GitHub/boringssl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: GitHub/boringssl:spm
Branches Tags
GitHub/boringssl:master GitHub/boringssl:spm GitHub/boringssl:master-with-bazel GitHub/boringssl:infra/config GitHub/boringssl:chromium-stable-with-bazel GitHub/boringssl:main-with-bazel GitHub/boringssl:chromium-stable GitHub/boringssl:3945 GitHub/boringssl:fips-android-20191008 GitHub/boringssl:esni GitHub/boringssl:3538 GitHub/boringssl:fips-20180730 GitHub/boringssl:3359 GitHub/boringssl:3282 GitHub/boringssl:3239 GitHub/boringssl:3202 GitHub/boringssl:3112 GitHub/boringssl:3071 GitHub/boringssl:3029 GitHub/boringssl:2987 GitHub/boringssl:2924 GitHub/boringssl:2883 GitHub/boringssl:2785 GitHub/boringssl:2661 GitHub/boringssl:2704 GitHub/boringssl:2623 GitHub/boringssl:2564 GitHub/boringssl:2490 GitHub/boringssl:2357 GitHub/boringssl:2311 GitHub/boringssl:2272 GitHub/boringssl:2214
..
pull from: GitHub/boringssl:3359
Branches Tags
GitHub/boringssl:spm GitHub/boringssl:master-with-bazel GitHub/boringssl:master GitHub/boringssl:infra/config GitHub/boringssl:chromium-stable-with-bazel GitHub/boringssl:main-with-bazel GitHub/boringssl:chromium-stable GitHub/boringssl:3945 GitHub/boringssl:fips-android-20191008 GitHub/boringssl:esni GitHub/boringssl:3538 GitHub/boringssl:fips-20180730 GitHub/boringssl:3359 GitHub/boringssl:3282 GitHub/boringssl:3239 GitHub/boringssl:3202 GitHub/boringssl:3112 GitHub/boringssl:3071 GitHub/boringssl:3029 GitHub/boringssl:2987 GitHub/boringssl:2924 GitHub/boringssl:2883 GitHub/boringssl:2785 GitHub/boringssl:2661 GitHub/boringssl:2704 GitHub/boringssl:2623 GitHub/boringssl:2564 GitHub/boringssl:2490 GitHub/boringssl:2357 GitHub/boringssl:2311 GitHub/boringssl:2272 GitHub/boringssl:2214

1 Commits
spm .. 3359

Author SHA1 Message Date
David Benjamin 7f7bd6b559 Fix typo in point_add. 
Rather than writing the answer into the output, it wrote it into some
awkwardly-named temporaries. Thanks to Daniel Hirche for reporting this
issue!

Bug: chromium:825273
(cherry picked from commit 5fca613918)

Change-Id: I315087f5e7414118a6f70bf4aed76325aa4f76a0
 2018-03-29 15:50:25 -04:00
6393 changed files with 180923 additions and 1167869 deletions
Expand all files Collapse all files
src/.clang-format → .clang-format
View File
.gitignore
+25
View File
@@ -0,0 +1,25 @@
build/
ssl/test/runner/runner
*.swp
*.swo
doc/*.html
doc/doc.css
util/bot/android_ndk
util/bot/android_tools
util/bot/cmake-linux64
util/bot/cmake-linux64.tar.gz
util/bot/cmake-mac
util/bot/cmake-mac.tar.gz
util/bot/cmake-win32
util/bot/cmake-win32.zip
util/bot/golang
util/bot/gyp
util/bot/libFuzzer
util/bot/llvm-build
util/bot/perl-win32
util/bot/perl-win32.zip
util/bot/sde-linux64
util/bot/sde-linux64.tar.bz2
util/bot/win_toolchain.json
util/bot/yasm-win32.exe
API-CONVENTIONS.md
+184
View File
@@ -0,0 +1,184 @@
# BoringSSL API Conventions
This document describes conventions for BoringSSL APIs. The [style
guide](/STYLE.md) also includes guidelines, but this document is targeted at
both API consumers and developers.
## Documentation
All supported public APIs are documented in the public header files, found in
`include/openssl`. The API documentation is also available
[online](https://commondatastorage.googleapis.com/chromium-boringssl-docs/headers.html).
Some headers lack documention comments. These are functions and structures from
OpenSSL's legacy ASN.1, X.509, and PEM implementation. If possible, avoid using
them. These are left largely unmodified from upstream and are retained only for
compatibility with existing OpenSSL consumers.
## Forward declarations
Do not write `typedef struct foo_st FOO` or try otherwise to define BoringSSL's
types. Including `openssl/base.h` (or `openssl/ossl_typ.h` for consumers who
wish to be OpenSSL-compatible) will forward-declare each type without importing
the rest of the library or invasive macros.
## Error-handling
Most functions in BoringSSL may fail, either due to allocation failures or input
errors. Functions which return an `int` typically return one on success and zero
on failure. Functions which return a pointer typically return `NULL` on failure.
However, due to legacy constraints, some functions are more complex. Consult the
API documentation before using a function.
On error, most functions also push errors on the error queue, an `errno`-like
mechanism. See the documentation for
[err.h](https://commondatastorage.googleapis.com/chromium-boringssl-docs/err.h.html)
for more details.
As with `errno`, callers must test the function's return value, not the error
queue to determine whether an operation failed. Some codepaths may not interact
with the error queue, and the error queue may have state from a previous failed
operation.
When ignoring a failed operation, it is recommended to call `ERR_clear_error` to
avoid the state interacting with future operations. Failing to do so should not
affect the actual behavior of any functions, but may result in errors from both
operations being mixed in error logging. We hope to
[improve](https://bugs.chromium.org/p/boringssl/issues/detail?id=38) this
situation in the future.
Where possible, avoid conditioning on specific reason codes and limit usage to
logging. The reason codes are very specific and may change over time.
## Memory allocation
BoringSSL allocates memory via `OPENSSL_malloc`, found in `mem.h`. Use
`OPENSSL_free`, found in the same header file, to release it. BoringSSL
functions will fail gracefully on allocation error, but it is recommended to use
a `malloc` implementation that `abort`s on failure.
## Object initialization and cleanup
BoringSSL defines a number of structs for use in its APIs. It is a C library,
so the caller is responsible for ensuring these structs are properly
initialized and released. Consult the documentation for a module for the
proper use of its types. Some general conventions are listed below.
### Heap-allocated types
Some types, such as `RSA`, are heap-allocated. All instances will be allocated
and returned from BoringSSL's APIs. It is an error to instantiate a heap-
allocated type on the stack or embedded within another object.
Heap-allocated types may have functioned named like `RSA_new` which allocates a
fresh blank `RSA`. Other functions may also return newly-allocated instances.
For example, `RSA_parse_public_key` is documented to return a newly-allocated
`RSA` object.
Heap-allocated objects must be released by the corresponding free function,
named like `RSA_free`. Like C's `free` and C++'s `delete`, all free functions
internally check for `NULL`. Consumers are not required to check for `NULL`
before calling.
A heap-allocated type may be reference-counted. In this case, a function named
like `RSA_up_ref` will be available to take an additional reference count. The
free function must be called to decrement the reference count. It will only
release resources when the final reference is released. For OpenSSL
compatibility, these functions return `int`, but callers may assume they always
successfully return one because reference counts use saturating arithmetic.
C++ consumers are recommended to use `bssl::UniquePtr` to manage heap-allocated
objects. `bssl::UniquePtr<T>`, like other types, is forward-declared in
`openssl/base.h`. Code that needs access to the free functions, such as code
which destroys a `bssl::UniquePtr`, must include the corresponding module's
header. (This matches `std::unique_ptr`'s relationship with forward
declarations.)
### Stack-allocated types
Other types in BoringSSL are stack-allocated, such as `EVP_MD_CTX`. These
types may be allocated on the stack or embedded within another object.
However, they must still be initialized before use.
Every stack-allocated object in BoringSSL has a *zero state*, analogous to
initializing a pointer to `NULL`. In this state, the object may not be
completely initialized, but it is safe to call cleanup functions. Entering the
zero state cannot fail. (It is usually `memset(0)`.)
The function to enter the zero state is named like `EVP_MD_CTX_init` or
`CBB_zero` and will always return `void`. To release resources associated with
the type, call the cleanup function, named like `EVP_MD_CTX_cleanup`. The
cleanup function must be called on all codepaths, regardless of success or
failure. For example:
uint8_t md[EVP_MAX_MD_SIZE];
unsigned md_len;
EVP_MD_CTX ctx;
EVP_MD_CTX_init(&ctx); /* Enter the zero state. */
int ok = EVP_DigestInit_ex(&ctx, EVP_sha256(), NULL) &&
EVP_DigestUpdate(&ctx, "hello ", 6) &&
EVP_DigestUpdate(&ctx, "world", 5) &&
EVP_DigestFinal_ex(&ctx, md, &md_len);
EVP_MD_CTX_cleanup(&ctx); /* Release |ctx|. */
Note that `EVP_MD_CTX_cleanup` is called whether or not the `EVP_Digest*`
operations succeeded. More complex C functions may use the `goto err` pattern:
int ret = 0;
EVP_MD_CTX ctx;
EVP_MD_CTX_init(&ctx);
if (!some_other_operation()) {
goto err;
}
uint8_t md[EVP_MAX_MD_SIZE];
unsigned md_len;
if (!EVP_DigestInit_ex(&ctx, EVP_sha256(), NULL) ||
!EVP_DigestUpdate(&ctx, "hello ", 6) ||
!EVP_DigestUpdate(&ctx, "world", 5) ||
!EVP_DigestFinal_ex(&ctx, md, &md_len) {
goto err;
}
ret = 1;
err:
EVP_MD_CTX_cleanup(&ctx);
return ret;
Note that, because `ctx` is set to the zero state before any failures,
`EVP_MD_CTX_cleanup` is safe to call even if the first operation fails before
`EVP_DigestInit_ex`. However, it would be illegal to move the `EVP_MD_CTX_init`
below the `some_other_operation` call.
As a rule of thumb, enter the zero state of stack-allocated structs in the
same place they are declared.
C++ consumers are recommended to use the wrappers named like
`bssl::ScopedEVP_MD_CTX`, defined in the corresponding module's header. These
wrappers are automatically initialized to the zero state and are automatically
cleaned up.
### Data-only types
A few types, such as `SHA_CTX`, are data-only types and do not require cleanup.
These are usually for low-level cryptographic operations. These types may be
used freely without special cleanup conventions.
## Thread safety
BoringSSL is internally aware of the platform threading library and calls into
it as needed. Consult the API documentation for the threading guarantees of
particular objects. In general, stateless reference-counted objects like `RSA`
or `EVP_PKEY` which represent keys may typically be used from multiple threads
simultaneously, provided no thread mutates the key.
BUILD
-165
View File
@@ -1,165 +0,0 @@
# Copyright (c) 2016, Google Inc.
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
# OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
licenses(["notice"])
exports_files(["LICENSE"])
load(
":BUILD.generated.bzl",
"crypto_headers",
"crypto_internal_headers",
"crypto_sources",
"crypto_sources_linux_x86_64",
"crypto_sources_linux_ppc64le",
"crypto_sources_mac_x86_64",
"fips_fragments",
"ssl_headers",
"ssl_internal_headers",
"ssl_sources",
"tool_sources",
"tool_headers",
)
config_setting(
name = "linux_x86_64",
values = {"cpu": "k8"},
)
config_setting(
name = "linux_ppc64le",
values = {"cpu": "ppc"},
)
config_setting(
name = "mac_x86_64",
values = {"cpu": "darwin"},
)
config_setting(
name = "windows_x86_64",
values = {"cpu": "x64_windows"},
)
config_setting(
name = "android",
values = {"crosstool_top": "//external:android/crosstool"}
)
posix_copts = [
# Assembler option --noexecstack adds .note.GNU-stack to each object to
# ensure that binaries can be built with non-executable stack.
"-Wa,--noexecstack",
# This is needed on Linux systems (at least) to get rwlock in pthread.
"-D_XOPEN_SOURCE=700",
# This list of warnings should match those in the top-level CMakeLists.txt.
"-Wall",
"-Werror",
"-Wformat=2",
"-Wsign-compare",
"-Wmissing-field-initializers",
"-Wwrite-strings",
"-Wshadow",
"-fno-common",
# Modern build environments should be able to set this to use atomic
# operations for reference counting rather than locks. However, it's
# known not to work on some Android builds.
# "-DOPENSSL_C11_ATOMIC",
]
boringssl_copts = select({
":linux_x86_64": posix_copts,
":linux_ppc64le": posix_copts,
":mac_x86_64": posix_copts,
":windows_x86_64": [
"-DWIN32_LEAN_AND_MEAN",
"-DOPENSSL_NO_ASM",
],
"//conditions:default": ["-DOPENSSL_NO_ASM"],
})
crypto_sources_asm = select({
":linux_x86_64": crypto_sources_linux_x86_64,
":linux_ppc64le": crypto_sources_linux_ppc64le,
":mac_x86_64": crypto_sources_mac_x86_64,
"//conditions:default": [],
})
# For C targets only (not C++), compile with C11 support.
posix_copts_c11 = [
"-std=c11",
"-Wmissing-prototypes",
"-Wold-style-definition",
"-Wstrict-prototypes",
]
boringssl_copts_c11 = boringssl_copts + select({
":linux_x86_64": posix_copts_c11,
":linux_ppc64le": posix_copts_c11,
":mac_x86_64": posix_copts_c11,
"//conditions:default": [],
})
# For C++ targets only (not C), compile with C++11 support.
posix_copts_cxx = [
"-std=c++11",
"-Wmissing-declarations",
]
boringssl_copts_cxx = boringssl_copts + select({
":linux_x86_64": posix_copts_cxx,
":linux_ppc64le": posix_copts_cxx,
":mac_x86_64": posix_copts_cxx,
"//conditions:default": [],
})
cc_library(
name = "crypto",
srcs = crypto_sources + crypto_internal_headers + crypto_sources_asm,
hdrs = crypto_headers + fips_fragments,
copts = boringssl_copts_c11,
includes = ["src/include"],
linkopts = select({
":mac_x86_64": [],
# Android supports pthreads, but does not provide a libpthread
# to link against.
":android": [],
":windows_x86_64": ["-defaultlib:advapi32.lib"],
"//conditions:default": ["-lpthread"],
}),
visibility = ["//visibility:public"],
)
cc_library(
name = "ssl",
srcs = ssl_sources + ssl_internal_headers,
hdrs = ssl_headers,
copts = boringssl_copts_cxx,
includes = ["src/include"],
visibility = ["//visibility:public"],
deps = [
":crypto",
],
)
cc_binary(
name = "bssl",
srcs = tool_sources + tool_headers,
copts = boringssl_copts_cxx,
visibility = ["//visibility:public"],
deps = [":ssl"],
)
BUILD.generated.bzl
-678
View File
@@ -1,678 +0,0 @@
# This file is created by generate_build_files.py. Do not edit manually.
ssl_headers = [
"src/include/openssl/dtls1.h",
"src/include/openssl/srtp.h",
"src/include/openssl/ssl.h",
"src/include/openssl/ssl3.h",
"src/include/openssl/tls1.h",
]
fips_fragments = [
"src/crypto/fipsmodule/aes/aes.c",
"src/crypto/fipsmodule/aes/aes_nohw.c",
"src/crypto/fipsmodule/aes/key_wrap.c",
"src/crypto/fipsmodule/aes/mode_wrappers.c",
"src/crypto/fipsmodule/bn/add.c",
"src/crypto/fipsmodule/bn/asm/x86_64-gcc.c",
"src/crypto/fipsmodule/bn/bn.c",
"src/crypto/fipsmodule/bn/bytes.c",
"src/crypto/fipsmodule/bn/cmp.c",
"src/crypto/fipsmodule/bn/ctx.c",
"src/crypto/fipsmodule/bn/div.c",
"src/crypto/fipsmodule/bn/div_extra.c",
"src/crypto/fipsmodule/bn/exponentiation.c",
"src/crypto/fipsmodule/bn/gcd.c",
"src/crypto/fipsmodule/bn/gcd_extra.c",
"src/crypto/fipsmodule/bn/generic.c",
"src/crypto/fipsmodule/bn/jacobi.c",
"src/crypto/fipsmodule/bn/montgomery.c",
"src/crypto/fipsmodule/bn/montgomery_inv.c",
"src/crypto/fipsmodule/bn/mul.c",
"src/crypto/fipsmodule/bn/prime.c",
"src/crypto/fipsmodule/bn/random.c",
"src/crypto/fipsmodule/bn/rsaz_exp.c",
"src/crypto/fipsmodule/bn/shift.c",
"src/crypto/fipsmodule/bn/sqrt.c",
"src/crypto/fipsmodule/cipher/aead.c",
"src/crypto/fipsmodule/cipher/cipher.c",
"src/crypto/fipsmodule/cipher/e_aes.c",
"src/crypto/fipsmodule/cipher/e_des.c",
"src/crypto/fipsmodule/des/des.c",
"src/crypto/fipsmodule/digest/digest.c",
"src/crypto/fipsmodule/digest/digests.c",
"src/crypto/fipsmodule/ec/ec.c",
"src/crypto/fipsmodule/ec/ec_key.c",
"src/crypto/fipsmodule/ec/ec_montgomery.c",
"src/crypto/fipsmodule/ec/felem.c",
"src/crypto/fipsmodule/ec/oct.c",
"src/crypto/fipsmodule/ec/p224-64.c",
"src/crypto/fipsmodule/ec/p256-x86_64.c",
"src/crypto/fipsmodule/ec/scalar.c",
"src/crypto/fipsmodule/ec/simple.c",
"src/crypto/fipsmodule/ec/simple_mul.c",
"src/crypto/fipsmodule/ec/util.c",
"src/crypto/fipsmodule/ec/wnaf.c",
"src/crypto/fipsmodule/ecdh/ecdh.c",
"src/crypto/fipsmodule/ecdsa/ecdsa.c",
"src/crypto/fipsmodule/hmac/hmac.c",
"src/crypto/fipsmodule/md4/md4.c",
"src/crypto/fipsmodule/md5/md5.c",
"src/crypto/fipsmodule/modes/cbc.c",
"src/crypto/fipsmodule/modes/cfb.c",
"src/crypto/fipsmodule/modes/ctr.c",
"src/crypto/fipsmodule/modes/gcm.c",
"src/crypto/fipsmodule/modes/gcm_nohw.c",
"src/crypto/fipsmodule/modes/ofb.c",
"src/crypto/fipsmodule/modes/polyval.c",
"src/crypto/fipsmodule/rand/ctrdrbg.c",
"src/crypto/fipsmodule/rand/rand.c",
"src/crypto/fipsmodule/rand/urandom.c",
"src/crypto/fipsmodule/rsa/blinding.c",
"src/crypto/fipsmodule/rsa/padding.c",
"src/crypto/fipsmodule/rsa/rsa.c",
"src/crypto/fipsmodule/rsa/rsa_impl.c",
"src/crypto/fipsmodule/self_check/self_check.c",
"src/crypto/fipsmodule/sha/sha1-altivec.c",
"src/crypto/fipsmodule/sha/sha1.c",
"src/crypto/fipsmodule/sha/sha256.c",
"src/crypto/fipsmodule/sha/sha512.c",
"src/crypto/fipsmodule/tls/kdf.c",
"src/third_party/fiat/p256.c",
]
ssl_internal_headers = [
"src/ssl/internal.h",
]
ssl_sources = [
"src/ssl/bio_ssl.cc",
"src/ssl/d1_both.cc",
"src/ssl/d1_lib.cc",
"src/ssl/d1_pkt.cc",
"src/ssl/d1_srtp.cc",
"src/ssl/dtls_method.cc",
"src/ssl/dtls_record.cc",
"src/ssl/handoff.cc",
"src/ssl/handshake.cc",
"src/ssl/handshake_client.cc",
"src/ssl/handshake_server.cc",
"src/ssl/s3_both.cc",
"src/ssl/s3_lib.cc",
"src/ssl/s3_pkt.cc",
"src/ssl/ssl_aead_ctx.cc",
"src/ssl/ssl_asn1.cc",
"src/ssl/ssl_buffer.cc",
"src/ssl/ssl_cert.cc",
"src/ssl/ssl_cipher.cc",
"src/ssl/ssl_file.cc",
"src/ssl/ssl_key_share.cc",
"src/ssl/ssl_lib.cc",
"src/ssl/ssl_privkey.cc",
"src/ssl/ssl_session.cc",
"src/ssl/ssl_stat.cc",
"src/ssl/ssl_transcript.cc",
"src/ssl/ssl_versions.cc",
"src/ssl/ssl_x509.cc",
"src/ssl/t1_enc.cc",
"src/ssl/t1_lib.cc",
"src/ssl/tls13_both.cc",
"src/ssl/tls13_client.cc",
"src/ssl/tls13_enc.cc",
"src/ssl/tls13_server.cc",
"src/ssl/tls_method.cc",
"src/ssl/tls_record.cc",
]
crypto_headers = [
"src/include/openssl/aead.h",
"src/include/openssl/aes.h",
"src/include/openssl/arm_arch.h",
"src/include/openssl/asn1.h",
"src/include/openssl/asn1_mac.h",
"src/include/openssl/asn1t.h",
"src/include/openssl/base.h",
"src/include/openssl/base64.h",
"src/include/openssl/bio.h",
