) + { + PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE); + goto ret; + } + + if (BN_bin2bn(sigret, siglen2, r) == NULL || + BN_bin2bn(&sigret[siglen2], siglen2, s) == NULL) + { + PK11err(PK11_F_DSA_SIGN, PK11_R_MALLOC_FAILURE); + goto ret; + } + + dsa_sig->r = r; + dsa_sig->s = s; + +ret: + if (dsa_sig == NULL) + { + if (r != NULL) + BN_free(r); + if (s != NULL) + BN_free(s); + } + + pk11_return_session(sp, OP_DSA); + return (dsa_sig); + } + +static int +pk11_dsa_do_verify(const unsigned char *dgst, int dlen, DSA_SIG *sig, + DSA *dsa) + { + int i; + CK_RV rv; + int retval = 0; + CK_MECHANISM Mechanism_dsa = {CKM_DSA, NULL, 0}; + CK_MECHANISM *p_mech = &Mechanism_dsa; + CK_OBJECT_HANDLE h_pub_key; + + unsigned char sigbuf[DSA_SIGNATURE_LEN]; + unsigned long siglen = DSA_SIGNATURE_LEN; + unsigned long siglen2 = DSA_SIGNATURE_LEN/2; + + PK11_SESSION *sp = NULL; + + if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0) + { + PK11err(PK11_F_DSA_VERIFY, + PK11_R_INVALID_DSA_SIGNATURE_R); + goto ret; + } + + if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0) + { + PK11err(PK11_F_DSA_VERIFY, + PK11_R_INVALID_DSA_SIGNATURE_S); + goto ret; + } + + i = BN_num_bytes(dsa->q); /* should be 20 */ + + if (dlen > i) + { + PK11err(PK11_F_DSA_VERIFY, + PK11_R_INVALID_SIGNATURE_LENGTH); + goto ret; + } + + if ((sp = pk11_get_session(OP_DSA)) == NULL) + goto ret; + + (void) check_new_dsa_key_pub(sp, dsa); + + h_pub_key = sp->opdata_dsa_pub_key; + if (h_pub_key == CK_INVALID_HANDLE) + h_pub_key = sp->opdata_dsa_pub_key = + pk11_get_public_dsa_key((DSA *)dsa, &sp->opdata_dsa_pub, + &sp->opdata_dsa_pub_num, sp->session); + + if (h_pub_key != CK_INVALID_HANDLE) + { + rv = pFuncList->C_VerifyInit(sp->session, p_mech, + h_pub_key); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_DSA_VERIFY, PK11_R_VERIFYINIT, + rv); + goto ret; + } + + /* + * The representation of each of the two big numbers could + * be shorter than DSA_SIGNATURE_LEN/2 bytes so we need + * to act accordingly and shift if necessary. + */ + (void) memset(sigbuf, 0, siglen); + BN_bn2bin(sig->r, sigbuf + siglen2 - BN_num_bytes(sig->r)); + BN_bn2bin(sig->s, &sigbuf[siglen2] + siglen2 - + BN_num_bytes(sig->s)); + + rv = pFuncList->C_Verify(sp->session, + (unsigned char *) dgst, dlen, sigbuf, (CK_ULONG)siglen); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_DSA_VERIFY, PK11_R_VERIFY, rv); + goto ret; + } + } + + retval = 1; +ret: + + pk11_return_session(sp, OP_DSA); + return (retval); + } + + +/* + * Create a public key object in a session from a given dsa structure. + * The *dsa_pub_num pointer is non-NULL for DSA public keys. + */ +static CK_OBJECT_HANDLE pk11_get_public_dsa_key(DSA* dsa, + DSA **key_ptr, BIGNUM **dsa_pub_num, CK_SESSION_HANDLE session) + { + CK_RV rv; + CK_OBJECT_CLASS o_key = CKO_PUBLIC_KEY; + CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE; + CK_ULONG found; + CK_KEY_TYPE k_type = CKK_DSA; + CK_ULONG ul_key_attr_count = 8; + CK_BBOOL rollback = CK_FALSE; + int i; + + CK_ATTRIBUTE a_key_template[] = + { + {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)}, + {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)}, + {CKA_TOKEN, &pk11_false, sizeof (pk11_false)}, + {CKA_VERIFY, &pk11_true, sizeof (pk11_true)}, + {CKA_PRIME, (void *)NULL, 0}, /* p */ + {CKA_SUBPRIME, (void *)NULL, 0}, /* q */ + {CKA_BASE, (void *)NULL, 0}, /* g */ + {CKA_VALUE, (void *)NULL, 0} /* pub_key - y */ + }; + + a_key_template[0].pValue = &o_key; + a_key_template[1].pValue = &k_type; + + if (init_template_value(dsa->p, &a_key_template[4].pValue, + &a_key_template[4].ulValueLen) == 0 || + init_template_value(dsa->q, &a_key_template[5].pValue, + &a_key_template[5].ulValueLen) == 0 || + init_template_value(dsa->g, &a_key_template[6].pValue, + &a_key_template[6].ulValueLen) == 0 || + init_template_value(dsa->pub_key, &a_key_template[7].pValue, + &a_key_template[7].ulValueLen) == 0) + { + PK11err(PK11_F_GET_PUB_DSA_KEY, PK11_R_MALLOC_FAILURE); + goto malloc_err; + } + + /* see find_lock array definition for more info on object locking */ + LOCK_OBJSTORE(OP_DSA); + rv = pFuncList->C_FindObjectsInit(session, a_key_template, + ul_key_attr_count); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_GET_PUB_DSA_KEY, + PK11_R_FINDOBJECTSINIT, rv); + goto err; + } + + rv = pFuncList->C_FindObjects(session, &h_key, 1, &found); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_GET_PUB_DSA_KEY, + PK11_R_FINDOBJECTS, rv); + goto err; + } + + rv = pFuncList->C_FindObjectsFinal(session); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_GET_PUB_DSA_KEY, + PK11_R_FINDOBJECTSFINAL, rv); + goto err; + } + + if (found == 0) + { + rv = pFuncList->C_CreateObject(session, + a_key_template, ul_key_attr_count, &h_key); + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_GET_PUB_DSA_KEY, + PK11_R_CREATEOBJECT, rv); + goto err; + } + } + + if (dsa_pub_num != NULL) + if ((*dsa_pub_num = BN_dup(dsa->pub_key)) == NULL) + { + PK11err(PK11_F_GET_PUB_DSA_KEY, PK11_R_MALLOC_FAILURE); + rollback = CK_TRUE; + goto err; + } + + /* LINTED: E_CONSTANT_CONDITION */ + KEY_HANDLE_REFHOLD(h_key, OP_DSA, CK_FALSE, rollback, err); + if (key_ptr != NULL) + *key_ptr = dsa; + +err: + if (rollback) + { + /* + * We do not care about the return value from C_DestroyObject() + * since we are doing rollback. + */ + if (found == 0) + (void) pFuncList->C_DestroyObject(session, h_key); + h_key = CK_INVALID_HANDLE; + } + + UNLOCK_OBJSTORE(OP_DSA); + +malloc_err: + for (i = 4; i <= 7; i++) + { + if (a_key_template[i].pValue != NULL) + { + OPENSSL_free(a_key_template[i].pValue); + a_key_template[i].pValue = NULL; + } + } + + return (h_key); + } + +/* + * Create a private key object in the session from a given dsa structure + * The *dsa_priv_num pointer is non-NULL for DSA private keys. + */ +static CK_OBJECT_HANDLE pk11_get_private_dsa_key(DSA* dsa, + DSA **key_ptr, BIGNUM **dsa_priv_num, CK_SESSION_HANDLE session) + { + CK_RV rv; + CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE; + CK_OBJECT_CLASS o_key = CKO_PRIVATE_KEY; + int i; + CK_ULONG found; + CK_KEY_TYPE k_type = CKK_DSA; + CK_ULONG ul_key_attr_count = 9; + CK_BBOOL rollback = CK_FALSE; + + /* + * Both CKA_TOKEN and CKA_SENSITIVE have to be CK_FALSE for session keys + */ + CK_ATTRIBUTE a_key_template[] = + { + {CKA_CLASS, (void *) NULL, sizeof (CK_OBJECT_CLASS)}, + {CKA_KEY_TYPE, (void *) NULL, sizeof (CK_KEY_TYPE)}, + {CKA_TOKEN, &pk11_false, sizeof (pk11_false)}, + {CKA_SENSITIVE, &pk11_false, sizeof (pk11_false)}, + {CKA_SIGN, &pk11_true, sizeof (pk11_true)}, + {CKA_PRIME, (void *)NULL, 0}, /* p */ + {CKA_SUBPRIME, (void *)NULL, 0}, /* q */ + {CKA_BASE, (void *)NULL, 0}, /* g */ + {CKA_VALUE, (void *)NULL, 0} /* priv_key - x */ + }; + + a_key_template[0].pValue = &o_key; + a_key_template[1].pValue = &k_type; + + /* Put the private key components into the template */ + if (init_template_value(dsa->p, &a_key_template[5].pValue, + &a_key_template[5].ulValueLen) == 0 || + init_template_value(dsa->q, &a_key_template[6].pValue, + &a_key_template[6].ulValueLen) == 0 || + init_template_value(dsa->g, &a_key_template[7].pValue, + &a_key_template[7].ulValueLen) == 0 || + init_template_value(dsa->priv_key, &a_key_template[8].pValue, + &a_key_template[8].ulValueLen) == 0) + { + PK11err(PK11_F_GET_PRIV_DSA_KEY, PK11_R_MALLOC_FAILURE); + goto malloc_err; + } + + /* see find_lock array definition for more info on object locking */ + LOCK_OBJSTORE(OP_DSA); + rv = pFuncList->C_FindObjectsInit(session, a_key_template, + ul_key_attr_count); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY, + PK11_R_FINDOBJECTSINIT, rv); + goto err; + } + + rv = pFuncList->C_FindObjects(session, &h_key, 1, &found); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY, + PK11_R_FINDOBJECTS, rv); + goto err; + } + + rv = pFuncList->C_FindObjectsFinal(session); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY, + PK11_R_FINDOBJECTSFINAL, rv); + goto err; + } + + if (found == 0) + { + rv = pFuncList->C_CreateObject(session, + a_key_template, ul_key_attr_count, &h_key); + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_GET_PRIV_DSA_KEY, + PK11_R_CREATEOBJECT, rv); + goto err; + } + } + + if (dsa_priv_num != NULL) + if ((*dsa_priv_num = BN_dup(dsa->priv_key)) == NULL) + { + PK11err(PK11_F_GET_PRIV_DSA_KEY, PK11_R_MALLOC_FAILURE); + rollback = CK_TRUE; + goto err; + } + + /* LINTED: E_CONSTANT_CONDITION */ + KEY_HANDLE_REFHOLD(h_key, OP_DSA, CK_FALSE, rollback, err); + if (key_ptr != NULL) + *key_ptr = dsa; + +err: + if (rollback) + { + /* + * We do not care about the return value from C_DestroyObject() + * since we are doing rollback. + */ + if (found == 0) + (void) pFuncList->C_DestroyObject(session, h_key); + h_key = CK_INVALID_HANDLE; + } + + UNLOCK_OBJSTORE(OP_DSA); + +malloc_err: + /* + * 5 to 8 entries in the key template are key components. + * They need to be freed apon exit or error. + */ + for (i = 5; i <= 8; i++) + { + if (a_key_template[i].pValue != NULL) + { + (void) memset(a_key_template[i].pValue, 0, + a_key_template[i].ulValueLen); + OPENSSL_free(a_key_template[i].pValue); + a_key_template[i].pValue = NULL; + } + } + + return (h_key); + } + +/* + * Check for cache miss and clean the object pointer and handle + * in such case. Return 1 for cache hit, 0 for cache miss. + */ +static int check_new_dsa_key_pub(PK11_SESSION *sp, DSA *dsa) + { + /* + * Provide protection against DSA structure reuse by making the + * check for cache hit stronger. Only public key component of DSA + * key matters here so it is sufficient to compare it with value + * cached in PK11_SESSION structure. + */ + if ((sp->opdata_dsa_pub != dsa) || + (BN_cmp(sp->opdata_dsa_pub_num, dsa->pub_key) != 0)) + { + /* + * We do not check the return value because even in case of + * failure the sp structure will have both key pointer + * and object handle cleaned and pk11_destroy_object() + * reports the failure to the OpenSSL error message buffer. + */ + (void) pk11_destroy_dsa_object_pub(sp, CK_TRUE); + return (0); + } + return (1); + } + +/* + * Check for cache miss and clean the object pointer and handle + * in such case. Return 1 for cache hit, 0 for cache miss. + */ +static int check_new_dsa_key_priv(PK11_SESSION *sp, DSA *dsa) + { + /* + * Provide protection against DSA structure reuse by making the + * check for cache hit stronger. Only private key component of DSA + * key matters here so it is sufficient to compare it with value + * cached in PK11_SESSION structure. + */ + if ((sp->opdata_dsa_priv != dsa) || + (BN_cmp(sp->opdata_dsa_priv_num, dsa->priv_key) != 0)) + { + /* + * We do not check the return value because even in case of + * failure the sp structure will have both key pointer + * and object handle cleaned and pk11_destroy_object() + * reports the failure to the OpenSSL error message buffer. + */ + (void) pk11_destroy_dsa_object_priv(sp, CK_TRUE); + return (0); + } + return (1); + } +#endif + + +#ifndef OPENSSL_NO_DH +/* The DH function implementation */ +/* ARGSUSED */ +static int pk11_DH_init(DH *dh) + { + return (1); + } + +/* ARGSUSED */ +static int pk11_DH_finish(DH *dh) + { + return (1); + } + +/* + * Generate DH key-pair. + * + * Warning: Unlike OpenSSL's DH_generate_key(3) we ignore dh->priv_key + * and override it even if it is set. OpenSSL does not touch dh->priv_key + * if set and just computes dh->pub_key. It looks like PKCS#11 standard + * is not capable of providing this functionality. This could be a problem + * for applications relying on OpenSSL's semantics. + */ +static int pk11_DH_generate_key(DH *dh) + { + CK_ULONG i; + CK_RV rv, rv1; + int reuse_mem_len = 0, ret = 0; + PK11_SESSION *sp = NULL; + CK_BYTE_PTR reuse_mem; + + CK_MECHANISM mechanism = {CKM_DH_PKCS_KEY_PAIR_GEN, NULL_PTR, 0}; + CK_OBJECT_HANDLE h_pub_key = CK_INVALID_HANDLE; + CK_OBJECT_HANDLE h_priv_key = CK_INVALID_HANDLE; + + CK_ULONG ul_pub_key_attr_count = 3; + CK_ATTRIBUTE pub_key_template[] = + { + {CKA_PRIVATE, &pk11_false, sizeof (pk11_false)}, + {CKA_PRIME, (void *)NULL, 0}, + {CKA_BASE, (void *)NULL, 0} + }; + + CK_ULONG ul_priv_key_attr_count = 3; + CK_ATTRIBUTE priv_key_template[] = + { + {CKA_PRIVATE, &pk11_false, sizeof (pk11_false)}, + {CKA_SENSITIVE, &pk11_false, sizeof (pk11_false)}, + {CKA_DERIVE, &pk11_true, sizeof (pk11_true)} + }; + + CK_ULONG pub_key_attr_result_count = 1; + CK_ATTRIBUTE pub_key_result[] = + { + {CKA_VALUE, (void *)NULL, 0} + }; + + CK_ULONG priv_key_attr_result_count = 1; + CK_ATTRIBUTE priv_key_result[] = + { + {CKA_VALUE, (void *)NULL, 0} + }; + + pub_key_template[1].ulValueLen = BN_num_bytes(dh->p); + if (pub_key_template[1].ulValueLen > 0) + { + /* + * We must not increase ulValueLen by DH_BUF_RESERVE since that + * could cause the same rounding problem. See definition of + * DH_BUF_RESERVE above. + */ + pub_key_template[1].pValue = + OPENSSL_malloc(pub_key_template[1].ulValueLen + + DH_BUF_RESERVE); + if (pub_key_template[1].pValue == NULL) + { + PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE); + goto err; + } + + i = BN_bn2bin(dh->p, pub_key_template[1].pValue); + } + else + goto err; + + pub_key_template[2].ulValueLen = BN_num_bytes(dh->g); + if (pub_key_template[2].ulValueLen > 0) + { + pub_key_template[2].pValue = + OPENSSL_malloc(pub_key_template[2].ulValueLen + + DH_BUF_RESERVE); + if (pub_key_template[2].pValue == NULL) + { + PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE); + goto err; + } + + i = BN_bn2bin(dh->g, pub_key_template[2].pValue); + } + else + goto err; + + /* + * Note: we are only using PK11_SESSION structure for getting + * a session handle. The objects created in this function are + * destroyed before return and thus not cached. + */ + if ((sp = pk11_get_session(OP_DH)) == NULL) + goto err; + + rv = pFuncList->C_GenerateKeyPair(sp->session, + &mechanism, + pub_key_template, + ul_pub_key_attr_count, + priv_key_template, + ul_priv_key_attr_count, + &h_pub_key, + &h_priv_key); + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_DH_GEN_KEY, PK11_R_GEN_KEY, rv); + goto err; + } + + /* + * Reuse the larger memory allocated. We know the larger memory + * should be sufficient for reuse. + */ + if (pub_key_template[1].ulValueLen > pub_key_template[2].ulValueLen) + { + reuse_mem = pub_key_template[1].pValue; + reuse_mem_len = pub_key_template[1].ulValueLen + DH_BUF_RESERVE; + } + else + { + reuse_mem = pub_key_template[2].pValue; + reuse_mem_len = pub_key_template[2].ulValueLen + DH_BUF_RESERVE; + } + + rv = pFuncList->C_GetAttributeValue(sp->session, h_pub_key, + pub_key_result, pub_key_attr_result_count); + rv1 = pFuncList->C_GetAttributeValue(sp->session, h_priv_key, + priv_key_result, priv_key_attr_result_count); + + if (rv != CKR_OK || rv1 != CKR_OK) + { + rv = (rv != CKR_OK) ? rv : rv1; + PK11err_add_data(PK11_F_DH_GEN_KEY, + PK11_R_GETATTRIBUTVALUE, rv); + goto err; + } + + if (((CK_LONG) pub_key_result[0].ulValueLen) <= 0 || + ((CK_LONG) priv_key_result[0].ulValueLen) <= 0) + { + PK11err(PK11_F_DH_GEN_KEY, PK11_R_GETATTRIBUTVALUE); + goto err; + } + + /* Reuse the memory allocated */ + pub_key_result[0].pValue = reuse_mem; + pub_key_result[0].ulValueLen = reuse_mem_len; + + rv = pFuncList->C_GetAttributeValue(sp->session, h_pub_key, + pub_key_result, pub_key_attr_result_count); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_DH_GEN_KEY, + PK11_R_GETATTRIBUTVALUE, rv); + goto err; + } + + if (pub_key_result[0].type == CKA_VALUE) + { + if (dh->pub_key == NULL) + if ((dh->pub_key = BN_new()) == NULL) + { + PK11err(PK11_F_DH_GEN_KEY, + PK11_R_MALLOC_FAILURE); + goto err; + } + dh->pub_key = BN_bin2bn(pub_key_result[0].pValue, + pub_key_result[0].ulValueLen, dh->pub_key); + if (dh->pub_key == NULL) + { + PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE); + goto err; + } + } + + /* Reuse the memory allocated */ + priv_key_result[0].pValue = reuse_mem; + priv_key_result[0].ulValueLen = reuse_mem_len; + + rv = pFuncList->C_GetAttributeValue(sp->session, h_priv_key, + priv_key_result, priv_key_attr_result_count); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_DH_GEN_KEY, + PK11_R_GETATTRIBUTVALUE, rv); + goto err; + } + + if (priv_key_result[0].type == CKA_VALUE) + { + if (dh->priv_key == NULL) + if ((dh->priv_key = BN_new()) == NULL) + { + PK11err(PK11_F_DH_GEN_KEY, + PK11_R_MALLOC_FAILURE); + goto err; + } + dh->priv_key = BN_bin2bn(priv_key_result[0].pValue, + priv_key_result[0].ulValueLen, dh->priv_key); + if (dh->priv_key == NULL) + { + PK11err(PK11_F_DH_GEN_KEY, PK11_R_MALLOC_FAILURE); + goto err; + } + } + + ret = 1; + +err: + + if (h_pub_key != CK_INVALID_HANDLE) + { + rv = pFuncList->C_DestroyObject(sp->session, h_pub_key); + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_DH_GEN_KEY, + PK11_R_DESTROYOBJECT, rv); + } + } + + if (h_priv_key != CK_INVALID_HANDLE) + { + rv = pFuncList->C_DestroyObject(sp->session, h_priv_key); + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_DH_GEN_KEY, + PK11_R_DESTROYOBJECT, rv); + } + } + + for (i = 1; i <= 2; i++) + { + if (pub_key_template[i].pValue != NULL) + { + OPENSSL_free(pub_key_template[i].pValue); + pub_key_template[i].pValue = NULL; + } + } + + pk11_return_session(sp, OP_DH); + return (ret); + } + +static int pk11_DH_compute_key(unsigned char *key, const BIGNUM *pub_key, + DH *dh) + { + int i; + CK_MECHANISM mechanism = {CKM_DH_PKCS_DERIVE, NULL_PTR, 0}; + CK_OBJECT_CLASS key_class = CKO_SECRET_KEY; + CK_KEY_TYPE key_type = CKK_GENERIC_SECRET; + CK_OBJECT_HANDLE h_derived_key = CK_INVALID_HANDLE; + CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE; + + CK_ULONG ul_priv_key_attr_count = 2; + CK_ATTRIBUTE priv_key_template[] = + { + {CKA_CLASS, (void*) NULL, sizeof (key_class)}, + {CKA_KEY_TYPE, (void*) NULL, sizeof (key_type)}, + }; + + CK_ULONG priv_key_attr_result_count = 1; + CK_ATTRIBUTE priv_key_result[] = + { + {CKA_VALUE, (void *)NULL, 0} + }; + + CK_RV rv; + int ret = -1; + PK11_SESSION *sp = NULL; + + if (dh->priv_key == NULL) + goto err; + + priv_key_template[0].pValue = &key_class; + priv_key_template[1].pValue = &key_type; + + if ((sp = pk11_get_session(OP_DH)) == NULL) + goto err; + + mechanism.ulParameterLen = BN_num_bytes(pub_key); + mechanism.pParameter = OPENSSL_malloc(mechanism.ulParameterLen); + if (mechanism.pParameter == NULL) + { + PK11err(PK11_F_DH_COMP_KEY, PK11_R_MALLOC_FAILURE); + goto err; + } + BN_bn2bin(pub_key, mechanism.pParameter); + + (void) check_new_dh_key(sp, dh); + + h_key = sp->opdata_dh_key; + if (h_key == CK_INVALID_HANDLE) + h_key = sp->opdata_dh_key = + pk11_get_dh_key((DH*) dh, &sp->opdata_dh, + &sp->opdata_dh_priv_num, sp->session); + + if (h_key == CK_INVALID_HANDLE) + { + PK11err(PK11_F_DH_COMP_KEY, PK11_R_CREATEOBJECT); + goto err; + } + + rv = pFuncList->C_DeriveKey(sp->session, + &mechanism, + h_key, + priv_key_template, + ul_priv_key_attr_count, + &h_derived_key); + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_DERIVEKEY, rv); + goto err; + } + + rv = pFuncList->C_GetAttributeValue(sp->session, h_derived_key, + priv_key_result, priv_key_attr_result_count); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE, + rv); + goto err; + } + + if (((CK_LONG) priv_key_result[0].ulValueLen) <= 0) + { + PK11err(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE); + goto err; + } + priv_key_result[0].pValue = + OPENSSL_malloc(priv_key_result[0].ulValueLen); + if (!priv_key_result[0].pValue) + { + PK11err(PK11_F_DH_COMP_KEY, PK11_R_MALLOC_FAILURE); + goto err; + } + + rv = pFuncList->C_GetAttributeValue(sp->session, h_derived_key, + priv_key_result, priv_key_attr_result_count); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_DH_COMP_KEY, PK11_R_GETATTRIBUTVALUE, + rv); + goto err; + } + + /* + * OpenSSL allocates the output buffer 'key' which is the same + * length of the public key. It is long enough for the derived key + */ + if (priv_key_result[0].type == CKA_VALUE) + { + /* + * CKM_DH_PKCS_DERIVE mechanism is not supposed to strip + * leading zeros from a computed shared secret. However, + * OpenSSL always did it so we must do the same here. The + * vagueness of the spec regarding leading zero bytes was + * finally cleared with TLS 1.1 (RFC 4346) saying that leading + * zeros are stripped before the computed data is used as the + * pre-master secret. + */ + for (i = 0; i < priv_key_result[0].ulValueLen; ++i) + { + if (((char *)priv_key_result[0].pValue)[i] != 0) + break; + } + + (void) memcpy(key, ((char *)priv_key_result[0].pValue) + i, + priv_key_result[0].ulValueLen - i); + ret = priv_key_result[0].ulValueLen - i; + } + +err: + + if (h_derived_key != CK_INVALID_HANDLE) + { + rv = pFuncList->C_DestroyObject(sp->session, h_derived_key); + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_DH_COMP_KEY, + PK11_R_DESTROYOBJECT, rv); + } + } + if (priv_key_result[0].pValue) + { + OPENSSL_free(priv_key_result[0].pValue); + priv_key_result[0].pValue = NULL; + } + + if (mechanism.pParameter) + { + OPENSSL_free(mechanism.pParameter); + mechanism.pParameter = NULL; + } + + pk11_return_session(sp, OP_DH); + return (ret); + } + + +static CK_OBJECT_HANDLE pk11_get_dh_key(DH* dh, + DH **key_ptr, BIGNUM **dh_priv_num, CK_SESSION_HANDLE session) + { + CK_RV rv; + CK_OBJECT_HANDLE h_key = CK_INVALID_HANDLE; + CK_OBJECT_CLASS class = CKO_PRIVATE_KEY; + CK_KEY_TYPE key_type = CKK_DH; + CK_ULONG found; + CK_BBOOL rollback = CK_FALSE; + int i; + + CK_ULONG ul_key_attr_count = 7; + CK_ATTRIBUTE key_template[] = + { + {CKA_CLASS, (void*) NULL, sizeof (class)}, + {CKA_KEY_TYPE, (void*) NULL, sizeof (key_type)}, + {CKA_DERIVE, &pk11_true, sizeof (pk11_true)}, + {CKA_PRIVATE, &pk11_false, sizeof (pk11_false)}, + {CKA_PRIME, (void *) NULL, 0}, + {CKA_BASE, (void *) NULL, 0}, + {CKA_VALUE, (void *) NULL, 0}, + }; + + key_template[0].pValue = &class; + key_template[1].pValue = &key_type; + + key_template[4].ulValueLen = BN_num_bytes(dh->p); + key_template[4].pValue = (CK_VOID_PTR)OPENSSL_malloc( + (size_t)key_template[4].ulValueLen); + if (key_template[4].pValue == NULL) + { + PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE); + goto malloc_err; + } + + BN_bn2bin(dh->p, key_template[4].pValue); + + key_template[5].ulValueLen = BN_num_bytes(dh->g); + key_template[5].pValue = (CK_VOID_PTR)OPENSSL_malloc( + (size_t)key_template[5].ulValueLen); + if (key_template[5].pValue == NULL) + { + PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE); + goto malloc_err; + } + + BN_bn2bin(dh->g, key_template[5].pValue); + + key_template[6].ulValueLen = BN_num_bytes(dh->priv_key); + key_template[6].pValue = (CK_VOID_PTR)OPENSSL_malloc( + (size_t)key_template[6].ulValueLen); + if (key_template[6].pValue == NULL) + { + PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE); + goto malloc_err; + } + + BN_bn2bin(dh->priv_key, key_template[6].pValue); + + /* see find_lock array definition for more info on object locking */ + LOCK_OBJSTORE(OP_DH); + rv = pFuncList->C_FindObjectsInit(session, key_template, + ul_key_attr_count); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTSINIT, rv); + goto err; + } + + rv = pFuncList->C_FindObjects(session, &h_key, 1, &found); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTS, rv); + goto err; + } + + rv = pFuncList->C_FindObjectsFinal(session); + + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_FINDOBJECTSFINAL, + rv); + goto err; + } + + if (found == 0) + { + rv = pFuncList->C_CreateObject(session, + key_template, ul_key_attr_count, &h_key); + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_GET_DH_KEY, PK11_R_CREATEOBJECT, + rv); + goto err; + } + } + + if (dh_priv_num != NULL) + if ((*dh_priv_num = BN_dup(dh->priv_key)) == NULL) + { + PK11err(PK11_F_GET_DH_KEY, PK11_R_MALLOC_FAILURE); + rollback = CK_TRUE; + goto err; + } + + /* LINTED: E_CONSTANT_CONDITION */ + KEY_HANDLE_REFHOLD(h_key, OP_DH, CK_FALSE, rollback, err); + if (key_ptr != NULL) + *key_ptr = dh; + +err: + if (rollback) + { + /* + * We do not care about the return value from C_DestroyObject() + * since we are doing rollback. + */ + if (found == 0) + (void) pFuncList->C_DestroyObject(session, h_key); + h_key = CK_INVALID_HANDLE; + } + + UNLOCK_OBJSTORE(OP_DH); + +malloc_err: + for (i = 4; i <= 6; i++) + { + if (key_template[i].pValue != NULL) + { + OPENSSL_free(key_template[i].pValue); + key_template[i].pValue = NULL; + } + } + + return (h_key); + } + +/* + * Check for cache miss and clean the object pointer and handle + * in such case. Return 1 for cache hit, 0 for cache miss. + * + * Note: we rely on pk11_destroy_dh_key_objects() to set sp->opdata_dh + * to CK_INVALID_HANDLE even when it fails to destroy the object. + */ +static int check_new_dh_key(PK11_SESSION *sp, DH *dh) + { + /* + * Provide protection against DH structure reuse by making the + * check for cache hit stronger. Private key component of DH key + * is unique so it is sufficient to compare it with value cached + * in PK11_SESSION structure. + */ + if ((sp->opdata_dh != dh) || + (BN_cmp(sp->opdata_dh_priv_num, dh->priv_key) != 0)) + { + /* + * We do not check the return value because even in case of + * failure the sp structure will have both key pointer + * and object handle cleaned and pk11_destroy_object() + * reports the failure to the OpenSSL error message buffer. + */ + (void) pk11_destroy_dh_object(sp, CK_TRUE); + return (0); + } + return (1); + } +#endif + +/* + * Local function to simplify key template population + * Return 0 -- error, 1 -- no error + */ +static int +init_template_value(BIGNUM *bn, CK_VOID_PTR *p_value, + CK_ULONG *ul_value_len) + { + CK_ULONG len; + + /* + * This function can be used on non-initialized BIGNUMs. It is easier to + * check that here than individually in the callers. + */ + if (bn != NULL) + len = BN_num_bytes(bn); + + if (bn == NULL || len == 0) + return (1); + + *ul_value_len = len; + *p_value = (CK_VOID_PTR)OPENSSL_malloc((size_t)*ul_value_len); + if (*p_value == NULL) + return (0); + + BN_bn2bin(bn, *p_value); + + return (1); + } + +static void +attr_to_BN(CK_ATTRIBUTE_PTR attr, CK_BYTE attr_data[], BIGNUM **bn) + { + if (attr->ulValueLen > 0) + *bn = BN_bin2bn(attr_data, attr->ulValueLen, NULL); + } + +/* + * Find one object in the token. It is an error if we can not find the object or + * if we find more objects based on the template we got. + * + * Returns: + * 1 OK + * 0 no object or more than 1 object found + */ +static int +find_one_object(PK11_OPTYPE op, CK_SESSION_HANDLE s, + CK_ATTRIBUTE_PTR ptempl, CK_ULONG nattr, CK_OBJECT_HANDLE_PTR pkey) + { + CK_RV rv; + CK_ULONG objcnt; + + LOCK_OBJSTORE(op); + if ((rv = pFuncList->C_FindObjectsInit(s, ptempl, nattr)) != CKR_OK) + { + PK11err_add_data(PK11_F_FIND_ONE_OBJECT, + PK11_R_FINDOBJECTSINIT, rv); + goto err; + } + + rv = pFuncList->C_FindObjects(s, pkey, 1, &objcnt); + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_FIND_ONE_OBJECT, PK11_R_FINDOBJECTS, + rv); + goto err; + } + + if (objcnt > 1) + { + PK11err(PK11_F_FIND_ONE_OBJECT, + PK11_R_MORE_THAN_ONE_OBJECT_FOUND); + goto err; + } + else + if (objcnt == 0) + { + PK11err(PK11_F_FIND_ONE_OBJECT, PK11_R_NO_OBJECT_FOUND); + goto err; + } + + (void) pFuncList->C_FindObjectsFinal(s); + UNLOCK_OBJSTORE(op); + return (1); +err: + UNLOCK_OBJSTORE(op); + return (0); + } + +/* + * OpenSSL 1.0.0 introduced ENGINE API for the PKEY EVP functions. Sadly, + * "openssl dgst -dss1 ..." now uses a new function EVP_DigestSignInit() which + * internally needs a PKEY method for DSA even when in the engine. So, to avoid + * a regression when moving from 0.9.8 to 1.0.0, we use an internal OpenSSL + * structure for the DSA PKEY methods to make it work. It is a future project to + * make it work with HW acceleration. + * + * Note that at the time of 1.0.0d release there is no documentation as to how + * the PKEY EVP functions are to be implemented in an engine. There is only one + * engine shipped with 1.0.0d that uses the PKEY EVP methods, the GOST engine. + * It was used as an example when fixing the above mentioned regression problem. + */ +int +pk11_engine_pkey_methods(ENGINE *e, EVP_PKEY_METHOD **pmeth, const int **nids, + int nid) + { + if (pmeth == NULL) + { + *nids = pk11_pkey_meth_nids; + return (1); + } + + switch (nid) + { + case NID_dsa: + *pmeth = (EVP_PKEY_METHOD *)EVP_PKEY_meth_find(nid); + return (1); + } + + /* Error branch. */ + *pmeth = NULL; + return (0); + } + +#endif /* OPENSSL_NO_HW_PK11 */ +#endif /* OPENSSL_NO_HW */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/engines/pkcs11/hw_pk11_uri.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/engines/pkcs11/hw_pk11_uri.c Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,869 @@ +/* + * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. + */ + +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#ifndef OPENSSL_NO_HW +#ifndef OPENSSL_NO_HW_PK11 + +#include +#include +#include "hw_pk11.h" +#include "hw_pk11_uri.h" + +/* + * The keystore used is always from the pubkey slot so we need to know which one + * was selected so that we can get the information needed for the URI + * processing. + */ +extern CK_SLOT_ID pubkey_SLOTID; +extern CK_FUNCTION_LIST_PTR pFuncList; + +/* + * Cached PIN so that child can use it during the re-login. Note that we do not + * cache the PIN by default. + */ +static char *token_pin; + +static int mlock_pin_in_memory(char *pin); +static char *run_askpass(char *dialog); + +/* + * Get the PIN. Either run the command and use its standard output as a PIN to + * fill in the PKCS11 URI structure, or read the PIN from the terminal. Using + * the external command is of higher precedence. The memory for PIN is allocated + * in this function and the PIN is always NULL terminated. The caller must take + * care of freeing the memory used for the PIN. The maximum PIN length accepted + * is PK11_MAX_PIN_LEN. + * + * The function is used also during the re-initialization of the engine after + * the fork. + * + * The function must not be called under the protection of the mutex "uri_lock" + * because the lock is acquired in the prefork function. + * + * Returns: + * 0 in case of troubles (and sets "*pin" to NULL) + * 1 if we got the PIN + */ +#define EXEC_SPEC "exec:" +#define BUILTIN_SPEC "builtin" +int +pk11_get_pin(char *dialog, char **pin) + { + /* Initialize as an error. */ + *pin = NULL; + + if (strcmp(dialog, BUILTIN_SPEC) == 0) + { + /* The getpassphrase() function is not MT safe. */ + (void) pthread_mutex_lock(uri_lock); + /* Note that OpenSSL is not localized at all. */ + *pin = getpassphrase("Enter token PIN: "); + if (*pin == NULL) + { + PK11err(PK11_F_GET_PIN, PK11_R_COULD_NOT_READ_PIN); + (void) pthread_mutex_unlock(uri_lock); + goto err; + } + else + { + char *pw; + + /* + * getpassphrase() uses an internal buffer to hold the + * entered password. Note that it terminates the buffer + * with '\0'. + */ + if ((pw = strdup(*pin)) == NULL) + { + PK11err(PK11_F_GET_PIN, PK11_R_MALLOC_FAILURE); + (void) pthread_mutex_unlock(uri_lock); + goto err; + } + /* Zero the internal buffer to get rid of the PIN. */ + memset(*pin, 0, strlen(*pin)); + *pin = pw; + (void) pthread_mutex_unlock(uri_lock); + } + } + else + { + /* + * This is the "exec:" case. We will get the PIN from the output + * of an external command. + */ + if (strncmp(dialog, EXEC_SPEC, strlen(EXEC_SPEC)) == 0) + { + dialog += strlen(EXEC_SPEC); + if ((*pin = run_askpass(dialog)) == NULL) + goto err; + } + else + { + /* + * Invalid specification in the passphrasedialog + * keyword. + */ + PK11err(PK11_F_GET_PIN, PK11_R_BAD_PASSPHRASE_SPEC); + goto err; + } + } + + return (1); +err: + return (0); + } + +/* + * Process the PKCS#11 URI and get the PIN. It uses information from the + * passphrasedialog keyword to get the PIN. If passphrasedialog is not present + * it is not considered an error since it depends on the token attributes + * whether C_Login() is required. The function expects an allocated 'uri_struct' + * structure. + * + * Returns: + * 0 if URI is not valid at all, or if we could not get the PIN + * 1 if all is OK + * 2 if the URI is not the PKCS#11 URI. In that case, put the string + * pointer to the filename to "*file". Note that the pointer just points + * inside of the "uristr", possibly skipping the file:// prefix if present. + */ +int +pk11_process_pkcs11_uri(const char *uristr, pkcs11_uri *uri_struct, + const char **file) + { + char *uristr2, *l1, *l2, *tok, *name; + + /* Check the "file://" case. */ + if (strncmp(uristr, FILE_URI_PREFIX, strlen(FILE_URI_PREFIX)) == 0) + { + *file = uristr + strlen(FILE_URI_PREFIX); + return (2); + } + + /* This is the "pkcs11:" case. */ + if (strncmp(uristr, PK11_URI_PREFIX, strlen(PK11_URI_PREFIX)) != 0) + { + /* Not PKCS#11 URI at all, could be a filename. */ + *file = (const char *)uristr; + return (2); + } + else + { + /* Dup the string and skip over the pkcs11: prefix then. */ + uristr2 = strdup(uristr + strlen(PK11_URI_PREFIX)); + if (uristr2 == NULL) + { + PK11err(PK11_F_CHECK_TOKEN_ATTRS, + PK11_R_MALLOC_FAILURE); + goto err; + } + } + + /* Initialize the structure. */ + memset(uri_struct, 0, sizeof (*uri_struct)); + + /* + * Using strtok_r() would silently skip over multiple semicolons. We + * must check that before moving on. We must also avoid ';' as the first + * and the last character in the URI. + */ + if (strstr(uristr2, ";;") != NULL || uristr2[0] == ';' || + (strlen(uristr2) > 0 && uristr2[strlen(uristr2) - 1] == ';')) + goto bad_uri; + + tok = strtok_r(uristr2, ";", &l1); + for (; tok != NULL; tok = strtok_r(NULL, ";", &l1)) + { + /* "tok" is not empty so there will be something in "name". */ + name = strtok_r(tok, "=", &l2); + /* Check whether there is '=' at all. */ + if (l2 == NULL) + goto bad_uri; + + /* + * Fill out the URI structure. We do not accept duplicit + * attributes. + */ + if (strcmp(name, PK11_TOKEN) == 0) + if (uri_struct->token == NULL) + { + if ((uri_struct->token = strdup(l2)) == NULL) + goto no_mem; + } + else + goto bad_uri; + else if (strcmp(name, PK11_MANUF) == 0) + if (uri_struct->manuf == NULL) + { + if ((uri_struct->manuf = strdup(l2)) == NULL) + goto no_mem; + } + else + goto bad_uri; + else if (strcmp(name, PK11_SERIAL) == 0) + if (uri_struct->serial == NULL) + { + if ((uri_struct->serial = strdup(l2)) == NULL) + goto no_mem; + } + else + goto bad_uri; + else if (strcmp(name, PK11_MODEL) == 0) + if (uri_struct->model == NULL) + { + if ((uri_struct->model = strdup(l2)) == NULL) + goto no_mem; + } + else + goto bad_uri; + else if (strcmp(name, PK11_OBJECT) == 0) + if (uri_struct->object == NULL) + { + if ((uri_struct->object = strdup(l2)) == NULL) + goto no_mem; + } + else + goto bad_uri; + else if (strcmp(name, PK11_OBJECTTYPE) == 0) + if (uri_struct->objecttype == NULL) + { + uri_struct->objecttype = strdup(l2); + if (uri_struct->objecttype == NULL) + goto no_mem; + } + else + goto bad_uri; + else if (strcmp(name, PK11_ASKPASS) == 0) + if (uri_struct->askpass == NULL) + { + if ((uri_struct->askpass = strdup(l2)) == NULL) + goto no_mem; + } + else + goto bad_uri; + else + goto bad_uri; + } + + /* The "object" token is mandatory in the PKCS#11 URI. */ + if (uri_struct->object == NULL) + { + PK11err(PK11_F_LOAD_PRIVKEY, PK11_R_MISSING_OBJECT_LABEL); + goto err; + } + + free(uristr2); + return (1); +bad_uri: + PK11err(PK11_F_LOAD_PRIVKEY, PK11_R_INVALID_PKCS11_URI); + if (uristr2 != NULL) + free(uristr2); + return (0); +no_mem: + PK11err(PK11_F_LOAD_PRIVKEY, PK11_R_MALLOC_FAILURE); +err: + pk11_free_pkcs11_uri(uri_struct, CK_FALSE); + if (uristr2 != NULL) + free(uristr2); + return (0); + } + +/* + * Free the PKCS11 URI structure and anything that might be inside. + */ +void +pk11_free_pkcs11_uri(pkcs11_uri *uri_struct, CK_BBOOL free_uri_itself) + { + if (uri_struct->token != NULL) + free(uri_struct->token); + if (uri_struct->manuf != NULL) + free(uri_struct->manuf); + if (uri_struct->serial != NULL) + free(uri_struct->serial); + if (uri_struct->model != NULL) + free(uri_struct->model); + if (uri_struct->object != NULL) + free(uri_struct->object); + if (uri_struct->objecttype != NULL) + free(uri_struct->objecttype); + if (uri_struct->askpass != NULL) + free(uri_struct->askpass); + + if (free_uri_itself == CK_TRUE) + OPENSSL_free(uri_struct); + } + +/* + * While our keystore is always the one used by the pubkey slot (which is + * usually the Metaslot) we must make sure that those URI attributes that + * specify the keystore match the real attributes of our slot keystore. Note + * that one can use the METASLOT_OBJECTSTORE_TOKEN environment variable to + * change the Metaslot's keystore from the softtoken to something else (see + * libpkcs11(3LIB)). The user might want to use such attributes in the PKCS#11 + * URI to make sure that the intended keystore is used. + * + * Returns: + * 1 on success + * 0 on failure + */ +int +pk11_check_token_attrs(pkcs11_uri *uri_struct) + { + CK_RV rv; + static CK_TOKEN_INFO_PTR token_info = NULL; + + (void) pthread_mutex_lock(uri_lock); + if (token_info == NULL) + { + token_info = OPENSSL_malloc(sizeof (CK_TOKEN_INFO)); + if (token_info == NULL) + { + PK11err(PK11_F_CHECK_TOKEN_ATTRS, + PK11_R_MALLOC_FAILURE); + goto err; + } + + rv = pFuncList->C_GetTokenInfo(pubkey_SLOTID, token_info); + if (rv != CKR_OK) + { + PK11err_add_data(PK11_F_CHECK_TOKEN_ATTRS, + PK11_R_GETTOKENINFO, rv); + goto err; + } + } + + if (uri_struct->token != NULL) + if (strncmp(uri_struct->token, (char *)token_info->label, + strlen(uri_struct->token) > 32 ? 32 : + strlen(uri_struct->token)) != 0) + { + goto urierr; + } + + if (uri_struct->manuf != NULL) + if (strncmp(uri_struct->manuf, + (char *)token_info->manufacturerID, + strlen(uri_struct->manuf) > 32 ? 32 : + strlen(uri_struct->manuf)) != 0) + goto urierr; + + if (uri_struct->model != NULL) + if (strncmp(uri_struct->model, (char *)token_info->model, + strlen(uri_struct->model) > 16 ? 16 : + strlen(uri_struct->model)) != 0) + goto urierr; + + if (uri_struct->serial != NULL) + if (strncmp(uri_struct->serial, + (char *)token_info->serialNumber, + strlen(uri_struct->serial) > 16 ? 16 : + strlen(uri_struct->serial)) != 0) + goto urierr; + + (void) pthread_mutex_unlock(uri_lock); + return (1); + +urierr: + PK11err(PK11_F_CHECK_TOKEN_ATTRS, PK11_R_TOKEN_ATTRS_DO_NOT_MATCH); + /* Correct error already set above for the "err" label. */ +err: + (void) pthread_mutex_unlock(uri_lock); + return (0); + } + +/* + * Return the process PIN caching policy. We initialize it just once so if the + * process change OPENSSL_PKCS11_PIN_CACHING_POLICY during the operation it will + * not have any affect on the policy. + * + * We assume that the "uri_lock" mutex is already locked. + * + * Returns the caching policy number. + */ +int +pk11_get_pin_caching_policy(void) + { + char *value = NULL; + static int policy = POLICY_NOT_INITIALIZED; + + if (policy != POLICY_NOT_INITIALIZED) + return (policy); + + value = getenv("OPENSSL_PKCS11_PIN_CACHING_POLICY"); + + if (value == NULL || strcmp(value, "none") == 0) + { + policy = POLICY_NONE; + goto done; + } + + if (strcmp(value, "memory") == 0) + { + policy = POLICY_MEMORY; + goto done; + } + + if (strcmp(value, "mlocked-memory") == 0) + { + policy = POLICY_MLOCKED_MEMORY; + goto done; + } + + return (POLICY_WRONG_VALUE); +done: + return (policy); + } + +/* + * Cache the PIN in memory once. We already know that we have either "memory" or + * "mlocked-memory" keyword correctly set. + * + * Returns: + * 1 on success + * 0 on failure + */ +int +pk11_cache_pin(char *pin) + { + (void) pthread_mutex_lock(uri_lock); + /* We set the PIN only once since all URIs must have it the same. */ + if (token_pin != NULL) + goto ok; + + if (pk11_get_pin_caching_policy() == POLICY_MEMORY) + if ((token_pin = strdup(pin)) == NULL) + { + PK11err(PK11_F_CACHE_PIN, PK11_R_MALLOC_FAILURE); + goto err; + } + else + if (pk11_get_pin_caching_policy() == POLICY_MLOCKED_MEMORY) + { + if (mlock_pin_in_memory(pin) == 0) + goto err; + } + +ok: + (void) pthread_mutex_unlock(uri_lock); + return (1); +err: + (void) pthread_mutex_unlock(uri_lock); + return (0); + } + +/* + * Cache the PIN in mlock(3C)ed memory. If mlock(3C) fails we will not resort to + * the normal memory caching. + * + * Note that this function must be called under the protection of the "uri_lock" + * mutex. + * + * Returns: + * 1 on success + * 0 on failure + */ +static int +mlock_pin_in_memory(char *pin) + { + void *addr = NULL; + long pagesize = 0; + + /* mlock(3C) locks pages so we need one whole page for the PIN. */ + if ((pagesize = sysconf(_SC_PAGESIZE)) == -1) + { + PK11err(PK11_F_MLOCK_PIN_IN_MEMORY, PK11_R_SYSCONF_FAILED); + goto err; + } + + /* This will ensure we have a page aligned pointer... */ + if ((addr = mmap(0, pagesize, PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANON, -1, 0)) == MAP_FAILED) + { + PK11err(PK11_F_MLOCK_PIN_IN_MEMORY, PK11_R_MMAP_FAILED); + goto err; + } + + /* ...because "addr" must be page aligned here. */ + if (mlock(addr, pagesize) == -1) + { + /* + * Missing the PRIV_PROC_LOCK_MEMORY privilege might be a common + * problem so distinguish this situation from other issues. + */ + if (errno == EPERM) + PK11err(PK11_F_MLOCK_PIN_IN_MEMORY, + PK11_R_PRIV_PROC_LOCK_MEMORY_MISSING); + else + PK11err(PK11_F_MLOCK_PIN_IN_MEMORY, + PK11_R_MLOCK_FAILED); + + /* + * We already have a problem here so there is no need to check + * that we could unmap the page. The PIN is not there yet + * anyway. + */ + (void) munmap(addr, pagesize); + goto err; + } + + /* Copy the PIN to the mlocked memory. */ + token_pin = (char *)addr; + strlcpy(token_pin, pin, PK11_MAX_PIN_LEN + 1); + return (1); +err: + return (0); + } + +/* + * Log in to the keystore if we are supposed to do that at all. Take care of + * reading and caching the PIN etc. Log in only once even when called from + * multiple threads. + * + * Returns: + * 1 on success + * 0 on failure + */ +int +pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done, + pkcs11_uri *uri_struct, CK_BBOOL is_private) + { + CK_RV rv; + + if ((pubkey_token_flags & CKF_TOKEN_INITIALIZED) == 0) + { + PK11err(PK11_F_TOKEN_LOGIN, + PK11_R_TOKEN_NOT_INITIALIZED); + goto err; + } + + /* + * If login is required or needed but the PIN has not been even + * initialized we can bail out right now. Note that we are supposed to + * always log in if we are going to access private keys. However, we may + * need to log in even for accessing public keys in case that the + * CKF_LOGIN_REQUIRED flag is set. + */ + if ((pubkey_token_flags & CKF_LOGIN_REQUIRED || + is_private == CK_TRUE) && ~pubkey_token_flags & + CKF_USER_PIN_INITIALIZED) + { + PK11err(PK11_F_TOKEN_LOGIN, PK11_R_TOKEN_PIN_NOT_SET); + goto err; + } + + /* + * Note on locking: it is possible that more than one thread gets into + * pk11_get_pin() so we must deal with that. We cannot avoid it since we + * cannot guard fork() in there with a lock because we could end up in + * a dead lock in the child. Why? Remember we are in a multithreaded + * environment so we must lock all mutexes in the prefork function to + * avoid a situation in which a thread that did not call fork() held a + * lock, making future unlocking impossible. We lock right before + * C_Login(). + */ + if (pubkey_token_flags & CKF_LOGIN_REQUIRED || is_private == CK_TRUE) + { + if (*login_done == CK_FALSE && + uri_struct->askpass == NULL) + { + PK11err(PK11_F_TOKEN_LOGIN, + PK11_R_TOKEN_PIN_NOT_PROVIDED); + goto err; + } + + if (*login_done == CK_FALSE && + uri_struct->askpass != NULL) + { + if (pk11_get_pin(uri_struct->askpass, + &uri_struct->pin) == 0) + { + PK11err(PK11_F_TOKEN_LOGIN, + PK11_R_TOKEN_PIN_NOT_PROVIDED); + goto err; + } + } + + /* + * Note that what we are logging into is the keystore from + * pubkey_SLOTID because we work with OP_RSA session type here. + * That also means that we can work with only one keystore in + * the engine. + * + * We must make sure we do not try to login more than once. + * Also, see the comment above on locking strategy. + */ + (void) pthread_mutex_lock(uri_lock); + if (*login_done == CK_FALSE) + { + if ((rv = pFuncList->C_Login(session, + CKU_USER, (CK_UTF8CHAR*)uri_struct->pin, + strlen(uri_struct->pin))) != CKR_OK) + { + PK11err_add_data(PK11_F_TOKEN_LOGIN, + PK11_R_TOKEN_LOGIN_FAILED, rv); + goto err_locked; + } + + *login_done = CK_TRUE; + + /* + * Cache the passphrasedialog for possible child (which + * would need to relogin). + */ + if (passphrasedialog == NULL && + uri_struct->askpass != NULL) + { + passphrasedialog = + strdup(uri_struct->askpass); + + if (passphrasedialog == NULL) + { + PK11err_add_data(PK11_F_TOKEN_LOGIN, + PK11_R_MALLOC_FAILURE, rv); + goto err_locked; + } + } + + /* + * Check the PIN caching policy. Note that user might + * have provided a PIN even when no PIN was required - + * in that case we always remove the PIN from memory. + */ + if (pk11_get_pin_caching_policy() == + POLICY_WRONG_VALUE) + { + PK11err(PK11_F_TOKEN_LOGIN, + PK11_R_PIN_CACHING_POLICY_INVALID); + goto err_locked; + } + + if (pk11_get_pin_caching_policy() != POLICY_NONE) + if (pk11_cache_pin(uri_struct->pin) == 0) + goto err_locked; + } + (void) pthread_mutex_unlock(uri_lock); + } + else + { + /* + * If token does not require login we take it as the + * login was done. + */ + *login_done = CK_TRUE; + } + + /* + * If we raced at pk11_get_pin() we must make sure that all threads that + * called pk11_get_pin() will erase the PIN from memory, not just the + * one that called C_Login(). Note that if we were supposed to cache the + * PIN it was already cached by now so filling "uri_struct.pin" with + * zero bytes is always OK since pk11_cache_pin() makes a copy of it. + */ + if (uri_struct->pin != NULL) + memset(uri_struct->pin, 0, strlen(uri_struct->pin)); + + return (1); + +err_locked: + (void) pthread_mutex_unlock(uri_lock); +err: + /* Always get rid of the PIN. */ + if (uri_struct->pin != NULL) + memset(uri_struct->pin, 0, strlen(uri_struct->pin)); + return (0); + } + +/* + * Log in to the keystore in the child if we were logged in in the parent. There + * are similarities in the code with pk11_token_login() but still it is quite + * different so we need a separate function for this. + * + * Note that this function is called under the locked session mutex when fork is + * detected. That means that C_Login() will be called from the child just once. + * + * Returns: + * 1 on success + * 0 on failure + */ +int +pk11_token_relogin(CK_SESSION_HANDLE session) + { + CK_RV rv; + + /* + * We are in the child so check if we should login to the token again. + * Note that it is enough to log in to the token through one session + * only, all already open and all future sessions can access the token + * then. + */ + if (passphrasedialog != NULL) + { + char *pin = NULL; + + /* If we cached the PIN then use it. */ + if (token_pin != NULL) + pin = token_pin; + else if (pk11_get_pin(passphrasedialog, &pin) == 0) + goto err; + + (void) pthread_mutex_lock(uri_lock); + if ((rv = pFuncList->C_Login(session, CKU_USER, + (CK_UTF8CHAR_PTR)pin, strlen(pin))) != CKR_OK) + { + PK11err_add_data(PK11_F_TOKEN_RELOGIN, + PK11_R_TOKEN_LOGIN_FAILED, rv); + (void) pthread_mutex_unlock(uri_lock); + goto err; + } + (void) pthread_mutex_unlock(uri_lock); + + /* Forget the PIN now if we did not cache it before. */ + if (pin != token_pin) + { + memset(pin, 0, strlen(pin)); + OPENSSL_free(pin); + } + } + + return (1); +err: + return (0); + } + +/* + * This function forks and runs an external command. It would be nice if we + * could use popen(3C)/pclose(3C) for that but unfortunately we need to be able + * to get rid of the PIN from the memory. With p(open|close) function calls we + * cannot control the stdio's memory used for buffering and our tests showed + * that the PIN really stays there even after pclose(). + * + * Returns: + * allocated buffer on success + * NULL on failure + */ +static char * +run_askpass(char *dialog) + { + pid_t pid; + int n, p[2]; + char *buf = NULL; + + if (pipe(p) == -1) + { + PK11err(PK11_F_RUN_ASKPASS, PK11_R_PIPE_FAILED); + return (NULL); + } + + switch (pid = fork()) + { + case -1: + PK11err(PK11_F_RUN_ASKPASS, PK11_R_FORK_FAILED); + return (NULL); + /* child */ + case 0: + /* + * This should make sure that dup2() will not fail on + * file descriptor shortage. + */ + close(p[0]); + (void) dup2(p[1], 1); + close(p[1]); + /* + * Note that we cannot use PK11err() here since we are + * in the child. However, parent will get read() error + * so do not worry. + */ + (void) execl(dialog, basename(dialog), NULL); + exit(1); + /* parent */ + default: + /* +1 is for the terminating '\0' */ + buf = (char *)OPENSSL_malloc(PK11_MAX_PIN_LEN + 1); + if (buf == NULL) + { + PK11err(PK11_F_RUN_ASKPASS, + PK11_R_MALLOC_FAILURE); + return (NULL); + } + + close(p[1]); + n = read(p[0], buf, PK11_MAX_PIN_LEN); + if (n == -1 || n == 0) + { + PK11err(PK11_F_RUN_ASKPASS, + PK11_R_PIN_NOT_READ_FROM_COMMAND); + OPENSSL_free(buf); + return (NULL); + } + buf[n] = '\0'; + + (void) waitpid(pid, NULL, 0); + } + + return (buf); + } + +#endif /* OPENSSL_NO_HW_PK11 */ +#endif /* OPENSSL_NO_HW */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/engines/pkcs11/hw_pk11_uri.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/engines/pkcs11/hw_pk11_uri.h Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,113 @@ +/* + * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved. + */ + +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef HW_PK11_URI_H +#define HW_PK11_URI_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* PKCS#11 URI related prefixes and attributes. */ +#define PK11_URI_PREFIX "pkcs11:" +#define FILE_URI_PREFIX "file://" +#define PK11_TOKEN "token" +#define PK11_MANUF "manuf" +#define PK11_SERIAL "serial" +#define PK11_MODEL "model" +#define PK11_OBJECT "object" +#define PK11_OBJECTTYPE "objecttype" +#define PK11_ASKPASS "passphrasedialog" + +/* PIN caching policy. */ +#define POLICY_NOT_INITIALIZED 0 +#define POLICY_NONE 1 +#define POLICY_MEMORY 2 +#define POLICY_MLOCKED_MEMORY 3 +#define POLICY_WRONG_VALUE 4 + +/* + * That's what getpassphrase(3c) supports. + */ +#define PK11_MAX_PIN_LEN 256 + +/* Add new attributes of the PKCS#11 URI here. */ +typedef struct pkcs11_uri_struct { + char *object; /* object label, the only mandatory info */ + char *objecttype; /* (private|public|cert), currently unused */ + char *token; /* token label */ + char *manuf; /* manufacturer label */ + char *serial; /* serial number label */ + char *model; /* model label */ + char *askpass; /* full path to the command to get the PIN */ + /* Not part of the PKCS11 URI itself. */ + char *pin; /* token PIN */ +} pkcs11_uri; + +/* For URI processing. */ +extern pthread_mutex_t *uri_lock; + +int pk11_get_pin(char *dialog, char **pin); +int pk11_get_pin_caching_policy(void); +int pk11_process_pkcs11_uri(const char *uristr, pkcs11_uri *uri_struct, + const char **file); +int pk11_check_token_attrs(pkcs11_uri *uri_struct); +void pk11_free_pkcs11_uri(pkcs11_uri *uri_struct, CK_BBOOL free_uri_itself); +int pk11_cache_pin(char *pin); +int pk11_token_login(CK_SESSION_HANDLE session, CK_BBOOL *login_done, + pkcs11_uri *uri_struct, CK_BBOOL is_private); +int pk11_token_relogin(CK_SESSION_HANDLE session); + +#ifdef __cplusplus +} +#endif +#endif /* HW_PK11_URI_H */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/engines/t4/eng_t4.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/engines/t4/eng_t4.c Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,1008 @@ +/* + * This product includes cryptographic software developed by the OpenSSL + * Project for use in the OpenSSL Toolkit (http://www.openssl.org/). + */ + +/* + * ==================================================================== + * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +/* + * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved. + */ + +/* + * This engine supports SPARC microprocessors that provide AES and other + * cipher and hash instructions, such as the T4 microprocessor. + */ + +#include + +#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AES_T4) && \ + !defined(OPENSSL_NO_AES) +#include +#include /* getisax() */ +#include +#include +#include +#include +#include +#include +#include "eng_t4_aes_asm.h" + +#define T4_LIB_NAME "SPARC T4 engine" +#include "eng_t4_err.c" + +/* Copied from Solaris aes_impl.h */ +#ifndef MAX_AES_NR +#define MAX_AES_NR 14 /* Maximum number of rounds */ +#endif +#ifndef MAX_AES_NB +#define MAX_AES_NB 4 /* Number of columns comprising a state */ +#endif + +/* Index for the supported ciphers */ +typedef enum { + T4_AES_128_CBC, + T4_AES_192_CBC, + T4_AES_256_CBC, +#ifndef SOLARIS_NO_AES_CFB128 + T4_AES_128_CFB128, + T4_AES_192_CFB128, + T4_AES_256_CFB128, +#endif /* !SOLARIS_NO_AES_CFB128 */ + T4_AES_128_CTR, + T4_AES_192_CTR, + T4_AES_256_CTR, + T4_AES_128_ECB, + T4_AES_192_ECB, + T4_AES_256_ECB, + T4_CIPHER_MAX +} t4_cipher_id; + +/* T4 cipher context; must be 8-byte aligned (last field must be uint64_t) */ +typedef struct t4_cipher_ctx { + t4_cipher_id index; + uint64_t *iv; + uint64_t aligned_iv_buffer[2]; /* use if original IV unaligned */ + /* Encryption and decryption key schedule are the same: */ + uint64_t t4_ks[((MAX_AES_NR) + 1) * (MAX_AES_NB)]; +} t4_cipher_ctx_t; + +typedef struct t4_cipher { + t4_cipher_id id; + int nid; + int iv_len; + int min_key_len; + int max_key_len; + unsigned long flags; +} t4_cipher_t; + +/* Constants used when creating the ENGINE */ +static const char *ENGINE_T4_ID = "t4"; +static const char *ENGINE_T4_NAME = "SPARC T4 engine support"; +static const char *ENGINE_NO_T4_NAME = "SPARC T4 engine support (no T4)"; + + +#if (defined(sun4v) || defined(__sparcv9) || defined(__sparcv8plus) || \ + defined(__sparcv8)) && !defined(OPENSSL_NO_ASM) +#define COMPILE_HW_T4 +static int t4_bind_helper(ENGINE *e, const char *id); +#pragma inline(t4_bind_helper) +#endif + +/* + * This makes the engine "built-in" with OpenSSL. + * On non-T4 CPUs this just returns. + * Called by ENGINE_load_builtin_engines(). + */ +void +ENGINE_load_t4(void) +{ +#ifdef COMPILE_HW_T4 + ENGINE *toadd = ENGINE_new(); + if (toadd != NULL) { + if (t4_bind_helper(toadd, ENGINE_T4_ID) != 0) { + (void) ENGINE_add(toadd); + (void) ENGINE_free(toadd); + ERR_clear_error(); + } else { + (void) ENGINE_free(toadd); + } + } +#endif +} + + +#ifdef COMPILE_HW_T4 +static int t4_bind(ENGINE *e); +#ifndef DYNAMIC_ENGINE +#pragma inline(t4_bind) +#endif +static t4_cipher_id get_cipher_index_by_nid(int nid); +#pragma inline(get_cipher_index_by_nid) +static void t4_instructions_present(_Bool *aes_present, _Bool *des_present, + _Bool *digest_present, _Bool *montmul_present); +#pragma inline(t4_instructions_present) + +/* Digest registration function. Called by ENGINE_set_ciphers() */ +int t4_get_all_digests(ENGINE *e, const EVP_MD **digest, + const int **nids, int nid); + +/* RSA_METHOD structure used by ENGINE_set_RSA() */ +extern RSA_METHOD *t4_RSA(void); + +/* DH_METHOD structure used by ENGINE_set_DH() */ +extern DH_METHOD *t4_DH(void); + +/* DSA_METHOD structure used by ENGINE_set_DSA() */ +extern DSA_METHOD *t4_DSA(void); + +/* Static variables */ +/* This can't be const as NID*ctr is inserted when the engine is initialized */ +static int t4_cipher_nids[] = { + NID_aes_128_cbc, NID_aes_192_cbc, NID_aes_256_cbc, +#ifndef SOLARIS_NO_AES_CFB128 + NID_aes_128_cfb128, NID_aes_192_cfb128, NID_aes_256_cfb128, +#endif + NID_aes_128_ctr, NID_aes_192_ctr, NID_aes_256_ctr, + NID_aes_128_ecb, NID_aes_192_ecb, NID_aes_256_ecb, +#ifndef OPENSSL_NO_DES + /* Must be at end of list (see t4_des_cipher_count in t4_bind() */ + NID_des_cbc, NID_des_ede3_cbc, NID_des_ecb, NID_des_ede3_ecb, +#endif +}; +static const int t4_des_cipher_count = 4; +static int t4_cipher_count = + (sizeof (t4_cipher_nids) / sizeof (t4_cipher_nids[0])); + +/* + * Cipher Table for all supported symmetric ciphers. + * Must be in same order as t4_cipher_id. + */ +static t4_cipher_t t4_cipher_table[] = { + /* ID NID IV min- max-key flags */ + {T4_AES_128_CBC, NID_aes_128_cbc, 16, 16, 16, 0}, + {T4_AES_192_CBC, NID_aes_192_cbc, 16, 24, 24, 0}, + {T4_AES_256_CBC, NID_aes_256_cbc, 16, 32, 32, 0}, +#ifndef SOLARIS_NO_AES_CFB128 + {T4_AES_128_CFB128, NID_aes_128_cfb128, 16, 16, 16, + EVP_CIPH_NO_PADDING}, + {T4_AES_192_CFB128, NID_aes_192_cfb128, 16, 24, 24, + EVP_CIPH_NO_PADDING}, + {T4_AES_256_CFB128, NID_aes_256_cfb128, 16, 32, 32, + EVP_CIPH_NO_PADDING}, +#endif + {T4_AES_128_CTR, NID_aes_128_ctr, 16, 16, 16, + EVP_CIPH_NO_PADDING}, + {T4_AES_192_CTR, NID_aes_192_ctr, 16, 24, 24, + EVP_CIPH_NO_PADDING}, + {T4_AES_256_CTR, NID_aes_256_ctr, 16, 32, 32, + EVP_CIPH_NO_PADDING}, + {T4_AES_128_ECB, NID_aes_128_ecb, 0, 16, 16, 0}, + {T4_AES_192_ECB, NID_aes_192_ecb, 0, 24, 24, 0}, + {T4_AES_256_ECB, NID_aes_256_ecb, 0, 32, 32, 0}, +}; + + +/* Formal declaration for functions in EVP_CIPHER structure */ +static int t4_cipher_init_aes(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); + +static int t4_cipher_do_aes_128_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); +static int t4_cipher_do_aes_192_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); +static int t4_cipher_do_aes_256_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); +#ifndef SOLARIS_NO_AES_CFB128 +static int t4_cipher_do_aes_128_cfb128(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); +static int t4_cipher_do_aes_192_cfb128(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); +static int t4_cipher_do_aes_256_cfb128(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); +#endif +static int t4_cipher_do_aes_128_ctr(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); +static int t4_cipher_do_aes_192_ctr(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); +static int t4_cipher_do_aes_256_ctr(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); +static int t4_cipher_do_aes_128_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); +static int t4_cipher_do_aes_192_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); +static int t4_cipher_do_aes_256_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); + + +/* + * Cipher Algorithms + * + * OpenSSL's libcrypto EVP stuff. This is how this engine gets wired to EVP. + * EVP_CIPHER is defined in evp.h. To maintain binary compatibility the + * definition cannot be modified. + * Stuff specific to the t4 engine is kept in t4_cipher_ctx_t, which is + * pointed to by cipher_data or md_data + * + * Fields: nid, block_size, key_len, iv_len, flags, + * init(), do_cipher(), cleanup(), + * ctx_size, + * set_asn1_parameters(), get_asn1_parameters(), ctrl(), app_data + */ + +static const EVP_CIPHER t4_aes_128_cbc = { + NID_aes_128_cbc, + 16, 16, 16, + EVP_CIPH_CBC_MODE, + t4_cipher_init_aes, t4_cipher_do_aes_128_cbc, NULL, + sizeof (t4_cipher_ctx_t), + EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, + NULL, NULL +}; +static const EVP_CIPHER t4_aes_192_cbc = { + NID_aes_192_cbc, + 16, 24, 16, + EVP_CIPH_CBC_MODE, + t4_cipher_init_aes, t4_cipher_do_aes_192_cbc, NULL, + sizeof (t4_cipher_ctx_t), + EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, + NULL, NULL +}; +static const EVP_CIPHER t4_aes_256_cbc = { + NID_aes_256_cbc, + 16, 32, 16, + EVP_CIPH_CBC_MODE, + t4_cipher_init_aes, t4_cipher_do_aes_256_cbc, NULL, + sizeof (t4_cipher_ctx_t), + EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, + NULL, NULL +}; + +#ifndef SOLARIS_NO_AES_CFB128 +static const EVP_CIPHER t4_aes_128_cfb128 = { + NID_aes_128_cfb128, + 16, 16, 16, + EVP_CIPH_CFB_MODE, + t4_cipher_init_aes, t4_cipher_do_aes_128_cfb128, NULL, + sizeof (t4_cipher_ctx_t), + EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, + NULL, NULL +}; +static const EVP_CIPHER t4_aes_192_cfb128 = { + NID_aes_192_cfb128, + 16, 24, 16, + EVP_CIPH_CFB_MODE, + t4_cipher_init_aes, t4_cipher_do_aes_192_cfb128, NULL, + sizeof (t4_cipher_ctx_t), + EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, + NULL, NULL +}; +static const EVP_CIPHER t4_aes_256_cfb128 = { + NID_aes_256_cfb128, + 16, 32, 16, + EVP_CIPH_CFB_MODE, + t4_cipher_init_aes, t4_cipher_do_aes_256_cfb128, NULL, + sizeof (t4_cipher_ctx_t), + EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, + NULL, NULL +}; +#endif /* !SOLARIS_NO_AES_CFB128 */ + +static EVP_CIPHER t4_aes_128_ctr = { + NID_aes_128_ctr, + 16, 16, 16, + EVP_CIPH_CTR_MODE, + t4_cipher_init_aes, t4_cipher_do_aes_128_ctr, NULL, + sizeof (t4_cipher_ctx_t), + EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, + NULL, NULL +}; +static EVP_CIPHER t4_aes_192_ctr = { + NID_aes_192_ctr, + 16, 24, 16, + EVP_CIPH_CTR_MODE, + t4_cipher_init_aes, t4_cipher_do_aes_192_ctr, NULL, + sizeof (t4_cipher_ctx_t), + EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, + NULL, NULL +}; +static EVP_CIPHER t4_aes_256_ctr = { + NID_aes_256_ctr, + 16, 32, 16, + EVP_CIPH_CTR_MODE, + t4_cipher_init_aes, t4_cipher_do_aes_256_ctr, NULL, + sizeof (t4_cipher_ctx_t), + EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, + NULL, NULL +}; + +/* + * ECB modes don't use an Initial Vector, so that's why set_asn1_parameters, + * get_asn1_parameters, and cleanup fields are set to NULL. + */ +static const EVP_CIPHER t4_aes_128_ecb = { + NID_aes_128_ecb, + 16, 16, 0, + EVP_CIPH_ECB_MODE, + t4_cipher_init_aes, t4_cipher_do_aes_128_ecb, NULL, + sizeof (t4_cipher_ctx_t), + NULL, NULL, NULL, NULL +}; +static const EVP_CIPHER t4_aes_192_ecb = { + NID_aes_192_ecb, + 16, 24, 0, + EVP_CIPH_ECB_MODE, + t4_cipher_init_aes, t4_cipher_do_aes_192_ecb, NULL, + sizeof (t4_cipher_ctx_t), + NULL, NULL, NULL, NULL +}; +static const EVP_CIPHER t4_aes_256_ecb = { + NID_aes_256_ecb, + 16, 32, 0, + EVP_CIPH_ECB_MODE, + t4_cipher_init_aes, t4_cipher_do_aes_256_ecb, NULL, + sizeof (t4_cipher_ctx_t), + NULL, NULL, NULL, NULL +}; + +#ifndef OPENSSL_NO_DES +extern const EVP_CIPHER t4_des_cbc; +extern const EVP_CIPHER t4_des3_cbc; +extern const EVP_CIPHER t4_des_ecb; +extern const EVP_CIPHER t4_des3_ecb; +#endif /* OPENSSL_NO_DES */ + + +/* + * Message Digest variables + */ +static const int t4_digest_nids[] = { +#ifndef OPENSSL_NO_MD5 + NID_md5, +#endif +#ifndef OPENSSL_NO_SHA +#ifndef OPENSSL_NO_SHA1 + NID_sha1, +#endif +#ifndef OPENSSL_NO_SHA256 + NID_sha224, + NID_sha256, +#endif +#ifndef OPENSSL_NO_SHA512 + NID_sha384, + NID_sha512, +#endif +#endif /* !OPENSSL_NO_SHA */ +}; +static const int t4_digest_count = + (sizeof (t4_digest_nids) / sizeof (t4_digest_nids[0])); + +#ifndef OPENSSL_NO_MD5 +extern const EVP_MD t4_md5; +#endif +#ifndef OPENSSL_NO_SHA +#ifndef OPENSSL_NO_SHA1 +extern const EVP_MD t4_sha1; +#endif +#ifndef OPENSSL_NO_SHA256 +extern const EVP_MD t4_sha224; +extern const EVP_MD t4_sha256; +#endif +#ifndef OPENSSL_NO_SHA512 +extern const EVP_MD t4_sha384; +extern const EVP_MD t4_sha512; +#endif +#endif /* !OPENSSL_NO_SHA */ + +/* + * Message Digest functions + */ + +/* + * Registered by the ENGINE with ENGINE_set_digests(). + * Finds out how to deal with a particular digest NID in the ENGINE. + */ +/* ARGSUSED */ +int +t4_get_all_digests(ENGINE *e, const EVP_MD **digest, + const int **nids, int nid) +{ + if (digest == NULL) { /* return a list of all supported digests */ + *nids = (t4_digest_count > 0) ? t4_digest_nids : NULL; + return (t4_digest_count); + } + + switch (nid) { +#ifndef OPENSSL_NO_MD5 + case NID_md5: + *digest = &t4_md5; + break; +#endif +#ifndef OPENSSL_NO_SHA +#ifndef OPENSSL_NO_SHA1 + /* + * A special case. For "openssl dgst -dss1 ...", + * OpenSSL calls EVP_get_digestbyname() on "dss1" which ends up + * calling t4_get_all_digests() for NID_dsa. Internally, if an + * engine is not used, OpenSSL uses SHA1_Init() as expected for + * DSA. So, we must return t4_sha1 for NID_dsa as well. Note + * that this must have changed between 0.9.8 and 1.0.0 since we + * did not have the problem with the 0.9.8 version. + */ + case NID_dsa: + case NID_sha1: + *digest = &t4_sha1; + break; +#endif +#ifndef OPENSSL_NO_SHA256 + case NID_sha224: + *digest = &t4_sha224; + break; + case NID_sha256: + *digest = &t4_sha256; + break; +#endif +#ifndef OPENSSL_NO_SHA512 + case NID_sha384: + *digest = &t4_sha384; + break; + case NID_sha512: + *digest = &t4_sha512; + break; +#endif +#endif /* !OPENSSL_NO_SHA */ + default: + /* digest not supported */ + *digest = NULL; + return (0); + } + + return (1); +} + + +/* + * Utility Functions + */ + +/* + * Set aes_present, des_present, digest_present and montmul_present + * to B_FALSE or B_TRUE depending on + * whether the current SPARC processor supports AES, DES, + * MD5/SHA1/SHA256/SHA512 and MONTMUL, respectively. + */ +static void +t4_instructions_present(_Bool *aes_present, _Bool *des_present, + _Bool *digest_present, _Bool *montmul_present) +{ +#ifdef OPENSSL_NO_DES +#undef AV_SPARC_DES +#define AV_SPARC_DES 0 +#endif +#ifdef OPENSSL_NO_MD5 +#undef AV_SPARC_MD5 +#define AV_SPARC_MD5 0 +#endif +#ifndef OPENSSL_NO_SHA +#ifdef OPENSSL_NO_SHA1 +#undef AV_SPARC_SHA1 +#define AV_SPARC_SHA1 0 +#endif +#ifdef OPENSSL_NO_SHA256 +#undef AV_SPARC_SHA256 +#define AV_SPARC_SHA256 0 +#endif +#ifdef OPENSSL_NO_SHA512 +#undef AV_SPARC_SHA512 +#define AV_SPARC_SHA512 0 +#endif +#else +#undef AV_SPARC_SHA1 +#undef AV_SPARC_SHA256 +#undef AV_SPARC_SHA512 +#define AV_SPARC_SHA1 0 +#define AV_SPARC_SHA256 0 +#define AV_SPARC_SHA512 0 +#endif /* !OPENSSL_NO_SHA */ + +#define DIGEST_MASK (AV_SPARC_MD5 | AV_SPARC_SHA1 | AV_SPARC_SHA256 | \ + AV_SPARC_SHA512) + uint_t ui; + + (void) getisax(&ui, 1); + *aes_present = ((ui & AV_SPARC_AES) != 0); + *des_present = ((ui & AV_SPARC_DES) != 0); + *digest_present = ((ui & DIGEST_MASK) == DIGEST_MASK); + *montmul_present = ((ui & AV_SPARC_MONT) != 0); +} + + +/* + * Cipher functions + */ + + +/* + * Registered by the ENGINE with ENGINE_set_ciphers(). + * Finds out how to deal with a particular cipher NID in the ENGINE. + */ +/* ARGSUSED */ +static int +t4_get_all_ciphers(ENGINE *e, const EVP_CIPHER **cipher, + const int **nids, int nid) +{ + if (cipher == NULL) { /* return a list of all supported ciphers */ + *nids = (t4_cipher_count > 0) ? t4_cipher_nids : NULL; + return (t4_cipher_count); + } + + switch (nid) { + case NID_aes_128_cbc: + *cipher = &t4_aes_128_cbc; + break; + case NID_aes_192_cbc: + *cipher = &t4_aes_192_cbc; + break; + case NID_aes_256_cbc: + *cipher = &t4_aes_256_cbc; + break; + case NID_aes_128_ecb: + *cipher = &t4_aes_128_ecb; + break; + case NID_aes_192_ecb: + *cipher = &t4_aes_192_ecb; + break; + case NID_aes_256_ecb: + *cipher = &t4_aes_256_ecb; + break; +#ifndef SOLARIS_NO_AES_CFB128 + case NID_aes_128_cfb128: + *cipher = &t4_aes_128_cfb128; + break; + case NID_aes_192_cfb128: + *cipher = &t4_aes_192_cfb128; + break; + case NID_aes_256_cfb128: + *cipher = &t4_aes_256_cfb128; + break; +#endif /* !SOLARIS_NO_AES_CFB128 */ +#ifndef OPENSSL_NO_DES + case NID_des_cbc: + *cipher = &t4_des_cbc; + break; + case NID_des_ede3_cbc: + *cipher = &t4_des3_cbc; + break; + case NID_des_ecb: + *cipher = &t4_des_ecb; + break; + case NID_des_ede3_ecb: + *cipher = &t4_des3_ecb; + break; +#endif /* !OPENSSL_NO_DES */ + case NID_aes_128_ctr: + *cipher = &t4_aes_128_ctr; + break; + case NID_aes_192_ctr: + *cipher = &t4_aes_192_ctr; + break; + case NID_aes_256_ctr: + *cipher = &t4_aes_256_ctr; + break; + default: + /* cipher not supported */ + *cipher = NULL; + return (0); + } + + return (1); +} + + +/* Called by t4_cipher_init_aes() */ +static t4_cipher_id +get_cipher_index_by_nid(int nid) +{ + t4_cipher_id i; + + for (i = (t4_cipher_id)0; i < T4_CIPHER_MAX; ++i) + if (t4_cipher_table[i].nid == nid) + return (i); + return (T4_CIPHER_MAX); +} + + +/* ARGSUSED2 */ +static int +t4_cipher_init_aes(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + t4_cipher_ctx_t *tctx = ctx->cipher_data; + uint64_t *t4_ks = tctx->t4_ks; + t4_cipher_t *t4_cipher; + t4_cipher_id index; + int key_len = ctx->key_len; + uint64_t aligned_key_buffer[4]; /* 16, 24, or 32 bytes long */ + uint64_t *aligned_key; + + if (key == NULL) { + T4err(T4_F_CIPHER_INIT_AES, T4_R_CIPHER_KEY); + return (0); + } + + /* Get the cipher entry index in t4_cipher_table from nid */ + index = get_cipher_index_by_nid(ctx->cipher->nid); + if (index >= T4_CIPHER_MAX) { + T4err(T4_F_CIPHER_INIT_AES, T4_R_CIPHER_NID); + return (0); /* Error */ + } + t4_cipher = &t4_cipher_table[index]; + + /* Check key size and iv size */ + if (ctx->cipher->iv_len < t4_cipher->iv_len) { + T4err(T4_F_CIPHER_INIT_AES, T4_R_IV_LEN_INCORRECT); + return (0); /* Error */ + } + if ((key_len < t4_cipher->min_key_len) || + (key_len > t4_cipher->max_key_len)) { + T4err(T4_F_CIPHER_INIT_AES, T4_R_KEY_LEN_INCORRECT); + return (0); /* Error */ + } + + /* Set cipher flags, if any */ + ctx->flags |= t4_cipher->flags; + + /* Align the key */ + if (((unsigned long)key & 0x7) == 0) /* already aligned */ + aligned_key = (uint64_t *)key; + else { /* key is not 8-byte aligned */ +#ifdef DEBUG_T4 + (void) fprintf(stderr, "T4: key is not 8 byte aligned\n"); +#endif + (void) memcpy(aligned_key_buffer, key, key_len); + aligned_key = aligned_key_buffer; + } + + + /* + * Expand the key schedule. + * Copy original key to start of t4_ks key schedule. Note that the + * encryption and decryption key schedule are the same for T4. + */ + switch (key_len) { + case 16: + t4_aes_expand128(&t4_ks[2], + (const uint32_t *)aligned_key); + t4_ks[0] = aligned_key[0]; + t4_ks[1] = aligned_key[1]; + break; + case 24: + t4_aes_expand192(&t4_ks[3], + (const uint32_t *)aligned_key); + t4_ks[0] = aligned_key[0]; + t4_ks[1] = aligned_key[1]; + t4_ks[2] = aligned_key[2]; + break; + case 32: + t4_aes_expand256(&t4_ks[4], + (const uint32_t *)aligned_key); + t4_ks[0] = aligned_key[0]; + t4_ks[1] = aligned_key[1]; + t4_ks[2] = aligned_key[2]; + t4_ks[3] = aligned_key[3]; + break; + default: + T4err(T4_F_CIPHER_INIT_AES, T4_R_CIPHER_KEY); + return (0); + } + + /* Save index to cipher */ + tctx->index = index; + + /* Align IV, if needed */ + if (t4_cipher->iv_len <= 0) { /* no IV (such as with ECB mode) */ + tctx->iv = NULL; + } else if (((unsigned long)ctx->iv & 0x7) == 0) { /* already aligned */ + tctx->iv = (uint64_t *)ctx->iv; + } else { + /* IV is not 8 byte aligned */ + (void) memcpy(tctx->aligned_iv_buffer, ctx->iv, + ctx->cipher->iv_len); + tctx->iv = tctx->aligned_iv_buffer; +#ifdef DEBUG_T4 + (void) fprintf(stderr, + "t4_cipher_init_aes: IV is not 8 byte aligned\n"); + (void) fprintf(stderr, + "t4_cipher_init_aes: ctx->cipher->iv_len =%d\n", + ctx->cipher->iv_len); + (void) fprintf(stderr, "t4_cipher_init_aes: after " + "re-alignment, tctx->iv = %p\n", (void *)tctx->iv); +#endif /* DEBUG_T4 */ + } + + return (1); +} + + +/* + * ENCRYPT_UPDATE or DECRYPT_UPDATE + */ +#define T4_CIPHER_DO_AES(t4_cipher_do_aes, t4_aes_load_keys_for_encrypt, \ + t4_aes_encrypt, t4_aes_load_keys_for_decrypt, t4_aes_decrypt, iv) \ +static int \ +t4_cipher_do_aes(EVP_CIPHER_CTX *ctx, unsigned char *out, \ + const unsigned char *in, size_t inl) \ +{ \ + t4_cipher_ctx_t *tctx = ctx->cipher_data; \ + uint64_t *t4_ks = tctx->t4_ks; \ + unsigned long outl = inl; \ + unsigned char *bufin_alloc = NULL, *bufout_alloc = NULL; \ + unsigned char *bufin, *bufout; \ + \ + /* "in" and "out" must be 8 byte aligned */ \ + if (((unsigned long)in & 0x7) == 0) { /* already aligned */ \ + bufin = (unsigned char *)in; \ + } else { /* "in" is not 8 byte aligned */ \ + if (((unsigned long)out & 0x7) == 0) { /* aligned */ \ + /* use output buffer for input */ \ + bufin = out; \ + } else { \ + bufin = bufin_alloc = OPENSSL_malloc(inl); \ + if (bufin_alloc == NULL) \ + return (0); /* error */ \ + } \ + (void) memcpy(bufin, in, inl); \ + } \ + \ + if (((unsigned long)out & 0x7) == 0) { /* already aligned */ \ + bufout = out; \ + } else { /* "out" is not 8 byte aligned */ \ + if (bufin_alloc != NULL) { \ + /* use allocated input buffer for output */ \ + bufout = bufin_alloc; \ + } else { \ + bufout = bufout_alloc = OPENSSL_malloc(outl); \ + if (bufout_alloc == NULL) { \ + OPENSSL_free(bufin_alloc); \ + return (0); /* error */ \ + } \ + } \ + } \ + \ + /* Data length must be an even multiple of block size. */ \ + if ((inl & 0xf) != 0) { \ + OPENSSL_free(bufout_alloc); \ + OPENSSL_free(bufin_alloc); \ + T4err(T4_F_CIPHER_DO_AES, T4_R_NOT_BLOCKSIZE_LENGTH); \ + return (0); \ + } \ + \ + if (ctx->encrypt) { \ + t4_aes_load_keys_for_encrypt(t4_ks); \ + t4_aes_encrypt(t4_ks, (uint64_t *)bufin, \ + (uint64_t *)bufout, (size_t)inl, iv); \ + } else { /* decrypt */ \ + t4_aes_load_keys_for_decrypt(t4_ks); \ + t4_aes_decrypt(t4_ks, (uint64_t *)bufin, \ + (uint64_t *)bufout, (size_t)inl, iv); \ + } \ + \ + /* Cleanup */ \ + if (bufin_alloc != NULL) { \ + if (bufout == bufin_alloc) \ + (void) memcpy(out, bufout, outl); \ + OPENSSL_free(bufin_alloc); \ + } \ + if (bufout_alloc != NULL) { \ + (void) memcpy(out, bufout_alloc, outl); \ + OPENSSL_free(bufout_alloc); \ + } \ + \ + return (1); \ +} + + +/* AES CBC mode. */ +T4_CIPHER_DO_AES(t4_cipher_do_aes_128_cbc, + t4_aes128_load_keys_for_encrypt, t4_aes128_cbc_encrypt, + t4_aes128_load_keys_for_decrypt, t4_aes128_cbc_decrypt, tctx->iv) +T4_CIPHER_DO_AES(t4_cipher_do_aes_192_cbc, + t4_aes192_load_keys_for_encrypt, t4_aes192_cbc_encrypt, + t4_aes192_load_keys_for_decrypt, t4_aes192_cbc_decrypt, tctx->iv) +T4_CIPHER_DO_AES(t4_cipher_do_aes_256_cbc, + t4_aes256_load_keys_for_encrypt, t4_aes256_cbc_encrypt, + t4_aes256_load_keys_for_decrypt, t4_aes256_cbc_decrypt, tctx->iv) + +/* + * AES CFB128 mode. + * CFB128 decrypt uses load_keys_for_encrypt() as the mode uses + * the raw AES encrypt operation for the decryption, too. + */ +#ifndef SOLARIS_NO_AES_CFB128 +T4_CIPHER_DO_AES(t4_cipher_do_aes_128_cfb128, + t4_aes128_load_keys_for_encrypt, t4_aes128_cfb128_encrypt, + t4_aes128_load_keys_for_encrypt, t4_aes128_cfb128_decrypt, tctx->iv) +T4_CIPHER_DO_AES(t4_cipher_do_aes_192_cfb128, + t4_aes192_load_keys_for_encrypt, t4_aes192_cfb128_encrypt, + t4_aes192_load_keys_for_encrypt, t4_aes192_cfb128_decrypt, tctx->iv) +T4_CIPHER_DO_AES(t4_cipher_do_aes_256_cfb128, + t4_aes256_load_keys_for_encrypt, t4_aes256_cfb128_encrypt, + t4_aes256_load_keys_for_encrypt, t4_aes256_cfb128_decrypt, tctx->iv) +#endif /* !SOLARIS_NO_AES_CFB128 */ + +/* AES CTR mode. */ +T4_CIPHER_DO_AES(t4_cipher_do_aes_128_ctr, + t4_aes128_load_keys_for_encrypt, t4_aes128_ctr_crypt, + t4_aes128_load_keys_for_decrypt, t4_aes128_ctr_crypt, tctx->iv) +T4_CIPHER_DO_AES(t4_cipher_do_aes_192_ctr, + t4_aes192_load_keys_for_encrypt, t4_aes192_ctr_crypt, + t4_aes192_load_keys_for_decrypt, t4_aes192_ctr_crypt, tctx->iv) +T4_CIPHER_DO_AES(t4_cipher_do_aes_256_ctr, + t4_aes256_load_keys_for_encrypt, t4_aes256_ctr_crypt, + t4_aes256_load_keys_for_decrypt, t4_aes256_ctr_crypt, tctx->iv) + +/* AES ECB mode. */ +T4_CIPHER_DO_AES(t4_cipher_do_aes_128_ecb, + t4_aes128_load_keys_for_encrypt, t4_aes128_ecb_encrypt, + t4_aes128_load_keys_for_decrypt, t4_aes128_ecb_decrypt, NULL) +T4_CIPHER_DO_AES(t4_cipher_do_aes_192_ecb, + t4_aes192_load_keys_for_encrypt, t4_aes192_ecb_encrypt, + t4_aes192_load_keys_for_decrypt, t4_aes192_ecb_decrypt, NULL) +T4_CIPHER_DO_AES(t4_cipher_do_aes_256_ecb, + t4_aes256_load_keys_for_encrypt, t4_aes256_ecb_encrypt, + t4_aes256_load_keys_for_decrypt, t4_aes256_ecb_decrypt, NULL) + + +/* + * Is the t4 engine available? + * Passed to ENGINE_set_init_function(). + */ +/* ARGSUSED */ +static int +t4_init(ENGINE *e) +{ + return (1); +} + + +/* Passed to ENGINE_set_destroy_function(). */ +/* ARGSUSED */ +static int +t4_destroy(ENGINE *e) +{ + ERR_unload_t4_strings(); + return (1); +} + + +/* + * Called by t4_bind_helper(). + * Note: too early to use T4err() functions on errors. + */ +/* ARGSUSED */ +static int +t4_bind(ENGINE *e) +{ + _Bool aes_engage, digest_engage, des_engage, montmul_engage; + + t4_instructions_present(&aes_engage, &des_engage, &digest_engage, + &montmul_engage); +#ifdef DEBUG_T4 + (void) fprintf(stderr, + "t4_bind: engage aes=%d, des=%d, digest=%d\n", + aes_engage, des_engage, digest_engage); +#endif +#ifndef OPENSSL_NO_DES + if (!des_engage) { /* Remove DES ciphers from list */ + t4_cipher_count -= t4_des_cipher_count; + } +#endif + +#ifdef DEBUG_T4 + (void) fprintf(stderr, "t4_cipher_count = %d; t4_cipher_nids[] =\n", + t4_cipher_count); + for (int i = 0; i < t4_cipher_count; ++i) { + (void) fprintf(stderr, " %d", t4_cipher_nids[i]); + } + (void) fprintf(stderr, "\n"); +#endif /* DEBUG_T4 */ + + /* Register T4 engine ID, name, and functions */ + if (!ENGINE_set_id(e, ENGINE_T4_ID) || + !ENGINE_set_name(e, + aes_engage ? ENGINE_T4_NAME: ENGINE_NO_T4_NAME) || + !ENGINE_set_init_function(e, t4_init) || + (aes_engage && !ENGINE_set_ciphers(e, t4_get_all_ciphers)) || + (digest_engage && !ENGINE_set_digests(e, t4_get_all_digests)) || +#ifndef OPENSSL_NO_RSA + (montmul_engage && !ENGINE_set_RSA(e, t4_RSA())) || +#endif /* OPENSSL_NO_RSA */ +#ifndef OPENSSL_NO_DH + (montmul_engage && !ENGINE_set_DH(e, t4_DH())) || +#endif /* OPENSSL_NO_DH */ +#ifndef OPENSSL_NO_DSA + (montmul_engage && !ENGINE_set_DSA(e, t4_DSA())) || +#endif /* OPENSSL_NO_DSA */ + !ENGINE_set_destroy_function(e, t4_destroy)) { + return (0); + } + + return (1); +} + + +/* + * Called by ENGINE_load_t4(). + * Note: too early to use T4err() functions on errors. + */ +static int +t4_bind_helper(ENGINE *e, const char *id) +{ + if (id != NULL && (strcmp(id, ENGINE_T4_ID) != 0)) { + (void) fprintf(stderr, "T4: bad t4 engine ID\n"); + return (0); + } + if (!t4_bind(e)) { + (void) fprintf(stderr, + "T4: failed to bind t4 engine\n"); + return (0); + } + + return (1); +} + + +#ifdef DYNAMIC_ENGINE +IMPLEMENT_DYNAMIC_CHECK_FN() +IMPLEMENT_DYNAMIC_BIND_FN(t4_bind_helper) +#endif /* DYNAMIC_ENGINE */ +#endif /* COMPILE_HW_T4 */ +#endif /* !OPENSSL_NO_HW && !OPENSSL_NO_HW_AES_T4 && !OPENSSL_NO_AES */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/engines/t4/eng_t4_aes_asm.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/engines/t4/eng_t4_aes_asm.h Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,147 @@ +/* + * This product includes cryptographic software developed by the OpenSSL + * Project for use in the OpenSSL Toolkit (http://www.openssl.org/). + */ + +/* + * ==================================================================== + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + */ + +#ifndef ENG_T4_AES_ASM_H +#define ENG_T4_AES_ASM_H + +/* + * SPARC AES assembly language functions. + * + * Based on Solaris file aes_impl.h. + */ + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +#if (defined(sun4v) || defined(__sparcv9) || defined(__sparcv8plus) || \ + defined(__sparcv8)) && ! defined(OPENSSL_NO_ASM) + +extern void t4_aes_expand128(uint64_t *rk, const uint32_t *key); +extern void t4_aes_expand192(uint64_t *rk, const uint32_t *key); +extern void t4_aes_expand256(uint64_t *rk, const uint32_t *key); +extern void t4_aes_encrypt128(const uint64_t *rk, const uint32_t *pt, + uint32_t *ct); +extern void t4_aes_encrypt192(const uint64_t *rk, const uint32_t *pt, + uint32_t *ct); +extern void t4_aes_encrypt256(const uint64_t *rk, const uint32_t *pt, + uint32_t *ct); +extern void t4_aes_decrypt128(const uint64_t *rk, const uint32_t *ct, + uint32_t *pt); +extern void t4_aes_decrypt192(const uint64_t *rk, const uint32_t *ct, + uint32_t *pt); +extern void t4_aes_decrypt256(const uint64_t *rk, const uint32_t *ct, + uint32_t *pt); +extern void t4_aes128_load_keys_for_encrypt(uint64_t *ks); +extern void t4_aes192_load_keys_for_encrypt(uint64_t *ks); +extern void t4_aes256_load_keys_for_encrypt(uint64_t *ks); +extern void t4_aes128_ecb_encrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_encrypt, uint64_t *dummy); +extern void t4_aes192_ecb_encrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_encrypt, uint64_t *dummy); +extern void t4_aes256_ecb_encrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_encrypt, uint64_t *dummy); +extern void t4_aes128_cbc_encrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_encrypt, uint64_t *iv); +extern void t4_aes192_cbc_encrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_encrypt, uint64_t *iv); +extern void t4_aes256_cbc_encrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_encrypt, uint64_t *iv); +extern void t4_aes128_ctr_crypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_encrypt, uint64_t *iv); +extern void t4_aes192_ctr_crypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_encrypt, uint64_t *iv); +extern void t4_aes256_ctr_crypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_encrypt, uint64_t *iv); +extern void t4_aes128_cfb128_encrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_encrypt, uint64_t *iv); +extern void t4_aes192_cfb128_encrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_encrypt, uint64_t *iv); +extern void t4_aes256_cfb128_encrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_encrypt, uint64_t *iv); +extern void t4_aes128_load_keys_for_decrypt(uint64_t *ks); +extern void t4_aes192_load_keys_for_decrypt(uint64_t *ks); +extern void t4_aes256_load_keys_for_decrypt(uint64_t *ks); +extern void t4_aes128_ecb_decrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_decrypt, uint64_t *dummy); +extern void t4_aes192_ecb_decrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_decrypt, uint64_t *dummy); +extern void t4_aes256_ecb_decrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_decrypt, uint64_t *dummy); +extern void t4_aes128_cbc_decrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_decrypt, uint64_t *iv); +extern void t4_aes192_cbc_decrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_decrypt, uint64_t *iv); +extern void t4_aes256_cbc_decrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_decrypt, uint64_t *iv); +extern void t4_aes128_cfb128_decrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_decrypt, uint64_t *iv); +extern void t4_aes192_cfb128_decrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_decrypt, uint64_t *iv); +extern void t4_aes256_cfb128_decrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_decrypt, uint64_t *iv); + +#endif /* (sun4v||__sparv9||__sparcv8plus||__sparvc8) && !OPENSSL_NO_ASM */ + +#ifdef __cplusplus +} +#endif +#endif /* ENG_T4_AES_ASM_H */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/engines/t4/eng_t4_bignum.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/engines/t4/eng_t4_bignum.h Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,287 @@ +/* + * This product includes cryptographic software developed by the OpenSSL + * Project for use in the OpenSSL Toolkit (http://www.openssl.org/). + */ + +/* + * ==================================================================== + * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +/* + * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. + */ + +/* + * This file is a copy of the ON gate's usr/src/common/bignum/bignum.h file + */ + +#ifndef _BIGNUM_H +#define _BIGNUM_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +#if defined(__sparcv9) || defined(__amd64) || defined(__sparc) + /* 64-bit chunk size */ +#ifndef UMUL64 +#define UMUL64 /* 64-bit multiplication results are supported */ +#endif +#else +#define BIGNUM_CHUNK_32 +#endif + + +#define BITSINBYTE 8 + +/* Bignum "digits" (aka "chunks" or "words") are either 32- or 64-bits */ +#ifdef BIGNUM_CHUNK_32 +#define BIG_CHUNK_SIZE 32 +#define BIG_CHUNK_TYPE uint32_t +#define BIG_CHUNK_TYPE_SIGNED int32_t +#define BIG_CHUNK_HIGHBIT 0x80000000 +#define BIG_CHUNK_ALLBITS 0xffffffff +#define BIG_CHUNK_LOWHALFBITS 0xffff +#define BIG_CHUNK_HALF_HIGHBIT 0x8000 + +#else +#define BIG_CHUNK_SIZE 64 +#define BIG_CHUNK_TYPE uint64_t +#define BIG_CHUNK_TYPE_SIGNED int64_t +#define BIG_CHUNK_HIGHBIT 0x8000000000000000ULL +#define BIG_CHUNK_ALLBITS 0xffffffffffffffffULL +#define BIG_CHUNK_LOWHALFBITS 0xffffffffULL +#define BIG_CHUNK_HALF_HIGHBIT 0x80000000ULL +#endif + +#define BITLEN2BIGNUMLEN(x) ((x) > 0 ? \ + ((((x) - 1) / BIG_CHUNK_SIZE) + 1) : 0) +#define CHARLEN2BIGNUMLEN(x) ((x) > 0 ? \ + ((((x) - 1) / sizeof (BIG_CHUNK_TYPE)) + 1) : 0) + +#define BIGNUM_WORDSIZE (BIG_CHUNK_SIZE / BITSINBYTE) /* word size in bytes */ +#define BIG_CHUNKS_FOR_160BITS BITLEN2BIGNUMLEN(160) + + +/* + * leading 0's are permitted + * 0 should be represented by size>=1, size>=len>=1, sign=1, + * value[i]=0 for 0 + +#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_DES_T4) && \ + !defined(OPENSSL_NO_DES) +#include +#include +#include +#include +#include +#include "eng_t4_des_asm.h" + +#include "eng_t4_err.c" + +/* Index for the supported DES ciphers */ +typedef enum { + T4_DES_CBC, + T4_DES3_CBC, + T4_DES_ECB, + T4_DES3_ECB, + T4_DES_MAX +} t4_des_cipher_id; + +/* From Solaris file usr/src/common/crypto/des/des_impl.c */ +typedef struct { + uint64_t ksch_encrypt[16]; + uint64_t ksch_decrypt[16]; +} t4_keysched_t; + +typedef struct { + uint64_t ksch_encrypt[16 * 3]; + uint64_t ksch_decrypt[16 * 3]; +} t4_keysched3_t; + +/* T4 cipher context; must be 8-byte aligned (last field must be uint64_t) */ +typedef struct t4_des_cipher_ctx { + t4_des_cipher_id index; + uint64_t *iv; + uint64_t aligned_iv_buffer; /* use if IV unaligned */ + union { + t4_keysched_t des; + t4_keysched3_t des3; + } ks; +} t4_des_cipher_ctx_t; + +typedef struct t4_cipher { + t4_des_cipher_id id; + int nid; + int iv_len; + int min_key_len; + int max_key_len; +} t4_des_cipher_t; + + +#if (defined(sun4v) || defined(__sparcv9) || defined(__sparcv8plus) || \ + defined(__sparcv8)) && !defined(OPENSSL_NO_ASM) +#define COMPILE_HW_T4 +#endif + +#ifdef COMPILE_HW_T4 +static t4_des_cipher_id get_des_cipher_index_by_nid(int nid); +#pragma inline(get_des_cipher_index_by_nid) + + +/* + * Cipher Table for all supported symmetric ciphers. + * Must be in same order as t4_des_cipher_id. + */ +static t4_des_cipher_t t4_des_cipher_table[] = { + /* ID NID IV min-key max-key */ + {T4_DES_CBC, NID_des_cbc, 8, 8, 8}, + {T4_DES3_CBC, NID_des_ede3_cbc, 8, 24, 24}, + {T4_DES_ECB, NID_des_ecb, 0, 8, 8}, + {T4_DES3_ECB, NID_des_ede3_ecb, 0, 24, 24}, +}; + + +/* Formal declaration for functions in EVP_CIPHER structure */ +static int t4_cipher_init_des(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); + +static int t4_cipher_do_des_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); +static int t4_cipher_do_des3_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); +static int t4_cipher_do_des_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); +static int t4_cipher_do_des3_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); + + +/* + * Cipher Algorithms + * + * OpenSSL's libcrypto EVP stuff. This is how this engine gets wired to EVP. + * EVP_CIPHER is defined in evp.h. To maintain binary compatibility the + * definition cannot be modified. + * Stuff specific to the t4 engine is kept in t4_des_cipher_ctx_t, which is + * pointed to by cipher_data or md_data + * + * Fields: nid, block_size, key_len, iv_len, flags, + * init(), do_cipher(), cleanup(), + * ctx_size, + * set_asn1_parameters(), get_asn1_parameters(), ctrl(), app_data + */ + +const EVP_CIPHER t4_des_cbc = { + NID_des_cbc, + 8, 8, 8, + EVP_CIPH_CBC_MODE, + t4_cipher_init_des, t4_cipher_do_des_cbc, NULL, + sizeof (t4_des_cipher_ctx_t), + EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, + NULL, NULL +}; +const EVP_CIPHER t4_des3_cbc = { + NID_des_ede3_cbc, + 8, 24, 8, + EVP_CIPH_CBC_MODE, + t4_cipher_init_des, t4_cipher_do_des3_cbc, NULL, + sizeof (t4_des_cipher_ctx_t), + EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, + NULL, NULL +}; + +/* + * ECB modes don't use an Initial Vector, so that's why set_asn1_parameters, + * get_asn1_parameters, and cleanup fields are set to NULL. + */ +const EVP_CIPHER t4_des_ecb = { + NID_des_ecb, + 8, 8, 8, + EVP_CIPH_ECB_MODE, + t4_cipher_init_des, t4_cipher_do_des_ecb, NULL, + sizeof (t4_des_cipher_ctx_t), + NULL, NULL, NULL, NULL +}; +const EVP_CIPHER t4_des3_ecb = { + NID_des_ede3_ecb, + 8, 24, 8, + EVP_CIPH_ECB_MODE, + t4_cipher_init_des, t4_cipher_do_des3_ecb, NULL, + sizeof (t4_des_cipher_ctx_t), + NULL, NULL, NULL, NULL +}; + + +/* + * DES Cipher functions + */ + +/* Called by t4_cipher_init_des() */ +static t4_des_cipher_id +get_des_cipher_index_by_nid(int nid) +{ + t4_des_cipher_id i; + + for (i = (t4_des_cipher_id)0; i < T4_DES_MAX; ++i) + if (t4_des_cipher_table[i].nid == nid) + return (i); + return (T4_DES_MAX); +} + + +/* + * Initialize encryption and decryption key schedules for DES or DES3. + * Called by t4_cipher_init_des(). + * + * Modified from Solaris DES function des_init_keysched(). + */ +static int +t4_des_init_keysched(const unsigned char *cipherKey, + unsigned int keysize, void *ks) +{ + uint64_t *encryption_ks, *decryption_ks; + uint64_t keysched[16 * 3]; /* 128 or 384 bytes for DES or DES3 */ + uint64_t key_uint64[3]; /* 8 or 24 bytes for DES or DES3 */ + uint64_t *aligned_key; + uint64_t tmp; + uint_t i, j; + + switch (keysize) { + case 8: /* DES */ + encryption_ks = ((t4_keysched_t *)ks)->ksch_encrypt; + decryption_ks = ((t4_keysched_t *)ks)->ksch_decrypt; + break; + case 24: /* DES3 */ + encryption_ks = ((t4_keysched3_t *)ks)->ksch_encrypt; + decryption_ks = ((t4_keysched3_t *)ks)->ksch_decrypt; + break; + default: + T4err(T4_F_CIPHER_INIT_DES, T4_R_CIPHER_KEY); + return (0); + } + + /* Align key, if needed */ + if (((unsigned long)cipherKey & 0x7) == 0) { /* aligned */ + /* LINTED: pointer alignment */ + aligned_key = (uint64_t *)cipherKey; + } else { /* unaligned--copy byte-by-byte */ + for (i = 0, j = 0; j < keysize; ++i, j += 8) { + key_uint64[i] = (((uint64_t)cipherKey[j] << 56) | + ((uint64_t)cipherKey[j + 1] << 48) | + ((uint64_t)cipherKey[j + 2] << 40) | + ((uint64_t)cipherKey[j + 3] << 32) | + ((uint64_t)cipherKey[j + 4] << 24) | + ((uint64_t)cipherKey[j + 5] << 16) | + ((uint64_t)cipherKey[j + 6] << 8) | + (uint64_t)cipherKey[j + 7]); + } + aligned_key = key_uint64; + } + + /* Expand key schedule */ + switch (keysize) { + case 8: /* DES */ + t4_des_expand(keysched, (const uint32_t *)aligned_key); + break; + + case 24: /* DES3 */ + t4_des_expand(keysched, (const uint32_t *)aligned_key); + t4_des_expand(keysched + 16, + (const uint32_t *)&aligned_key[1]); + for (i = 0; i < 8; ++i) { + tmp = keysched[16 + i]; + keysched[16 + i] = keysched[31 - i]; + keysched[31 - i] = tmp; + } + t4_des_expand(keysched + 32, + (const uint32_t *)&aligned_key[2]); + break; + + default: + T4err(T4_F_CIPHER_INIT_DES, T4_R_CIPHER_KEY); + return (0); + } + + /* Save encryption key schedule */ + memcpy(encryption_ks, keysched, keysize * 16); + + /* Reverse key schedule */ + for (i = 0; i < keysize; ++i) { + tmp = keysched[i]; + keysched[i] = keysched[2 * keysize - 1 - i]; + keysched[2 * keysize -1 -i] = tmp; + } + + /* Save decryption key schedule */ + memcpy(decryption_ks, keysched, keysize * 16); + + return (1); +} + + +/* ARGSUSED2 */ +static int +t4_cipher_init_des(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + t4_des_cipher_ctx_t *tctx = ctx->cipher_data; + uint64_t *encryption_ks, *decryption_ks; + t4_des_cipher_t *t4_cipher; + t4_des_cipher_id index; + unsigned int key_len = ctx->key_len; + uint64_t aligned_key_buffer[3]; /* 8 or 24 bytes long */ + uint64_t *aligned_key; + + if (key == NULL) { + T4err(T4_F_CIPHER_INIT_DES, T4_R_CIPHER_KEY); + return (0); + } + + /* Get the cipher entry index in t4_des_cipher_table from nid */ + index = get_des_cipher_index_by_nid(ctx->cipher->nid); + if (index >= T4_DES_MAX) { + T4err(T4_F_CIPHER_INIT_DES, T4_R_CIPHER_NID); + return (0); /* Error */ + } + t4_cipher = &t4_des_cipher_table[index]; + + /* Check key size and iv size */ + if (ctx->cipher->iv_len < t4_cipher->iv_len) { + T4err(T4_F_CIPHER_INIT_DES, T4_R_IV_LEN_INCORRECT); + return (0); /* Error */ + } + if ((key_len < t4_cipher->min_key_len) || + (key_len > t4_cipher->max_key_len)) { + T4err(T4_F_CIPHER_INIT_DES, T4_R_KEY_LEN_INCORRECT); + return (0); /* Error */ + } + + /* Expand key schedule */ + if (t4_des_init_keysched(key, key_len, &tctx->ks) == 0) + return (0); /* Error */ + + /* Save index to cipher */ + tctx->index = index; + + /* Align IV, if needed */ + if (t4_cipher->iv_len <= 0) { /* no IV (such as with ECB mode) */ + tctx->iv = NULL; + } else if (((unsigned long)ctx->iv & 0x7) == 0) { /* already aligned */ + tctx->iv = (uint64_t *)ctx->iv; + } else { + /* IV is not 8 byte aligned */ + (void) memcpy(&tctx->aligned_iv_buffer, ctx->iv, + ctx->cipher->iv_len); + tctx->iv = &tctx->aligned_iv_buffer; +#ifdef DEBUG_T4 + (void) fprintf(stderr, + "t4_cipher_init_des: IV is not 8 byte aligned\n"); + (void) fprintf(stderr, + "t4_cipher_init_des: ctx->cipher->iv_len =%d\n", + ctx->cipher->iv_len); + (void) fprintf(stderr, "t4_cipher_init_des: after " + "re-alignment, tctx->iv = %p\n", (void *)tctx->iv); +#endif /* DEBUG_T4 */ + } + + return (1); +} + + +/* + * ENCRYPT_UPDATE or DECRYPT_UPDATE + */ +#define T4_CIPHER_DO_DES(t4_cipher_do_des, t4_des_load_keys, \ + t4_des_encrypt, t4_des_decrypt, ksched_encrypt, ksched_decrypt, iv) \ +static int \ +t4_cipher_do_des(EVP_CIPHER_CTX *ctx, unsigned char *out, \ + const unsigned char *in, size_t inl) \ +{ \ + t4_des_cipher_ctx_t *tctx = ctx->cipher_data; \ + unsigned long outl = inl; \ + unsigned char *bufin_alloc = NULL, *bufout_alloc = NULL; \ + unsigned char *bufin, *bufout; \ + \ + /* "in" and "out" must be 8 byte aligned */ \ + if (((unsigned long)in & 0x7) == 0) { /* already aligned */ \ + bufin = (unsigned char *)in; \ + } else { /* "in" is not 8 byte aligned */ \ + if (((unsigned long)out & 0x7) == 0) { /* aligned */ \ + /* use output buffer for input */ \ + bufin = out; \ + } else { \ + bufin = bufin_alloc = OPENSSL_malloc(inl); \ + if (bufin_alloc == NULL) \ + return (0); /* error */ \ + } \ + (void) memcpy(bufin, in, inl); \ + } \ + \ + /* Data length must be an even multiple of block size. */ \ + if ((inl & 0x7) != 0) { \ + OPENSSL_free(bufout_alloc); \ + OPENSSL_free(bufin_alloc); \ + T4err(T4_F_CIPHER_DO_DES, T4_R_NOT_BLOCKSIZE_LENGTH); \ + return (0); \ + } \ + \ + if (((unsigned long)out & 0x7) == 0) { /* already aligned */ \ + bufout = out; \ + } else { /* "out" is not 8 byte aligned */ \ + if (bufin_alloc != NULL) { \ + /* use allocated input buffer for output */ \ + bufout = bufin_alloc; \ + } else { \ + bufout = bufout_alloc = OPENSSL_malloc(outl); \ + if (bufout_alloc == NULL) { \ + OPENSSL_free(bufin_alloc); \ + return (0); /* error */ \ + } \ + } \ + } \ + \ + if (ctx->encrypt) { \ + uint64_t *ksch_encrypt = ksched_encrypt; \ + t4_des_load_keys(ksch_encrypt); \ + t4_des_encrypt(ksch_encrypt, (uint64_t *)bufin, \ + (uint64_t *)bufout, (size_t)inl, iv); \ + } else { /* decrypt */ \ + uint64_t *ksch_decrypt = ksched_decrypt; \ + t4_des_load_keys(ksch_decrypt); \ + t4_des_decrypt(ksch_decrypt, (uint64_t *)bufin, \ + (uint64_t *)bufout, (size_t)inl, iv); \ + } \ + \ + /* Cleanup */ \ + if (bufin_alloc != NULL) { \ + if (bufout == bufin_alloc) \ + (void) memcpy(out, bufout, outl); \ + OPENSSL_free(bufin_alloc); \ + } \ + if (bufout_alloc != NULL) { \ + (void) memcpy(out, bufout_alloc, outl); \ + OPENSSL_free(bufout_alloc); \ + } \ + \ + return (1); \ +} + + +/* DES CBC mode. */ +T4_CIPHER_DO_DES(t4_cipher_do_des_cbc, t4_des_load_keys, + t4_des_cbc_encrypt, t4_des_cbc_decrypt, + tctx->ks.des.ksch_encrypt, tctx->ks.des.ksch_decrypt, tctx->iv) +T4_CIPHER_DO_DES(t4_cipher_do_des3_cbc, t4_des3_load_keys, + t4_des3_cbc_encrypt, t4_des3_cbc_decrypt, + tctx->ks.des3.ksch_encrypt, tctx->ks.des3.ksch_decrypt, tctx->iv) + +/* DES ECB mode. */ +T4_CIPHER_DO_DES(t4_cipher_do_des_ecb, t4_des_load_keys, + t4_des_ecb_crypt, t4_des_ecb_crypt, + tctx->ks.des.ksch_encrypt, tctx->ks.des.ksch_decrypt, NULL) +T4_CIPHER_DO_DES(t4_cipher_do_des3_ecb, t4_des3_load_keys, + t4_des3_ecb_crypt, t4_des3_ecb_crypt, + tctx->ks.des3.ksch_encrypt, tctx->ks.des3.ksch_decrypt, NULL) + + +#endif /* COMPILE_HW_T4 */ +#endif /* !OPENSSL_NO_HW && !OPENSSL_NO_HW_DES_T4 && !OPENSSL_NO_DES */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/engines/t4/eng_t4_des_asm.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/engines/t4/eng_t4_des_asm.h Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,98 @@ +/* + * This product includes cryptographic software developed by the OpenSSL + * Project for use in the OpenSSL Toolkit (http://www.openssl.org/). + */ + +/* + * ==================================================================== + * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + */ + +#ifndef ENG_T4_DES_ASM_H +#define ENG_T4_DES_ASM_H + +/* SPARC DES assembly language functions. */ + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +#if (defined(sun4v) || defined(__sparcv9) || defined(__sparcv8plus) || \ + defined(__sparcv8)) && ! defined(OPENSSL_NO_ASM) + +extern void t4_des_expand(uint64_t *rk, const uint32_t *key); +extern void t4_des_encrypt(const uint64_t *rk, const uint64_t *pt, + uint64_t *ct); +extern void t4_des_load_keys(uint64_t *ks); +void t4_des_ecb_crypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_crypt, uint64_t *iv); +extern void t4_des_cbc_encrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_crypt, uint64_t *iv); +extern void t4_des_cbc_decrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_crypt, uint64_t *iv); +extern void t4_des3_load_keys(uint64_t *ks); +extern void t4_des3_ecb_crypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_crypt, uint64_t *iv); +extern void t4_des3_cbc_encrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_crypt, uint64_t *iv); +extern void t4_des3_cbc_decrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_crypt, uint64_t *iv); + + +#endif /* (sun4v||__sparv9||__sparcv8plus||__sparvc8) && !OPENSSL_NO_ASM */ + +#ifdef __cplusplus +} +#endif +#endif /* ENG_T4_DES_ASM_H */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/engines/t4/eng_t4_err.