"src/include/openssl/blowfish.h",
"src/include/openssl/bn.h",
"src/include/openssl/buf.h",
"src/include/openssl/buffer.h",
"src/include/openssl/bytestring.h",
"src/include/openssl/cast.h",
"src/include/openssl/chacha.h",
"src/include/openssl/cipher.h",
"src/include/openssl/cmac.h",
"src/include/openssl/conf.h",
"src/include/openssl/cpu.h",
"src/include/openssl/crypto.h",
"src/include/openssl/curve25519.h",
"src/include/openssl/des.h",
"src/include/openssl/dh.h",
"src/include/openssl/digest.h",
"src/include/openssl/dsa.h",
"src/include/openssl/e_os2.h",
"src/include/openssl/ec.h",
"src/include/openssl/ec_key.h",
"src/include/openssl/ecdh.h",
"src/include/openssl/ecdsa.h",
"src/include/openssl/engine.h",
"src/include/openssl/err.h",
"src/include/openssl/evp.h",
"src/include/openssl/ex_data.h",
"src/include/openssl/hkdf.h",
"src/include/openssl/hmac.h",
"src/include/openssl/hrss.h",
"src/include/openssl/is_boringssl.h",
"src/include/openssl/lhash.h",
"src/include/openssl/md4.h",
"src/include/openssl/md5.h",
"src/include/openssl/mem.h",
"src/include/openssl/nid.h",
"src/include/openssl/obj.h",
"src/include/openssl/obj_mac.h",
"src/include/openssl/objects.h",
"src/include/openssl/opensslconf.h",
"src/include/openssl/opensslv.h",
"src/include/openssl/ossl_typ.h",
"src/include/openssl/pem.h",
"src/include/openssl/pkcs12.h",
"src/include/openssl/pkcs7.h",
"src/include/openssl/pkcs8.h",
"src/include/openssl/poly1305.h",
"src/include/openssl/pool.h",
"src/include/openssl/rand.h",
"src/include/openssl/rc4.h",
"src/include/openssl/ripemd.h",
"src/include/openssl/rsa.h",
"src/include/openssl/safestack.h",
"src/include/openssl/sha.h",
"src/include/openssl/siphash.h",
"src/include/openssl/span.h",
"src/include/openssl/stack.h",
"src/include/openssl/thread.h",
"src/include/openssl/type_check.h",
"src/include/openssl/x509.h",
"src/include/openssl/x509_vfy.h",
"src/include/openssl/x509v3.h",
]
crypto_internal_headers = [
"src/crypto/asn1/asn1_locl.h",
"src/crypto/bio/internal.h",
"src/crypto/bytestring/internal.h",
"src/crypto/chacha/internal.h",
"src/crypto/cipher_extra/internal.h",
"src/crypto/conf/conf_def.h",
"src/crypto/conf/internal.h",
"src/crypto/cpu-arm-linux.h",
"src/crypto/err/internal.h",
"src/crypto/evp/internal.h",
"src/crypto/fipsmodule/aes/internal.h",
"src/crypto/fipsmodule/bn/internal.h",
"src/crypto/fipsmodule/bn/rsaz_exp.h",
"src/crypto/fipsmodule/cipher/internal.h",
"src/crypto/fipsmodule/delocate.h",
"src/crypto/fipsmodule/des/internal.h",
"src/crypto/fipsmodule/digest/internal.h",
"src/crypto/fipsmodule/digest/md32_common.h",
"src/crypto/fipsmodule/ec/internal.h",
"src/crypto/fipsmodule/ec/p256-x86_64-table.h",
"src/crypto/fipsmodule/ec/p256-x86_64.h",
"src/crypto/fipsmodule/md5/internal.h",
"src/crypto/fipsmodule/modes/internal.h",
"src/crypto/fipsmodule/rand/internal.h",
"src/crypto/fipsmodule/rsa/internal.h",
"src/crypto/fipsmodule/sha/internal.h",
"src/crypto/fipsmodule/tls/internal.h",
"src/crypto/hrss/internal.h",
"src/crypto/internal.h",
"src/crypto/obj/obj_dat.h",
"src/crypto/pkcs7/internal.h",
"src/crypto/pkcs8/internal.h",
"src/crypto/poly1305/internal.h",
"src/crypto/pool/internal.h",
"src/crypto/x509/charmap.h",
"src/crypto/x509/internal.h",
"src/crypto/x509/vpm_int.h",
"src/crypto/x509v3/ext_dat.h",
"src/crypto/x509v3/internal.h",
"src/crypto/x509v3/pcy_int.h",
"src/third_party/fiat/curve25519_32.h",
"src/third_party/fiat/curve25519_64.h",
"src/third_party/fiat/curve25519_tables.h",
"src/third_party/fiat/internal.h",
"src/third_party/fiat/p256_32.h",
"src/third_party/fiat/p256_64.h",
]
crypto_sources = [
"err_data.c",
"src/crypto/asn1/a_bitstr.c",
"src/crypto/asn1/a_bool.c",
"src/crypto/asn1/a_d2i_fp.c",
"src/crypto/asn1/a_dup.c",
"src/crypto/asn1/a_enum.c",
"src/crypto/asn1/a_gentm.c",
"src/crypto/asn1/a_i2d_fp.c",
"src/crypto/asn1/a_int.c",
"src/crypto/asn1/a_mbstr.c",
"src/crypto/asn1/a_object.c",
"src/crypto/asn1/a_octet.c",
"src/crypto/asn1/a_print.c",
"src/crypto/asn1/a_strnid.c",
"src/crypto/asn1/a_time.c",
"src/crypto/asn1/a_type.c",
"src/crypto/asn1/a_utctm.c",
"src/crypto/asn1/a_utf8.c",
"src/crypto/asn1/asn1_lib.c",
"src/crypto/asn1/asn1_par.c",
"src/crypto/asn1/asn_pack.c",
"src/crypto/asn1/f_enum.c",
"src/crypto/asn1/f_int.c",
"src/crypto/asn1/f_string.c",
"src/crypto/asn1/tasn_dec.c",
"src/crypto/asn1/tasn_enc.c",
"src/crypto/asn1/tasn_fre.c",
"src/crypto/asn1/tasn_new.c",
"src/crypto/asn1/tasn_typ.c",
"src/crypto/asn1/tasn_utl.c",
"src/crypto/asn1/time_support.c",
"src/crypto/base64/base64.c",
"src/crypto/bio/bio.c",
"src/crypto/bio/bio_mem.c",
"src/crypto/bio/connect.c",
"src/crypto/bio/fd.c",
"src/crypto/bio/file.c",
"src/crypto/bio/hexdump.c",
"src/crypto/bio/pair.c",
"src/crypto/bio/printf.c",
"src/crypto/bio/socket.c",
"src/crypto/bio/socket_helper.c",
"src/crypto/bn_extra/bn_asn1.c",
"src/crypto/bn_extra/convert.c",
"src/crypto/buf/buf.c",
"src/crypto/bytestring/asn1_compat.c",
"src/crypto/bytestring/ber.c",
"src/crypto/bytestring/cbb.c",
"src/crypto/bytestring/cbs.c",
"src/crypto/bytestring/unicode.c",
"src/crypto/chacha/chacha.c",
"src/crypto/cipher_extra/cipher_extra.c",
"src/crypto/cipher_extra/derive_key.c",
"src/crypto/cipher_extra/e_aesccm.c",
"src/crypto/cipher_extra/e_aesctrhmac.c",
"src/crypto/cipher_extra/e_aesgcmsiv.c",
"src/crypto/cipher_extra/e_chacha20poly1305.c",
"src/crypto/cipher_extra/e_null.c",
"src/crypto/cipher_extra/e_rc2.c",
"src/crypto/cipher_extra/e_rc4.c",
"src/crypto/cipher_extra/e_tls.c",
"src/crypto/cipher_extra/tls_cbc.c",
"src/crypto/cmac/cmac.c",
"src/crypto/conf/conf.c",
"src/crypto/cpu-aarch64-fuchsia.c",
"src/crypto/cpu-aarch64-linux.c",
"src/crypto/cpu-arm-linux.c",
"src/crypto/cpu-arm.c",
"src/crypto/cpu-intel.c",
"src/crypto/cpu-ppc64le.c",
"src/crypto/crypto.c",
"src/crypto/curve25519/spake25519.c",
"src/crypto/dh/check.c",
"src/crypto/dh/dh.c",
"src/crypto/dh/dh_asn1.c",
"src/crypto/dh/params.c",
"src/crypto/digest_extra/digest_extra.c",
"src/crypto/dsa/dsa.c",
"src/crypto/dsa/dsa_asn1.c",
"src/crypto/ec_extra/ec_asn1.c",
"src/crypto/ec_extra/ec_derive.c",
"src/crypto/ecdh_extra/ecdh_extra.c",
"src/crypto/ecdsa_extra/ecdsa_asn1.c",
"src/crypto/engine/engine.c",
"src/crypto/err/err.c",
"src/crypto/evp/digestsign.c",
"src/crypto/evp/evp.c",
"src/crypto/evp/evp_asn1.c",
"src/crypto/evp/evp_ctx.c",
"src/crypto/evp/p_dsa_asn1.c",
"src/crypto/evp/p_ec.c",
"src/crypto/evp/p_ec_asn1.c",
"src/crypto/evp/p_ed25519.c",
"src/crypto/evp/p_ed25519_asn1.c",
"src/crypto/evp/p_rsa.c",
"src/crypto/evp/p_rsa_asn1.c",
"src/crypto/evp/p_x25519.c",
"src/crypto/evp/p_x25519_asn1.c",
"src/crypto/evp/pbkdf.c",
"src/crypto/evp/print.c",
"src/crypto/evp/scrypt.c",
"src/crypto/evp/sign.c",
"src/crypto/ex_data.c",
"src/crypto/fipsmodule/bcm.c",
"src/crypto/fipsmodule/fips_shared_support.c",
"src/crypto/fipsmodule/is_fips.c",
"src/crypto/hkdf/hkdf.c",
"src/crypto/hrss/hrss.c",
"src/crypto/lhash/lhash.c",
"src/crypto/mem.c",
"src/crypto/obj/obj.c",
"src/crypto/obj/obj_xref.c",
"src/crypto/pem/pem_all.c",
"src/crypto/pem/pem_info.c",
"src/crypto/pem/pem_lib.c",
"src/crypto/pem/pem_oth.c",
"src/crypto/pem/pem_pk8.c",
"src/crypto/pem/pem_pkey.c",
"src/crypto/pem/pem_x509.c",
"src/crypto/pem/pem_xaux.c",
"src/crypto/pkcs7/pkcs7.c",
"src/crypto/pkcs7/pkcs7_x509.c",
"src/crypto/pkcs8/p5_pbev2.c",
"src/crypto/pkcs8/pkcs8.c",
"src/crypto/pkcs8/pkcs8_x509.c",
"src/crypto/poly1305/poly1305.c",
"src/crypto/poly1305/poly1305_arm.c",
"src/crypto/poly1305/poly1305_vec.c",
"src/crypto/pool/pool.c",
"src/crypto/rand_extra/deterministic.c",
"src/crypto/rand_extra/forkunsafe.c",
"src/crypto/rand_extra/fuchsia.c",
"src/crypto/rand_extra/rand_extra.c",
"src/crypto/rand_extra/windows.c",
"src/crypto/rc4/rc4.c",
"src/crypto/refcount_c11.c",
"src/crypto/refcount_lock.c",
"src/crypto/rsa_extra/rsa_asn1.c",
"src/crypto/rsa_extra/rsa_print.c",
"src/crypto/siphash/siphash.c",
"src/crypto/stack/stack.c",
"src/crypto/thread.c",
"src/crypto/thread_none.c",
"src/crypto/thread_pthread.c",
"src/crypto/thread_win.c",
"src/crypto/x509/a_digest.c",
"src/crypto/x509/a_sign.c",
"src/crypto/x509/a_strex.c",
"src/crypto/x509/a_verify.c",
"src/crypto/x509/algorithm.c",
"src/crypto/x509/asn1_gen.c",
"src/crypto/x509/by_dir.c",
"src/crypto/x509/by_file.c",
"src/crypto/x509/i2d_pr.c",
"src/crypto/x509/rsa_pss.c",
"src/crypto/x509/t_crl.c",
"src/crypto/x509/t_req.c",
"src/crypto/x509/t_x509.c",
"src/crypto/x509/t_x509a.c",
"src/crypto/x509/x509.c",
"src/crypto/x509/x509_att.c",
"src/crypto/x509/x509_cmp.c",
"src/crypto/x509/x509_d2.c",
"src/crypto/x509/x509_def.c",
"src/crypto/x509/x509_ext.c",
"src/crypto/x509/x509_lu.c",
"src/crypto/x509/x509_obj.c",
"src/crypto/x509/x509_r2x.c",
"src/crypto/x509/x509_req.c",
"src/crypto/x509/x509_set.c",
"src/crypto/x509/x509_trs.c",
"src/crypto/x509/x509_txt.c",
"src/crypto/x509/x509_v3.c",
"src/crypto/x509/x509_vfy.c",
"src/crypto/x509/x509_vpm.c",
"src/crypto/x509/x509cset.c",
"src/crypto/x509/x509name.c",
"src/crypto/x509/x509rset.c",
"src/crypto/x509/x509spki.c",
"src/crypto/x509/x_algor.c",
"src/crypto/x509/x_all.c",
"src/crypto/x509/x_attrib.c",
"src/crypto/x509/x_crl.c",
"src/crypto/x509/x_exten.c",
"src/crypto/x509/x_info.c",
"src/crypto/x509/x_name.c",
"src/crypto/x509/x_pkey.c",
"src/crypto/x509/x_pubkey.c",
"src/crypto/x509/x_req.c",
"src/crypto/x509/x_sig.c",
"src/crypto/x509/x_spki.c",
"src/crypto/x509/x_val.c",
"src/crypto/x509/x_x509.c",
"src/crypto/x509/x_x509a.c",
"src/crypto/x509v3/pcy_cache.c",
"src/crypto/x509v3/pcy_data.c",
"src/crypto/x509v3/pcy_lib.c",
"src/crypto/x509v3/pcy_map.c",
"src/crypto/x509v3/pcy_node.c",
"src/crypto/x509v3/pcy_tree.c",
"src/crypto/x509v3/v3_akey.c",
"src/crypto/x509v3/v3_akeya.c",
"src/crypto/x509v3/v3_alt.c",
"src/crypto/x509v3/v3_bcons.c",
"src/crypto/x509v3/v3_bitst.c",
"src/crypto/x509v3/v3_conf.c",
"src/crypto/x509v3/v3_cpols.c",
"src/crypto/x509v3/v3_crld.c",
"src/crypto/x509v3/v3_enum.c",
"src/crypto/x509v3/v3_extku.c",
"src/crypto/x509v3/v3_genn.c",
"src/crypto/x509v3/v3_ia5.c",
"src/crypto/x509v3/v3_info.c",
"src/crypto/x509v3/v3_int.c",
"src/crypto/x509v3/v3_lib.c",
"src/crypto/x509v3/v3_ncons.c",
"src/crypto/x509v3/v3_ocsp.c",
"src/crypto/x509v3/v3_pci.c",
"src/crypto/x509v3/v3_pcia.c",
"src/crypto/x509v3/v3_pcons.c",
"src/crypto/x509v3/v3_pku.c",
"src/crypto/x509v3/v3_pmaps.c",
"src/crypto/x509v3/v3_prn.c",
"src/crypto/x509v3/v3_purp.c",
"src/crypto/x509v3/v3_skey.c",
"src/crypto/x509v3/v3_sxnet.c",
"src/crypto/x509v3/v3_utl.c",
"src/third_party/fiat/curve25519.c",
]
tool_sources = [
"src/tool/args.cc",
"src/tool/ciphers.cc",
"src/tool/client.cc",
"src/tool/const.cc",
"src/tool/digest.cc",
"src/tool/file.cc",
"src/tool/generate_ed25519.cc",
"src/tool/genrsa.cc",
"src/tool/pkcs12.cc",
"src/tool/rand.cc",
"src/tool/server.cc",
"src/tool/sign.cc",
"src/tool/speed.cc",
"src/tool/tool.cc",
"src/tool/transport_common.cc",
]
tool_headers = [
"src/tool/internal.h",
"src/tool/transport_common.h",
]
crypto_sources_ios_aarch64 = [
"ios-aarch64/crypto/chacha/chacha-armv8.S",
"ios-aarch64/crypto/fipsmodule/aesv8-armx64.S",
"ios-aarch64/crypto/fipsmodule/armv8-mont.S",
"ios-aarch64/crypto/fipsmodule/ghash-neon-armv8.S",
"ios-aarch64/crypto/fipsmodule/ghashv8-armx64.S",
"ios-aarch64/crypto/fipsmodule/sha1-armv8.S",
"ios-aarch64/crypto/fipsmodule/sha256-armv8.S",
"ios-aarch64/crypto/fipsmodule/sha512-armv8.S",
"ios-aarch64/crypto/fipsmodule/vpaes-armv8.S",
"ios-aarch64/crypto/test/trampoline-armv8.S",
]
crypto_sources_ios_arm = [
"ios-arm/crypto/chacha/chacha-armv4.S",
"ios-arm/crypto/fipsmodule/aesv8-armx32.S",
"ios-arm/crypto/fipsmodule/armv4-mont.S",
"ios-arm/crypto/fipsmodule/bsaes-armv7.S",
"ios-arm/crypto/fipsmodule/ghash-armv4.S",
"ios-arm/crypto/fipsmodule/ghashv8-armx32.S",
"ios-arm/crypto/fipsmodule/sha1-armv4-large.S",
"ios-arm/crypto/fipsmodule/sha256-armv4.S",
"ios-arm/crypto/fipsmodule/sha512-armv4.S",
"ios-arm/crypto/fipsmodule/vpaes-armv7.S",
"ios-arm/crypto/test/trampoline-armv4.S",
]
crypto_sources_linux_aarch64 = [
"linux-aarch64/crypto/chacha/chacha-armv8.S",
"linux-aarch64/crypto/fipsmodule/aesv8-armx64.S",
"linux-aarch64/crypto/fipsmodule/armv8-mont.S",
"linux-aarch64/crypto/fipsmodule/ghash-neon-armv8.S",
"linux-aarch64/crypto/fipsmodule/ghashv8-armx64.S",
"linux-aarch64/crypto/fipsmodule/sha1-armv8.S",
"linux-aarch64/crypto/fipsmodule/sha256-armv8.S",
"linux-aarch64/crypto/fipsmodule/sha512-armv8.S",
"linux-aarch64/crypto/fipsmodule/vpaes-armv8.S",
"linux-aarch64/crypto/test/trampoline-armv8.S",
]
crypto_sources_linux_arm = [
"linux-arm/crypto/chacha/chacha-armv4.S",
"linux-arm/crypto/fipsmodule/aesv8-armx32.S",
"linux-arm/crypto/fipsmodule/armv4-mont.S",
"linux-arm/crypto/fipsmodule/bsaes-armv7.S",
"linux-arm/crypto/fipsmodule/ghash-armv4.S",
"linux-arm/crypto/fipsmodule/ghashv8-armx32.S",
"linux-arm/crypto/fipsmodule/sha1-armv4-large.S",
"linux-arm/crypto/fipsmodule/sha256-armv4.S",
"linux-arm/crypto/fipsmodule/sha512-armv4.S",
"linux-arm/crypto/fipsmodule/vpaes-armv7.S",
"linux-arm/crypto/test/trampoline-armv4.S",
"src/crypto/curve25519/asm/x25519-asm-arm.S",
"src/crypto/poly1305/poly1305_arm_asm.S",
]
crypto_sources_linux_ppc64le = [
"linux-ppc64le/crypto/fipsmodule/aesp8-ppc.S",
"linux-ppc64le/crypto/fipsmodule/ghashp8-ppc.S",
"linux-ppc64le/crypto/test/trampoline-ppc.S",
]
crypto_sources_linux_x86 = [
"linux-x86/crypto/chacha/chacha-x86.S",
"linux-x86/crypto/fipsmodule/aesni-x86.S",
"linux-x86/crypto/fipsmodule/bn-586.S",
"linux-x86/crypto/fipsmodule/co-586.S",
"linux-x86/crypto/fipsmodule/ghash-ssse3-x86.S",
"linux-x86/crypto/fipsmodule/ghash-x86.S",
"linux-x86/crypto/fipsmodule/md5-586.S",
"linux-x86/crypto/fipsmodule/sha1-586.S",
"linux-x86/crypto/fipsmodule/sha256-586.S",
"linux-x86/crypto/fipsmodule/sha512-586.S",
"linux-x86/crypto/fipsmodule/vpaes-x86.S",
"linux-x86/crypto/fipsmodule/x86-mont.S",
"linux-x86/crypto/test/trampoline-x86.S",
]
crypto_sources_linux_x86_64 = [
"linux-x86_64/crypto/chacha/chacha-x86_64.S",
"linux-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.S",
"linux-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.S",
"linux-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S",
"linux-x86_64/crypto/fipsmodule/aesni-x86_64.S",
"linux-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S",
"linux-x86_64/crypto/fipsmodule/ghash-x86_64.S",
"linux-x86_64/crypto/fipsmodule/md5-x86_64.S",
"linux-x86_64/crypto/fipsmodule/p256-x86_64-asm.S",
"linux-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S",
"linux-x86_64/crypto/fipsmodule/rdrand-x86_64.S",
"linux-x86_64/crypto/fipsmodule/rsaz-avx2.S",
"linux-x86_64/crypto/fipsmodule/sha1-x86_64.S",
"linux-x86_64/crypto/fipsmodule/sha256-x86_64.S",
"linux-x86_64/crypto/fipsmodule/sha512-x86_64.S",
"linux-x86_64/crypto/fipsmodule/vpaes-x86_64.S",
"linux-x86_64/crypto/fipsmodule/x86_64-mont.S",
"linux-x86_64/crypto/fipsmodule/x86_64-mont5.S",
"linux-x86_64/crypto/test/trampoline-x86_64.S",
"src/crypto/hrss/asm/poly_rq_mul.S",
]
crypto_sources_mac_x86 = [
"mac-x86/crypto/chacha/chacha-x86.S",
"mac-x86/crypto/fipsmodule/aesni-x86.S",
"mac-x86/crypto/fipsmodule/bn-586.S",
"mac-x86/crypto/fipsmodule/co-586.S",
"mac-x86/crypto/fipsmodule/ghash-ssse3-x86.S",
"mac-x86/crypto/fipsmodule/ghash-x86.S",
"mac-x86/crypto/fipsmodule/md5-586.S",
"mac-x86/crypto/fipsmodule/sha1-586.S",
"mac-x86/crypto/fipsmodule/sha256-586.S",
"mac-x86/crypto/fipsmodule/sha512-586.S",
"mac-x86/crypto/fipsmodule/vpaes-x86.S",
"mac-x86/crypto/fipsmodule/x86-mont.S",
"mac-x86/crypto/test/trampoline-x86.S",
]
crypto_sources_mac_x86_64 = [
"mac-x86_64/crypto/chacha/chacha-x86_64.S",
"mac-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.S",
"mac-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.S",
"mac-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S",
"mac-x86_64/crypto/fipsmodule/aesni-x86_64.S",
"mac-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S",
"mac-x86_64/crypto/fipsmodule/ghash-x86_64.S",
"mac-x86_64/crypto/fipsmodule/md5-x86_64.S",
"mac-x86_64/crypto/fipsmodule/p256-x86_64-asm.S",
"mac-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S",
"mac-x86_64/crypto/fipsmodule/rdrand-x86_64.S",
"mac-x86_64/crypto/fipsmodule/rsaz-avx2.S",
"mac-x86_64/crypto/fipsmodule/sha1-x86_64.S",
"mac-x86_64/crypto/fipsmodule/sha256-x86_64.S",
"mac-x86_64/crypto/fipsmodule/sha512-x86_64.S",
"mac-x86_64/crypto/fipsmodule/vpaes-x86_64.S",
"mac-x86_64/crypto/fipsmodule/x86_64-mont.S",
"mac-x86_64/crypto/fipsmodule/x86_64-mont5.S",
"mac-x86_64/crypto/test/trampoline-x86_64.S",
]
crypto_sources_win_x86 = [
"win-x86/crypto/chacha/chacha-x86.asm",
"win-x86/crypto/fipsmodule/aesni-x86.asm",
"win-x86/crypto/fipsmodule/bn-586.asm",
"win-x86/crypto/fipsmodule/co-586.asm",
"win-x86/crypto/fipsmodule/ghash-ssse3-x86.asm",
"win-x86/crypto/fipsmodule/ghash-x86.asm",
"win-x86/crypto/fipsmodule/md5-586.asm",
"win-x86/crypto/fipsmodule/sha1-586.asm",
"win-x86/crypto/fipsmodule/sha256-586.asm",
"win-x86/crypto/fipsmodule/sha512-586.asm",
"win-x86/crypto/fipsmodule/vpaes-x86.asm",
"win-x86/crypto/fipsmodule/x86-mont.asm",
"win-x86/crypto/test/trampoline-x86.asm",
]
crypto_sources_win_x86_64 = [
"win-x86_64/crypto/chacha/chacha-x86_64.asm",
"win-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.asm",
"win-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.asm",
"win-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.asm",
"win-x86_64/crypto/fipsmodule/aesni-x86_64.asm",
"win-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.asm",
"win-x86_64/crypto/fipsmodule/ghash-x86_64.asm",
"win-x86_64/crypto/fipsmodule/md5-x86_64.asm",
"win-x86_64/crypto/fipsmodule/p256-x86_64-asm.asm",
"win-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.asm",
"win-x86_64/crypto/fipsmodule/rdrand-x86_64.asm",
"win-x86_64/crypto/fipsmodule/rsaz-avx2.asm",
"win-x86_64/crypto/fipsmodule/sha1-x86_64.asm",
"win-x86_64/crypto/fipsmodule/sha256-x86_64.asm",
"win-x86_64/crypto/fipsmodule/sha512-x86_64.asm",
"win-x86_64/crypto/fipsmodule/vpaes-x86_64.asm",
"win-x86_64/crypto/fipsmodule/x86_64-mont.asm",
"win-x86_64/crypto/fipsmodule/x86_64-mont5.asm",
"win-x86_64/crypto/test/trampoline-x86_64.asm",
]