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/engines/t4/eng_t4_err.c Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,157 @@ +/* + * This product includes cryptographic software developed by the OpenSSL + * Project for use in the OpenSSL Toolkit (http://www.openssl.org/). + */ + +/* + * ==================================================================== + * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + */ + +#include +#include "eng_t4_err.h" + +/* BEGIN ERROR CODES */ + +#ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(0, func, 0) +#define ERR_REASON(reason) ERR_PACK(0, 0, reason) + +static ERR_STRING_DATA t4_str_functs[] = { + {ERR_FUNC(T4_F_INIT), "T4_INIT"}, + {ERR_FUNC(T4_F_DESTROY), "T4_DESTROY"}, + {ERR_FUNC(T4_F_FINISH), "T4_FINISH"}, + {ERR_FUNC(T4_F_CIPHER_INIT_AES), "T4_CIPHER_INIT_AES"}, + {ERR_FUNC(T4_F_ADD_NID), "T4_ADD_NID"}, + {ERR_FUNC(T4_F_GET_ALL_CIPHERS), "T4_GET_ALL_CIPHERS"}, + {ERR_FUNC(T4_F_CIPHER_DO_AES), "T4_CIPHER_DO_AES"}, + {ERR_FUNC(T4_F_CIPHER_CLEANUP), "T4_CIPHER_CLEANUP"}, + {ERR_FUNC(T4_F_CIPHER_INIT_DES), "T4_CIPHER_INIT_DES"}, + {ERR_FUNC(T4_F_CIPHER_DO_DES), "T4_CIPHER_DO_DES"}, + {0, NULL} +}; + +static ERR_STRING_DATA t4_str_reasons[] = { + {ERR_REASON(T4_R_CIPHER_KEY), "invalid cipher key"}, + {ERR_REASON(T4_R_CIPHER_NID), "invalid cipher NID"}, + {ERR_REASON(T4_R_IV_LEN_INCORRECT), "IV length incorrect"}, + {ERR_REASON(T4_R_KEY_LEN_INCORRECT), "key length incorrect"}, + {ERR_REASON(T4_R_ASN1_OBJECT_CREATE), "ASN1_OBJECT_create failed"}, + {ERR_REASON(T4_R_NOT_BLOCKSIZE_LENGTH), "blocksize length not even"}, + {0, NULL} +}; +#endif /* OPENSSL_NO_ERR */ + + +#ifdef T4_LIB_NAME +static ERR_STRING_DATA T4_lib_name[] = { + {0, T4_LIB_NAME}, + {0, NULL} +}; +#endif + +static int t4_error_code = 0; +static int t4_error_init = 1; + + +static void +ERR_load_t4_strings(void) +{ + if (t4_error_code == 0) + t4_error_code = ERR_get_next_error_library(); + + if (t4_error_init != 0) { + t4_error_init = 0; + +#ifndef OPENSSL_NO_ERR + ERR_load_strings(t4_error_code, t4_str_functs); + ERR_load_strings(t4_error_code, t4_str_reasons); +#endif + +#ifdef T4_LIB_NAME + T4_lib_name->error = + ERR_PACK(t4_error_code, 0, 0); + ERR_load_strings(0, T4_lib_name); +#endif + } +} + + +static void +ERR_unload_t4_strings(void) +{ + if (t4_error_init == 0) { +#ifndef OPENSSL_NO_ERR + ERR_unload_strings(t4_error_code, t4_str_functs); + ERR_unload_strings(t4_error_code, t4_str_reasons); +#endif + +#ifdef T4_LIB_NAME + ERR_unload_strings(0, T4_lib_name); +#endif + t4_error_init = 1; + } +} + + +static void +ERR_t4_error(int function, int reason, char *file, int line) +{ + if (t4_error_init != 0) { + ERR_load_t4_strings(); + } + + if (t4_error_code == 0) + t4_error_code = ERR_get_next_error_library(); + ERR_PUT_error(t4_error_code, function, reason, file, line); +} diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/engines/t4/eng_t4_err.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/engines/t4/eng_t4_err.h Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,97 @@ +/* + * This product includes cryptographic software developed by the OpenSSL + * Project for use in the OpenSSL Toolkit (http://www.openssl.org/). + */ + +/* + * ==================================================================== + * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + */ + +#ifndef ENG_T4_ERR_H +#define ENG_T4_ERR_H + +#ifdef __cplusplus +extern "C" { +#endif + +static void ERR_unload_t4_strings(void); +#pragma inline(ERR_unload_t4_strings) +static void ERR_t4_error(int function, int reason, char *file, int line); + +#define T4err(f, r) ERR_t4_error((f), (r), __FILE__, __LINE__) + +/* Function codes */ +#define T4_F_INIT 100 +#define T4_F_DESTROY 101 +#define T4_F_FINISH 102 +#define T4_F_CIPHER_INIT_AES 103 +#define T4_F_ADD_NID 104 +#define T4_F_GET_ALL_CIPHERS 105 +#define T4_F_CIPHER_DO_AES 106 +#define T4_F_CIPHER_CLEANUP 107 +#define T4_F_CIPHER_INIT_DES 108 +#define T4_F_CIPHER_DO_DES 109 + +/* Reason codes */ +#define T4_R_CIPHER_KEY 100 +#define T4_R_CIPHER_NID 101 +#define T4_R_IV_LEN_INCORRECT 102 +#define T4_R_KEY_LEN_INCORRECT 103 +#define T4_R_ASN1_OBJECT_CREATE 104 +#define T4_R_NOT_BLOCKSIZE_LENGTH 105 + +#ifdef __cplusplus +} +#endif + +#endif /* ENG_T4_ERR_H */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/engines/t4/eng_t4_md5.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/engines/t4/eng_t4_md5.c Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,200 @@ +/* + * This product includes cryptographic software developed by the OpenSSL + * Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This + * product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). + */ + +/* + * ==================================================================== + * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +/* + * Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved. + */ + +/* + * This engine supports SPARC microprocessors that provide AES and other + * cipher and hash instructions, such as the T4 microprocessor. + * + * This file implements the MD5 message digest operations. + */ + +#include + +#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_MD_T4) +#ifndef OPENSSL_NO_MD5 + +#include +#include +#include +#include + +#include +#include +/* + * Solaris sys/md5.h and OpenSSL openssl/md5.h both define MD5_CTX. + * The OpenSSL MD5_CTX has an extra "num" field at the end. + */ +#include + +#if (defined(sun4v) || defined(__sparcv9) || defined(__sparcv8plus) || \ + defined(__sparcv8)) && !defined(OPENSSL_NO_ASM) +#define COMPILE_HW_T4 +#endif + +#ifdef COMPILE_HW_T4 + +/* Assembly language function; replaces C function md5_block_data_order(): */ +extern void t4_md5_multiblock(MD5_CTX *ctx, const uint8_t *input, + unsigned int input_length_in_blocks); + +/* Formal declaration for functions in EVP_MD structure */ +int t4_digest_init_md5(EVP_MD_CTX *ctx); +int t4_digest_update_md5(EVP_MD_CTX *ctx, const void *data, size_t count); +int t4_digest_final_md5(EVP_MD_CTX *ctx, unsigned char *md); +int t4_digest_copy_md5(EVP_MD_CTX *to, const EVP_MD_CTX *from); + + +/* + * MD5 Message Digests + * + * OpenSSL's libcrypto EVP stuff. This is how this engine gets wired to EVP. + * EVP_MD is defined in evp.h. To maintain binary compatibility the + * definition cannot be modified. + * Stuff specific to the t4 engine is kept in t4_cipher_ctx_t, which is + * pointed to by the last field, app_data. + * + * Fields: type, pkey_type, md_size, flags, + * init(), update(), final(), + * copy(), cleanup(), sign(), verify(), + * required_pkey_type, block_size, ctx_size, md5_ctrl() + */ +const EVP_MD t4_md5 = { + NID_md5, NID_md5WithRSAEncryption, MD5_DIGEST_LENGTH, + 0, + t4_digest_init_md5, t4_digest_update_md5, t4_digest_final_md5, + t4_digest_copy_md5, NULL, + EVP_PKEY_RSA_method, MD5_CBLOCK, + sizeof (MD5_CTX), NULL + }; + +/* These functions are implemented in md32_common.h: */ +static int t4_md5_update(MD5_CTX *c, const void *data_, size_t len); +static void t4_md5_transform(MD5_CTX *c, const unsigned char *data); +static int t4_md5_final(unsigned char *md, MD5_CTX *c); +#pragma inline(t4_md5_update, t4_md5_transform, t4_md5_final) + +#define DATA_ORDER_IS_LITTLE_ENDIAN +/* HASH_LONG/MD5_LONG is a 32-bit unsigned: */ +#define HASH_LONG MD5_LONG +#define HASH_CTX MD5_CTX +#define HASH_CBLOCK MD5_CBLOCK +#define HASH_UPDATE t4_md5_update +#define HASH_TRANSFORM t4_md5_transform +#define HASH_FINAL t4_md5_final +#define HASH_BLOCK_DATA_ORDER t4_md5_multiblock +/* Hash is already byte-swapped as Little Endian for SPARC T4: */ +#define HASH_MAKE_STRING(c, s) memcpy((s), (c), MD5_DIGEST_LENGTH); + +/* This defines HASH_UPDATE, HASH_TRANSFORM, HASH_FINAL functions: */ +#include "md32_common.h" + + +/* + * MD5 functions (RFC 1321 The MD5 Message-Digest Algorithm) + */ + +int +t4_digest_init_md5(EVP_MD_CTX *ctx) +{ + MD5_CTX *c = (MD5_CTX *)ctx->md_data; + + /* Optimization: don't call memset(c, 0,...) or initialize c->data[] */ + c->Nl = c->Nh = c->num = 0; + + /* Big Endian for T4 */ + c->A = 0x01234567U; + c->B = 0x89abcdefU; + c->C = 0xfedcba98U; + c->D = 0x76543210U; + + return (1); +} + +/* + * Continue MD5 digest operation, using the message block to update context. + * MD5 crunches in 64-byte blocks. + */ +int +t4_digest_update_md5(EVP_MD_CTX *ctx, const void *data, size_t len) +{ + return (t4_md5_update((MD5_CTX *)ctx->md_data, data, len)); +} + +/* End MD5 digest operation, finalizing message digest and zeroing context. */ +int +t4_digest_final_md5(EVP_MD_CTX *ctx, unsigned char *md) +{ + return (t4_md5_final(md, (MD5_CTX *)ctx->md_data)); +} + +/* Required for Engine API */ +int +t4_digest_copy_md5(EVP_MD_CTX *to, const EVP_MD_CTX *from) +{ + if ((to->md_data != NULL) && (from->md_data != NULL)) { + (void) memcpy(to->md_data, from->md_data, sizeof (MD5_CTX)); + } + return (1); +} + +#endif /* COMPILE_HW_T4 */ +#endif /* !OPENSSL_NO_MD5 */ +#endif /* !OPENSSL_NO_HW && !OPENSSL_NO_HW_MD_T4 */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/engines/t4/eng_t4_montmul.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/engines/t4/eng_t4_montmul.c Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,459 @@ +/* + * This product includes cryptographic software developed by the OpenSSL + * Project for use in the OpenSSL Toolkit (http://www.openssl.org/). + */ + +/* + * ==================================================================== + * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + */ + +/* + * This engine supports SPARC microprocessors that provide AES and other + * cipher and hash instructions, such as the T4 microprocessor. + * + * This file implements the RSA, DSA, and DH operations. + */ + +#include + +#define BIGNUM SOLARIS_BIGNUM +#include "eng_t4_bignum.h" +#undef BIGNUM + + +#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_MONTMUL_T4) +#include +#include /* getisax() */ +#include /* IS_P2ALIGNED() */ +#include /* htonl() and friends */ +#include +#include +#include +#include + +#ifndef OPENSSL_NO_RSA +#include +#endif /* !OPENSSL_NO_RSA */ + +#ifndef OPENSSL_NO_DSA +#include +#endif /* !OPENSSL_NO_DSA */ + +#ifndef OPENSSL_NO_DH +#include +#endif /* !OPENSSL_NO_DH */ + +#include +#include +#include + +#if (defined(sun4v) || defined(__sparcv9) || defined(__sparcv8plus) || \ + defined(__sparcv8)) && !defined(OPENSSL_NO_ASM) +#define COMPILE_HW_T4 +#endif + +#ifdef COMPILE_HW_T4 + +#if !(defined(OPENSSL_NO_RSA) && defined(OPENSSL_NO_DSA) && \ + defined(OPENSSL_NO_DH)) + + +/* + * Convert OpenSSL's BIGNUM to Solaris's BIGNUM.... + * It assumes that the Solaris BIGNUM has enough space + */ +static void +bn2solbn(const BIGNUM *src, SOLARIS_BIGNUM *dst) +{ + int i, j; + + if (BN_BITS2 < BIG_CHUNK_SIZE) { + for (i = 0, j = 0; i < src->top; i++) { + if ((i & 1) == 0) { + dst->value[j] = src->d[i]; + } else { + dst->value[j] += ((uint64_t)(src->d[i])) << 32; + j++; + } + } + dst->len = (src->top + 1) / 2; + dst->sign = (src->neg == 1) ? -1 : 1; + } else if (BN_BITS2 == BIG_CHUNK_SIZE) { + (void) memcpy(dst->value, src->d, src->top); + dst->len = src->top; + dst->sign = (src->neg == 1) ? -1 : 1; + } else { /* BN_BITS2 > BIG_CHUNK_SIZE */ + for (i = 0, j = 0; i < src->top; i++) { + dst->value[j++] = src->d[i] & 0xffffffffULL; + dst->value[j++] = ((uint64_t)(src->d[i])) >> 32; + } + dst->len = src->top * 2; + if (dst->value[dst->len - 1] == 0) { + dst->len--; + } + dst->sign = (src->neg == 1) ? -1 : 1; + } +} + +/* + * It assumes that OpenSSL's BIGNUM has enough space. + */ +static void +solbn2bn(const SOLARIS_BIGNUM *src, BIGNUM *dst) +{ + int i, j; + + if (BN_BITS2 < BIG_CHUNK_SIZE) { + for (i = 0, j = 0; i < src->len; i++) { + dst->d[j++] = src->value[i] & 0xffffffffULL; + dst->d[j++] = ((uint64_t)(src->value[i])) >> 32; + } + dst->top = src->len * 2; + if (dst->d[dst->top - 1] == 0) { + dst->top--; + } + dst->neg = (src->sign == -1) ? 1 : 0; + } else if (BN_BITS2 == BIG_CHUNK_SIZE) { + (void) memcpy(src->value, dst->d, src->len); + dst->top = src->len; + dst->neg = (src->sign == -1) ? 1 : 0; + } else { /* BN_BITS2 > BIG_CHUNK_SIZE */ + for (i = 0, j = 0; i < src->len; i++) { + if ((i & 1) == 0) { + dst->d[j] = src->value[i]; + } else { + dst->d[j] += ((uint64_t)(src->value[i])) << 32; + j++; + } + } + dst->top = (src->len + 1) / 2; + dst->neg = (src->sign == -1) ? 1 : 0; + } +} + + + +static int +t4_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, + BN_CTX *ctx, BN_MONT_CTX *m_ctx) +{ + int rv = 0; + SOLARIS_BIGNUM sol_r = {0}; + SOLARIS_BIGNUM sol_a = {0}; + SOLARIS_BIGNUM sol_p = {0}; + SOLARIS_BIGNUM sol_m = {0}; + + if (big_init(&sol_r, (m->top + 3) * BN_BITS2 / BIG_CHUNK_SIZE) != + BIG_OK) { + goto cleanup; + } + if (big_init(&sol_a, (a->top + 1) * BN_BITS2 / BIG_CHUNK_SIZE) != + BIG_OK) { + goto cleanup; + } + if (big_init(&sol_p, (p->top + 1) * BN_BITS2 / BIG_CHUNK_SIZE) != + BIG_OK) { + goto cleanup; + } + if (big_init(&sol_m, (m->top + 1) * BN_BITS2 / BIG_CHUNK_SIZE) != + BIG_OK) { + goto cleanup; + } + + bn2solbn(a, &sol_a); + bn2solbn(p, &sol_p); + bn2solbn(m, &sol_m); + + /* calls libsoftcrypto's big_modexp() routine */ + if (big_modexp(&sol_r, &sol_a, &sol_p, &sol_m, NULL) != BIG_OK) { + goto cleanup; + } + + if (bn_wexpand(r, m->top + 2) == NULL) { + goto cleanup; + } + solbn2bn(&sol_r, r); + + rv = 1; + +cleanup: + + big_finish(&sol_m); + big_finish(&sol_p); + big_finish(&sol_a); + big_finish(&sol_r); + + return (rv); +} + +#endif /* !(OPENSSL_NO_RSA && OPENSSL_NO_DSA) */ + +#ifndef OPENSSL_NO_RSA + +/* Our internal RSA_METHOD that we provide pointers to */ +static RSA_METHOD t4_rsa = +{ + "Oracle T4 RSA method", + NULL, /* rsa_pub_encrypt */ + NULL, /* rsa_pub_decrypt */ + NULL, /* rsa_priv_encrypt */ + NULL, /* rsa_priv_decrypt */ + NULL, /* rsa_mod_exp */ + t4_bn_mod_exp, /* bn_mod_exp */ + NULL, /* init */ + NULL, /* finish */ + RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE | RSA_FLAG_NO_BLINDING, + /* flags */ + NULL, /* app_data */ + NULL, /* rsa_sign */ + NULL, /* rsa_verify */ + /* Internal rsa_keygen will be used if this is NULL. */ + NULL /* rsa_keygen */ +}; + +RSA_METHOD * +t4_RSA(void) +{ + const RSA_METHOD *meth1; + + meth1 = RSA_PKCS1_SSLeay(); + t4_rsa.rsa_pub_enc = meth1->rsa_pub_enc; + t4_rsa.rsa_pub_dec = meth1->rsa_pub_dec; + t4_rsa.rsa_priv_enc = meth1->rsa_priv_enc; + t4_rsa.rsa_priv_dec = meth1->rsa_priv_dec; + t4_rsa.rsa_mod_exp = meth1->rsa_mod_exp; + t4_rsa.finish = meth1->finish; + + return (&t4_rsa); +} + +#endif /* !OPENSSL_NO_RSA */ + + +#ifndef OPENSSL_NO_DSA + +static int +t4_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) +{ + return (t4_bn_mod_exp(r, a, p, m, ctx, m_ctx)); +} + + +static int +t4_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, + BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) +{ + int rv = 0; + SOLARIS_BIGNUM sol_rr = {0}; + SOLARIS_BIGNUM sol_a1 = {0}; + SOLARIS_BIGNUM sol_p1 = {0}; + SOLARIS_BIGNUM sol_a2 = {0}; + SOLARIS_BIGNUM sol_p2 = {0}; + SOLARIS_BIGNUM sol_m = {0}; + SOLARIS_BIGNUM sol_tmp = {0}; + + if (big_init(&sol_rr, (m->top + 3) * BN_BITS2 / BIG_CHUNK_SIZE) != + BIG_OK) { + goto cleanup; + } + if (big_init(&sol_a1, (a1->top + 1) * BN_BITS2 / BIG_CHUNK_SIZE) != + BIG_OK) { + goto cleanup; + } + if (big_init(&sol_p1, (p1->top + 1) * BN_BITS2 / BIG_CHUNK_SIZE) != + BIG_OK) { + goto cleanup; + } + if (big_init(&sol_a2, (a2->top + 1) * BN_BITS2 / BIG_CHUNK_SIZE) != + BIG_OK) { + goto cleanup; + } + if (big_init(&sol_p2, (p2->top + 1) * BN_BITS2 / BIG_CHUNK_SIZE) != + BIG_OK) { + goto cleanup; + } + if (big_init(&sol_m, (m->top + 1) * BN_BITS2 / BIG_CHUNK_SIZE) != + BIG_OK) { + goto cleanup; + } + if (big_init(&sol_tmp, 2 * sol_m.len + 1) != BIG_OK) { + goto cleanup; + } + + if (big_init(&sol_tmp, 2 * sol_m.len + 1) != BIG_OK) { + goto cleanup; + } + + bn2solbn(a1, &sol_a1); + bn2solbn(p1, &sol_p1); + bn2solbn(a2, &sol_a2); + bn2solbn(p2, &sol_p2); + bn2solbn(m, &sol_m); + + + /* calls libsoftcrypto's big_modexp() routine */ + if (big_modexp(&sol_rr, &sol_a1, &sol_p1, &sol_m, NULL) != + BIG_OK) { + goto cleanup; + } + + if (big_modexp(&sol_tmp, &sol_a2, &sol_p2, &sol_m, NULL) != + BIG_OK) { + goto cleanup; + } + + if (big_mul(&sol_tmp, &sol_rr, &sol_tmp) != BIG_OK) { + goto cleanup; + } + + if (big_div_pos(NULL, &sol_rr, &sol_tmp, &sol_m) != BIG_OK) { + goto cleanup; + } + + if (bn_wexpand(rr, m->top + 2) == NULL) { + goto cleanup; + } + solbn2bn(&sol_rr, rr); + + rv = 1; + +cleanup: + + big_finish(&sol_tmp); + big_finish(&sol_m); + big_finish(&sol_p2); + big_finish(&sol_a2); + big_finish(&sol_p1); + big_finish(&sol_a1); + big_finish(&sol_rr); + + return (rv); +} + +/* Our internal DSA_METHOD that we provide pointers to */ +static DSA_METHOD t4_dsa = +{ + "Oracle T4 DSA method", /* name */ + NULL, /* dsa_do_sign */ + NULL, /* dsa_sign_setup */ + NULL, /* dsa_do_verify */ + t4_dsa_mod_exp, /* dsa_mod_exp, */ + t4_dsa_bn_mod_exp, /* bn_mod_exp, */ + NULL, /* init */ + NULL, /* finish */ + NULL, /* flags */ + NULL, /* app_data */ + NULL, /* dsa_paramgen */ + NULL /* dsa_keygen */ +}; + +DSA_METHOD * +t4_DSA(void) +{ + const DSA_METHOD *meth1; + + meth1 = DSA_OpenSSL(); + t4_dsa.dsa_do_sign = meth1->dsa_do_sign; + t4_dsa.dsa_sign_setup = meth1->dsa_sign_setup; + t4_dsa.dsa_do_verify = meth1->dsa_do_verify; + t4_dsa.finish = meth1->finish; + + return (&t4_dsa); +} + +#endif /* !OPENSSL_NO_DSA */ + + +#ifndef OPENSSL_NO_DH + +static int +t4_dh_bn_mod_exp(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) +{ + return (t4_bn_mod_exp(r, a, p, m, ctx, m_ctx)); +} + + + +/* Our internal DH_METHOD that we provide pointers to */ +static DH_METHOD t4_dh = +{ + "Oracle T4 DH method", /* name */ + NULL, /* generate_key */ + NULL, /* compute_key */ + t4_dh_bn_mod_exp, /* bn_mod_exp, */ + NULL, /* init */ + NULL, /* finish */ + NULL, /* flags */ + NULL /* app_data */ +}; + +DH_METHOD * +t4_DH(void) +{ + const DH_METHOD *meth1; + + meth1 = DH_OpenSSL(); + t4_dh.generate_key = meth1->generate_key; + t4_dh.compute_key = meth1->compute_key; + t4_dh.finish = meth1->finish; + + return (&t4_dh); +} + +#endif /* !OPENSSL_NO_DH */ + +#endif /* COMPILE_HW_T4 */ + +#endif /* !OPENSSL_NO_HW && !OPENSSL_NO_HW_MONTMUL_T4 */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/engines/t4/eng_t4_sha1.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/engines/t4/eng_t4_sha1.c Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,197 @@ +/* + * This product includes cryptographic software developed by the OpenSSL + * Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This + * product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). + */ + +/* + * ==================================================================== + * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + */ + +/* + * This engine supports SPARC microprocessors that provide AES and other + * cipher and hash instructions, such as the T4 microprocessor. + * + * This file implements the SHA-1 message digest operations. + */ + +#include + +#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_MD_T4) +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) +#include +#include +#include +#include + +/* + * For SHA1, OpenSSL SHA_CTX has an extra num field at the end, + * while the Solaris SHA1_CTX does not have this field. + */ +#include +#include + +#if (defined(sun4v) || defined(__sparcv9) || defined(__sparcv8plus) || \ + defined(__sparcv8)) && !defined(OPENSSL_NO_ASM) +#define COMPILE_HW_T4 +#endif + +#ifdef COMPILE_HW_T4 + +/* Assembly language function; replaces C function sha1_block_data_order(): */ +extern void t4_sha1_multiblock(SHA_CTX *ctx, const void *input, size_t num); + +/* Formal declaration for functions in EVP_MD structure */ +static int t4_digest_init_sha1(EVP_MD_CTX *ctx); +static int t4_digest_update_sha1(EVP_MD_CTX *ctx, const void *data, + size_t len); +static int t4_digest_final_sha1(EVP_MD_CTX *ctx, unsigned char *md); +static int t4_digest_copy_sha1(EVP_MD_CTX *to, const EVP_MD_CTX *from); + +/* + * OpenSSL's libcrypto EVP stuff. This is how this engine gets wired to EVP. + * EVP_MD is defined in evp.h. To maintain binary compatibility the + * definition cannot be modified. + * Stuff specific to the t4 engine is kept in t4_cipher_ctx_t, which is + * pointed to by the last field, app_data. + * + * Fields: type, pkey_type, md_size, flags, + * init(), update(), final(), + * copy(), cleanup(), sign(), verify(), + * required_pkey_type, block_size, ctx_size, md5_ctrl() + */ +const EVP_MD t4_sha1 = { + NID_sha1, NID_sha1WithRSAEncryption, SHA_DIGEST_LENGTH, + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + t4_digest_init_sha1, t4_digest_update_sha1, t4_digest_final_sha1, + t4_digest_copy_sha1, NULL, + EVP_PKEY_RSA_method, SHA_CBLOCK, + sizeof (SHA_CTX), NULL + }; + +/* These functions are defined in md32_common.h: */ +static int t4_sha1_update(SHA_CTX *c, const void *data_, size_t len); +static void t4_sha1_transform(SHA_CTX *c, const unsigned char *data); +static int t4_sha1_final(unsigned char *md, SHA_CTX *c); +#pragma inline(t4_sha1_update, t4_sha1_transform, t4_sha1_final) + +#define DATA_ORDER_IS_BIG_ENDIAN +/* HASH_LONG/SHA_LONG is unsigned int (32 bits): */ +#define HASH_LONG SHA_LONG +#define HASH_CTX SHA_CTX +#define HASH_CBLOCK SHA_CBLOCK +#define HASH_UPDATE t4_sha1_update +#define HASH_TRANSFORM t4_sha1_transform +#define HASH_FINAL t4_sha1_final +#define HASH_BLOCK_DATA_ORDER t4_sha1_multiblock +#define HASH_MAKE_STRING(c, s) do { \ + unsigned int ll; \ + ll = (c)->h0; HOST_l2c(ll, (s)); \ + ll = (c)->h1; HOST_l2c(ll, (s)); \ + ll = (c)->h2; HOST_l2c(ll, (s)); \ + ll = (c)->h3; HOST_l2c(ll, (s)); \ + ll = (c)->h4; HOST_l2c(ll, (s)); \ + } while (0) + +/* This defines HASH_UPDATE, HASH_TRANSFORM, HASH_FINAL functions: */ +#include "md32_common.h" + + +/* + * SHA-1 functions (FIPS 180-1 Secure Hash Standard) + */ + +static int +t4_digest_init_sha1(EVP_MD_CTX *ctx) +{ + SHA_CTX *c = (SHA_CTX *)ctx->md_data; + + /* Optimization: don't call memset(c, 0,...) or initialize c->data[] */ + c->Nl = c->Nh = c->num = 0; + c->h0 = 0x67452301U; + c->h1 = 0xefcdab89U; + c->h2 = 0x98badcfeU; + c->h3 = 0x10325476U; + c->h4 = 0xc3d2e1f0U; + + return (1); +} + +/* Continue SHA1 digest operation, using the message block to update context. */ +static int +t4_digest_update_sha1(EVP_MD_CTX *ctx, const void *data, size_t len) +{ + return (t4_sha1_update((SHA_CTX *)ctx->md_data, data, len)); +} + +/* End SHA1 digest operation, finalizing message digest and zeroing context. */ +static int +t4_digest_final_sha1(EVP_MD_CTX *ctx, unsigned char *md) +{ + return (t4_sha1_final(md, (SHA_CTX *)ctx->md_data)); +} + +/* Required for Engine API */ +static int +t4_digest_copy_sha1(EVP_MD_CTX *to, const EVP_MD_CTX *from) +{ + if ((to->md_data != NULL) && (from->md_data != NULL)) { + (void) memcpy(to->md_data, from->md_data, sizeof (SHA_CTX)); + } + return (1); +} + +#endif /* COMPILE_HW_T4 */ +#endif /* !OPENSSL_NO_SHA && !OPENSSL_NO_SHA1 */ +#endif /* !OPENSSL_NO_HW && !OPENSSL_NO_HW_MD_T4 */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/engines/t4/eng_t4_sha256.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/engines/t4/eng_t4_sha256.c Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,246 @@ +/* + * This product includes cryptographic software developed by the OpenSSL + * Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This + * product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). + */ + +/* + * ==================================================================== + * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + */ + +/* + * This engine supports SPARC microprocessors that provide AES and other + * cipher and hash instructions, such as the T4 microprocessor. + * + * This file implements the SHA-256 message digest operations. + */ + +#include + +#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_MD_T4) +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256) +#include +#include +#include +#include +#include +/* + * Solaris sys/sha2.h and OpenSSL openssl/sha.h both define + * SHA256_CTX, SHA512_CTX, SHA256, SHA384, and SHA512. + * For SHA2, OpenSSL SHA256_CTX has extra num and md_len fields at + * the end and Solaris SHA2_CTX has an extra algotype field at the beginning. + */ +#include "eng_t4_sha2_asm.h" + +#if (defined(sun4v) || defined(__sparcv9) || defined(__sparcv8plus) || \ + defined(__sparcv8)) && !defined(OPENSSL_NO_ASM) +#define COMPILE_HW_T4 +#endif + +#ifdef COMPILE_HW_T4 + +/* Formal declaration for functions in EVP_MD structure */ +static int t4_digest_init_sha256(EVP_MD_CTX *ctx); +static int t4_digest_init_sha224(EVP_MD_CTX *ctx); +static int t4_digest_update_sha256(EVP_MD_CTX *ctx, const void *data, + size_t len); +static int t4_digest_final_sha256(EVP_MD_CTX *ctx, unsigned char *md); +static int t4_digest_copy_sha256(EVP_MD_CTX *to, const EVP_MD_CTX *from); + + +/* + * OpenSSL's libcrypto EVP stuff. This is how this engine gets wired to EVP. + * EVP_MD is defined in evp.h. To maintain binary compatibility the + * definition cannot be modified. + * Stuff specific to the t4 engine is kept in t4_cipher_ctx_t, which is + * pointed to by the last field, app_data. + * + * Fields: type, pkey_type, md_size, flags, + * init(), update(), final(), + * copy(), cleanup(), sign(), verify(), + * required_pkey_type, block_size, ctx_size, md5_ctrl() + */ +const EVP_MD t4_sha256 = { + NID_sha256, NID_sha256WithRSAEncryption, SHA256_DIGEST_LENGTH, + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + t4_digest_init_sha256, t4_digest_update_sha256, t4_digest_final_sha256, + t4_digest_copy_sha256, NULL, + EVP_PKEY_RSA_method, SHA256_CBLOCK, + sizeof (T4_SHA256_CTX), NULL + }; +/* SHA-224 uses the same context, cblock size, & update function as SHA-256: */ +const EVP_MD t4_sha224 = { + NID_sha224, NID_sha224WithRSAEncryption, SHA224_DIGEST_LENGTH, + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + t4_digest_init_sha224, t4_digest_update_sha256, t4_digest_final_sha256, + t4_digest_copy_sha256, NULL, + EVP_PKEY_RSA_method, SHA256_CBLOCK, + sizeof (T4_SHA256_CTX), NULL + }; + +/* These functions are defined in md32_common.h: */ +static int t4_sha256_update(T4_SHA256_CTX *c, const void *data_, size_t len); +static void t4_sha256_transform(T4_SHA256_CTX *c, const unsigned char *data); +static int t4_sha256_final(unsigned char *md, T4_SHA256_CTX *c); +#pragma inline(t4_sha256_update, t4_sha256_transform, t4_sha256_final) + +#define DATA_ORDER_IS_BIG_ENDIAN +/* HASH_LONG/SHA_LONG is unsigned int (32 bits): */ +#define HASH_LONG SHA_LONG +#define HASH_CTX T4_SHA256_CTX +#define HASH_CBLOCK SHA_CBLOCK +#define HASH_UPDATE t4_sha256_update +#define HASH_TRANSFORM t4_sha256_transform +#define HASH_FINAL t4_sha256_final +#define HASH_BLOCK_DATA_ORDER t4_sha256_multiblock +#define HASH_MAKE_STRING(c, s) \ + do { \ + unsigned int ll, nn; \ + switch ((c)->md_len) { \ + case SHA256_DIGEST_LENGTH: \ + for (nn = 0; nn < SHA256_DIGEST_LENGTH / 4; nn++) { \ + ll = (c)->h[nn]; HOST_l2c(ll, (s)); } \ + break; \ + case SHA224_DIGEST_LENGTH: \ + for (nn = 0; nn < SHA224_DIGEST_LENGTH / 4; nn++) { \ + ll = (c)->h[nn]; HOST_l2c(ll, (s)); } \ + break; \ + default: \ + if ((c)->md_len > SHA256_DIGEST_LENGTH) \ + return (0); \ + for (nn = 0; nn < (c)->md_len / 4; nn++) { \ + ll = (c)->h[nn]; HOST_l2c(ll, (s)); } \ + break; \ + } \ + } while (0) + +/* This defines HASH_UPDATE, HASH_TRANSFORM, HASH_FINAL functions: */ +#include "md32_common.h" + + +/* + * SHA256 functions (part of FIPS 180-2 Secure Hash Standard) + */ + +static int +t4_digest_init_sha256(EVP_MD_CTX *ctx) +{ + T4_SHA256_CTX *c = (T4_SHA256_CTX *)ctx->md_data; + + /* Optimization: don't call memset(c, 0,...) or initialize c->data[] */ + c->Nl = c->Nh = c->num = 0; + c->h[0] = 0x6a09e667U; + c->h[1] = 0xbb67ae85U; + c->h[2] = 0x3c6ef372U; + c->h[3] = 0xa54ff53aU; + c->h[4] = 0x510e527fU; + c->h[5] = 0x9b05688cU; + c->h[6] = 0x1f83d9abU; + c->h[7] = 0x5be0cd19U; + c->md_len = SHA256_DIGEST_LENGTH; + return (1); +} + + +static int +t4_digest_init_sha224(EVP_MD_CTX *ctx) +{ + T4_SHA256_CTX *c = (T4_SHA256_CTX *)ctx->md_data; + + /* Optimization: don't call memset(c, 0,...) or initialize c->data[] */ + c->Nl = c->Nh = c->num = 0; + c->h[0] = 0xc1059ed8UL; + c->h[1] = 0x367cd507UL; + c->h[2] = 0x3070dd17UL; + c->h[3] = 0xf70e5939UL; + c->h[4] = 0xffc00b31UL; + c->h[5] = 0x68581511UL; + c->h[6] = 0x64f98fa7UL; + c->h[7] = 0xbefa4fa4UL; + c->md_len = SHA224_DIGEST_LENGTH; + return (1); +} + +/* Continue SHA256 digest operation, using message block to update context. */ +static int +t4_digest_update_sha256(EVP_MD_CTX *ctx, const void *data, size_t len) +{ + T4_SHA256_CTX *sha256_ctx = (T4_SHA256_CTX *)ctx->md_data; + + return (t4_sha256_update((T4_SHA256_CTX *)ctx->md_data, data, len)); +} + +/* End SHA256 digest operation, finalizing message digest and zeroing context */ +static int +t4_digest_final_sha256(EVP_MD_CTX *ctx, unsigned char *md) +{ + T4_SHA256_CTX *sha256_ctx = (T4_SHA256_CTX *)ctx->md_data; + + return (t4_sha256_final(md, (T4_SHA256_CTX *)ctx->md_data)); +} + +/* Required for Engine API */ +static int +t4_digest_copy_sha256(EVP_MD_CTX *to, const EVP_MD_CTX *from) +{ + if ((to->md_data != NULL) && (from->md_data != NULL)) { + (void) memcpy(to->md_data, from->md_data, + sizeof (T4_SHA256_CTX)); + } + return (1); +} + +#endif /* COMPILE_HW_T4 */ +#endif /* !OPENSSL_NO_SHA && !OPENSSL_NO_SHA256 */ +#endif /* !OPENSSL_NO_HW && !OPENSSL_NO_HW_MD_T4 */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/engines/t4/eng_t4_sha2_asm.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/engines/t4/eng_t4_sha2_asm.h Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,135 @@ +/* + * This product includes cryptographic software developed by the OpenSSL + * Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This + * product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). + */ + +/* + * ==================================================================== + * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + */ + +#ifndef ENG_T4_SHA2_ASM_H +#define ENG_T4_SHA2_ASM_H + +/* + * SPARC T4 SHA2 (SHA256/SHA512) assembly language functions and context. + * The context must match that used by the Solaris SPARC T4 assembly + * (except for OpenSSL-specific fields num and md_len that aren't in Solaris). + * + * Based on OpenSSL file openssl/sha.h and Solaris file sys/sha2.h. + */ + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef OPENSSL_NO_SHA256 +/* + * The contents of this structure are a private interface between the + * Init/Update/Multiblock/Final functions. + * Callers must never attempt to read or write any of the fields + * in this structure directly. + */ +typedef struct t4_SHA256state_st { + uint32_t algotype; /* Solaris-only field; unused here */ + uint32_t algotype_pad; /* Pad to align next field 0 mod 8 */ + uint32_t h[8]; /* State (ABCDEFGH) */ + uint32_t h_pad[8]; /* Pad fields to match T4_SHA512_CTX */ + uint32_t Nl, Nh; /* Number of bits, module 2^64 */ + uint32_t Nl_pad, Nh_pad; /* Pad fields to match T4_SHA512_CTX */ + uint32_t data[SHA_LBLOCK]; /* Input */ + unsigned int num, md_len; /* Fields unused by Solaris assembly */ +} T4_SHA256_CTX; +#endif /* !OPENSSL_NO_SHA256 */ + + +#ifndef OPENSSL_NO_SHA512 +/* + * The contents of this structure are a private interface between the + * Init/Update/Multiblock/Final functions. + * Callers must never attempt to read or write any of the fields + * in this structure directly. + */ +typedef struct t4_SHA512state_st { + uint32_t algotype; /* Solaris-only field; unused here */ + uint64_t h[8]; /* State (ABCDEFGH) */ + uint64_t Nl, Nh; /* Number of bits, module 2^128 */ + union { + uint64_t d[SHA_LBLOCK]; + unsigned char p[SHA512_CBLOCK]; + } u; /* Input */ + unsigned int num, md_len; /* Fields unused by Solaris assembly */ +} T4_SHA512_CTX; +#endif /* !OPENSSL_NO_SHA512 */ + +/* + * SPARC T4 assembly language functions + */ +#ifndef OPENSSL_NO_SHA256 +extern void t4_sha256_multiblock(T4_SHA256_CTX *c, const void *input, + size_t num); +#endif +#ifndef OPENSSL_NO_SHA512 +extern void t4_sha512_multiblock(T4_SHA512_CTX *c, const void *input, + size_t num); +#endif + +#ifdef __cplusplus +} +#endif +#endif /* ENG_T4_SHA2_ASM_H */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/engines/t4/eng_t4_sha512.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/engines/t4/eng_t4_sha512.c Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,325 @@ +/* + * This product includes cryptographic software developed by the OpenSSL + * Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This + * product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). + */ + +/* + * ==================================================================== + * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + */ + +/* + * This engine supports SPARC microprocessors that provide AES and other + * cipher and hash instructions, such as the T4 microprocessor. + * + * This file implements the SHA-512 message digest operations. + */ + +#include + +#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_MD_T4) +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) +#include +#include +#include +#include +#include +/* + * Solaris sys/sha2.h and OpenSSL openssl/sha.h both define + * SHA512_CTX, SHA512_CTX, SHA512, SHA384, and SHA512. + * For SHA2, OpenSSL SHA512_CTX has extra num and md_len fields at + * the end and Solaris SHA2_CTX has an extra algotype field at the beginning. + */ +#include "eng_t4_sha2_asm.h" + +#if (defined(sun4v) || defined(__sparcv9) || defined(__sparcv8plus) || \ + defined(__sparcv8)) && !defined(OPENSSL_NO_ASM) +#define COMPILE_HW_T4 +#endif + +#ifdef COMPILE_HW_T4 + +/* Formal declaration for functions in EVP_MD structure */ +static int t4_digest_init_sha384(EVP_MD_CTX *ctx); +static int t4_digest_init_sha512(EVP_MD_CTX *ctx); +static int t4_digest_update_sha512(EVP_MD_CTX *ctx, const void *data, + size_t len); +static int t4_digest_final_sha512(EVP_MD_CTX *ctx, unsigned char *md); +static int t4_digest_copy_sha512(EVP_MD_CTX *to, const EVP_MD_CTX *from); + + +/* + * OpenSSL's libcrypto EVP stuff. This is how this engine gets wired to EVP. + * EVP_MD is defined in evp.h. To maintain binary compatibility the + * definition cannot be modified. + * Stuff specific to the t4 engine is kept in t4_cipher_ctx_t, which is + * pointed to by the last field, app_data. + * + * Fields: type, pkey_type, md_size, flags, + * init(), update(), final(), + * copy(), cleanup(), sign(), verify(), + * required_pkey_type, block_size, ctx_size, md5_ctrl() + */ + +const EVP_MD t4_sha512 = { + NID_sha512, NID_sha512WithRSAEncryption, SHA512_DIGEST_LENGTH, + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + t4_digest_init_sha512, t4_digest_update_sha512, t4_digest_final_sha512, + t4_digest_copy_sha512, NULL, + EVP_PKEY_RSA_method, SHA512_CBLOCK, + sizeof (T4_SHA512_CTX), NULL + }; +/* SHA-384 uses the same context, cblock size, & update function as SHA-512: */ +const EVP_MD t4_sha384 = { + NID_sha384, NID_sha384WithRSAEncryption, SHA384_DIGEST_LENGTH, + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + t4_digest_init_sha384, t4_digest_update_sha512, t4_digest_final_sha512, + t4_digest_copy_sha512, NULL, + EVP_PKEY_RSA_method, SHA512_CBLOCK, + sizeof (T4_SHA512_CTX), NULL + }; + + +/* + * SHA512 functions (part of FIPS 180-2 Secure Hash Standard) + */ + +static int +t4_digest_init_sha512(EVP_MD_CTX *ctx) +{ + T4_SHA512_CTX *c = (T4_SHA512_CTX *)ctx->md_data; + + c->Nl = c->Nh = c->num = 0; + c->h[0] = 0x6a09e667f3bcc908ULL; + c->h[1] = 0xbb67ae8584caa73bULL; + c->h[2] = 0x3c6ef372fe94f82bULL; + c->h[3] = 0xa54ff53a5f1d36f1ULL; + c->h[4] = 0x510e527fade682d1ULL; + c->h[5] = 0x9b05688c2b3e6c1fULL; + c->h[6] = 0x1f83d9abfb41bd6bULL; + c->h[7] = 0x5be0cd19137e2179ULL; + c->md_len = SHA512_DIGEST_LENGTH; + + return (1); +} + + +static int +t4_digest_init_sha384(EVP_MD_CTX *ctx) +{ + T4_SHA512_CTX *c = (T4_SHA512_CTX *)ctx->md_data; + + c->Nl = c->Nh = c->num = 0; + c->h[0] = 0xcbbb9d5dc1059ed8ULL; + c->h[1] = 0x629a292a367cd507ULL; + c->h[2] = 0x9159015a3070dd17ULL; + c->h[3] = 0x152fecd8f70e5939ULL; + c->h[4] = 0x67332667ffc00b31ULL; + c->h[5] = 0x8eb44a8768581511ULL; + c->h[6] = 0xdb0c2e0d64f98fa7ULL; + c->h[7] = 0x47b5481dbefa4fa4ULL; + c->md_len = SHA384_DIGEST_LENGTH; + + return (1); +} + + +/* + * Continue SHA512 or SHA384 digest operation, using the message block to + * update context. + * Modified from SHA512_Update() in OpenSSL crypto/sha/sha512.c. + */ +static int +t4_digest_update_sha512(EVP_MD_CTX *ctx, const void *_data, size_t len) +{ + T4_SHA512_CTX *c = (T4_SHA512_CTX *)ctx->md_data; + SHA_LONG64 l; + unsigned char *p = c->u.p; + const unsigned char *data = (const unsigned char *)_data; + + if (len == 0) + return (1); + + l = (c->Nl + (((SHA_LONG64)len) << 3)) & 0xffffffffffffffffULL; + if (l < c->Nl) + c->Nh++; + if (sizeof (len) >= 8) { + c->Nh += (((SHA_LONG64)len) >> 61); + } + c->Nl = l; + + if (c->num != 0) { + size_t n = sizeof (c->u) - c->num; + + if (len < n) { + memcpy(p + c->num, data, len); + c->num += (unsigned int)len; + return (1); + } else { + memcpy(p + c->num, data, n); + c->num = 0; + len -= n; + data += n; + t4_sha512_multiblock(c, p, 1); + } + } + + if (len >= sizeof (c->u)) { + if ((size_t)data % sizeof (c->u.d[0]) != 0) { + /* Align unaligned data one block-at-a-time */ + while (len >= sizeof (c->u)) { + memcpy(p, data, sizeof (c->u)); + t4_sha512_multiblock(c, p, 1); + len -= sizeof (c->u); + data += sizeof (c->u); + } + } else { + t4_sha512_multiblock(c, data, len / sizeof (c->u)); + data += len; + len %= sizeof (c->u); + data -= len; + } + } + + if (len != 0) { + memcpy(p, data, len); + c->num = (int)len; + } + + return (1); +} + + +/* + * End SHA-512 or SHA-384 digest operation, finalizing message digest and + * zeroing context. + * Modified from SHA512_Final() in OpenSSL crypto/sha/sha512.c. + */ +static int +t4_digest_final_sha512(EVP_MD_CTX *ctx, unsigned char *md) +{ + T4_SHA512_CTX *c = (T4_SHA512_CTX *)ctx->md_data; + unsigned char *p = (unsigned char *)c->u.p; + size_t n = c->num; + + p[n] = 0x80; /* There always is a room for one */ + n++; + if (n > (sizeof (c->u) - 16)) { + memset(p + n, 0, sizeof (c->u) - n); + n = 0; + t4_sha512_multiblock(c, p, 1); + } + + memset(p+n, 0, sizeof (c->u) - 16 - n); + c->u.d[SHA_LBLOCK - 2] = c->Nh; + c->u.d[SHA_LBLOCK - 1] = c->Nl; + + t4_sha512_multiblock(c, p, 1); + + if (md == 0) + return (0); + + switch (c->md_len) { + /* Let compiler decide if it's appropriate to unroll... */ + case SHA384_DIGEST_LENGTH: + for (n = 0; n < SHA384_DIGEST_LENGTH / 8; n++) { + SHA_LONG64 t = c->h[n]; + + *(md++) = (unsigned char)(t >> 56); + *(md++) = (unsigned char)(t >> 48); + *(md++) = (unsigned char)(t >> 40); + *(md++) = (unsigned char)(t >> 32); + *(md++) = (unsigned char)(t >> 24); + *(md++) = (unsigned char)(t >> 16); + *(md++) = (unsigned char)(t >> 8); + *(md++) = (unsigned char)(t); + } + break; + case SHA512_DIGEST_LENGTH: + for (n = 0; n < SHA512_DIGEST_LENGTH / 8; n++) { + SHA_LONG64 t = c->h[n]; + + *(md++) = (unsigned char)(t >> 56); + *(md++) = (unsigned char)(t >> 48); + *(md++) = (unsigned char)(t >> 40); + *(md++) = (unsigned char)(t >> 32); + *(md++) = (unsigned char)(t >> 24); + *(md++) = (unsigned char)(t >> 16); + *(md++) = (unsigned char)(t >> 8); + *(md++) = (unsigned char)(t); + } + break; + /* ... as well as make sure md_len is not abused. */ + default: + return (0); + } + + return (1); +} + + +/* Required for Engine API */ +static int +t4_digest_copy_sha512(EVP_MD_CTX *to, const EVP_MD_CTX *from) +{ + if ((to->md_data != NULL) && (from->md_data != NULL)) { + (void) memcpy(to->md_data, from->md_data, + sizeof (T4_SHA512_CTX)); + } + return (1); +} + +#endif /* COMPILE_HW_T4 */ +#endif /* !OPENSSL_NO_SHA && !OPENSSL_NO_SHA512 */ +#endif /* !OPENSSL_NO_HW && !OPENSSL_NO_HW_MD_T4 */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/engines/t4/t4_aes.S --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/engines/t4/t4_aes.S Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,3052 @@ +/* + * ==================================================================== + * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + */ + +/*LINTLIBRARY*/ + +#if defined(lint) || defined(__lint) + + +#include + +/*ARGSUSED*/ +void t4_aes_expand128(uint64_t *rk, const uint32_t *key) +{ return; } + +/*ARGSUSED*/ +void t4_aes_expand192(uint64_t *rk, const uint32_t *key) +{ return; } + +/*ARGSUSED*/ +void t4_aes_expand256(uint64_t *rk, const uint32_t *key) +{ return; } + +void t4_aes128_load_keys_for_encrypt(uint64_t *ks) +{ return; } + +/*ARGSUSED*/ +void t4_aes192_load_keys_for_encrypt(uint64_t *ks) +{ return; } + +/*ARGSUSED*/ +void t4_aes256_load_keys_for_encrypt(uint64_t *ks) +{ return; } + +/*ARGSUSED*/ +void t4_aes128_ecb_encrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) +{ return; } + +/*ARGSUSED*/ +void t4_aes192_ecb_encrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) +{ return; } + +/*ARGSUSED*/ +void t4_aes256_ecb_encrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) +{ return; } + +/*ARGSUSED*/ +void t4_aes128_cbc_encrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) +{ return; } + +/*ARGSUSED*/ +void t4_aes192_cbc_encrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) +{ return; } + +/*ARGSUSED*/ +void t4_aes256_cbc_encrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) +{ return; } + +/*ARGSUSED*/ +void t4_aes128_ctr_crypt(uint64_t *ks, uint64_t *asm_in, + uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) +{ return; } + +/*ARGSUSED*/ +void t4_aes192_ctr_crypt(uint64_t *ks, uint64_t *asm_in, + uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) +{ return; } + +/*ARGSUSED*/ +void t4_aes256_ctr_crypt(uint64_t *ks, uint64_t *asm_in, + uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) +{ return; } + +/*ARGSUSED*/ +void t4_aes128_cfb128_encrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) +{ return; } + +/*ARGSUSED*/ +void t4_aes192_cfb128_encrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) +{ return; } + +/*ARGSUSED*/ +void t4_aes256_cfb128_encrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) +{ return; } + +void t4_aes128_load_keys_for_decrypt(uint64_t *ks) +{ return; } + +/*ARGSUSED*/ +void t4_aes192_load_keys_for_decrypt(uint64_t *ks) +{ return; } + +/*ARGSUSED*/ +void t4_aes256_load_keys_for_decrypt(uint64_t *ks) +{ return; } + +/*ARGSUSED*/ +void t4_aes128_ecb_decrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) +{ return; } + +/*ARGSUSED*/ +void t4_aes192_ecb_decrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) +{ return; } + +/*ARGSUSED*/ +void t4_aes256_ecb_decrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) +{ return; } + +/*ARGSUSED*/ +void t4_aes128_cbc_decrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) +{ return; } + +/*ARGSUSED*/ +void t4_aes192_cbc_decrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) +{ return; } + +/*ARGSUSED*/ +void t4_aes256_cbc_decrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) +{ return; } + +/*ARGSUSED*/ +void t4_aes128_cfb128_decrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) +{ return; } + +/*ARGSUSED*/ +void t4_aes192_cfb128_decrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) +{ return; } + +/*ARGSUSED*/ +void t4_aes256_cfb128_decrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t * asm_out, size_t amount_to_encrypt, uint64_t *iv) +{ return; } + +#else /* lint || __lint */ + +#include + + + ENTRY(t4_aes_expand128) + +!load key + ld [%o1], %f0 + ld [%o1 + 0x4], %f1 + ld [%o1 + 0x8], %f2 + ld [%o1 + 0xc], %f3 + +!expand the key + !aes_kexpand1 %f0, %f2, 0x0, %f4 + !aes_kexpand2 %f2, %f4, %f6 + !aes_kexpand1 %f4, %f6, 0x1, %f8 + !aes_kexpand2 %f6, %f8, %f10 + !aes_kexpand1 %f8, %f10, 0x2, %f12 + !aes_kexpand2 %f10, %f12, %f14 + !aes_kexpand1 %f12, %f14, 0x3, %f16 + !aes_kexpand2 %f14, %f16, %f18 + !aes_kexpand1 %f16, %f18, 0x4, %f20 + !aes_kexpand2 %f18, %f20, %f22 + !aes_kexpand1 %f20, %f22, 0x5, %f24 + !aes_kexpand2 %f22, %f24, %f26 + !aes_kexpand1 %f24, %f26, 0x6, %f28 + !aes_kexpand2 %f26, %f28, %f30 + !aes_kexpand1 %f28, %f30, 0x7, %f32 + !aes_kexpand2 %f30, %f32, %f34 + !aes_kexpand1 %f32, %f34, 0x8, %f36 + !aes_kexpand2 %f34, %f36, %f38 + !aes_kexpand1 %f36, %f38, 0x9, %f40 + !aes_kexpand2 %f38, %f40, %f42 + .byte 0x88, 0xc8, 0x01, 0x02 + .byte 0x8d, 0xb0, 0xa6, 0x24 + .byte 0x90, 0xc9, 0x03, 0x06 + .byte 0x95, 0xb1, 0xa6, 0x28 + .byte 0x98, 0xca, 0x05, 0x0a + .byte 0x9d, 0xb2, 0xa6, 0x2c + .byte 0xa0, 0xcb, 0x07, 0x0e + .byte 0xa5, 0xb3, 0xa6, 0x30 + .byte 0xa8, 0xcc, 0x09, 0x12 + .byte 0xad, 0xb4, 0xa6, 0x34 + .byte 0xb0, 0xcd, 0x0b, 0x16 + .byte 0xb5, 0xb5, 0xa6, 0x38 + .byte 0xb8, 0xce, 0x0d, 0x1a + .byte 0xbd, 0xb6, 0xa6, 0x3c + .byte 0x82, 0xcf, 0x0f, 0x1e + .byte 0x87, 0xb7, 0xa6, 0x21 + .byte 0x8a, 0xc8, 0x51, 0x03 + .byte 0x8f, 0xb0, 0xe6, 0x25 + .byte 0x92, 0xc9, 0x53, 0x07 + .byte 0x97, 0xb1, 0xe6, 0x29 + +!copy expanded key back into array + std %f4, [%o0] + std %f6, [%o0 + 0x8] + std %f8, [%o0 + 0x10] + std %f10, [%o0 + 0x18] + std %f12, [%o0 + 0x20] + std %f14, [%o0 + 0x28] + std %f16, [%o0 + 0x30] + std %f18, [%o0 + 0x38] + std %f20, [%o0 + 0x40] + std %f22, [%o0 + 0x48] + std %f24, [%o0 + 0x50] + std %f26, [%o0 + 0x58] + std %f28, [%o0 + 0x60] + std %f30, [%o0 + 0x68] + std %f32, [%o0 + 0x70] + std %f34, [%o0 + 0x78] + std %f36, [%o0 + 0x80] + std %f38, [%o0 + 0x88] + std %f40, [%o0 + 0x90] + retl + std %f42, [%o0 + 0x98] + + SET_SIZE(t4_aes_expand128) + + + ENTRY(t4_aes_expand192) + +!load key + ld [%o1], %f0 + ld [%o1 + 0x4], %f1 + ld [%o1 + 0x8], %f2 + ld [%o1 + 0xc], %f3 + ld [%o1 + 0x10], %f4 + ld [%o1 + 0x14], %f5 + +!expand the key + !aes_kexpand1 %f0, %f4, 0x0, %f6 + !aes_kexpand2 %f2, %f6, %f8 + !aes_kexpand2 %f4, %f8, %f10 + + !aes_kexpand1 %f6, %f10, 0x1, %f12 + !aes_kexpand2 %f8, %f12, %f14 + !aes_kexpand2 %f10, %f14, %f16 + + !aes_kexpand1 %f12, %f16, 0x2, %f18 + !aes_kexpand2 %f14, %f18, %f20 + !aes_kexpand2 %f16, %f20, %f22 + + !aes_kexpand1 %f18, %f22, 0x3, %f24 + !aes_kexpand2 %f20, %f24, %f26 + !aes_kexpand2 %f22, %f26, %f28 + + !aes_kexpand1 %f24, %f28, 0x4, %f30 + !aes_kexpand2 %f26, %f30, %f32 + !aes_kexpand2 %f28, %f32, %f34 + + !aes_kexpand1 %f30, %f34, 0x5, %f36 + !aes_kexpand2 %f32, %f36, %f38 + !aes_kexpand2 %f34, %f38, %f40 + + !aes_kexpand1 %f36, %f40, 0x6, %f42 + !aes_kexpand2 %f38, %f42, %f44 + !aes_kexpand2 %f40, %f44, %f46 + + !aes_kexpand1 %f42, %f46, 0x7, %f48 + !aes_kexpand2 %f44, %f48, %f50 + .byte 0x8c, 0xc8, 0x01, 0x04 + .byte 0x91, 0xb0, 0xa6, 0x26 + .byte 0x95, 0xb1, 0x26, 0x28 + .byte 0x98, 0xc9, 0x83, 0x0a + .byte 0x9d, 0xb2, 0x26, 0x2c + .byte 0xa1, 0xb2, 0xa6, 0x2e + .byte 0xa4, 0xcb, 0x05, 0x10 + .byte 0xa9, 0xb3, 0xa6, 0x32 + .byte 0xad, 0xb4, 0x26, 0x34 + .byte 0xb0, 0xcc, 0x87, 0x16 + .byte 0xb5, 0xb5, 0x26, 0x38 + .byte 0xb9, 0xb5, 0xa6, 0x3a + .byte 0xbc, 0xce, 0x09, 0x1c + .byte 0x83, 0xb6, 0xa6, 0x3e + .byte 0x87, 0xb7, 0x26, 0x21 + .byte 0x8a, 0xcf, 0x8b, 0x03 + .byte 0x8f, 0xb0, 0x66, 0x25 + .byte 0x93, 0xb0, 0xe6, 0x27 + .byte 0x96, 0xc9, 0x4d, 0x09 + .byte 0x9b, 0xb1, 0xe6, 0x2b + .byte 0x9f, 0xb2, 0x66, 0x2d + .byte 0xa2, 0xca, 0xcf, 0x0f + .byte 0xa7, 0xb3, 0x66, 0x31 + +!copy expanded key back into array + std %f6, [%o0] + std %f8, [%o0 + 0x8] + std %f10, [%o0 + 0x10] + std %f12, [%o0 + 0x18] + std %f14, [%o0 + 0x20] + std %f16, [%o0 + 0x28] + std %f18, [%o0 + 0x30] + std %f20, [%o0 + 0x38] + std %f22, [%o0 + 0x40] + std %f24, [%o0 + 0x48] + std %f26, [%o0 + 0x50] + std %f28, [%o0 + 0x58] + std %f30, [%o0 + 0x60] + std %f32, [%o0 + 0x68] + std %f34, [%o0 + 0x70] + std %f36, [%o0 + 0x78] + std %f38, [%o0 + 0x80] + std %f40, [%o0 + 0x88] + std %f42, [%o0 + 0x90] + std %f44, [%o0 + 0x98] + std %f46, [%o0 + 0xa0] + std %f48, [%o0 + 0xa8] + retl + std %f50, [%o0 + 0xb0] + + SET_SIZE(t4_aes_expand192) + + + ENTRY(t4_aes_expand256) + +!load key + ld [%o1], %f0 + ld [%o1 + 0x4], %f1 + ld [%o1 + 0x8], %f2 + ld [%o1 + 0xc], %f3 + ld [%o1 + 0x10], %f4 + ld [%o1 + 0x14], %f5 + ld [%o1 + 0x18], %f6 + ld [%o1 + 0x1c], %f7 + +!expand the key + !aes_kexpand1 %f0, %f6, 0x0, %f8 + !aes_kexpand2 %f2, %f8, %f10 + !aes_kexpand0 %f4, %f10, %f12 + !aes_kexpand2 %f6, %f12, %f14 + + !aes_kexpand1 %f8, %f14, 0x1, %f16 + !aes_kexpand2 %f10, %f16, %f18 + !aes_kexpand0 %f12, %f18, %f20 + !aes_kexpand2 %f14, %f20, %f22 + + !aes_kexpand1 %f16, %f22, 0x2, %f24 + !aes_kexpand2 %f18, %f24, %f26 + !aes_kexpand0 %f20, %f26, %f28 + !aes_kexpand2 %f22, %f28, %f30 + + !aes_kexpand1 %f24, %f30, 0x3, %f32 + !aes_kexpand2 %f26, %f32, %f34 + !aes_kexpand0 %f28, %f34, %f36 + !aes_kexpand2 %f30, %f36, %f38 + + !aes_kexpand1 %f32, %f38, 0x4, %f40 + !aes_kexpand2 %f34, %f40, %f42 + !aes_kexpand0 %f36, %f42, %f44 + !aes_kexpand2 %f38, %f44, %f46 + + !aes_kexpand1 %f40, %f46, 0x5, %f48 + !aes_kexpand2 %f42, %f48, %f50 + !aes_kexpand0 %f44, %f50, %f52 + !aes_kexpand2 %f46, %f52, %f54 + + !aes_kexpand1 %f48, %f54, 0x6, %f56 + !aes_kexpand2 %f50, %f56, %f58 + .byte 0x90, 0xc8, 0x01, 0x06 + .byte 0x95, 0xb0, 0xa6, 0x28 + .byte 0x99, 0xb1, 0x26, 0x0a + .byte 0x9d, 0xb1, 0xa6, 0x2c + .byte 0xa0, 0xca, 0x03, 0x0e + .byte 0xa5, 0xb2, 0xa6, 0x30 + .byte 0xa9, 0xb3, 0x26, 0x12 + .byte 