BUILD.generated_tests.bzl
-277
View File
@@ -1,277 +0,0 @@
# This file is created by generate_build_files.py. Do not edit manually.
test_support_sources = [
"src/crypto/asn1/asn1_locl.h",
"src/crypto/bio/internal.h",
"src/crypto/bytestring/internal.h",
"src/crypto/chacha/internal.h",
"src/crypto/cipher_extra/internal.h",
"src/crypto/conf/conf_def.h",
"src/crypto/conf/internal.h",
"src/crypto/cpu-arm-linux.h",
"src/crypto/err/internal.h",
"src/crypto/evp/internal.h",
"src/crypto/fipsmodule/aes/internal.h",
"src/crypto/fipsmodule/bn/internal.h",
"src/crypto/fipsmodule/bn/rsaz_exp.h",
"src/crypto/fipsmodule/cipher/internal.h",
"src/crypto/fipsmodule/delocate.h",
"src/crypto/fipsmodule/des/internal.h",
"src/crypto/fipsmodule/digest/internal.h",
"src/crypto/fipsmodule/digest/md32_common.h",
"src/crypto/fipsmodule/ec/internal.h",
"src/crypto/fipsmodule/ec/p256-x86_64-table.h",
"src/crypto/fipsmodule/ec/p256-x86_64.h",
"src/crypto/fipsmodule/md5/internal.h",
"src/crypto/fipsmodule/modes/internal.h",
"src/crypto/fipsmodule/rand/internal.h",
"src/crypto/fipsmodule/rsa/internal.h",
"src/crypto/fipsmodule/sha/internal.h",
"src/crypto/fipsmodule/tls/internal.h",
"src/crypto/hrss/internal.h",
"src/crypto/internal.h",
"src/crypto/obj/obj_dat.h",
"src/crypto/pkcs7/internal.h",
"src/crypto/pkcs8/internal.h",
"src/crypto/poly1305/internal.h",
"src/crypto/pool/internal.h",
"src/crypto/test/abi_test.h",
"src/crypto/test/file_test.cc",
"src/crypto/test/file_test.h",
"src/crypto/test/gtest_main.h",
"src/crypto/test/test_util.cc",
"src/crypto/test/test_util.h",
"src/crypto/test/wycheproof_util.cc",
"src/crypto/test/wycheproof_util.h",
"src/crypto/x509/charmap.h",
"src/crypto/x509/internal.h",
"src/crypto/x509/vpm_int.h",
"src/crypto/x509v3/ext_dat.h",
"src/crypto/x509v3/internal.h",
"src/crypto/x509v3/pcy_int.h",
"src/ssl/internal.h",
"src/ssl/test/async_bio.h",
"src/ssl/test/fuzzer.h",
"src/ssl/test/fuzzer_tags.h",
"src/ssl/test/handshake_util.h",
"src/ssl/test/mock_quic_transport.h",
"src/ssl/test/packeted_bio.h",
"src/ssl/test/settings_writer.h",
"src/ssl/test/test_config.h",
"src/ssl/test/test_state.h",
"src/third_party/fiat/curve25519_32.h",
"src/third_party/fiat/curve25519_64.h",
"src/third_party/fiat/curve25519_tables.h",
"src/third_party/fiat/internal.h",
"src/third_party/fiat/p256_32.h",
"src/third_party/fiat/p256_64.h",
]
crypto_test_sources = [
"crypto_test_data.cc",
"src/crypto/abi_self_test.cc",
"src/crypto/asn1/asn1_test.cc",
"src/crypto/base64/base64_test.cc",
"src/crypto/bio/bio_test.cc",
"src/crypto/buf/buf_test.cc",
"src/crypto/bytestring/bytestring_test.cc",
"src/crypto/chacha/chacha_test.cc",
"src/crypto/cipher_extra/aead_test.cc",
"src/crypto/cipher_extra/cipher_test.cc",
"src/crypto/cmac/cmac_test.cc",
"src/crypto/compiler_test.cc",
"src/crypto/constant_time_test.cc",
"src/crypto/cpu-arm-linux_test.cc",
"src/crypto/curve25519/ed25519_test.cc",
"src/crypto/curve25519/spake25519_test.cc",
"src/crypto/curve25519/x25519_test.cc",
"src/crypto/dh/dh_test.cc",
"src/crypto/digest_extra/digest_test.cc",
"src/crypto/dsa/dsa_test.cc",
"src/crypto/ecdh_extra/ecdh_test.cc",
"src/crypto/err/err_test.cc",
"src/crypto/evp/evp_extra_test.cc",
"src/crypto/evp/evp_test.cc",
"src/crypto/evp/pbkdf_test.cc",
"src/crypto/evp/scrypt_test.cc",
"src/crypto/fipsmodule/aes/aes_test.cc",
"src/crypto/fipsmodule/bn/bn_test.cc",
"src/crypto/fipsmodule/ec/ec_test.cc",
"src/crypto/fipsmodule/ec/p256-x86_64_test.cc",
"src/crypto/fipsmodule/ecdsa/ecdsa_test.cc",
"src/crypto/fipsmodule/md5/md5_test.cc",
"src/crypto/fipsmodule/modes/gcm_test.cc",
"src/crypto/fipsmodule/rand/ctrdrbg_test.cc",
"src/crypto/fipsmodule/sha/sha_test.cc",
"src/crypto/hkdf/hkdf_test.cc",
"src/crypto/hmac_extra/hmac_test.cc",
"src/crypto/hrss/hrss_test.cc",
"src/crypto/impl_dispatch_test.cc",
"src/crypto/lhash/lhash_test.cc",
"src/crypto/obj/obj_test.cc",
"src/crypto/pem/pem_test.cc",
"src/crypto/pkcs7/pkcs7_test.cc",
"src/crypto/pkcs8/pkcs12_test.cc",
"src/crypto/pkcs8/pkcs8_test.cc",
"src/crypto/poly1305/poly1305_test.cc",
"src/crypto/pool/pool_test.cc",
"src/crypto/rand_extra/rand_test.cc",
"src/crypto/refcount_test.cc",
"src/crypto/rsa_extra/rsa_test.cc",
"src/crypto/self_test.cc",
"src/crypto/siphash/siphash_test.cc",
"src/crypto/stack/stack_test.cc",
"src/crypto/test/abi_test.cc",
"src/crypto/test/file_test_gtest.cc",
"src/crypto/test/gtest_main.cc",
"src/crypto/thread_test.cc",
"src/crypto/x509/x509_test.cc",
"src/crypto/x509/x509_time_test.cc",
"src/crypto/x509v3/tab_test.cc",
"src/crypto/x509v3/v3name_test.cc",
]
ssl_test_sources = [
"src/crypto/test/abi_test.cc",
"src/crypto/test/gtest_main.cc",
"src/ssl/span_test.cc",
"src/ssl/ssl_c_test.c",
"src/ssl/ssl_test.cc",
]
crypto_test_data = [
"src/crypto/cipher_extra/test/aes_128_cbc_sha1_tls_implicit_iv_tests.txt",
"src/crypto/cipher_extra/test/aes_128_cbc_sha1_tls_tests.txt",
"src/crypto/cipher_extra/test/aes_128_cbc_sha256_tls_tests.txt",
"src/crypto/cipher_extra/test/aes_128_ccm_bluetooth_8_tests.txt",
"src/crypto/cipher_extra/test/aes_128_ccm_bluetooth_tests.txt",
"src/crypto/cipher_extra/test/aes_128_ctr_hmac_sha256.txt",
"src/crypto/cipher_extra/test/aes_128_gcm_siv_tests.txt",
"src/crypto/cipher_extra/test/aes_128_gcm_tests.txt",
"src/crypto/cipher_extra/test/aes_192_gcm_tests.txt",
"src/crypto/cipher_extra/test/aes_256_cbc_sha1_tls_implicit_iv_tests.txt",
"src/crypto/cipher_extra/test/aes_256_cbc_sha1_tls_tests.txt",
"src/crypto/cipher_extra/test/aes_256_cbc_sha256_tls_tests.txt",
"src/crypto/cipher_extra/test/aes_256_cbc_sha384_tls_tests.txt",
"src/crypto/cipher_extra/test/aes_256_ctr_hmac_sha256.txt",
"src/crypto/cipher_extra/test/aes_256_gcm_siv_tests.txt",
"src/crypto/cipher_extra/test/aes_256_gcm_tests.txt",
"src/crypto/cipher_extra/test/chacha20_poly1305_tests.txt",
"src/crypto/cipher_extra/test/cipher_tests.txt",
"src/crypto/cipher_extra/test/des_ede3_cbc_sha1_tls_implicit_iv_tests.txt",
"src/crypto/cipher_extra/test/des_ede3_cbc_sha1_tls_tests.txt",
"src/crypto/cipher_extra/test/nist_cavp/aes_128_cbc.txt",
"src/crypto/cipher_extra/test/nist_cavp/aes_128_ctr.txt",
"src/crypto/cipher_extra/test/nist_cavp/aes_128_gcm.txt",
"src/crypto/cipher_extra/test/nist_cavp/aes_192_cbc.txt",
"src/crypto/cipher_extra/test/nist_cavp/aes_192_ctr.txt",
"src/crypto/cipher_extra/test/nist_cavp/aes_256_cbc.txt",
"src/crypto/cipher_extra/test/nist_cavp/aes_256_ctr.txt",
"src/crypto/cipher_extra/test/nist_cavp/aes_256_gcm.txt",
"src/crypto/cipher_extra/test/nist_cavp/tdes_cbc.txt",
"src/crypto/cipher_extra/test/nist_cavp/tdes_ecb.txt",
"src/crypto/cipher_extra/test/xchacha20_poly1305_tests.txt",
"src/crypto/cmac/cavp_3des_cmac_tests.txt",
"src/crypto/cmac/cavp_aes128_cmac_tests.txt",
"src/crypto/cmac/cavp_aes192_cmac_tests.txt",
"src/crypto/cmac/cavp_aes256_cmac_tests.txt",
"src/crypto/curve25519/ed25519_tests.txt",
"src/crypto/ecdh_extra/ecdh_tests.txt",
"src/crypto/evp/evp_tests.txt",
"src/crypto/evp/scrypt_tests.txt",
"src/crypto/fipsmodule/aes/aes_tests.txt",
"src/crypto/fipsmodule/bn/bn_tests.txt",
"src/crypto/fipsmodule/bn/miller_rabin_tests.txt",
"src/crypto/fipsmodule/ec/ec_scalar_base_mult_tests.txt",
"src/crypto/fipsmodule/ec/p256-x86_64_tests.txt",
"src/crypto/fipsmodule/ecdsa/ecdsa_sign_tests.txt",
"src/crypto/fipsmodule/ecdsa/ecdsa_verify_tests.txt",
"src/crypto/fipsmodule/modes/gcm_tests.txt",
"src/crypto/fipsmodule/rand/ctrdrbg_vectors.txt",
"src/crypto/hmac_extra/hmac_tests.txt",
"src/crypto/poly1305/poly1305_tests.txt",
"src/crypto/siphash/siphash_tests.txt",
"src/crypto/x509/many_constraints.pem",
"src/crypto/x509/many_names1.pem",
"src/crypto/x509/many_names2.pem",
"src/crypto/x509/many_names3.pem",
"src/crypto/x509/some_names1.pem",
"src/crypto/x509/some_names2.pem",
"src/crypto/x509/some_names3.pem",
"src/third_party/wycheproof_testvectors/aes_cbc_pkcs5_test.txt",
"src/third_party/wycheproof_testvectors/aes_cmac_test.txt",
"src/third_party/wycheproof_testvectors/aes_gcm_siv_test.txt",
"src/third_party/wycheproof_testvectors/aes_gcm_test.txt",
"src/third_party/wycheproof_testvectors/chacha20_poly1305_test.txt",
"src/third_party/wycheproof_testvectors/dsa_test.txt",
"src/third_party/wycheproof_testvectors/ecdh_secp224r1_test.txt",
"src/third_party/wycheproof_testvectors/ecdh_secp256r1_test.txt",
"src/third_party/wycheproof_testvectors/ecdh_secp384r1_test.txt",
"src/third_party/wycheproof_testvectors/ecdh_secp521r1_test.txt",
"src/third_party/wycheproof_testvectors/ecdsa_secp224r1_sha224_test.txt",
"src/third_party/wycheproof_testvectors/ecdsa_secp224r1_sha256_test.txt",
"src/third_party/wycheproof_testvectors/ecdsa_secp224r1_sha512_test.txt",
"src/third_party/wycheproof_testvectors/ecdsa_secp256r1_sha256_test.txt",
"src/third_party/wycheproof_testvectors/ecdsa_secp256r1_sha512_test.txt",
"src/third_party/wycheproof_testvectors/ecdsa_secp384r1_sha384_test.txt",
"src/third_party/wycheproof_testvectors/ecdsa_secp384r1_sha512_test.txt",
"src/third_party/wycheproof_testvectors/ecdsa_secp521r1_sha512_test.txt",
"src/third_party/wycheproof_testvectors/eddsa_test.txt",
"src/third_party/wycheproof_testvectors/hkdf_sha1_test.txt",
"src/third_party/wycheproof_testvectors/hkdf_sha256_test.txt",
"src/third_party/wycheproof_testvectors/hkdf_sha384_test.txt",
"src/third_party/wycheproof_testvectors/hkdf_sha512_test.txt",
"src/third_party/wycheproof_testvectors/hmac_sha1_test.txt",
"src/third_party/wycheproof_testvectors/hmac_sha224_test.txt",
"src/third_party/wycheproof_testvectors/hmac_sha256_test.txt",
"src/third_party/wycheproof_testvectors/hmac_sha384_test.txt",
"src/third_party/wycheproof_testvectors/hmac_sha512_test.txt",
"src/third_party/wycheproof_testvectors/kw_test.txt",
"src/third_party/wycheproof_testvectors/kwp_test.txt",
"src/third_party/wycheproof_testvectors/primality_test.txt",
"src/third_party/wycheproof_testvectors/rsa_oaep_2048_sha1_mgf1sha1_test.txt",
"src/third_party/wycheproof_testvectors/rsa_oaep_2048_sha224_mgf1sha1_test.txt",
"src/third_party/wycheproof_testvectors/rsa_oaep_2048_sha224_mgf1sha224_test.txt",
"src/third_party/wycheproof_testvectors/rsa_oaep_2048_sha256_mgf1sha1_test.txt",
"src/third_party/wycheproof_testvectors/rsa_oaep_2048_sha256_mgf1sha256_test.txt",
"src/third_party/wycheproof_testvectors/rsa_oaep_2048_sha384_mgf1sha1_test.txt",
"src/third_party/wycheproof_testvectors/rsa_oaep_2048_sha384_mgf1sha384_test.txt",
"src/third_party/wycheproof_testvectors/rsa_oaep_2048_sha512_mgf1sha1_test.txt",
"src/third_party/wycheproof_testvectors/rsa_oaep_2048_sha512_mgf1sha512_test.txt",
"src/third_party/wycheproof_testvectors/rsa_oaep_3072_sha256_mgf1sha1_test.txt",
"src/third_party/wycheproof_testvectors/rsa_oaep_3072_sha256_mgf1sha256_test.txt",
"src/third_party/wycheproof_testvectors/rsa_oaep_3072_sha512_mgf1sha1_test.txt",
"src/third_party/wycheproof_testvectors/rsa_oaep_3072_sha512_mgf1sha512_test.txt",
"src/third_party/wycheproof_testvectors/rsa_oaep_4096_sha256_mgf1sha1_test.txt",
"src/third_party/wycheproof_testvectors/rsa_oaep_4096_sha256_mgf1sha256_test.txt",
"src/third_party/wycheproof_testvectors/rsa_oaep_4096_sha512_mgf1sha1_test.txt",
"src/third_party/wycheproof_testvectors/rsa_oaep_4096_sha512_mgf1sha512_test.txt",
"src/third_party/wycheproof_testvectors/rsa_oaep_misc_test.txt",
"src/third_party/wycheproof_testvectors/rsa_pkcs1_2048_test.txt",
"src/third_party/wycheproof_testvectors/rsa_pkcs1_3072_test.txt",
"src/third_party/wycheproof_testvectors/rsa_pkcs1_4096_test.txt",
"src/third_party/wycheproof_testvectors/rsa_pss_2048_sha1_mgf1_20_test.txt",
"src/third_party/wycheproof_testvectors/rsa_pss_2048_sha256_mgf1_0_test.txt",
"src/third_party/wycheproof_testvectors/rsa_pss_2048_sha256_mgf1_32_test.txt",
"src/third_party/wycheproof_testvectors/rsa_pss_3072_sha256_mgf1_32_test.txt",
"src/third_party/wycheproof_testvectors/rsa_pss_4096_sha256_mgf1_32_test.txt",
"src/third_party/wycheproof_testvectors/rsa_pss_4096_sha512_mgf1_32_test.txt",
"src/third_party/wycheproof_testvectors/rsa_pss_misc_test.txt",
"src/third_party/wycheproof_testvectors/rsa_sig_gen_misc_test.txt",
"src/third_party/wycheproof_testvectors/rsa_signature_2048_sha224_test.txt",
"src/third_party/wycheproof_testvectors/rsa_signature_2048_sha256_test.txt",
"src/third_party/wycheproof_testvectors/rsa_signature_2048_sha384_test.txt",
"src/third_party/wycheproof_testvectors/rsa_signature_2048_sha512_test.txt",
"src/third_party/wycheproof_testvectors/rsa_signature_3072_sha256_test.txt",
"src/third_party/wycheproof_testvectors/rsa_signature_3072_sha384_test.txt",
"src/third_party/wycheproof_testvectors/rsa_signature_3072_sha512_test.txt",
"src/third_party/wycheproof_testvectors/rsa_signature_4096_sha384_test.txt",
"src/third_party/wycheproof_testvectors/rsa_signature_4096_sha512_test.txt",
"src/third_party/wycheproof_testvectors/rsa_signature_test.txt",
"src/third_party/wycheproof_testvectors/x25519_test.txt",
"src/third_party/wycheproof_testvectors/xchacha20_poly1305_test.txt",
]
urandom_test_sources = [
"src/crypto/fipsmodule/rand/urandom_test.cc",
]
BUILDING.md
+161
View File
@@ -0,0 +1,161 @@
# Building BoringSSL
## Build Prerequisites
* [CMake](https://cmake.org/download/) 2.8.11 or later is required.
* Perl 5.6.1 or later is required. On Windows,
[Active State Perl](http://www.activestate.com/activeperl/) has been
reported to work, as has MSYS Perl.
[Strawberry Perl](http://strawberryperl.com/) also works but it adds GCC
to `PATH`, which can confuse some build tools when identifying the compiler
(removing `C:\Strawberry\c\bin` from `PATH` should resolve any problems).
If Perl is not found by CMake, it may be configured explicitly by setting
`PERL_EXECUTABLE`.
* On Windows you currently must use [Ninja](https://ninja-build.org/)
to build; on other platforms, it is not required, but recommended, because
it makes builds faster.
* If you need to build Ninja from source, then a recent version of
[Python](https://www.python.org/downloads/) is required (Python 2.7.5 works).
* On Windows only, [Yasm](http://yasm.tortall.net/) is required. If not found
by CMake, it may be configured explicitly by setting
`CMAKE_ASM_NASM_COMPILER`.
* A C compiler is required. On Windows, MSVC 14 (Visual Studio 2015) or later
with Platform SDK 8.1 or later are supported. Recent versions of GCC (4.8+)
and Clang should work on non-Windows platforms, and maybe on Windows too.
To build the tests, you also need a C++ compiler with C++11 support.
* [Go](https://golang.org/dl/) is required. If not found by CMake, the go
executable may be configured explicitly by setting `GO_EXECUTABLE`.
* To build the x86 and x86\_64 assembly, your assembler must support AVX2
instructions and MOVBE. If using GNU binutils, you must have 2.22 or later
## Building
Using Ninja (note the 'N' is capitalized in the cmake invocation):
mkdir build
cd build
cmake -GNinja ..
ninja
Using Make (does not work on Windows):
mkdir build
cd build
cmake ..
make
You usually don't need to run `cmake` again after changing `CMakeLists.txt`
files because the build scripts will detect changes to them and rebuild
themselves automatically.
Note that the default build flags in the top-level `CMakeLists.txt` are for
debugging—optimisation isn't enabled. Pass `-DCMAKE_BUILD_TYPE=Release` to
`cmake` to configure a release build.
If you want to cross-compile then there is an example toolchain file for 32-bit
Intel in `util/`. Wipe out the build directory, recreate it and run `cmake` like
this:
cmake -DCMAKE_TOOLCHAIN_FILE=../util/32-bit-toolchain.cmake -GNinja ..
If you want to build as a shared library, pass `-DBUILD_SHARED_LIBS=1`. On
Windows, where functions need to be tagged with `dllimport` when coming from a
shared library, define `BORINGSSL_SHARED_LIBRARY` in any code which `#include`s
the BoringSSL headers.
In order to serve environments where code-size is important as well as those
where performance is the overriding concern, `OPENSSL_SMALL` can be defined to
remove some code that is especially large.
See [CMake's documentation](https://cmake.org/cmake/help/v3.4/manual/cmake-variables.7.html)
for other variables which may be used to configure the build.
### Building for Android
It's possible to build BoringSSL with the Android NDK using CMake. Recent
versions of the NDK include a CMake toolchain file which works with CMake 3.6.0
or later. This has been tested with version r16b of the NDK.
Unpack the Android NDK somewhere and export `ANDROID_NDK` to point to the
directory. Then make a build directory as above and run CMake like this:
cmake -DANDROID_ABI=armeabi-v7a \
-DCMAKE_TOOLCHAIN_FILE=${ANDROID_NDK}/build/cmake/android.toolchain.cmake \
-DANDROID_NATIVE_API_LEVEL=16 \
-GNinja ..
Once you've run that, Ninja should produce Android-compatible binaries. You
can replace `armeabi-v7a` in the above with `arm64-v8a` and use API level 21 or
higher to build aarch64 binaries.
For older NDK versions, BoringSSL ships a third-party CMake toolchain file. Use
`../third_party/android-cmake/android.toolchain.cmake` for
`CMAKE_TOOLCHAIN_FILE` instead.
For other options, see the documentation in the toolchain file.
### Building for iOS
To build for iOS, pass `-DCMAKE_OSX_SYSROOT=iphoneos` and
`-DCMAKE_OSX_ARCHITECTURES=ARCH` to CMake, where `ARCH` is the desired
architecture, matching values used in the `-arch` flag in Apple's toolchain.
Passing multiple architectures for a multiple-architecture build is not
supported.
## Known Limitations on Windows
* Versions of CMake since 3.0.2 have a bug in its Ninja generator that causes
yasm to output warnings
yasm: warning: can open only one input file, only the last file will be processed
These warnings can be safely ignored. The cmake bug is
http://www.cmake.org/Bug/view.php?id=15253.
* CMake can generate Visual Studio projects, but the generated project files
don't have steps for assembling the assembly language source files, so they
currently cannot be used to build BoringSSL.
## Embedded ARM
ARM, unlike Intel, does not have an instruction that allows applications to
discover the capabilities of the processor. Instead, the capability information
has to be provided by the operating system somehow.
By default, on Linux-based systems, BoringSSL will try to use `getauxval` and
`/proc` to discover the capabilities. But some environments don't support that
sort of thing and, for them, it's possible to configure the CPU capabilities at
compile time.
On iOS or builds which define `OPENSSL_STATIC_ARMCAP`, features will be
determined based on the `__ARM_NEON__` and `__ARM_FEATURE_CRYPTO` preprocessor
symbols reported by the compiler. These values are usually controlled by the
`-march` flag. You can also define any of the following to enable the
corresponding ARM feature.
* `OPENSSL_STATIC_ARMCAP_NEON`
* `OPENSSL_STATIC_ARMCAP_AES`
* `OPENSSL_STATIC_ARMCAP_SHA1`
* `OPENSSL_STATIC_ARMCAP_SHA256`
* `OPENSSL_STATIC_ARMCAP_PMULL`
Note that if a feature is enabled in this way, but not actually supported at
run-time, BoringSSL will likely crash.
# Running tests
There are two sets of tests: the C/C++ tests and the blackbox tests. For former
are built by Ninja and can be run from the top-level directory with `go run
util/all_tests.go`. The latter have to be run separately by running `go test`
from within `ssl/test/runner`.
Both sets of tests may also be run with `ninja -C build run_tests`, but CMake
3.2 or later is required to avoid Ninja's output buffering.
CMakeLists.txt
+344 -577
View File
@@ -1,25 +1,199 @@
# Copyright (c) 2019 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
cmake_minimum_required (VERSION 2.8.11)
# This file is created by generate_build_files.py. Do not edit manually.
# Report AppleClang separately from Clang. Their version numbers are different.
# https://cmake.org/cmake/help/v3.0/policy/CMP0025.html
if(POLICY CMP0025)
cmake_policy(SET CMP0025 NEW)
endif()
cmake_minimum_required(VERSION 3.0)
# Defer enabling C and CXX languages.
project (BoringSSL NONE)
project(BoringSSL LANGUAGES C CXX)
if(WIN32)
# On Windows, prefer cl over gcc if both are available. By default most of
# the CMake generators prefer gcc, even on Windows.
set(CMAKE_GENERATOR_CC cl)
endif()
include(sources.cmake)
enable_language(C)
enable_language(CXX)
if(ANDROID)
# Android-NDK CMake files reconfigure the path and so Go and Perl won't be
# found. However, ninja will still find them in $PATH if we just name them.
if(NOT PERL_EXECUTABLE)
set(PERL_EXECUTABLE "perl")
endif()
if(NOT GO_EXECUTABLE)
set(GO_EXECUTABLE "go")
endif()
else()
find_package(Perl REQUIRED)
find_program(GO_EXECUTABLE go)
endif()
if (NOT GO_EXECUTABLE)
message(FATAL_ERROR "Could not find Go")
endif()
if (BORINGSSL_ALLOW_CXX_RUNTIME)
add_definitions(-DBORINGSSL_ALLOW_CXX_RUNTIME)
endif()
if(CMAKE_CXX_COMPILER_ID MATCHES "Clang")
set(CLANG 1)
endif()
if(CMAKE_COMPILER_IS_GNUCXX OR CLANG)
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11 -fvisibility=hidden -fno-common -fno-exceptions -fno-rtti")
if(APPLE)
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -stdlib=libc++")
# Note clang-cl is odd and sets both CLANG and MSVC. We base our configuration
# primarily on our normal Clang one.
set(C_CXX_FLAGS "-Werror -Wformat=2 -Wsign-compare -Wmissing-field-initializers -Wwrite-strings")
if(MSVC)
# clang-cl sets different default warnings than clang. It also treats -Wall
# as -Weverything, to match MSVC. Instead -W3 is the alias for -Wall.
# See http://llvm.org/viewvc/llvm-project?view=revision&revision=319116
set(C_CXX_FLAGS "${C_CXX_FLAGS} -W3 -Wno-unused-parameter -fmsc-version=1900")
# googletest suppresses warning C4996 via a pragma, but clang-cl does not
# honor it. Suppress it here to compensate. See https://crbug.com/772117.
set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wno-deprecated-declarations")
else()
set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wall -ggdb -fvisibility=hidden -fno-common")
endif()
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fvisibility=hidden -fno-common")
if((CMAKE_C_COMPILER_VERSION VERSION_GREATER "4.8.99") OR CLANG)
if(CLANG)
set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wnewline-eof -fcolor-diagnostics")
else()
# GCC (at least 4.8.4) has a bug where it'll find unreachable free() calls
# and declare that the code is trying to free a stack pointer.
set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wno-free-nonheap-object")
endif()
if(CMAKE_CXX_COMPILER_ID STREQUAL "Clang" AND
NOT "6.0.0" VERSION_GREATER CMAKE_C_COMPILER_VERSION)
# Clang's -Wtautological-constant-compare is far too aggressive and does not
# account for, say, wanting the same code to work on both 32-bit and 64-bit
# platforms.
#
# Note "Clang" and "AppleClang" version differently, so we check for an
# exact match on the COMPILER_ID. As of writing, the warning is not in any
# release of AppleClang yet.
set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wno-tautological-constant-compare -Wtautological-constant-out-of-range-compare")
endif()
if(CLANG OR NOT "7.0.0" VERSION_GREATER CMAKE_C_COMPILER_VERSION)
set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wimplicit-fallthrough")
endif()
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${C_CXX_FLAGS} -Wmissing-prototypes -Wold-style-definition -Wstrict-prototypes")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${C_CXX_FLAGS} -Wmissing-declarations")
if(NOT MSVC)
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11")
if(APPLE)
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -stdlib=libc++")
endif()
if(NOT BORINGSSL_ALLOW_CXX_RUNTIME)
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fno-exceptions -fno-rtti")
endif()
endif()
# In GCC, -Wmissing-declarations is the C++ spelling of -Wmissing-prototypes
# and using the wrong one is an error. In Clang, -Wmissing-prototypes is the
# spelling for both and -Wmissing-declarations is some other warning.
#
# https://gcc.gnu.org/onlinedocs/gcc-7.1.0/gcc/Warning-Options.html#Warning-Options
# https://clang.llvm.org/docs/DiagnosticsReference.html#wmissing-prototypes
# https://clang.llvm.org/docs/DiagnosticsReference.html#wmissing-declarations
if(CLANG)
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wmissing-prototypes")
endif()
if(CMAKE_COMPILER_IS_GNUCXX AND "4.8" VERSION_GREATER CMAKE_C_COMPILER_VERSION)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-array-bounds")
endif()
elseif(MSVC)
set(MSVC_DISABLED_WARNINGS_LIST
"C4061" # enumerator 'identifier' in switch of enum 'enumeration' is not
# explicitly handled by a case label
# Disable this because it flags even when there is a default.
"C4100" # 'exarg' : unreferenced formal parameter
"C4127" # conditional expression is constant
"C4200" # nonstandard extension used : zero-sized array in
# struct/union.
"C4204" # nonstandard extension used: non-constant aggregate initializer
"C4221" # nonstandard extension used : 'identifier' : cannot be
# initialized using address of automatic variable
"C4242" # 'function' : conversion from 'int' to 'uint8_t',
# possible loss of data
"C4244" # 'function' : conversion from 'int' to 'uint8_t',
# possible loss of data
"C4267" # conversion from 'size_t' to 'int', possible loss of data
"C4371" # layout of class may have changed from a previous version of the
# compiler due to better packing of member '...'
"C4388" # signed/unsigned mismatch
"C4296" # '>=' : expression is always true
"C4350" # behavior change: 'std::_Wrap_alloc...'
"C4365" # '=' : conversion from 'size_t' to 'int',
# signed/unsigned mismatch
"C4389" # '!=' : signed/unsigned mismatch
"C4464" # relative include path contains '..'
"C4510" # 'argument' : default constructor could not be generated
"C4512" # 'argument' : assignment operator could not be generated
"C4514" # 'function': unreferenced inline function has been removed
"C4548" # expression before comma has no effect; expected expression with
# side-effect" caused by FD_* macros.
"C4610" # struct 'argument' can never be instantiated - user defined
# constructor required.
"C4623" # default constructor was implicitly defined as deleted
"C4625" # copy constructor could not be generated because a base class
# copy constructor is inaccessible or deleted
"C4626" # assignment operator could not be generated because a base class
# assignment operator is inaccessible or deleted
"C4668" # 'symbol' is not defined as a preprocessor macro, replacing with
# '0' for 'directives'
# Disable this because GTest uses it everywhere.
"C4706" # assignment within conditional expression
"C4710" # 'function': function not inlined
"C4711" # function 'function' selected for inline expansion
"C4800" # 'int' : forcing value to bool 'true' or 'false'
# (performance warning)
"C4820" # 'bytes' bytes padding added after construct 'member_name'
"C5026" # move constructor was implicitly defined as deleted
"C5027" # move assignment operator was implicitly defined as deleted
)
set(MSVC_LEVEL4_WARNINGS_LIST
# See https://connect.microsoft.com/VisualStudio/feedback/details/1217660/warning-c4265-when-using-functional-header
"C4265" # class has virtual functions, but destructor is not virtual
)
string(REPLACE "C" " -wd" MSVC_DISABLED_WARNINGS_STR
${MSVC_DISABLED_WARNINGS_LIST})
string(REPLACE "C" " -w4" MSVC_LEVEL4_WARNINGS_STR
${MSVC_LEVEL4_WARNINGS_LIST})
set(CMAKE_C_FLAGS "-Wall -WX ${MSVC_DISABLED_WARNINGS_STR} ${MSVC_LEVEL4_WARNINGS_STR}")
set(CMAKE_CXX_FLAGS "-Wall -WX ${MSVC_DISABLED_WARNINGS_STR} ${MSVC_LEVEL4_WARNINGS_STR}")
endif()
if(WIN32)
add_definitions(-D_HAS_EXCEPTIONS=0)
add_definitions(-DWIN32_LEAN_AND_MEAN)
add_definitions(-DNOMINMAX)
# Allow use of fopen.
add_definitions(-D_CRT_SECURE_NO_WARNINGS)
# VS 2017 and higher supports STL-only warning suppressions.
add_definitions("-D_STL_EXTRA_DISABLED_WARNINGS=4774 4987")
endif()
if((CMAKE_COMPILER_IS_GNUCXX AND CMAKE_C_COMPILER_VERSION VERSION_GREATER "4.7.99") OR
CLANG)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wshadow")
endif()
if(CMAKE_COMPILER_IS_GNUCXX)
if ((CMAKE_C_COMPILER_VERSION VERSION_GREATER "4.8.99") OR CLANG)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=c11")
else()
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=c99")
@@ -31,614 +205,207 @@ if(NOT WIN32)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_XOPEN_SOURCE=700")
endif()
if(WIN32)
add_definitions(-D_HAS_EXCEPTIONS=0)
add_definitions(-DWIN32_LEAN_AND_MEAN)
add_definitions(-DNOMINMAX)
# Allow use of fopen.
add_definitions(-D_CRT_SECURE_NO_WARNINGS)
# VS 2017 and higher supports STL-only warning suppressions.
# A bug in CMake < 3.13.0 may cause the space in this value to
# cause issues when building with NASM. In that case, update CMake.
add_definitions("-D_STL_EXTRA_DISABLED_WARNINGS=4774 4987")
if(FUZZ)
if(NOT CLANG)
message(FATAL_ERROR "You need to build with Clang for fuzzing to work")
endif()
add_definitions(-DBORINGSSL_UNSAFE_DETERMINISTIC_MODE)
set(RUNNER_ARGS "-deterministic")
if(NOT NO_FUZZER_MODE)
add_definitions(-DBORINGSSL_UNSAFE_FUZZER_MODE)
set(RUNNER_ARGS ${RUNNER_ARGS} "-fuzzer" "-shim-config" "fuzzer_mode.json")
endif()
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address -fsanitize-coverage=edge,indirect-calls,trace-pc-guard")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address -fsanitize-coverage=edge,indirect-calls,trace-pc-guard")
set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address")
link_directories(.)
endif()
add_definitions(-DBORINGSSL_IMPLEMENTATION)
if (BUILD_SHARED_LIBS)
add_definitions(-DBORINGSSL_SHARED_LIBRARY)
# Enable position-independent code globally. This is needed because
# some library targets are OBJECT libraries.
set(CMAKE_POSITION_INDEPENDENT_CODE TRUE)
endif()
if (MSAN)
if(NOT CLANG)
message(FATAL_ERROR "Cannot enable MSAN unless using Clang")
endif()
if (ASAN)
message(FATAL_ERROR "ASAN and MSAN are mutually exclusive")
endif()
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer")
set(OPENSSL_NO_ASM "1")
endif()
if (ASAN)
if(NOT CLANG)
message(FATAL_ERROR "Cannot enable ASAN unless using Clang")
endif()
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address -fsanitize-address-use-after-scope -fno-omit-frame-pointer")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address -fsanitize-address-use-after-scope -fno-omit-frame-pointer")
set(OPENSSL_NO_ASM "1")
endif()
if(CFI)
if(NOT CLANG)
message(FATAL_ERROR "Cannot enable CFI unless using Clang")
endif()
# TODO(crbug.com/785442): Remove -fsanitize-cfi-icall-generalize-pointers.
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=cfi -fno-sanitize-trap=cfi -fsanitize-cfi-icall-generalize-pointers -flto")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=cfi -fno-sanitize-trap=cfi -fsanitize-cfi-icall-generalize-pointers -flto")
# We use Chromium's copy of clang, which requires -fuse-ld=lld if building
# with -flto. That, in turn, can't handle -ggdb.
set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fuse-ld=lld")
string(REPLACE "-ggdb" "-g" CMAKE_C_FLAGS "${CMAKE_C_FLAGS}")
string(REPLACE "-ggdb" "-g" CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}")
# -flto causes object files to contain LLVM bitcode. Mixing those with
# assembly output in the same static library breaks the linker.
set(OPENSSL_NO_ASM "1")
endif()
if (GCOV)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fprofile-arcs -ftest-coverage")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fprofile-arcs -ftest-coverage")
endif()
if(FIPS)
add_definitions(-DBORINGSSL_FIPS)
if(FIPS_BREAK_TEST)
add_definitions("-DBORINGSSL_FIPS_BREAK_${FIPS_BREAK_TEST}=1")
endif()
# Delocate does not work for ASan and MSan builds.
if(NOT ASAN AND NOT MSAN)
set(FIPS_DELOCATE "1")
endif()
endif()
# CMake's iOS support uses Apple's multiple-architecture toolchain. It takes an
# architecture list from CMAKE_OSX_ARCHITECTURES, leaves CMAKE_SYSTEM_PROCESSOR
# alone, and expects all architecture-specific logic to be conditioned within
# the source files rather than the build. This does not work for our assembly
# files, so we fix CMAKE_SYSTEM_PROCESSOR and only support single-architecture
# builds.
if(NOT OPENSSL_NO_ASM AND CMAKE_OSX_ARCHITECTURES)
if (NOT OPENSSL_NO_ASM AND CMAKE_OSX_ARCHITECTURES)
list(LENGTH CMAKE_OSX_ARCHITECTURES NUM_ARCHES)
if(NOT ${NUM_ARCHES} EQUAL 1)
if (NOT ${NUM_ARCHES} EQUAL 1)
message(FATAL_ERROR "Universal binaries not supported.")
endif()
list(GET CMAKE_OSX_ARCHITECTURES 0 CMAKE_SYSTEM_PROCESSOR)
endif()
if(OPENSSL_NO_ASM)
if (OPENSSL_NO_ASM)
add_definitions(-DOPENSSL_NO_ASM)
set(ARCH "generic")
elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "x86_64")
elseif (${CMAKE_SYSTEM_PROCESSOR} STREQUAL "x86_64")
set(ARCH "x86_64")
elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "amd64")
elseif (${CMAKE_SYSTEM_PROCESSOR} STREQUAL "amd64")
set(ARCH "x86_64")
elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "AMD64")
elseif (${CMAKE_SYSTEM_PROCESSOR} STREQUAL "AMD64")
# cmake reports AMD64 on Windows, but we might be building for 32-bit.
if(CMAKE_CL_64)
if (CMAKE_CL_64)
set(ARCH "x86_64")
else()
set(ARCH "x86")
endif()
elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "x86")
elseif (${CMAKE_SYSTEM_PROCESSOR} STREQUAL "x86")
set(ARCH "x86")
elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "i386")
elseif (${CMAKE_SYSTEM_PROCESSOR} STREQUAL "i386")
set(ARCH "x86")
elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "i686")
elseif (${CMAKE_SYSTEM_PROCESSOR} STREQUAL "i686")
set(ARCH "x86")
elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "aarch64")
elseif (${CMAKE_SYSTEM_PROCESSOR} STREQUAL "aarch64")
set(ARCH "aarch64")
elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "arm64")
elseif (${CMAKE_SYSTEM_PROCESSOR} STREQUAL "arm64")
set(ARCH "aarch64")
# Apple A12 Bionic chipset which is added in iPhone XS/XS Max/XR uses arm64e architecture.
elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "arm64e")
set(ARCH "aarch64")
elseif(${CMAKE_SYSTEM_PROCESSOR} MATCHES "^arm*")
elseif (${CMAKE_SYSTEM_PROCESSOR} MATCHES "^arm*")
set(ARCH "arm")
elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "mips")
elseif (${CMAKE_SYSTEM_PROCESSOR} STREQUAL "mips")
# Just to avoid the “unknown processor” error.
set(ARCH "generic")
elseif(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "ppc64le")
elseif (${CMAKE_SYSTEM_PROCESSOR} STREQUAL "ppc64le")
set(ARCH "ppc64le")
else()
message(FATAL_ERROR "Unknown processor:" ${CMAKE_SYSTEM_PROCESSOR})
endif()
if(NOT OPENSSL_NO_ASM)
if(UNIX)
enable_language(ASM)
if (ANDROID AND NOT ANDROID_NDK_REVISION AND ${ARCH} STREQUAL "arm")
# The third-party Android-NDK CMake files somehow fail to set the -march flag
# for assembly files. Without this flag, the compiler believes that it's
# building for ARMv5.
set(CMAKE_ASM_FLAGS "-march=${CMAKE_SYSTEM_PROCESSOR} ${CMAKE_ASM_FLAGS}")
endif()
# Clang's integerated assembler does not support debug symbols.
if(NOT CMAKE_ASM_COMPILER_ID MATCHES "Clang")
set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,-g")
endif()
if (${ARCH} STREQUAL "x86" AND APPLE AND ${CMAKE_VERSION} VERSION_LESS "3.0")
# With CMake 2.8.x, ${CMAKE_SYSTEM_PROCESSOR} evalutes to i386 on OS X,
# but clang defaults to 64-bit builds on OS X unless otherwise told.
# Set ARCH to x86_64 so clang and CMake agree. This is fixed in CMake 3.
set(ARCH "x86_64")
endif()
# CMake does not add -isysroot and -arch flags to assembly.
if(APPLE)
if(CMAKE_OSX_SYSROOT)
set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -isysroot \"${CMAKE_OSX_SYSROOT}\"")
endif()
foreach(arch ${CMAKE_OSX_ARCHITECTURES})
set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -arch ${arch}")
endforeach()
endif()
else()
set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -gcv8")
enable_language(ASM_NASM)
# Add minimal googletest targets. The provided one has many side-effects, and
# googletest has a very straightforward build.
add_library(boringssl_gtest third_party/googletest/src/gtest-all.cc)
target_include_directories(boringssl_gtest PRIVATE third_party/googletest)
include_directories(third_party/googletest/include)
# Declare a dummy target to build all unit tests. Test targets should inject
# themselves as dependencies next to the target definition.
add_custom_target(all_tests)
add_custom_command(
OUTPUT crypto_test_data.cc
COMMAND ${GO_EXECUTABLE} run util/embed_test_data.go ${CRYPTO_TEST_DATA} >
${CMAKE_CURRENT_BINARY_DIR}/crypto_test_data.cc
DEPENDS util/embed_test_data.go ${CRYPTO_TEST_DATA}
WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
add_library(crypto_test_data OBJECT crypto_test_data.cc)
add_subdirectory(crypto)
add_subdirectory(third_party/fiat)
add_subdirectory(ssl)
add_subdirectory(ssl/test)
add_subdirectory(fipstools)
add_subdirectory(tool)
add_subdirectory(decrepit)
if(FUZZ)
if(LIBFUZZER_FROM_DEPS)
file(GLOB LIBFUZZER_SOURCES "util/bot/libFuzzer/*.cpp")
add_library(Fuzzer STATIC ${LIBFUZZER_SOURCES})
# libFuzzer does not pass our aggressive warnings. It also must be built
# without -fsanitize-coverage options or clang crashes.
set_target_properties(Fuzzer PROPERTIES COMPILE_FLAGS "-Wno-shadow -Wno-format-nonliteral -Wno-missing-prototypes -fsanitize-coverage=0")
endif()
add_subdirectory(fuzz)
endif()
if(BUILD_SHARED_LIBS)
add_definitions(-DBORINGSSL_SHARED_LIBRARY)