0xad, 0xb3, 0xa6, 0x34 + .byte 0xb0, 0xcc, 0x05, 0x16 + .byte 0xb5, 0xb4, 0xa6, 0x38 + .byte 0xb9, 0xb5, 0x26, 0x1a + .byte 0xbd, 0xb5, 0xa6, 0x3c + .byte 0x82, 0xce, 0x07, 0x1e + .byte 0x87, 0xb6, 0xa6, 0x21 + .byte 0x8b, 0xb7, 0x26, 0x03 + .byte 0x8f, 0xb7, 0xa6, 0x25 + .byte 0x92, 0xc8, 0x49, 0x07 + .byte 0x97, 0xb0, 0xe6, 0x29 + .byte 0x9b, 0xb1, 0x66, 0x0b + .byte 0x9f, 0xb1, 0xe6, 0x2d + .byte 0xa2, 0xca, 0x4b, 0x0f + .byte 0xa7, 0xb2, 0xe6, 0x31 + .byte 0xab, 0xb3, 0x66, 0x13 + .byte 0xaf, 0xb3, 0xe6, 0x35 + .byte 0xb2, 0xcc, 0x4d, 0x17 + .byte 0xb7, 0xb4, 0xe6, 0x39 + +!copy expanded key back into array + std %f8, [%o0] + std %f10, [%o0 + 0x8] + std %f12, [%o0 + 0x10] + std %f14, [%o0 + 0x18] + std %f16, [%o0 + 0x20] + std %f18, [%o0 + 0x28] + std %f20, [%o0 + 0x30] + std %f22, [%o0 + 0x38] + std %f24, [%o0 + 0x40] + std %f26, [%o0 + 0x48] + std %f28, [%o0 + 0x50] + std %f30, [%o0 + 0x58] + std %f32, [%o0 + 0x60] + std %f34, [%o0 + 0x68] + std %f36, [%o0 + 0x70] + std %f38, [%o0 + 0x78] + std %f40, [%o0 + 0x80] + std %f42, [%o0 + 0x88] + std %f44, [%o0 + 0x90] + std %f46, [%o0 + 0x98] + std %f48, [%o0 + 0xa0] + std %f50, [%o0 + 0xa8] + std %f52, [%o0 + 0xb0] + std %f54, [%o0 + 0xb8] + std %f56, [%o0 + 0xc0] + retl + std %f58, [%o0 + 0xc8] + + SET_SIZE(t4_aes_expand256) + + +#define FIRST_TWO_EROUNDS \ + .byte 0xb2, 0xc8, 0x3e, 0x1d ; \ + .byte 0xb6, 0xc8, 0xbe, 0x3d ; \ + .byte 0xba, 0xc9, 0x36, 0x19 ; \ + .byte 0xbe, 0xc9, 0xb6, 0x39 + !aes_eround01 %f0, %f60, %f62, %f56 ; \ + !aes_eround23 %f2, %f60, %f62, %f58 ; \ + !aes_eround01 %f4, %f56, %f58, %f60 ; \ + !aes_eround23 %f6, %f56, %f58, %f62 + +#define MID_TWO_EROUNDS \ + .byte 0xb2, 0xca, 0x3e, 0x1d ; \ + .byte 0xb6, 0xca, 0xbe, 0x3d ; \ + .byte 0xba, 0xcb, 0x36, 0x19 ; \ + .byte 0xbe, 0xcb, 0xb6, 0x39 + !aes_eround01 %f8, %f60, %f62, %f56 ; \ + !aes_eround23 %f10, %f60, %f62, %f58 ; \ + !aes_eround01 %f12, %f56, %f58, %f60 ; \ + !aes_eround23 %f14, %f56, %f58, %f62 + +#define MID_TWO_EROUNDS_2 \ + .byte 0x8c, 0xca, 0x04, 0x00 ; \ + .byte 0x88, 0xca, 0x84, 0x20 ; \ + .byte 0xb2, 0xca, 0x3e, 0x1d ; \ + .byte 0xb6, 0xca, 0xbe, 0x3d ; \ + .byte 0x80, 0xcb, 0x08, 0x06 ; \ + .byte 0x84, 0xcb, 0x88, 0x26 ; \ + .byte 0xba, 0xcb, 0x36, 0x19 ; \ + .byte 0xbe, 0xcb, 0xb6, 0x39 + !aes_eround01 %f8, %f0, %f2, %f6 ; \ + !aes_eround23 %f10, %f0, %f2, %f4 ; \ + !aes_eround01 %f8, %f60, %f62, %f56 ; \ + !aes_eround23 %f10, %f60, %f62, %f58 ; \ + !aes_eround01 %f12, %f6, %f4, %f0 ; \ + !aes_eround23 %f14, %f6, %f4, %f2 ; \ + !aes_eround01 %f12, %f56, %f58, %f60 ; \ + !aes_eround23 %f14, %f56, %f58, %f62 + +#define TEN_EROUNDS \ + .byte 0xb2, 0xcc, 0x3e, 0x1d ; \ + .byte 0xb6, 0xcc, 0xbe, 0x3d ; \ + .byte 0xba, 0xcd, 0x36, 0x19 ; \ + .byte 0xbe, 0xcd, 0xb6, 0x39 ; \ + .byte 0xb2, 0xce, 0x3e, 0x1d ; \ + .byte 0xb6, 0xce, 0xbe, 0x3d ; \ + .byte 0xba, 0xcf, 0x36, 0x19 ; \ + .byte 0xbe, 0xcf, 0xb6, 0x39 ; \ + .byte 0xb2, 0xc8, 0x7e, 0x1d ; \ + .byte 0xb6, 0xc8, 0xfe, 0x3d ; \ + .byte 0xba, 0xc9, 0x76, 0x19 ; \ + .byte 0xbe, 0xc9, 0xf6, 0x39 ; \ + .byte 0xb2, 0xca, 0x7e, 0x1d ; \ + .byte 0xb6, 0xca, 0xfe, 0x3d ; \ + .byte 0xba, 0xcb, 0x76, 0x19 ; \ + .byte 0xbe, 0xcb, 0xf6, 0x39 ; \ + .byte 0xb2, 0xcc, 0x7e, 0x1d ; \ + .byte 0xb6, 0xcc, 0xfe, 0x3d ; \ + .byte 0xba, 0xcd, 0x76, 0x99 ; \ + .byte 0xbe, 0xcd, 0xf6, 0xb9 + !aes_eround01 %f16, %f60, %f62, %f56 ; \ + !aes_eround23 %f18, %f60, %f62, %f58 ; \ + !aes_eround01 %f20, %f56, %f58, %f60 ; \ + !aes_eround23 %f22, %f56, %f58, %f62 ; \ + !aes_eround01 %f24, %f60, %f62, %f56 ; \ + !aes_eround23 %f26, %f60, %f62, %f58 ; \ + !aes_eround01 %f28, %f56, %f58, %f60 ; \ + !aes_eround23 %f30, %f56, %f58, %f62 ; \ + !aes_eround01 %f32, %f60, %f62, %f56 ; \ + !aes_eround23 %f34, %f60, %f62, %f58 ; \ + !aes_eround01 %f36, %f56, %f58, %f60 ; \ + !aes_eround23 %f38, %f56, %f58, %f62 ; \ + !aes_eround01 %f40, %f60, %f62, %f56 ; \ + !aes_eround23 %f42, %f60, %f62, %f58 ; \ + !aes_eround01 %f44, %f56, %f58, %f60 ; \ + !aes_eround23 %f46, %f56, %f58, %f62 ; \ + !aes_eround01 %f48, %f60, %f62, %f56 ; \ + !aes_eround23 %f50, %f60, %f62, %f58 ; \ + !aes_eround01_l %f52, %f56, %f58, %f60 ; \ + !aes_eround23_l %f54, %f56, %f58, %f62 + +#define TEN_EROUNDS_2 \ + .byte 0x8c, 0xcc, 0x04, 0x00 ; \ + .byte 0x88, 0xcc, 0x84, 0x20 ; \ + .byte 0xb2, 0xcc, 0x3e, 0x1d ; \ + .byte 0xb6, 0xcc, 0xbe, 0x3d ; \ + .byte 0x80, 0xcd, 0x08, 0x06 ; \ + .byte 0x84, 0xcd, 0x88, 0x26 ; \ + .byte 0xba, 0xcd, 0x36, 0x19 ; \ + .byte 0xbe, 0xcd, 0xb6, 0x39 ; \ + .byte 0x8c, 0xce, 0x04, 0x00 ; \ + .byte 0x88, 0xce, 0x84, 0x20 ; \ + .byte 0xb2, 0xce, 0x3e, 0x1d ; \ + .byte 0xb6, 0xce, 0xbe, 0x3d ; \ + .byte 0x80, 0xcf, 0x08, 0x06 ; \ + .byte 0x84, 0xcf, 0x88, 0x26 ; \ + .byte 0xba, 0xcf, 0x36, 0x19 ; \ + .byte 0xbe, 0xcf, 0xb6, 0x39 ; \ + .byte 0x8c, 0xc8, 0x44, 0x00 ; \ + .byte 0x88, 0xc8, 0xc4, 0x20 ; \ + .byte 0xb2, 0xc8, 0x7e, 0x1d ; \ + .byte 0xb6, 0xc8, 0xfe, 0x3d ; \ + .byte 0x80, 0xc9, 0x48, 0x06 ; \ + .byte 0x84, 0xc9, 0xc8, 0x26 ; \ + .byte 0xba, 0xc9, 0x76, 0x19 ; \ + .byte 0xbe, 0xc9, 0xf6, 0x39 ; \ + .byte 0x8c, 0xca, 0x44, 0x00 ; \ + .byte 0x88, 0xca, 0xc4, 0x20 ; \ + .byte 0xb2, 0xca, 0x7e, 0x1d ; \ + .byte 0xb6, 0xca, 0xfe, 0x3d ; \ + .byte 0x80, 0xcb, 0x48, 0x06 ; \ + .byte 0x84, 0xcb, 0xc8, 0x26 ; \ + .byte 0xba, 0xcb, 0x76, 0x19 ; \ + .byte 0xbe, 0xcb, 0xf6, 0x39 ; \ + .byte 0x8c, 0xcc, 0x44, 0x00 ; \ + .byte 0x88, 0xcc, 0xc4, 0x20 ; \ + .byte 0xb2, 0xcc, 0x7e, 0x1d ; \ + .byte 0xb6, 0xcc, 0xfe, 0x3d ; \ + .byte 0x80, 0xcd, 0x48, 0x86 ; \ + .byte 0x84, 0xcd, 0xc8, 0xa6 ; \ + .byte 0xba, 0xcd, 0x76, 0x99 ; \ + .byte 0xbe, 0xcd, 0xf6, 0xb9 + !aes_eround01 %f16, %f0, %f2, %f6 ; \ + !aes_eround23 %f18, %f0, %f2, %f4 ; \ + !aes_eround01 %f16, %f60, %f62, %f56 ; \ + !aes_eround23 %f18, %f60, %f62, %f58 ; \ + !aes_eround01 %f20, %f6, %f4, %f0 ; \ + !aes_eround23 %f22, %f6, %f4, %f2 ; \ + !aes_eround01 %f20, %f56, %f58, %f60 ; \ + !aes_eround23 %f22, %f56, %f58, %f62 ; \ + !aes_eround01 %f24, %f0, %f2, %f6 ; \ + !aes_eround23 %f26, %f0, %f2, %f4 ; \ + !aes_eround01 %f24, %f60, %f62, %f56 ; \ + !aes_eround23 %f26, %f60, %f62, %f58 ; \ + !aes_eround01 %f28, %f6, %f4, %f0 ; \ + !aes_eround23 %f30, %f6, %f4, %f2 ; \ + !aes_eround01 %f28, %f56, %f58, %f60 ; \ + !aes_eround23 %f30, %f56, %f58, %f62 ; \ + !aes_eround01 %f32, %f0, %f2, %f6 ; \ + !aes_eround23 %f34, %f0, %f2, %f4 ; \ + !aes_eround01 %f32, %f60, %f62, %f56 ; \ + !aes_eround23 %f34, %f60, %f62, %f58 ; \ + !aes_eround01 %f36, %f6, %f4, %f0 ; \ + !aes_eround23 %f38, %f6, %f4, %f2 ; \ + !aes_eround01 %f36, %f56, %f58, %f60 ; \ + !aes_eround23 %f38, %f56, %f58, %f62 ; \ + !aes_eround01 %f40, %f0, %f2, %f6 ; \ + !aes_eround23 %f42, %f0, %f2, %f4 ; \ + !aes_eround01 %f40, %f60, %f62, %f56 ; \ + !aes_eround23 %f42, %f60, %f62, %f58 ; \ + !aes_eround01 %f44, %f6, %f4, %f0 ; \ + !aes_eround23 %f46, %f6, %f4, %f2 ; \ + !aes_eround01 %f44, %f56, %f58, %f60 ; \ + !aes_eround23 %f46, %f56, %f58, %f62 ; \ + !aes_eround01 %f48, %f0, %f2, %f6 ; \ + !aes_eround23 %f50, %f0, %f2, %f4 ; \ + !aes_eround01 %f48, %f60, %f62, %f56 ; \ + !aes_eround23 %f50, %f60, %f62, %f58 ; \ + !aes_eround01_l %f52, %f6, %f4, %f0 ; \ + !aes_eround23_l %f54, %f6, %f4, %f2 ; \ + !aes_eround01_l %f52, %f56, %f58, %f60 ; \ + !aes_eround23_l %f54, %f56, %f58, %f62 + +#define TWELVE_EROUNDS \ + MID_TWO_EROUNDS ; \ + TEN_EROUNDS + +#define TWELVE_EROUNDS_2 \ + MID_TWO_EROUNDS_2 ; \ + TEN_EROUNDS_2 + +#define FOURTEEN_EROUNDS \ + FIRST_TWO_EROUNDS ; \ + TWELVE_EROUNDS + +#define FOURTEEN_EROUNDS_2 \ + .byte 0xb0, 0xc8, 0x2c, 0x14 ; \ + .byte 0xac, 0xc8, 0xac, 0x34 ; \ + ldd [%o0 + 0x60], %f20 ; \ + .byte 0xb2, 0xc8, 0x3e, 0x1d ; \ + .byte 0xb6, 0xc8, 0xbe, 0x3d ; \ + .byte 0x80, 0xc9, 0x2c, 0x18 ; \ + .byte 0x84, 0xc9, 0xac, 0x38 ;\ + ldd [%o0 + 0x68], %f22 ; \ + .byte 0xba, 0xc9, 0x36, 0x19 ; \ + ldd [%o0 + 0x70], %f24 ; \ + .byte 0xbe, 0xc9, 0xb6, 0x39 ; \ + .byte 0x8c, 0xca, 0x04, 0x00 ; \ + .byte 0x88, 0xca, 0x84, 0x20 ; \ + .byte 0xb2, 0xca, 0x3e, 0x1d ; \ + .byte 0xb6, 0xca, 0xbe, 0x3d ; \ + .byte 0x80, 0xcb, 0x08, 0x06 ; \ + .byte 0x84, 0xcb, 0x88, 0x26 ; \ + .byte 0xba, 0xcb, 0x36, 0x19 ; \ + .byte 0xbe, 0xcb, 0xb6, 0x39 ; \ + .byte 0x8c, 0xcc, 0x04, 0x00 ; \ + .byte 0x88, 0xcc, 0x84, 0x20 ; \ + .byte 0xb2, 0xcc, 0x3e, 0x1d ; \ + .byte 0xb6, 0xcc, 0xbe, 0x3d ; \ + .byte 0x80, 0xcd, 0x08, 0x06 ; \ + .byte 0x84, 0xcd, 0x88, 0x26 ; \ + .byte 0xba, 0xcd, 0x36, 0x19 ; \ + .byte 0xbe, 0xcd, 0xb6, 0x39 ; \ + .byte 0x8c, 0xce, 0x04, 0x00 ; \ + .byte 0x88, 0xce, 0x84, 0x20 ; \ + .byte 0xb2, 0xce, 0x3e, 0x1d ; \ + .byte 0xb6, 0xce, 0xbe, 0x3d ; \ + .byte 0x80, 0xcf, 0x08, 0x06 ; \ + .byte 0x84, 0xcf, 0x88, 0x26 ; \ + .byte 0xba, 0xcf, 0x36, 0x19 ; \ + .byte 0xbe, 0xcf, 0xb6, 0x39 ; \ + .byte 0x8c, 0xc8, 0x44, 0x00 ; \ + .byte 0x88, 0xc8, 0xc4, 0x20 ; \ + .byte 0xb2, 0xc8, 0x7e, 0x1d ; \ + .byte 0xb6, 0xc8, 0xfe, 0x3d ; \ + .byte 0x80, 0xc9, 0x48, 0x06 ; \ + .byte 0x84, 0xc9, 0xc8, 0x26 ; \ + .byte 0xba, 0xc9, 0x76, 0x19 ; \ + .byte 0xbe, 0xc9, 0xf6, 0x39 ; \ + .byte 0x8c, 0xca, 0x44, 0x00 ; \ + .byte 0x88, 0xca, 0xc4, 0x20 ; \ + .byte 0xb2, 0xca, 0x7e, 0x1d ; \ + .byte 0xb6, 0xca, 0xfe, 0x3d ; \ + .byte 0x80, 0xcb, 0x48, 0x06 ; \ + .byte 0x84, 0xcb, 0xc8, 0x26 ; \ + .byte 0xba, 0xcb, 0x76, 0x19 ; \ + .byte 0xbe, 0xcb, 0xf6, 0x39 ; \ + .byte 0x8c, 0xcc, 0x44, 0x00 ; \ + .byte 0x88, 0xcc, 0xc4, 0x20 ; \ + ldd [%o0 + 0x10], %f0 ; \ + .byte 0xb2, 0xcc, 0x7e, 0x1d ; \ + ldd [%o0 + 0x18], %f2 ; \ + .byte 0xb6, 0xcc, 0xfe, 0x3d ; \ + .byte 0xa8, 0xcd, 0x48, 0x86 ; \ + .byte 0xac, 0xcd, 0xc8, 0xa6 ; \ + ldd [%o0 + 0x20], %f4 ; \ + .byte 0xba, 0xcd, 0x76, 0x99 ; \ + ldd [%o0 + 0x28], %f6 ; \ + .byte 0xbe, 0xcd, 0xf6, 0xb9 + !aes_eround01 %f0, %f20, %f22, %f24 ; \ + !aes_eround23 %f2, %f20, %f22, %f22 ; \ + !ldd [%o0 + 0x60], %f20 ; \ + !aes_eround01 %f0, %f60, %f62, %f56 ; \ + !aes_eround23 %f2, %f60, %f62, %f58 ; \ + !aes_eround01 %f4, %f24, %f22, %f0 ; \ + !aes_eround23 %f6, %f24, %f22, %f2 ; \ + !ldd [%o0 + 0x68], %f22 ; \ + !aes_eround01 %f4, %f56, %f58, %f60 ; \ + !ldd [%o0 + 0x70], %f24 ; \ + !aes_eround23 %f6, %f56, %f58, %f62 ; \ + !aes_eround01 %f8, %f0, %f2, %f6 ; \ + !aes_eround23 %f10, %f0, %f2, %f4 ; \ + !aes_eround01 %f8, %f60, %f62, %f56 ; \ + !aes_eround23 %f10, %f60, %f62, %f58 ; \ + !aes_eround01 %f12, %f6, %f4, %f0 ; \ + !aes_eround23 %f14, %f6, %f4, %f2 ; \ + !aes_eround01 %f12, %f56, %f58, %f60 ; \ + !aes_eround23 %f14, %f56, %f58, %f62 ; \ + !aes_eround01 %f16, %f0, %f2, %f6 ; \ + !aes_eround23 %f18, %f0, %f2, %f4 ; \ + !aes_eround01 %f16, %f60, %f62, %f56 ; \ + !aes_eround23 %f18, %f60, %f62, %f58 ; \ + !aes_eround01 %f20, %f6, %f4, %f0 ; \ + !aes_eround23 %f22, %f6, %f4, %f2 ; \ + !aes_eround01 %f20, %f56, %f58, %f60 ; \ + !aes_eround23 %f22, %f56, %f58, %f62 ; \ + !aes_eround01 %f24, %f0, %f2, %f6 ; \ + !aes_eround23 %f26, %f0, %f2, %f4 ; \ + !aes_eround01 %f24, %f60, %f62, %f56 ; \ + !aes_eround23 %f26, %f60, %f62, %f58 ; \ + !aes_eround01 %f28, %f6, %f4, %f0 ; \ + !aes_eround23 %f30, %f6, %f4, %f2 ; \ + !aes_eround01 %f28, %f56, %f58, %f60 ; \ + !aes_eround23 %f30, %f56, %f58, %f62 ; \ + !aes_eround01 %f32, %f0, %f2, %f6 ; \ + !aes_eround23 %f34, %f0, %f2, %f4 ; \ + !aes_eround01 %f32, %f60, %f62, %f56 ; \ + !aes_eround23 %f34, %f60, %f62, %f58 ; \ + !aes_eround01 %f36, %f6, %f4, %f0 ; \ + !aes_eround23 %f38, %f6, %f4, %f2 ; \ + !aes_eround01 %f36, %f56, %f58, %f60 ; \ + !aes_eround23 %f38, %f56, %f58, %f62 ; \ + !aes_eround01 %f40, %f0, %f2, %f6 ; \ + !aes_eround23 %f42, %f0, %f2, %f4 ; \ + !aes_eround01 %f40, %f60, %f62, %f56 ; \ + !aes_eround23 %f42, %f60, %f62, %f58 ; \ + !aes_eround01 %f44, %f6, %f4, %f0 ; \ + !aes_eround23 %f46, %f6, %f4, %f2 ; \ + !aes_eround01 %f44, %f56, %f58, %f60 ; \ + !aes_eround23 %f46, %f56, %f58, %f62 ; \ + !aes_eround01 %f48, %f0, %f2, %f6 ; \ + !aes_eround23 %f50, %f0, %f2, %f4 ; \ + !ldd [%o0 + 0x10], %f0 ; \ + !aes_eround01 %f48, %f60, %f62, %f56 ; \ + !ldd [%o0 + 0x18], %f2 ; \ + !aes_eround23 %f50, %f60, %f62, %f58 ; \ + !aes_eround01_l %f52, %f6, %f4, %f20 ; \ + !aes_eround23_l %f54, %f6, %f4, %f22 ; \ + !ldd [%o0 + 0x20], %f4 ; \ + !aes_eround01_l %f52, %f56, %f58, %f60 ; \ + !ldd [%o0 + 0x28], %f6 ; \ + !aes_eround23_l %f54, %f56, %f58, %f62 + +#define FIRST_TWO_DROUNDS \ + .byte 0xb2, 0xc8, 0x3e, 0x5d ; \ + .byte 0xb6, 0xc8, 0xbe, 0x7d ; \ + .byte 0xba, 0xc9, 0x36, 0x59 ; \ + .byte 0xbe, 0xc9, 0xb6, 0x79 + !aes_dround01 %f0, %f60, %f62, %f56 ; \ + !aes_dround23 %f2, %f60, %f62, %f58 ; \ + !aes_dround01 %f4, %f56, %f58, %f60 ; \ + !aes_dround23 %f6, %f56, %f58, %f62 + +#define MID_TWO_DROUNDS \ + .byte 0xb2, 0xca, 0x3e, 0x5d ; \ + .byte 0xb6, 0xca, 0xbe, 0x7d ; \ + .byte 0xba, 0xcb, 0x36, 0x59 ; \ + .byte 0xbe, 0xcb, 0xb6, 0x79 + !aes_dround01 %f8, %f60, %f62, %f56 ; \ + !aes_dround23 %f10, %f60, %f62, %f58 ; \ + !aes_dround01 %f12, %f56, %f58, %f60 ; \ + !aes_dround23 %f14, %f56, %f58, %f62 + +#define MID_TWO_DROUNDS_2 \ + .byte 0x8c, 0xca, 0x04, 0x40 ; \ + .byte 0x88, 0xca, 0x84, 0x60 ; \ + .byte 0xb2, 0xca, 0x3e, 0x5d ; \ + .byte 0xb6, 0xca, 0xbe, 0x7d ; \ + .byte 0x80, 0xcb, 0x08, 0x46 ; \ + .byte 0x84, 0xcb, 0x88, 0x66 ; \ + .byte 0xba, 0xcb, 0x36, 0x59 ; \ + .byte 0xbe, 0xcb, 0xb6, 0x79 + !aes_dround01 %f8, %f0, %f2, %f6 ; \ + !aes_dround23 %f10, %f0, %f2, %f4 ; \ + !aes_dround01 %f8, %f60, %f62, %f56 ; \ + !aes_dround23 %f10, %f60, %f62, %f58 ; \ + !aes_dround01 %f12, %f6, %f4, %f0 ; \ + !aes_dround23 %f14, %f6, %f4, %f2 ; \ + !aes_dround01 %f12, %f56, %f58, %f60 ; \ + !aes_dround23 %f14, %f56, %f58, %f62 + +#define TEN_DROUNDS \ + .byte 0xb2, 0xcc, 0x3e, 0x5d ; \ + .byte 0xb6, 0xcc, 0xbe, 0x7d ; \ + .byte 0xba, 0xcd, 0x36, 0x59 ; \ + .byte 0xbe, 0xcd, 0xb6, 0x79 ; \ + .byte 0xb2, 0xce, 0x3e, 0x5d ; \ + .byte 0xb6, 0xce, 0xbe, 0x7d ; \ + .byte 0xba, 0xcf, 0x36, 0x59 ; \ + .byte 0xbe, 0xcf, 0xb6, 0x79 ; \ + .byte 0xb2, 0xc8, 0x7e, 0x5d ; \ + .byte 0xb6, 0xc8, 0xfe, 0x7d ; \ + .byte 0xba, 0xc9, 0x76, 0x59 ; \ + .byte 0xbe, 0xc9, 0xf6, 0x79 ; \ + .byte 0xb2, 0xca, 0x7e, 0x5d ; \ + .byte 0xb6, 0xca, 0xfe, 0x7d ; \ + .byte 0xba, 0xcb, 0x76, 0x59 ; \ + .byte 0xbe, 0xcb, 0xf6, 0x79 ; \ + .byte 0xb2, 0xcc, 0x7e, 0x5d ; \ + .byte 0xb6, 0xcc, 0xfe, 0x7d ; \ + .byte 0xba, 0xcd, 0x76, 0xd9 ; \ + .byte 0xbe, 0xcd, 0xf6, 0xf9 + !aes_dround01 %f16, %f60, %f62, %f56 ; \ + !aes_dround23 %f18, %f60, %f62, %f58 ; \ + !aes_dround01 %f20, %f56, %f58, %f60 ; \ + !aes_dround23 %f22, %f56, %f58, %f62 ; \ + !aes_dround01 %f24, %f60, %f62, %f56 ; \ + !aes_dround23 %f26, %f60, %f62, %f58 ; \ + !aes_dround01 %f28, %f56, %f58, %f60 ; \ + !aes_dround23 %f30, %f56, %f58, %f62 ; \ + !aes_dround01 %f32, %f60, %f62, %f56 ; \ + !aes_dround23 %f34, %f60, %f62, %f58 ; \ + !aes_dround01 %f36, %f56, %f58, %f60 ; \ + !aes_dround23 %f38, %f56, %f58, %f62 ; \ + !aes_dround01 %f40, %f60, %f62, %f56 ; \ + !aes_dround23 %f42, %f60, %f62, %f58 ; \ + !aes_dround01 %f44, %f56, %f58, %f60 ; \ + !aes_dround23 %f46, %f56, %f58, %f62 ; \ + !aes_dround01 %f48, %f60, %f62, %f56 ; \ + !aes_dround23 %f50, %f60, %f62, %f58 ; \ + !aes_dround01_l %f52, %f56, %f58, %f60 ; \ + !aes_dround23_l %f54, %f56, %f58, %f62 + +#define TEN_DROUNDS_2 \ + .byte 0x8c, 0xcc, 0x04, 0x40 ; \ + .byte 0x88, 0xcc, 0x84, 0x60 ; \ + .byte 0xb2, 0xcc, 0x3e, 0x5d ; \ + .byte 0xb6, 0xcc, 0xbe, 0x7d ; \ + .byte 0x80, 0xcd, 0x08, 0x46 ; \ + .byte 0x84, 0xcd, 0x88, 0x66 ; \ + .byte 0xba, 0xcd, 0x36, 0x59 ; \ + .byte 0xbe, 0xcd, 0xb6, 0x79 ; \ + .byte 0x8c, 0xce, 0x04, 0x40 ; \ + .byte 0x88, 0xce, 0x84, 0x60 ; \ + .byte 0xb2, 0xce, 0x3e, 0x5d ; \ + .byte 0xb6, 0xce, 0xbe, 0x7d ; \ + .byte 0x80, 0xcf, 0x08, 0x46 ; \ + .byte 0x84, 0xcf, 0x88, 0x66 ; \ + .byte 0xba, 0xcf, 0x36, 0x59 ; \ + .byte 0xbe, 0xcf, 0xb6, 0x79 ; \ + .byte 0x8c, 0xc8, 0x44, 0x40 ; \ + .byte 0x88, 0xc8, 0xc4, 0x60 ; \ + .byte 0xb2, 0xc8, 0x7e, 0x5d ; \ + .byte 0xb6, 0xc8, 0xfe, 0x7d ; \ + .byte 0x80, 0xc9, 0x48, 0x46 ; \ + .byte 0x84, 0xc9, 0xc8, 0x66 ; \ + .byte 0xba, 0xc9, 0x76, 0x59 ; \ + .byte 0xbe, 0xc9, 0xf6, 0x79 ; \ + .byte 0x8c, 0xca, 0x44, 0x40 ; \ + .byte 0x88, 0xca, 0xc4, 0x60 ; \ + .byte 0xb2, 0xca, 0x7e, 0x5d ; \ + .byte 0xb6, 0xca, 0xfe, 0x7d ; \ + .byte 0x80, 0xcb, 0x48, 0x46 ; \ + .byte 0x84, 0xcb, 0xc8, 0x66 ; \ + .byte 0xba, 0xcb, 0x76, 0x59 ; \ + .byte 0xbe, 0xcb, 0xf6, 0x79 ; \ + .byte 0x8c, 0xcc, 0x44, 0x40 ; \ + .byte 0x88, 0xcc, 0xc4, 0x60 ; \ + .byte 0xb2, 0xcc, 0x7e, 0x5d ; \ + .byte 0xb6, 0xcc, 0xfe, 0x7d ; \ + .byte 0x80, 0xcd, 0x48, 0xc6 ; \ + .byte 0x84, 0xcd, 0xc8, 0xe6 ; \ + .byte 0xba, 0xcd, 0x76, 0xd9 ; \ + .byte 0xbe, 0xcd, 0xf6, 0xf9 + !aes_dround01 %f16, %f0, %f2, %f6 ; \ + !aes_dround23 %f18, %f0, %f2, %f4 ; \ + !aes_dround01 %f16, %f60, %f62, %f56 ; \ + !aes_dround23 %f18, %f60, %f62, %f58 ; \ + !aes_dround01 %f20, %f6, %f4, %f0 ; \ + !aes_dround23 %f22, %f6, %f4, %f2 ; \ + !aes_dround01 %f20, %f56, %f58, %f60 ; \ + !aes_dround23 %f22, %f56, %f58, %f62 ; \ + !aes_dround01 %f24, %f0, %f2, %f6 ; \ + !aes_dround23 %f26, %f0, %f2, %f4 ; \ + !aes_dround01 %f24, %f60, %f62, %f56 ; \ + !aes_dround23 %f26, %f60, %f62, %f58 ; \ + !aes_dround01 %f28, %f6, %f4, %f0 ; \ + !aes_dround23 %f30, %f6, %f4, %f2 ; \ + !aes_dround01 %f28, %f56, %f58, %f60 ; \ + !aes_dround23 %f30, %f56, %f58, %f62 ; \ + !aes_dround01 %f32, %f0, %f2, %f6 ; \ + !aes_dround23 %f34, %f0, %f2, %f4 ; \ + !aes_dround01 %f32, %f60, %f62, %f56 ; \ + !aes_dround23 %f34, %f60, %f62, %f58 ; \ + !aes_dround01 %f36, %f6, %f4, %f0 ; \ + !aes_dround23 %f38, %f6, %f4, %f2 ; \ + !aes_dround01 %f36, %f56, %f58, %f60 ; \ + !aes_dround23 %f38, %f56, %f58, %f62 ; \ + !aes_dround01 %f40, %f0, %f2, %f6 ; \ + !aes_dround23 %f42, %f0, %f2, %f4 ; \ + !aes_dround01 %f40, %f60, %f62, %f56 ; \ + !aes_dround23 %f42, %f60, %f62, %f58 ; \ + !aes_dround01 %f44, %f6, %f4, %f0 ; \ + !aes_dround23 %f46, %f6, %f4, %f2 ; \ + !aes_dround01 %f44, %f56, %f58, %f60 ; \ + !aes_dround23 %f46, %f56, %f58, %f62 ; \ + !aes_dround01 %f48, %f0, %f2, %f6 ; \ + !aes_dround23 %f50, %f0, %f2, %f4 ; \ + !aes_dround01 %f48, %f60, %f62, %f56 ; \ + !aes_dround23 %f50, %f60, %f62, %f58 ; \ + !aes_dround01_l %f52, %f6, %f4, %f0 ; \ + !aes_dround23_l %f54, %f6, %f4, %f2 ; \ + !aes_dround01_l %f52, %f56, %f58, %f60 ; \ + !aes_dround23_l %f54, %f56, %f58, %f62 + +#define TWELVE_DROUNDS \ + MID_TWO_DROUNDS ; \ + TEN_DROUNDS + +#define TWELVE_DROUNDS_2 \ + MID_TWO_DROUNDS_2 ; \ + TEN_DROUNDS_2 + +#define FOURTEEN_DROUNDS \ + FIRST_TWO_DROUNDS ; \ + TWELVE_DROUNDS + +#define FOURTEEN_DROUNDS_2 \ + .byte 0xb0, 0xc8, 0x2c, 0x54 ; \ + .byte 0xac, 0xc8, 0xac, 0x74 ; \ + ldd [%o0 + 0x80], %f20 ; \ + .byte 0xb2, 0xc8, 0x3e, 0x5d ; \ + .byte 0xb6, 0xc8, 0xbe, 0x7d ; \ + .byte 0x80, 0xc9, 0x2c, 0x58 ; \ + .byte 0x84, 0xc9, 0xac, 0x78 ; \ + ldd [%o0 + 0x88], %f22 ; \ + .byte 0xba, 0xc9, 0x36, 0x59 ; \ + ldd [%o0 + 0x70], %f24 ; \ + .byte 0xbe, 0xc9, 0xb6, 0x79 ; \ + .byte 0x8c, 0xca, 0x04, 0x40 ; \ + .byte 0x88, 0xca, 0x84, 0x60 ; \ + .byte 0xb2, 0xca, 0x3e, 0x5d ; \ + .byte 0xb6, 0xca, 0xbe, 0x7d ; \ + .byte 0x80, 0xcb, 0x08, 0x46 ; \ + .byte 0x84, 0xcb, 0x88, 0x66 ; \ + .byte 0xba, 0xcb, 0x36, 0x59 ; \ + .byte 0xbe, 0xcb, 0xb6, 0x79 ; \ + .byte 0x8c, 0xcc, 0x04, 0x40 ; \ + .byte 0x88, 0xcc, 0x84, 0x60 ; \ + .byte 0xb2, 0xcc, 0x3e, 0x5d ; \ + .byte 0xb6, 0xcc, 0xbe, 0x7d ; \ + .byte 0x80, 0xcd, 0x08, 0x46 ; \ + .byte 0x84, 0xcd, 0x88, 0x66 ; \ + .byte 0xba, 0xcd, 0x36, 0x59 ; \ + .byte 0xbe, 0xcd, 0xb6, 0x79 ; \ + .byte 0x8c, 0xce, 0x04, 0x40 ; \ + .byte 0x88, 0xce, 0x84, 0x60 ; \ + .byte 0xb2, 0xce, 0x3e, 0x5d ; \ + .byte 0xb6, 0xce, 0xbe, 0x7d ; \ + .byte 0x80, 0xcf, 0x08, 0x46 ; \ + .byte 0x84, 0xcf, 0x88, 0x66 ; \ + .byte 0xba, 0xcf, 0x36, 0x59 ; \ + .byte 0xbe, 0xcf, 0xb6, 0x79 ; \ + .byte 0x8c, 0xc8, 0x44, 0x40 ; \ + .byte 0x88, 0xc8, 0xc4, 0x60 ; \ + .byte 0xb2, 0xc8, 0x7e, 0x5d ; \ + .byte 0xb6, 0xc8, 0xfe, 0x7d ; \ + .byte 0x80, 0xc9, 0x48, 0x46 ; \ + .byte 0x84, 0xc9, 0xc8, 0x66 ; \ + .byte 0xba, 0xc9, 0x76, 0x59 ; \ + .byte 0xbe, 0xc9, 0xf6, 0x79 ; \ + .byte 0x8c, 0xca, 0x44, 0x40 ; \ + .byte 0x88, 0xca, 0xc4, 0x60 ; \ + .byte 0xb2, 0xca, 0x7e, 0x5d ; \ + .byte 0xb6, 0xca, 0xfe, 0x7d ; \ + .byte 0x80, 0xcb, 0x48, 0x46 ; \ + .byte 0x84, 0xcb, 0xc8, 0x66 ; \ + .byte 0xba, 0xcb, 0x76, 0x59 ; \ + .byte 0xbe, 0xcb, 0xf6, 0x79 ; \ + .byte 0x8c, 0xcc, 0x44, 0x40 ; \ + .byte 0x88, 0xcc, 0xc4, 0x60 ; \ + ldd [%o0 + 0xd0], %f0 ; \ + .byte 0xb2, 0xcc, 0x7e, 0x5d ; \ + ldd [%o0 + 0xd8], %f2 ; \ + .byte 0xb6, 0xcc, 0xfe, 0x7d ; \ + .byte 0xa8, 0xcd, 0x48, 0xc6 ; \ + .byte 0xac, 0xcd, 0xc8, 0xe6 ; \ + ldd [%o0 + 0xc0], %f4 ; \ + .byte 0xba, 0xcd, 0x76, 0xd9 ; \ + ldd [%o0 + 0xc8], %f6 ; \ + .byte 0xbe, 0xcd, 0xf6, 0xf9 + !aes_dround01 %f0, %f20, %f22, %f24 ; \ + !aes_dround23 %f2, %f20, %f22, %f22 ; \ + !ldd [%o0 + 0x80], %f20 ; \ + !aes_dround01 %f0, %f60, %f62, %f56 ; \ + !aes_dround23 %f2, %f60, %f62, %f58 ; \ + !aes_dround01 %f4, %f24, %f22, %f0 ; \ + !aes_dround23 %f6, %f24, %f22, %f2 ; \ + !ldd [%o0 + 0x88], %f22 ; \ + !aes_dround01 %f4, %f56, %f58, %f60 ; \ + !ldd [%o0 + 0x70], %f24 ; \ + !aes_dround23 %f6, %f56, %f58, %f62 ; \ + !aes_dround01 %f8, %f0, %f2, %f6 ; \ + !aes_dround23 %f10, %f0, %f2, %f4 ; \ + !aes_dround01 %f8, %f60, %f62, %f56 ; \ + !aes_dround23 %f10, %f60, %f62, %f58 ; \ + !aes_dround01 %f12, %f6, %f4, %f0 ; \ + !aes_dround23 %f14, %f6, %f4, %f2 ; \ + !aes_dround01 %f12, %f56, %f58, %f60 ; \ + !aes_dround23 %f14, %f56, %f58, %f62 ; \ + !aes_dround01 %f16, %f0, %f2, %f6 ; \ + !aes_dround23 %f18, %f0, %f2, %f4 ; \ + !aes_dround01 %f16, %f60, %f62, %f56 ; \ + !aes_dround23 %f18, %f60, %f62, %f58 ; \ + !aes_dround01 %f20, %f6, %f4, %f0 ; \ + !aes_dround23 %f22, %f6, %f4, %f2 ; \ + !aes_dround01 %f20, %f56, %f58, %f60 ; \ + !aes_dround23 %f22, %f56, %f58, %f62 ; \ + !aes_dround01 %f24, %f0, %f2, %f6 ; \ + !aes_dround23 %f26, %f0, %f2, %f4 ; \ + !aes_dround01 %f24, %f60, %f62, %f56 ; \ + !aes_dround23 %f26, %f60, %f62, %f58 ; \ + !aes_dround01 %f28, %f6, %f4, %f0 ; \ + !aes_dround23 %f30, %f6, %f4, %f2 ; \ + !aes_dround01 %f28, %f56, %f58, %f60 ; \ + !aes_dround23 %f30, %f56, %f58, %f62 ; \ + !aes_dround01 %f32, %f0, %f2, %f6 ; \ + !aes_dround23 %f34, %f0, %f2, %f4 ; \ + !aes_dround01 %f32, %f60, %f62, %f56 ; \ + !aes_dround23 %f34, %f60, %f62, %f58 ; \ + !aes_dround01 %f36, %f6, %f4, %f0 ; \ + !aes_dround23 %f38, %f6, %f4, %f2 ; \ + !aes_dround01 %f36, %f56, %f58, %f60 ; \ + !aes_dround23 %f38, %f56, %f58, %f62 ; \ + !aes_dround01 %f40, %f0, %f2, %f6 ; \ + !aes_dround23 %f42, %f0, %f2, %f4 ; \ + !aes_dround01 %f40, %f60, %f62, %f56 ; \ + !aes_dround23 %f42, %f60, %f62, %f58 ; \ + !aes_dround01 %f44, %f6, %f4, %f0 ; \ + !aes_dround23 %f46, %f6, %f4, %f2 ; \ + !aes_dround01 %f44, %f56, %f58, %f60 ; \ + !aes_dround23 %f46, %f56, %f58, %f62 ; \ + !aes_dround01 %f48, %f0, %f2, %f6 ; \ + !aes_dround23 %f50, %f0, %f2, %f4 ; \ + !ldd [%o0 + 0xd0], %f0 ; \ + !aes_dround01 %f48, %f60, %f62, %f56 ; \ + !ldd [%o0 + 0xd8], %f2 ; \ + !aes_dround23 %f50, %f60, %f62, %f58 ; \ + !aes_dround01_l %f52, %f6, %f4, %f20 ; \ + !aes_dround23_l %f54, %f6, %f4, %f22 ; \ + !ldd [%o0 + 0xc0], %f4 ; \ + !aes_dround01_l %f52, %f56, %f58, %f60 ; \ + !ldd [%o0 + 0xc8], %f6 ; \ + !aes_dround23_l %f54, %f56, %f58, %f62 + + + ENTRY(t4_aes128_load_keys_for_encrypt) + + ldd [%o0 + 0x10], %f16 + ldd [%o0 + 0x18], %f18 + ldd [%o0 + 0x20], %f20 + ldd [%o0 + 0x28], %f22 + ldd [%o0 + 0x30], %f24 + ldd [%o0 + 0x38], %f26 + ldd [%o0 + 0x40], %f28 + ldd [%o0 + 0x48], %f30 + ldd [%o0 + 0x50], %f32 + ldd [%o0 + 0x58], %f34 + ldd [%o0 + 0x60], %f36 + ldd [%o0 + 0x68], %f38 + ldd [%o0 + 0x70], %f40 + ldd [%o0 + 0x78], %f42 + ldd [%o0 + 0x80], %f44 + ldd [%o0 + 0x88], %f46 + ldd [%o0 + 0x90], %f48 + ldd [%o0 + 0x98], %f50 + ldd [%o0 + 0xa0], %f52 + retl + ldd [%o0 + 0xa8], %f54 + + SET_SIZE(t4_aes128_load_keys_for_encrypt) + + + ENTRY(t4_aes192_load_keys_for_encrypt) + + ldd [%o0 + 0x10], %f8 + ldd [%o0 + 0x18], %f10 + ldd [%o0 + 0x20], %f12 + ldd [%o0 + 0x28], %f14 + ldd [%o0 + 0x30], %f16 + ldd [%o0 + 0x38], %f18 + ldd [%o0 + 0x40], %f20 + ldd [%o0 + 0x48], %f22 + ldd [%o0 + 0x50], %f24 + ldd [%o0 + 0x58], %f26 + ldd [%o0 + 0x60], %f28 + ldd [%o0 + 0x68], %f30 + ldd [%o0 + 0x70], %f32 + ldd [%o0 + 0x78], %f34 + ldd [%o0 + 0x80], %f36 + ldd [%o0 + 0x88], %f38 + ldd [%o0 + 0x90], %f40 + ldd [%o0 + 0x98], %f42 + ldd [%o0 + 0xa0], %f44 + ldd [%o0 + 0xa8], %f46 + ldd [%o0 + 0xb0], %f48 + ldd [%o0 + 0xb8], %f50 + ldd [%o0 + 0xc0], %f52 + retl + ldd [%o0 + 0xc8], %f54 + + SET_SIZE(t4_aes192_load_keys_for_encrypt) + + + ENTRY(t4_aes256_load_keys_for_encrypt) + + ldd [%o0 + 0x10], %f0 + ldd [%o0 + 0x18], %f2 + ldd [%o0 + 0x20], %f4 + ldd [%o0 + 0x28], %f6 + ldd [%o0 + 0x30], %f8 + ldd [%o0 + 0x38], %f10 + ldd [%o0 + 0x40], %f12 + ldd [%o0 + 0x48], %f14 + ldd [%o0 + 0x50], %f16 + ldd [%o0 + 0x58], %f18 + ldd [%o0 + 0x60], %f20 + ldd [%o0 + 0x68], %f22 + ldd [%o0 + 0x70], %f24 + ldd [%o0 + 0x78], %f26 + ldd [%o0 + 0x80], %f28 + ldd [%o0 + 0x88], %f30 + ldd [%o0 + 0x90], %f32 + ldd [%o0 + 0x98], %f34 + ldd [%o0 + 0xa0], %f36 + ldd [%o0 + 0xa8], %f38 + ldd [%o0 + 0xb0], %f40 + ldd [%o0 + 0xb8], %f42 + ldd [%o0 + 0xc0], %f44 + ldd [%o0 + 0xc8], %f46 + ldd [%o0 + 0xd0], %f48 + ldd [%o0 + 0xd8], %f50 + ldd [%o0 + 0xe0], %f52 + retl + ldd [%o0 + 0xe8], %f54 + + SET_SIZE(t4_aes256_load_keys_for_encrypt) + + +#define TEST_PARALLEL_ECB_ENCRYPT +#ifdef TEST_PARALLEL_ECB_ENCRYPT + ENTRY(t4_aes128_ecb_encrypt) + + ldx [%o0], %g1 ! ks[0] + ldx [%o0 + 8], %g2 ! ks[1] + and %o3, 16, %o4 + brz %o4, ecbenc128_loop + nop + + ldx [%o1], %g3 !input + ldx [%o1 + 8], %g4 !input + xor %g1, %g3, %g3 !input ^ ks[0-1] + xor %g2, %g4, %g4 !input ^ ks[0-1] + movxtod %g3, %f60 + movxtod %g4, %f62 + + TEN_EROUNDS + + std %f60, [%o2] + std %f62, [%o2 + 8] + + add %o1, 16, %o1 + subcc %o3, 16, %o3 + be ecbenc128_loop_end + add %o2, 16, %o2 + +ecbenc128_loop: + ldx [%o1], %g3 !input + ldx [%o1 + 8], %g4 !input + xor %g1, %g3, %g3 !input ^ ks[0-1] + xor %g2, %g4, %g4 !input ^ ks[0-1] + movxtod %g3, %f0 + movxtod %g4, %f2 + ldx [%o1 + 16], %g3 !input + ldx [%o1 + 24], %g4 !input + xor %g1, %g3, %g3 !input ^ ks[0-1] + xor %g2, %g4, %g4 !input ^ ks[0-1] + movxtod %g3, %f60 + movxtod %g4, %f62 + + TEN_EROUNDS_2 + + std %f0, [%o2] + std %f2, [%o2 + 8] + + std %f60, [%o2 + 16] + std %f62, [%o2 + 24] + + add %o1, 32, %o1 + subcc %o3, 32, %o3 + bne ecbenc128_loop + add %o2, 32, %o2 +ecbenc128_loop_end: + retl + nop + + SET_SIZE(t4_aes128_ecb_encrypt) + + + ENTRY(t4_aes192_ecb_encrypt) + + ldx [%o0], %g1 ! ks[0] + ldx [%o0 + 8], %g2 ! ks[1] + and %o3, 16, %o4 + brz %o4, ecbenc192_loop + nop + + ldx [%o1], %g3 !input + ldx [%o1 + 8], %g4 !input + xor %g1, %g3, %g3 !input ^ ks[0-1] + xor %g2, %g4, %g4 !input ^ ks[0-1] + movxtod %g3, %f60 + movxtod %g4, %f62 + + TWELVE_EROUNDS + + std %f60, [%o2] + std %f62, [%o2 + 8] + + add %o1, 16, %o1 + subcc %o3, 16, %o3 + be ecbenc192_loop_end + add %o2, 16, %o2 + +ecbenc192_loop: + ldx [%o1], %g3 !input + ldx [%o1 + 8], %g4 !input + xor %g1, %g3, %g3 !input ^ ks[0-1] + xor %g2, %g4, %g4 !input ^ ks[0-1] + movxtod %g3, %f0 + movxtod %g4, %f2 + ldx [%o1 + 16], %g3 !input + ldx [%o1 + 24], %g4 !input + xor %g1, %g3, %g3 !input ^ ks[0-1] + xor %g2, %g4, %g4 !input ^ ks[0-1] + movxtod %g3, %f60 + movxtod %g4, %f62 + + TWELVE_EROUNDS_2 + + std %f0, [%o2] + std %f2, [%o2 + 8] + + std %f60, [%o2 + 16] + std %f62, [%o2 + 24] + + add %o1, 32, %o1 + subcc %o3, 32, %o3 + bne ecbenc192_loop + add %o2, 32, %o2 +ecbenc192_loop_end: + retl + nop + + SET_SIZE(t4_aes192_ecb_encrypt) + + + ENTRY(t4_aes256_ecb_encrypt) + + ldx [%o0], %g1 ! ks[0] + ldx [%o0 + 8], %g2 ! ks[1] + and %o3, 16, %o4 + brz %o4, ecbenc256_loop + nop + + ldx [%o1], %g3 !input + ldx [%o1 + 8], %g4 !input + xor %g1, %g3, %g3 !input ^ ks[0-1] + xor %g2, %g4, %g4 !input ^ ks[0-1] + movxtod %g3, %f60 + movxtod %g4, %f62 + + FOURTEEN_EROUNDS + + std %f60, [%o2] + std %f62, [%o2 + 8] + + add %o1, 16, %o1 + subcc %o3, 16, %o3 + be ecbenc256_loop_end + add %o2, 16, %o2 + +ecbenc256_loop: + ldx [%o1], %g3 !input + ldx [%o1 + 8], %g4 !input + xor %g1, %g3, %g3 !input ^ ks[0-1] + xor %g2, %g4, %g4 !input ^ ks[0-1] + movxtod %g3, %f20 + movxtod %g4, %f22 + ldx [%o1 + 16], %g3 !input + ldx [%o1 + 24], %g4 !input + xor %g1, %g3, %g3 !input ^ ks[0-1] + xor %g2, %g4, %g4 !input ^ ks[0-1] + movxtod %g3, %f60 + movxtod %g4, %f62 + + FOURTEEN_EROUNDS_2 + + std %f20, [%o2] + std %f22, [%o2 + 8] + + std %f60, [%o2 + 16] + std %f62, [%o2 + 24] + + add %o1, 32, %o1 + subcc %o3, 32, %o3 + bne ecbenc256_loop + add %o2, 32, %o2 + + ldd [%o0 + 0x60], %f20 + ldd [%o0 + 0x68], %f22 + +ecbenc256_loop_end: + retl + nop + + SET_SIZE(t4_aes256_ecb_encrypt) + +#else + + ENTRY(t4_aes128_ecb_encrypt) + + ldx [%o0], %g1 ! ks[0] + ldx [%o0 + 8], %g2 ! ks[1] + +ecbenc128_loop: + ldx [%o1], %g3 !input + ldx [%o1 + 8], %g4 !input + xor %g1, %g3, %g3 !input ^ ks[0-1] + xor %g2, %g4, %g4 !input ^ ks[0-1] + movxtod %g3, %f60 + movxtod %g4, %f62 + + TEN_EROUNDS + + std %f60, [%o2] + std %f62, [%o2 + 8] + + add %o1, 16, %o1 + subcc %o3, 16, %o3 + bne ecbenc128_loop + add %o2, 16, %o2 + + retl + nop + + SET_SIZE(t4_aes128_ecb_encrypt) + + + ENTRY(t4_aes192_ecb_encrypt) + + ldx [%o0], %g1 ! ks[0] + ldx [%o0 + 8], %g2 ! ks[1] + +ecbenc192_loop: + ldx [%o1], %g3 !input + ldx [%o1 + 8], %g4 !input + xor %g1, %g3, %g3 !input ^ ks[0-1] + xor %g2, %g4, %g4 !input ^ ks[0-1] + movxtod %g3, %f60 + movxtod %g4, %f62 + + TWELVE_EROUNDS + + std %f60, [%o2] + std %f62, [%o2 + 8] + + add %o1, 16, %o1 + subcc %o3, 16, %o3 + bne ecbenc192_loop + add %o2, 16, %o2 + + retl + nop + + SET_SIZE(t4_aes192_ecb_encrypt) + + + ENTRY(t4_aes256_ecb_encrypt) + + ldx [%o0], %g1 ! ks[0] + ldx [%o0 + 8], %g2 ! ks[1] + +ecbenc256_loop: + ldx [%o1], %g3 !input + ldx [%o1 + 8], %g4 !input + xor %g1, %g3, %g3 !input ^ ks[0-1] + xor %g2, %g4, %g4 !input ^ ks[0-1] + movxtod %g3, %f60 + movxtod %g4, %f62 + + FOURTEEN_EROUNDS + + std %f60, [%o2] + std %f62, [%o2 + 8] + + add %o1, 16, %o1 + subcc %o3, 16, %o3 + bne ecbenc256_loop + add %o2, 16, %o2 + + retl + nop + + SET_SIZE(t4_aes256_ecb_encrypt) +#endif + + + ENTRY(t4_aes128_cbc_encrypt) + + ldd [%o4], %f60 ! IV + ldd [%o4 +8], %f62 ! IV + ldx [%o0], %g1 ! ks[0] + ldx [%o0 + 8], %g2 ! ks[1] + +cbcenc128_loop: + ldx [%o1], %g3 !input + ldx [%o1 + 8], %g4 !input + xor %g1, %g3, %g3 !input ^ ks[0-1] + xor %g2, %g4, %g4 !input ^ ks[0-1] + movxtod %g3, %f56 + movxtod %g4, %f58 + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + + TEN_EROUNDS + + std %f60, [%o2] + std %f62, [%o2 + 8] + + add %o1, 16, %o1 + subcc %o3, 16, %o3 + bne cbcenc128_loop + add %o2, 16, %o2 + + std %f60, [%o4] + retl + std %f62, [%o4 + 8] + + SET_SIZE(t4_aes128_cbc_encrypt) + + + ENTRY(t4_aes192_cbc_encrypt) + + ldd [%o4], %f60 ! IV + ldd [%o4 + 8], %f62 ! IV + ldx [%o0], %g1 ! ks[0] + ldx [%o0 + 8], %g2 ! ks[1] + +cbcenc192_loop: + ldx [%o1], %g3 !input + ldx [%o1 + 8], %g4 !input + xor %g1, %g3, %g3 !input ^ ks[0-1] + xor %g2, %g4, %g4 !input ^ ks[0-1] + movxtod %g3, %f56 + movxtod %g4, %f58 + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + + TWELVE_EROUNDS + + std %f60, [%o2] + std %f62, [%o2 + 8] + + add %o1, 16, %o1 + subcc %o3, 16, %o3 + bne cbcenc192_loop + add %o2, 16, %o2 + + std %f60, [%o4] + retl + std %f62, [%o4 + 8] + + SET_SIZE(t4_aes192_cbc_encrypt) + + + ENTRY(t4_aes256_cbc_encrypt) + + ldd [%o4], %f60 ! IV + ldd [%o4 + 8], %f62 ! IV + ldx [%o0], %g1 ! ks[0] + ldx [%o0 + 8], %g2 ! ks[1] + +cbcenc256_loop: + ldx [%o1], %g3 !input + ldx [%o1 + 8], %g4 !input + xor %g1, %g3, %g3 !input ^ ks[0-1] + xor %g2, %g4, %g4 !input ^ ks[0-1] + movxtod %g3, %f56 + movxtod %g4, %f58 + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + + FOURTEEN_EROUNDS + + std %f60, [%o2] + std %f62, [%o2 + 8] + + add %o1, 16, %o1 + subcc %o3, 16, %o3 + bne cbcenc256_loop + add %o2, 16, %o2 + + std %f60, [%o4] + retl + std %f62, [%o4 + 8] + + SET_SIZE(t4_aes256_cbc_encrypt) + + +#define TEST_PARALLEL_CTR_CRYPT +#ifdef TEST_PARALLEL_CTR_CRYPT + ENTRY(t4_aes128_ctr_crypt) + + ldx [%o4], %g3 ! IV + ldx [%o4 +8], %g4 ! IV + ldx [%o0], %g1 ! ks[0] + ldx [%o0 + 8], %g2 ! ks[1] + and %o3, 16, %g5 + brz, %g5, ctr128_loop + + xor %g1, %g3, %g5 + movxtod %g5, %f60 + xor %g2, %g4, %g5 + movxtod %g5, %f62 + inc %g4 + + TEN_EROUNDS + + ldd [%o1], %f56 !input + ldd [%o1 + 8], %f58 !input + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + std %f60, [%o2] + std %f62, [%o2 + 8] + + add %o1, 16, %o1 + subcc %o3, 16, %o3 + be ctr128_loop_end + add %o2, 16, %o2 + +ctr128_loop: + xor %g1, %g3, %g5 + movxtod %g5, %f0 + xor %g2, %g4, %g5 + movxtod %g5, %f2 + inc %g4 + + xor %g1, %g3, %g5 + movxtod %g5, %f60 + xor %g2, %g4, %g5 + movxtod %g5, %f62 + inc %g4 + + TEN_EROUNDS_2 + + ldd [%o1], %f6 !input + ldd [%o1 + 8], %f4 !input + ldd [%o1 + 16], %f56 !input + ldd [%o1 + 24], %f58 !input + fxor %f0, %f6, %f0 + fxor %f2, %f4, %f2 + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + std %f0, [%o2] + std %f2, [%o2 + 8] + std %f60, [%o2 + 16] + std %f62, [%o2 + 24] + + add %o1, 32, %o1 + subcc %o3, 32, %o3 + bne ctr128_loop + add %o2, 32, %o2 + +ctr128_loop_end: + stx %g3, [%o4] + retl + stx %g4, [%o4 + 8] + + SET_SIZE(t4_aes128_ctr_crypt) + + + ENTRY(t4_aes192_ctr_crypt) + + ldx [%o4], %g3 ! IV + ldx [%o4 +8], %g4 ! IV + ldx [%o0], %g1 ! ks[0] + ldx [%o0 + 8], %g2 ! ks[1] + and %o3, 16, %g5 + brz, %g5, ctr192_loop + + xor %g1, %g3, %g5 + movxtod %g5, %f60 + xor %g2, %g4, %g5 + movxtod %g5, %f62 + inc %g4 + + TWELVE_EROUNDS + + ldd [%o1], %f56 !input + ldd [%o1 + 8], %f58 !input + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + std %f60, [%o2] + std %f62, [%o2 + 8] + + add %o1, 16, %o1 + subcc %o3, 16, %o3 + be ctr192_loop_end + add %o2, 16, %o2 + +ctr192_loop: + xor %g1, %g3, %g5 + movxtod %g5, %f0 + xor %g2, %g4, %g5 + movxtod %g5, %f2 + inc %g4 + + xor %g1, %g3, %g5 + movxtod %g5, %f60 + xor %g2, %g4, %g5 + movxtod %g5, %f62 + inc %g4 + + TWELVE_EROUNDS_2 + + ldd [%o1], %f6 !input + ldd [%o1 + 8], %f4 !input + ldd [%o1 + 16], %f56 !input + ldd [%o1 + 24], %f58 !input + fxor %f0, %f6, %f0 + fxor %f2, %f4, %f2 + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + std %f0, [%o2] + std %f2, [%o2 + 8] + std %f60, [%o2 + 16] + std %f62, [%o2 + 24] + + add %o1, 32, %o1 + subcc %o3, 32, %o3 + bne ctr192_loop + add %o2, 32, %o2 + +ctr192_loop_end: + stx %g3, [%o4] + retl + stx %g4, [%o4 + 8] + + SET_SIZE(t4_aes192_ctr_crypt) + + + ENTRY(t4_aes256_ctr_crypt) + + ldx [%o4], %g3 ! IV + ldx [%o4 +8], %g4 ! IV + ldx [%o0], %g1 ! ks[0] + ldx [%o0 + 8], %g2 ! ks[1] + and %o3, 16, %g5 + brz, %g5, ctr256_loop + + xor %g1, %g3, %g5 + movxtod %g5, %f60 + xor %g2, %g4, %g5 + movxtod %g5, %f62 + inc %g4 + + FOURTEEN_EROUNDS + + ldd [%o1], %f56 !input + ldd [%o1 + 8], %f58 !input + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + std %f60, [%o2] + std %f62, [%o2 + 8] + + add %o1, 16, %o1 + subcc %o3, 16, %o3 + be ctr256_loop_end + add %o2, 16, %o2 + +ctr256_loop: + xor %g1, %g3, %g5 + movxtod %g5, %f20 + xor %g2, %g4, %g5 + movxtod %g5, %f22 + inc %g4 + + xor %g1, %g3, %g5 + movxtod %g5, %f60 + xor %g2, %g4, %g5 + movxtod %g5, %f62 + inc %g4 + + FOURTEEN_EROUNDS_2 + + ldd [%o1], %f56 !input + ldd [%o1 + 8], %f58 !input + fxor %f20, %f56, %f20 + fxor %f22, %f58, %f22 + ldd [%o1 + 16], %f56 !input + ldd [%o1 + 24], %f58 !input + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + std %f20, [%o2] + std %f22, [%o2 + 8] + std %f60, [%o2 + 16] + std %f62, [%o2 + 24] + + add %o1, 32, %o1 + subcc %o3, 32, %o3 + bne ctr256_loop + add %o2, 32, %o2 + + ldd [%o0 + 0x60], %f20 + ldd [%o0 + 0x68], %f22 + +ctr256_loop_end: + stx %g3, [%o4] + retl + stx %g4, [%o4 + 8] + + SET_SIZE(t4_aes256_ctr_crypt) + +#else + + ENTRY(t4_aes128_ctr_crypt) + + ldx [%o4], %g3 ! IV + ldx [%o4 +8], %g4 ! IV + ldx [%o0], %g1 ! ks[0] + ldx [%o0 + 8], %g2 ! ks[1] + +ctr128_loop: + xor %g1, %g3, %g5 + movxtod %g5, %f60 + xor %g2, %g4, %g5 + movxtod %g5, %f62 + inc %g4 + + TEN_EROUNDS + + ldd [%o1], %f56 !input + ldd [%o1 + 8], %f58 !input + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + std %f60, [%o2] + std %f62, [%o2 + 8] + + add %o1, 16, %o1 + subcc %o3, 16, %o3 + bne ctr128_loop + add %o2, 16, %o2 + + stx %g3, [%o4] + retl + stx %g4, [%o4 + 8] + + SET_SIZE(t4_aes128_ctr_crypt) + + ENTRY(t4_aes192_ctr_crypt) + + ldx [%o4], %g3 ! IV + ldx [%o4 +8], %g4 ! IV + ldx [%o0], %g1 ! ks[0] + ldx [%o0 + 8], %g2 ! ks[1] + +ctr192_loop: + xor %g1, %g3, %g5 + movxtod %g5, %f60 + xor %g2, %g4, %g5 + movxtod %g5, %f62 + inc %g4 + + TWELVE_EROUNDS + + ldd [%o1], %f56 !input + ldd [%o1 + 8], %f58 !input + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + std %f60, [%o2] + std %f62, [%o2 + 8] + + add %o1, 16, %o1 + subcc %o3, 16, %o3 + bne ctr192_loop + add %o2, 16, %o2 + + stx %g3, [%o4] + retl + stx %g4, [%o4 + 8] + + SET_SIZE(t4_aes192_ctr_crypt) + + + ENTRY(t4_aes256_ctr_crypt) + + ldx [%o4], %g3 ! IV + ldx [%o4 +8], %g4 ! IV + ldx [%o0], %g1 ! ks[0] + ldx [%o0 + 8], %g2 ! ks[1] + +ctr256_loop: + xor %g1, %g3, %g5 + movxtod %g5, %f60 + xor %g2, %g4, %g5 + movxtod %g5, %f62 + inc %g4 + + FOURTEEN_EROUNDS + + ldd [%o1], %f56 !input + ldd [%o1 + 8], %f58 !input + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + std %f60, [%o2] + std %f62, [%o2 + 8] + + add %o1, 16, %o1 + subcc %o3, 16, %o3 + bne ctr256_loop + add %o2, 16, %o2 + + stx %g3, [%o4] + retl + stx %g4, [%o4 + 8] + + SET_SIZE(t4_aes256_ctr_crypt) + +#endif + + ENTRY(t4_aes128_cfb128_encrypt) + + ldd [%o4], %f60 ! IV + ldd [%o4 +8], %f62 ! IV + ldx [%o0], %g1 ! ks[0] + ldx [%o0 + 8], %g2 ! ks[1] + +cfb128_128_loop: + movxtod %g1, %f56 + movxtod %g2, %f58 + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + + TEN_EROUNDS + + ldd [%o1], %f56 !input + ldd [%o1 + 8], %f58 !input + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + + std %f60, [%o2] + std %f62, [%o2 + 8] + + add %o1, 16, %o1 + subcc %o3, 16, %o3 + bne cfb128_128_loop + add %o2, 16, %o2 + + std %f60, [%o4] + retl + std %f62, [%o4 + 8] + + SET_SIZE(t4_aes128_cfb128_encrypt) + + + ENTRY(t4_aes192_cfb128_encrypt) + + ldd [%o4], %f60 ! IV + ldd [%o4 +8], %f62 ! IV + ldx [%o0], %g1 ! ks[0] + ldx [%o0 + 8], %g2 ! ks[1] + +cfb128_192_loop: + movxtod %g1, %f56 + movxtod %g2, %f58 + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + + TWELVE_EROUNDS + + ldd [%o1], %f56 !input + ldd [%o1 + 8], %f58 !input + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + + std %f60, [%o2] + std %f62, [%o2 + 8] + + add %o1, 16, %o1 + subcc %o3, 16, %o3 + bne cfb128_192_loop + add %o2, 16, %o2 + + std %f60, [%o4] + retl + std %f62, [%o4 + 8] + + SET_SIZE(t4_aes192_cfb128_encrypt) + + + ENTRY(t4_aes256_cfb128_encrypt) + + ldd [%o4], %f60 ! IV + ldd [%o4 +8], %f62 ! IV + ldx [%o0], %g1 ! ks[0] + ldx [%o0 + 8], %g2 ! ks[1] + +cfb128_256_loop: + movxtod %g1, %f56 + movxtod %g2, %f58 + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + + FOURTEEN_EROUNDS + + ldd [%o1], %f56 !input + ldd [%o1 + 8], %f58 !input + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + + std %f60, [%o2] + std %f62, [%o2 + 8] + + add %o1, 16, %o1 + subcc %o3, 16, %o3 + bne cfb128_256_loop + add %o2, 16, %o2 + + std %f60, [%o4] + retl + std %f62, [%o4 + 8] + + SET_SIZE(t4_aes256_cfb128_encrypt) + + + ENTRY(t4_aes128_load_keys_for_decrypt) + + ldd [%o0], %f52 + ldd [%o0 + 0x8], %f54 + ldd [%o0 + 0x10], %f48 + ldd [%o0 + 0x18], %f50 + ldd [%o0 + 0x20], %f44 + ldd [%o0 + 0x28], %f46 + ldd [%o0 + 0x30], %f40 + ldd [%o0 + 0x38], %f42 + ldd [%o0 + 0x40], %f36 + ldd [%o0 + 0x48], %f38 + ldd [%o0 + 0x50], %f32 + ldd [%o0 + 0x58], %f34 + ldd [%o0 + 0x60], %f28 + ldd [%o0 + 0x68], %f30 + ldd [%o0 + 0x70], %f24 + ldd [%o0 + 0x78], %f26 + ldd [%o0 + 0x80], %f20 + ldd [%o0 + 0x88], %f22 + ldd [%o0 + 0x90], %f16 + retl + ldd [%o0 + 0x98], %f18 + + SET_SIZE(t4_aes128_load_keys_for_decrypt) + + + ENTRY(t4_aes192_load_keys_for_decrypt) + + ldd [%o0], %f52 + ldd [%o0 + 0x8], %f54 + ldd [%o0 + 0x10], %f48 + ldd [%o0 + 0x18], %f50 + ldd [%o0 + 0x20], %f44 + ldd [%o0 + 0x28], %f46 + ldd [%o0 + 0x30], %f40 + ldd [%o0 + 0x38], %f42 + ldd [%o0 + 0x40], %f36 + ldd [%o0 + 0x48], %f38 + ldd [%o0 + 0x50], %f32 + ldd [%o0 + 0x58], %f34 + ldd [%o0 + 0x60], %f28 + ldd [%o0 + 0x68], %f30 + ldd [%o0 + 0x70], %f24 + ldd [%o0 + 0x78], %f26 + ldd [%o0 + 0x80], %f20 + ldd [%o0 + 0x88], %f22 + ldd [%o0 + 0x90], %f16 + ldd [%o0 + 0x98], %f18 + ldd [%o0 + 0xa0], %f12 + ldd [%o0 + 0xa8], %f14 + ldd [%o0 + 0xb0], %f8 + retl + ldd [%o0 + 0xb8], %f10 + + SET_SIZE(t4_aes192_load_keys_for_decrypt) + + + ENTRY(t4_aes256_load_keys_for_decrypt) + + + ldd [%o0], %f52 + ldd [%o0 + 0x8], %f54 + ldd [%o0 + 0x10], %f48 + ldd [%o0 + 0x18], %f50 + ldd [%o0 + 0x20], %f44 + ldd [%o0 + 0x28], %f46 + ldd [%o0 + 0x30], %f40 + ldd [%o0 + 0x38], %f42 + ldd [%o0 + 0x40], %f36 + ldd [%o0 + 0x48], %f38 + ldd [%o0 + 0x50], %f32 + ldd [%o0 + 0x58], %f34 + ldd [%o0 + 0x60], %f28 + ldd [%o0 + 0x68], %f30 + ldd [%o0 + 0x70], %f24 + ldd [%o0 + 0x78], %f26 + ldd [%o0 + 0x80], %f20 + ldd [%o0 + 0x88], %f22 + ldd [%o0 + 0x90], %f16 + ldd [%o0 + 0x98], %f18 + ldd [%o0 + 0xa0], %f12 + ldd [%o0 + 0xa8], %f14 + ldd [%o0 + 0xb0], %f8 + ldd [%o0 + 0xb8], %f10 + ldd [%o0 + 0xc0], %f4 + ldd [%o0 + 0xc8], %f6 + ldd [%o0 + 0xd0], %f0 + retl + ldd [%o0 + 0xd8], %f2 + + SET_SIZE(t4_aes256_load_keys_for_decrypt) + + +#define TEST_PARALLEL_ECB_DECRYPT +#ifdef TEST_PARALLEL_ECB_DECRYPT + ENTRY(t4_aes128_ecb_decrypt) + + ldx [%o0 + 0xa0], %g1 !ks[last-1] + ldx [%o0 + 0xa8], %g2 !ks[last] + and %o3, 16, %o4 + brz %o4, ecbdec128_loop + nop + + ldx [%o1], %o4 + ldx [%o1 + 8], %o5 + xor %g1, %o4, %g3 !initial ARK + movxtod %g3, %f60 + xor %g2, %o5, %g3 !initial ARK + movxtod %g3, %f62 + + TEN_DROUNDS + + std %f60, [%o2] + std %f62, [%o2 + 0x8] + + add %o1, 16, %o1 + subcc %o3, 16, %o3 + be ecbdec128_loop_end + add %o2, 16, %o2 + +ecbdec128_loop: + ldx [%o1], %o4 + ldx [%o1 + 8], %o5 + xor %g1, %o4, %g3 !initial ARK + movxtod %g3, %f0 + xor %g2, %o5, %g3 !initial ARK + movxtod %g3, %f2 + ldx [%o1 + 16], %o4 + ldx [%o1 + 24], %o5 + xor %g1, %o4, %g3 !initial ARK + movxtod %g3, %f60 + xor %g2, %o5, %g3 !initial ARK + movxtod %g3, %f62 + + TEN_DROUNDS_2 + + std %f0, [%o2] + std %f2, [%o2 + 8] + std %f60, [%o2 + 16] + std %f62, [%o2 + 24] + + add %o1, 32, %o1 + subcc %o3, 32, %o3 + bne ecbdec128_loop + add %o2, 32, %o2 +ecbdec128_loop_end: + + retl + nop + + SET_SIZE(t4_aes128_ecb_decrypt) + + ENTRY(t4_aes192_ecb_decrypt) + + ldx [%o0 + 0xc0], %g1 !ks[last-1] + ldx [%o0 + 0xc8], %g2 !ks[last] + and %o3, 16, %o4 + brz %o4, ecbdec192_loop + nop + + ldx [%o1], %o4 + ldx [%o1 + 8], %o5 + xor %g1, %o4, %g3 !initial ARK + movxtod %g3, %f60 + xor %g2, %o5, %g3 !initial ARK + movxtod %g3, %f62 + + TWELVE_DROUNDS + + std %f60, [%o2] + std %f62, [%o2 + 0x8] + + add %o1, 16, %o1 + subcc %o3, 16, %o3 + be ecbdec192_loop_end + add %o2, 16, %o2 + +ecbdec192_loop: + ldx [%o1], %o4 + ldx [%o1 + 8], %o5 + xor %g1, %o4, %g3 !initial ARK + movxtod %g3, %f0 + xor %g2, %o5, %g3 !initial ARK + movxtod %g3, %f2 + ldx [%o1 + 16], %o4 + ldx [%o1 + 24], %o5 + xor %g1, %o4, %g3 !initial ARK + movxtod %g3, %f60 + xor %g2, %o5, %g3 !initial ARK + movxtod %g3, %f62 + + TWELVE_DROUNDS_2 + + std %f0, [%o2] + std %f2, [%o2 + 8] + std %f60, [%o2 + 16] + std %f62, [%o2 + 24] + + add %o1, 32, %o1 + subcc %o3, 32, %o3 + bne ecbdec192_loop + add %o2, 32, %o2 +ecbdec192_loop_end: + + retl + nop + + SET_SIZE(t4_aes192_ecb_decrypt) + + + ENTRY(t4_aes256_ecb_decrypt) + + ldx [%o0 + 0xe0], %g1 !ks[last-1] + ldx [%o0 + 0xe8], %g2 !ks[last] + and %o3, 16, %o4 + brz %o4, ecbdec256_loop + nop + + ldx [%o1], %o4 + ldx [%o1 + 8], %o5 + xor %g1, %o4, %g3 !initial ARK + movxtod %g3, %f60 + xor %g2, %o5, %g3 !initial ARK + movxtod %g3, %f62 + + FOURTEEN_DROUNDS + + std %f60, [%o2] + std %f62, [%o2 + 0x8] + + add %o1, 16, %o1 + subcc %o3, 16, %o3 + be ecbdec256_loop_end + add %o2, 16, %o2 + +ecbdec256_loop: + ldx [%o1], %o4 + ldx [%o1 + 8], %o5 + xor %g1, %o4, %g3 !initial ARK + movxtod %g3, %f20 + xor %g2, %o5, %g3 !initial ARK + movxtod %g3, %f22 + ldx [%o1 + 16], %o4 + ldx [%o1 + 24], %o5 + xor %g1, %o4, %g3 !initial ARK + movxtod %g3, %f60 + xor %g2, %o5, %g3 !initial ARK + movxtod %g3, %f62 + + FOURTEEN_DROUNDS_2 + + std %f20, [%o2] + std %f22, [%o2 + 8] + std %f60, [%o2 + 16] + std %f62, [%o2 + 24] + + add %o1, 32, %o1 + subcc %o3, 32, %o3 + bne ecbdec256_loop + add %o2, 32, %o2 + + ldd [%o0 + 0x80], %f20 + ldd [%o0 + 0x88], %f22 + +ecbdec256_loop_end: + + retl + nop + + SET_SIZE(t4_aes256_ecb_decrypt) + +#else + + ENTRY(t4_aes128_ecb_decrypt) + + ldx [%o0 + 0xa0], %g1 !ks[last-1] + ldx [%o0 + 0xa8], %g2 !ks[last] + +ecbdec128_loop: + ldx [%o1], %o4 + ldx [%o1 + 8], %o5 + xor %g1, %o4, %g3 !initial ARK + movxtod %g3, %f60 + xor %g2, %o5, %g3 !initial ARK + movxtod %g3, %f62 + + TEN_DROUNDS + + std %f60, [%o2] + std %f62, [%o2 + 0x8] + + add %o1, 16, %o1 + subcc %o3, 16, %o3 + bne ecbdec128_loop + add %o2, 16, %o2 + + retl + nop + + SET_SIZE(t4_aes128_ecb_decrypt) + + + ENTRY(t4_aes192_ecb_decrypt) + + ldx [%o0 + 0xc0], %g1 !ks[last-1] + ldx [%o0 + 0xc8], %g2 !ks[last] + +ecbdec192_loop: + ldx [%o1], %o4 + ldx [%o1 + 8], %o5 + xor %g1, %o4, %g3 !initial ARK + movxtod %g3, %f60 + xor %g2, %o5, %g3 !initial ARK + movxtod %g3, %f62 + + TWELVE_DROUNDS + + std %f60, [%o2] + std %f62, [%o2 + 0x8] + + add %o1, 16, %o1 + subcc %o3, 16, %o3 + bne ecbdec192_loop + add %o2, 16, %o2 + + retl + nop + + SET_SIZE(t4_aes192_ecb_decrypt) + + + ENTRY(t4_aes256_ecb_decrypt) + + ldx [%o0 + 0xe0], %g1 !ks[last-1] + ldx [%o0 + 0xe8], %g2 !ks[last] + +ecbdec256_loop: + ldx [%o1], %o4 + ldx [%o1 + 8], %o5 + xor %g1, %o4, %g3 !initial ARK + movxtod %g3, %f60 + xor %g2, %o5, %g3 !initial ARK + movxtod %g3, %f62 + + FOURTEEN_DROUNDS + + std %f60, [%o2] + std %f62, [%o2 + 0x8] + + add %o1, 16, %o1 + subcc %o3, 16, %o3 + bne ecbdec256_loop + add %o2, 16, %o2 + + retl + nop + + SET_SIZE(t4_aes256_ecb_decrypt) + +#endif + +#define TEST_PARALLEL_CBC_DECRYPT +#ifdef EST_PARALLEL_CBC_DECRYPT + ENTRY(t4_aes128_cbc_decrypt) + + save %sp, -SA(MINFRAME), %sp + ldx [%i4], %o0 !IV + ldx [%i4 + 8], %o1 !IV + ldx [%i0 + 0xa0], %o2 !ks[last-1] + ldx [%i0 + 0xa8], %o3 !ks[last] + and %i3, 16, %o4 + brz %o4, cbcdec128_loop + nop + + ldx [%i1], %o4 + ldx [%i1 + 8], %o5 + xor %o2, %o4, %g1 !initial ARK + movxtod %g1, %f60 + xor %o3, %o5, %g1 !initial ARK + movxtod %g1, %f62 + + TEN_DROUNDS + + movxtod %o0, %f56 + movxtod %o1, %f58 + mov %o4, %o0 !save last block as next IV + mov %o5, %o1 + fxor %f56, %f60, %f60 !add in previous IV + fxor %f58, %f62, %f62 + + std %f60, [%i2] + std %f62, [%i2 + 0x8] + + add %i1, 16, %i1 + subcc %i3, 16, %i3 + be cbcdec128_loop_end + add %i2, 16, %i2 + + +cbcdec128_loop: + ldx [%i1], %g4 + ldx [%i1 + 8], %g5 + xor %o2, %g4, %g1 !initial ARK + movxtod %g1, %f0 + xor %o3, %g5, %g1 !initial ARK + movxtod %g1, %f2 + + ldx [%i1 + 16], %o4 + ldx [%i1 + 24], %o5 + xor %o2, %o4, %g1 !initial ARK + movxtod %g1, %f60 + xor %o3, %o5, %g1 !initial ARK + movxtod %g1, %f62 + + TEN_DROUNDS_2 + + movxtod %o0, %f6 + movxtod %o1, %f4 + fxor %f6, %f0, %f0 !add in previous IV + fxor %f4, %f2, %f2 + + std %f0, [%i2] + std %f2, [%i2 + 8] + + movxtod %g4, %f56 + movxtod %g5, %f58 + mov %o4, %o0 !save last block as next IV + mov %o5, %o1 + fxor %f56, %f60, %f60 !add in previous IV + fxor %f58, %f62, %f62 + + std %f60, [%i2 + 16] + std %f62, [%i2 + 24] + + add %i1, 32, %i1 + subcc %i3, 32, %i3 + bne cbcdec128_loop + add %i2, 32, %i2 + +cbcdec128_loop_end: + stx %o0, [%i4] + stx %o1, [%i4 + 8] + ret + restore + + SET_SIZE(t4_aes128_cbc_decrypt) + + + ENTRY(t4_aes192_cbc_decrypt) + + save %sp, -SA(MINFRAME), %sp + ldx [%i4], %o0 !IV + ldx [%i4 + 8], %o1 !IV + ldx [%i0 + 0xc0], %o2 !ks[last-1] + ldx [%i0 + 0xc8], %o3 !ks[last] + and %i3, 16, %o4 + brz %o4, cbcdec192_loop + nop + + ldx [%i1], %o4 + ldx [%i1 + 8], %o5 + xor %o2, %o4, %g1 !initial ARK + movxtod %g1, %f60 + xor %o3, %o5, %g1 !initial ARK + movxtod %g1, %f62 + + TWELVE_DROUNDS + + movxtod %o0, %f56 + movxtod %o1, %f58 + mov %o4, %o0 !save last block as next IV + mov %o5, %o1 + fxor %f56, %f60, %f60 !add in previous IV + fxor %f58, %f62, %f62 + + std %f60, [%i2] + std %f62, [%i2 + 0x8] + + add %i1, 16, %i1 + subcc %i3, 16, %i3 + be cbcdec192_loop_end + add %i2, 16, %i2 + + +cbcdec192_loop: + ldx [%i1], %g4 + ldx [%i1 + 8], %g5 + xor %o2, %g4, %g1 !initial ARK + movxtod %g1, %f0 + xor %o3, %g5, %g1 !initial ARK + movxtod %g1, %f2 + + ldx [%i1 + 16], %o4 + ldx [%i1 + 24], %o5 + xor %o2, %o4, %g1 !initial ARK + movxtod %g1, %f60 + xor %o3, %o5, %g1 !initial ARK + movxtod %g1, %f62 + + TWELVE_DROUNDS_2 + + movxtod %o0, %f6 + movxtod %o1, %f4 + fxor %f6, %f0, %f0 !add in previous IV + fxor %f4, %f2, %f2 + + std %f0, [%i2] + std %f2, [%i2 + 8] + + movxtod %g4, %f56 + movxtod %g5, %f58 + mov %o4, %o0 !save last block as next IV + mov %o5, %o1 + fxor %f56, %f60, %f60 !add in previous IV + fxor %f58, %f62, %f62 + + std %f60, [%i2 + 16] + std %f62, [%i2 + 24] + + add %i1, 32, %i1 + subcc %i3, 32, %i3 + bne cbcdec192_loop + add %i2, 32, %i2 + +cbcdec192_loop_end: + stx %o0, [%i4] + stx %o1, [%i4 + 8] + ret + restore + + SET_SIZE(t4_aes192_cbc_decrypt) + + + ENTRY(t4_aes256_cbc_decrypt) + + save %sp, -SA(MINFRAME), %sp + mov %i0, %o0 !FOURTEEN_DROUNDS uses %o0 + ldx [%i4], %g2 !IV + ldx [%i4 + 8], %o1 !IV + ldx [%o0 + 0xe0], %o2 !ks[last-1] + ldx [%o0 + 0xe8], %o3 !ks[last] + and %i3, 16, %o4 + brz %o4, cbcdec256_loop + nop + + ldx [%i1], %o4 + ldx [%i1 + 8], %o5 + xor %o2, %o4, %g1 !initial ARK + movxtod %g1, %f60 + xor %o3, %o5, %g1 !initial ARK + movxtod %g1, %f62 + + FOURTEEN_DROUNDS + + movxtod %g2, %f56 + movxtod %o1, %f58 + mov %o4, %g2 !save last block as next IV + mov %o5, %o1 + fxor %f56, %f60, %f60 !add in previous IV + fxor %f58, %f62, %f62 + + std %f60, [%i2] + std %f62, [%i2 + 0x8] + + add %i1, 16, %i1 + subcc %i3, 16, %i3 + be cbcdec256_loop_end + add %i2, 16, %i2 + + +cbcdec256_loop: + ldx [%i1], %g4 + ldx [%i1 + 8], %g5 + xor %o2, %g4, %g1 !initial ARK + movxtod %g1, %f20 + xor %o3, %g5, %g1 !initial ARK + movxtod %g1, %f22 + + ldx [%i1 + 16], %o4 + ldx [%i1 + 24], %o5 + xor %o2, %o4, %g1 !initial ARK + movxtod %g1, %f60 + xor %o3, %o5, %g1 !initial ARK + movxtod %g1, %f62 + + FOURTEEN_DROUNDS_2 + + movxtod %g2, %f56 + movxtod %o1, %f58 + fxor %f56, %f20, %f20 !add in previous IV + fxor %f58, %f22, %f22 + + std %f20, [%i2] + std %f22, [%i2 + 8] + + movxtod %g4, %f56 + movxtod %g5, %f58 + mov %o4, %g2 !save last block as next IV + mov %o5, %o1 + fxor %f56, %f60, %f60 !add in previous IV + fxor %f58, %f62, %f62 + + std %f60, [%i2 + 16] + std %f62, [%i2 + 24] + + add %i1, 32, %i1 + subcc %i3, 32, %i3 + bne cbcdec256_loop + add %i2, 32, %i2 + + ldd [%o0 + 0x80], %f20 + ldd [%o0 + 0x88], %f22 + +cbcdec256_loop_end: + stx %g2, [%i4] + stx %o1, [%i4 + 8] + ret + restore + + SET_SIZE(t4_aes256_cbc_decrypt) + +#else + + ENTRY(t4_aes128_cbc_decrypt) + + save %sp, -SA(MINFRAME), %sp + ldx [%i4], %o0 !IV + ldx [%i4 + 8], %o1 !IV + ldx [%i0 + 0xa0], %o2 !ks[last-1] + ldx [%i0 + 0xa8], %o3 !ks[last] + +cbcdec128_loop: + ldx [%i1], %o4 + ldx [%i1 + 8], %o5 + xor %o2, %o4, %g1 !initial ARK + movxtod %g1, %f60 + xor %o3, %o5, %g1 !initial ARK + movxtod %g1, %f62 + + TEN_DROUNDS + + movxtod %o0, %f56 + movxtod %o1, %f58 + mov %o4, %o0 !save last block as next IV + mov %o5, %o1 + fxor %f56, %f60, %f60 !add in previous IV + fxor %f58, %f62, %f62 + + std %f60, [%i2] + std %f62, [%i2 + 0x8] + + add %i1, 16, %i1 + subcc %i3, 16, %i3 + bne cbcdec128_loop + add %i2, 16, %i2 + + stx %o0, [%i4] + stx %o1, [%i4 + 8] + ret + restore + + SET_SIZE(t4_aes128_cbc_decrypt) + + + ENTRY(t4_aes192_cbc_decrypt) + + save %sp, -SA(MINFRAME), %sp + ldx [%i4], %o0 !IV + ldx [%i4 + 8], %o1 !IV + ldx [%i0 + 0xc0], %o2 !ks[last-1] + ldx [%i0 + 0xc8], %o3 !ks[last] + +cbcdec192_loop: + ldx [%i1], %o4 + ldx [%i1 + 8], %o5 + xor %o2, %o4, %g1 !initial ARK + movxtod %g1, %f60 + xor %o3, %o5, %g1 !initial ARK + movxtod %g1, %f62 + + TWELVE_DROUNDS + + movxtod %o0, %f56 + movxtod %o1, %f58 + mov %o4, %o0 !save last block as next IV + mov %o5, %o1 + fxor %f56, %f60, %f60 !add in previous IV + fxor %f58, %f62, %f62 + + std %f60, [%i2] + std %f62, [%i2 + 0x8] + + add %i1, 16, %i1 + subcc %i3, 16, %i3 + bne cbcdec192_loop + add %i2, 16, %i2 + + stx %o0, [%i4] + stx %o1, [%i4 + 8] + ret + restore + + SET_SIZE(t4_aes192_cbc_decrypt) + + + ENTRY(t4_aes256_cbc_decrypt) + + save %sp, -SA(MINFRAME), %sp + ldx [%i4], %o0 !IV + ldx [%i4 + 8], %o1 !IV + ldx [%i0 + 0xe0], %o2 !ks[last-1] + ldx [%i0 + 0xe8], %o3 !ks[last] + +cbcdec256_loop: + ldx [%i1], %o4 + ldx [%i1 + 8], %o5 + xor %o2, %o4, %g1 !initial ARK + movxtod %g1, %f60 + xor %o3, %o5, %g1 !initial ARK + movxtod %g1, %f62 + + FOURTEEN_DROUNDS + + movxtod %o0, %f56 + movxtod %o1, %f58 + mov %o4, %o0 !save last block as next IV + mov %o5, %o1 + fxor %f56, %f60, %f60 !add in previous IV + fxor %f58, %f62, %f62 + + std %f60, [%i2] + std %f62, [%i2 + 0x8] + + add %i1, 16, %i1 + subcc %i3, 16, %i3 + bne cbcdec256_loop + add %i2, 16, %i2 + + stx %o0, [%i4] + stx %o1, [%i4 + 8] + ret + restore + + SET_SIZE(t4_aes256_cbc_decrypt) + +#endif + +#define TEST_PARALLEL_CFB128_DECRYPT +#ifdef TEST_PARALLEL_CFB128_DECRYPT + + ENTRY(t4_aes128_cfb128_decrypt) + + ldd [%o4], %f56 !IV + ldd [%o4 + 8], %f58 !IV + ldx [%o0], %g1 ! ks[0] + ldx [%o0 + 8], %g2 ! ks[1] + and %o3, 16, %o5 + brz %o5, cfb128dec_128_loop + + movxtod %g1, %f60 + movxtod %g2, %f62 + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + + /* CFB mode uses encryption for the decrypt operation */ + TEN_EROUNDS + + ldd [%o1], %f56 !input + ldd [%o1 + 8], %f58 !input + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + + std %f60, [%o2] + std %f62, [%o2 + 8] + + add %o1, 16, %o1 + subcc %o3, 16, %o3 + be cfb128dec_128_loop_end + add %o2, 16, %o2 + +cfb128dec_128_loop: + ldd [%o1], %f6 !input + ldd [%o1 + 8], %f4 !input + movxtod %g1, %f60 + movxtod %g2, %f62 + fxor %f60, %f6, %f0 + fxor %f62, %f4, %f2 + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + + /* CFB mode uses encryption for the decrypt operation */ + TEN_EROUNDS_2 + + ldd [%o1], %f6 !input + ldd [%o1 + 8], %f4 !input + ldd [%o1 + 16], %f56 !input + ldd [%o1 + 24], %f58 !input + + fxor %f60, %f6, %f6 + fxor %f62, %f4, %f4 + fxor %f0, %f56, %f60 + fxor %f2, %f58, %f62 + + std %f6, [%o2] + std %f4, [%o2 + 8] + std %f60, [%o2 + 16] + std %f62, [%o2 + 24] + + add %o1, 32, %o1 + subcc %o3, 32, %o3 + bne cfb128dec_128_loop + add %o2, 32, %o2 + +cfb128dec_128_loop_end: + std %f56, [%o4] + retl + std %f58, [%o4 + 8] + + SET_SIZE(t4_aes128_cfb128_decrypt) + + + ENTRY(t4_aes192_cfb128_decrypt) + + ldd [%o4], %f56 !IV + ldd [%o4 + 8], %f58 !IV + ldx [%o0], %g1 ! ks[0] + ldx [%o0 + 8], %g2 ! ks[1] + and %o3, 16, %o5 + brz %o5, cfb128dec_192_loop + + movxtod %g1, %f60 + movxtod %g2, %f62 + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + + /* CFB mode uses encryption for the decrypt operation */ + TWELVE_EROUNDS + + ldd [%o1], %f56 !input + ldd [%o1 + 8], %f58 !input + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + + std %f60, [%o2] + std %f62, [%o2 + 8] + + add %o1, 16, %o1 + subcc %o3, 16, %o3 + be cfb128dec_192_loop_end + add %o2, 16, %o2 + +cfb128dec_192_loop: + ldd [%o1], %f6 !input + ldd [%o1 + 8], %f4 !input + movxtod %g1, %f60 + movxtod %g2, %f62 + fxor %f60, %f6, %f0 + fxor %f62, %f4, %f2 + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + + /* CFB mode uses encryption for the decrypt operation */ + TWELVE_EROUNDS_2 + + ldd [%o1], %f6 !input + ldd [%o1 + 8], %f4 !input + ldd [%o1 + 16], %f56 !input + ldd [%o1 + 24], %f58 !input + + fxor %f60, %f6, %f6 + fxor %f62, %f4, %f4 + fxor %f0, %f56, %f60 + fxor %f2, %f58, %f62 + + std %f6, [%o2] + std %f4, [%o2 + 8] + std %f60, [%o2 + 16] + std %f62, [%o2 + 24] + + add %o1, 32, %o1 + subcc %o3, 32, %o3 + bne cfb128dec_192_loop + add %o2, 32, %o2 + +cfb128dec_192_loop_end: + std %f56, [%o4] + retl + std %f58, [%o4 + 8] + + SET_SIZE(t4_aes192_cfb128_decrypt) + + + ENTRY(t4_aes256_cfb128_decrypt) + + ldd [%o4], %f56 !IV + ldd [%o4 + 8], %f58 !IV + ldx [%o0], %g1 ! ks[0] + ldx [%o0 + 8], %g2 ! ks[1] + and %o3, 16, %o5 + brz %o5, cfb128dec_256_loop + + movxtod %g1, %f60 + movxtod %g2, %f62 + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + + /* CFB mode uses encryption for the decrypt operation */ + FOURTEEN_EROUNDS + + ldd [%o1], %f56 !input + ldd [%o1 + 8], %f58 !input + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + + std %f60, [%o2] + std %f62, [%o2 + 8] + + add %o1, 16, %o1 + subcc %o3, 16, %o3 + be cfb128dec_256_loop_end + add %o2, 16, %o2 + +cfb128dec_256_loop: + ldd [%o1], %f20 !input + ldd [%o1 + 8], %f22 !input + movxtod %g1, %f60 + movxtod %g2, %f62 + fxor %f60, %f20, %f20 + fxor %f62, %f22, %f22 + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + + /* CFB mode uses encryption for the decrypt operation */ + FOURTEEN_EROUNDS_2 + + ldd [%o1 + 16], %f56 !input + ldd [%o1 + 24], %f58 !input + fxor %f20, %f56, %f20 + fxor %f22, %f58, %f22 + std %f20, [%o2 + 16] + std %f22, [%o2 + 24] + + ldd [%o1], %f20 !input + ldd [%o1 + 8], %f22 !input + + fxor %f60, %f20, %f20 + fxor %f62, %f22, %f22 + + std %f20, [%o2] + std %f22, [%o2 + 8] + + add %o1, 32, %o1 + subcc %o3, 32, %o3 + bne cfb128dec_256_loop + add %o2, 32, %o2 + + ldd [%o0 + 0x60], %f20 + ldd [%o0 + 0x68], %f22 + +cfb128dec_256_loop_end: + std %f56, [%o4] + retl + std %f58, [%o4 + 8] + + SET_SIZE(t4_aes256_cfb128_decrypt) + +#else + ENTRY(t4_aes128_cfb128_decrypt) + + ldd [%o4], %f56 !IV + ldd [%o4 + 8], %f58 !IV + ldx [%o0], %g1 ! ks[0] + ldx [%o0 + 8], %g2 ! ks[1] + +cfb128dec_128_loop: + movxtod %g1, %f60 + movxtod %g2, %f62 + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + + /* CFB mode uses encryption for the decrypt operation */ + TEN_EROUNDS + + ldd [%o1], %f56 !input + ldd [%o1 + 8], %f58 !input + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + + std %f60, [%o2] + std %f62, [%o2 + 8] + + add %o1, 16, %o1 + subcc %o3, 16, %o3 + bne cfb128dec_128_loop + add %o2, 16, %o2 + + std %f56, [%o4] + retl + std %f58, [%o4 + 8] + + SET_SIZE(t4_aes128_cfb128_decrypt) + + + ENTRY(t4_aes192_cfb128_decrypt) + + ldd [%o4], %f56 !IV + ldd [%o4 + 8], %f58 !IV + ldx [%o0], %g1 ! ks[0] + ldx [%o0 + 8], %g2 ! ks[1] + +cfb128dec_192_loop: + movxtod %g1, %f60 + movxtod %g2, %f62 + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + + /* CFB mode uses encryption for the decrypt operation */ + TWELVE_EROUNDS + + ldd [%o1], %f56 !input + ldd [%o1 + 8], %f58 !input + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + + std %f60, [%o2] + std %f62, [%o2 + 8] + + add %o1, 16, %o1 + subcc %o3, 16, %o3 + bne cfb128dec_192_loop + add %o2, 16, %o2 + + std %f56, [%o4] + retl + std %f58, [%o4 + 8] + + SET_SIZE(t4_aes192_cfb128_decrypt) + + + ENTRY(t4_aes256_cfb128_decrypt) + + ldd [%o4], %f56 !IV + ldd [%o4 + 8], %f58 !IV + ldx [%o0], %g1 ! ks[0] + ldx [%o0 + 8], %g2 ! ks[1] + +cfb128dec_256_loop: + movxtod %g1, %f60 + movxtod %g2, %f62 + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + + /* CFB mode uses encryption for the decrypt operation */ + FOURTEEN_EROUNDS + + ldd [%o1], %f56 !input + ldd [%o1 + 8], %f58 !input + fxor %f60, %f56, %f60 + fxor %f62, %f58, %f62 + + std %f60, [%o2] + std %f62, [%o2 + 8] + + add %o1, 16, %o1 + subcc %o3, 16, %o3 + bne cfb128dec_256_loop + add %o2, 16, %o2 + + std %f56, [%o4] + retl + std %f58, [%o4 + 8] + + SET_SIZE(t4_aes256_cfb128_decrypt) + +#endif + +#endif /* lint || __lint */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/engines/t4/t4_des.S --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/engines/t4/t4_des.S Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,786 @@ +/* + * ==================================================================== + * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + */ + +/*LINTLIBRARY*/ + +#if defined(lint) || defined(__lint) + +#include +#include "../engine/eng_t4_des_asm.h" + +/*ARGSUSED*/ +void t4_des_expand(uint64_t *rk, const uint32_t *key) +{ return; } + +/*ARGSUSED*/ +void t4_des_encrypt(const uint64_t *rk, const uint64_t *pt, uint64_t *ct) +{ return; } + + +/*ARGSUSED*/ +void t4_des_load_keys(uint64_t *ks) +{ return; } + +/*ARGSUSED*/ +void t4_des_ecb_crypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_crypt, uint64_t *iv) +{ return; } + +/*ARGSUSED*/ +void t4_des_cbc_encrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_crypt, uint64_t *iv) +{ return; } + +/*ARGSUSED*/ +void t4_des_cbc_decrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_crypt, uint64_t *iv) +{ return; } + +/*ARGSUSED*/ +void t4_des3_load_keys(uint64_t *ks) +{ return; } + +/*ARGSUSED*/ +void t4_des3_ecb_crypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_crypt, uint64_t *iv) +{ return; } + +/*ARGSUSED*/ +void t4_des3_cbc_encrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_crypt, uint64_t *iv) +{ return; } + +/*ARGSUSED*/ +void t4_des3_cbc_decrypt(uint64_t *ks, uint64_t *asm_in, + uint64_t *asm_out, size_t amount_to_crypt, uint64_t *iv) +{ return; } + +#else /* lint || __lint */ + +#include + + + ENTRY(t4_des_expand) + +!load key + ld [%o1], %f0 + ld [%o1 + 0x4], %f1 + +!expand the key + !des_kexpand %f0, 0, %f0 + !des_kexpand %f0, 1, %f2 + !des_kexpand %f2, 3, %f6 + !des_kexpand %f2, 2, %f4 + !des_kexpand %f6, 3, %f10 + !des_kexpand %f6, 2, %f8 + !des_kexpand %f10, 3, %f14 + !des_kexpand %f10, 2, %f12 + !des_kexpand %f14, 1, %f16 + !des_kexpand %f16, 3, %f20 + !des_kexpand %f16, 2, %f18 + !des_kexpand %f20, 3, %f24 + !des_kexpand %f20, 2, %f22 + !des_kexpand %f24, 3, %f28 + !des_kexpand %f24, 2, %f26 + !des_kexpand %f28, 1, %f30 + .byte 0x81, 0xb0, 0x26, 0xc0 + .byte 0x85, 0xb0, 0x26, 0xc1 + .byte 0x8d, 0xb0, 0xa6, 0xc3 + .byte 0x89, 0xb0, 0xa6, 0xc2 + .byte 0x95, 0xb1, 0xa6, 0xc3 + .byte 0x91, 0xb1, 0xa6, 0xc2 + .byte 0x9d, 0xb2, 0xa6, 0xc3 + .byte 0x99, 0xb2, 0xa6, 0xc2 + .byte 0xa1, 0xb3, 0xa6, 0xc1 + .byte 0xa9, 0xb4, 0x26, 0xc3 + .byte 0xa5, 0xb4, 0x26, 0xc2 + .byte 0xb1, 0xb5, 0x26, 0xc3 + .byte 0xad, 0xb5, 0x26, 0xc2 + .byte 0xb9, 0xb6, 0x26, 0xc3 + .byte 0xb5, 0xb6, 0x26, 0xc2 + .byte 0xbd, 0xb7, 0x26, 0xc1 + +!copy expanded key back into array + std %f0, [%o0] + std %f2, [%o0 + 0x8] + std %f4, [%o0 + 0x10] + std %f6, [%o0 + 0x18] + std %f8, [%o0 + 0x20] + std %f10, [%o0 + 0x28] + std %f12, [%o0 + 0x30] + std %f14, [%o0 + 0x38] + std %f16, [%o0 + 0x40] + std %f18, [%o0 + 0x48] + std %f20, [%o0 + 0x50] + std %f22, [%o0 + 0x58] + std %f24, [%o0 + 0x60] + std %f26, [%o0 + 0x68] + std %f28, [%o0 + 0x70] + retl + std %f30, [%o0 + 0x78] + + SET_SIZE(t4_des_expand) + + + ENTRY(t4_des_encrypt) + +!load expanded key + ldd [%o0], %f0 + ldd [%o0 + 0x8], %f2 + ldd [%o0 + 0x10], %f4 + ldd [%o0 + 0x18], %f6 + ldd [%o0 + 0x20], %f8 + ldd [%o0 + 0x28], %f10 + ldd [%o0 + 0x30], %f12 + ldd [%o0 + 0x38], %f14 + ldd [%o0 + 0x40], %f16 + ldd [%o0 + 0x48], %f18 + ldd [%o0 + 0x50], %f20 + ldd [%o0 + 0x58], %f22 + ldd [%o0 + 0x60], %f24 + ldd [%o0 + 0x68], %f26 + ldd [%o0 + 0x70], %f28 + ldd [%o0 + 0x78], %f30 + +!load input + ldd [%o1], %f32 + +!perform the cipher transformation + !des_ip %f32, %f32 + !des_round %f0, %f2, %f32, %f32 + !des_round %f4, %f6, %f32, %f32 + !des_round %f8, %f10, %f32, %f32 + !des_round %f12, %f14, %f32, %f32 + !des_round %f16, %f18, %f32, %f32 + !des_round %f20, %f22, %f32, %f32 + !des_round %f24, %f26, %f32, %f32 + !des_round %f28, %f30, %f32, %f32 + !des_iip %f32, %f32 + .byte 0x83, 0xb0, 0x66, 0x80 + .byte 0x82, 0xc8, 0x03, 0x22 + .byte 0x82, 0xc9, 0x03, 0x26 + .byte 0x82, 0xca, 0x03, 0x2a + .byte 0x82, 0xcb, 0x03, 0x2e + .byte 0x82, 0xcc, 0x03, 0x32 + .byte 0x82, 0xcd, 0x03, 0x36 + .byte 0x82, 0xce, 0x03, 0x3a + .byte 0x82, 0xcf, 0x03, 0x3e + .byte 0x83, 0xb0, 0x66, 0xa0 + +!copy output back to array + retl + std %f32, [%o2] + + SET_SIZE(t4_des_encrypt) + + ENTRY(t4_des_load_keys) + +!load expanded key + ldd [%o0], %f0 + ldd [%o0 + 0x8], %f2 + ldd [%o0 + 0x10], %f4 + ldd [%o0 + 0x18], %f6 + ldd [%o0 + 0x20], %f8 + ldd [%o0 + 0x28], %f10 + ldd [%o0 + 0x30], %f12 + ldd [%o0 + 0x38], %f14 + ldd [%o0 + 0x40], %f16 + ldd [%o0 + 0x48], %f18 + ldd [%o0 + 0x50], %f20 + ldd [%o0 + 0x58], %f22 + ldd [%o0 + 0x60], %f24 + ldd [%o0 + 0x68], %f26 + ldd [%o0 + 0x70], %f28 + retl + ldd [%o0 + 0x78], %f30 + + SET_SIZE(t4_des_load_keys) + + ENTRY(t4_des3_load_keys) + +!load first 30 pieces of the expanded key + ldd [%o0], %f0 + ldd [%o0 + 0x8], %f2 + ldd [%o0 + 0x10], %f4 + ldd [%o0 + 0x18], %f6 + ldd [%o0 + 0x20], %f8 + ldd [%o0 + 0x28], %f10 + ldd [%o0 + 0x30], %f12 + ldd [%o0 + 0x38], %f14 + ldd [%o0 + 0x40], %f16 + ldd [%o0 + 0x48], %f18 + ldd [%o0 + 0x50], %f20 + ldd [%o0 + 0x58], %f22 + ldd [%o0 + 0x60], %f24 + ldd [%o0 + 0x68], %f26 + ldd [%o0 + 0x70], %f28 + ldd [%o0 + 0x78], %f30 + ldd [%o0 + 0x80], %f32 + ldd [%o0 + 0x88], %f34 + ldd [%o0 + 0x90], %f36 + ldd [%o0 + 0x98], %f38 + ldd [%o0 + 0xa0], %f40 + ldd [%o0 + 0xa8], %f42 + ldd [%o0 + 0xb0], %f44 + ldd [%o0 + 0xb8], %f46 + ldd [%o0 + 0xc0], %f48 + ldd [%o0 + 0xc8], %f50 + ldd [%o0 + 0xd0], %f52 + ldd [%o0 + 0xd8], %f54 + ldd [%o0 + 0xe0], %f56 + retl + ldd [%o0 + 0xe8], %f58 + + SET_SIZE(t4_des3_load_keys) + + ENTRY(t4_des_ecb_crypt) + +des_ecb_loop: +!load input + ldd [%o1], %f62 + +!perform the cipher transformation + !des_ip %f62, %f62 + !des_round %f0, %f2, %f62, %f62 + !des_round %f4, %f6, %f62, %f62 + !des_round %f8, %f10, %f62, %f62 + !des_round %f12, %f14, %f62, %f62 + !des_round %f16, %f18, %f62, %f62 + !des_round %f20, %f22, %f62, %f62 + !des_round %f24, %f26, %f62, %f62 + !des_round %f28, %f30, %f62, %f62 + !des_iip %f62, %f62 + .byte 0xbf, 0xb7, 0xe6, 0x80 + .byte 0xbe, 0xc8, 0x3f, 0x22 + .byte 0xbe, 0xc9, 0x3f, 0x26 + .byte 0xbe, 0xca, 0x3f, 0x2a + .byte 0xbe, 0xcb, 0x3f, 0x2e + .byte 0xbe, 0xcc, 0x3f, 0x32 + .byte 0xbe, 0xcd, 0x3f, 0x36 + .byte 0xbe, 0xce, 0x3f, 0x3a + .byte 0xbe, 0xcf, 0x3f, 0x3e + .byte 0xbf, 0xb7, 0xe6, 0xa0 + +!copy output back to array + std %f62, [%o2] + sub %o3, 8, %o3 + add %o1, 8, %o1 + brnz %o3, des_ecb_loop + add %o2, 8, %o2 + + retl + nop + + SET_SIZE(t4_des_ecb_crypt) + + + ENTRY(t4_des_cbc_encrypt) + + ldd [%o4], %f60 +des_cbc_encrypt_loop: +!load input + ldd [%o1], %f58 + fxor %f58, %f60, %f62 + +!perform the cipher transformation + !des_ip %f62, %f62 + !des_round %f0, %f2, %f62, %f62 + !des_round %f4, %f6, %f62, %f62 + !des_round %f8, %f10, %f62, %f62 + !des_round %f12, %f14, %f62, %f62 + !des_round %f16, %f18, %f62, %f62 + !des_round %f20, %f22, %f62, %f62 + !des_round %f24, %f26, %f62, %f62 + !des_round %f28, %f30, %f62, %f62 + !des_iip %f62, %f60 + .byte 0xbf, 0xb7, 0xe6, 0x80 + .byte 0xbe, 0xc8, 0x3f, 0x22 + .byte 0xbe, 0xc9, 0x3f, 0x26 + .byte 0xbe, 0xca, 0x3f, 0x2a + .byte 0xbe, 0xcb, 0x3f, 0x2e + .byte 0xbe, 0xcc, 0x3f, 0x32 + .byte 0xbe, 0xcd, 0x3f, 0x36 + .byte 0xbe, 0xce, 0x3f, 0x3a + .byte 0xbe, 0xcf, 0x3f, 0x3e + .byte 0xbb, 0xb7, 0xe6, 0xa0 + +!copy output back to array + std %f60, [%o2] + sub %o3, 8, %o3 + add %o1, 8, %o1 + brnz %o3, des_cbc_encrypt_loop + add %o2, 8, %o2 + + retl + std %f60, [%o4] + + SET_SIZE(t4_des_cbc_encrypt) + + + + ENTRY(t4_des_cbc_decrypt) + + ldd [%o4], %f60 +des_cbc_decrypt_loop: +!load input + ldd [%o1], %f62 + ldx [%o1], %o5 + +!perform the cipher transformation + !des_ip %f62, %f62 + !des_round %f0, %f2, %f62, %f62 + !des_round %f4, %f6, %f62, %f62 + !des_round %f8, %f10, %f62, %f62 + !des_round %f12, %f14, %f62, %f62 + !des_round %f16, %f18, %f62, %f62 + !des_round %f20, %f22, %f62, %f62 + !des_round %f24, %f26, %f62, %f62 + !des_round %f28, %f30, %f62, %f62 + !des_iip %f62, %f62 + .byte 0xbf, 0xb7, 0xe6, 0x80 + .byte 0xbe, 0xc8, 0x3f, 0x22 + .byte 0xbe, 0xc9, 0x3f, 0x26 + .byte 0xbe, 0xca, 0x3f, 0x2a + .byte 0xbe, 0xcb, 0x3f, 0x2e + .byte 0xbe, 0xcc, 0x3f, 0x32 + .byte 0xbe, 0xcd, 0x3f, 0x36 + .byte 0xbe, 0xce, 0x3f, 0x3a + .byte 0xbe, 0xcf, 0x3f, 0x3e + .byte 0xbf, 0xb7, 0xe6, 0xa0 + fxor %f60, %f62, %f62 + movxtod %o5, %f60 + +!copy output back to array + std %f62, [%o2] + sub %o3, 8, %o3 + add %o1, 8, %o1 + brnz %o3, des_cbc_decrypt_loop + add %o2, 8, %o2 + + retl + std %f60, [%o4] + + SET_SIZE(t4_des_cbc_decrypt) + + + + ENTRY(t4_des3_ecb_crypt) + +des3_ecb_loop: +!load input + ldd [%o1], %f62 + +!perform the cipher transformation + !des_ip %f62, %f62 + !des_round %f0, %f2, %f62, %f62 + !des_round %f4, %f6, %f62, %f62 + !des_round %f8, %f10, %f62, %f62 + !des_round %f12, %f14, %f62, %f62 + !des_round %f16, %f18, %f62, %f62 + .byte 0xbf, 0xb7, 0xe6, 0x80 + .byte 0xbe, 0xc8, 0x3f, 0x22 + .byte 0xbe, 0xc9, 0x3f, 0x26 + .byte 0xbe, 0xca, 0x3f, 0x2a + .byte 0xbe, 0xcb, 0x3f, 0x2e + .byte 0xbe, 0xcc, 0x3f, 0x32 + + ldd [%o0 + 0xf0], %f16 + ldd [%o0 + 0xf8], %f18 + !des_round %f20, %f22, %f62, %f62 + .byte 0xbe, 0xcd, 0x3f, 0x36 + ldd [%o0 + 0x100], %f20 + ldd [%o0 + 0x108], %f22 + !des_round %f24, %f26, %f62, %f62 + .byte 0xbe, 0xce, 0x3f, 0x3a + ldd [%o0 + 0x110], %f24 + ldd [%o0 + 0x118], %f26 + !des_round %f28, %f30, %f62, %f62 + .byte 0xbe, 0xcf, 0x3f, 0x3e + ldd [%o0 + 0x120], %f28 + ldd [%o0 + 0x128], %f30 + + !des_iip %f62, %f62 + !des_ip %f62, %f62 + .byte 0xbf, 0xb7, 0xe6, 0xa0 + .byte 0xbf, 0xb7, 0xe6, 0x80 + + !des_round %f32, %f34, %f62, %f62 + .byte 0xbe, 0xc8, 0x7f, 0x23 + ldd [%o0 + 0x130], %f0 + ldd [%o0 + 0x138], %f2 + !des_round %f36, %f38, %f62, %f62 + .byte 0xbe, 0xc9, 0x7f, 0x27 + ldd [%o0 + 0x140], %f4 + ldd [%o0 + 0x148], %f6 + !des_round %f40, %f42, %f62, %f62 + .byte 0xbe, 0xca, 0x7f, 0x2b + ldd [%o0 + 0x150], %f8 + ldd [%o0 + 0x158], %f10 + !des_round %f44, %f46, %f62, %f62 + .byte 0xbe, 0xcb, 0x7f, 0x2f + ldd [%o0 + 0x160], %f12 + ldd [%o0 + 0x168], %f14 + !des_round %f48, %f50, %f62, %f62 + !des_round %f52, %f54, %f62, %f62 + !des_round %f56, %f58, %f62, %f62 + !des_round %f16, %f18, %f62, %f62 + .byte 0xbe, 0xcc, 0x7f, 0x33 + .byte 0xbe, 0xcd, 0x7f, 0x37 + .byte 0xbe, 0xce, 0x7f, 0x3b + .byte 0xbe, 0xcc, 0x3f, 0x32 + ldd [%o0 + 0x170], %f16 + ldd [%o0 + 0x178], %f18 + + !des_iip %f62, %f62 + !des_ip %f62, %f62 + .byte 0xbf, 0xb7, 0xe6, 0xa0 + .byte 0xbf, 0xb7, 0xe6, 0x80 + + !des_round %f20, %f22, %f62, %f62 + .byte 0xbe, 0xcd, 0x3f, 0x36 + ldd [%o0 + 0x50], %f20 + ldd [%o0 + 0x58], %f22 + !des_round %f24, %f26, %f62, %f62 + .byte 0xbe, 0xce, 0x3f, 0x3a + ldd [%o0 + 0x60], %f24 + ldd [%o0 + 0x68], %f26 + !des_round %f28, %f30, %f62, %f62 + .byte 0xbe, 0xcf, 0x3f, 0x3e + ldd [%o0 + 0x70], %f28 + ldd [%o0 + 0x78], %f30 + !des_round %f0, %f2, %f62, %f62 + .byte 0xbe, 0xc8, 0x3f, 0x22 + ldd [%o0], %f0 + ldd [%o0 + 0x8], %f2 + !des_round %f4, %f6, %f62, %f62 + .byte 0xbe, 0xc9, 0x3f, 0x26 + + ldd [%o0 + 0x10], %f4 + ldd [%o0 + 0x18], %f6 + !des_round %f8, %f10, %f62, %f62 + .byte 0xbe, 0xca, 0x3f, 0x2a + ldd [%o0 + 0x20], %f8 + ldd [%o0 + 0x28], %f10 + !des_round %f12, %f14, %f62, %f62 + .byte 0xbe, 0xcb, 0x3f, 0x2e + ldd [%o0 + 0x30], %f12 + ldd [%o0 + 0x38], %f14 + !des_round %f16, %f18, %f62, %f62 + .byte 0xbe, 0xcc, 0x3f, 0x32 + ldd [%o0 + 0x40], %f16 + ldd [%o0 + 0x48], %f18 + + !des_iip %f62, %f62 + .byte 0xbf, 0xb7, 0xe6, 0xa0 + +!copy output back to array + std %f62, [%o2] + sub %o3, 8, %o3 + add %o1, 8, %o1 + brnz %o3, des3_ecb_loop + add %o2, 8, %o2 + + retl + nop + + SET_SIZE(t4_des3_ecb_crypt) + + + ENTRY(t4_des3_cbc_encrypt) + + ldd [%o4], %f62 +des3_cbc_encrypt_loop: +!load input + ldd [%o1], %f60 + fxor %f60, %f62, %f62 + +!perform the cipher transformation + !des_ip %f62, %f62 + .byte 0xbf, 0xb7, 0xe6, 0x80 + !des_round %f0, %f2, %f62, %f62 + !des_round %f4, %f6, %f62, %f62 + !des_round %f8, %f10, %f62, %f62 + !des_round %f12, %f14, %f62, %f62 + !des_round %f16, %f18, %f62, %f62 + .byte 0xbe, 0xc8, 0x3f, 0x22 + .byte 0xbe, 0xc9, 0x3f, 0x26 + .byte 0xbe, 0xca, 0x3f, 0x2a + .byte 0xbe, 0xcb, 0x3f, 0x2e + .byte 0xbe, 0xcc, 0x3f, 0x32 + ldd [%o0 + 0xf0], %f16 + ldd [%o0 + 0xf8], %f18 + !des_round %f20, %f22, %f62, %f62 + .byte 0xbe, 0xcd, 0x3f, 0x36 + ldd [%o0 + 0x100], %f20 + ldd [%o0 + 0x108], %f22 + !des_round %f24, %f26, %f62, %f62 + .byte 0xbe, 0xce, 0x3f, 0x3a + ldd [%o0 + 0x110], %f24 + ldd [%o0 + 0x118], %f26 + !des_round %f28, %f30, %f62, %f62 + .byte 0xbe, 0xcf, 0x3f, 0x3e + ldd [%o0 + 0x120], %f28 + ldd [%o0 + 0x128], %f30 + + !des_iip %f62, %f62 + !des_ip %f62, %f62 + .byte 0xbf, 0xb7, 0xe6, 0xa0 + .byte 0xbf, 0xb7, 0xe6, 0x80 + + !des_round %f32, %f34, %f62, %f62 + .byte 0xbe, 0xc8, 0x7f, 0x23 + ldd [%o0 + 0x130], %f0 + ldd [%o0 + 0x138], %f2 + !des_round %f36, %f38, %f62, %f62 + .byte 0xbe, 0xc9, 0x7f, 0x27 + ldd [%o0 + 0x140], %f4 + ldd [%o0 + 0x148], %f6 + !des_round %f40, %f42, %f62, %f62 + .byte 0xbe, 0xca, 0x7f, 0x2b + ldd [%o0 + 0x150], %f8 + ldd [%o0 + 0x158], %f10 + !des_round %f44, %f46, %f62, %f62 + .byte 0xbe, 0xcb, 0x7f, 0x2f + ldd [%o0 + 0x160], %f12 + ldd [%o0 + 0x168], %f14 + !des_round %f48, %f50, %f62, %f62 + !des_round %f52, %f54, %f62, %f62 + !des_round %f56, %f58, %f62, %f62 + !des_round %f16, %f18, %f62, %f62 + .byte 0xbe, 0xcc, 0x7f, 0x33 + .byte 0xbe, 0xcd, 0x7f, 0x37 + .byte 0xbe, 0xce, 0x7f, 0x3b + .byte 0xbe, 0xcc, 0x3f, 0x32 + ldd [%o0 + 0x170], %f16 + ldd [%o0 + 0x178], %f18 + + !des_iip %f62, %f62 + !des_ip %f62, %f62 + .byte 0xbf, 0xb7, 0xe6, 0xa0 + .byte 0xbf, 0xb7, 0xe6, 0x80 + + !des_round %f20, %f22, %f62, %f62 + .byte 0xbe, 0xcd, 0x3f, 0x36 + ldd [%o0 + 0x50], %f20 + ldd [%o0 + 0x58], %f22 + !des_round %f24, %f26, %f62, %f62 + .byte 0xbe, 0xce, 0x3f, 0x3a + ldd [%o0 + 0x60], %f24 + ldd [%o0 + 0x68], %f26 + !des_round %f28, %f30, %f62, %f62 + .byte 0xbe, 0xcf, 0x3f, 0x3e + ldd [%o0 + 0x70], %f28 + ldd [%o0 + 0x78], %f30 + !des_round %f0, %f2, %f62, %f62 + .byte 0xbe, 0xc8, 0x3f, 0x22 + ldd [%o0], %f0 + ldd [%o0 + 0x8], %f2 + !des_round %f4, %f6, %f62, %f62 + .byte 0xbe, 0xc9, 0x3f, 0x26 + ldd [%o0 + 0x10], %f4 + ldd [%o0 + 0x18], %f6 + !des_round %f8, %f10, %f62, %f62 + .byte 0xbe, 0xca, 0x3f, 0x2a + ldd [%o0 + 0x20], %f8 + ldd [%o0 + 0x28], %f10 + !des_round %f12, %f14, %f62, %f62 + .byte 0xbe, 0xcb, 0x3f, 0x2e + ldd [%o0 + 0x30], %f12 + ldd [%o0 + 0x38], %f14 + !des_round %f16, %f18, %f62, %f62 + .byte 0xbe, 0xcc, 0x3f, 0x32 + ldd [%o0 + 0x40], %f16 + ldd [%o0 + 0x48], %f18 + + !des_iip %f62, %f62 + .byte 0xbf, 0xb7, 0xe6, 0xa0 + +!copy output back to array + std %f62, [%o2] + sub %o3, 8, %o3 + add %o1, 8, %o1 + brnz %o3, des3_cbc_encrypt_loop + add %o2, 8, %o2 + + retl + std %f62, [%o4] + + SET_SIZE(t4_des3_cbc_encrypt) + + + ENTRY(t4_des3_cbc_decrypt) + + ldd [%o4], %f60 +des3_cbc_decrypt_loop: +!load input + ldx [%o1], %o5 + movxtod %o5, %f62 + +!perform the cipher transformation + !des_ip %f62, %f62 + .byte 0xbf, 0xb7, 0xe6, 0x80 + !des_round %f0, %f2, %f62, %f62 + !des_round %f4, %f6, %f62, %f62 + !des_round %f8, %f10, %f62, %f62 + !des_round %f12, %f14, %f62, %f62 + !des_round %f16, %f18, %f62, %f62 + .byte 0xbe, 0xc8, 0x3f, 0x22 + .byte 0xbe, 0xc9, 0x3f, 0x26 + .byte 0xbe, 0xca, 0x3f, 0x2a + .byte 0xbe, 0xcb, 0x3f, 0x2e + .byte 0xbe, 0xcc, 0x3f, 0x32 + ldd [%o0 + 0xf0], %f16 + ldd [%o0 + 0xf8], %f18 + !des_round %f20, %f22, %f62, %f62 + .byte 0xbe, 0xcd, 0x3f, 0x36 + ldd [%o0 + 0x100], %f20 + ldd [%o0 + 0x108], %f22 + !des_round %f24, %f26, %f62, %f62 + .byte 0xbe, 0xce, 0x3f, 0x3a + ldd [%o0 + 0x110], %f24 + ldd [%o0 + 0x118], %f26 + !des_round %f28, %f30, %f62, %f62 + .byte 0xbe, 0xcf, 0x3f, 0x3e + ldd [%o0 + 0x120], %f28 + ldd [%o0 + 0x128], %f30 + + !des_iip %f62, %f62 + !des_ip %f62, %f62 + .byte 0xbf, 0xb7, 0xe6, 0xa0 + .byte 0xbf, 0xb7, 0xe6, 0x80 + + !des_round %f32, %f34, %f62, %f62 + .byte 0xbe, 0xc8, 0x7f, 0x23 + ldd [%o0 + 0x130], %f0 + ldd [%o0 + 0x138], %f2 + !des_round %f36, %f38, %f62, %f62 + .byte 0xbe, 0xc9, 0x7f, 0x27 + ldd [%o0 + 0x140], %f4 + ldd [%o0 + 0x148], %f6 + !des_round %f40, %f42, %f62, %f62 + .byte 0xbe, 0xca, 0x7f, 0x2b + ldd [%o0 + 0x150], %f8 + ldd [%o0 + 0x158], %f10 + !des_round %f44, %f46, %f62, %f62 + .byte 0xbe, 0xcb, 0x7f, 0x2f + ldd [%o0 + 0x160], %f12 + ldd [%o0 + 0x168], %f14 + !des_round %f48, %f50, %f62, %f62 + !des_round %f52, %f54, %f62, %f62 + !des_round %f56, %f58, %f62, %f62 + !des_round %f16, %f18, %f62, %f62 + .byte 0xbe, 0xcc, 0x7f, 0x33 + .byte 0xbe, 0xcd, 0x7f, 0x37 + .byte 0xbe, 0xce, 0x7f, 0x3b + .byte 0xbe, 0xcc, 0x3f, 0x32 + ldd [%o0 + 0x170], %f16 + ldd [%o0 + 0x178], %f18 + + !des_iip %f62, %f62 + !des_ip %f62, %f62 + .byte 0xbf, 0xb7, 0xe6, 0xa0 + .byte 0xbf, 0xb7, 0xe6, 0x80 + + !des_round %f20, %f22, %f62, %f62 + .byte 0xbe, 0xcd, 0x3f, 0x36 + ldd [%o0 + 0x50], %f20 + ldd [%o0 + 0x58], %f22 + !des_round %f24, %f26, %f62, %f62 + .byte 0xbe, 0xce, 0x3f, 0x3a + ldd [%o0 + 0x60], %f24 + ldd [%o0 + 0x68], %f26 + !des_round %f28, %f30, %f62, %f62 + .byte 0xbe, 0xcf, 0x3f, 0x3e + ldd [%o0 + 0x70], %f28 + ldd [%o0 + 0x78], %f30 + !des_round %f0, %f2, %f62, %f62 + .byte 0xbe, 0xc8, 0x3f, 0x22 + ldd [%o0], %f0 + ldd [%o0 + 0x8], %f2 + !des_round %f4, %f6, %f62, %f62 + .byte 0xbe, 0xc9, 0x3f, 0x26 + ldd [%o0 + 0x10], %f4 + ldd [%o0 + 0x18], %f6 + !des_round %f8, %f10, %f62, %f62 + .byte 0xbe, 0xca, 0x3f, 0x2a + ldd [%o0 + 0x20], %f8 + ldd [%o0 + 0x28], %f10 + !des_round %f12, %f14, %f62, %f62 + .byte 0xbe, 0xcb, 0x3f, 0x2e + ldd [%o0 + 0x30], %f12 + ldd [%o0 + 0x38], %f14 + !des_round %f16, %f18, %f62, %f62 + .byte 0xbe, 0xcc, 0x3f, 0x32 + ldd [%o0 + 0x40], %f16 + ldd [%o0 + 0x48], %f18 + + !des_iip %f62, %f62 + .byte 0xbf, 0xb7, 0xe6, 0xa0 + fxor %f60, %f62, %f62 + movxtod %o5, %f60 + +!copy output back to array + std %f62, [%o2] + sub %o3, 8, %o3 + add %o1, 8, %o1 + brnz %o3, des3_cbc_decrypt_loop + add %o2, 8, %o2 + + retl + stx %o5, [%o4] + + SET_SIZE(t4_des3_cbc_decrypt) + + +#endif /* lint || __lint */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/engines/t4/t4_md5.S --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/engines/t4/t4_md5.S Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,151 @@ +/* + * ==================================================================== + * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + */ + +/*LINTLIBRARY*/ + +#if defined(lint) || defined(__lint) + +#include +#include + +/*ARGSUSED*/ +void +t4_md5_multiblock(MD5_CTX *ctx, const uint8_t *input, + unsigned int input_length_in_blocks) +{ return; } + +#else /* lint || __lint */ + +#include + + ENTRY(t4_md5_multiblock) + +!load result from previous digest (stored in ctx) + ld [%o0], %f0 + ld [%o0 + 0x4], %f1 + ld [%o0 + 0x8], %f2 + ld [%o0 + 0xc], %f3 + + and %o1, 7, %o3 + brnz %o3, md5_unaligned_input + nop + +md5_loop: + +!load 64 bytes of data + ldd [%o1], %f8 !load 8 bytes of data + ldd [%o1 + 0x8], %f10 !load 8 bytes of data + ldd [%o1 + 0x10], %f12 !load 8 bytes of data + ldd [%o1 + 0x18], %f14 !load 8 bytes of data + ldd [%o1 + 0x20], %f16 !load 8 bytes of data + ldd [%o1 + 0x28], %f18 !load 8 bytes of data + ldd [%o1 + 0x30], %f20 !load 8 bytes of data + ldd [%o1 + 0x38], %f22 !load 8 bytes of data + +!perform crypto instruction here + !md5 + .byte 0x81, 0xb0, 0x28, 0x00 + + dec %o2 + brnz %o2, md5_loop + add %o1, 0x40, %o1 + +!copy digest back into ctx + st %f0, [%o0] + st %f1, [%o0 + 0x4] + st %f2, [%o0 + 0x8] + retl + st %f3, [%o0 + 0xc] + +md5_unaligned_input: + alignaddr %o1, %g0, %g0 ! generate %gsr + andn %o1, 7, %o1 + +md5_unaligned_input_loop: + ldd [%o1], %f8 !load 8 bytes of data + ldd [%o1 + 0x8], %f10 !load 8 bytes of data + ldd [%o1 + 0x10], %f12 !load 8 bytes of data + ldd [%o1 + 0x18], %f14 !load 8 bytes of data + ldd [%o1 + 0x20], %f16 !load 8 bytes of data + ldd [%o1 + 0x28], %f18 !load 8 bytes of data + ldd [%o1 + 0x30], %f20 !load 8 bytes of data + ldd [%o1 + 0x38], %f22 !load 8 bytes of data + ldd [%o1 + 0x40], %f24 !load 8 bytes of data + faligndata %f8, %f10, %f8 + faligndata %f10, %f12, %f10 + faligndata %f12, %f14, %f12 + faligndata %f14, %f16, %f14 + faligndata %f16, %f18, %f16 + faligndata %f18, %f20, %f18 + faligndata %f20, %f22, %f20 + faligndata %f22, %f24, %f22 + +!perform crypto instruction here + !md5 + .byte 0x81, 0xb0, 0x28, 0x00 + + dec %o2 + brnz %o2, md5_unaligned_input_loop + add %o1, 0x40, %o1 + +!copy digest back into ctx + st %f0, [%o0] + st %f1, [%o0 + 0x4] + st %f2, [%o0 + 0x8] + retl + st %f3, [%o0 + 0xc] + + SET_SIZE(t4_md5_multiblock) + +#endif /* lint || __lint */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/engines/t4/t4_sha1.S --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/engines/t4/t4_sha1.S Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,153 @@ +/* + * ==================================================================== + * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + */ + +/*LINTLIBRARY*/ + +#if defined(lint) || defined(__lint) + +#include +#include + +/*ARGSUSED*/ +void +t4_sha1_multiblock(SHA_CTX *ctx, const void *input, size_t num) +{ return; } + +#else /* lint || __lint */ + +#include + + ENTRY(t4_sha1_multiblock) + +!load result from previous digest (stored in ctx) + ld [%o0], %f0 + ld [%o0 + 0x4], %f1 + ld [%o0 + 0x8], %f2 + ld [%o0 + 0xc], %f3 + ld [%o0 + 0x10], %f4 + + and %o1, 7, %o3 + brnz %o3, sha1_unaligned_input + nop + +sha1_loop: + +!load 64 bytes of data + ldd [%o1], %f8 !load 8 bytes of data + ldd [%o1 + 0x8], %f10 !load 8 bytes of data + ldd [%o1 + 0x10], %f12 !load 8 bytes of data + ldd [%o1 + 0x18], %f14 !load 8 bytes of data + ldd [%o1 + 0x20], %f16 !load 8 bytes of data + ldd [%o1 + 0x28], %f18 !load 8 bytes of data + ldd [%o1 + 0x30], %f20 !load 8 bytes of data + ldd [%o1 + 0x38], %f22 !load 8 bytes of data + +!perform crypto instruction here + !sha1 + .byte 0x81, 0xb0, 0x28, 0x20 + + dec %o2 + brnz %o2, sha1_loop + add %o1, 0x40, %o1 + +!copy digest back into ctx + st %f0, [%o0] + st %f1, [%o0 + 0x4] + st %f2, [%o0 + 0x8] + st %f3, [%o0 + 0xc] + retl + st %f4, [%o0 + 0x10] + +sha1_unaligned_input: + alignaddr %o1, %g0, %g0 ! generate %gsr + andn %o1, 7, %o1 + +sha1_unaligned_input_loop: + ldd [%o1], %f8 !load 8 bytes of data + ldd [%o1 + 0x8], %f10 !load 8 bytes of data + ldd [%o1 + 0x10], %f12 !load 8 bytes of data + ldd [%o1 + 0x18], %f14 !load 8 bytes of data + ldd [%o1 + 0x20], %f16 !load 8 bytes of data + ldd [%o1 + 0x28], %f18 !load 8 bytes of data + ldd [%o1 + 0x30], %f20 !load 8 bytes of data + ldd [%o1 + 0x38], %f22 !load 8 bytes of data + ldd [%o1 + 0x40], %f24 !load 8 bytes of data + faligndata %f8, %f10, %f8 + faligndata %f10, %f12, %f10 + faligndata %f12, %f14, %f12 + faligndata %f14, %f16, %f14 + faligndata %f16, %f18, %f16 + faligndata %f18, %f20, %f18 + faligndata %f20, %f22, %f20 + faligndata %f22, %f24, %f22 + +!perform crypto instruction here + !sha1 + .byte 0x81, 0xb0, 0x28, 0x20 + + dec %o2 + brnz %o2, sha1_unaligned_input_loop + add %o1, 0x40, %o1 + +!copy digest back into ctx + st %f0, [%o0] + st %f1, [%o0 + 0x4] + st %f2, [%o0 + 0x8] + st %f3, [%o0 + 0xc] + retl + st %f4, [%o0 + 0x10] + + SET_SIZE(t4_sha1_multiblock) + +#endif /* lint || __lint */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/engines/t4/t4_sha2.S --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/engines/t4/t4_sha2.S Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,314 @@ +/* + * ==================================================================== + * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +/* + * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + */ + +/*LINTLIBRARY*/ + +#if defined(lint) || defined(__lint) + +#include +#include +#include "../engine/eng_t4_sha2_asm.h" + +/*ARGSUSED*/ +void +t4_sha256_multiblock(T4_SHA256_CTX *c, const void *input, + size_t num) +{ return; } + +/*ARGSUSED*/ +void +t4_sha512_multiblock(T4_SHA512_CTX *c, const void *input, + size_t num) +{ return; } + +#else /* lint || __lint */ + +#include + + ENTRY(t4_sha256_multiblock) + + add %o0, 0x8, %o0 !skip over first field in ctx + +!load result from previous digest (stored in ctx) + ld [%o0], %f0 + ld [%o0 + 0x4], %f1 + ld [%o0 + 0x8], %f2 + ld [%o0 + 0xc], %f3 + ld [%o0 + 0x10], %f4 + ld [%o0 + 0x14], %f5 + ld [%o0 + 0x18], %f6 + ld [%o0 + 0x1c], %f7 + + and %o1, 7, %o3 + brnz %o3, sha256_unaligned_input + nop + +sha256_loop: + +!load 64 bytes of data + ldd [%o1], %f8 !load 8 bytes of data + ldd [%o1 + 0x8], %f10 !load 8 bytes of data + ldd [%o1 + 0x10], %f12 !load 8 bytes of data + ldd [%o1 + 0x18], %f14 !load 8 bytes of data + ldd [%o1 + 0x20], %f16 !load 8 bytes of data + ldd [%o1 + 0x28], %f18 !load 8 bytes of data + ldd [%o1 + 0x30], %f20 !load 8 bytes of data + ldd [%o1 + 0x38], %f22 !load 8 bytes of data + +!perform crypto instruction here + !sha256 + .byte 0x81, 0xb0, 0x28, 0x40 + + dec %o2 + brnz %o2, sha256_loop + add %o1, 0x40, %o1 + +!copy digest back into ctx + st %f0, [%o0] + st %f1, [%o0 + 0x4] + st %f2, [%o0 + 0x8] + st %f3, [%o0 + 0xc] + st %f4, [%o0 + 0x10] + st %f5, [%o0 + 0x14] + st %f6, [%o0 + 0x18] + retl + st %f7, [%o0 + 0x1c] + +sha256_unaligned_input: + alignaddr %o1, %g0, %g0 ! generate %gsr + andn %o1, 7, %o1 + +sha256_unaligned_input_loop: + ldd [%o1], %f8 !load 8 bytes of data + ldd [%o1 + 0x8], %f10 !load 8 bytes of data + ldd [%o1 + 0x10], %f12 !load 8 bytes of data + ldd [%o1 + 0x18], %f14 !load 8 bytes of data + ldd [%o1 + 0x20], %f16 !load 8 bytes of data + ldd [%o1 + 0x28], %f18 !load 8 bytes of data + ldd [%o1 + 0x30], %f20 !load 8 bytes of data + ldd [%o1 + 0x38], %f22 !load 8 bytes of data + ldd [%o1 + 0x40], %f24 !load 8 bytes of data + faligndata %f8, %f10, %f8 + faligndata %f10, %f12, %f10 + faligndata %f12, %f14, %f12 + faligndata %f14, %f16, %f14 + faligndata %f16, %f18, %f16 + faligndata %f18, %f20, %f18 + faligndata %f20, %f22, %f20 + faligndata %f22, %f24, %f22 + +!perform crypto instruction here + !sha256 + .byte 0x81, 0xb0, 0x28, 0x40 + + dec %o2 + brnz %o2, sha256_unaligned_input_loop + add %o1, 0x40, %o1 + +!copy digest back into ctx + st %f0, [%o0] + st %f1, [%o0 + 0x4] + st %f2, [%o0 + 0x8] + st %f3, [%o0 + 0xc] + st %f4, [%o0 + 0x10] + st %f5, [%o0 + 0x14] + st %f6, [%o0 + 0x18] + retl + st %f7, [%o0 + 0x1c] + + SET_SIZE(t4_sha256_multiblock) + + + ENTRY(t4_sha512_multiblock) + + add %o0, 0x8, %o0 !skip over first field in ctx + +!load result from previous digest (stored in ctx) + ld [%o0], %f0 + ld [%o0 + 0x4], %f1 + ld [%o0 + 0x8], %f2 + ld [%o0 + 0xc], %f3 + ld [%o0 + 0x10], %f4 + ld [%o0 + 0x14], %f5 + ld [%o0 + 0x18], %f6 + ld [%o0 + 0x1c], %f7 + ld [%o0 + 0x20], %f8 + ld [%o0 + 0x24], %f9 + ld [%o0 + 0x28], %f10 + ld [%o0 + 0x2c], %f11 + ld [%o0 + 0x30], %f12 + ld [%o0 + 0x34], %f13 + ld [%o0 + 0x38], %f14 + ld [%o0 + 0x3c], %f15 + + and %o1, 7, %o3 + brnz %o3, sha512_unaligned_input + nop + +sha512_loop: + +!load 128 bytes of data + ldd [%o1], %f16 !load 8 bytes of data + ldd [%o1 + 0x8], %f18 !load 8 bytes of data + ldd [%o1 + 0x10], %f20 !load 8 bytes of data + ldd [%o1 + 0x18], %f22 !load 8 bytes of data + ldd [%o1 + 0x20], %f24 !load 8 bytes of data + ldd [%o1 + 0x28], %f26 !load 8 bytes of data + ldd [%o1 + 0x30], %f28 !load 8 bytes of data + ldd [%o1 + 0x38], %f30 !load 8 bytes of data + ldd [%o1 + 0x40], %f32 !load 8 bytes of data + ldd [%o1 + 0x48], %f34 !load 8 bytes of data + ldd [%o1 + 0x50], %f36 !load 8 bytes of data + ldd [%o1 + 0x58], %f38 !load 8 bytes of data + ldd [%o1 + 0x60], %f40 !load 8 bytes of data + ldd [%o1 + 0x68], %f42 !load 8 bytes of data + ldd [%o1 + 0x70], %f44 !load 8 bytes of data + ldd [%o1 + 0x78], %f46 !load 8 bytes of data + +!perform crypto instruction here + !sha512 + .byte 0x81, 0xb0, 0x28, 0x60 + + dec %o2 + brnz %o2, sha512_loop + add %o1, 0x80, %o1 + +!copy digest back into ctx + st %f0, [%o0] + st %f1, [%o0 + 0x4] + st %f2, [%o0 + 0x8] + st %f3, [%o0 + 0xc] + st %f4, [%o0 + 0x10] + st %f5, [%o0 + 0x14] + st %f6, [%o0 + 0x18] + st %f7, [%o0+ 0x1c] + st %f8, [%o0+ 0x20] + st %f9, [%o0+ 0x24] + st %f10, [%o0+ 0x28] + st %f11, [%o0+ 0x2c] + st %f12, [%o0+ 0x30] + st %f13, [%o0+ 0x34] + st %f14, [%o0+ 0x38] + retl + st %f15, [%o0+ 0x3c] + +sha512_unaligned_input: + alignaddr %o1, %g0, %g0 ! generate %gsr + andn %o1, 7, %o1 + +sha512_unaligned_input_loop: + ldd [%o1], %f16 !load 8 bytes of data + ldd [%o1 + 0x8], %f18 !load 8 bytes of data + ldd [%o1 + 0x10], %f20 !load 8 bytes of data + ldd [%o1 + 0x18], %f22 !load 8 bytes of data + ldd [%o1 + 0x20], %f24 !load 8 bytes of data + ldd [%o1 + 0x28], %f26 !load 8 bytes of data + ldd [%o1 + 0x30], %f28 !load 8 bytes of data + ldd [%o1 + 0x38], %f30 !load 8 bytes of data + ldd [%o1 + 0x40], %f32 !load 8 bytes of data + ldd [%o1 + 0x48], %f34 !load 8 bytes of data + ldd [%o1 + 0x50], %f36 !load 8 bytes of data + ldd [%o1 + 0x58], %f38 !load 8 bytes of data + ldd [%o1 + 0x60], %f40 !load 8 bytes of data + ldd [%o1 + 0x68], %f42 !load 8 bytes of data + ldd [%o1 + 0x70], %f44 !load 8 bytes of data + ldd [%o1 + 0x78], %f46 !load 8 bytes of data + ldd [%o1 + 0x80], %f48 !load 8 bytes of data + faligndata %f16, %f18, %f16 + faligndata %f18, %f20, %f18 + faligndata %f20, %f22, %f20 + faligndata %f22, %f24, %f22 + faligndata %f24, %f26, %f24 + faligndata %f26, %f28, %f26 + faligndata %f28, %f30, %f28 + faligndata %f30, %f32, %f30 + faligndata %f32, %f34, %f32 + faligndata %f34, %f36, %f34 + faligndata %f36, %f38, %f36 + faligndata %f38, %f40, %f38 + faligndata %f40, %f42, %f40 + faligndata %f42, %f44, %f42 + faligndata %f44, %f46, %f44 + faligndata %f46, %f48, %f46 + +!perform crypto instruction here + !sha512 + .byte 0x81, 0xb0, 0x28, 0x60 + + dec %o2 + brnz %o2, sha512_unaligned_input_loop + add %o1, 0x80, %o1 + +!copy digest back into ctx + st %f0, [%o0] + st %f1, [%o0 + 0x4] + st %f2, [%o0 + 0x8] + st %f3, [%o0 + 0xc] + st %f4, [%o0 + 0x10] + st %f5, [%o0 + 0x14] + st %f6, [%o0 + 0x18] + st %f7, [%o0+ 0x1c] + st %f8, [%o0+ 0x20] + st %f9, [%o0+ 0x24] + st %f10, [%o0+ 0x28] + st %f11, [%o0+ 0x2c] + st %f12, [%o0+ 0x30] + st %f13, [%o0+ 0x34] + st %f14, [%o0+ 0x38] + retl + st %f15, [%o0+ 0x3c] + + SET_SIZE(t4_sha512_multiblock) + +#endif /* lint || __lint */ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/llib-lcrypto --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/llib-lcrypto Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,83 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ + +/* + * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. + */ + +/* LINTLIBRARY */ +/* PROTOLIB1 */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/llib-lssl --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/llib-lssl Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,33 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ + +/* + * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. + */ + +/* LINTLIBRARY */ +/* PROTOLIB1 */ + +#include +#include +#include +#include +#include diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/mapfile.wanboot --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/mapfile.wanboot Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,126 @@ +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. +# + +# +# This file defines interface requirements of wanboot on OpenSSL. +# + +$mapfile_version 2 +SYMBOL_SCOPE { + ERR_clear_error; + SSL_CTX_set_default_passwd_cb; + SSL_load_error_strings; + EVP_PKEY_free; + SSL_get_peer_certificate; + SSL_CIPHER_get_name; + sk_value; + RAND_load_file; + X509_NAME_oneline; + SSL_write; + X509_NAME_get_text_by_NID; + OPENSSL_uni2asc; + SSL_CTX_set_default_passwd_cb_userdata; + SSL_CTX_use_PrivateKey_file; + OPENSSL_asc2uni; + SSL_get_error; + ASN1_UTF8STRING_free; + ASN1_mbstring_copy; + ERR_error_string; + PKCS12_unpack_p7data; + X509_free; + ERR_get_error; + ERR_put_error; + PKCS12_free; + ASN1_UTF8STRING_new; + OPENSSL_add_all_algorithms_noconf; + OBJ_nid2obj; + PKCS12_SAFEBAG_free; + ASN1_STRING_free; + sk_delete; + OBJ_obj2nid; + SSL_CTX_set_verify_depth; + PKCS8_PRIV_KEY_INFO_free; + SSL_set_connect_state; + sk_pop_free; + BIO_s_file; + SSL_set_fd; + SSL_CTX_use_PrivateKey; + ASN1_STRING_to_UTF8; + PKCS12_certbag2x509; + PKCS7_free; + PKCS12_decrypt_skey; + BIO_new; + RAND_status; + sk_num; + SSL_get_verify_result; + SSL_free; + SSL_read; + SSL_new; + SSLv3_client_method; + X509_check_private_key; + SSL_CTX_new; + ASN1_TYPE_set; + ASN1_TYPE_new; + ERR_peek_error; + CRYPTO_free; + SSL_CTX_load_verify_locations; + PKCS12_unpack_authsafes; + X509_ATTRIBUTE_new; + PKCS12_unpack_p7encdata; + sk_push; + SSL_connect; + SSL_shutdown; + SSL_CTX_use_certificate_file; + PKCS12_get_attr_gen; + X509_verify_cert_error_string; + X509_ATTRIBUTE_free; + X509_alias_set1; + PKCS12_verify_mac; + ASN1_TIME_print; + SSL_CTX_use_certificate; + SSL_get_ciphers; + SSL_CTX_ctrl; + SSL_CTX_free; + X509_keyid_set1; + ERR_load_strings; + EVP_EncodeBlock; + ASN1_TYPE_free; + sk_new_null; + SSL_get_current_cipher; + ASN1_STRING_cmp; + ASN1_STRING_set; + ERR_get_next_error_library; + EVP_PKCS82PKEY; + X509_get_issuer_name; + CRYPTO_malloc; + BIO_ctrl; + BIO_free; + X509_STORE_add_cert; + ASN1_STRING_type_new; + SSL_CTX_set_cipher_list; + X509_get_subject_name; + SSL_library_init; + d2i_PKCS12_fp; + local: + *; +}; diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/openssl-1.0.1.license --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/openssl-1.0.1.license Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,127 @@ + + LICENSE ISSUES + ============== + + The OpenSSL toolkit stays under a dual license, i.e. both the conditions of + the OpenSSL License and the original SSLeay license apply to the toolkit. + See below for the actual license texts. Actually both licenses are BSD-style + Open Source licenses. In case of any license issues related to OpenSSL + please contact openssl-core@openssl.org. + + OpenSSL License + --------------- + +/* ==================================================================== + * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + Original SSLeay License + ----------------------- + +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/openssl-1.0.1.p5m --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/openssl-1.0.1.p5m Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,1418 @@ +# +# CDDL HEADER START +# +# The contents of this file are subject to the terms of the +# Common Development and Distribution License (the "License"). +# You may not use this file except in compliance with the License. +# +# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE +# or http://www.opensolaris.org/os/licensing. +# See the License for the specific language governing permissions +# and limitations under the License. +# +# When distributing Covered Code, include this CDDL HEADER in each +# file and include the License file at usr/src/OPENSOLARIS.LICENSE. +# If applicable, add the following below this CDDL HEADER, with the +# fields enclosed by brackets "[]" replaced with your own identifying +# information: Portions Copyright [yyyy] [name of copyright owner] +# +# CDDL HEADER END +# +# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved. +# + + default mangler.man.stability uncommitted> +set name=pkg.fmri \ + value=pkg:/library/security/openssl@$(IPS_COMPONENT_VERSION),$(BUILD_VERSION) +set name=pkg.human-version value=$(COMPONENT_VERSION) +set name=pkg.description \ + value="OpenSSL is a full-featured toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library." +set name=pkg.summary value="OpenSSL - a Toolkit for Secure Sockets Layer (SSL v2/v3) and Transport Layer (TLS v1) protocols and general purpose cryptographic library" +set name=com.oracle.info.description value="OpenSSL" +set name=info.classification \ + value="org.opensolaris.category.2008:System/Security" +set name=info.source-url value=$(COMPONENT_ARCHIVE_URL) +set name=info.upstream-url value=$(COMPONENT_PROJECT_URL) +set name=org.opensolaris.arc-caseid \ + value=PSARC/2011/025 +set name=org.opensolaris.consolidation value=$(CONSOLIDATION) +# Basic directories, links, and a configuration file. +dir path=etc +dir path=etc/openssl group=sys +file path=etc/openssl/openssl.cnf group=sys mode=0644 original_name=SUNWopenssl:etc/sfw/openssl/openssl.cnf preserve=true +dir path=etc/openssl/certs group=sys +dir path=etc/openssl/private group=sys mode=0700 +dir path=etc/sfw +link path=etc/sfw/openssl target=../openssl +dir path=lib +dir path=lib/$(MACH64) +dir path=lib/openssl +dir path=lib/openssl/engines +link path=lib/openssl/engines/64 target=$(MACH64) +dir path=lib/openssl/engines/$(MACH64) +dir path=usr/lib +dir path=usr/lib/$(MACH64) +# Commands. +dir path=usr +dir path=usr/bin +file $(MACH64)/apps/openssl path=usr/bin/openssl +file etc/openssl/misc/CA.pl path=usr/bin/CA.pl +dir path=usr/sfw +dir path=usr/sfw/bin +link path=usr/sfw/bin/openssl target=../../bin/openssl +dir path=usr/bin/$(MACH32) +file $(MACH32)/apps/openssl path=usr/bin/$(MACH32)/openssl +dir path=usr/bin/$(MACH64) +dir path=usr/sfw/bin/$(MACH64) +link path=usr/bin/$(MACH64)/openssl target=../openssl +link path=usr/sfw/bin/$(MACH64)/openssl target=../../../bin/openssl +# 32 bit libraries, lint libraries, and engines. +file $(MACH32)/libcrypto.so.1.0.0 path=lib/libcrypto.so.1.0.0 +link path=lib/libcrypto.so target=libcrypto.so.1.0.0 +file $(MACH32)/libssl.so.1.0.0 path=lib/libssl.so.1.0.0 +link path=lib/libssl.so target=libssl.so.1.0.0 +file llib-lcrypto path=lib/llib-lcrypto +file $(MACH32)/llib-lcrypto.ln path=lib/llib-lcrypto.ln +file llib-lssl path=lib/llib-lssl +file $(MACH32)/llib-lssl.ln path=lib/llib-lssl.ln +file $(MACH32)/engines/libdevcrypto.so path=lib/openssl/engines/libdevcrypto.so.1 +link path=lib/openssl/engines/libdevcrypto.so target=libdevcrypto.so.1 +link path=usr/lib/libcrypto.so target=../../lib/libcrypto.so +link path=usr/lib/libcrypto.so.1.0.0 target=../../lib/libcrypto.so.1.0.0 +link path=usr/lib/libssl.so target=../../lib/libssl.so +link path=usr/lib/libssl.so.1.0.0 target=../../lib/libssl.so.1.0.0 +# 64 bit libraries, lint libraries, and engines. +file $(MACH64)/libcrypto.so.1.0.0 path=lib/$(MACH64)/libcrypto.so.1.0.0 +link path=lib/$(MACH64)/libcrypto.so target=libcrypto.so.1.0.0 +file $(MACH64)/libssl.so.1.0.0 path=lib/$(MACH64)/libssl.so.1.0.0 +link path=lib/$(MACH64)/libssl.so target=libssl.so.1.0.0 +file llib-lcrypto path=lib/$(MACH64)/llib-lcrypto +file $(MACH64)/llib-lcrypto.ln path=lib/$(MACH64)/llib-lcrypto.ln +file llib-lssl path=lib/$(MACH64)/llib-lssl +file $(MACH64)/llib-lssl.ln path=lib/$(MACH64)/llib-lssl.ln +file $(MACH64)/engines/libdevcrypto.so path=lib/openssl/engines/$(MACH64)/libdevcrypto.so.1 +link path=lib/openssl/engines/$(MACH64)/libdevcrypto.so target=libdevcrypto.so.1 +link path=usr/lib/$(MACH64)/libcrypto.so target=../../../lib/$(MACH64)/libcrypto.so +link path=usr/lib/$(MACH64)/libcrypto.so.1.0.0 target=../../../lib/$(MACH64)/libcrypto.so.1.0.0 +link path=usr/lib/$(MACH64)/libssl.so target=../../../lib/$(MACH64)/libssl.so +link path=usr/lib/$(MACH64)/libssl.so.1.0.0 target=../../../lib/$(MACH64)/libssl.so.1.0.0 +# Header and pkg files. +dir path=usr/include +dir path=usr/include/openssl +dir path=usr/lib/pkgconfig +dir path=usr/lib/$(MACH64)/pkgconfig +file $(MACH32)/openssl.pc path=usr/lib/pkgconfig/openssl.pc +file $(MACH64)/openssl.pc path=usr/lib/$(MACH64)/pkgconfig/openssl.pc +file path=usr/include/openssl/aes.h +file path=usr/include/openssl/asn1.h +file path=usr/include/openssl/asn1_mac.h +file path=usr/include/openssl/asn1t.h +file path=usr/include/openssl/bio.h +file path=usr/include/openssl/blowfish.h +file path=usr/include/openssl/bn.h +file path=usr/include/openssl/buffer.h +file path=usr/include/openssl/camellia.h +file path=usr/include/openssl/cast.h +file path=usr/include/openssl/cms.h +file path=usr/include/openssl/comp.h +file path=usr/include/openssl/conf.h +file path=usr/include/openssl/conf_api.h +file path=usr/include/openssl/crypto.h +file path=usr/include/openssl/des.h +file path=usr/include/openssl/des_old.h +file path=usr/include/openssl/dh.h +file path=usr/include/openssl/dsa.h +file path=usr/include/openssl/dso.h +file path=usr/include/openssl/dtls1.h +file path=usr/include/openssl/e_os2.h +file path=usr/include/openssl/ebcdic.h +file path=usr/include/openssl/engine.h +file path=usr/include/openssl/err.h +file path=usr/include/openssl/evp.h +file path=usr/include/openssl/hmac.h +file path=usr/include/openssl/krb5_asn.h +file path=usr/include/openssl/kssl.h +file path=usr/include/openssl/lhash.h +file path=usr/include/openssl/md2.h +file path=usr/include/openssl/md4.h +file path=usr/include/openssl/md5.h +file path=usr/include/openssl/modes.h +file path=usr/include/openssl/obj_mac.h +file path=usr/include/openssl/objects.h +file path=usr/include/openssl/ocsp.h +# A special case. This header file is patched but possibly overwritten in the +# proto are with the 64 bit install. We must use the one from the 32 bit build +# which is the one we have a patch for. +file $(MACH32)/include/openssl/opensslconf.h path=usr/include/openssl/opensslconf.h +file path=usr/include/openssl/opensslv.h +file path=usr/include/openssl/ossl_typ.h +file path=usr/include/openssl/pem.h +file path=usr/include/openssl/pem2.h +file path=usr/include/openssl/pkcs12.h +file path=usr/include/openssl/pkcs7.h +file path=usr/include/openssl/pqueue.h +file path=usr/include/openssl/rand.h +file path=usr/include/openssl/rc2.h +file path=usr/include/openssl/rc4.h +file path=usr/include/openssl/ripemd.h +file path=usr/include/openssl/rsa.h +file path=usr/include/openssl/safestack.h +file path=usr/include/openssl/sha.h +file path=usr/include/openssl/srtp.h +file path=usr/include/openssl/ssl.h +file path=usr/include/openssl/ssl2.h +file path=usr/include/openssl/ssl23.h +file path=usr/include/openssl/ssl3.h +file path=usr/include/openssl/stack.h +file path=usr/include/openssl/symhacks.h +file path=usr/include/openssl/tls1.h +file path=usr/include/openssl/ts.h +file path=usr/include/openssl/txt_db.h +file path=usr/include/openssl/ui.h +file path=usr/include/openssl/ui_compat.h +file path=usr/include/openssl/x509.h +file path=usr/include/openssl/x509_vfy.h +file path=usr/include/openssl/x509v3.h +# Wanboot static standalone openssl binaries +dir path=/lib +dir path=/lib/openssl +dir path=/lib/openssl/wanboot +dir path=/lib/openssl/wanboot/$(MACH64) +file path=/lib/openssl/wanboot/$(MACH64)/wanboot-openssl.o \ + variant.arch=sparc \ + pkg.depend.bypass-generate=.* \ + pkg.linted.userland.action001=true +# Manual pages. +dir path=usr/share +dir path=usr/share/man +dir path=usr/share/man/man1openssl +dir path=usr/share/man/man3openssl +dir path=usr/share/man/man5openssl +dir path=usr/share/man/man7openssl +file path=usr/share/man/man1openssl/CA.pl.1openssl +file path=usr/share/man/man1openssl/asn1parse.1openssl +file path=usr/share/man/man1openssl/ca.1openssl +file path=usr/share/man/man1openssl/ciphers.1openssl +file path=usr/share/man/man1openssl/crl.1openssl +file path=usr/share/man/man1openssl/crl2pkcs7.1openssl +file path=usr/share/man/man1openssl/dgst.1openssl +file path=usr/share/man/man1openssl/dhparam.1openssl +file path=usr/share/man/man1openssl/dsa.1openssl +file path=usr/share/man/man1openssl/dsaparam.1openssl +file path=usr/share/man/man1openssl/ec.1openssl +file path=usr/share/man/man1openssl/ecparam.1openssl +file path=usr/share/man/man1openssl/enc.1openssl +file path=usr/share/man/man1openssl/errstr.1openssl +file path=usr/share/man/man1openssl/gendsa.1openssl +file path=usr/share/man/man1openssl/genrsa.1openssl +file path=usr/share/man/man1openssl/nseq.1openssl +file path=usr/share/man/man1openssl/ocsp.1openssl +file path=usr/share/man/man1openssl/openssl.1openssl +file path=usr/share/man/man1openssl/passwd.1openssl +file path=usr/share/man/man1openssl/pkcs12.1openssl +file path=usr/share/man/man1openssl/pkcs7.1openssl +file path=usr/share/man/man1openssl/pkcs8.1openssl +file path=usr/share/man/man1openssl/rand.1openssl +file path=usr/share/man/man1openssl/req.1openssl +file path=usr/share/man/man1openssl/rsa.1openssl +file path=usr/share/man/man1openssl/rsautl.1openssl +file path=usr/share/man/man1openssl/s_client.1openssl +file path=usr/share/man/man1openssl/s_server.1openssl +file path=usr/share/man/man1openssl/s_time.1openssl +file path=usr/share/man/man1openssl/sess_id.1openssl +file path=usr/share/man/man1openssl/smime.1openssl +file path=usr/share/man/man1openssl/speed.1openssl +file path=usr/share/man/man1openssl/spkac.1openssl +file path=usr/share/man/man1openssl/verify.1openssl +file path=usr/share/man/man1openssl/version.1openssl +file path=usr/share/man/man1openssl/x509.1openssl +file path=usr/share/man/man1openssl/genpkey.1openssl +file path=usr/share/man/man1openssl/pkeyutl.1openssl +file path=usr/share/man/man1openssl/pkey.1openssl +file path=usr/share/man/man1openssl/tsget.1openssl +file path=usr/share/man/man1openssl/cms.1openssl +file path=usr/share/man/man1openssl/ts.1openssl +file path=usr/share/man/man3openssl/ASN1_OBJECT_new.3openssl +file path=usr/share/man/man3openssl/ASN1_STRING_length.3openssl +file path=usr/share/man/man3openssl/ASN1_STRING_new.3openssl +file path=usr/share/man/man3openssl/ASN1_STRING_print_ex.3openssl +file path=usr/share/man/man3openssl/ASN1_generate_nconf.3openssl +file path=usr/share/man/man3openssl/BIO_ctrl.3openssl +file path=usr/share/man/man3openssl/BIO_f_base64.3openssl +file path=usr/share/man/man3openssl/BIO_f_buffer.3openssl +file path=usr/share/man/man3openssl/BIO_f_cipher.3openssl +file path=usr/share/man/man3openssl/BIO_f_md.3openssl +file path=usr/share/man/man3openssl/BIO_f_null.3openssl +file path=usr/share/man/man3openssl/BIO_f_ssl.3openssl +file path=usr/share/man/man3openssl/BIO_find_type.3openssl +file path=usr/share/man/man3openssl/BIO_new.3openssl +file path=usr/share/man/man3openssl/BIO_push.3openssl +file path=usr/share/man/man3openssl/BIO_read.3openssl +file path=usr/share/man/man3openssl/BIO_s_accept.3openssl +file path=usr/share/man/man3openssl/BIO_s_bio.3openssl +file path=usr/share/man/man3openssl/BIO_s_connect.3openssl +file path=usr/share/man/man3openssl/BIO_s_fd.3openssl +file path=usr/share/man/man3openssl/BIO_s_file.3openssl +file path=usr/share/man/man3openssl/BIO_s_mem.3openssl +file path=usr/share/man/man3openssl/BIO_s_null.3openssl +file path=usr/share/man/man3openssl/BIO_s_socket.3openssl +file path=usr/share/man/man3openssl/BIO_set_callback.3openssl +file path=usr/share/man/man3openssl/BIO_should_retry.3openssl +file path=usr/share/man/man3openssl/BN_BLINDING_new.3openssl +file path=usr/share/man/man3openssl/BN_CTX_new.3openssl +file path=usr/share/man/man3openssl/BN_CTX_start.3openssl +file path=usr/share/man/man3openssl/BN_add.3openssl +file path=usr/share/man/man3openssl/BN_add_word.3openssl +file path=usr/share/man/man3openssl/BN_bn2bin.3openssl +file path=usr/share/man/man3openssl/BN_cmp.3openssl +file path=usr/share/man/man3openssl/BN_copy.3openssl +file path=usr/share/man/man3openssl/BN_generate_prime.3openssl +file path=usr/share/man/man3openssl/BN_mod_inverse.3openssl +file path=usr/share/man/man3openssl/BN_mod_mul_montgomery.3openssl +file path=usr/share/man/man3openssl/BN_mod_mul_reciprocal.3openssl +file path=usr/share/man/man3openssl/BN_new.3openssl +file path=usr/share/man/man3openssl/BN_num_bytes.3openssl +file path=usr/share/man/man3openssl/BN_rand.3openssl +file path=usr/share/man/man3openssl/BN_set_bit.3openssl +file path=usr/share/man/man3openssl/BN_swap.3openssl +file path=usr/share/man/man3openssl/BN_zero.3openssl +file path=usr/share/man/man3openssl/CONF_modules_free.3openssl +file path=usr/share/man/man3openssl/CONF_modules_load_file.3openssl +file path=usr/share/man/man3openssl/CRYPTO_set_ex_data.3openssl +file path=usr/share/man/man3openssl/DH_generate_key.3openssl +file path=usr/share/man/man3openssl/DH_generate_parameters.3openssl +file path=usr/share/man/man3openssl/DH_get_ex_new_index.3openssl +file path=usr/share/man/man3openssl/DH_new.3openssl +file path=usr/share/man/man3openssl/DH_set_method.3openssl +file path=usr/share/man/man3openssl/DH_size.3openssl +file path=usr/share/man/man3openssl/DSA_SIG_new.3openssl +file path=usr/share/man/man3openssl/DSA_do_sign.3openssl +file path=usr/share/man/man3openssl/DSA_dup_DH.3openssl +file path=usr/share/man/man3openssl/DSA_generate_key.3openssl +file path=usr/share/man/man3openssl/DSA_generate_parameters.3openssl +file path=usr/share/man/man3openssl/DSA_get_ex_new_index.3openssl +file path=usr/share/man/man3openssl/DSA_new.3openssl +file path=usr/share/man/man3openssl/DSA_set_method.3openssl +file path=usr/share/man/man3openssl/DSA_sign.3openssl +file path=usr/share/man/man3openssl/DSA_size.3openssl +file path=usr/share/man/man3openssl/ERR_GET_LIB.3openssl +file path=usr/share/man/man3openssl/ERR_clear_error.3openssl +file path=usr/share/man/man3openssl/ERR_error_string.3openssl +file path=usr/share/man/man3openssl/ERR_get_error.3openssl +file path=usr/share/man/man3openssl/ERR_load_crypto_strings.3openssl +file path=usr/share/man/man3openssl/ERR_load_strings.3openssl +file path=usr/share/man/man3openssl/ERR_print_errors.3openssl +file path=usr/share/man/man3openssl/ERR_put_error.3openssl +file path=usr/share/man/man3openssl/ERR_remove_state.3openssl +file path=usr/share/man/man3openssl/ERR_set_mark.3openssl +file path=usr/share/man/man3openssl/EVP_BytesToKey.3openssl +file path=usr/share/man/man3openssl/EVP_DigestInit.3openssl +file path=usr/share/man/man3openssl/EVP_EncryptInit.3openssl +file path=usr/share/man/man3openssl/EVP_OpenInit.3openssl +file path=usr/share/man/man3openssl/EVP_PKEY_new.3openssl +file path=usr/share/man/man3openssl/EVP_PKEY_set1_RSA.3openssl +file path=usr/share/man/man3openssl/EVP_SealInit.3openssl +file path=usr/share/man/man3openssl/EVP_SignInit.3openssl +file path=usr/share/man/man3openssl/EVP_VerifyInit.3openssl +file path=usr/share/man/man3openssl/OBJ_nid2obj.3openssl +file path=usr/share/man/man3openssl/OPENSSL_Applink.3openssl +file path=usr/share/man/man3openssl/OPENSSL_VERSION_NUMBER.3openssl +file path=usr/share/man/man3openssl/OPENSSL_config.3openssl +file path=usr/share/man/man3openssl/OPENSSL_ia32cap.3openssl +file path=usr/share/man/man3openssl/OPENSSL_load_builtin_modules.3openssl +file path=usr/share/man/man3openssl/OpenSSL_add_all_algorithms.3openssl +file path=usr/share/man/man3openssl/PKCS12_create.3openssl +file path=usr/share/man/man3openssl/PKCS12_parse.3openssl +file path=usr/share/man/man3openssl/PKCS7_decrypt.3openssl +file path=usr/share/man/man3openssl/PKCS7_encrypt.3openssl +file path=usr/share/man/man3openssl/PKCS7_sign.3openssl +file path=usr/share/man/man3openssl/PKCS7_verify.3openssl +file path=usr/share/man/man3openssl/RAND_add.3openssl +file path=usr/share/man/man3openssl/RAND_bytes.3openssl +file path=usr/share/man/man3openssl/RAND_cleanup.3openssl +file path=usr/share/man/man3openssl/RAND_egd.3openssl +file path=usr/share/man/man3openssl/RAND_load_file.3openssl +file path=usr/share/man/man3openssl/RAND_set_rand_method.3openssl +file path=usr/share/man/man3openssl/RSA_blinding_on.3openssl +file path=usr/share/man/man3openssl/RSA_check_key.3openssl +file path=usr/share/man/man3openssl/RSA_generate_key.3openssl +file path=usr/share/man/man3openssl/RSA_get_ex_new_index.3openssl +file path=usr/share/man/man3openssl/RSA_new.3openssl +file path=usr/share/man/man3openssl/RSA_padding_add_PKCS1_type_1.3openssl +file path=usr/share/man/man3openssl/RSA_print.3openssl +file path=usr/share/man/man3openssl/RSA_private_encrypt.3openssl +file path=usr/share/man/man3openssl/RSA_public_encrypt.3openssl +file path=usr/share/man/man3openssl/RSA_set_method.3openssl +file path=usr/share/man/man3openssl/RSA_sign.3openssl +file path=usr/share/man/man3openssl/RSA_sign_ASN1_OCTET_STRING.3openssl +file path=usr/share/man/man3openssl/RSA_size.3openssl +file path=usr/share/man/man3openssl/SMIME_read_PKCS7.3openssl +file path=usr/share/man/man3openssl/SMIME_write_PKCS7.3openssl +file path=usr/share/man/man3openssl/SSL_CIPHER_get_name.3openssl +file path=usr/share/man/man3openssl/SSL_COMP_add_compression_method.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_add_extra_chain_cert.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_add_session.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_ctrl.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_flush_sessions.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_free.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_get_ex_new_index.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_get_verify_mode.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_load_verify_locations.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_new.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_sess_number.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_sess_set_cache_size.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_sess_set_get_cb.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_sessions.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_set_cert_store.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_set_cert_verify_callback.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_set_cipher_list.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_set_client_CA_list.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_set_client_cert_cb.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_set_default_passwd_cb.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_set_generate_session_id.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_set_info_callback.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_set_max_cert_list.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_set_mode.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_set_msg_callback.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_set_options.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_set_quiet_shutdown.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_set_session_cache_mode.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_set_session_id_context.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_set_ssl_version.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_set_timeout.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_set_tmp_dh_callback.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_set_tmp_rsa_callback.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_set_verify.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_use_certificate.3openssl +file path=usr/share/man/man3openssl/SSL_SESSION_free.3openssl +file path=usr/share/man/man3openssl/SSL_SESSION_get_ex_new_index.3openssl +file path=usr/share/man/man3openssl/SSL_SESSION_get_time.3openssl +file path=usr/share/man/man3openssl/SSL_accept.3openssl +file path=usr/share/man/man3openssl/SSL_alert_type_string.3openssl +file path=usr/share/man/man3openssl/SSL_clear.3openssl +file path=usr/share/man/man3openssl/SSL_connect.3openssl +file path=usr/share/man/man3openssl/SSL_do_handshake.3openssl +file path=usr/share/man/man3openssl/SSL_free.3openssl +file path=usr/share/man/man3openssl/SSL_get_SSL_CTX.3openssl +file path=usr/share/man/man3openssl/SSL_get_ciphers.3openssl +file path=usr/share/man/man3openssl/SSL_get_client_CA_list.3openssl +file path=usr/share/man/man3openssl/SSL_get_current_cipher.3openssl +file path=usr/share/man/man3openssl/SSL_get_default_timeout.3openssl +file path=usr/share/man/man3openssl/SSL_get_error.3openssl +file path=usr/share/man/man3openssl/SSL_get_ex_data_X509_STORE_CTX_idx.3openssl +file path=usr/share/man/man3openssl/SSL_get_ex_new_index.3openssl +file path=usr/share/man/man3openssl/SSL_get_fd.3openssl +file path=usr/share/man/man3openssl/SSL_get_peer_cert_chain.3openssl +file path=usr/share/man/man3openssl/SSL_get_peer_certificate.3openssl +file path=usr/share/man/man3openssl/SSL_get_rbio.3openssl +file path=usr/share/man/man3openssl/SSL_get_session.3openssl +file path=usr/share/man/man3openssl/SSL_get_verify_result.3openssl +file path=usr/share/man/man3openssl/SSL_get_version.3openssl +file path=usr/share/man/man3openssl/SSL_library_init.3openssl +file path=usr/share/man/man3openssl/SSL_load_client_CA_file.3openssl +file path=usr/share/man/man3openssl/SSL_new.3openssl +file path=usr/share/man/man3openssl/SSL_pending.3openssl +file path=usr/share/man/man3openssl/SSL_read.3openssl +file path=usr/share/man/man3openssl/SSL_rstate_string.3openssl +file path=usr/share/man/man3openssl/SSL_session_reused.3openssl +file path=usr/share/man/man3openssl/SSL_set_bio.3openssl +file path=usr/share/man/man3openssl/SSL_set_connect_state.3openssl +file path=usr/share/man/man3openssl/SSL_set_fd.3openssl +file path=usr/share/man/man3openssl/SSL_set_session.3openssl +file path=usr/share/man/man3openssl/SSL_set_shutdown.3openssl +file path=usr/share/man/man3openssl/SSL_set_verify_result.3openssl +file path=usr/share/man/man3openssl/SSL_shutdown.3openssl +file path=usr/share/man/man3openssl/SSL_state_string.3openssl +file path=usr/share/man/man3openssl/SSL_want.3openssl +file path=usr/share/man/man3openssl/SSL_write.3openssl +file path=usr/share/man/man3openssl/X509_NAME_ENTRY_get_object.3openssl +file path=usr/share/man/man3openssl/X509_NAME_add_entry_by_txt.3openssl +file path=usr/share/man/man3openssl/X509_NAME_get_index_by_NID.3openssl +file path=usr/share/man/man3openssl/X509_NAME_print_ex.3openssl +file path=usr/share/man/man3openssl/X509_new.3openssl +file path=usr/share/man/man3openssl/bio.3openssl +file path=usr/share/man/man3openssl/blowfish.3openssl +file path=usr/share/man/man3openssl/bn.3openssl +file path=usr/share/man/man3openssl/bn_internal.3openssl +file path=usr/share/man/man3openssl/buffer.3openssl +file path=usr/share/man/man3openssl/crypto.3openssl +file path=usr/share/man/man3openssl/d2i_ASN1_OBJECT.3openssl +file path=usr/share/man/man3openssl/d2i_DHparams.3openssl +file path=usr/share/man/man3openssl/d2i_DSAPublicKey.3openssl +file path=usr/share/man/man3openssl/d2i_PKCS8PrivateKey.3openssl +file path=usr/share/man/man3openssl/d2i_RSAPublicKey.3openssl +file path=usr/share/man/man3openssl/d2i_X509.3openssl +file path=usr/share/man/man3openssl/d2i_X509_ALGOR.3openssl +file path=usr/share/man/man3openssl/d2i_X509_CRL.3openssl +file path=usr/share/man/man3openssl/d2i_X509_NAME.3openssl +file path=usr/share/man/man3openssl/d2i_X509_REQ.3openssl +file path=usr/share/man/man3openssl/d2i_X509_SIG.3openssl +file path=usr/share/man/man3openssl/des.3openssl +file path=usr/share/man/man3openssl/dh.3openssl +file path=usr/share/man/man3openssl/dsa.3openssl +file path=usr/share/man/man3openssl/ecdsa.3openssl +file path=usr/share/man/man3openssl/engine.3openssl +file path=usr/share/man/man3openssl/err.3openssl +file path=usr/share/man/man3openssl/evp.3openssl +file path=usr/share/man/man3openssl/hmac.3openssl +file path=usr/share/man/man3openssl/lh_stats.3openssl +file path=usr/share/man/man3openssl/lhash.3openssl +file path=usr/share/man/man3openssl/md5.3openssl +file path=usr/share/man/man3openssl/mdc2.3openssl +file path=usr/share/man/man3openssl/pem.3openssl +file path=usr/share/man/man3openssl/rand.3openssl +file path=usr/share/man/man3openssl/rc4.3openssl +file path=usr/share/man/man3openssl/ripemd.3openssl +file path=usr/share/man/man3openssl/rsa.3openssl +file path=usr/share/man/man3openssl/sha.3openssl +file path=usr/share/man/man3openssl/threads.3openssl +file path=usr/share/man/man3openssl/ui.3openssl +file path=usr/share/man/man3openssl/ui_compat.3openssl +file path=usr/share/man/man3openssl/x509.3openssl +file path=usr/share/man/man3openssl/d2i_SSL_SESSION.3openssl +file path=usr/share/man/man3openssl/ssl.3openssl +file path=usr/share/man/man3openssl/CMS_sign.3openssl +file path=usr/share/man/man3openssl/CMS_final.3openssl +file path=usr/share/man/man3openssl/BIO_new_CMS.3openssl +file path=usr/share/man/man1openssl/pkeyparam.1openssl +file path=usr/share/man/man3openssl/CMS_verify.3openssl +file path=usr/share/man/man3openssl/EVP_PKEY_cmp.3openssl +file path=usr/share/man/man3openssl/CMS_decrypt.3openssl +file path=usr/share/man/man3openssl/CMS_encrypt.3openssl +file path=usr/share/man/man3openssl/EVP_PKEY_sign.3openssl +file path=usr/share/man/man3openssl/CMS_add0_cert.3openssl +file path=usr/share/man/man3openssl/CMS_compress.3openssl +file path=usr/share/man/man3openssl/SMIME_read_CMS.3openssl +file path=usr/share/man/man3openssl/CMS_get0_type.3openssl +file path=usr/share/man/man3openssl/SMIME_write_CMS.3openssl +file path=usr/share/man/man3openssl/EVP_PKEY_derive.3openssl +file path=usr/share/man/man3openssl/EVP_PKEY_keygen.3openssl +file path=usr/share/man/man3openssl/EVP_PKEY_verify.3openssl +file path=usr/share/man/man3openssl/EVP_PKEY_CTX_new.3openssl +file path=usr/share/man/man3openssl/CMS_uncompress.3openssl +file path=usr/share/man/man3openssl/X509_STORE_CTX_new.3openssl +file path=usr/share/man/man3openssl/EVP_PKEY_decrypt.3openssl +file path=usr/share/man/man3openssl/EVP_PKEY_CTX_ctrl.3openssl +file path=usr/share/man/man3openssl/EVP_PKEY_encrypt.3openssl +file path=usr/share/man/man3openssl/X509_verify_cert.3openssl +file path=usr/share/man/man3openssl/CMS_sign_receipt.3openssl +file path=usr/share/man/man3openssl/i2d_CMS_bio_stream.3openssl +file path=usr/share/man/man3openssl/EVP_DigestSignInit.3openssl +file path=usr/share/man/man3openssl/CMS_verify_receipt.3openssl +file path=usr/share/man/man3openssl/i2d_PKCS7_bio_stream.3openssl +file path=usr/share/man/man3openssl/CMS_get0_SignerInfos.3openssl +file path=usr/share/man/man3openssl/CMS_sign_add1_signer.3openssl +file path=usr/share/man/man3openssl/EVP_DigestVerifyInit.3openssl +file path=usr/share/man/man3openssl/PKCS7_sign_add_signer.3openssl +file path=usr/share/man/man3openssl/SSL_get_psk_identity.3openssl +file path=usr/share/man/man3openssl/X509_STORE_CTX_get_error.3openssl +file path=usr/share/man/man3openssl/EVP_PKEY_print_private.3openssl +file path=usr/share/man/man3openssl/EVP_PKEY_verify_recover.3openssl +file path=usr/share/man/man3openssl/CMS_get0_RecipientInfos.3openssl +file path=usr/share/man/man3openssl/CMS_get1_ReceiptRequest.3openssl +file path=usr/share/man/man3openssl/CMS_add1_recipient_cert.3openssl +file path=usr/share/man/man3openssl/X509_VERIFY_PARAM_set_flags.3openssl +file path=usr/share/man/man3openssl/PEM_write_bio_CMS_stream.3openssl +file path=usr/share/man/man3openssl/PEM_write_bio_PKCS7_stream.3openssl +file path=usr/share/man/man3openssl/X509_STORE_CTX_set_verify_cb.3openssl +file path=usr/share/man/man3openssl/EVP_PKEY_get_default_digest.3openssl +file path=usr/share/man/man3openssl/X509_STORE_set_verify_cb_func.3openssl +file path=usr/share/man/man3openssl/X509_STORE_CTX_get_ex_new_index.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_use_psk_identity_hint.3openssl +file path=usr/share/man/man3openssl/SSL_CTX_set_psk_client_callback.3openssl +file path=usr/share/man/man5openssl/config.5openssl +file path=usr/share/man/man5openssl/x509v3_config.5openssl +file path=usr/share/man/man7openssl/des_modes.7openssl +link path=usr/share/man/man1openssl/md5.1openssl target=dgst.1openssl +link path=usr/share/man/man1openssl/md4.1openssl target=dgst.1openssl +link path=usr/share/man/man1openssl/md2.1openssl target=dgst.1openssl +link path=usr/share/man/man1openssl/sha1.1openssl target=dgst.1openssl +link path=usr/share/man/man1openssl/sha.1openssl target=dgst.1openssl +link path=usr/share/man/man1openssl/mdc2.1openssl target=dgst.1openssl +link path=usr/share/man/man1openssl/ripemd160.1openssl target=dgst.1openssl +link path=usr/share/man/man3openssl/ASN1_OBJECT_free.3openssl target=ASN1_OBJECT_new.3openssl +link path=usr/share/man/man3openssl/ASN1_STRING_cmp.3openssl target=ASN1_STRING_length.3openssl +link path=usr/share/man/man3openssl/ASN1_STRING_data.3openssl target=ASN1_STRING_length.3openssl +link path=usr/share/man/man3openssl/ASN1_STRING_dup.3openssl target=ASN1_STRING_length.3openssl +link path=usr/share/man/man3openssl/ASN1_STRING_free.3openssl target=ASN1_STRING_new.3openssl +link path=usr/share/man/man3openssl/ASN1_STRING_length_set.3openssl target=ASN1_STRING_length.3openssl +link path=usr/share/man/man3openssl/ASN1_STRING_print_ex_fp.3openssl target=ASN1_STRING_print_ex.3openssl +link path=usr/share/man/man3openssl/ASN1_STRING_set.3openssl target=ASN1_STRING_length.3openssl +link path=usr/share/man/man3openssl/ASN1_STRING_type.3openssl target=ASN1_STRING_length.3openssl +link path=usr/share/man/man3openssl/ASN1_STRING_type_new.3openssl target=ASN1_STRING_new.3openssl +link path=usr/share/man/man3openssl/ASN1_generate_v3.3openssl target=ASN1_generate_nconf.3openssl +link path=usr/share/man/man3openssl/BF_cbc_encrypt.3openssl target=blowfish.3openssl +link path=usr/share/man/man3openssl/BF_cfb64_encrypt.3openssl target=blowfish.3openssl +link path=usr/share/man/man3openssl/BF_decrypt.3openssl target=blowfish.3openssl +link path=usr/share/man/man3openssl/BF_ecb_encrypt.3openssl target=blowfish.3openssl +link path=usr/share/man/man3openssl/BF_encrypt.3openssl target=blowfish.3openssl +link path=usr/share/man/man3openssl/BF_ofb64_encrypt.3openssl target=blowfish.3openssl +link path=usr/share/man/man3openssl/BF_options.3openssl target=blowfish.3openssl +link path=usr/share/man/man3openssl/BF_set_key.3openssl target=blowfish.3openssl +link path=usr/share/man/man3openssl/BIO_append_filename.3openssl target=BIO_s_file.3openssl +link path=usr/share/man/man3openssl/BIO_callback_ctrl.3openssl target=BIO_ctrl.3openssl +link path=usr/share/man/man3openssl/BIO_ctrl_get_read_request.3openssl target=BIO_s_bio.3openssl +link path=usr/share/man/man3openssl/BIO_ctrl_get_write_guarantee.3openssl target=BIO_s_bio.3openssl +link path=usr/share/man/man3openssl/BIO_ctrl_pending.3openssl target=BIO_ctrl.3openssl +link path=usr/share/man/man3openssl/BIO_ctrl_reset_read_request.3openssl target=BIO_s_bio.3openssl +link path=usr/share/man/man3openssl/BIO_ctrl_wpending.3openssl target=BIO_ctrl.3openssl +link path=usr/share/man/man3openssl/BIO_debug_callback.3openssl target=BIO_set_callback.3openssl +link path=usr/share/man/man3openssl/BIO_destroy_bio_pair.3openssl target=BIO_s_bio.3openssl +link path=usr/share/man/man3openssl/BIO_do_accept.3openssl target=BIO_s_accept.3openssl +link path=usr/share/man/man3openssl/BIO_do_connect.3openssl target=BIO_s_connect.3openssl +link path=usr/share/man/man3openssl/BIO_eof.3openssl target=BIO_ctrl.3openssl +link path=usr/share/man/man3openssl/BIO_flush.3openssl target=BIO_ctrl.3openssl +link path=usr/share/man/man3openssl/BIO_free.3openssl target=BIO_new.3openssl +link path=usr/share/man/man3openssl/BIO_free_all.3openssl target=BIO_new.3openssl +link path=usr/share/man/man3openssl/BIO_get_accept_port.3openssl target=BIO_s_accept.3openssl +link path=usr/share/man/man3openssl/BIO_get_bind_mode.3openssl target=BIO_s_accept.3openssl +link path=usr/share/man/man3openssl/BIO_get_callback.3openssl target=BIO_set_callback.3openssl +link path=usr/share/man/man3openssl/BIO_get_callback_arg.3openssl target=BIO_set_callback.3openssl +link path=usr/share/man/man3openssl/BIO_get_cipher_ctx.3openssl target=BIO_f_cipher.3openssl +link path=usr/share/man/man3openssl/BIO_get_cipher_status.3openssl target=BIO_f_cipher.3openssl +link path=usr/share/man/man3openssl/BIO_get_close.3openssl target=BIO_ctrl.3openssl +link path=usr/share/man/man3openssl/BIO_get_conn_hostname.3openssl target=BIO_s_connect.3openssl +link path=usr/share/man/man3openssl/BIO_get_conn_int_port.3openssl target=BIO_s_connect.3openssl +link path=usr/share/man/man3openssl/BIO_get_conn_ip.3openssl target=BIO_s_connect.3openssl +link path=usr/share/man/man3openssl/BIO_get_conn_port.3openssl target=BIO_s_connect.3openssl +link path=usr/share/man/man3openssl/BIO_get_fd.3openssl target=BIO_s_fd.3openssl +link path=usr/share/man/man3openssl/BIO_get_fp.3openssl target=BIO_s_file.3openssl +link path=usr/share/man/man3openssl/BIO_get_info_callback.3openssl target=BIO_ctrl.3openssl +link path=usr/share/man/man3openssl/BIO_get_md.3openssl target=BIO_f_md.3openssl +link path=usr/share/man/man3openssl/BIO_get_md_ctx.3openssl target=BIO_f_md.3openssl +link path=usr/share/man/man3openssl/BIO_get_mem_data.3openssl target=BIO_s_mem.3openssl +link path=usr/share/man/man3openssl/BIO_get_mem_ptr.3openssl target=BIO_s_mem.3openssl +link path=usr/share/man/man3openssl/BIO_get_num_renegotiates.3openssl target=BIO_f_ssl.3openssl +link path=usr/share/man/man3openssl/BIO_get_read_request.3openssl target=BIO_s_bio.3openssl +link path=usr/share/man/man3openssl/BIO_get_retry_BIO.3openssl target=BIO_should_retry.3openssl +link path=usr/share/man/man3openssl/BIO_get_retry_reason.3openssl target=BIO_should_retry.3openssl +link path=usr/share/man/man3openssl/BIO_get_ssl.3openssl target=BIO_f_ssl.3openssl +link path=usr/share/man/man3openssl/BIO_get_write_buf_size.3openssl target=BIO_s_bio.3openssl +link path=usr/share/man/man3openssl/BIO_get_write_guarantee.3openssl target=BIO_s_bio.3openssl +link path=usr/share/man/man3openssl/BIO_gets.3openssl target=BIO_read.3openssl +link path=usr/share/man/man3openssl/BIO_int_ctrl.3openssl target=BIO_ctrl.3openssl +link path=usr/share/man/man3openssl/BIO_make_bio_pair.3openssl target=BIO_s_bio.3openssl +link path=usr/share/man/man3openssl/BIO_new_bio_pair.3openssl target=BIO_s_bio.3openssl +link path=usr/share/man/man3openssl/BIO_new_buffer_ssl_connect.3openssl target=BIO_f_ssl.3openssl +link path=usr/share/man/man3openssl/BIO_new_fd.3openssl target=BIO_s_fd.3openssl +link path=usr/share/man/man3openssl/BIO_new_file.3openssl target=BIO_s_file.3openssl +link path=usr/share/man/man3openssl/BIO_new_fp.3openssl target=BIO_s_file.3openssl +link path=usr/share/man/man3openssl/BIO_new_mem_buf.3openssl target=BIO_s_mem.3openssl +link path=usr/share/man/man3openssl/BIO_new_socket.3openssl target=BIO_s_socket.3openssl +link path=usr/share/man/man3openssl/BIO_new_ssl.3openssl target=BIO_f_ssl.3openssl +link path=usr/share/man/man3openssl/BIO_new_ssl_connect.3openssl target=BIO_f_ssl.3openssl +link path=usr/share/man/man3openssl/BIO_next.3openssl target=BIO_find_type.3openssl +link path=usr/share/man/man3openssl/BIO_pending.3openssl target=BIO_ctrl.3openssl +link path=usr/share/man/man3openssl/BIO_pop.3openssl target=BIO_push.3openssl +link path=usr/share/man/man3openssl/BIO_ptr_ctrl.3openssl target=BIO_ctrl.3openssl +link path=usr/share/man/man3openssl/BIO_puts.3openssl target=BIO_read.3openssl +link path=usr/share/man/man3openssl/BIO_read_filename.3openssl target=BIO_s_file.3openssl +link path=usr/share/man/man3openssl/BIO_reset.3openssl target=BIO_ctrl.3openssl +link path=usr/share/man/man3openssl/BIO_retry_type.3openssl target=BIO_should_retry.3openssl +link path=usr/share/man/man3openssl/BIO_rw_filename.3openssl target=BIO_s_file.3openssl +link path=usr/share/man/man3openssl/BIO_seek.3openssl target=BIO_ctrl.3openssl +link path=usr/share/man/man3openssl/BIO_set.3openssl target=BIO_new.3openssl +link path=usr/share/man/man3openssl/BIO_set_accept_bios.3openssl target=BIO_s_accept.3openssl +link path=usr/share/man/man3openssl/BIO_set_accept_port.3openssl target=BIO_s_accept.3openssl +link path=usr/share/man/man3openssl/BIO_set_bind_mode.3openssl target=BIO_s_accept.3openssl +link path=usr/share/man/man3openssl/BIO_set_callback_arg.3openssl target=BIO_set_callback.3openssl +link path=usr/share/man/man3openssl/BIO_set_cipher.3openssl target=BIO_f_cipher.3openssl +link path=usr/share/man/man3openssl/BIO_set_close.3openssl target=BIO_ctrl.3openssl +link path=usr/share/man/man3openssl/BIO_set_conn_hostname.3openssl target=BIO_s_connect.3openssl +link path=usr/share/man/man3openssl/BIO_set_conn_int_port.3openssl target=BIO_s_connect.3openssl +link path=usr/share/man/man3openssl/BIO_set_conn_ip.3openssl target=BIO_s_connect.3openssl +link path=usr/share/man/man3openssl/BIO_set_conn_port.3openssl target=BIO_s_connect.3openssl +link path=usr/share/man/man3openssl/BIO_set_fd.3openssl target=BIO_s_fd.3openssl +link path=usr/share/man/man3openssl/BIO_set_fp.3openssl target=BIO_s_file.3openssl +link path=usr/share/man/man3openssl/BIO_set_info_callback.3openssl target=BIO_ctrl.3openssl +link path=usr/share/man/man3openssl/BIO_set_md.3openssl target=BIO_f_md.3openssl +link path=usr/share/man/man3openssl/BIO_set_mem_buf.3openssl target=BIO_s_mem.3openssl +link path=usr/share/man/man3openssl/BIO_set_mem_eof_return.3openssl target=BIO_s_mem.3openssl +link path=usr/share/man/man3openssl/BIO_set_nbio.3openssl target=BIO_s_connect.3openssl +link path=usr/share/man/man3openssl/BIO_set_nbio_accept.3openssl target=BIO_s_accept.3openssl +link path=usr/share/man/man3openssl/BIO_set_ssl.3openssl target=BIO_f_ssl.3openssl +link path=usr/share/man/man3openssl/BIO_set_ssl_mode.3openssl target=BIO_f_ssl.3openssl +link path=usr/share/man/man3openssl/BIO_set_ssl_renegotiate_bytes.3openssl target=BIO_f_ssl.3openssl +link path=usr/share/man/man3openssl/BIO_set_ssl_renegotiate_timeout.3openssl target=BIO_f_ssl.3openssl +link path=usr/share/man/man3openssl/BIO_set_write_buf_size.3openssl target=BIO_s_bio.3openssl +link path=usr/share/man/man3openssl/BIO_should_io_special.3openssl target=BIO_should_retry.3openssl +link path=usr/share/man/man3openssl/BIO_should_read.3openssl target=BIO_should_retry.3openssl +link path=usr/share/man/man3openssl/BIO_should_write.3openssl target=BIO_should_retry.3openssl +link path=usr/share/man/man3openssl/BIO_shutdown_wr.3openssl target=BIO_s_bio.3openssl +link path=usr/share/man/man3openssl/BIO_ssl_copy_session_id.3openssl target=BIO_f_ssl.3openssl +link path=usr/share/man/man3openssl/BIO_ssl_shutdown.3openssl target=BIO_f_ssl.3openssl +link path=usr/share/man/man3openssl/BIO_tell.3openssl target=BIO_ctrl.3openssl +link path=usr/share/man/man3openssl/BIO_vfree.3openssl target=BIO_new.3openssl +link path=usr/share/man/man3openssl/BIO_wpending.3openssl target=BIO_ctrl.3openssl +link path=usr/share/man/man3openssl/BIO_write.3openssl target=BIO_read.3openssl +link path=usr/share/man/man3openssl/BIO_write_filename.3openssl target=BIO_s_file.3openssl +link path=usr/share/man/man3openssl/BN_BLINDING_convert.3openssl target=BN_BLINDING_new.3openssl +link path=usr/share/man/man3openssl/BN_BLINDING_convert_ex.3openssl target=BN_BLINDING_new.3openssl +link path=usr/share/man/man3openssl/BN_BLINDING_create_param.3openssl target=BN_BLINDING_new.3openssl +link path=usr/share/man/man3openssl/BN_BLINDING_free.3openssl target=BN_BLINDING_new.3openssl +link path=usr/share/man/man3openssl/BN_BLINDING_get_flags.3openssl target=BN_BLINDING_new.3openssl +link path=usr/share/man/man3openssl/BN_BLINDING_get_thread_id.3openssl target=BN_BLINDING_new.3openssl +link path=usr/share/man/man3openssl/BN_BLINDING_invert.3openssl target=BN_BLINDING_new.3openssl +link path=usr/share/man/man3openssl/BN_BLINDING_invert_ex.3openssl target=BN_BLINDING_new.3openssl +link path=usr/share/man/man3openssl/BN_BLINDING_set_flags.3openssl target=BN_BLINDING_new.3openssl +link path=usr/share/man/man3openssl/BN_BLINDING_set_thread_id.3openssl target=BN_BLINDING_new.3openssl +link path=usr/share/man/man3openssl/BN_BLINDING_update.3openssl target=BN_BLINDING_new.3openssl +link path=usr/share/man/man3openssl/BN_CTX_end.3openssl target=BN_CTX_start.3openssl +link path=usr/share/man/man3openssl/BN_CTX_free.3openssl target=BN_CTX_new.3openssl +link path=usr/share/man/man3openssl/BN_CTX_get.3openssl target=BN_CTX_start.3openssl +link path=usr/share/man/man3openssl/BN_CTX_init.3openssl target=BN_CTX_new.3openssl +link path=usr/share/man/man3openssl/BN_MONT_CTX_copy.3openssl target=BN_mod_mul_montgomery.3openssl +link path=usr/share/man/man3openssl/BN_MONT_CTX_free.3openssl target=BN_mod_mul_montgomery.3openssl +link path=usr/share/man/man3openssl/BN_MONT_CTX_init.3openssl target=BN_mod_mul_montgomery.3openssl +link path=usr/share/man/man3openssl/BN_MONT_CTX_new.3openssl target=BN_mod_mul_montgomery.3openssl +link path=usr/share/man/man3openssl/BN_MONT_CTX_set.3openssl target=BN_mod_mul_montgomery.3openssl +link path=usr/share/man/man3openssl/BN_RECP_CTX_free.3openssl target=BN_mod_mul_reciprocal.3openssl +link path=usr/share/man/man3openssl/BN_RECP_CTX_init.3openssl target=BN_mod_mul_reciprocal.3openssl +link path=usr/share/man/man3openssl/BN_RECP_CTX_new.3openssl target=BN_mod_mul_reciprocal.3openssl +link path=usr/share/man/man3openssl/BN_RECP_CTX_set.3openssl target=BN_mod_mul_reciprocal.3openssl +link path=usr/share/man/man3openssl/BN_bin2bn.3openssl target=BN_bn2bin.3openssl +link path=usr/share/man/man3openssl/BN_bn2dec.3openssl target=BN_bn2bin.3openssl +link path=usr/share/man/man3openssl/BN_bn2hex.3openssl target=BN_bn2bin.3openssl +link path=usr/share/man/man3openssl/BN_bn2mpi.3openssl target=BN_bn2bin.3openssl +link path=usr/share/man/man3openssl/BN_clear.3openssl target=BN_new.3openssl +link path=usr/share/man/man3openssl/BN_clear_bit.3openssl target=BN_set_bit.3openssl +link path=usr/share/man/man3openssl/BN_clear_free.3openssl target=BN_new.3openssl +link path=usr/share/man/man3openssl/BN_dec2bn.3openssl target=BN_bn2bin.3openssl +link path=usr/share/man/man3openssl/BN_div.3openssl target=BN_add.3openssl +link path=usr/share/man/man3openssl/BN_div_recp.3openssl target=BN_mod_mul_reciprocal.3openssl +link path=usr/share/man/man3openssl/BN_div_word.3openssl target=BN_add_word.3openssl +link path=usr/share/man/man3openssl/BN_dup.3openssl target=BN_copy.3openssl +link path=usr/share/man/man3openssl/BN_exp.3openssl target=BN_add.3openssl +link path=usr/share/man/man3openssl/BN_free.3openssl target=BN_new.3openssl +link path=usr/share/man/man3openssl/BN_from_montgomery.3openssl target=BN_mod_mul_montgomery.3openssl +link path=usr/share/man/man3openssl/BN_gcd.3openssl target=BN_add.3openssl +link path=usr/share/man/man3openssl/BN_get_word.3openssl target=BN_zero.3openssl +link path=usr/share/man/man3openssl/BN_hex2bn.3openssl target=BN_bn2bin.3openssl +link path=usr/share/man/man3openssl/BN_init.3openssl target=BN_new.3openssl +link path=usr/share/man/man3openssl/BN_is_bit_set.3openssl target=BN_set_bit.3openssl +link path=usr/share/man/man3openssl/BN_is_odd.3openssl target=BN_cmp.3openssl +link path=usr/share/man/man3openssl/BN_is_one.3openssl target=BN_cmp.3openssl +link path=usr/share/man/man3openssl/BN_is_prime.3openssl target=BN_generate_prime.3openssl +link path=usr/share/man/man3openssl/BN_is_prime_fasttest.3openssl target=BN_generate_prime.3openssl +link path=usr/share/man/man3openssl/BN_is_word.3openssl target=BN_cmp.3openssl +link path=usr/share/man/man3openssl/BN_is_zero.3openssl target=BN_cmp.3openssl +link path=usr/share/man/man3openssl/BN_lshift.3openssl target=BN_set_bit.3openssl +link path=usr/share/man/man3openssl/BN_lshift1.3openssl target=BN_set_bit.3openssl +link path=usr/share/man/man3openssl/BN_mask_bits.3openssl target=BN_set_bit.3openssl +link path=usr/share/man/man3openssl/BN_mod.3openssl target=BN_add.3openssl +link path=usr/share/man/man3openssl/BN_mod_add.3openssl target=BN_add.3openssl +link path=usr/share/man/man3openssl/BN_mod_exp.3openssl target=BN_add.3openssl +link path=usr/share/man/man3openssl/BN_mod_mul.3openssl target=BN_add.3openssl +link path=usr/share/man/man3openssl/BN_mod_sqr.3openssl target=BN_add.3openssl +link path=usr/share/man/man3openssl/BN_mod_sub.3openssl target=BN_add.3openssl +link path=usr/share/man/man3openssl/BN_mod_word.3openssl target=BN_add_word.3openssl +link path=usr/share/man/man3openssl/BN_mpi2bn.3openssl target=BN_bn2bin.3openssl +link path=usr/share/man/man3openssl/BN_mul.3openssl target=BN_add.3openssl +link path=usr/share/man/man3openssl/BN_mul_word.3openssl target=BN_add_word.3openssl +link path=usr/share/man/man3openssl/BN_nnmod.3openssl target=BN_add.3openssl +link path=usr/share/man/man3openssl/BN_num_bits.3openssl target=BN_num_bytes.3openssl +link path=usr/share/man/man3openssl/BN_num_bits_word.3openssl target=BN_num_bytes.3openssl +link path=usr/share/man/man3openssl/BN_one.3openssl target=BN_zero.3openssl +link path=usr/share/man/man3openssl/BN_print.3openssl target=BN_bn2bin.3openssl +link path=usr/share/man/man3openssl/BN_print_fp.3openssl target=BN_bn2bin.3openssl +link path=usr/share/man/man3openssl/BN_pseudo_rand.3openssl target=BN_rand.3openssl +link path=usr/share/man/man3openssl/BN_rshift.3openssl target=BN_set_bit.3openssl +link path=usr/share/man/man3openssl/BN_rshift1.3openssl target=BN_set_bit.3openssl +link path=usr/share/man/man3openssl/BN_set_word.3openssl target=BN_zero.3openssl +link path=usr/share/man/man3openssl/BN_sqr.3openssl target=BN_add.3openssl +link path=usr/share/man/man3openssl/BN_sub.3openssl target=BN_add.3openssl +link path=usr/share/man/man3openssl/BN_sub_word.3openssl target=BN_add_word.3openssl +link path=usr/share/man/man3openssl/BN_to_montgomery.3openssl target=BN_mod_mul_montgomery.3openssl +link path=usr/share/man/man3openssl/BN_ucmp.3openssl target=BN_cmp.3openssl +link path=usr/share/man/man3openssl/BN_value_one.3openssl target=BN_zero.3openssl +link path=usr/share/man/man3openssl/BUF_MEM_free.3openssl target=buffer.3openssl +link path=usr/share/man/man3openssl/BUF_MEM_grow.3openssl target=buffer.3openssl +link path=usr/share/man/man3openssl/BUF_MEM_new.3openssl target=buffer.3openssl +link path=usr/share/man/man3openssl/BUF_strdup.3openssl target=buffer.3openssl +link path=usr/share/man/man3openssl/CONF_modules_finish.3openssl target=CONF_modules_free.3openssl +link path=usr/share/man/man3openssl/CONF_modules_load.3openssl target=CONF_modules_load_file.3openssl +link path=usr/share/man/man3openssl/CONF_modules_unload.3openssl target=CONF_modules_free.3openssl +link path=usr/share/man/man3openssl/CRYPTO_destroy_dynlockid.3openssl target=threads.3openssl +link path=usr/share/man/man3openssl/CRYPTO_get_ex_data.3openssl target=CRYPTO_set_ex_data.3openssl +link path=usr/share/man/man3openssl/CRYPTO_get_new_dynlockid.3openssl target=threads.3openssl +link path=usr/share/man/man3openssl/CRYPTO_lock.3openssl target=threads.3openssl +link path=usr/share/man/man3openssl/CRYPTO_num_locks.3openssl target=threads.3openssl +link path=usr/share/man/man3openssl/CRYPTO_set_dynlock_create_callback.3openssl target=threads.3openssl +link path=usr/share/man/man3openssl/CRYPTO_set_dynlock_destroy_callback.3openssl target=threads.3openssl +link path=usr/share/man/man3openssl/CRYPTO_set_dynlock_lock_callback.3openssl target=threads.3openssl +link path=usr/share/man/man3openssl/CRYPTO_set_locking_callback.3openssl target=threads.3openssl +link path=usr/share/man/man3openssl/DES_cbc_cksum.3openssl target=des.3openssl +link path=usr/share/man/man3openssl/DES_cfb64_encrypt.3openssl target=des.3openssl +link path=usr/share/man/man3openssl/DES_cfb_encrypt.3openssl target=des.3openssl +link path=usr/share/man/man3openssl/DES_crypt.3openssl target=des.3openssl +link path=usr/share/man/man3openssl/DES_ecb2_encrypt.3openssl target=des.3openssl +link path=usr/share/man/man3openssl/DES_ecb3_encrypt.3openssl target=des.3openssl +link path=usr/share/man/man3openssl/DES_ecb_encrypt.3openssl target=des.3openssl +link path=usr/share/man/man3openssl/DES_ede2_cbc_encrypt.3openssl target=des.3openssl +link path=usr/share/man/man3openssl/DES_ede2_cfb64_encrypt.3openssl target=des.3openssl +link path=usr/share/man/man3openssl/DES_ede2_ofb64_encrypt.3openssl target=des.3openssl +link path=usr/share/man/man3openssl/DES_ede3_cbc_encrypt.3openssl target=des.3openssl +link path=usr/share/man/man3openssl/DES_ede3_cbcm_encrypt.3openssl target=des.3openssl +link path=usr/share/man/man3openssl/DES_ede3_cfb64_encrypt.3openssl target=des.3openssl +link path=usr/share/man/man3openssl/DES_ede3_ofb64_encrypt.3openssl target=des.3openssl +link path=usr/share/man/man3openssl/DES_enc_read.3openssl target=des.3openssl +link path=usr/share/man/man3openssl/DES_enc_write.3openssl target=des.3openssl +link path=usr/share/man/man3openssl/DES_fcrypt.3openssl target=des.3openssl +link path=usr/share/man/man3openssl/DES_is_weak_key.3openssl target=des.3openssl +link path=usr/share/man/man3openssl/DES_key_sched.3openssl target=des.3openssl +link path=usr/share/man/man3openssl/DES_ncbc_encrypt.3openssl target=des.3openssl +link path=usr/share/man/man3openssl/DES_ofb64_encrypt.3openssl target=des.3openssl +link path=usr/share/man/man3openssl/DES_ofb_encrypt.3openssl target=des.3openssl +link path=usr/share/man/man3openssl/DES_pcbc_encrypt.3openssl target=des.3openssl +link path=usr/share/man/man3openssl/DES_quad_cksum.3openssl target=des.3openssl +link path=usr/share/man/man3openssl/DES_random_key.3openssl target=des.3openssl +link path=usr/share/man/man3openssl/DES_set_key.3openssl target=des.3openssl +link path=usr/share/man/man3openssl/DES_set_key_checked.3openssl target=des.3openssl +link path=usr/share/man/man3openssl/DES_set_key_unchecked.3openssl target=des.3openssl +link path=usr/share/man/man3openssl/DES_set_odd_parity.3openssl target=des.3openssl +link path=usr/share/man/man3openssl/DES_string_to_2keys.3openssl target=des.3openssl +link path=usr/share/man/man3openssl/DES_string_to_key.3openssl target=des.3openssl +link path=usr/share/man/man3openssl/DES_xcbc_encrypt.3openssl target=des.3openssl +link path=usr/share/man/man3openssl/DH_OpenSSL.3openssl target=DH_set_method.3openssl +link path=usr/share/man/man3openssl/DH_check.3openssl target=DH_generate_parameters.3openssl +link path=usr/share/man/man3openssl/DH_compute_key.3openssl target=DH_generate_key.3openssl +link path=usr/share/man/man3openssl/DH_free.3openssl target=DH_new.3openssl +link path=usr/share/man/man3openssl/DH_get_default_method.3openssl target=DH_set_method.3openssl +link path=usr/share/man/man3openssl/DH_get_ex_data.3openssl target=DH_get_ex_new_index.3openssl +link path=usr/share/man/man3openssl/DH_new_method.3openssl target=DH_set_method.3openssl +link path=usr/share/man/man3openssl/DH_set_default_method.3openssl target=DH_set_method.3openssl +link path=usr/share/man/man3openssl/DH_set_ex_data.3openssl target=DH_get_ex_new_index.3openssl +link path=usr/share/man/man3openssl/DHparams_print.3openssl target=RSA_print.3openssl +link path=usr/share/man/man3openssl/DHparams_print_fp.3openssl target=RSA_print.3openssl +link path=usr/share/man/man3openssl/DSA_OpenSSL.3openssl target=DSA_set_method.3openssl +link path=usr/share/man/man3openssl/DSA_SIG_free.3openssl target=DSA_SIG_new.3openssl +link path=usr/share/man/man3openssl/DSA_do_verify.3openssl target=DSA_do_sign.3openssl +link path=usr/share/man/man3openssl/DSA_free.3openssl target=DSA_new.3openssl +link path=usr/share/man/man3openssl/DSA_get_default_method.3openssl target=DSA_set_method.3openssl +link path=usr/share/man/man3openssl/DSA_get_ex_data.3openssl target=DSA_get_ex_new_index.3openssl +link path=usr/share/man/man3openssl/DSA_new_method.3openssl target=DSA_set_method.3openssl +link path=usr/share/man/man3openssl/DSA_print.3openssl target=RSA_print.3openssl +link path=usr/share/man/man3openssl/DSA_print_fp.3openssl target=RSA_print.3openssl +link path=usr/share/man/man3openssl/DSA_set_default_method.3openssl target=DSA_set_method.3openssl +link path=usr/share/man/man3openssl/DSA_set_ex_data.3openssl target=DSA_get_ex_new_index.3openssl +link path=usr/share/man/man3openssl/DSA_sign_setup.3openssl target=DSA_sign.3openssl +link path=usr/share/man/man3openssl/DSA_verify.3openssl target=DSA_sign.3openssl +link path=usr/share/man/man3openssl/DSAparams_print.3openssl target=RSA_print.3openssl +link path=usr/share/man/man3openssl/DSAparams_print_fp.3openssl target=RSA_print.3openssl +link path=usr/share/man/man3openssl/ERR_GET_FUNC.3openssl target=ERR_GET_LIB.3openssl +link path=usr/share/man/man3openssl/ERR_GET_REASON.3openssl target=ERR_GET_LIB.3openssl +link path=usr/share/man/man3openssl/ERR_PACK.3openssl target=ERR_load_strings.3openssl +link path=usr/share/man/man3openssl/ERR_add_error_data.3openssl target=ERR_put_error.3openssl +link path=usr/share/man/man3openssl/ERR_error_string_n.3openssl target=ERR_error_string.3openssl +link path=usr/share/man/man3openssl/ERR_free_strings.3openssl target=ERR_load_crypto_strings.3openssl +link path=usr/share/man/man3openssl/ERR_func_error_string.3openssl target=ERR_error_string.3openssl +link path=usr/share/man/man3openssl/ERR_get_error_line.3openssl target=ERR_get_error.3openssl +link path=usr/share/man/man3openssl/ERR_get_error_line_data.3openssl target=ERR_get_error.3openssl +link path=usr/share/man/man3openssl/ERR_get_next_error_library.3openssl target=ERR_load_strings.3openssl +link path=usr/share/man/man3openssl/ERR_lib_error_string.3openssl target=ERR_error_string.3openssl +link path=usr/share/man/man3openssl/ERR_load_UI_strings.3openssl target=ui.3openssl +link path=usr/share/man/man3openssl/ERR_peek_error.3openssl target=ERR_get_error.3openssl +link path=usr/share/man/man3openssl/ERR_peek_error_line.3openssl target=ERR_get_error.3openssl +link path=usr/share/man/man3openssl/ERR_peek_error_line_data.3openssl target=ERR_get_error.3openssl +link path=usr/share/man/man3openssl/ERR_peek_last_error.3openssl target=ERR_get_error.3openssl +link path=usr/share/man/man3openssl/ERR_peek_last_error_line.3openssl target=ERR_get_error.3openssl +link path=usr/share/man/man3openssl/ERR_peek_last_error_line_data.3openssl target=ERR_get_error.3openssl +link path=usr/share/man/man3openssl/ERR_pop_to_mark.3openssl target=ERR_set_mark.3openssl +link path=usr/share/man/man3openssl/ERR_print_errors_fp.3openssl target=ERR_print_errors.3openssl +link path=usr/share/man/man3openssl/ERR_reason_error_string.3openssl target=ERR_error_string.3openssl +link path=usr/share/man/man3openssl/EVP_CIPHER_CTX_block_size.