# Enable position-independent code globally. This is needed because
# some library targets are OBJECT libraries.
set(CMAKE_POSITION_INDEPENDENT_CODE TRUE)
endif()
include_directories(src/include)
set(
CRYPTO_ios_aarch64_SOURCES
ios-aarch64/crypto/chacha/chacha-armv8.S
ios-aarch64/crypto/fipsmodule/aesv8-armx64.S
ios-aarch64/crypto/fipsmodule/armv8-mont.S
ios-aarch64/crypto/fipsmodule/ghash-neon-armv8.S
ios-aarch64/crypto/fipsmodule/ghashv8-armx64.S
ios-aarch64/crypto/fipsmodule/sha1-armv8.S
ios-aarch64/crypto/fipsmodule/sha256-armv8.S
ios-aarch64/crypto/fipsmodule/sha512-armv8.S
ios-aarch64/crypto/fipsmodule/vpaes-armv8.S
ios-aarch64/crypto/test/trampoline-armv8.S
)
set(
CRYPTO_ios_arm_SOURCES
ios-arm/crypto/chacha/chacha-armv4.S
ios-arm/crypto/fipsmodule/aesv8-armx32.S
ios-arm/crypto/fipsmodule/armv4-mont.S
ios-arm/crypto/fipsmodule/bsaes-armv7.S
ios-arm/crypto/fipsmodule/ghash-armv4.S
ios-arm/crypto/fipsmodule/ghashv8-armx32.S
ios-arm/crypto/fipsmodule/sha1-armv4-large.S
ios-arm/crypto/fipsmodule/sha256-armv4.S
ios-arm/crypto/fipsmodule/sha512-armv4.S
ios-arm/crypto/fipsmodule/vpaes-armv7.S
ios-arm/crypto/test/trampoline-armv4.S
)
set(
CRYPTO_linux_aarch64_SOURCES
linux-aarch64/crypto/chacha/chacha-armv8.S
linux-aarch64/crypto/fipsmodule/aesv8-armx64.S
linux-aarch64/crypto/fipsmodule/armv8-mont.S
linux-aarch64/crypto/fipsmodule/ghash-neon-armv8.S
linux-aarch64/crypto/fipsmodule/ghashv8-armx64.S
linux-aarch64/crypto/fipsmodule/sha1-armv8.S
linux-aarch64/crypto/fipsmodule/sha256-armv8.S
linux-aarch64/crypto/fipsmodule/sha512-armv8.S
linux-aarch64/crypto/fipsmodule/vpaes-armv8.S
linux-aarch64/crypto/test/trampoline-armv8.S
)
set(
CRYPTO_linux_arm_SOURCES
linux-arm/crypto/chacha/chacha-armv4.S
linux-arm/crypto/fipsmodule/aesv8-armx32.S
linux-arm/crypto/fipsmodule/armv4-mont.S
linux-arm/crypto/fipsmodule/bsaes-armv7.S
linux-arm/crypto/fipsmodule/ghash-armv4.S
linux-arm/crypto/fipsmodule/ghashv8-armx32.S
linux-arm/crypto/fipsmodule/sha1-armv4-large.S
linux-arm/crypto/fipsmodule/sha256-armv4.S
linux-arm/crypto/fipsmodule/sha512-armv4.S
linux-arm/crypto/fipsmodule/vpaes-armv7.S
linux-arm/crypto/test/trampoline-armv4.S
src/crypto/curve25519/asm/x25519-asm-arm.S
src/crypto/poly1305/poly1305_arm_asm.S
)
set(
CRYPTO_linux_ppc64le_SOURCES
linux-ppc64le/crypto/fipsmodule/aesp8-ppc.S
linux-ppc64le/crypto/fipsmodule/ghashp8-ppc.S
linux-ppc64le/crypto/test/trampoline-ppc.S
)
set(
CRYPTO_linux_x86_SOURCES
linux-x86/crypto/chacha/chacha-x86.S
linux-x86/crypto/fipsmodule/aesni-x86.S
linux-x86/crypto/fipsmodule/bn-586.S
linux-x86/crypto/fipsmodule/co-586.S
linux-x86/crypto/fipsmodule/ghash-ssse3-x86.S
linux-x86/crypto/fipsmodule/ghash-x86.S
linux-x86/crypto/fipsmodule/md5-586.S
linux-x86/crypto/fipsmodule/sha1-586.S
linux-x86/crypto/fipsmodule/sha256-586.S
linux-x86/crypto/fipsmodule/sha512-586.S
linux-x86/crypto/fipsmodule/vpaes-x86.S
linux-x86/crypto/fipsmodule/x86-mont.S
linux-x86/crypto/test/trampoline-x86.S
)
set(
CRYPTO_linux_x86_64_SOURCES
linux-x86_64/crypto/chacha/chacha-x86_64.S
linux-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.S
linux-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.S
linux-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S
linux-x86_64/crypto/fipsmodule/aesni-x86_64.S
linux-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S
linux-x86_64/crypto/fipsmodule/ghash-x86_64.S
linux-x86_64/crypto/fipsmodule/md5-x86_64.S
linux-x86_64/crypto/fipsmodule/p256-x86_64-asm.S
linux-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S
linux-x86_64/crypto/fipsmodule/rdrand-x86_64.S
linux-x86_64/crypto/fipsmodule/rsaz-avx2.S
linux-x86_64/crypto/fipsmodule/sha1-x86_64.S
linux-x86_64/crypto/fipsmodule/sha256-x86_64.S
linux-x86_64/crypto/fipsmodule/sha512-x86_64.S
linux-x86_64/crypto/fipsmodule/vpaes-x86_64.S
linux-x86_64/crypto/fipsmodule/x86_64-mont.S
linux-x86_64/crypto/fipsmodule/x86_64-mont5.S
linux-x86_64/crypto/test/trampoline-x86_64.S
src/crypto/hrss/asm/poly_rq_mul.S
)
set(
CRYPTO_mac_x86_SOURCES
mac-x86/crypto/chacha/chacha-x86.S
mac-x86/crypto/fipsmodule/aesni-x86.S
mac-x86/crypto/fipsmodule/bn-586.S
mac-x86/crypto/fipsmodule/co-586.S
mac-x86/crypto/fipsmodule/ghash-ssse3-x86.S
mac-x86/crypto/fipsmodule/ghash-x86.S
mac-x86/crypto/fipsmodule/md5-586.S
mac-x86/crypto/fipsmodule/sha1-586.S
mac-x86/crypto/fipsmodule/sha256-586.S
mac-x86/crypto/fipsmodule/sha512-586.S
mac-x86/crypto/fipsmodule/vpaes-x86.S
mac-x86/crypto/fipsmodule/x86-mont.S
mac-x86/crypto/test/trampoline-x86.S
)
set(
CRYPTO_mac_x86_64_SOURCES
mac-x86_64/crypto/chacha/chacha-x86_64.S
mac-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.S
mac-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.S
mac-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S
mac-x86_64/crypto/fipsmodule/aesni-x86_64.S
mac-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S
mac-x86_64/crypto/fipsmodule/ghash-x86_64.S
mac-x86_64/crypto/fipsmodule/md5-x86_64.S
mac-x86_64/crypto/fipsmodule/p256-x86_64-asm.S
mac-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S
mac-x86_64/crypto/fipsmodule/rdrand-x86_64.S
mac-x86_64/crypto/fipsmodule/rsaz-avx2.S
mac-x86_64/crypto/fipsmodule/sha1-x86_64.S
mac-x86_64/crypto/fipsmodule/sha256-x86_64.S
mac-x86_64/crypto/fipsmodule/sha512-x86_64.S
mac-x86_64/crypto/fipsmodule/vpaes-x86_64.S
mac-x86_64/crypto/fipsmodule/x86_64-mont.S
mac-x86_64/crypto/fipsmodule/x86_64-mont5.S
mac-x86_64/crypto/test/trampoline-x86_64.S
)
set(
CRYPTO_win_x86_SOURCES
win-x86/crypto/chacha/chacha-x86.asm
win-x86/crypto/fipsmodule/aesni-x86.asm
win-x86/crypto/fipsmodule/bn-586.asm
win-x86/crypto/fipsmodule/co-586.asm
win-x86/crypto/fipsmodule/ghash-ssse3-x86.asm
win-x86/crypto/fipsmodule/ghash-x86.asm
win-x86/crypto/fipsmodule/md5-586.asm
win-x86/crypto/fipsmodule/sha1-586.asm
win-x86/crypto/fipsmodule/sha256-586.asm
win-x86/crypto/fipsmodule/sha512-586.asm
win-x86/crypto/fipsmodule/vpaes-x86.asm
win-x86/crypto/fipsmodule/x86-mont.asm
win-x86/crypto/test/trampoline-x86.asm
)
set(
CRYPTO_win_x86_64_SOURCES
win-x86_64/crypto/chacha/chacha-x86_64.asm
win-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.asm
win-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.asm
win-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.asm
win-x86_64/crypto/fipsmodule/aesni-x86_64.asm
win-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.asm
win-x86_64/crypto/fipsmodule/ghash-x86_64.asm
win-x86_64/crypto/fipsmodule/md5-x86_64.asm
win-x86_64/crypto/fipsmodule/p256-x86_64-asm.asm
win-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.asm
win-x86_64/crypto/fipsmodule/rdrand-x86_64.asm
win-x86_64/crypto/fipsmodule/rsaz-avx2.asm
win-x86_64/crypto/fipsmodule/sha1-x86_64.asm
win-x86_64/crypto/fipsmodule/sha256-x86_64.asm
win-x86_64/crypto/fipsmodule/sha512-x86_64.asm
win-x86_64/crypto/fipsmodule/vpaes-x86_64.asm
win-x86_64/crypto/fipsmodule/x86_64-mont.asm
win-x86_64/crypto/fipsmodule/x86_64-mont5.asm
win-x86_64/crypto/test/trampoline-x86_64.asm
)
if(APPLE AND ${ARCH} STREQUAL "aarch64")
set(CRYPTO_ARCH_SOURCES ${CRYPTO_ios_aarch64_SOURCES})
elseif(APPLE AND ${ARCH} STREQUAL "arm")
set(CRYPTO_ARCH_SOURCES ${CRYPTO_ios_arm_SOURCES})
elseif(APPLE)
set(CRYPTO_ARCH_SOURCES ${CRYPTO_mac_${ARCH}_SOURCES})
elseif(UNIX)
set(CRYPTO_ARCH_SOURCES ${CRYPTO_linux_${ARCH}_SOURCES})
elseif(WIN32)
set(CRYPTO_ARCH_SOURCES ${CRYPTO_win_${ARCH}_SOURCES})
endif()
add_library(
crypto
${CRYPTO_ARCH_SOURCES}
err_data.c
src/crypto/asn1/a_bitstr.c
src/crypto/asn1/a_bool.c
src/crypto/asn1/a_d2i_fp.c
src/crypto/asn1/a_dup.c
src/crypto/asn1/a_enum.c
src/crypto/asn1/a_gentm.c
src/crypto/asn1/a_i2d_fp.c
src/crypto/asn1/a_int.c
src/crypto/asn1/a_mbstr.c
src/crypto/asn1/a_object.c
src/crypto/asn1/a_octet.c
src/crypto/asn1/a_print.c
src/crypto/asn1/a_strnid.c
src/crypto/asn1/a_time.c
src/crypto/asn1/a_type.c
src/crypto/asn1/a_utctm.c
src/crypto/asn1/a_utf8.c
src/crypto/asn1/asn1_lib.c
src/crypto/asn1/asn1_par.c
src/crypto/asn1/asn_pack.c
src/crypto/asn1/f_enum.c
src/crypto/asn1/f_int.c
src/crypto/asn1/f_string.c
src/crypto/asn1/tasn_dec.c
src/crypto/asn1/tasn_enc.c
src/crypto/asn1/tasn_fre.c
src/crypto/asn1/tasn_new.c
src/crypto/asn1/tasn_typ.c
src/crypto/asn1/tasn_utl.c
src/crypto/asn1/time_support.c
src/crypto/base64/base64.c
src/crypto/bio/bio.c
src/crypto/bio/bio_mem.c
src/crypto/bio/connect.c
src/crypto/bio/fd.c
src/crypto/bio/file.c
src/crypto/bio/hexdump.c
src/crypto/bio/pair.c
src/crypto/bio/printf.c
src/crypto/bio/socket.c
src/crypto/bio/socket_helper.c
src/crypto/bn_extra/bn_asn1.c
src/crypto/bn_extra/convert.c
src/crypto/buf/buf.c
src/crypto/bytestring/asn1_compat.c
src/crypto/bytestring/ber.c
src/crypto/bytestring/cbb.c
src/crypto/bytestring/cbs.c
src/crypto/bytestring/unicode.c
src/crypto/chacha/chacha.c
src/crypto/cipher_extra/cipher_extra.c
src/crypto/cipher_extra/derive_key.c
src/crypto/cipher_extra/e_aesccm.c
src/crypto/cipher_extra/e_aesctrhmac.c
src/crypto/cipher_extra/e_aesgcmsiv.c
src/crypto/cipher_extra/e_chacha20poly1305.c
src/crypto/cipher_extra/e_null.c
src/crypto/cipher_extra/e_rc2.c
src/crypto/cipher_extra/e_rc4.c
src/crypto/cipher_extra/e_tls.c
src/crypto/cipher_extra/tls_cbc.c
src/crypto/cmac/cmac.c
src/crypto/conf/conf.c
src/crypto/cpu-aarch64-fuchsia.c
src/crypto/cpu-aarch64-linux.c
src/crypto/cpu-arm-linux.c
src/crypto/cpu-arm.c
src/crypto/cpu-intel.c
src/crypto/cpu-ppc64le.c
src/crypto/crypto.c
src/crypto/curve25519/spake25519.c
src/crypto/dh/check.c
src/crypto/dh/dh.c
src/crypto/dh/dh_asn1.c
src/crypto/dh/params.c
src/crypto/digest_extra/digest_extra.c
src/crypto/dsa/dsa.c
src/crypto/dsa/dsa_asn1.c
src/crypto/ec_extra/ec_asn1.c
src/crypto/ec_extra/ec_derive.c
src/crypto/ecdh_extra/ecdh_extra.c
src/crypto/ecdsa_extra/ecdsa_asn1.c
src/crypto/engine/engine.c
src/crypto/err/err.c
src/crypto/evp/digestsign.c
src/crypto/evp/evp.c
src/crypto/evp/evp_asn1.c
src/crypto/evp/evp_ctx.c
src/crypto/evp/p_dsa_asn1.c
src/crypto/evp/p_ec.c
src/crypto/evp/p_ec_asn1.c
src/crypto/evp/p_ed25519.c
src/crypto/evp/p_ed25519_asn1.c
src/crypto/evp/p_rsa.c
src/crypto/evp/p_rsa_asn1.c
src/crypto/evp/p_x25519.c
src/crypto/evp/p_x25519_asn1.c
src/crypto/evp/pbkdf.c
src/crypto/evp/print.c
src/crypto/evp/scrypt.c
src/crypto/evp/sign.c
src/crypto/ex_data.c
src/crypto/fipsmodule/bcm.c
src/crypto/fipsmodule/fips_shared_support.c
src/crypto/fipsmodule/is_fips.c
src/crypto/hkdf/hkdf.c
src/crypto/hrss/hrss.c
src/crypto/lhash/lhash.c
src/crypto/mem.c
src/crypto/obj/obj.c
src/crypto/obj/obj_xref.c
src/crypto/pem/pem_all.c
src/crypto/pem/pem_info.c
src/crypto/pem/pem_lib.c
src/crypto/pem/pem_oth.c
src/crypto/pem/pem_pk8.c
src/crypto/pem/pem_pkey.c
src/crypto/pem/pem_x509.c
src/crypto/pem/pem_xaux.c
src/crypto/pkcs7/pkcs7.c
src/crypto/pkcs7/pkcs7_x509.c
src/crypto/pkcs8/p5_pbev2.c
src/crypto/pkcs8/pkcs8.c
src/crypto/pkcs8/pkcs8_x509.c
src/crypto/poly1305/poly1305.c
src/crypto/poly1305/poly1305_arm.c
src/crypto/poly1305/poly1305_vec.c
src/crypto/pool/pool.c
src/crypto/rand_extra/deterministic.c
src/crypto/rand_extra/forkunsafe.c
src/crypto/rand_extra/fuchsia.c
src/crypto/rand_extra/rand_extra.c
src/crypto/rand_extra/windows.c
src/crypto/rc4/rc4.c
src/crypto/refcount_c11.c
src/crypto/refcount_lock.c
src/crypto/rsa_extra/rsa_asn1.c
src/crypto/rsa_extra/rsa_print.c
src/crypto/siphash/siphash.c
src/crypto/stack/stack.c
src/crypto/thread.c
src/crypto/thread_none.c
src/crypto/thread_pthread.c
src/crypto/thread_win.c
src/crypto/x509/a_digest.c
src/crypto/x509/a_sign.c
src/crypto/x509/a_strex.c
src/crypto/x509/a_verify.c
src/crypto/x509/algorithm.c
src/crypto/x509/asn1_gen.c
src/crypto/x509/by_dir.c
src/crypto/x509/by_file.c
src/crypto/x509/i2d_pr.c
src/crypto/x509/rsa_pss.c
src/crypto/x509/t_crl.c
src/crypto/x509/t_req.c
src/crypto/x509/t_x509.c
src/crypto/x509/t_x509a.c
src/crypto/x509/x509.c
src/crypto/x509/x509_att.c
src/crypto/x509/x509_cmp.c
src/crypto/x509/x509_d2.c
src/crypto/x509/x509_def.c
src/crypto/x509/x509_ext.c
src/crypto/x509/x509_lu.c
src/crypto/x509/x509_obj.c
src/crypto/x509/x509_r2x.c
src/crypto/x509/x509_req.c
src/crypto/x509/x509_set.c
src/crypto/x509/x509_trs.c
src/crypto/x509/x509_txt.c
src/crypto/x509/x509_v3.c
src/crypto/x509/x509_vfy.c
src/crypto/x509/x509_vpm.c
src/crypto/x509/x509cset.c
src/crypto/x509/x509name.c
src/crypto/x509/x509rset.c
src/crypto/x509/x509spki.c
src/crypto/x509/x_algor.c
src/crypto/x509/x_all.c
src/crypto/x509/x_attrib.c
src/crypto/x509/x_crl.c
src/crypto/x509/x_exten.c
src/crypto/x509/x_info.c
src/crypto/x509/x_name.c
src/crypto/x509/x_pkey.c
src/crypto/x509/x_pubkey.c
src/crypto/x509/x_req.c
src/crypto/x509/x_sig.c
src/crypto/x509/x_spki.c
src/crypto/x509/x_val.c
src/crypto/x509/x_x509.c
src/crypto/x509/x_x509a.c
src/crypto/x509v3/pcy_cache.c
src/crypto/x509v3/pcy_data.c
src/crypto/x509v3/pcy_lib.c
src/crypto/x509v3/pcy_map.c
src/crypto/x509v3/pcy_node.c
src/crypto/x509v3/pcy_tree.c
src/crypto/x509v3/v3_akey.c
src/crypto/x509v3/v3_akeya.c
src/crypto/x509v3/v3_alt.c
src/crypto/x509v3/v3_bcons.c
src/crypto/x509v3/v3_bitst.c
src/crypto/x509v3/v3_conf.c
src/crypto/x509v3/v3_cpols.c
src/crypto/x509v3/v3_crld.c
src/crypto/x509v3/v3_enum.c
src/crypto/x509v3/v3_extku.c
src/crypto/x509v3/v3_genn.c
src/crypto/x509v3/v3_ia5.c
src/crypto/x509v3/v3_info.c
src/crypto/x509v3/v3_int.c
src/crypto/x509v3/v3_lib.c
src/crypto/x509v3/v3_ncons.c
src/crypto/x509v3/v3_ocsp.c
src/crypto/x509v3/v3_pci.c
src/crypto/x509v3/v3_pcia.c
src/crypto/x509v3/v3_pcons.c
src/crypto/x509v3/v3_pku.c
src/crypto/x509v3/v3_pmaps.c
src/crypto/x509v3/v3_prn.c
src/crypto/x509v3/v3_purp.c
src/crypto/x509v3/v3_skey.c
src/crypto/x509v3/v3_sxnet.c
src/crypto/x509v3/v3_utl.c
src/third_party/fiat/curve25519.c
)
add_library(
ssl
src/ssl/bio_ssl.cc
src/ssl/d1_both.cc
src/ssl/d1_lib.cc
src/ssl/d1_pkt.cc
src/ssl/d1_srtp.cc
src/ssl/dtls_method.cc
src/ssl/dtls_record.cc
src/ssl/handoff.cc
src/ssl/handshake.cc
src/ssl/handshake_client.cc
src/ssl/handshake_server.cc
src/ssl/s3_both.cc
src/ssl/s3_lib.cc
src/ssl/s3_pkt.cc
src/ssl/ssl_aead_ctx.cc
src/ssl/ssl_asn1.cc
src/ssl/ssl_buffer.cc
src/ssl/ssl_cert.cc
src/ssl/ssl_cipher.cc
src/ssl/ssl_file.cc
src/ssl/ssl_key_share.cc
src/ssl/ssl_lib.cc
src/ssl/ssl_privkey.cc
src/ssl/ssl_session.cc
src/ssl/ssl_stat.cc
src/ssl/ssl_transcript.cc
src/ssl/ssl_versions.cc
src/ssl/ssl_x509.cc
src/ssl/t1_enc.cc
src/ssl/t1_lib.cc
src/ssl/tls13_both.cc
src/ssl/tls13_client.cc
src/ssl/tls13_enc.cc
src/ssl/tls13_server.cc
src/ssl/tls_method.cc
src/ssl/tls_record.cc
)
add_executable(
bssl
src/tool/args.cc
src/tool/ciphers.cc
src/tool/client.cc
src/tool/const.cc
src/tool/digest.cc
src/tool/file.cc
src/tool/generate_ed25519.cc
src/tool/genrsa.cc
src/tool/pkcs12.cc
src/tool/rand.cc
src/tool/server.cc
src/tool/sign.cc
src/tool/speed.cc
src/tool/tool.cc
src/tool/transport_common.cc
)
target_link_libraries(bssl ssl crypto)
if(NOT MSVC AND NOT ANDROID)
target_link_libraries(crypto pthread)
if (NOT ${CMAKE_VERSION} VERSION_LESS "3.2")
# USES_TERMINAL is only available in CMake 3.2 or later.
set(MAYBE_USES_TERMINAL USES_TERMINAL)
endif()
add_custom_target(
run_tests
COMMAND ${GO_EXECUTABLE} run util/all_tests.go -build-dir
${CMAKE_BINARY_DIR}
COMMAND cd ssl/test/runner &&
${GO_EXECUTABLE} test -shim-path $<TARGET_FILE:bssl_shim>
${RUNNER_ARGS}
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
DEPENDS all_tests bssl_shim
${MAYBE_USES_TERMINAL})
src/CONTRIBUTING.md → CONTRIBUTING.md
View File
src/FUZZING.md → FUZZING.md
+11 -7
View File
@@ -2,17 +2,23 @@
Modern fuzz testers are very effective and we wish to use them to ensure that no silly bugs creep into BoringSSL.
We use Clang's [libFuzzer](http://llvm.org/docs/LibFuzzer.html) for fuzz testing and there are a number of fuzz testing functions in `fuzz/`. They are not built by default because they require that the rest of BoringSSL be built with some changes that make fuzzing much more effective, but are completely unsafe for real use.
We primarily use Clang's [libFuzzer](http://llvm.org/docs/LibFuzzer.html) for fuzz testing and there are a number of fuzz testing functions in `fuzz/`. They are not built by default because they require libFuzzer at build time.
In order to build the fuzz tests you will need at least Clang 6.0. Pass `-DFUZZ=1` on the CMake command line to enable building BoringSSL with coverage and AddressSanitizer, and to build the fuzz test binaries. You'll probably need to set the `CC` and `CXX` environment variables too, like this:
In order to build the fuzz tests you will need at least Clang 3.7. Pass `-DFUZZ=1` on the CMake command line to enable building BoringSSL with coverage and AddressSanitizer, and to build the fuzz test binaries. You'll probably need to set the `CC` and `CXX` environment variables too, like this:
```
mkdir build
cd build
CC=clang CXX=clang++ cmake -GNinja -DFUZZ=1 ..
ninja
```
In order for the fuzz tests to link, the linker needs to find libFuzzer. This is not commonly provided and you may need to download the [Clang source code](http://llvm.org/releases/download.html) and do the following:
```
svn co http://llvm.org/svn/llvm-project/llvm/trunk/lib/Fuzzer
clang++ -c -g -O2 -std=c++11 Fuzzer/*.cpp -IFuzzer
ar ruv libFuzzer.a Fuzzer*.o
```
Then copy `libFuzzer.a` to the top-level of your BoringSSL source directory.
From the `build/` directory, you can then run the fuzzers. For example:
@@ -26,8 +32,6 @@ The recommended values of `max_len` for each test are:
| Test | `max_len` value |
|---------------|-----------------|
| `bn_div` | 384 |
| `bn_mod_exp` | 4096 |
| `cert` | 10000 |
| `client` | 20000 |
| `pkcs8` | 2048 |
src/INCORPORATING.md → INCORPORATING.md
+1 -1
View File
@@ -37,7 +37,7 @@ updating things more complex.
BoringSSL is designed to work with many different build systems. Currently,
different projects use [GYP](https://gyp.gsrc.io/),
[GN](https://gn.googlesource.com/gn/+/master/docs/quick_start.md),
[GN](https://chromium.googlesource.com/chromium/src/+/master/tools/gn/docs/quick_start.md),
[Bazel](https://bazel.build/) and [Make](https://www.gnu.org/software/make/) to
build BoringSSL, without too much pain.
LICENSE
-70
View File
@@ -179,73 +179,3 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
Licenses for support code
-------------------------
Parts of the TLS test suite are under the Go license. This code is not included
in BoringSSL (i.e. libcrypto and libssl) when compiled, however, so
distributing code linked against BoringSSL does not trigger this license:
Copyright (c) 2009 The Go Authors. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the
distribution.
* Neither the name of Google Inc. nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
BoringSSL uses the Chromium test infrastructure to run a continuous build,
trybots etc. The scripts which manage this, and the script for generating build
metadata, are under the Chromium license. Distributing code linked against
BoringSSL does not trigger this license.
Copyright 2015 The Chromium Authors. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the
distribution.
* Neither the name of Google Inc. nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
src/PORTING.md → PORTING.md
+1 -1
View File
@@ -123,7 +123,7 @@ feature, so BoringSSL rejects peer renegotiations by default.
To enable renegotiation, call `SSL_set_renegotiate_mode` and set it to
`ssl_renegotiate_once` or `ssl_renegotiate_freely`. Renegotiation is only
supported as a client in TLS and the HelloRequest must be received at a
supported as a client in SSL3/TLS and the HelloRequest must be received at a
quiet point in the application protocol. This is sufficient to support the
common use of requesting a new client certificate between an HTTP request and
response in (unpipelined) HTTP/1.1.
Package.swift
-3409
View File
File diff suppressed because it is too large Load Diff
README.md
+33
View File
@@ -0,0 +1,33 @@
# BoringSSL
BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
Although BoringSSL is an open source project, it is not intended for general
use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing
so is likely to be frustrating because there are no guarantees of API or ABI
stability.
Programs ship their own copies of BoringSSL when they use it and we update
everything as needed when deciding to make API changes. This allows us to
mostly avoid compromises in the name of compatibility. It works for us, but it
may not work for you.
BoringSSL arose because Google used OpenSSL for many years in various ways and,
over time, built up a large number of patches that were maintained while
tracking upstream OpenSSL. As Google's product portfolio became more complex,
more copies of OpenSSL sprung up and the effort involved in maintaining all
these patches in multiple places was growing steadily.
Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's
not part of the NDK) and a number of other apps/programs.
There are other files in this directory which might be helpful:
* [PORTING.md](/PORTING.md): how to port OpenSSL-using code to BoringSSL.
* [BUILDING.md](/BUILDING.md): how to build BoringSSL
* [INCORPORATING.md](/INCORPORATING.md): how to incorporate BoringSSL into a project.
* [API-CONVENTIONS.md](/API-CONVENTIONS.md): general API conventions for BoringSSL consumers and developers.
* [STYLE.md](/STYLE.md): rules and guidelines for coding style.
* include/openssl: public headers with API documentation in comments. Also [available online](https://commondatastorage.googleapis.com/chromium-boringssl-docs/headers.html).
* [FUZZING.md](/FUZZING.md): information about fuzzing BoringSSL.
* [CONTRIBUTING.md](/CONTRIBUTING.md): how to contribute to BoringSSL.
src/STYLE.md → STYLE.md
View File
WORKSPACE
-1
View File
@@ -1 +0,0 @@
workspace(name = "boringssl")
codereview.settings
+4
View File
@@ -0,0 +1,4 @@
# This file is used by gcl to get repository specific information.
GERRIT_HOST: True
GERRIT_PORT: True
CODE_REVIEW_SERVER: https://boringssl-review.googlesource.com
crypto/CMakeLists.txt
+280
View File
@@ -0,0 +1,280 @@
include_directories(../include)
if(NOT OPENSSL_NO_ASM)
if(UNIX)
if (${ARCH} STREQUAL "aarch64")
# The "armx" Perl scripts look for "64" in the style argument
# in order to decide whether to generate 32- or 64-bit asm.
if (APPLE)
set(PERLASM_STYLE ios64)
else()
set(PERLASM_STYLE linux64)
endif()
elseif (${ARCH} STREQUAL "arm")
if (APPLE)
set(PERLASM_STYLE ios32)
else()
set(PERLASM_STYLE linux32)
endif()
elseif (${ARCH} STREQUAL "ppc64le")
set(PERLASM_STYLE linux64le)
else()
if (${ARCH} STREQUAL "x86")
set(PERLASM_FLAGS "-fPIC -DOPENSSL_IA32_SSE2")
endif()
if (APPLE)
set(PERLASM_STYLE macosx)
else()
set(PERLASM_STYLE elf)
endif()
endif()
set(ASM_EXT S)
enable_language(ASM)
set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,--noexecstack")
# Clang's integerated assembler does not support debug symbols.
if(NOT CMAKE_ASM_COMPILER_ID MATCHES "Clang")
set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,-g")
endif()
# CMake does not add -isysroot and -arch flags to assembly.
if (APPLE)
if (CMAKE_OSX_SYSROOT)
set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -isysroot \"${CMAKE_OSX_SYSROOT}\"")
endif()
foreach(arch ${CMAKE_OSX_ARCHITECTURES})
set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -arch ${arch}")
endforeach()
endif()
else()
if (${ARCH} STREQUAL "x86_64")
set(PERLASM_STYLE nasm)
else()
set(PERLASM_STYLE win32n)
set(PERLASM_FLAGS "-DOPENSSL_IA32_SSE2")
endif()
set(CMAKE_ASM_NASM_FLAGS "-gcv8")
# On Windows, we use the NASM output, specifically built with Yasm.
set(ASM_EXT asm)
enable_language(ASM_NASM)
endif()
endif()
function(perlasm dest src)
add_custom_command(
OUTPUT ${dest}
COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/${src} ${PERLASM_STYLE} ${PERLASM_FLAGS} ${ARGN} ${dest}
DEPENDS
${src}
${PROJECT_SOURCE_DIR}/crypto/perlasm/arm-xlate.pl
${PROJECT_SOURCE_DIR}/crypto/perlasm/ppc-xlate.pl
${PROJECT_SOURCE_DIR}/crypto/perlasm/x86_64-xlate.pl
${PROJECT_SOURCE_DIR}/crypto/perlasm/x86asm.pl
${PROJECT_SOURCE_DIR}/crypto/perlasm/x86gas.pl
${PROJECT_SOURCE_DIR}/crypto/perlasm/x86masm.pl
${PROJECT_SOURCE_DIR}/crypto/perlasm/x86nasm.pl
WORKING_DIRECTORY .