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_CIPHER_CTX_cipher.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_CIPHER_CTX_cleanup.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_CIPHER_CTX_ctrl.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_CIPHER_CTX_flags.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_CIPHER_CTX_get_app_data.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_CIPHER_CTX_init.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_CIPHER_CTX_iv_length.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_CIPHER_CTX_key_length.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_CIPHER_CTX_mode.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_CIPHER_CTX_nid.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_CIPHER_CTX_set_app_data.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_CIPHER_CTX_set_key_length.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_CIPHER_CTX_set_padding.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_CIPHER_CTX_type.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_CIPHER_asn1_to_param.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_CIPHER_block_size.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_CIPHER_flags.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_CIPHER_iv_length.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_CIPHER_key_length.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_CIPHER_mode.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_CIPHER_nid.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_CIPHER_param_to_asn1.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_CIPHER_type.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_CipherFinal.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_CipherFinal_ex.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_CipherInit.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_CipherInit_ex.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_CipherUpdate.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_DecryptFinal.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_DecryptFinal_ex.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_DecryptInit.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_DecryptInit_ex.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_DecryptUpdate.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_DigestFinal_ex.3openssl target=EVP_DigestInit.3openssl +link path=usr/share/man/man3openssl/EVP_DigestInit_ex.3openssl target=EVP_DigestInit.3openssl +link path=usr/share/man/man3openssl/EVP_DigestUpdate.3openssl target=EVP_DigestInit.3openssl +link path=usr/share/man/man3openssl/EVP_EncryptFinal.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_EncryptFinal_ex.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_EncryptInit_ex.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_EncryptUpdate.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_MAX_MD_SIZE.3openssl target=EVP_DigestInit.3openssl +link path=usr/share/man/man3openssl/EVP_MD_CTX_block_size.3openssl target=EVP_DigestInit.3openssl +link path=usr/share/man/man3openssl/EVP_MD_CTX_cleanup.3openssl target=EVP_DigestInit.3openssl +link path=usr/share/man/man3openssl/EVP_MD_CTX_copy.3openssl target=EVP_DigestInit.3openssl +link path=usr/share/man/man3openssl/EVP_MD_CTX_copy_ex.3openssl target=EVP_DigestInit.3openssl +link path=usr/share/man/man3openssl/EVP_MD_CTX_create.3openssl target=EVP_DigestInit.3openssl +link path=usr/share/man/man3openssl/EVP_MD_CTX_destroy.3openssl target=EVP_DigestInit.3openssl +link path=usr/share/man/man3openssl/EVP_MD_CTX_init.3openssl target=EVP_DigestInit.3openssl +link path=usr/share/man/man3openssl/EVP_MD_CTX_md.3openssl target=EVP_DigestInit.3openssl +link path=usr/share/man/man3openssl/EVP_MD_CTX_size.3openssl target=EVP_DigestInit.3openssl +link path=usr/share/man/man3openssl/EVP_MD_CTX_type.3openssl target=EVP_DigestInit.3openssl +link path=usr/share/man/man3openssl/EVP_MD_block_size.3openssl target=EVP_DigestInit.3openssl +link path=usr/share/man/man3openssl/EVP_MD_pkey_type.3openssl target=EVP_DigestInit.3openssl +link path=usr/share/man/man3openssl/EVP_MD_size.3openssl target=EVP_DigestInit.3openssl +link path=usr/share/man/man3openssl/EVP_MD_type.3openssl target=EVP_DigestInit.3openssl +link path=usr/share/man/man3openssl/EVP_OpenFinal.3openssl target=EVP_OpenInit.3openssl +link path=usr/share/man/man3openssl/EVP_OpenUpdate.3openssl target=EVP_OpenInit.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_assign_DH.3openssl target=EVP_PKEY_set1_RSA.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_assign_DSA.3openssl target=EVP_PKEY_set1_RSA.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_assign_EC_KEY.3openssl target=EVP_PKEY_set1_RSA.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_assign_RSA.3openssl target=EVP_PKEY_set1_RSA.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_free.3openssl target=EVP_PKEY_new.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_get1_DH.3openssl target=EVP_PKEY_set1_RSA.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_get1_DSA.3openssl target=EVP_PKEY_set1_RSA.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_get1_EC_KEY.3openssl target=EVP_PKEY_set1_RSA.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_get1_RSA.3openssl target=EVP_PKEY_set1_RSA.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_set1_DH.3openssl target=EVP_PKEY_set1_RSA.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_set1_DSA.3openssl target=EVP_PKEY_set1_RSA.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_set1_EC_KEY.3openssl target=EVP_PKEY_set1_RSA.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_type.3openssl target=EVP_PKEY_set1_RSA.3openssl +link path=usr/share/man/man3openssl/EVP_SealFinal.3openssl target=EVP_SealInit.3openssl +link path=usr/share/man/man3openssl/EVP_SealUpdate.3openssl target=EVP_SealInit.3openssl +link path=usr/share/man/man3openssl/EVP_SignFinal.3openssl target=EVP_SignInit.3openssl +link path=usr/share/man/man3openssl/EVP_SignUpdate.3openssl target=EVP_SignInit.3openssl +link path=usr/share/man/man3openssl/EVP_VerifyFinal.3openssl target=EVP_VerifyInit.3openssl +link path=usr/share/man/man3openssl/EVP_VerifyUpdate.3openssl target=EVP_VerifyInit.3openssl +link path=usr/share/man/man3openssl/EVP_dss.3openssl target=EVP_DigestInit.3openssl +link path=usr/share/man/man3openssl/EVP_dss1.3openssl target=EVP_DigestInit.3openssl +link path=usr/share/man/man3openssl/EVP_get_cipherbyname.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_get_cipherbynid.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_get_cipherbyobj.3openssl target=EVP_EncryptInit.3openssl +link path=usr/share/man/man3openssl/EVP_get_digestbyname.3openssl target=EVP_DigestInit.3openssl +link path=usr/share/man/man3openssl/EVP_get_digestbynid.3openssl target=EVP_DigestInit.3openssl +link path=usr/share/man/man3openssl/EVP_get_digestbyobj.3openssl target=EVP_DigestInit.3openssl +link path=usr/share/man/man3openssl/EVP_md2.3openssl target=EVP_DigestInit.3openssl +link path=usr/share/man/man3openssl/EVP_md5.3openssl target=EVP_DigestInit.3openssl +link path=usr/share/man/man3openssl/EVP_md_null.3openssl target=EVP_DigestInit.3openssl +link path=usr/share/man/man3openssl/EVP_mdc2.3openssl target=EVP_DigestInit.3openssl +link path=usr/share/man/man3openssl/EVP_ripemd160.3openssl target=EVP_DigestInit.3openssl +link path=usr/share/man/man3openssl/EVP_sha.3openssl target=EVP_DigestInit.3openssl +link path=usr/share/man/man3openssl/EVP_sha1.3openssl target=EVP_DigestInit.3openssl +link path=usr/share/man/man3openssl/HMAC.3openssl target=hmac.3openssl +link path=usr/share/man/man3openssl/HMAC_CTX_cleanup.3openssl target=hmac.3openssl +link path=usr/share/man/man3openssl/HMAC_CTX_init.3openssl target=hmac.3openssl +link path=usr/share/man/man3openssl/HMAC_Final.3openssl target=hmac.3openssl +link path=usr/share/man/man3openssl/HMAC_Init.3openssl target=hmac.3openssl +link path=usr/share/man/man3openssl/HMAC_Init_ex.3openssl target=hmac.3openssl +link path=usr/share/man/man3openssl/HMAC_Update.3openssl target=hmac.3openssl +link path=usr/share/man/man3openssl/HMAC_cleanup.3openssl target=hmac.3openssl +link path=usr/share/man/man3openssl/MD2.3openssl target=md5.3openssl +link path=usr/share/man/man3openssl/MD2_Final.3openssl target=md5.3openssl +link path=usr/share/man/man3openssl/MD2_Init.3openssl target=md5.3openssl +link path=usr/share/man/man3openssl/MD2_Update.3openssl target=md5.3openssl +link path=usr/share/man/man3openssl/MD4.3openssl target=md5.3openssl +link path=usr/share/man/man3openssl/MD4_Final.3openssl target=md5.3openssl +link path=usr/share/man/man3openssl/MD4_Init.3openssl target=md5.3openssl +link path=usr/share/man/man3openssl/MD4_Update.3openssl target=md5.3openssl +link path=usr/share/man/man3openssl/MD5.3openssl target=md5.3openssl +link path=usr/share/man/man3openssl/MD5_Final.3openssl target=md5.3openssl +link path=usr/share/man/man3openssl/MD5_Init.3openssl target=md5.3openssl +link path=usr/share/man/man3openssl/MD5_Update.3openssl target=md5.3openssl +link path=usr/share/man/man3openssl/MDC2.3openssl target=mdc2.3openssl +link path=usr/share/man/man3openssl/MDC2_Final.3openssl target=mdc2.3openssl +link path=usr/share/man/man3openssl/MDC2_Init.3openssl target=mdc2.3openssl +link path=usr/share/man/man3openssl/MDC2_Update.3openssl target=mdc2.3openssl +link path=usr/share/man/man3openssl/OBJ_cleanup.3openssl target=OBJ_nid2obj.3openssl +link path=usr/share/man/man3openssl/OBJ_cmp.3openssl target=OBJ_nid2obj.3openssl +link path=usr/share/man/man3openssl/OBJ_create.3openssl target=OBJ_nid2obj.3openssl +link path=usr/share/man/man3openssl/OBJ_dup.3openssl target=OBJ_nid2obj.3openssl +link path=usr/share/man/man3openssl/OBJ_ln2nid.3openssl target=OBJ_nid2obj.3openssl +link path=usr/share/man/man3openssl/OBJ_nid2ln.3openssl target=OBJ_nid2obj.3openssl +link path=usr/share/man/man3openssl/OBJ_nid2sn.3openssl target=OBJ_nid2obj.3openssl +link path=usr/share/man/man3openssl/OBJ_obj2nid.3openssl target=OBJ_nid2obj.3openssl +link path=usr/share/man/man3openssl/OBJ_obj2txt.3openssl target=OBJ_nid2obj.3openssl +link path=usr/share/man/man3openssl/OBJ_sn2nid.3openssl target=OBJ_nid2obj.3openssl +link path=usr/share/man/man3openssl/OBJ_txt2nid.3openssl target=OBJ_nid2obj.3openssl +link path=usr/share/man/man3openssl/OBJ_txt2obj.3openssl target=OBJ_nid2obj.3openssl +link path=usr/share/man/man3openssl/OPENSSL_no_config.3openssl target=OPENSSL_config.3openssl +link path=usr/share/man/man3openssl/OpenSSL_add_all_ciphers.3openssl target=OpenSSL_add_all_algorithms.3openssl +link path=usr/share/man/man3openssl/OpenSSL_add_all_digests.3openssl target=OpenSSL_add_all_algorithms.3openssl +link path=usr/share/man/man3openssl/OpenSSL_add_ssl_algorithms.3openssl target=SSL_library_init.3openssl +link path=usr/share/man/man3openssl/PEM.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_read_DHparams.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_read_DSAPrivateKey.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_read_DSA_PUBKEY.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_read_DSAparams.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_read_NETSCAPE_CERT_SEQUENCE.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_read_PKCS7.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_read_PUBKEY.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_read_PrivateKey.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_read_RSAPrivateKey.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_read_RSAPublicKey.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_read_RSA_PUBKEY.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_read_X509.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_read_X509_AUX.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_read_X509_CRL.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_read_X509_REQ.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_read_bio_DHparams.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_read_bio_DSAPrivateKey.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_read_bio_DSA_PUBKEY.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_read_bio_DSAparams.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_read_bio_NETSCAPE_CERT_SEQUENCE.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_read_bio_PKCS7.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_read_bio_PUBKEY.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_read_bio_PrivateKey.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_read_bio_RSAPrivateKey.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_read_bio_RSAPublicKey.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_read_bio_RSA_PUBKEY.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_read_bio_X509.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_read_bio_X509_AUX.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_read_bio_X509_CRL.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_read_bio_X509_REQ.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_DHparams.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_DSAPrivateKey.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_DSA_PUBKEY.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_DSAparams.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_NETSCAPE_CERT_SEQUENCE.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_PKCS7.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_PKCS8PrivateKey.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_PKCS8PrivateKey_nid.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_PUBKEY.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_PrivateKey.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_RSAPrivateKey.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_RSAPublicKey.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_RSA_PUBKEY.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_X509.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_X509_AUX.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_X509_CRL.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_X509_REQ.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_X509_REQ_NEW.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_bio_DHparams.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_bio_DSAPrivateKey.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_bio_DSA_PUBKEY.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_bio_DSAparams.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_bio_NETSCAPE_CERT_SEQUENCE.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_bio_PKCS7.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_bio_PKCS8PrivateKey.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_bio_PKCS8PrivateKey_nid.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_bio_PUBKEY.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_bio_PrivateKey.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_bio_RSAPrivateKey.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_bio_RSAPublicKey.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_bio_RSA_PUBKEY.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_bio_X509.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_bio_X509_AUX.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_bio_X509_CRL.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_bio_X509_REQ.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/PEM_write_bio_X509_REQ_NEW.3openssl target=pem.3openssl +link path=usr/share/man/man3openssl/RAND_SSLeay.3openssl target=RAND_set_rand_method.3openssl +link path=usr/share/man/man3openssl/RAND_event.3openssl target=RAND_add.3openssl +link path=usr/share/man/man3openssl/RAND_file_name.3openssl target=RAND_load_file.3openssl +link path=usr/share/man/man3openssl/RAND_get_rand_method.3openssl target=RAND_set_rand_method.3openssl +link path=usr/share/man/man3openssl/RAND_pseudo_bytes.3openssl target=RAND_bytes.3openssl +link path=usr/share/man/man3openssl/RAND_screen.3openssl target=RAND_add.3openssl +link path=usr/share/man/man3openssl/RAND_seed.3openssl target=RAND_add.3openssl +link path=usr/share/man/man3openssl/RAND_status.3openssl target=RAND_add.3openssl +link path=usr/share/man/man3openssl/RAND_write_file.3openssl target=RAND_load_file.3openssl +link path=usr/share/man/man3openssl/RC4.3openssl target=rc4.3openssl +link path=usr/share/man/man3openssl/RC4_set_key.3openssl target=rc4.3openssl +link path=usr/share/man/man3openssl/RIPEMD160.3openssl target=ripemd.3openssl +link path=usr/share/man/man3openssl/RIPEMD160_Final.3openssl target=ripemd.3openssl +link path=usr/share/man/man3openssl/RIPEMD160_Init.3openssl target=ripemd.3openssl +link path=usr/share/man/man3openssl/RIPEMD160_Update.3openssl target=ripemd.3openssl +link path=usr/share/man/man3openssl/RSA_PKCS1_SSLeay.3openssl target=RSA_set_method.3openssl +link path=usr/share/man/man3openssl/RSA_blinding_off.3openssl target=RSA_blinding_on.3openssl +link path=usr/share/man/man3openssl/RSA_flags.3openssl target=RSA_set_method.3openssl +link path=usr/share/man/man3openssl/RSA_free.3openssl target=RSA_new.3openssl +link path=usr/share/man/man3openssl/RSA_get_default_method.3openssl target=RSA_set_method.3openssl +link path=usr/share/man/man3openssl/RSA_get_ex_data.3openssl target=RSA_get_ex_new_index.3openssl +link path=usr/share/man/man3openssl/RSA_get_method.3openssl target=RSA_set_method.3openssl +link path=usr/share/man/man3openssl/RSA_new_method.3openssl target=RSA_set_method.3openssl +link path=usr/share/man/man3openssl/RSA_null_method.3openssl target=RSA_set_method.3openssl +link path=usr/share/man/man3openssl/RSA_padding_add_PKCS1_OAEP.3openssl target=RSA_padding_add_PKCS1_type_1.3openssl +link path=usr/share/man/man3openssl/RSA_padding_add_PKCS1_type_2.3openssl target=RSA_padding_add_PKCS1_type_1.3openssl +link path=usr/share/man/man3openssl/RSA_padding_add_SSLv23.3openssl target=RSA_padding_add_PKCS1_type_1.3openssl +link path=usr/share/man/man3openssl/RSA_padding_add_none.3openssl target=RSA_padding_add_PKCS1_type_1.3openssl +link path=usr/share/man/man3openssl/RSA_padding_check_PKCS1_OAEP.3openssl target=RSA_padding_add_PKCS1_type_1.3openssl +link path=usr/share/man/man3openssl/RSA_padding_check_PKCS1_type_1.3openssl target=RSA_padding_add_PKCS1_type_1.3openssl +link path=usr/share/man/man3openssl/RSA_padding_check_PKCS1_type_2.3openssl target=RSA_padding_add_PKCS1_type_1.3openssl +link path=usr/share/man/man3openssl/RSA_padding_check_SSLv23.3openssl target=RSA_padding_add_PKCS1_type_1.3openssl +link path=usr/share/man/man3openssl/RSA_padding_check_none.3openssl target=RSA_padding_add_PKCS1_type_1.3openssl +link path=usr/share/man/man3openssl/RSA_print_fp.3openssl target=RSA_print.3openssl +link path=usr/share/man/man3openssl/RSA_private_decrypt.3openssl target=RSA_public_encrypt.3openssl +link path=usr/share/man/man3openssl/RSA_public_decrypt.3openssl target=RSA_private_encrypt.3openssl +link path=usr/share/man/man3openssl/RSA_set_default_method.3openssl target=RSA_set_method.3openssl +link path=usr/share/man/man3openssl/RSA_set_ex_data.3openssl target=RSA_get_ex_new_index.3openssl +link path=usr/share/man/man3openssl/RSA_verify.3openssl target=RSA_sign.3openssl +link path=usr/share/man/man3openssl/RSA_verify_ASN1_OCTET_STRING.3openssl target=RSA_sign_ASN1_OCTET_STRING.3openssl +link path=usr/share/man/man3openssl/SHA1.3openssl target=sha.3openssl +link path=usr/share/man/man3openssl/SHA1_Final.3openssl target=sha.3openssl +link path=usr/share/man/man3openssl/SHA1_Init.3openssl target=sha.3openssl +link path=usr/share/man/man3openssl/SHA1_Update.3openssl target=sha.3openssl +link path=usr/share/man/man3openssl/SSL.3openssl target=ssl.3openssl +link path=usr/share/man/man3openssl/SSL_CIPHER_description.3openssl target=SSL_CIPHER_get_name.3openssl +link path=usr/share/man/man3openssl/SSL_CIPHER_get_bits.3openssl target=SSL_CIPHER_get_name.3openssl +link path=usr/share/man/man3openssl/SSL_CIPHER_get_version.3openssl target=SSL_CIPHER_get_name.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_add_client_CA.3openssl target=SSL_CTX_set_client_CA_list.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_callback_ctrl.3openssl target=SSL_CTX_ctrl.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_check_private_key.3openssl target=SSL_CTX_use_certificate.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_clear_options.3openssl target=SSL_CTX_set_options.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_get_cert_store.3openssl target=SSL_CTX_set_cert_store.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_get_client_CA_list.3openssl target=SSL_get_client_CA_list.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_get_client_cert_cb.3openssl target=SSL_CTX_set_client_cert_cb.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_get_ex_data.3openssl target=SSL_CTX_get_ex_new_index.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_get_info_callback.3openssl target=SSL_CTX_set_info_callback.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_get_max_cert_list.3openssl target=SSL_CTX_set_max_cert_list.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_get_mode.3openssl target=SSL_CTX_set_mode.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_get_options.3openssl target=SSL_CTX_set_options.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_get_quiet_shutdown.3openssl target=SSL_CTX_set_quiet_shutdown.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_get_session_cache_mode.3openssl target=SSL_CTX_set_session_cache_mode.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_get_timeout.3openssl target=SSL_CTX_set_timeout.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_get_verify_callback.3openssl target=SSL_CTX_get_verify_mode.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_get_verify_depth.3openssl target=SSL_CTX_get_verify_mode.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_need_tmp_rsa.3openssl target=SSL_CTX_set_tmp_rsa_callback.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_remove_session.3openssl target=SSL_CTX_add_session.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_sess_accept.3openssl target=SSL_CTX_sess_number.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_sess_accept_good.3openssl target=SSL_CTX_sess_number.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_sess_accept_renegotiate.3openssl target=SSL_CTX_sess_number.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_sess_cache_full.3openssl target=SSL_CTX_sess_number.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_sess_cb_hits.3openssl target=SSL_CTX_sess_number.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_sess_connect.3openssl target=SSL_CTX_sess_number.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_sess_connect_good.3openssl target=SSL_CTX_sess_number.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_sess_connect_renegotiate.3openssl target=SSL_CTX_sess_number.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_sess_get_cache_size.3openssl target=SSL_CTX_sess_set_cache_size.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_sess_get_get_cb.3openssl target=SSL_CTX_sess_set_get_cb.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_sess_get_new_cb.3openssl target=SSL_CTX_sess_set_get_cb.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_sess_get_remove_cb.3openssl target=SSL_CTX_sess_set_get_cb.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_sess_hits.3openssl target=SSL_CTX_sess_number.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_sess_misses.3openssl target=SSL_CTX_sess_number.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_sess_set_new_cb.3openssl target=SSL_CTX_sess_set_get_cb.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_sess_set_remove_cb.3openssl target=SSL_CTX_sess_set_get_cb.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_sess_timeouts.3openssl target=SSL_CTX_sess_number.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_set_default_passwd_cb_userdata.3openssl target=SSL_CTX_set_default_passwd_cb.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_set_ex_data.3openssl target=SSL_CTX_get_ex_new_index.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_set_msg_callback_arg.3openssl target=SSL_CTX_set_msg_callback.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_set_tmp_dh.3openssl target=SSL_CTX_set_tmp_dh_callback.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_set_tmp_rsa.3openssl target=SSL_CTX_set_tmp_rsa_callback.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_set_verify_depth.3openssl target=SSL_CTX_set_verify.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_use_PrivateKey.3openssl target=SSL_CTX_use_certificate.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_use_PrivateKey_ASN1.3openssl target=SSL_CTX_use_certificate.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_use_PrivateKey_file.3openssl target=SSL_CTX_use_certificate.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_use_RSAPrivateKey.3openssl target=SSL_CTX_use_certificate.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_use_RSAPrivateKey_ASN1.3openssl target=SSL_CTX_use_certificate.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_use_RSAPrivateKey_file.3openssl target=SSL_CTX_use_certificate.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_use_certificate_ASN1.3openssl target=SSL_CTX_use_certificate.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_use_certificate_chain_file.3openssl target=SSL_CTX_use_certificate.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_use_certificate_file.3openssl target=SSL_CTX_use_certificate.3openssl +link path=usr/share/man/man3openssl/SSL_SESSION_get_ex_data.3openssl target=SSL_SESSION_get_ex_new_index.3openssl +link path=usr/share/man/man3openssl/SSL_SESSION_get_timeout.3openssl target=SSL_SESSION_get_time.3openssl +link path=usr/share/man/man3openssl/SSL_SESSION_set_ex_data.3openssl target=SSL_SESSION_get_ex_new_index.3openssl +link path=usr/share/man/man3openssl/SSL_SESSION_set_time.3openssl target=SSL_SESSION_get_time.3openssl +link path=usr/share/man/man3openssl/SSL_SESSION_set_timeout.3openssl target=SSL_SESSION_get_time.3openssl +link path=usr/share/man/man3openssl/SSL_add_client_CA.3openssl target=SSL_CTX_set_client_CA_list.3openssl +link path=usr/share/man/man3openssl/SSL_add_session.3openssl target=SSL_CTX_add_session.3openssl +link path=usr/share/man/man3openssl/SSL_alert_desc_string.3openssl target=SSL_alert_type_string.3openssl +link path=usr/share/man/man3openssl/SSL_alert_desc_string_long.3openssl target=SSL_alert_type_string.3openssl +link path=usr/share/man/man3openssl/SSL_alert_type_string_long.3openssl target=SSL_alert_type_string.3openssl +link path=usr/share/man/man3openssl/SSL_callback_ctrl.3openssl target=SSL_CTX_ctrl.3openssl +link path=usr/share/man/man3openssl/SSL_check_private_key.3openssl target=SSL_CTX_use_certificate.3openssl +link path=usr/share/man/man3openssl/SSL_clear_options.3openssl target=SSL_CTX_set_options.3openssl +link path=usr/share/man/man3openssl/SSL_ctrl.3openssl target=SSL_CTX_ctrl.3openssl +link path=usr/share/man/man3openssl/SSL_flush_sessions.3openssl target=SSL_CTX_flush_sessions.3openssl +link path=usr/share/man/man3openssl/SSL_get_accept_state.3openssl target=SSL_set_connect_state.3openssl +link path=usr/share/man/man3openssl/SSL_get_cipher.3openssl target=SSL_get_current_cipher.3openssl +link path=usr/share/man/man3openssl/SSL_get_cipher_bits.3openssl target=SSL_get_current_cipher.3openssl +link path=usr/share/man/man3openssl/SSL_get_cipher_list.3openssl target=SSL_get_ciphers.3openssl +link path=usr/share/man/man3openssl/SSL_get_cipher_name.3openssl target=SSL_get_current_cipher.3openssl +link path=usr/share/man/man3openssl/SSL_get_cipher_version.3openssl target=SSL_get_current_cipher.3openssl +link path=usr/share/man/man3openssl/SSL_get_ex_data.3openssl target=SSL_get_ex_new_index.3openssl +link path=usr/share/man/man3openssl/SSL_get_info_callback.3openssl target=SSL_CTX_set_info_callback.3openssl +link path=usr/share/man/man3openssl/SSL_get_max_cert_list.3openssl target=SSL_CTX_set_max_cert_list.3openssl +link path=usr/share/man/man3openssl/SSL_get_mode.3openssl target=SSL_CTX_set_mode.3openssl +link path=usr/share/man/man3openssl/SSL_get_msg_callback_arg.3openssl target=SSL_CTX_set_msg_callback.3openssl +link path=usr/share/man/man3openssl/SSL_get_options.3openssl target=SSL_CTX_set_options.3openssl +link path=usr/share/man/man3openssl/SSL_get_quiet_shutdown.3openssl target=SSL_CTX_set_quiet_shutdown.3openssl +link path=usr/share/man/man3openssl/SSL_get_secure_renegotiation_support.3openssl target=SSL_CTX_set_options.3openssl +link path=usr/share/man/man3openssl/SSL_get_shutdown.3openssl target=SSL_set_shutdown.3openssl +link path=usr/share/man/man3openssl/SSL_get_ssl_method.3openssl target=SSL_CTX_set_ssl_version.3openssl +link path=usr/share/man/man3openssl/SSL_get_verify_callback.3openssl target=SSL_CTX_get_verify_mode.3openssl +link path=usr/share/man/man3openssl/SSL_get_verify_depth.3openssl target=SSL_CTX_get_verify_mode.3openssl +link path=usr/share/man/man3openssl/SSL_get_verify_mode.3openssl target=SSL_CTX_get_verify_mode.3openssl +link path=usr/share/man/man3openssl/SSL_has_matching_session_id.3openssl target=SSL_CTX_set_generate_session_id.3openssl +link path=usr/share/man/man3openssl/SSL_load_error_strings.3openssl target=ERR_load_crypto_strings.3openssl +link path=usr/share/man/man3openssl/SSL_need_tmp_rsa.3openssl target=SSL_CTX_set_tmp_rsa_callback.3openssl +link path=usr/share/man/man3openssl/SSL_remove_session.3openssl target=SSL_CTX_add_session.3openssl +link path=usr/share/man/man3openssl/SSL_rstate_string_long.3openssl target=SSL_rstate_string.3openssl +link path=usr/share/man/man3openssl/SSL_set_cipher_list.3openssl target=SSL_CTX_set_cipher_list.3openssl +link path=usr/share/man/man3openssl/SSL_set_client_CA_list.3openssl target=SSL_CTX_set_client_CA_list.3openssl +link path=usr/share/man/man3openssl/SSL_set_ex_data.3openssl target=SSL_get_ex_new_index.3openssl +link path=usr/share/man/man3openssl/SSL_set_generate_session_id.3openssl target=SSL_CTX_set_generate_session_id.3openssl +link path=usr/share/man/man3openssl/SSL_set_info_callback.3openssl target=SSL_CTX_set_info_callback.3openssl +link path=usr/share/man/man3openssl/SSL_set_max_cert_list.3openssl target=SSL_CTX_set_max_cert_list.3openssl +link path=usr/share/man/man3openssl/SSL_set_mode.3openssl target=SSL_CTX_set_mode.3openssl +link path=usr/share/man/man3openssl/SSL_set_msg_callback.3openssl target=SSL_CTX_set_msg_callback.3openssl +link path=usr/share/man/man3openssl/SSL_set_options.3openssl target=SSL_CTX_set_options.3openssl +link path=usr/share/man/man3openssl/SSL_set_quiet_shutdown.3openssl target=SSL_CTX_set_quiet_shutdown.3openssl +link path=usr/share/man/man3openssl/SSL_set_session_id_context.3openssl target=SSL_CTX_set_session_id_context.3openssl +link path=usr/share/man/man3openssl/SSL_set_ssl_method.3openssl target=SSL_CTX_set_ssl_version.3openssl +link path=usr/share/man/man3openssl/SSL_set_tmp_dh.3openssl target=SSL_CTX_set_tmp_dh_callback.3openssl +link path=usr/share/man/man3openssl/SSL_set_tmp_dh_callback.3openssl target=SSL_CTX_set_tmp_dh_callback.3openssl +link path=usr/share/man/man3openssl/SSL_set_tmp_rsa.3openssl target=SSL_CTX_set_tmp_rsa_callback.3openssl +link path=usr/share/man/man3openssl/SSL_set_tmp_rsa_callback.3openssl target=SSL_CTX_set_tmp_rsa_callback.3openssl +link path=usr/share/man/man3openssl/SSL_set_verify.3openssl target=SSL_CTX_set_verify.3openssl +link path=usr/share/man/man3openssl/SSL_set_verify_depth.3openssl target=SSL_CTX_set_verify.3openssl +link path=usr/share/man/man3openssl/SSL_state_string_long.3openssl target=SSL_state_string.3openssl +link path=usr/share/man/man3openssl/SSL_use_PrivateKey.3openssl target=SSL_CTX_use_certificate.3openssl +link path=usr/share/man/man3openssl/SSL_use_PrivateKey_ASN1.3openssl target=SSL_CTX_use_certificate.3openssl +link path=usr/share/man/man3openssl/SSL_use_PrivateKey_file.3openssl target=SSL_CTX_use_certificate.3openssl +link path=usr/share/man/man3openssl/SSL_use_RSAPrivateKey.3openssl target=SSL_CTX_use_certificate.3openssl +link path=usr/share/man/man3openssl/SSL_use_RSAPrivateKey_ASN1.3openssl target=SSL_CTX_use_certificate.3openssl +link path=usr/share/man/man3openssl/SSL_use_RSAPrivateKey_file.3openssl target=SSL_CTX_use_certificate.3openssl +link path=usr/share/man/man3openssl/SSL_use_certificate.3openssl target=SSL_CTX_use_certificate.3openssl +link path=usr/share/man/man3openssl/SSL_use_certificate_ASN1.3openssl target=SSL_CTX_use_certificate.3openssl +link path=usr/share/man/man3openssl/SSL_use_certificate_file.3openssl target=SSL_CTX_use_certificate.3openssl +link path=usr/share/man/man3openssl/SSL_want_nothing.3openssl target=SSL_want.3openssl +link path=usr/share/man/man3openssl/SSL_want_read.3openssl target=SSL_want.3openssl +link path=usr/share/man/man3openssl/SSL_want_write.3openssl target=SSL_want.3openssl +link path=usr/share/man/man3openssl/SSL_want_x509_lookup.3openssl target=SSL_want.3openssl +link path=usr/share/man/man3openssl/SSLeay.3openssl target=OPENSSL_VERSION_NUMBER.3openssl +link path=usr/share/man/man3openssl/SSLeay_add_ssl_algorithms.3openssl target=SSL_library_init.3openssl +link path=usr/share/man/man3openssl/SSLeay_version.3openssl target=OPENSSL_VERSION_NUMBER.3openssl +link path=usr/share/man/man3openssl/UI_OpenSSL.3openssl target=ui.3openssl +link path=usr/share/man/man3openssl/UI_add_error_string.3openssl target=ui.3openssl +link path=usr/share/man/man3openssl/UI_add_info_string.3openssl target=ui.3openssl +link path=usr/share/man/man3openssl/UI_add_input_boolean.3openssl target=ui.3openssl +link path=usr/share/man/man3openssl/UI_add_input_string.3openssl target=ui.3openssl +link path=usr/share/man/man3openssl/UI_add_user_data.3openssl target=ui.3openssl +link path=usr/share/man/man3openssl/UI_add_verify_string.3openssl target=ui.3openssl +link path=usr/share/man/man3openssl/UI_construct_prompt.3openssl target=ui.3openssl +link path=usr/share/man/man3openssl/UI_ctrl.3openssl target=ui.3openssl +link path=usr/share/man/man3openssl/UI_dup_error_string.3openssl target=ui.3openssl +link path=usr/share/man/man3openssl/UI_dup_info_string.3openssl target=ui.3openssl +link path=usr/share/man/man3openssl/UI_dup_input_boolean.3openssl target=ui.3openssl +link path=usr/share/man/man3openssl/UI_dup_input_string.3openssl target=ui.3openssl +link path=usr/share/man/man3openssl/UI_dup_verify_string.3openssl target=ui.3openssl +link path=usr/share/man/man3openssl/UI_free.3openssl target=ui.3openssl +link path=usr/share/man/man3openssl/UI_get0_result.3openssl target=ui.3openssl +link path=usr/share/man/man3openssl/UI_get0_user_data.3openssl target=ui.3openssl +link path=usr/share/man/man3openssl/UI_get_default_method.3openssl target=ui.3openssl +link path=usr/share/man/man3openssl/UI_get_method.3openssl target=ui.3openssl +link path=usr/share/man/man3openssl/UI_new.3openssl target=ui.3openssl +link path=usr/share/man/man3openssl/UI_new_method.3openssl target=ui.3openssl +link path=usr/share/man/man3openssl/UI_process.3openssl target=ui.3openssl +link path=usr/share/man/man3openssl/UI_set_default_method.3openssl target=ui.3openssl +link path=usr/share/man/man3openssl/UI_set_method.3openssl target=ui.3openssl +link path=usr/share/man/man3openssl/X509_NAME_ENTRY_create_by_NID.3openssl target=X509_NAME_ENTRY_get_object.3openssl +link path=usr/share/man/man3openssl/X509_NAME_ENTRY_create_by_OBJ.3openssl target=X509_NAME_ENTRY_get_object.3openssl +link path=usr/share/man/man3openssl/X509_NAME_ENTRY_create_by_txt.3openssl target=X509_NAME_ENTRY_get_object.3openssl +link path=usr/share/man/man3openssl/X509_NAME_ENTRY_get_data.3openssl target=X509_NAME_ENTRY_get_object.3openssl +link path=usr/share/man/man3openssl/X509_NAME_ENTRY_set_data.3openssl target=X509_NAME_ENTRY_get_object.3openssl +link path=usr/share/man/man3openssl/X509_NAME_ENTRY_set_object.3openssl target=X509_NAME_ENTRY_get_object.3openssl +link path=usr/share/man/man3openssl/X509_NAME_add_entry.3openssl target=X509_NAME_add_entry_by_txt.3openssl +link path=usr/share/man/man3openssl/X509_NAME_add_entry_by_NID.3openssl target=X509_NAME_add_entry_by_txt.3openssl +link path=usr/share/man/man3openssl/X509_NAME_add_entry_by_OBJ.3openssl target=X509_NAME_add_entry_by_txt.3openssl +link path=usr/share/man/man3openssl/X509_NAME_delete_entry.3openssl target=X509_NAME_add_entry_by_txt.3openssl +link path=usr/share/man/man3openssl/X509_NAME_entry_count.3openssl target=X509_NAME_get_index_by_NID.3openssl +link path=usr/share/man/man3openssl/X509_NAME_get_entry.3openssl target=X509_NAME_get_index_by_NID.3openssl +link path=usr/share/man/man3openssl/X509_NAME_get_index_by_OBJ.3openssl target=X509_NAME_get_index_by_NID.3openssl +link path=usr/share/man/man3openssl/X509_NAME_get_text_by_NID.3openssl target=X509_NAME_get_index_by_NID.3openssl +link path=usr/share/man/man3openssl/X509_NAME_get_text_by_OBJ.3openssl target=X509_NAME_get_index_by_NID.3openssl +link path=usr/share/man/man3openssl/X509_NAME_oneline.3openssl target=X509_NAME_print_ex.3openssl +link path=usr/share/man/man3openssl/X509_NAME_print.3openssl target=X509_NAME_print_ex.3openssl +link path=usr/share/man/man3openssl/X509_NAME_print_ex_fp.3openssl target=X509_NAME_print_ex.3openssl +link path=usr/share/man/man3openssl/X509_free.3openssl target=X509_new.3openssl +link path=usr/share/man/man3openssl/bn_add_words.3openssl target=bn_internal.3openssl +link path=usr/share/man/man3openssl/bn_check_top.3openssl target=bn_internal.3openssl +link path=usr/share/man/man3openssl/bn_cmp_words.3openssl target=bn_internal.3openssl +link path=usr/share/man/man3openssl/bn_div_words.3openssl target=bn_internal.3openssl +link path=usr/share/man/man3openssl/bn_dump.3openssl target=bn_internal.3openssl +link path=usr/share/man/man3openssl/bn_expand.3openssl target=bn_internal.3openssl +link path=usr/share/man/man3openssl/bn_expand2.3openssl target=bn_internal.3openssl +link path=usr/share/man/man3openssl/bn_fix_top.3openssl target=bn_internal.3openssl +link path=usr/share/man/man3openssl/bn_mul_add_words.3openssl target=bn_internal.3openssl +link path=usr/share/man/man3openssl/bn_mul_comba4.3openssl target=bn_internal.3openssl +link path=usr/share/man/man3openssl/bn_mul_comba8.3openssl target=bn_internal.3openssl +link path=usr/share/man/man3openssl/bn_mul_high.3openssl target=bn_internal.3openssl +link path=usr/share/man/man3openssl/bn_mul_low_normal.3openssl target=bn_internal.3openssl +link path=usr/share/man/man3openssl/bn_mul_low_recursive.3openssl target=bn_internal.3openssl +link path=usr/share/man/man3openssl/bn_mul_normal.3openssl target=bn_internal.3openssl +link path=usr/share/man/man3openssl/bn_mul_part_recursive.3openssl target=bn_internal.3openssl +link path=usr/share/man/man3openssl/bn_mul_recursive.3openssl target=bn_internal.3openssl +link path=usr/share/man/man3openssl/bn_mul_words.3openssl target=bn_internal.3openssl +link path=usr/share/man/man3openssl/bn_print.3openssl target=bn_internal.3openssl +link path=usr/share/man/man3openssl/bn_set_high.3openssl target=bn_internal.3openssl +link path=usr/share/man/man3openssl/bn_set_low.3openssl target=bn_internal.3openssl +link path=usr/share/man/man3openssl/bn_set_max.3openssl target=bn_internal.3openssl +link path=usr/share/man/man3openssl/bn_sqr_comba4.3openssl target=bn_internal.3openssl +link path=usr/share/man/man3openssl/bn_sqr_comba8.3openssl target=bn_internal.3openssl +link path=usr/share/man/man3openssl/bn_sqr_normal.3openssl target=bn_internal.3openssl +link path=usr/share/man/man3openssl/bn_sqr_recursive.3openssl target=bn_internal.3openssl +link path=usr/share/man/man3openssl/bn_sqr_words.3openssl target=bn_internal.3openssl +link path=usr/share/man/man3openssl/bn_sub_words.3openssl target=bn_internal.3openssl +link path=usr/share/man/man3openssl/bn_wexpand.3openssl target=bn_internal.3openssl +link path=usr/share/man/man3openssl/d2i_509_CRL_fp.3openssl target=d2i_X509_CRL.3openssl +link path=usr/share/man/man3openssl/d2i_DSAPrivateKey.3openssl target=d2i_DSAPublicKey.3openssl +link path=usr/share/man/man3openssl/d2i_DSA_PUBKEY.3openssl target=d2i_DSAPublicKey.3openssl +link path=usr/share/man/man3openssl/d2i_DSA_SIG.3openssl target=d2i_DSAPublicKey.3openssl +link path=usr/share/man/man3openssl/d2i_Netscape_RSA.3openssl target=d2i_RSAPublicKey.3openssl +link path=usr/share/man/man3openssl/d2i_PKCS8PrivateKey_bio.3openssl target=d2i_PKCS8PrivateKey.3openssl +link path=usr/share/man/man3openssl/d2i_PKCS8PrivateKey_fp.3openssl target=d2i_PKCS8PrivateKey.3openssl +link path=usr/share/man/man3openssl/d2i_RSAPrivateKey.3openssl target=d2i_RSAPublicKey.3openssl +link path=usr/share/man/man3openssl/d2i_RSA_PUBKEY.3openssl target=d2i_RSAPublicKey.3openssl +link path=usr/share/man/man3openssl/d2i_X509_CRL_bio.3openssl target=d2i_X509_CRL.3openssl +link path=usr/share/man/man3openssl/d2i_X509_REQ_bio.3openssl target=d2i_X509_REQ.3openssl +link path=usr/share/man/man3openssl/d2i_X509_REQ_fp.3openssl target=d2i_X509_REQ.3openssl +link path=usr/share/man/man3openssl/d2i_X509_bio.3openssl target=d2i_X509.3openssl +link path=usr/share/man/man3openssl/d2i_X509_fp.3openssl target=d2i_X509.3openssl +link path=usr/share/man/man3openssl/des_read_2passwords.3openssl target=ui_compat.3openssl +link path=usr/share/man/man3openssl/des_read_password.3openssl target=ui_compat.3openssl +link path=usr/share/man/man3openssl/des_read_pw.3openssl target=ui_compat.3openssl +link path=usr/share/man/man3openssl/des_read_pw_string.3openssl target=ui_compat.3openssl +link path=usr/share/man/man3openssl/i2d_ASN1_OBJECT.3openssl target=d2i_ASN1_OBJECT.3openssl +link path=usr/share/man/man3openssl/i2d_DHparams.3openssl target=d2i_DHparams.3openssl +link path=usr/share/man/man3openssl/i2d_DSAPrivateKey.3openssl target=d2i_DSAPublicKey.3openssl +link path=usr/share/man/man3openssl/i2d_DSAPublicKey.3openssl target=d2i_DSAPublicKey.3openssl +link path=usr/share/man/man3openssl/i2d_DSA_PUBKEY.3openssl target=d2i_DSAPublicKey.3openssl +link path=usr/share/man/man3openssl/i2d_DSA_SIG.3openssl target=d2i_DSAPublicKey.3openssl +link path=usr/share/man/man3openssl/i2d_Netscape_RSA.3openssl target=d2i_RSAPublicKey.3openssl +link path=usr/share/man/man3openssl/i2d_PKCS8PrivateKey_bio.3openssl target=d2i_PKCS8PrivateKey.3openssl +link path=usr/share/man/man3openssl/i2d_PKCS8PrivateKey_fp.3openssl target=d2i_PKCS8PrivateKey.3openssl +link path=usr/share/man/man3openssl/i2d_PKCS8PrivateKey_nid_bio.3openssl target=d2i_PKCS8PrivateKey.3openssl +link path=usr/share/man/man3openssl/i2d_PKCS8PrivateKey_nid_fp.3openssl target=d2i_PKCS8PrivateKey.3openssl +link path=usr/share/man/man3openssl/i2d_RSAPrivateKey.3openssl target=d2i_RSAPublicKey.3openssl +link path=usr/share/man/man3openssl/i2d_RSAPublicKey.3openssl target=d2i_RSAPublicKey.3openssl +link path=usr/share/man/man3openssl/i2d_RSA_PUBKEY.3openssl target=d2i_RSAPublicKey.3openssl +link path=usr/share/man/man3openssl/i2d_SSL_SESSION.3openssl target=d2i_SSL_SESSION.3openssl +link path=usr/share/man/man3openssl/i2d_X509.3openssl target=d2i_X509.3openssl +link path=usr/share/man/man3openssl/i2d_X509_ALGOR.3openssl target=d2i_X509_ALGOR.3openssl +link path=usr/share/man/man3openssl/i2d_X509_CRL.3openssl target=d2i_X509_CRL.3openssl +link path=usr/share/man/man3openssl/i2d_X509_CRL_bio.3openssl target=d2i_X509_CRL.3openssl +link path=usr/share/man/man3openssl/i2d_X509_CRL_fp.3openssl target=d2i_X509_CRL.3openssl +link path=usr/share/man/man3openssl/i2d_X509_NAME.3openssl target=d2i_X509_NAME.3openssl +link path=usr/share/man/man3openssl/i2d_X509_REQ.3openssl target=d2i_X509_REQ.3openssl +link path=usr/share/man/man3openssl/i2d_X509_REQ_bio.3openssl target=d2i_X509_REQ.3openssl +link path=usr/share/man/man3openssl/i2d_X509_REQ_fp.3openssl target=d2i_X509_REQ.3openssl +link path=usr/share/man/man3openssl/i2d_X509_SIG.3openssl target=d2i_X509_SIG.3openssl +link path=usr/share/man/man3openssl/i2d_X509_bio.3openssl target=d2i_X509.3openssl +link path=usr/share/man/man3openssl/i2d_X509_fp.3openssl target=d2i_X509.3openssl +link path=usr/share/man/man3openssl/lh_delete.3openssl target=lhash.3openssl +link path=usr/share/man/man3openssl/lh_doall.3openssl target=lhash.3openssl +link path=usr/share/man/man3openssl/lh_doall_arg.3openssl target=lhash.3openssl +link path=usr/share/man/man3openssl/lh_error.3openssl target=lhash.3openssl +link path=usr/share/man/man3openssl/lh_free.3openssl target=lhash.3openssl +link path=usr/share/man/man3openssl/lh_insert.3openssl target=lhash.3openssl +link path=usr/share/man/man3openssl/lh_new.3openssl target=lhash.3openssl +link path=usr/share/man/man3openssl/lh_node_stats.3openssl target=lh_stats.3openssl +link path=usr/share/man/man3openssl/lh_node_stats_bio.3openssl target=lh_stats.3openssl +link path=usr/share/man/man3openssl/lh_node_usage_stats.3openssl target=lh_stats.3openssl +link path=usr/share/man/man3openssl/lh_node_usage_stats_bio.3openssl target=lh_stats.3openssl +link path=usr/share/man/man3openssl/lh_retrieve.3openssl target=lhash.3openssl +link path=usr/share/man/man3openssl/lh_stats_bio.3openssl target=lh_stats.3openssl +link path=usr/share/man/man3openssl/CMS_add0_crl.3openssl target=CMS_add0_cert.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_ctrl.3openssl target=EVP_PKEY_CTX_ctrl.3openssl +link path=usr/share/man/man3openssl/CMS_add1_cert.3openssl target=CMS_add0_cert.3openssl +link path=usr/share/man/man3openssl/CMS_get1_crls.3openssl target=CMS_add0_cert.3openssl +link path=usr/share/man/man3openssl/CMS_get1_certs.3openssl target=CMS_add0_cert.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_CTX_dup.3openssl target=EVP_PKEY_CTX_new.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_CTX_free.3openssl target=EVP_PKEY_CTX_new.3openssl +link path=usr/share/man/man3openssl/CRYPTO_THREADID_cmp.3openssl target=threads.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_paramgen.3openssl target=EVP_PKEY_keygen.3openssl +link path=usr/share/man/man3openssl/CRYPTO_THREADID_cpy.3openssl target=threads.3openssl +link path=usr/share/man/man3openssl/X509_STORE_CTX_free.3openssl target=X509_STORE_CTX_new.3openssl +link path=usr/share/man/man3openssl/X509_STORE_CTX_init.3openssl target=X509_STORE_CTX_new.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_ctrl_str.3openssl target=EVP_PKEY_CTX_ctrl.3openssl +link path=usr/share/man/man3openssl/CRYPTO_THREADID_hash.3openssl target=threads.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_CTX_get_cb.3openssl target=EVP_PKEY_keygen.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_CTX_set_cb.3openssl target=EVP_PKEY_keygen.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_CTX_new_id.3openssl target=EVP_PKEY_CTX_new.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_sign_init.3openssl target=EVP_PKEY_sign.3openssl +link path=usr/share/man/man3openssl/EVP_DigestSignFinal.3openssl target=EVP_DigestSignInit.3openssl +link path=usr/share/man/man3openssl/CMS_SignerInfo_sign.3openssl target=CMS_sign_add1_signer.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_derive_init.3openssl target=EVP_PKEY_derive.3openssl +link path=usr/share/man/man3openssl/X509_STORE_CTX_cleanup.3openssl target=X509_STORE_CTX_new.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_keygen_init.3openssl target=EVP_PKEY_keygen.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_verify_init.3openssl target=EVP_PKEY_verify.3openssl +link path=usr/share/man/man3openssl/EVP_DigestSignUpdate.3openssl target=EVP_DigestSignInit.3openssl +link path=usr/share/man/man3openssl/CRYPTO_THREADID_current.3openssl target=threads.3openssl +link path=usr/share/man/man3openssl/X509_STORE_CTX_set_cert.3openssl target=X509_STORE_CTX_new.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_print_public.3openssl target=EVP_PKEY_print_private.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_decrypt_init.3openssl target=EVP_PKEY_decrypt.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_print_params.3openssl target=EVP_PKEY_print_private.3openssl +link path=usr/share/man/man3openssl/CMS_get0_eContentType.3openssl target=CMS_get0_type.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_encrypt_init.3openssl target=EVP_PKEY_encrypt.3openssl +link path=usr/share/man/man3openssl/CMS_set1_eContentType.3openssl target=CMS_get0_type.3openssl +link path=usr/share/man/man3openssl/EVP_DigestVerifyFinal.3openssl target=EVP_DigestVerifyInit.3openssl +link path=usr/share/man/man3openssl/X509_STORE_CTX_set0_crls.3openssl target=X509_STORE_CTX_new.3openssl +link path=usr/share/man/man3openssl/CMS_set1_signer_certs.3openssl target=CMS_get0_SignerInfos.3openssl +link path=usr/share/man/man3openssl/X509_STORE_CTX_set_chain.3openssl target=X509_STORE_CTX_new.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_paramgen_init.3openssl target=EVP_PKEY_keygen.3openssl +link path=usr/share/man/man3openssl/X509_STORE_CTX_get1_chain.3openssl target=X509_STORE_CTX_get_error.3openssl +link path=usr/share/man/man3openssl/X509_STORE_CTX_set_error.3openssl target=X509_STORE_CTX_get_error.3openssl +link path=usr/share/man/man3openssl/CMS_add0_recipient_key.3openssl target=CMS_add1_recipient_cert.3openssl +link path=usr/share/man/man3openssl/X509_STORE_CTX_get0_param.3openssl target=X509_STORE_CTX_new.3openssl +link path=usr/share/man/man3openssl/X509_STORE_CTX_set0_param.3openssl target=X509_STORE_CTX_new.3openssl +link path=usr/share/man/man3openssl/EVP_DigestVerifyUpdate.3openssl target=EVP_DigestVerifyInit.3openssl +link path=usr/share/man/man3openssl/CMS_RecipientInfo_type.3openssl target=CMS_get0_RecipientInfos.3openssl +link path=usr/share/man/man3openssl/X509_STORE_set_verify_cb.3openssl target=X509_STORE_set_verify_cb_func.3openssl +link path=usr/share/man/man3openssl/CMS_add1_ReceiptRequest.3openssl target=CMS_get1_ReceiptRequest.3openssl +link path=usr/share/man/man3openssl/X509_VERIFY_PARAM_set_time.3openssl target=X509_VERIFY_PARAM_set_flags.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_cmp_parameters.3openssl target=EVP_PKEY_cmp.3openssl +link path=usr/share/man/man3openssl/CMS_SignerInfo_cert_cmp.3openssl target=CMS_get0_SignerInfos.3openssl +link path=usr/share/man/man3openssl/X509_STORE_CTX_get_ex_data.3openssl target=X509_STORE_CTX_get_ex_new_index.3openssl +link path=usr/share/man/man3openssl/X509_VERIFY_PARAM_get_flags.3openssl target=X509_VERIFY_PARAM_set_flags.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_CTX_get_app_data.3openssl target=EVP_PKEY_keygen.3openssl +link path=usr/share/man/man3openssl/X509_VERIFY_PARAM_get_depth.3openssl target=X509_VERIFY_PARAM_set_flags.3openssl +link path=usr/share/man/man3openssl/X509_STORE_CTX_set_ex_data.3openssl target=X509_STORE_CTX_get_ex_new_index.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_derive_set_peer.3openssl target=EVP_PKEY_derive.3openssl +link path=usr/share/man/man3openssl/X509_VERIFY_PARAM_set_depth.3openssl target=X509_VERIFY_PARAM_set_flags.3openssl +link path=usr/share/man/man3openssl/X509_STORE_CTX_set_default.3openssl target=X509_STORE_CTX_new.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_copy_parameters.3openssl target=EVP_PKEY_cmp.3openssl +link path=usr/share/man/man3openssl/X509_VERIFY_PARAM_set_trust.3openssl target=X509_VERIFY_PARAM_set_flags.3openssl +link path=usr/share/man/man3openssl/X509_VERIFY_PARAM_add0_policy.3openssl target=X509_VERIFY_PARAM_set_flags.3openssl +link path=usr/share/man/man3openssl/CRYPTO_THREADID_get_callback.3openssl target=threads.3openssl +link path=usr/share/man/man3openssl/CRYPTO_THREADID_set_callback.3openssl target=threads.3openssl +link path=usr/share/man/man3openssl/CMS_RecipientInfo_decrypt.3openssl target=CMS_get0_RecipientInfos.3openssl +link path=usr/share/man/man3openssl/X509_VERIFY_PARAM_clear_flags.3openssl target=X509_VERIFY_PARAM_set_flags.3openssl +link path=usr/share/man/man3openssl/CMS_RecipientInfo_set0_key.3openssl target=CMS_get0_RecipientInfos.3openssl +link path=usr/share/man/man3openssl/CMS_ReceiptRequest_create0.3openssl target=CMS_get1_ReceiptRequest.3openssl +link path=usr/share/man/man3openssl/X509_STORE_CTX_trusted_stack.3openssl target=X509_STORE_CTX_new.3openssl +link path=usr/share/man/man3openssl/X509_VERIFY_PARAM_set_purpose.3openssl target=X509_VERIFY_PARAM_set_flags.3openssl +link path=usr/share/man/man3openssl/SSL_get_psk_identity_hint.3openssl target=SSL_get_psk_identity.3openssl +link path=usr/share/man/man3openssl/SSL_use_psk_identity_hint.3openssl target=SSL_CTX_use_psk_identity_hint.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_CTX_get_keygen_info.3openssl target=EVP_PKEY_keygen.3openssl +link path=usr/share/man/man3openssl/CMS_RecipientInfo_set0_pkey.3openssl target=CMS_get0_RecipientInfos.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_missing_parameters.3openssl target=EVP_PKEY_cmp.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_verify_recover_init.3openssl target=EVP_PKEY_verify_recover.3openssl +link path=usr/share/man/man3openssl/X509_VERIFY_PARAM_set1_policies.3openssl target=X509_VERIFY_PARAM_set_flags.3openssl +link path=usr/share/man/man3openssl/SSL_set_psk_client_callback.3openssl target=SSL_CTX_set_psk_client_callback.3openssl +link path=usr/share/man/man3openssl/SSL_set_psk_server_callback.3openssl target=SSL_CTX_use_psk_identity_hint.3openssl +link path=usr/share/man/man3openssl/X509_STORE_CTX_get_error_depth.3openssl target=X509_STORE_CTX_get_error.3openssl +link path=usr/share/man/man3openssl/EVP_PKEVP_PKEY_CTX_set_app_data.3openssl target=EVP_PKEY_keygen.3openssl +link path=usr/share/man/man3openssl/CMS_SignerInfo_get0_signer_id.3openssl target=CMS_get0_SignerInfos.3openssl +link path=usr/share/man/man3openssl/X509_STORE_CTX_get_current_cert.3openssl target=X509_STORE_CTX_get_error.3openssl +link path=usr/share/man/man3openssl/X509_verify_cert_error_string.3openssl target=X509_STORE_CTX_get_error.3openssl +link path=usr/share/man/man3openssl/CMS_RecipientInfo_kekri_id_cmp.3openssl target=CMS_get0_RecipientInfos.3openssl +link path=usr/share/man/man3openssl/CMS_ReceiptRequest_get0_values.3openssl target=CMS_get1_ReceiptRequest.3openssl +link path=usr/share/man/man3openssl/EVP_PKEY_get_default_digest_nid.3openssl target=EVP_PKEY_get_default_digest.3openssl +link path=usr/share/man/man3openssl/CMS_RecipientInfo_kekri_get0_id.3openssl target=CMS_get0_RecipientInfos.3openssl +link path=usr/share/man/man3openssl/SSL_CTX_set_psk_server_callback.3openssl target=SSL_CTX_use_psk_identity_hint.3openssl +link path=usr/share/man/man3openssl/CMS_RecipientInfo_ktri_cert_cmp.3openssl target=CMS_get0_RecipientInfos.3openssl +link path=usr/share/man/man3openssl/CMS_RecipientInfo_ktri_get0_signer_id.3openssl target=CMS_get0_RecipientInfos.3openssl +license openssl-1.0.1.license license="OpenSSL, SSLeay" +legacy pkg=SUNWopensslr \ + desc="OpenSSL Libraries (Root)" \ + name="OpenSSL Libraries (Root)" diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/patches-post-config/opensslconf.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/patches-post-config/opensslconf.patch Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,54 @@ +--- /tmp/opensslconf.h Fri Feb 11 15:36:12 2011 ++++ openssl-1.0.0d/crypto/opensslconf.h Fri Feb 11 16:58:36 2011 +@@ -181,7 +181,11 @@ + + #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ + #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) ++#if defined(__sparcv9) || defined(__x86_64) ++#define ENGINESDIR "/lib/openssl/engines/64" ++#else + #define ENGINESDIR "/lib/openssl/engines" ++#endif + #define OPENSSLDIR "/etc/openssl" + #endif + #endif +@@ -228,21 +232,39 @@ + /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a + * %20 speed up (longs are 8 bytes, int's are 4). */ + #ifndef DES_LONG ++#if defined(__sparcv9) || defined(__x86_64) ++#define DES_LONG unsigned int ++#else + #define DES_LONG unsigned long + #endif + #endif ++#endif + + #if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) + #define CONFIG_HEADER_BN_H ++/* ++ * OpenSSL revision 1.521 from 2005-12-15 in OpenSSL_1_0_0-stable branch changed ++ * 64 bit sparcv9 configuration from SIXTY_FOUR_BIT_LONG to BN_LLONG. ++ */ ++#if defined(__x86_64) ++#undef BN_LLONG ++#else + #define BN_LLONG ++#endif + + /* Should we define BN_DIV2W here? */ + + /* Only one for the following should be defined */ ++#if defined(__x86_64) ++#define SIXTY_FOUR_BIT_LONG ++#undef THIRTY_TWO_BIT ++#else + #undef SIXTY_FOUR_BIT_LONG + #undef SIXTY_FOUR_BIT + #define THIRTY_TWO_BIT + #endif ++#undef SIXTY_FOUR_BIT ++#endif + + #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) + #define CONFIG_HEADER_RC4_LOCL_H diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/patches/08-6193522.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/patches/08-6193522.patch Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,54 @@ +diff -ruN openssl-0.9.8a/apps/CA.pl.in openssl-0.9.8a/apps/CA.pl.in +--- openssl-0.9.8a/apps/CA.pl.in 2005-07-04 23:44:22.000000000 +0200 ++++ openssl-0.9.8a/apps/CA.pl.in 2009-04-21 16:08:45.354925289 +0200 +@@ -53,7 +53,7 @@ + $X509="$openssl x509"; + $PKCS12="$openssl pkcs12"; + +-$CATOP="./demoCA"; ++$CATOP="/etc/openssl"; + $CAKEY="cakey.pem"; + $CAREQ="careq.pem"; + $CACERT="cacert.pem"; +diff -ruN openssl-0.9.8a/apps/openssl.cnf openssl-0.9.8a/apps/openssl.cnf +--- openssl-0.9.8a/apps/openssl.cnf 2005-09-16 14:20:24.000000000 +0200 ++++ openssl-0.9.8a/apps/openssl.cnf 2009-04-21 16:07:13.910980196 +0200 +@@ -39,7 +39,7 @@ + #################################################################### + [ CA_default ] + +-dir = ./demoCA # Where everything is kept ++dir = /etc/openssl # Where everything is kept + certs = $dir/certs # Where the issued certs are kept + crl_dir = $dir/crl # Where the issued crl are kept + database = $dir/index.txt # database index file. +@@ -49,7 +49,7 @@ + + certificate = $dir/cacert.pem # The CA certificate + serial = $dir/serial # The current serial number +-crlnumber = $dir/crlnumber # the current crl number ++#crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL + crl = $dir/crl.pem # The current CRL + private_key = $dir/private/cakey.pem# The private key +@@ -126,17 +126,17 @@ + + [ req_distinguished_name ] + countryName = Country Name (2 letter code) +-countryName_default = AU ++#countryName_default = US + countryName_min = 2 + countryName_max = 2 + + stateOrProvinceName = State or Province Name (full name) +-stateOrProvinceName_default = Some-State ++#stateOrProvinceName_default = Some-State + + localityName = Locality Name (eg, city) + + 0.organizationName = Organization Name (eg, company) +-0.organizationName_default = Internet Widgits Pty Ltd ++#0.organizationName_default = Unconfigured OpenSSL Installation + + # we can do this but it is not needed normally :-) + #1.organizationName = Second Organization Name (eg, company) diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/patches/11-6546806.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/patches/11-6546806.patch Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,12 @@ +diff -ruN openssl-0.9.8a/doc/crypto/hmac.pod openssl-0.9.8a/doc/crypto/hmac.pod +--- openssl-0.9.8a/doc/crypto/hmac.pod 2002-07-18 20:54:45.000000000 +0200 ++++ openssl-0.9.8a/doc/crypto/hmac.pod 2009-04-10 11:09:46.449071541 +0200 +@@ -2,7 +2,7 @@ + + =head1 NAME + +-HMAC, HMAC_Init, HMAC_Update, HMAC_Final, HMAC_cleanup - HMAC message ++HMAC, HMAC_CTX_init, HMAC_Init, HMAC_Init_ex, HMAC_Update, HMAC_Final, HMAC_CTX_cleanup, HMAC_cleanup - HMAC message + authentication code + + =head1 SYNOPSIS diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/patches/14-manpage_openssl.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/patches/14-manpage_openssl.patch Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,16 @@ +diff -ruN openssl-0.9.8a/util/extract-section.pl openssl-0.9.8a/util/extract-section.pl +--- openssl-0.9.8a/util/extract-section.pl 2004-11-25 18:47:31.000000000 +0100 ++++ openssl-0.9.8a/util/extract-section.pl 2009-04-08 12:05:03.128230348 +0200 +@@ -3,10 +3,10 @@ + while() { + if (/=for\s+comment\s+openssl_manual_section:(\S+)/) + { +- print "$1\n"; ++ print "${1}openssl\n"; + exit 0; + } + } + +-print "$ARGV[0]\n"; ++print "${ARGV[0]}openssl\n"; + diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/patches/15-pkcs11_engine-0.9.8a.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/patches/15-pkcs11_engine-0.9.8a.patch Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,125 @@ +--- /tmp/Configure Fri Feb 11 14:40:39 2011 ++++ openssl-1.0.0d/Configure Fri Feb 11 14:41:36 2011 +@@ -10,7 +10,7 @@ + + # see INSTALL for instructions. + +-my $usage="Usage: Configure [no- ...] [enable- ...] [experimental- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; ++my $usage="Usage: Configure --pk11-libname=PK11_LIB_LOCATION [no- ...] [enable- ...] [experimental- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; + + # Options: + # +@@ -19,6 +19,9 @@ + # --prefix prefix for the OpenSSL include, lib and bin directories + # (Default: the OPENSSLDIR directory) + # ++# --pk11-libname PKCS#11 library name. ++# (Default: none) ++# + # --install_prefix Additional prefix for package builders (empty by + # default). This needn't be set in advance, you can + # just as well use "make INSTALL_PREFIX=/whatever install". +@@ -657,6 +661,9 @@ + my $idx_arflags = $idx++; + my $idx_multilib = $idx++; + ++# PKCS#11 engine patch ++my $pk11_libname=""; ++ + my $prefix=""; + my $libdir=""; + my $openssldir=""; +@@ -876,6 +879,10 @@ + $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei; + $flags.=$_." "; + } ++ elsif (/^--pk11-libname=(.*)$/) ++ { ++ $pk11_libname=$1; ++ } + elsif (/^--prefix=(.*)$/) + { + $prefix=$1; +@@ -1043,6 +1054,13 @@ + exit 0; + } + ++if (! $pk11_libname) ++ { ++ print STDERR "You must set --pk11-libname for PKCS#11 library.\n"; ++ print STDERR "See README.pkcs11 for more information.\n"; ++ exit 1; ++ } ++ + if ($target =~ m/^CygWin32(-.*)$/) { + $target = "Cygwin".$1; + } +@@ -1209,6 +1226,8 @@ + if ($flags ne "") { $cflags="$flags$cflags"; } + else { $no_user_cflags=1; } + ++$cflags="-DPK11_LIB_LOCATION=\"$pk11_libname\" $cflags"; ++ + # Kerberos settings. The flavor must be provided from outside, either through + # the script "config" or manually. + if (!$no_krb5) +@@ -1598,6 +1617,7 @@ + s/^VERSION=.*/VERSION=$version/; + s/^MAJOR=.*/MAJOR=$major/; + s/^MINOR=.*/MINOR=$minor/; ++ s/^PK11_LIB_LOCATION=.*/PK11_LIB_LOCATION=$pk11_libname/; + s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/; + s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/; + s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/; +--- /tmp/Makefile.org Fri Feb 11 14:41:54 2011 ++++ openssl-1.0.0d/Makefile.org Fri Feb 11 14:38:01 2011 +@@ -26,6 +26,9 @@ + INSTALL_PREFIX= + INSTALLTOP=/usr/local/ssl + ++# You must set this through --pk11-libname configure option. ++PK11_LIB_LOCATION= ++ + # Do not edit this manually. Use Configure --openssldir=DIR do change this! + OPENSSLDIR=/usr/local/ssl + +--- /tmp/Makefile Fri Feb 11 14:42:03 2011 ++++ openssl-1.0.0d/crypto/engine/Makefile Fri Feb 11 14:45:43 2011 +@@ -22,13 +22,13 @@ + tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \ + tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \ + eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c \ +- eng_rsax.c eng_rdrand.c ++ eng_rsax.c eng_rdrand.c hw_pk11.c hw_pk11_pub.c hw_pk11_uri.c + LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \ + eng_table.o eng_pkey.o eng_fat.o eng_all.o \ + tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \ + tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \ + eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o \ +- eng_rsax.o eng_rdrand.o ++ eng_rsax.o eng_rdrand.o hw_pk11.o hw_pk11_pub.o hw_pk11_uri.o + + SRC= $(LIBSRC) + +--- /tmp/eng_all.c Fri Feb 11 14:46:11 2011 ++++ openssl-1.0.0d/crypto/engine/eng_all.c Fri Feb 11 14:38:01 2011 +@@ -80,6 +80,9 @@ + ENGINE_load_rdrand(); + #endif + ENGINE_load_dynamic(); ++#ifndef OPENSSL_NO_HW_PKCS11 ++ ENGINE_load_pk11(); ++#endif + #ifndef OPENSSL_NO_STATIC_ENGINE + #ifndef OPENSSL_NO_HW + #ifndef OPENSSL_NO_HW_4758_CCA +--- /tmp/engine.h Fri Feb 11 14:46:24 2011 ++++ openssl-1.0.0d/crypto/engine/engine.h Fri Feb 11 14:47:32 2011 +@@ -351,6 +351,7 @@ + #endif + #endif + void ENGINE_load_cryptodev(void); ++void ENGINE_load_pk11(void); + void ENGINE_load_rsax(void); + void ENGINE_load_rdrand(void); + void ENGINE_load_builtin_engines(void); diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/patches/18-compiler_opts.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/patches/18-compiler_opts.patch Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,22 @@ +--- openssl-1.0.0d/Configure Thu Feb 10 20:02:41 2011 ++++ /tmp/Configure Thu Feb 10 20:01:51 2011 +@@ -257,6 +257,19 @@ + #"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::", + "sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::", + ++#### Solaris configs, used for OpenSSL as delivered by S11. ++"solaris-x86-cc-sunw","cc:-m32 -xO3 -xspace -Xa::-D_REENTRANT::-lsocket -lnsl -lc:BN_LLONG RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${x86_elf_asm}:dlfcn:solaris-shared:-KPIC:-m32 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign -M/usr/lib/ld/map.noexdata:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++# ++"solaris64-x86_64-cc-sunw","cc:-xO3 -m64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -lc:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR DES_PTR DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign -M/usr/lib/ld/map.noexdata:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++# ++"solaris-sparcv9-cc-sunw","cc:-xtarget=ultra -m32 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -lc:BN_LLONG RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m32 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++# ++"solaris64-sparcv9-cc-sunw","cc:-xtarget=ultra -m64 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -xspace -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -lc:BN_LLONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/bin/ar rs::/64", ++# Option -xF=%all instructs the compiler to place functions and data ++# variables into separate section fragments. This enables the link editor ++# to discard unused sections and files when linking wanboot-openssl.o ++"solaris64-sparcv9-cc-sunw-wanboot","cc:-xtarget=ultra -m64 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -xspace -xF=%all -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl:BN_LLONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/bin/ar rs::/64", ++ + #### IRIX 5.x configs + # -mips2 flag is added by ./config when appropriate. + "irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/patches/20-remove_rpath.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/patches/20-remove_rpath.patch Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,11 @@ +--- /export/openssl/openssl-1.0.0d/Makefile.shared Sat Aug 21 13:36:49 2010 ++++ openssl-1.0.0d/Makefile.shared Mon Feb 14 14:25:51 2011 +@@ -393,7 +393,7 @@ + @ if $(DETECT_GNU_LD); then \ + $(DO_GNU_APP); \ + else \ +- LDFLAGS="$(CFLAGS) -R $(LIBRPATH)"; \ ++ LDFLAGS="$(CFLAGS)"; \ + fi; \ + $(LINK_APP) + diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/patches/23-noexstack.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/patches/23-noexstack.patch Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,21 @@ +--- /tmp/Makefile.shared Mon Feb 14 14:33:05 2011 ++++ openssl-1.0.0d/Makefile.shared Mon Feb 14 14:35:56 2011 +@@ -389,6 +389,7 @@ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \ + fi; \ + $(LINK_SO_A) ++# Make sure the apps have non-executable stacks and data (x86/x64 only). + link_app.solaris: + @ if $(DETECT_GNU_LD); then \ + $(DO_GNU_APP); \ +@@ -395,6 +396,10 @@ + else \ + LDFLAGS="$(CFLAGS)"; \ + fi; \ ++ if expr $(PLATFORM) : '.*x86.*' > /dev/null; then \ ++ LDFLAGS="$${LDFLAGS} -M/usr/lib/ld/map.noexdata"; \ ++ fi; \ ++ LDFLAGS="$${LDFLAGS} -M/usr/lib/ld/map.noexstk -M/usr/lib/ld/map.pagealign"; \ + $(LINK_APP) + + # OpenServer 5 native compilers used diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/patches/27-6978791.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/patches/27-6978791.patch Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,12 @@ +--- /tmp/Makefile.shared Mon Feb 14 14:39:29 2011 ++++ openssl-1.0.0d/Makefile.shared Mon Feb 14 14:50:52 2011 +@@ -387,6 +387,9 @@ + ALLSYMSFLAGS="$${MINUSZ}allextract"; \ + NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \ ++ if [ $(LIBNAME) = "ssl" ]; then \ ++ SHAREDFLAGS="$$SHAREDFLAGS $${MINUSZ}nodelete"; \ ++ fi; \ + fi; \ + $(LINK_SO_A) + # Make sure the apps have non-executable stacks and data (x86/x64 only). diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/patches/28-enginesdir.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/patches/28-enginesdir.patch Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,50 @@ +--- /tmp/18/Configure Fri Feb 11 15:15:50 2011 ++++ openssl-1.0.0d/Configure Fri Feb 11 15:18:09 2011 +@@ -18,6 +18,8 @@ + # --prefix option is given; /usr/local/ssl otherwise) + # --prefix prefix for the OpenSSL include, lib and bin directories + # (Default: the OPENSSLDIR directory) ++# --enginesdir engines shared library location ++# (Default: $prefix/lib/engines) + # + # --pk11-libname PKCS#11 library name. + # (Default: none) +@@ -679,6 +679,7 @@ + my $prefix=""; + my $libdir=""; + my $openssldir=""; ++my $enginesdir=""; + my $exe_ext=""; + my $install_prefix= "$ENV{'INSTALL_PREFIX'}"; + my $cross_compile_prefix=""; +@@ -911,6 +911,10 @@ + { + $openssldir=$1; + } ++ elsif (/^--enginesdir=(.*)$/) ++ { ++ $enginesdir=$1; ++ } + elsif (/^--install.prefix=(.*)$/) + { + $install_prefix=$1; +@@ -1218,6 +1225,10 @@ + # we're ready to tolerate, so don't... + $multilib="" if !-d "$prefix/lib$multilib"; + ++if ($enginesdir eq "") { ++ $enginesdir = "$prefix/lib/engines"; ++} ++ + $libdir="lib$multilib" if $libdir eq ""; + + $cflags = "$cflags$exp_cflags"; +@@ -1837,7 +1848,7 @@ + } + elsif (/^#define\s+ENGINESDIR/) + { +- my $foo = "$prefix/$libdir/engines"; ++ my $foo = "$enginesdir"; + $foo =~ s/\\/\\\\/g; + print OUT "#define ENGINESDIR \"$foo\"\n"; + } diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/patches/29-devcrypto_engine.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/patches/29-devcrypto_engine.patch Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,51 @@ +--- /tmp/Makefile Mon Feb 14 14:59:22 2011 ++++ openssl-1.0.0d/engines/Makefile Mon Feb 14 15:00:35 2011 +@@ -26,7 +26,8 @@ + APPS= + + LIB=$(TOP)/libcrypto.a +-LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock capi ++LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec padlock capi \ ++ devcrypto + + LIBSRC= e_4758cca.c \ + e_aep.c \ +@@ -38,7 +39,8 @@ + e_sureware.c \ + e_ubsec.c \ + e_padlock.c \ +- e_capi.c ++ e_capi.c \ ++ e_devcrypto.c + LIBOBJ= e_4758cca.o \ + e_aep.o \ + e_atalla.o \ +@@ -49,7 +51,8 @@ + e_sureware.o \ + e_ubsec.o \ + e_padlock.o \ +- e_capi.o ++ e_capi.o \ ++ e_devcrypto.o + + SRC= $(LIBSRC) + +@@ -63,7 +66,8 @@ + e_nuron_err.c e_nuron_err.h \ + e_sureware_err.c e_sureware_err.h \ + e_ubsec_err.c e_ubsec_err.h \ +- e_capi_err.c e_capi_err.h ++ e_capi_err.c e_capi_err.h \ ++ e_devcrypto_err.c e_devcrypto_err.h + + ALL= $(GENERAL) $(SRC) $(HEADER) + +@@ -78,7 +82,7 @@ + for l in $(LIBNAMES); do \ + $(MAKE) -f ../Makefile.shared -e \ + LIBNAME=$$l LIBEXTRAS=e_$$l.o \ +- LIBDEPS='-L.. -lcrypto $(EX_LIBS)' \ ++ LIBDEPS='-L.. -lcrypto -lcryptoutil $(EX_LIBS)' \ + link_o.$(SHLIB_TARGET); \ + done; \ + else \ diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/patches/30_wanboot.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/patches/30_wanboot.patch Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,353 @@ +--- openssl-1.0.0g/Makefile.org 2010-01-27 08:06:58.000000000 -0800 ++++ openssl-1.0.0g-1/Makefile.org 2012-03-26 03:04:08.440194448 -0700 +@@ -138,7 +138,13 @@ + + BASEADDR= + ++# For wanboot, we only need crypto and ssl. ++# 'apps' are not patched to work in stand-alone environment anyway. ++ifeq ($(PLATFORM), solaris64-sparcv9-cc-sunw-wanboot) ++DIRS= crypto ssl ++else + DIRS= crypto ssl engines apps test tools ++endif + ENGDIRS= ccgost + SHLIBDIRS= crypto ssl + +--- openssl-1.0.0g/Makefile 2012-01-18 05:42:28.000000000 -0800 ++++ openssl-1.0.0g-1/Makefile 2012-03-26 03:03:59.170540344 -0700 +@@ -137,7 +137,13 @@ + + BASEADDR=0xFB00000 + ++# For wanboot, we only need crypto and ssl. ++# 'apps' are not patched to work in stand-alone environment anyway. ++ifeq ($(PLATFORM), solaris64-sparcv9-cc-sunw-wanboot) ++DIRS= crypto ssl ++else + DIRS= crypto ssl engines apps test tools ++endif + ENGDIRS= ccgost + SHLIBDIRS= crypto ssl + +--- openssl-1.0.0e/crypto/cryptlib.c 2011-06-22 08:39:00.000000000 -0700 ++++ openssl-1.0.0e_patched/crypto/cryptlib.c 2011-12-12 06:17:45.422476900 -0800 +@@ -900,6 +900,10 @@ + MessageBox (NULL,buf,_T("OpenSSL: FATAL"),MB_OK|MB_ICONSTOP); + } + #else ++/* Solaris libsa.a used for WAN boot doesn't provide for vfprintf(). Since ++ * * OPENSSL_showfatal() is not used anywhere else then here we can safely use ++ * * the code from 0.9.7d version. */ ++#ifndef _BOOT + void OPENSSL_showfatal (const char *fmta,...) + { va_list ap; + +@@ -907,14 +911,21 @@ + vfprintf (stderr,fmta,ap); + va_end (ap); + } ++#endif /* _BOOT */ + int OPENSSL_isservice (void) { return 0; } + #endif + + void OpenSSLDie(const char *file,int line,const char *assertion) + { ++#ifndef _BOOT + OPENSSL_showfatal( + "%s(%d): OpenSSL internal error, assertion failed: %s\n", + file,line,assertion); ++#else ++ fprintf(stderr, ++ "%s(%d): OpenSSL internal error, assertion failed: %s\n", ++ file,line,assertion); ++#endif + #if !defined(_WIN32) || defined(__CYGWIN__) + abort(); + #else +--- openssl-1.0.0e/crypto/err/err_all.c 2009-08-09 07:58:05.000000000 -0700 ++++ openssl-1.0.0e_patched/crypto/err/err_all.c 2011-12-13 05:22:01.205351400 -0800 +@@ -148,7 +148,9 @@ + ERR_load_X509V3_strings(); + ERR_load_PKCS12_strings(); + ERR_load_RAND_strings(); ++#ifndef _BOOT + ERR_load_DSO_strings(); ++#endif /* _BOOT */ + ERR_load_TS_strings(); + #ifndef OPENSSL_NO_ENGINE + ERR_load_ENGINE_strings(); +--- openssl-1.0.0e/crypto/evp/evp_key.c 2010-03-27 12:27:50.000000000 -0700 ++++ openssl-1.0.0e_patched/crypto/evp/evp_key.c 2011-12-13 05:19:32.956908600 -0800 +@@ -84,7 +84,7 @@ + else + return(prompt_string); + } +- ++#ifndef _BOOT + /* For historical reasons, the standard function for reading passwords is + * in the DES library -- if someone ever wants to disable DES, + * this function will fail */ +@@ -111,6 +111,7 @@ + OPENSSL_cleanse(buff,BUFSIZ); + return ret; + } ++#endif /* !_BOOT */ + + int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, + const unsigned char *salt, const unsigned char *data, int datal, +--- openssl-1.0.0e/crypto/rand/rand_unix.c 2009-04-06 07:31:36.000000000 -0700 ++++ openssl-1.0.0e_patched/crypto/rand/rand_unix.c 2011-12-19 07:28:39.988944800 -0800 +@@ -122,7 +122,11 @@ + #include + #include + #include ++#ifdef _BOOT ++#include ++#else + #include ++#endif + #include + #include + #if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually everywhere */ +@@ -253,6 +257,11 @@ + const char **egdsocket = NULL; + #endif + ++#ifdef _BOOT ++/* open() is provided by standalone libsa not visible from here */ ++extern int open(const char *, int); ++#endif ++ + #ifdef DEVRANDOM + memset(randomstats,0,sizeof(randomstats)); + /* Use a random entropy pool device. Linux, FreeBSD and OpenBSD +@@ -295,9 +304,13 @@ + { + int try_read = 0; + +-#if defined(OPENSSL_SYS_BEOS_R5) ++#if defined(OPENSSL_SYS_BEOS_R5) || defined(_BOOT) + /* select() is broken in BeOS R5, so we simply + * try to read something and snooze if we couldn't */ ++ /* ++ * select() is not available when linking stand-alone ++ * library for wanboot ++ */ + try_read = 1; + + #elif defined(OPENSSL_SYS_LINUX) +@@ -355,6 +368,7 @@ + else + r = -1; + ++#ifndef _BOOT + /* Some Unixen will update t in select(), some + won't. For those who won't, or if we + didn't use select() in the first place, +@@ -366,13 +380,17 @@ + } + while ((r > 0 || + (errno == EINTR || errno == EAGAIN)) && usec != 0 && n < ENTROPY_NEEDED); ++#else /* _BOOT */ ++ } ++ while (r > 0 && n < ENTROPY_NEEDED); ++#endif /* _BOOT */ + + close(fd); + } + } + #endif /* defined(DEVRANDOM) */ + +-#ifdef DEVRANDOM_EGD ++#if defined(DEVRANDOM_EGD) && !defined(_BOOT) + /* Use an EGD socket to read entropy from an EGD or PRNGD entropy + * collecting daemon. */ + +@@ -395,6 +413,7 @@ + } + #endif + ++#ifndef _BOOT + /* put in some default random data, we need more than just this */ + l=curr_pid; + RAND_add(&l,sizeof(l),0.0); +@@ -403,6 +422,7 @@ + + l=time(NULL); + RAND_add(&l,sizeof(l),0.0); ++#endif /* !_BOOT */ + + #if defined(OPENSSL_SYS_BEOS) + { + +--- openssl-1.0.0e/crypto/rand/randfile.c 2011-03-19 02:44:37.000000000 -0700 ++++ openssl-1.0.0e_patched/crypto/rand/randfile.c 2011-12-13 05:26:51.884824200 -0800 +@@ -57,9 +57,11 @@ + */ + + /* We need to define this to get macros like S_IFBLK and S_IFCHR */ ++#ifndef _BOOT + #if !defined(OPENSSL_SYS_VXWORKS) + #define _XOPEN_SOURCE 500 + #endif ++#endif /* _BOOT */ + + #include + #include +--- openssl-1.0.0e/crypto/x509v3/v3_utl.c 2009-07-27 14:08:53.000000000 -0700 ++++ openssl-1.0.0e_patched/crypto/x509v3/v3_utl.c 2011-12-13 05:10:08.844191400 -0800 +@@ -659,9 +659,52 @@ + } + } + ++#if defined(_BOOT) ++/* This function was copied from bio/b_sock.c */ ++static int get_ip(const char *str, unsigned char ip[4]) ++ { ++ unsigned int tmp[4]; ++ int num=0,c,ok=0; ++ ++ tmp[0]=tmp[1]=tmp[2]=tmp[3]=0; ++ ++ for (;;) ++ { ++ c= *(str++); ++ if ((c >= '0') && (c <= '9')) ++ { ++ ok=1; ++ tmp[num]=tmp[num]*10+c-'0'; ++ if (tmp[num] > 255) return(0); ++ } ++ else if (c == '.') ++ { ++ if (!ok) return(-1); ++ if (num == 3) return(0); ++ num++; ++ ok=0; ++ } ++ else if (c == '\0' && (num == 3) && ok) ++ break; ++ else ++ return(0); ++ } ++ ip[0]=tmp[0]; ++ ip[1]=tmp[1]; ++ ip[2]=tmp[2]; ++ ip[3]=tmp[3]; ++ return(1); ++ } ++#endif /* _BOOT */ ++ + static int ipv4_from_asc(unsigned char *v4, const char *in) + { + int a0, a1, a2, a3; ++ ++#if defined(_BOOT) ++ if (get_ip(in, v4) != 1) ++ return 0; ++#else /* _BOOT */ + if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4) + return 0; + if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255) +@@ -671,6 +716,7 @@ + v4[1] = a1; + v4[2] = a2; + v4[3] = a3; ++#endif /* _BOOT */ + return 1; + } + +--- openssl-1.0.0e/e_os.h 2011-12-19 04:17:51.631087400 -0800 ++++ openssl-1.0.0e_patched/e_os.h 2011-12-19 04:15:15.776668900 -0800 +@@ -206,10 +206,19 @@ + #define get_last_socket_error() errno + #define clear_socket_error() errno=0 + #define ioctlsocket(a,b,c) ioctl(a,b,c) ++#ifdef _BOOT ++#include ++extern int socket_read(int, void *, size_t, int); ++extern int socket_close(int); ++#define closesocket(s) socket_close(s) ++#define readsocket(s,b,n) socket_read((s),(b),(n), 200) ++#define writesocket(s,b,n) send((s),(b),(n), 0) ++#else /* !_BOOT */ + #define closesocket(s) close(s) + #define readsocket(s,b,n) read((s),(b),(n)) + #define writesocket(s,b,n) write((s),(b),(n)) + #endif ++#endif + + #ifdef WIN16 /* never the case */ + # define MS_CALLBACK _far _loadds +--- openssl-1.0.0e/crypto/sparcv9cap.c 2010-09-05 12:48:01.000000000 -0700 ++++ openssl-1.0.0e_patched/crypto/sparcv9cap.c 2011-12-23 05:24:02.011607700 -0800 +@@ -12,7 +12,11 @@ + #define SPARCV9_VIS2 (1<<3) /* reserved */ + #define SPARCV9_FMADD (1<<4) /* reserved for SPARC64 V */ + ++#ifndef _BOOT + static int OPENSSL_sparcv9cap_P=SPARCV9_TICK_PRIVILEGED; ++#else ++static int OPENSSL_sparcv9cap_P = SPARCV9_VIS1; ++#endif + + int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num) + { +@@ -33,6 +37,7 @@ + void _sparcv9_vis2_probe(void); + void _sparcv9_fmadd_probe(void); + ++#ifndef _BOOT + unsigned long OPENSSL_rdtsc(void) + { + if (OPENSSL_sparcv9cap_P&SPARCV9_TICK_PRIVILEGED) +@@ -44,8 +49,19 @@ + else + return _sparcv9_rdtick(); + } ++#endif ++ ++#if defined(_BOOT) ++/* ++ * Hardcoding sparc capabilities for wanboot. ++ * Older CPUs are EOLed anyway. ++ */ ++void OPENSSL_cpuid_setup(void) ++ { ++ OPENSSL_sparcv9cap_P = SPARCV9_VIS1; ++ } + +-#if 0 && defined(__sun) && defined(__SVR4) ++#elif 0 && defined(__sun) && defined(__SVR4) + /* This code path is disabled, because of incompatibility of + * libdevinfo.so.1 and libmalloc.so.1 (see below for details) + */ +--- openssl-1.0.0e/crypto/sparccpuid.S 2010-09-05 12:48:01.000000000 -0700 ++++ openssl-1.0.0e_patched/crypto/sparccpuid.S 2012-02-13 07:42:58.259478325 -0800 +@@ -397,6 +397,11 @@ + .type OPENSSL_cleanse,#function + .size OPENSSL_cleanse,.-OPENSSL_cleanse + ++#ifndef _BOOT + .section ".init",#alloc,#execinstr + call OPENSSL_cpuid_setup + nop ++#else ++ nop ++ nop ++#endif +--- openssl-1.0.1c/crypto/Makefile Thu Aug 2 12:56:38 2012 ++++ openssl-1.0.1c/crypto/Makefile.new Thu Aug 2 12:59:43 2012 +@@ -35,9 +35,9 @@ + LIB= $(TOP)/libcrypto.a + SHARED_LIB= libcrypto$(SHLIB_EXT) + LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c \ +- ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c ++ ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c wanboot-stubs.c + LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o \ +- uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o $(CPUID_OBJ) ++ uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o wanboot-stubs.o $(CPUID_OBJ) + + SRC= $(LIBSRC) + diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/patches/31_dtls_version.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/patches/31_dtls_version.patch Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,11 @@ +--- openssl-1.0.1e/ssl/s3_cbc.c 2013-02-14 08:06:58.000000000 -0800 ++++ openssl-1.0.1e/ssl/s3_cbc.c.orig 2013-02-14 03:04:08.440194448 -0700 +@@ -148,7 +148,7 @@ + unsigned padding_length, good, to_check, i; + const unsigned overhead = 1 /* padding length byte */ + mac_size; + /* Check if version requires explicit IV */ +- if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION) ++ if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER) + { + /* These lengths are all public so we can test them in + * non-constant time. diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/patches/openssl-1.0.1e-t4-engine.sparc-patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/patches/openssl-1.0.1e-t4-engine.sparc-patch Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,211 @@ +# +# Engine t4 patch openssl-1.0.0d-t4-engine.sparc-patch. +# This engine is SPARC-only. +# +Index: Configure +=================================================================== +diff -ru openssl-1.0.0d/Configure openssl-1.0.0d/Configure +--- openssl-1.0.0d/Configure 2011-05-24 17:02:24.000000000 -0700 ++++ openssl-1.0.0d/Configure 2011-07-27 10:48:17.817470000 -0700 +@@ -135,8 +135,9 @@ + + my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o modexp512-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o:"; + my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void"; +-my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o:des_enc-sparc.o fcrypt_b.o:aes_core.o aes_cbc.o aes-sparcv9.o:::sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::ghash-sparcv9.o::void"; +-my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::::::void"; ++my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o:des_enc-sparc.o fcrypt_b.o t4_des.o:aes_core.o aes_cbc.o aes-sparcv9.o t4_aes.o::t4_md5.o:sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o t4_sha1.o t4_sha2.o:::::::ghash-sparcv9.o::void"; ++my $sparcv9_fips_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o:des_enc-sparc.o fcrypt_b.o t4_des.o:aes_core.o aes_cbc.o aes-sparcv9.o t4_aes.o::t4_md5.o:sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o t4_sha1.o t4_sha2.o:::::::ghash-sparcv9.o::void"; ++my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o t4_des.o:t4_aes.o::t4_md5.o:t4_sha1.o t4_sha2.o:::::::void"; + my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o:::::sha1-alpha.o:::::::ghash-alpha.o::void"; + my $mips32_asm=":bn-mips.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o::::::::"; + my $mips64_asm=":bn-mips.o mips-mont.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o::::::::"; +@@ -264,9 +264,11 @@ + # + "solaris64-x86_64-cc-sunw","cc:-xO3 -m64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -lc:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR DES_PTR DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign -M/usr/lib/ld/map.noexdata:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + # +-"solaris-sparcv9-cc-sunw","cc:-xtarget=ultra -m32 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -lc:BN_LLONG RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m32 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"solaris-sparcv9-cc-sunw","cc:-xtarget=ultra -m32 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -lc -lsoftcrypto:BN_LLONG RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m32 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"solaris-sparcv9-cc-sunw-fips","cc:-xtarget=ultra -m32 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -lc -lsoftcrypto:BN_LLONG RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_fips_asm}:dlfcn:solaris-shared:-KPIC:-m32 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + # +-"solaris64-sparcv9-cc-sunw","cc:-xtarget=ultra -m64 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -xspace -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -lc:BN_LLONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/bin/ar rs::/64", ++"solaris64-sparcv9-cc-sunw","cc:-xtarget=ultra -m64 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -xspace -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -lc -lsoftcrypto:BN_LLONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/bin/ar rs::/64", ++"solaris64-sparcv9-cc-sunw-fips","cc:-xtarget=ultra -m64 -Qoption cg -xregs=no%appl -xO5 -xstrconst -xdepend -xspace -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -lc -lsoftcrypto:BN_LLONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_fips_asm}:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z text -zdefs -Bdirect -zignore -M/usr/lib/ld/map.pagealign:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/bin/ar rs::/64", + # Option -xF=%all instructs the compiler to place functions and data + # variables into separate section fragments. This enables the link editor + # to discard unused sections and files when linking wanboot-openssl.o +Index: crypto/aes/Makefile +=================================================================== +diff -ru openssl-1.0.0d/crypto/aes/ openssl-1.0.0d/crypto/aes/Makefile +--- openssl-1.0.0d/crypto/aes/Makefile 2011-05-24 17:03:31.000000000 -0700 ++++ openssl-1.0.0d/crypto/aes/Makefile 2011-06-30 17:26:34.980110000 -0700 +@@ -17,6 +17,10 @@ + ASFLAGS= $(INCLUDES) $(ASFLAG) + AFLAGS= $(ASFLAGS) + ++BITS:= $(shell if grep '^SHARED_LDFLAGS.*=.*-m32' ../../Makefile >/dev/null; \ ++ then echo 32; else echo 64; fi) ++ASFLAGSYF= -xregsym=no -K pic -P -xarch=v9v -D_sparcv9 -D_ASM -Dsparc -m$(BITS) ++ + GENERAL=Makefile + #TEST=aestest.c + TEST= +@@ -69,6 +73,10 @@ + aes-sparcv9.s: asm/aes-sparcv9.pl + $(PERL) asm/aes-sparcv9.pl $(CFLAGS) > $@ + ++t4_aes.o: asm/t4_aes.S ++ as $(ASFLAGSYF) -o $@ asm/t4_aes.S ++ elfedit -e 'cap:hw1 -and -cmp vis vis3' $@ ++ + aes-ppc.s: asm/aes-ppc.pl + $(PERL) asm/aes-ppc.pl $(PERLASM_SCHEME) $@ + +Index: crypto/des/Makefile +=================================================================== +diff -ru openssl-1.0.0d/crypto/des/ openssl-1.0.0d/crypto/des/Makefile +--- openssl-1.0.0d/crypto/des/Makefile 2011-07-26 17:47:28.530315349 -0700 ++++ openssl-1.0.0d/crypto/des/Makefile 2011-07-27 10:41:47.362058958 -0700 +@@ -17,6 +17,10 @@ + ASFLAGS= $(INCLUDES) $(ASFLAG) + AFLAGS= $(ASFLAGS) + ++BITS:= $(shell if grep '^SHARED_LDFLAGS.*=.*-m32' ../../Makefile >/dev/null; \ ++ then echo 32; else echo 64; fi) ++ASFLAGSYF= -xregsym=no -K pic -P -xarch=v9v -D_sparcv9 -D_ASM -Dsparc -m$(BITS) ++ + GENERAL=Makefile + TEST=destest.c + APPS= +@@ -61,6 +65,10 @@ + + des_enc-sparc.S: asm/des_enc.m4 + m4 -B 8192 asm/des_enc.m4 > des_enc-sparc.S ++ ++t4_des.o: asm/t4_des.S ++ as $(ASFLAGSYF) -o $@ asm/t4_des.S ++ elfedit -e 'cap:hw1 -and -cmp vis vis3' $@ + + des-586.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl + $(PERL) asm/des-586.pl $(PERLASM_SCHEME) $(CFLAGS) > $@ +Index: crypto/engine/Makefile +=================================================================== +diff -ru openssl-1.0.0d/crypto/engine/Makefile openssl-1.0.0d/crypto/engine/Makefile +--- openssl-1.0.0d/crypto/engine/Makefile 2011-05-24 17:04:12.000000000 -0700 ++++ openssl-1.0.0d/crypto/engine/Makefile 2011-07-28 10:10:00.000000000 -0700 +@@ -22,12 +22,16 @@ + tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \ + tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \ + eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c \ ++ eng_t4.c eng_t4_des.c eng_t4_md5.c \ ++ eng_t4_sha1.c eng_t4_sha256.c eng_t4_sha512.c eng_t4_montmul.c \ + eng_rsax.c eng_rdrand.c hw_pk11.c hw_pk11_pub.c hw_pk11_uri.c + LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \ + eng_table.o eng_pkey.o eng_fat.o eng_all.o \ + tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \ + tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \ + eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o \ ++ eng_t4.o eng_t4_des.o eng_t4_md5.o \ ++ eng_t4_sha1.o eng_t4_sha256.o eng_t4_sha512.o eng_t4_montmul.o \ + eng_rsax.o eng_rdrand.o hw_pk11.o hw_pk11_pub.o hw_pk11_uri.o + + SRC= $(LIBSRC) +Index: crypto/engine/eng_all.c +=================================================================== +diff -ru openssl-1.0.0d/crypto/engine/eng_all.c openssl-1.0.0d/crypto/engine/eng_all.c +--- openssl-1.0.0d/crypto/engine/eng_all.c 2011-05-24 17:02:20.000000000 -0700 ++++ openssl-1.0.0d/crypto/engine/eng_all.c 2011-06-22 17:34:25.145829355 -0700 +@@ -79,6 +79,10 @@ + #ifndef OPENSSL_NO_RDRAND + ENGINE_load_rdrand(); + #endif ++#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_T4) ++ ENGINE_load_t4(); ++ ENGINE_register_all_complete(); ++#endif + ENGINE_load_dynamic(); + #ifndef OPENSSL_NO_HW_PKCS11 + ENGINE_load_pk11(); +Index: crypto/engine/engine.h +================================================================== +diff -ru openssl-1.0.0d/crypto/engine/engine.h openssl-1.0.0d/crypto/engine/engine.h +--- openssl-1.0.0d/crypto/engine/engine.h 2011-05-24 17:02:20.000000000 -0700 ++++ openssl-1.0.0d/crypto/engine/engine.h 2011-05-24 18:05:29.075766123 -0700 +@@ -351,6 +351,7 @@ + #endif + #endif + void ENGINE_load_cryptodev(void); ++void ENGINE_load_t4(void); + void ENGINE_load_pk11(void); + void ENGINE_load_rsax(void); + void ENGINE_load_rdrand(void); +Index: crypto/md5/Makefile +================================================================== +diff -ru openssl-1.0.0d/crypto/md5/Makefile openssl-1.0.0d/crypto/md5/Makefile +--- openssl-1.0.0d/crypto/md5/Makefile 2011-05-24 17:03:14.000000000 -0700 ++++ openssl-1.0.0d/crypto/md5/Makefile 2011-08-27 16:01:49.000000000 -0700 +@@ -17,6 +17,10 @@ + ASFLAGS= $(INCLUDES) $(ASFLAG) + AFLAGS= $(ASFLAGS) + ++BITS:= $(shell if grep '^SHARED_LDFLAGS.*=.*-m32' ../../Makefile >/dev/null; \ ++ then echo 32; else echo 64; fi) ++ASFLAGSYF= -xregsym=no -K pic -P -xarch=v9v -D_sparcv9 -D_ASM -Dsparc -m$(BITS) ++ + GENERAL=Makefile + TEST=md5test.c + APPS= +@@ -52,6 +58,10 @@ + $(CC) $(CFLAGS) -E asm/md5-ia64.S | \ + $(PERL) -ne 's/;\s+/;\n/g; print;' > $@ + ++t4_md5.o: asm/t4_md5.S ++ as $(ASFLAGSYF) -o $@ asm/t4_md5.S ++ elfedit -e 'cap:hw1 -and -cmp vis vis3' $@ ++ + files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +Index: crypto/sha/Makefile +================================================================== +diff -ru openssl-1.0.0d/crypto/sha/Makefile openssl-1.0.0d/crypto/sha/Makefile +--- openssl-1.0.0d/crypto/sha/Makefile 2011-05-24 17:03:18.000000000 -0700 ++++ openssl-1.0.0d/crypto/sha/Makefile 2011-08-27 16:01:49.000000000 -0700 +@@ -17,6 +17,10 @@ + ASFLAGS= $(INCLUDES) $(ASFLAG) + AFLAGS= $(ASFLAGS) + ++BITS:= $(shell if grep '^SHARED_LDFLAGS.*=.*-m32' ../../Makefile >/dev/null; \ ++ then echo 32; else echo 64; fi) ++ASFLAGSYF= -xregsym=no -K pic -P -xarch=v9v -D_sparcv9 -D_ASM -Dsparc -m$(BITS) ++ + GENERAL=Makefile + TEST=shatest.c sha1test.c sha256t.c sha512t.c + APPS= +@@ -91,6 +95,14 @@ + sha256-armv4.o: sha256-armv4.S + sha512-armv4.o: sha512-armv4.S + ++t4_sha1.o: asm/t4_sha1.S ++ as $(ASFLAGSYF) -o $@ asm/t4_sha1.S ++ elfedit -e 'cap:hw1 -and -cmp vis vis3' $@ ++ ++t4_sha2.o: asm/t4_sha2.S ++ as $(ASFLAGSYF) -o $@ asm/t4_sha2.S ++ elfedit -e 'cap:hw1 -and -cmp vis vis3' $@ ++ + files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +Index: util/libeay.num +================================================================== +diff -ru openssl-1.0.0d/util/libeay.num openssl-1.0.0d/util/libeay.num +--- openssl-1.0.0d/util/libeay.num 2010-07-25 09:56:06.000000000 -0700 ++++ openssl-1.0.0d/util/libeay.num 2011-05-25 11:19:15.585211842 -0700 +@@ -4179,6 +4179,7 @@ + UI_method_set_prompt_constructor 4551 EXIST:!VMS:FUNCTION: + UI_method_set_prompt_constructr 4551 EXIST:VMS:FUNCTION: + EVP_read_pw_string_min 4552 EXIST::FUNCTION: ++ENGINE_load_t4 4553 EXIST::FUNCTION:ENGINE + CRYPTO_cts128_encrypt 4553 EXIST::FUNCTION: + CRYPTO_cts128_decrypt_block 4554 EXIST::FUNCTION: + CRYPTO_cfb128_1_encrypt 4555 EXIST::FUNCTION: diff -r a7d8d41eeab2 -r b92e6df5eaf0 components/openssl/openssl-1.0.1/wanboot-openssl/wanboot-stubs.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/openssl/openssl-1.0.1/wanboot-openssl/wanboot-stubs.c Fri May 03 16:10:11 2013 -0700 @@ -0,0 +1,122 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ +/* + * Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved. + */ + +/* Content of this file is only needed for wanboot. */ +#ifdef _BOOT + +#include +#include +#include +#include + +/* + * In OpenSSL 0.9.7 the EVP_read_pw_string now calls into the new "ui" + * routines of 0.9.7, which is not compiled in the standalone, so it is + * stubbed out here to avoid having to add a bunch of #ifndef's elsewhere. + */ +/* ARGSUSED */ +int +EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, int + verify) +{ + return (-1); /* failure */ +} + +/* + * In standalone issetugid() is always false. + */ +int +OPENSSL_issetugid(void) +{ + return (1); +} + +/* + * Directory routines -- currently, the only consumer of these interfaces + * is $SRC/common/openssl/ssl/ssl_cert.c, and it has fallback code in the + * case of failure, so we just fail opendir() and stub out the rest. At + * some point, we may need to provide a real implementation. + */ +/* ARGSUSED */ +DIR * +opendir(const char *dirname) +{ + errno = EACCES; + return (NULL); +} + +/* ARGSUSED */ +struct dirent * +readdir(DIR *dirp) +{ + return (NULL); +} + +/* ARGSUSED */ +int +closedir(DIR *dirp) +{ + return (0); +} + +/* + * Atoi is used on multiple places in libcrypto. + * This implementation is taken from stand-alone libsock library: + * usr/src/stand/lib/sock/sock_test.c + * Alternative solution: just extern it here, wanboot has -lsock anyway. + */ +#ifndef isdigit +#define isdigit(c) ((c) >= '0' && (c) <= '9') +#endif + +#ifndef isspace +#define isspace(c) ((c) == ' ' || (c) == '\t' || (c) == '\n' || \ + (c) == '\r' || (c) == '\f' || (c) == '\013') +#endif +int +atoi(const char *p) +{ + int n; + int c = *p++, neg = 0; + + while (isspace(c)) { + c = *p++; + } + if (!isdigit(c)) { + switch (c) { + case '-': + neg++; + /* FALLTHROUGH */ + case '+': + c = *p++; + } + } + for (n = 0; isdigit(c); c = *p++) { + n *= 10; /* two steps to avoid unnecessary overflow */ + n += '0' - c; /* accum neg to avoid surprises at MAX */ + } + return (neg ? n : -n); +} + +#endif /* _BOOT */