)
endfunction()
# Level 0.1 - depends on nothing outside this set.
add_subdirectory(stack)
add_subdirectory(lhash)
add_subdirectory(err)
add_subdirectory(buf)
add_subdirectory(base64)
add_subdirectory(bytestring)
add_subdirectory(pool)
# Level 0.2 - depends on nothing but itself
add_subdirectory(rc4)
add_subdirectory(conf)
add_subdirectory(chacha)
add_subdirectory(poly1305)
add_subdirectory(curve25519)
# Level 1, depends only on 0.*
add_subdirectory(digest_extra)
add_subdirectory(cipher_extra)
add_subdirectory(rand_extra)
add_subdirectory(bio)
add_subdirectory(bn_extra)
add_subdirectory(obj)
add_subdirectory(asn1)
# Level 2
add_subdirectory(engine)
add_subdirectory(dh)
add_subdirectory(dsa)
add_subdirectory(rsa_extra)
add_subdirectory(ec_extra)
add_subdirectory(ecdh)
add_subdirectory(ecdsa_extra)
# Level 3
add_subdirectory(cmac)
add_subdirectory(evp)
add_subdirectory(hkdf)
add_subdirectory(pem)
add_subdirectory(x509)
add_subdirectory(x509v3)
# Level 4
add_subdirectory(pkcs7)
add_subdirectory(pkcs8)
# Test support code
add_subdirectory(test)
add_subdirectory(fipsmodule)
add_library(
crypto_base
OBJECT
cpu-aarch64-fuchsia.c
cpu-aarch64-linux.c
cpu-arm.c
cpu-arm-linux.c
cpu-intel.c
cpu-ppc64le.c
crypto.c
ex_data.c
mem.c
refcount_c11.c
refcount_lock.c
thread.c
thread_none.c
thread_pthread.c
thread_win.c
)
if(FIPS_DELOCATE)
SET_SOURCE_FILES_PROPERTIES(fipsmodule/bcm.o PROPERTIES EXTERNAL_OBJECT true)
SET_SOURCE_FILES_PROPERTIES(fipsmodule/bcm.o PROPERTIES GENERATED true)
set(
CRYPTO_FIPS_OBJECTS
fipsmodule/bcm.o
)
endif()
add_library(
crypto
$<TARGET_OBJECTS:crypto_base>
$<TARGET_OBJECTS:stack>
$<TARGET_OBJECTS:lhash>
$<TARGET_OBJECTS:err>
$<TARGET_OBJECTS:base64>
$<TARGET_OBJECTS:bytestring>
$<TARGET_OBJECTS:pool>
$<TARGET_OBJECTS:fipsmodule>
$<TARGET_OBJECTS:digest_extra>
$<TARGET_OBJECTS:cipher_extra>
$<TARGET_OBJECTS:rc4>
$<TARGET_OBJECTS:conf>
$<TARGET_OBJECTS:chacha>
$<TARGET_OBJECTS:poly1305>
$<TARGET_OBJECTS:curve25519>
$<TARGET_OBJECTS:fiat>
$<TARGET_OBJECTS:buf>
$<TARGET_OBJECTS:bn_extra>
$<TARGET_OBJECTS:bio>
$<TARGET_OBJECTS:rand_extra>
$<TARGET_OBJECTS:obj>
$<TARGET_OBJECTS:asn1>
$<TARGET_OBJECTS:engine>
$<TARGET_OBJECTS:dh>
$<TARGET_OBJECTS:dsa>
$<TARGET_OBJECTS:rsa_extra>
$<TARGET_OBJECTS:ec_extra>
$<TARGET_OBJECTS:ecdh>
$<TARGET_OBJECTS:ecdsa_extra>
$<TARGET_OBJECTS:cmac>
$<TARGET_OBJECTS:evp>
$<TARGET_OBJECTS:hkdf>
$<TARGET_OBJECTS:pem>
$<TARGET_OBJECTS:x509>
$<TARGET_OBJECTS:x509v3>
$<TARGET_OBJECTS:pkcs7>
$<TARGET_OBJECTS:pkcs8_lib>
${CRYPTO_FIPS_OBJECTS}
)
if(FIPS_DELOCATE)
add_dependencies(crypto bcm_o_target)
endif()
SET_TARGET_PROPERTIES(crypto PROPERTIES LINKER_LANGUAGE C)
if(NOT MSVC AND NOT ANDROID)
target_link_libraries(crypto pthread)
endif()
# TODO(davidben): Convert the remaining tests to GTest.
add_executable(
crypto_test
asn1/asn1_test.cc
base64/base64_test.cc
buf/buf_test.cc
bio/bio_test.cc
bytestring/bytestring_test.cc
chacha/chacha_test.cc
cipher_extra/aead_test.cc
cipher_extra/cipher_test.cc
cmac/cmac_test.cc
compiler_test.cc
constant_time_test.cc
curve25519/ed25519_test.cc
curve25519/spake25519_test.cc
curve25519/x25519_test.cc
ecdh/ecdh_test.cc
dh/dh_test.cc
digest_extra/digest_test.cc
dsa/dsa_test.cc
err/err_test.cc
evp/evp_extra_test.cc
evp/evp_test.cc
evp/pbkdf_test.cc
evp/scrypt_test.cc
fipsmodule/aes/aes_test.cc
fipsmodule/bn/bn_test.cc
fipsmodule/ec/ec_test.cc
fipsmodule/ec/p256-x86_64_test.cc
fipsmodule/ecdsa/ecdsa_test.cc
fipsmodule/modes/gcm_test.cc
fipsmodule/rand/ctrdrbg_test.cc
hkdf/hkdf_test.cc
hmac_extra/hmac_test.cc
lhash/lhash_test.cc
obj/obj_test.cc
pkcs7/pkcs7_test.cc
pkcs8/pkcs8_test.cc
pkcs8/pkcs12_test.cc
poly1305/poly1305_test.cc
pool/pool_test.cc
refcount_test.cc
rsa_extra/rsa_test.cc
self_test.cc
test/file_test_gtest.cc
thread_test.cc
x509/x509_test.cc
x509v3/tab_test.cc
x509v3/v3name_test.cc
$<TARGET_OBJECTS:crypto_test_data>
$<TARGET_OBJECTS:boringssl_gtest_main>
$<TARGET_OBJECTS:test_support>
)
target_link_libraries(crypto_test crypto boringssl_gtest)
if (WIN32)
target_link_libraries(crypto_test ws2_32)
endif()
add_dependencies(all_tests crypto_test)
crypto/asn1/CMakeLists.txt
+38
View File
@@ -0,0 +1,38 @@
include_directories(../../include)
add_library(
asn1
OBJECT
a_bitstr.c
a_bool.c
a_d2i_fp.c
a_dup.c
a_enum.c
a_gentm.c
a_i2d_fp.c
a_int.c
a_mbstr.c
a_object.c
a_octet.c
a_print.c
a_strnid.c
a_time.c
a_type.c
a_utctm.c
a_utf8.c
asn1_lib.c
asn1_par.c
asn_pack.c
f_enum.c
f_int.c
f_string.c
tasn_dec.c
tasn_enc.c
tasn_fre.c
tasn_new.c
tasn_typ.c
tasn_utl.c
time_support.c
)
src/crypto/asn1/a_bitstr.c → crypto/asn1/a_bitstr.c
View File
src/crypto/asn1/a_bool.c → crypto/asn1/a_bool.c
+5 -18
View File
@@ -62,30 +62,17 @@
int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
{
int r;
unsigned char *p, *allocated = NULL;
unsigned char *p;
r = ASN1_object_size(0, 1, V_ASN1_BOOLEAN);
if (pp == NULL)
return (r);
if (*pp == NULL) {
if ((p = allocated = OPENSSL_malloc(r)) == NULL) {
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
return 0;
}
} else {
p = *pp;
}
p = *pp;
ASN1_put_object(&p, 0, 1, V_ASN1_BOOLEAN, V_ASN1_UNIVERSAL);
*p = (unsigned char)a;
/*
* If a new buffer was allocated, just return it back.
* If not, return the incremented buffer pointer.
*/
*pp = allocated != NULL ? allocated : p + 1;
return r;
*(p++) = (unsigned char)a;
*pp = p;
return (r);
}
int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length)
crypto/asn1/a_d2i_fp.c
+297
View File
@@ -0,0 +1,297 @@
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.] */
#include <openssl/asn1.h>
#include <limits.h>
#include <openssl/buf.h>
#include <openssl/err.h>
#include <openssl/mem.h>
static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
#ifndef NO_OLD_ASN1
# ifndef OPENSSL_NO_FP_API
void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x)
{
BIO *b;
void *ret;
if ((b = BIO_new(BIO_s_file())) == NULL) {
OPENSSL_PUT_ERROR(ASN1, ERR_R_BUF_LIB);
return (NULL);
}
BIO_set_fp(b, in, BIO_NOCLOSE);
ret = ASN1_d2i_bio(xnew, d2i, b, x);
BIO_free(b);
return (ret);
}
# endif
void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x)
{
BUF_MEM *b = NULL;
const unsigned char *p;
void *ret = NULL;
int len;
len = asn1_d2i_read_bio(in, &b);
if (len < 0)
goto err;
p = (unsigned char *)b->data;
ret = d2i(x, &p, len);
err:
if (b != NULL)
BUF_MEM_free(b);
return (ret);
}
#endif
void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
{
BUF_MEM *b = NULL;
const unsigned char *p;
void *ret = NULL;
int len;
len = asn1_d2i_read_bio(in, &b);
if (len < 0)
goto err;
p = (const unsigned char *)b->data;
ret = ASN1_item_d2i(x, &p, len, it);
err:
if (b != NULL)
BUF_MEM_free(b);
return (ret);
}
#ifndef OPENSSL_NO_FP_API
void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
{
BIO *b;
char *ret;
if ((b = BIO_new(BIO_s_file())) == NULL) {
OPENSSL_PUT_ERROR(ASN1, ERR_R_BUF_LIB);
return (NULL);
}
BIO_set_fp(b, in, BIO_NOCLOSE);
ret = ASN1_item_d2i_bio(it, b, x);
BIO_free(b);
return (ret);
}
#endif
typedef struct asn1_const_ctx_st
{
const unsigned char *p;/* work char pointer */
int eos; /* end of sequence read for indefinite encoding */
int error; /* error code to use when returning an error */
int inf; /* constructed if 0x20, indefinite is 0x21 */
int tag; /* tag from last 'get object' */
int xclass; /* class from last 'get object' */
long slen; /* length of last 'get object' */
const unsigned char *max; /* largest value of p allowed */
const unsigned char *q;/* temporary variable */
const unsigned char **pp;/* variable */
int line; /* used in error processing */
} ASN1_const_CTX;
#define HEADER_SIZE 8
#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
{
BUF_MEM *b;
unsigned char *p;
int i;
ASN1_const_CTX c;
size_t want = HEADER_SIZE;
int eos = 0;
size_t off = 0;
size_t len = 0;
b = BUF_MEM_new();
if (b == NULL) {
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
return -1;
}
ERR_clear_error();
for (;;) {
if (want >= (len - off)) {
want -= (len - off);
if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) {
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
goto err;
}
i = BIO_read(in, &(b->data[len]), want);
if ((i < 0) && ((len - off) == 0)) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NOT_ENOUGH_DATA);
goto err;
}
if (i > 0) {
if (len + i < len) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_TOO_LONG);
goto err;
}
len += i;
}
}
/* else data already loaded */
p = (unsigned char *)&(b->data[off]);
c.p = p;
c.inf = ASN1_get_object(&(c.p), &(c.slen), &(c.tag), &(c.xclass),
len - off);
if (c.inf & 0x80) {
uint32_t e;
e = ERR_GET_REASON(ERR_peek_error());
if (e != ASN1_R_TOO_LONG)
goto err;
else
ERR_clear_error(); /* clear error */
}
i = c.p - p; /* header length */
off += i; /* end of data */
if (c.inf & 1) {
/* no data body so go round again */
eos++;
if (eos < 0) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_HEADER_TOO_LONG);
goto err;
}
want = HEADER_SIZE;
} else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC)) {
/* eos value, so go back and read another header */
eos--;
if (eos <= 0)
break;
else
want = HEADER_SIZE;
} else {
/* suck in c.slen bytes of data */
want = c.slen;
if (want > (len - off)) {
size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
want -= (len - off);
if (want > INT_MAX /* BIO_read takes an int length */ ||
len + want < len) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_TOO_LONG);
goto err;
}
while (want > 0) {
/*
* Read content in chunks of increasing size
* so we can return an error for EOF without
* having to allocate the entire content length
* in one go.
*/
size_t chunk = want > chunk_max ? chunk_max : want;
if (!BUF_MEM_grow_clean(b, len + chunk)) {
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
goto err;
}
want -= chunk;
while (chunk > 0) {
i = BIO_read(in, &(b->data[len]), chunk);
if (i <= 0) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NOT_ENOUGH_DATA);
goto err;
}
/*
* This can't overflow because |len+want| didn't
* overflow.
*/
len += i;
chunk -= i;
}
if (chunk_max < INT_MAX/2)
chunk_max *= 2;
}
}
if (off + c.slen < off) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_TOO_LONG);
goto err;
}
off += c.slen;
if (eos <= 0) {
break;
} else
want = HEADER_SIZE;
}
}
if (off > INT_MAX) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_TOO_LONG);
goto err;
}
*pb = b;
return off;
err:
if (b != NULL)
BUF_MEM_free(b);
return -1;
}
src/crypto/asn1/a_dup.c → crypto/asn1/a_dup.c
+24
View File
@@ -59,6 +59,30 @@
#include <openssl/err.h>
#include <openssl/mem.h>
void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x)
{
unsigned char *b, *p;
const unsigned char *p2;
int i;
char *ret;
if (x == NULL)
return (NULL);
i = i2d(x, NULL);
b = OPENSSL_malloc(i + 10);
if (b == NULL) {
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
return (NULL);
}
p = b;
i = i2d(x, &p);
p2 = b;
ret = d2i(NULL, &p2, i);
OPENSSL_free(b);
return (ret);
}
/*
* ASN1_ITEM version of dup: this follows the model above except we don't
* need to allocate the buffer. At some point this could be rewritten to
src/crypto/asn1/a_enum.c → crypto/asn1/a_enum.c
+2 -2
View File
@@ -120,8 +120,8 @@ long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
else if (i != V_ASN1_ENUMERATED)
return -1;
OPENSSL_STATIC_ASSERT(sizeof(uint64_t) >= sizeof(long),
"long larger than uint64_t");
OPENSSL_COMPILE_ASSERT(sizeof(uint64_t) >= sizeof(long),
long_larger_than_uint64_t);
if (a->length > (int)sizeof(uint64_t)) {
/* hmm... a bit ugly */
src/crypto/asn1/a_gentm.c → crypto/asn1/a_gentm.c
View File
crypto/asn1/a_i2d_fp.c
+150
View File
@@ -0,0 +1,150 @@
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.] */
#include <openssl/asn1.h>
#include <openssl/err.h>
#include <openssl/mem.h>
int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x)
{
BIO *b;
int ret;
if ((b = BIO_new(BIO_s_file())) == NULL) {
OPENSSL_PUT_ERROR(ASN1, ERR_R_BUF_LIB);
return (0);
}
BIO_set_fp(b, out, BIO_NOCLOSE);
ret = ASN1_i2d_bio(i2d, b, x);
BIO_free(b);
return (ret);
}
int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, void *x)
{
char *b;
unsigned char *p;
int i, j = 0, n, ret = 1;
n = i2d(x, NULL);
if (n <= 0)
return 0;
b = (char *)OPENSSL_malloc(n);
if (b == NULL) {
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
return (0);
}
p = (unsigned char *)b;
i2d(x, &p);
for (;;) {
i = BIO_write(out, &(b[j]), n);
if (i == n)
break;
if (i <= 0) {
ret = 0;
break;
}
j += i;
n -= i;
}
OPENSSL_free(b);
return (ret);
}
int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
{
BIO *b;
int ret;
if ((b = BIO_new(BIO_s_file())) == NULL) {
OPENSSL_PUT_ERROR(ASN1, ERR_R_BUF_LIB);
return (0);
}
BIO_set_fp(b, out, BIO_NOCLOSE);
ret = ASN1_item_i2d_bio(it, b, x);
BIO_free(b);
return (ret);
}
int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
{
unsigned char *b = NULL;
int i, j = 0, n, ret = 1;
n = ASN1_item_i2d(x, &b, it);
if (b == NULL) {
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
return (0);
}
for (;;) {
i = BIO_write(out, &(b[j]), n);
if (i == n)
break;
if (i <= 0) {
ret = 0;
break;
}
j += i;
n -= i;
}
OPENSSL_free(b);
return (ret);
}
src/crypto/asn1/a_int.c → crypto/asn1/a_int.c
+71 -12
View File
@@ -195,16 +195,6 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
unsigned char *to, *s;
int i;
/*
* This function can handle lengths up to INT_MAX - 1, but the rest of the
* legacy ASN.1 code mixes integer types, so avoid exposing it to
* ASN1_INTEGERS with larger lengths.
*/
if (len < 0 || len > INT_MAX / 2) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_TOO_LONG);
return NULL;
}
if ((a == NULL) || ((*a) == NULL)) {
if ((ret = M_ASN1_INTEGER_new()) == NULL)
return (NULL);
@@ -286,6 +276,75 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
return (NULL);
}
/*
* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of ASN1
* integers: some broken software can encode a positive INTEGER with its MSB
* set as negative (it doesn't add a padding zero).
*/
ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
long length)
{
ASN1_INTEGER *ret = NULL;
const unsigned char *p;
unsigned char *s;
long len;
int inf, tag, xclass;
int i;
if ((a == NULL) || ((*a) == NULL)) {
if ((ret = M_ASN1_INTEGER_new()) == NULL)
return (NULL);
ret->type = V_ASN1_INTEGER;
} else
ret = (*a);
p = *pp;
inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
if (inf & 0x80) {
i = ASN1_R_BAD_OBJECT_HEADER;
goto err;
}
if (tag != V_ASN1_INTEGER) {
i = ASN1_R_EXPECTING_AN_INTEGER;
goto err;
}
/*
* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies
* a missing NULL parameter.
*/
s = (unsigned char *)OPENSSL_malloc((int)len + 1);
if (s == NULL) {
i = ERR_R_MALLOC_FAILURE;
goto err;
}
ret->type = V_ASN1_INTEGER;
if (len) {
if ((*p == 0) && (len != 1)) {
p++;
len--;
}
OPENSSL_memcpy(s, p, (int)len);
p += len;
}
if (ret->data != NULL)
OPENSSL_free(ret->data);
ret->data = s;
ret->length = (int)len;
if (a != NULL)
(*a) = ret;
*pp = p;
return (ret);
err:
OPENSSL_PUT_ERROR(ASN1, i);
if ((ret != NULL) && ((a == NULL) || (*a != ret)))
M_ASN1_INTEGER_free(ret);
return (NULL);
}
int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
{
if (v >= 0) {
@@ -341,8 +400,8 @@ long ASN1_INTEGER_get(const ASN1_INTEGER *a)
else if (i != V_ASN1_INTEGER)
return -1;
OPENSSL_STATIC_ASSERT(sizeof(uint64_t) >= sizeof(long),
"long larger than uint64_t");
OPENSSL_COMPILE_ASSERT(sizeof(uint64_t) >= sizeof(long),
long_larger_than_uint64_t);
if (a->length > (int)sizeof(uint64_t)) {
/* hmm... a bit ugly, return all ones */
crypto/asn1/a_mbstr.c
+411
View File
@@ -0,0 +1,411 @@
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.] */
#include <openssl/asn1.h>
#include <string.h>
#include <openssl/err.h>
#include <openssl/mem.h>
#include "asn1_locl.h"
static int traverse_string(const unsigned char *p, int len, int inform,
int (*rfunc) (uint32_t value, void *in),
void *arg);
static int in_utf8(uint32_t value, void *arg);
static int out_utf8(uint32_t value, void *arg);
static int type_str(uint32_t value, void *arg);
static int cpy_asc(uint32_t value, void *arg);
static int cpy_bmp(uint32_t value, void *arg);
static int cpy_univ(uint32_t value, void *arg);
static int cpy_utf8(uint32_t value, void *arg);
static int is_printable(uint32_t value);
/*
* These functions take a string in UTF8, ASCII or multibyte form and a mask
* of permissible ASN1 string types. It then works out the minimal type
* (using the order Printable < IA5 < T61 < BMP < Universal < UTF8) and
* creates a string of the correct type with the supplied data. Yes this is
* horrible: it has to be :-( The 'ncopy' form checks minimum and maximum
* size limits too.
*/
int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
int inform, unsigned long mask)
{
return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0);
}
int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
int inform, unsigned long mask,
long minsize, long maxsize)
{
int str_type;
int ret;
char free_out;
int outform, outlen = 0;
ASN1_STRING *dest;
unsigned char *p;
int nchar;
char strbuf[32];
int (*cpyfunc) (uint32_t, void *) = NULL;
if (len == -1)
len = strlen((const char *)in);
if (!mask)
mask = DIRSTRING_TYPE;
/* First do a string check and work out the number of characters */
switch (inform) {
case MBSTRING_BMP:
if (len & 1) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_BMPSTRING_LENGTH);
return -1;
}
nchar = len >> 1;
break;
case MBSTRING_UNIV:
if (len & 3) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
return -1;
}
nchar = len >> 2;
break;
case MBSTRING_UTF8:
nchar = 0;
/* This counts the characters and does utf8 syntax checking */
ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar);
if (ret < 0) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_UTF8STRING);
return -1;
}
break;
case MBSTRING_ASC:
nchar = len;
break;
default:
OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_FORMAT);
return -1;
}
if ((minsize > 0) && (nchar < minsize)) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_STRING_TOO_SHORT);
BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize);
ERR_add_error_data(2, "minsize=", strbuf);
return -1;
}
if ((maxsize > 0) && (nchar > maxsize)) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_STRING_TOO_LONG);
BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize);
ERR_add_error_data(2, "maxsize=", strbuf);
return -1;
}
/* Now work out minimal type (if any) */
if (traverse_string(in, len, inform, type_str, &mask) < 0) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_CHARACTERS);
return -1;
}
/* Now work out output format and string type */
outform = MBSTRING_ASC;
if (mask & B_ASN1_PRINTABLESTRING)
str_type = V_ASN1_PRINTABLESTRING;
else if (mask & B_ASN1_IA5STRING)
str_type = V_ASN1_IA5STRING;
else if (mask & B_ASN1_T61STRING)
str_type = V_ASN1_T61STRING;
else if (mask & B_ASN1_BMPSTRING) {
str_type = V_ASN1_BMPSTRING;
outform = MBSTRING_BMP;
} else if (mask & B_ASN1_UNIVERSALSTRING) {
str_type = V_ASN1_UNIVERSALSTRING;
outform = MBSTRING_UNIV;
} else {
str_type = V_ASN1_UTF8STRING;
outform = MBSTRING_UTF8;
}
if (!out)
return str_type;
if (*out) {
free_out = 0;
dest = *out;
if (dest->data) {
dest->length = 0;
OPENSSL_free(dest->data);
dest->data = NULL;
}
dest->type = str_type;
} else {
free_out = 1;
dest = ASN1_STRING_type_new(str_type);
if (!dest) {
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
return -1;
}
*out = dest;
}
/* If both the same type just copy across */
if (inform == outform) {
if (!ASN1_STRING_set(dest, in, len)) {
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
return -1;
}
return str_type;
}
/* Work out how much space the destination will need */
switch (outform) {
case MBSTRING_ASC:
outlen = nchar;
cpyfunc = cpy_asc;
break;
case MBSTRING_BMP:
outlen = nchar << 1;
cpyfunc = cpy_bmp;
break;
case MBSTRING_UNIV:
outlen = nchar << 2;
cpyfunc = cpy_univ;
break;
case MBSTRING_UTF8:
outlen = 0;
traverse_string(in, len, inform, out_utf8, &outlen);
cpyfunc = cpy_utf8;
break;
}
if (!(p = OPENSSL_malloc(outlen + 1))) {
if (free_out)
ASN1_STRING_free(dest);
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
return -1;
}
dest->length = outlen;
dest->data = p;
p[outlen] = 0;
traverse_string(in, len, inform, cpyfunc, &p);
return str_type;
}
/*
* This function traverses a string and passes the value of each character to
* an optional function along with a void * argument.
*/
static int traverse_string(const unsigned char *p, int len, int inform,
int (*rfunc) (uint32_t value, void *in),
void *arg)
{
uint32_t value;
int ret;
while (len) {
if (inform == MBSTRING_ASC) {
value = *p++;
len--;
} else if (inform == MBSTRING_BMP) {
value = *p++ << 8;
value |= *p++;
len -= 2;
} else if (inform == MBSTRING_UNIV) {
value = ((uint32_t)*p++) << 24;
value |= ((uint32_t)*p++) << 16;
value |= *p++ << 8;
value |= *p++;
len -= 4;
} else {
ret = UTF8_getc(p, len, &value);
if (ret < 0)
return -1;
len -= ret;
p += ret;
}
if (rfunc) {
ret = rfunc(value, arg);
if (ret <= 0)
return ret;
}
}
return 1;
}
/* Various utility functions for traverse_string */
/* Just count number of characters */
static int in_utf8(uint32_t value, void *arg)
{
int *nchar;
nchar = arg;
(*nchar)++;
return 1;
}
/* Determine size of output as a UTF8 String */
static int out_utf8(uint32_t value, void *arg)
{
int *outlen;
outlen = arg;
*outlen += UTF8_putc(NULL, -1, value);
return 1;
}
/*
* Determine the "type" of a string: check each character against a supplied
* "mask".
*/
static int type_str(uint32_t value, void *arg)
{
unsigned long types;
types = *((unsigned long *)arg);
if ((types & B_ASN1_PRINTABLESTRING) && !is_printable(value))
types &= ~B_ASN1_PRINTABLESTRING;
if ((types & B_ASN1_IA5STRING) && (value > 127))
types &= ~B_ASN1_IA5STRING;
if ((types & B_ASN1_T61STRING) && (value > 0xff))
types &= ~B_ASN1_T61STRING;
if ((types & B_ASN1_BMPSTRING) && (value > 0xffff))
types &= ~B_ASN1_BMPSTRING;
if (!types)
return -1;
*((unsigned long *)arg) = types;
return 1;
}
/* Copy one byte per character ASCII like strings */
static int cpy_asc(uint32_t value, void *arg)
{
unsigned char **p, *q;
p = arg;
q = *p;
*q = (unsigned char)value;
(*p)++;
return 1;
}
/* Copy two byte per character BMPStrings */
static int cpy_bmp(uint32_t value, void *arg)
{
unsigned char **p, *q;
p = arg;
q = *p;
*q++ = (unsigned char)((value >> 8) & 0xff);
*q = (unsigned char)(value & 0xff);
*p += 2;
return 1;
}
/* Copy four byte per character UniversalStrings */
static int cpy_univ(uint32_t value, void *arg)
{
unsigned char **p, *q;
p = arg;
q = *p;
*q++ = (unsigned char)((value >> 24) & 0xff);
*q++ = (unsigned char)((value >> 16) & 0xff);
*q++ = (unsigned char)((value >> 8) & 0xff);
*q = (unsigned char)(value & 0xff);
*p += 4;
return 1;
}
/* Copy to a UTF8String */
static int cpy_utf8(uint32_t value, void *arg)
{
unsigned char **p;
int ret;
p = arg;
/* We already know there is enough room so pass 0xff as the length */
ret = UTF8_putc(*p, 0xff, value);
*p += ret;
return 1;
}
/* Return 1 if the character is permitted in a PrintableString */
static int is_printable(uint32_t value)
{
int ch;
if (value > 0x7f)
return 0;
ch = (int)value;
/*
* Note: we can't use 'isalnum' because certain accented characters may
* count as alphanumeric in some environments.
*/
if ((ch >= 'a') && (ch <= 'z'))
return 1;
if ((ch >= 'A') && (ch <= 'Z'))
return 1;
if ((ch >= '0') && (ch <= '9'))
return 1;
if ((ch == ' ') || strchr("'()+,-./:=?", ch))
return 1;
return 0;
}
src/crypto/asn1/a_object.c → crypto/asn1/a_object.c
+5 -16
View File
@@ -68,7 +68,7 @@
int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
{
unsigned char *p, *allocated = NULL;
unsigned char *p;
int objsize;
if ((a == NULL) || (a->data == NULL))
@@ -78,24 +78,13 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
if (pp == NULL || objsize == -1)
return objsize;
if (*pp == NULL) {
if ((p = allocated = OPENSSL_malloc(objsize)) == NULL) {
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
return 0;
}
} else {
p = *pp;
}
p = *pp;
ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
OPENSSL_memcpy(p, a->data, a->length);
p += a->length;
/*
* If a new buffer was allocated, just return it back.
* If not, return the incremented buffer pointer.
*/
*pp = allocated != NULL ? allocated : p + a->length;
return objsize;
*pp = p;
return (objsize);
}
int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a)
src/crypto/asn1/a_octet.c → crypto/asn1/a_octet.c
View File
src/crypto/asn1/a_print.c → crypto/asn1/a_print.c
View File
src/crypto/asn1/a_strnid.c → crypto/asn1/a_strnid.c
-1
View File
@@ -223,7 +223,6 @@ ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
return ttmp;
if (!stable)
return NULL;
sk_ASN1_STRING_TABLE_sort(stable);
found = sk_ASN1_STRING_TABLE_find(stable, &idx, &fnd);
if (!found)
return NULL;
src/crypto/asn1/a_time.c → crypto/asn1/a_time.c
+4 -3
View File
@@ -60,6 +60,7 @@
#include <time.h>
#include <openssl/asn1t.h>
#include <openssl/buf.h>
#include <openssl/err.h>
#include <openssl/mem.h>
@@ -142,11 +143,11 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t,
str = (char *)ret->data;
/* Work out the century and prepend */
if (t->data[0] >= '5')
OPENSSL_strlcpy(str, "19", newlen);
BUF_strlcpy(str, "19", newlen);
else
OPENSSL_strlcpy(str, "20", newlen);
BUF_strlcpy(str, "20", newlen);
OPENSSL_strlcat(str, (char *)t->data, newlen);
BUF_strlcat(str, (char *)t->data, newlen);
done:
if (out != NULL && *out == NULL)
src/crypto/asn1/a_type.c → crypto/asn1/a_type.c
View File
src/crypto/asn1/a_utctm.c → crypto/asn1/a_utctm.c
View File
src/crypto/asn1/a_utf8.c → crypto/asn1/a_utf8.c
View File
src/crypto/asn1/asn1_lib.c → crypto/asn1/asn1_lib.c
+1 -5
View File
@@ -205,11 +205,7 @@ static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
} else
ret = i;
}
/*
* Bound the length to comfortably fit in an int. Lengths in this module
* often switch between int and long without overflow checks.
*/
if (ret > INT_MAX / 2)
if (ret > LONG_MAX)
return 0;
*pp = p;
*rl = (long)ret;
src/crypto/asn1/asn1_locl.h → crypto/asn1/asn1_locl.h
View File
src/crypto/asn1/asn1_par.c → crypto/asn1/asn1_par.c
View File
crypto/asn1/asn1_test.cc
+90
View File
@@ -0,0 +1,90 @@
/* Copyright (c) 2016, Google Inc.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
#include <stdio.h>
#include <gtest/gtest.h>
#include <limits.h>
#include <openssl/asn1.h>
#include <openssl/err.h>
#include "../test/test_util.h"
// kTag128 is an ASN.1 structure with a universal tag with number 128.
static const uint8_t kTag128[] = {
0x1f, 0x81, 0x00, 0x01, 0x00,
};
// kTag258 is an ASN.1 structure with a universal tag with number 258.
static const uint8_t kTag258[] = {
0x1f, 0x82, 0x02, 0x01, 0x00,
};
static_assert(V_ASN1_NEG_INTEGER == 258,
"V_ASN1_NEG_INTEGER changed. Update kTag258 to collide with it.");
// kTagOverflow is an ASN.1 structure with a universal tag with number 2^35-1,
// which will not fit in an int.
static const uint8_t kTagOverflow[] = {
0x1f, 0xff, 0xff, 0xff, 0xff, 0x7f, 0x01, 0x00,
};
TEST(ASN1Test, LargeTags) {
const uint8_t *p = kTag258;
bssl::UniquePtr<ASN1_TYPE> obj(d2i_ASN1_TYPE(NULL, &p, sizeof(kTag258)));
EXPECT_FALSE(obj) << "Parsed value with illegal tag" << obj->type;
ERR_clear_error();
p = kTagOverflow;
obj.reset(d2i_ASN1_TYPE(NULL, &p, sizeof(kTagOverflow)));
EXPECT_FALSE(obj) << "Parsed value with tag overflow" << obj->type;
ERR_clear_error();
p = kTag128;
obj.reset(d2i_ASN1_TYPE(NULL, &p, sizeof(kTag128)));
ASSERT_TRUE(obj);
EXPECT_EQ(128, obj->type);
const uint8_t kZero = 0;
EXPECT_EQ(Bytes(&kZero, 1), Bytes(obj->value.asn1_string->data,
obj->value.asn1_string->length));
}
TEST(ASN1Test, IntegerSetting) {
bssl::UniquePtr<ASN1_INTEGER> by_bn(M_ASN1_INTEGER_new());
bssl::UniquePtr<ASN1_INTEGER> by_long(M_ASN1_INTEGER_new());
bssl::UniquePtr<ASN1_INTEGER> by_uint64(M_ASN1_INTEGER_new());
bssl::UniquePtr<BIGNUM> bn(BN_new());
const std::vector<int64_t> kValues = {
LONG_MIN, -2, -1, 0, 1, 2, 0xff, 0x100, 0xffff, 0x10000, LONG_MAX,
};
for (const auto &i : kValues) {
SCOPED_TRACE(i);
ASSERT_EQ(1, ASN1_INTEGER_set(by_long.get(), i));
const uint64_t abs = i < 0 ? (0 - (uint64_t) i) : i;
ASSERT_TRUE(BN_set_u64(bn.get(), abs));
BN_set_negative(bn.get(), i < 0);
ASSERT_TRUE(BN_to_ASN1_INTEGER(bn.get(), by_bn.get()));
EXPECT_EQ(0, ASN1_INTEGER_cmp(by_bn.get(), by_long.get()));
if (i >= 0) {
ASSERT_EQ(1, ASN1_INTEGER_set_uint64(by_uint64.get(), i));
EXPECT_EQ(0, ASN1_INTEGER_cmp(by_bn.get(), by_uint64.get()));
}
}
}
src/crypto/asn1/asn_pack.c → crypto/asn1/asn_pack.c
View File
src/crypto/asn1/charmap.pl → crypto/asn1/charmap.pl
View File
src/crypto/asn1/f_enum.c → crypto/asn1/f_enum.c
View File
src/crypto/asn1/f_int.c → crypto/asn1/f_int.c
View File
src/crypto/asn1/f_string.c → crypto/asn1/f_string.c
View File
src/crypto/asn1/tasn_dec.c → crypto/asn1/tasn_dec.c
+19 -40
View File
@@ -66,14 +66,6 @@
#include "../internal.h"
/*
* Constructed types with a recursive definition (such as can be found in PKCS7)
* could eventually exceed the stack given malicious input with excessive
* recursion. Therefore we limit the stack depth. This is the maximum number of
* recursive invocations of asn1_item_embed_d2i().
*/
#define ASN1_MAX_CONSTRUCTED_NEST 30
static int asn1_check_eoc(const unsigned char **in, long len);
static int asn1_find_end(const unsigned char **in, long len, char inf);
@@ -90,11 +82,11 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
static int asn1_template_ex_d2i(ASN1_VALUE **pval,
const unsigned char **in, long len,
const ASN1_TEMPLATE *tt, char opt,
ASN1_TLC *ctx, int depth);
ASN1_TLC *ctx);
static int asn1_template_noexp_d2i(ASN1_VALUE **val,
const unsigned char **in, long len,
const ASN1_TEMPLATE *tt, char opt,
ASN1_TLC *ctx, int depth);
ASN1_TLC *ctx);
static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
const unsigned char **in, long len,
const ASN1_ITEM *it,
@@ -161,9 +153,9 @@ ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
* tag mismatch return -1 to handle OPTIONAL
*/
static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
long len, const ASN1_ITEM *it, int tag, int aclass,
char opt, ASN1_TLC *ctx, int depth)
int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
const ASN1_ITEM *it,
int tag, int aclass, char opt, ASN1_TLC *ctx)
{
const ASN1_TEMPLATE *tt, *errtt = NULL;
const ASN1_COMPAT_FUNCS *cf;
@@ -196,11 +188,6 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
len = INT_MAX/2;
}
if (++depth > ASN1_MAX_CONSTRUCTED_NEST) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_TOO_DEEP);
goto err;
}
switch (it->itype) {
case ASN1_ITYPE_PRIMITIVE:
if (it->templates) {
@@ -216,7 +203,7 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
goto err;
}
return asn1_template_ex_d2i(pval, in, len,
it->templates, opt, ctx, depth);
it->templates, opt, ctx);
}
return asn1_d2i_ex_primitive(pval, in, len, it,
tag, aclass, opt, ctx);
@@ -339,7 +326,7 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
/*
* We mark field as OPTIONAL so its absence can be recognised.
*/
ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx, depth);
ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);
/* If field not present, try the next one */
if (ret == -1)
continue;
@@ -457,8 +444,7 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
* attempt to read in field, allowing each to be OPTIONAL
*/
ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx,
depth);
ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx);
if (!ret) {
errtt = seqtt;
goto err;
@@ -528,13 +514,6 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
return 0;
}
int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
const ASN1_ITEM *it,
int tag, int aclass, char opt, ASN1_TLC *ctx)
{
return asn1_item_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0);
}
/*
* Templates are handled with two separate functions. One handles any
* EXPLICIT tag and the other handles the rest.
@@ -543,7 +522,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
static int asn1_template_ex_d2i(ASN1_VALUE **val,
const unsigned char **in, long inlen,
const ASN1_TEMPLATE *tt, char opt,
ASN1_TLC *ctx, int depth)
ASN1_TLC *ctx)
{
int flags, aclass;
int ret;
@@ -577,7 +556,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
return 0;
}
/* We've found the field so it can't be OPTIONAL now */
ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx, depth);
ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);
if (!ret) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
return 0;
@@ -600,7 +579,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
}
}
} else
return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx, depth);
return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx);
*in = p;
return 1;
@@ -613,7 +592,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
static int asn1_template_noexp_d2i(ASN1_VALUE **val,
const unsigned char **in, long len,
const ASN1_TEMPLATE *tt, char opt,
ASN1_TLC *ctx, int depth)
ASN1_TLC *ctx)
{
int flags, aclass;
int ret;
@@ -682,8 +661,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
break;
}
skfield = NULL;
if (!asn1_item_ex_d2i(&skfield, &p, len, ASN1_ITEM_ptr(tt->item),
-1, 0, 0, ctx, depth)) {
if (!ASN1_item_ex_d2i(&skfield, &p, len,
ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
goto err;
}
@@ -700,8 +679,9 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
}
} else if (flags & ASN1_TFLG_IMPTAG) {
/* IMPLICIT tagging */
ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), tt->tag,
aclass, opt, ctx, depth);
ret = ASN1_item_ex_d2i(val, &p, len,
ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt,
ctx);
if (!ret) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
goto err;
@@ -709,9 +689,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
return -1;
} else {
/* Nothing special */
ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
-1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx,
depth);
ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
-1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
if (!ret) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
goto err;
src/crypto/asn1/tasn_enc.c → crypto/asn1/tasn_enc.c
+1 -3
View File
@@ -192,7 +192,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
/* Use indefinite length constructed if requested */
if (aclass & ASN1_TFLG_NDEF)
ndef = 2;
OPENSSL_FALLTHROUGH;
/* fall through */
case ASN1_ITYPE_SEQUENCE:
i = asn1_enc_restore(&seqcontlen, out, pval, it);
@@ -583,8 +583,6 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
otmp = (ASN1_OBJECT *)*pval;
cont = otmp->data;
len = otmp->length;
if (cont == NULL || len == 0)
return -1;
break;
case V_ASN1_NULL:
src/crypto/asn1/tasn_fre.c → crypto/asn1/tasn_fre.c
View File
src/crypto/asn1/tasn_new.c → crypto/asn1/tasn_new.c
View File
src/crypto/asn1/tasn_typ.c → crypto/asn1/tasn_typ.c
View File
src/crypto/asn1/tasn_utl.c → crypto/asn1/tasn_utl.c
View File
src/crypto/asn1/time_support.c → crypto/asn1/time_support.c
View File
crypto/base64/CMakeLists.txt
+9
View File
@@ -0,0 +1,9 @@
include_directories(../../include)
add_library(
base64
OBJECT
base64.c
)
src/crypto/base64/base64.c → crypto/base64/base64.c
+2 -2
View File
@@ -98,8 +98,8 @@ static uint8_t conv_bin2ascii(uint8_t a) {
return ret;
}
OPENSSL_STATIC_ASSERT(sizeof(((EVP_ENCODE_CTX *)(NULL))->data) % 3 == 0,
"data length must be a multiple of base64 chunk size");
OPENSSL_COMPILE_ASSERT(sizeof(((EVP_ENCODE_CTX *)(NULL))->data) % 3 == 0,
data_length_must_be_multiple_of_base64_chunk_size);
int EVP_EncodedLength(size_t *out_len, size_t len) {
if (len + 2 < len) {
src/crypto/base64/base64_test.cc → crypto/base64/base64_test.cc
+9 -9
View File
@@ -39,14 +39,14 @@ enum encoding_relation {
invalid,
};
struct Base64TestVector {
struct TestVector {
enum encoding_relation relation;
const char *decoded;
const char *encoded;
};
// Test vectors from RFC 4648.
static const Base64TestVector kTestVectors[] = {
static const TestVector kTestVectors[] = {
{canonical, "", ""},
{canonical, "f", "Zg==\n"},
{canonical, "fo", "Zm8=\n"},
@@ -103,9 +103,9 @@ static const Base64TestVector kTestVectors[] = {
"=======\n"},
};
class Base64Test : public testing::TestWithParam<Base64TestVector> {};
class Base64Test : public testing::TestWithParam<TestVector> {};
INSTANTIATE_TEST_SUITE_P(All, Base64Test, testing::ValuesIn(kTestVectors));
INSTANTIATE_TEST_CASE_P(, Base64Test, testing::ValuesIn(kTestVectors));
// RemoveNewlines returns a copy of |in| with all '\n' characters removed.
static std::string RemoveNewlines(const char *in) {
@@ -122,7 +122,7 @@ static std::string RemoveNewlines(const char *in) {
}
TEST_P(Base64Test, EncodeBlock) {
const Base64TestVector &t = GetParam();
const TestVector &t = GetParam();
if (t.relation != canonical) {
return;
}
@@ -140,7 +140,7 @@ TEST_P(Base64Test, EncodeBlock) {
}
TEST_P(Base64Test, DecodeBase64) {
const Base64TestVector &t = GetParam();
const TestVector &t = GetParam();
if (t.relation == valid) {
// The non-canonical encodings will generally have odd whitespace etc
// that |EVP_DecodeBase64| will reject.
@@ -164,7 +164,7 @@ TEST_P(Base64Test, DecodeBase64) {
}
TEST_P(Base64Test, DecodeBlock) {
const Base64TestVector &t = GetParam();
const TestVector &t = GetParam();
if (t.relation != canonical) {
return;
}
@@ -188,7 +188,7 @@ TEST_P(Base64Test, DecodeBlock) {
}
TEST_P(Base64Test, EncodeDecode) {
const Base64TestVector &t = GetParam();
const TestVector &t = GetParam();
EVP_ENCODE_CTX ctx;
const size_t decoded_len = strlen(t.decoded);
@@ -246,7 +246,7 @@ TEST_P(Base64Test, EncodeDecode) {
}
TEST_P(Base64Test, DecodeUpdateStreaming) {
const Base64TestVector &t = GetParam();
const TestVector &t = GetParam();
if (t.relation == invalid) {
return;
}
crypto/bio/CMakeLists.txt
+18
View File
@@ -0,0 +1,18 @@
include_directories(../../include)
add_library(
bio
OBJECT
bio.c
bio_mem.c
connect.c
fd.c
file.c
hexdump.c
pair.c
printf.c
socket.c
socket_helper.c
)
src/crypto/bio/bio.c → crypto/bio/bio.c
+9 -73
View File
@@ -61,7 +61,6 @@
#include <limits.h>
#include <string.h>
#include <openssl/asn1.h>
#include <openssl/err.h>
#include <openssl/mem.h>
#include <openssl/thread.h>
@@ -178,19 +177,6 @@ int BIO_write(BIO *bio, const void *in, int inl) {
return ret;
}
int BIO_write_all(BIO *bio, const void *data, size_t len) {
const uint8_t *data_u8 = data;
while (len > 0) {
int ret = BIO_write(bio, data_u8, len > INT_MAX ? INT_MAX : (int)len);
if (ret <= 0) {
return 0;
}
data_u8 += ret;
len -= ret;
}
return 1;
}
int BIO_puts(BIO *bio, const char *in) {
return BIO_write(bio, in, strlen(in));
}
@@ -482,52 +468,11 @@ static int bio_read_all(BIO *bio, uint8_t **out, size_t *out_len,
}
}
// bio_read_full reads |len| bytes |bio| and writes them into |out|. It
// tolerates partial reads from |bio| and returns one on success or zero if a
// read fails before |len| bytes are read. On failure, it additionally sets
// |*out_eof_on_first_read| to whether the error was due to |bio| returning zero
// on the first read. |out_eof_on_first_read| may be NULL to discard the value.
static int bio_read_full(BIO *bio, uint8_t *out, int *out_eof_on_first_read,
size_t len) {
int first_read = 1;
while (len > 0) {
int todo = len <= INT_MAX ? (int)len : INT_MAX;
int ret = BIO_read(bio, out, todo);
if (ret <= 0) {
if (out_eof_on_first_read != NULL) {
*out_eof_on_first_read = first_read && ret == 0;
}
return 0;
}
out += ret;
len -= (size_t)ret;
first_read = 0;
}
return 1;
}
// For compatibility with existing |d2i_*_bio| callers, |BIO_read_asn1| uses
// |ERR_LIB_ASN1| errors.
OPENSSL_DECLARE_ERROR_REASON(ASN1, ASN1_R_DECODE_ERROR)
OPENSSL_DECLARE_ERROR_REASON(ASN1, ASN1_R_HEADER_TOO_LONG)
OPENSSL_DECLARE_ERROR_REASON(ASN1, ASN1_R_NOT_ENOUGH_DATA)
OPENSSL_DECLARE_ERROR_REASON(ASN1, ASN1_R_TOO_LONG)
int BIO_read_asn1(BIO *bio, uint8_t **out, size_t *out_len, size_t max_len) {
uint8_t header[6];
static const size_t kInitialHeaderLen = 2;
int eof_on_first_read;
if (!bio_read_full(bio, header, &eof_on_first_read, kInitialHeaderLen)) {
if (eof_on_first_read) {
// Historically, OpenSSL returned |ASN1_R_HEADER_TOO_LONG| when
// |d2i_*_bio| could not read anything. CPython conditions on this to
// determine if |bio| was empty.
OPENSSL_PUT_ERROR(ASN1, ASN1_R_HEADER_TOO_LONG);
} else {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NOT_ENOUGH_DATA);
}
if (BIO_read(bio, header, kInitialHeaderLen) != (int) kInitialHeaderLen) {
return 0;
}
@@ -536,7 +481,6 @@ int BIO_read_asn1(BIO *bio, uint8_t **out, size_t *out_len, size_t max_len) {
if ((tag & 0x1f) == 0x1f) {
// Long form tags are not supported.
OPENSSL_PUT_ERROR(ASN1, ASN1_R_DECODE_ERROR);
return 0;
}
@@ -550,40 +494,34 @@ int BIO_read_asn1(BIO *bio, uint8_t **out, size_t *out_len, size_t max_len) {
if ((tag & 0x20 /* constructed */) != 0 && num_bytes == 0) {
// indefinite length.
if (!bio_read_all(bio, out, out_len, header, kInitialHeaderLen,
max_len)) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NOT_ENOUGH_DATA);
return 0;
}
return 1;
return bio_read_all(bio, out, out_len, header, kInitialHeaderLen,
max_len);
}
if (num_bytes == 0 || num_bytes > 4) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_DECODE_ERROR);
return 0;
}
if (!bio_read_full(bio, header + kInitialHeaderLen, NULL, num_bytes)) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NOT_ENOUGH_DATA);
if (BIO_read(bio, header + kInitialHeaderLen, num_bytes) !=
(int)num_bytes) {
return 0;
}
header_len = kInitialHeaderLen + num_bytes;
uint32_t len32 = 0;
for (unsigned i = 0; i < num_bytes; i++) {
unsigned i;
for (i = 0; i < num_bytes; i++) {
len32 <<= 8;
len32 |= header[kInitialHeaderLen + i];
}
if (len32 < 128) {
// Length should have used short-form encoding.
OPENSSL_PUT_ERROR(ASN1, ASN1_R_DECODE_ERROR);
return 0;
}
if ((len32 >> ((num_bytes-1)*8)) == 0) {
// Length should have been at least one byte shorter.
OPENSSL_PUT_ERROR(ASN1, ASN1_R_DECODE_ERROR);
return 0;
}
@@ -593,7 +531,6 @@ int BIO_read_asn1(BIO *bio, uint8_t **out, size_t *out_len, size_t max_len) {
if (len + header_len < len ||
len + header_len > max_len ||
len > INT_MAX) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_TOO_LONG);
return 0;
}
len += header_len;
@@ -601,12 +538,11 @@ int BIO_read_asn1(BIO *bio, uint8_t **out, size_t *out_len, size_t max_len) {
*out = OPENSSL_malloc(len);
if (*out == NULL) {
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
return 0;
}
OPENSSL_memcpy(*out, header, header_len);
if (!bio_read_full(bio, (*out) + header_len, NULL, len - header_len)) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NOT_ENOUGH_DATA);
if (BIO_read(bio, (*out) + header_len, len - header_len) !=
(int) (len - header_len)) {
OPENSSL_free(*out);
return 0;
}
src/crypto/bio/bio_mem.c → crypto/bio/bio_mem.c
View File
src/crypto/bio/bio_test.cc → crypto/bio/bio_test.cc
+2 -2
View File
@@ -220,7 +220,7 @@ TEST_P(BIOASN1Test, ReadASN1) {
}
}
INSTANTIATE_TEST_SUITE_P(All, BIOASN1Test, testing::ValuesIn(kASN1TestParams));
INSTANTIATE_TEST_CASE_P(, BIOASN1Test, testing::ValuesIn(kASN1TestParams));
// Run through the tests twice, swapping |bio1| and |bio2|, for symmetry.
class BIOPairTest : public testing::TestWithParam<bool> {};
@@ -322,4 +322,4 @@ TEST_P(BIOPairTest, TestPair) {
EXPECT_EQ(Bytes("12345"), Bytes(buf, 5));
}
INSTANTIATE_TEST_SUITE_P(All, BIOPairTest, testing::Values(false, true));
INSTANTIATE_TEST_CASE_P(, BIOPairTest, testing::Values(false, true));
src/crypto/bio/connect.c → crypto/bio/connect.c
+4 -7
View File
@@ -56,8 +56,6 @@
#include <openssl/bio.h>
#if !defined(OPENSSL_TRUSTY)
#include <assert.h>
#include <errno.h>
#include <string.h>
@@ -74,6 +72,7 @@ OPENSSL_MSVC_PRAGMA(warning(push, 3))
OPENSSL_MSVC_PRAGMA(warning(pop))
#endif
#include <openssl/buf.h>
#include <openssl/err.h>
#include <openssl/mem.h>
@@ -148,7 +147,7 @@ static int split_host_and_port(char **out_host, char **out_port, const char *nam
}
}
*out_host = OPENSSL_strndup(host, host_len);
*out_host = BUF_strndup(host, host_len);
if (*out_host == NULL) {
return 0;
}
@@ -428,13 +427,13 @@ static long conn_ctrl(BIO *bio, int cmd, long num, void *ptr) {
bio->init = 1;
if (num == 0) {
OPENSSL_free(data->param_hostname);
data->param_hostname = OPENSSL_strdup(ptr);
data->param_hostname = BUF_strdup(ptr);
if (data->param_hostname == NULL) {
ret = 0;
}
} else if (num == 1) {
OPENSSL_free(data->param_port);
data->param_port = OPENSSL_strdup(ptr);
data->param_port = BUF_strdup(ptr);
if (data->param_port == NULL) {
ret = 0;
}
@@ -541,5 +540,3 @@ int BIO_set_nbio(BIO *bio, int on) {
int BIO_do_connect(BIO *bio) {
return BIO_ctrl(bio, BIO_C_DO_STATE_MACHINE, 0, NULL);
}
#endif // OPENSSL_TRUSTY
src/crypto/bio/fd.c → crypto/bio/fd.c
+1 -4
View File
@@ -56,8 +56,6 @@
#include <openssl/bio.h>
#if !defined(OPENSSL_TRUSTY)
#include <errno.h>
#include <string.h>
@@ -70,6 +68,7 @@ OPENSSL_MSVC_PRAGMA(warning(push, 3))
OPENSSL_MSVC_PRAGMA(warning(pop))
#endif
#include <openssl/buf.h>
#include <openssl/err.h>
#include <openssl/mem.h>
@@ -275,5 +274,3 @@ int BIO_set_fd(BIO *bio, int fd, int close_flag) {
int BIO_get_fd(BIO *bio, int *out_fd) {
return BIO_ctrl(bio, BIO_C_GET_FD, 0, (char *) out_fd);
}
#endif // OPENSSL_TRUSTY
src/crypto/bio/file.c → crypto/bio/file.c
+8 -10
View File
@@ -73,12 +73,11 @@
#include <openssl/bio.h>
#if !defined(OPENSSL_TRUSTY)
#include <errno.h>
#include <stdio.h>
#include <string.h>
#include <openssl/buf.h>
#include <openssl/err.h>
#include <openssl/mem.h>
@@ -106,12 +105,13 @@ BIO *BIO_new_file(const char *filename, const char *mode) {
return NULL;
}
ret = BIO_new_fp(file, BIO_CLOSE);
ret = BIO_new(BIO_s_file());
if (ret == NULL) {
fclose(file);
return NULL;
}
BIO_set_fp(ret, file, BIO_CLOSE);
return ret;
}
@@ -207,16 +207,16 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) {
b->shutdown = (int)num & BIO_CLOSE;
if (num & BIO_FP_APPEND) {
if (num & BIO_FP_READ) {
OPENSSL_strlcpy(p, "a+", sizeof(p));
BUF_strlcpy(p, "a+", sizeof(p));
} else {
OPENSSL_strlcpy(p, "a", sizeof(p));
BUF_strlcpy(p, "a", sizeof(p));
}
} else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE)) {
OPENSSL_strlcpy(p, "r+", sizeof(p));
BUF_strlcpy(p, "r+", sizeof(p));
} else if (num & BIO_FP_WRITE) {
OPENSSL_strlcpy(p, "w", sizeof(p));
BUF_strlcpy(p, "w", sizeof(p));
} else if (num & BIO_FP_READ) {
OPENSSL_strlcpy(p, "r", sizeof(p));
BUF_strlcpy(p, "r", sizeof(p));
} else {
OPENSSL_PUT_ERROR(BIO, BIO_R_BAD_FOPEN_MODE);
ret = 0;
@@ -313,5 +313,3 @@ int BIO_rw_filename(BIO *bio, const char *filename) {
return BIO_ctrl(bio, BIO_C_SET_FILENAME,
BIO_CLOSE | BIO_FP_READ | BIO_FP_WRITE, (char *)filename);
}
#endif // OPENSSL_TRUSTY
src/crypto/bio/hexdump.c → crypto/bio/hexdump.c
View File
src/crypto/bio/internal.h → crypto/bio/internal.h
View File
src/crypto/bio/pair.c → crypto/bio/pair.c
+1
View File
@@ -55,6 +55,7 @@
#include <assert.h>
#include <string.h>
#include <openssl/buf.h>
#include <openssl/err.h>
#include <openssl/mem.h>
src/crypto/bio/printf.c → crypto/bio/printf.c
View File
src/crypto/bio/socket.c → crypto/bio/socket.c
-4
View File
@@ -57,8 +57,6 @@
#include <openssl/bio.h>
#if !defined(OPENSSL_TRUSTY)
#include <fcntl.h>
#include <string.h>
@@ -202,5 +200,3 @@ BIO *BIO_new_socket(int fd, int close_flag) {
BIO_set_fd(ret, fd, close_flag);
return ret;
}
#endif // OPENSSL_TRUSTY
src/crypto/bio/socket_helper.c → crypto/bio/socket_helper.c
-4
View File
@@ -18,8 +18,6 @@
#include <openssl/bio.h>
#include <openssl/err.h>
#if !defined(OPENSSL_TRUSTY)
#include <fcntl.h>
#include <string.h>
#include <sys/types.h>
@@ -114,5 +112,3 @@ int bio_sock_error(int sock) {
}
return error;
}
#endif // OPENSSL_TRUSTY
crypto/bn_extra/CMakeLists.txt
+10
View File
@@ -0,0 +1,10 @@
include_directories(../../include)
add_library(
bn_extra
OBJECT
bn_asn1.c
convert.c
)
src/crypto/bn_extra/bn_asn1.c → crypto/bn_extra/bn_asn1.c
View File
src/crypto/bn_extra/convert.c → crypto/bn_extra/convert.c
+7 -11
View File
@@ -367,13 +367,17 @@ end:
}
int BN_print_fp(FILE *fp, const BIGNUM *a) {
BIO *b = BIO_new_fp(fp, BIO_NOCLOSE);
BIO *b;
int ret;
b = BIO_new(BIO_s_file());
if (b == NULL) {
return 0;
}
int ret = BN_print(b, a);
BIO_set_fp(b, fp, BIO_NOCLOSE);
ret = BN_print(b, a);
BIO_free(b);
return ret;
}
@@ -460,11 +464,3 @@ BIGNUM *BN_mpi2bn(const uint8_t *in, size_t len, BIGNUM *out) {
}
return out;
}
int BN_bn2binpad(const BIGNUM *in, uint8_t *out, int len) {
if (len < 0 ||
!BN_bn2bin_padded(out, (size_t)len, in)) {
return -1;
}
return len;
}
crypto/buf/CMakeLists.txt
+9
View File
@@ -0,0 +1,9 @@
include_directories(../../include)
add_library(
buf
OBJECT
buf.c
)
src/crypto/buf/buf.c → crypto/buf/buf.c
+69 -10
View File
@@ -132,10 +132,6 @@ size_t BUF_MEM_grow_clean(BUF_MEM *buf, size_t len) {
}
int BUF_MEM_append(BUF_MEM *buf, const void *in, size_t len) {
// Work around a C language bug. See https://crbug.com/1019588.
if (len == 0) {
return 1;
}
size_t new_len = buf->length + len;
if (new_len < len) {
OPENSSL_PUT_ERROR(BUF, ERR_R_OVERFLOW);
@@ -149,24 +145,87 @@ int BUF_MEM_append(BUF_MEM *buf, const void *in, size_t len) {
return 1;
}
char *BUF_strdup(const char *str) { return OPENSSL_strdup(str); }
char *BUF_strdup(const char *str) {
if (str == NULL) {
return NULL;
}
return BUF_strndup(str, strlen(str));
}
size_t BUF_strnlen(const char *str, size_t max_len) {
return OPENSSL_strnlen(str, max_len);
size_t i;
for (i = 0; i < max_len; i++) {
if (str[i] == 0) {
break;
}
}
return i;
}
char *BUF_strndup(const char *str, size_t size) {
return OPENSSL_strndup(str, size);
char *ret;
size_t alloc_size;
if (str == NULL) {
return NULL;
}
size = BUF_strnlen(str, size);
alloc_size = size + 1;
if (alloc_size < size) {
// overflow
OPENSSL_PUT_ERROR(BUF, ERR_R_MALLOC_FAILURE);
return NULL;
}
ret = OPENSSL_malloc(alloc_size);
if (ret == NULL) {
OPENSSL_PUT_ERROR(BUF, ERR_R_MALLOC_FAILURE);
return NULL;
}
OPENSSL_memcpy(ret, str, size);
ret[size] = '\0';
return ret;
}
size_t BUF_strlcpy(char *dst, const char *src, size_t dst_size) {
return OPENSSL_strlcpy(dst, src, dst_size);
size_t l = 0;
for (; dst_size > 1 && *src; dst_size--) {
*dst++ = *src++;
l++;
}
if (dst_size) {
*dst = 0;
}
return l + strlen(src);
}
size_t BUF_strlcat(char *dst, const char *src, size_t dst_size) {
return OPENSSL_strlcat(dst, src, dst_size);
size_t l = 0;
for (; dst_size > 0 && *dst; dst_size--, dst++) {
l++;
}
return l + BUF_strlcpy(dst, src, dst_size);
}
void *BUF_memdup(const void *data, size_t size) {
return OPENSSL_memdup(data, size);
if (size == 0) {
return NULL;
}
void *ret = OPENSSL_malloc(size);
if (ret == NULL) {
OPENSSL_PUT_ERROR(BUF, ERR_R_MALLOC_FAILURE);
return NULL;
}
OPENSSL_memcpy(ret, data, size);
return ret;
}
src/crypto/buf/buf_test.cc → crypto/buf/buf_test.cc
View File
crypto/bytestring/CMakeLists.txt
+12
View File
@@ -0,0 +1,12 @@
include_directories(../../include)
add_library(
bytestring
OBJECT
asn1_compat.c
ber.c
cbs.c
cbb.c
)
src/crypto/bytestring/asn1_compat.c → crypto/bytestring/asn1_compat.c
View File
src/crypto/bytestring/ber.c → crypto/bytestring/ber.c
+4 -8
View File
@@ -189,7 +189,7 @@ static int cbs_convert_ber(CBS *in, CBB *out, unsigned string_tag,
return looking_for_eoc == 0;
}
int CBS_asn1_ber_to_der(CBS *in, CBS *out, uint8_t **out_storage) {
int CBS_asn1_ber_to_der(CBS *in, uint8_t **out, size_t *out_len) {
CBB cbb;
// First, do a quick walk to find any indefinite-length elements. Most of the
@@ -200,22 +200,18 @@ int CBS_asn1_ber_to_der(CBS *in, CBS *out, uint8_t **out_storage) {
}
if (!conversion_needed) {
if (!CBS_get_any_asn1_element(in, out, NULL, NULL)) {
return 0;
}
*out_storage = NULL;
*out = NULL;
*out_len = 0;
return 1;
}
size_t len;
if (!CBB_init(&cbb, CBS_len(in)) ||
!cbs_convert_ber(in, &cbb, 0, 0, 0) ||
!CBB_finish(&cbb, out_storage, &len)) {
!CBB_finish(&cbb, out, out_len)) {
CBB_cleanup(&cbb);
return 0;
}
CBS_init(out, *out_storage, len);
return 1;
}
src/crypto/bytestring/bytestring_test.cc → crypto/bytestring/bytestring_test.cc
+18 -324
View File
@@ -12,6 +12,10 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
#if !defined(__STDC_CONSTANT_MACROS)
#define __STDC_CONSTANT_MACROS
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -42,12 +46,10 @@ TEST(CBSTest, Skip) {
}
TEST(CBSTest, GetUint) {
static const uint8_t kData[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
11, 12, 13, 14, 15, 16, 17, 18, 19, 20};
static const uint8_t kData[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12};
uint8_t u8;
uint16_t u16;
uint32_t u32;
uint64_t u64;
CBS data;
CBS_init(&data, kData, sizeof(kData));
@@ -59,22 +61,12 @@ TEST(CBSTest, GetUint) {
EXPECT_EQ(0x40506u, u32);
ASSERT_TRUE(CBS_get_u32(&data, &u32));
EXPECT_EQ(0x708090au, u32);
ASSERT_TRUE(CBS_get_u64(&data, &u64));
EXPECT_EQ(0xb0c0d0e0f101112u, u64);
ASSERT_TRUE(CBS_get_last_u8(&data, &u8));
EXPECT_EQ(0x14u, u8);
EXPECT_EQ(0xcu, u8);
ASSERT_TRUE(CBS_get_last_u8(&data, &u8));
EXPECT_EQ(0x13u, u8);
EXPECT_EQ(0xbu, u8);
EXPECT_FALSE(CBS_get_u8(&data, &u8));
EXPECT_FALSE(CBS_get_last_u8(&data, &u8));
CBS_init(&data, kData, sizeof(kData));
ASSERT_TRUE(CBS_get_u16le(&data, &u16));
EXPECT_EQ(0x0201u, u16);
ASSERT_TRUE(CBS_get_u32le(&data, &u32));
EXPECT_EQ(0x06050403u, u32);
ASSERT_TRUE(CBS_get_u64le(&data, &u64));
EXPECT_EQ(0x0e0d0c0b0a090807u, u64);
}
TEST(CBSTest, GetPrefixed) {
@@ -322,11 +314,7 @@ TEST(CBBTest, InitUninitialized) {
}
TEST(CBBTest, Basic) {
static const uint8_t kExpected[] = {1, 2, 3, 4, 5, 6, 7,
8, 9, 0xa, 0xb, 0xc, 0xd, 0xe,
0xf, 0x10, 0x11, 0x12, 0x13, 0x14, 3, 2,
10, 9, 8, 7, 0x12, 0x11, 0x10,
0xf, 0xe, 0xd, 0xc, 0xb};
static const uint8_t kExpected[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 0xa, 0xb, 0xc};
uint8_t *buf;
size_t buf_len;
@@ -339,11 +327,7 @@ TEST(CBBTest, Basic) {
ASSERT_TRUE(CBB_add_u16(cbb.get(), 0x203));
ASSERT_TRUE(CBB_add_u24(cbb.get(), 0x40506));
ASSERT_TRUE(CBB_add_u32(cbb.get(), 0x708090a));
ASSERT_TRUE(CBB_add_u64(cbb.get(), 0xb0c0d0e0f101112));
ASSERT_TRUE(CBB_add_bytes(cbb.get(), (const uint8_t *)"\x13\x14", 2));
ASSERT_TRUE(CBB_add_u16le(cbb.get(), 0x203));
ASSERT_TRUE(CBB_add_u32le(cbb.get(), 0x708090a));
ASSERT_TRUE(CBB_add_u64le(cbb.get(), 0xb0c0d0e0f101112));
ASSERT_TRUE(CBB_add_bytes(cbb.get(), (const uint8_t *)"\x0b\x0c", 2));
ASSERT_TRUE(CBB_finish(cbb.get(), &buf, &buf_len));
bssl::UniquePtr<uint8_t> scoper(buf);
@@ -574,18 +558,19 @@ static void ExpectBerConvert(const char *name, const uint8_t *der_expected,
size_t der_len, const uint8_t *ber,
size_t ber_len) {
SCOPED_TRACE(name);
CBS in, out;
uint8_t *storage;
CBS in;
uint8_t *out;
size_t out_len;
CBS_init(&in, ber, ber_len);
ASSERT_TRUE(CBS_asn1_ber_to_der(&in, &out, &storage));
bssl::UniquePtr<uint8_t> scoper(storage);
ASSERT_TRUE(CBS_asn1_ber_to_der(&in, &out, &out_len));
bssl::UniquePtr<uint8_t> scoper(out);
EXPECT_EQ(Bytes(der_expected, der_len), Bytes(CBS_data(&out), CBS_len(&out)));
if (storage != nullptr) {
EXPECT_NE(Bytes(der_expected, der_len), Bytes(ber, ber_len));
} else {
if (out == NULL) {
EXPECT_EQ(Bytes(der_expected, der_len), Bytes(ber, ber_len));
} else {
EXPECT_NE(Bytes(der_expected, der_len), Bytes(ber, ber_len));
EXPECT_EQ(Bytes(der_expected, der_len), Bytes(out, out_len));
}
}
@@ -767,79 +752,6 @@ TEST(CBSTest, ASN1Uint64) {
}
}
struct ASN1Int64Test {
int64_t value;
const char *encoding;
size_t encoding_len;
};
static const ASN1Int64Test kASN1Int64Tests[] = {
{0, "\x02\x01\x00", 3},
{1, "\x02\x01\x01", 3},
{-1, "\x02\x01\xff", 3},
{127, "\x02\x01\x7f", 3},
{-127, "\x02\x01\x81", 3},
{128, "\x02\x02\x00\x80", 4},
{-128, "\x02\x01\x80", 3},
{129, "\x02\x02\x00\x81", 4},
{-129, "\x02\x02\xff\x7f", 4},
{0xdeadbeef, "\x02\x05\x00\xde\xad\xbe\xef", 7},
{INT64_C(0x0102030405060708), "\x02\x08\x01\x02\x03\x04\x05\x06\x07\x08",
10},
{INT64_MIN, "\x02\x08\x80\x00\x00\x00\x00\x00\x00\x00", 10},
{INT64_MAX, "\x02\x08\x7f\xff\xff\xff\xff\xff\xff\xff", 10},
};
struct ASN1InvalidInt64Test {
const char *encoding;
size_t encoding_len;
};
static const ASN1InvalidInt64Test kASN1InvalidInt64Tests[] = {
// Bad tag.
{"\x03\x01\x00", 3},
// Empty contents.
{"\x02\x00", 2},
// Overflow.
{"\x02\x09\x01\x00\x00\x00\x00\x00\x00\x00\x00", 11},
// Leading zeros.
{"\x02\x02\x00\x01", 4},
// Leading 0xff.
{"\x02\x02\xff\xff", 4},
};
TEST(CBSTest, ASN1Int64) {
for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kASN1Int64Tests); i++) {
SCOPED_TRACE(i);
const ASN1Int64Test *test = &kASN1Int64Tests[i];
CBS cbs;
int64_t value;
uint8_t *out;
size_t len;
CBS_init(&cbs, (const uint8_t *)test->encoding, test->encoding_len);
ASSERT_TRUE(CBS_get_asn1_int64(&cbs, &value));
EXPECT_EQ(0u, CBS_len(&cbs));
EXPECT_EQ(test->value, value);
bssl::ScopedCBB cbb;
ASSERT_TRUE(CBB_init(cbb.get(), 0));
ASSERT_TRUE(CBB_add_asn1_int64(cbb.get(), test->value));
ASSERT_TRUE(CBB_finish(cbb.get(), &out, &len));
bssl::UniquePtr<uint8_t> scoper(out);
EXPECT_EQ(Bytes(test->encoding, test->encoding_len), Bytes(out, len));
}
for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kASN1InvalidInt64Tests); i++) {
const ASN1InvalidInt64Test *test = &kASN1InvalidInt64Tests[i];
CBS cbs;
int64_t value;
CBS_init(&cbs, (const uint8_t *)test->encoding, test->encoding_len);
EXPECT_FALSE(CBS_get_asn1_int64(&cbs, &value));
}
}
TEST(CBBTest, Zero) {
CBB cbb;
CBB_zero(&cbb);
@@ -1139,221 +1051,3 @@ TEST(CBBTest, FlushASN1SetOf) {
EXPECT_FALSE(CBB_flush_asn1_set_of(&child));
}
}
template <class T>
static std::vector<uint8_t> LiteralToBytes(const T *str) {
std::vector<uint8_t> ret;
for (; *str != 0; str++) {
for (size_t i = 0; i < sizeof(T); i++) {
ret.push_back(static_cast<uint8_t>(*str >> (8 * (sizeof(T) - 1 - i))));
}
}
return ret;
}
static std::vector<uint32_t> LiteralToCodePoints(const char32_t *str) {
std::vector<uint32_t> ret;
for (; *str != 0; str++) {
ret.push_back(static_cast<uint32_t>(*str));
}
return ret;
}
TEST(CBBTest, Unicode) {
struct {
int (*decode)(CBS *, uint32_t *);
int (*encode)(CBB *, uint32_t);
std::vector<uint8_t> in;
std::vector<uint32_t> out;
bool ok;
} kTests[] = {
{cbs_get_utf8, cbb_add_utf8,
// This test string captures all four cases in UTF-8.
LiteralToBytes(u8"Hello, 世界! ¡Hola, 🌎!"),
LiteralToCodePoints(U"Hello, 世界! ¡Hola, 🌎!"), true},
// Some invalid inputs adapted from
// http://www.cl.cam.ac.uk/~mgk25/ucs/examples/UTF-8-test.txt
// 2.1 First possible sequence of a certain length. (5- and 6-bit
// sequences no longer exist.)
{cbs_get_utf8, cbb_add_utf8, {0xf8, 0x88, 0x80, 0x80, 0x80}, {}, false},
{cbs_get_utf8,
cbb_add_utf8,
{0xfc, 0x84, 0x80, 0x80, 0x80, 0x80},
{},
false},
// 3.1 Unexpected continuation bytes.
{cbs_get_utf8, cbb_add_utf8, {0x80}, {}, false},
{cbs_get_utf8, cbb_add_utf8, {0xbf}, {}, false},
// 3.2 Lonely start characters.
{cbs_get_utf8, cbb_add_utf8, {0xc0, ' '}, {}, false},
{cbs_get_utf8, cbb_add_utf8, {0xe0, ' '}, {}, false},
{cbs_get_utf8, cbb_add_utf8, {0xf0, ' '}, {}, false},
// 3.3 Sequences with last continuation byte missing
{cbs_get_utf8, cbb_add_utf8, {0xc0}, {}, false},
{cbs_get_utf8, cbb_add_utf8, {0xe0, 0x80}, {}, false},
{cbs_get_utf8, cbb_add_utf8, {0xf0, 0x80, 0x80}, {}, false},
// Variation of the above with unexpected spaces.
{cbs_get_utf8, cbb_add_utf8, {0xe0, 0x80, ' '}, {}, false},
{cbs_get_utf8, cbb_add_utf8, {0xf0, 0x80, 0x80, ' '}, {}, false},
// 4.1 Examples of an overlong ASCII character
{cbs_get_utf8, cbb_add_utf8, {0xc0, 0xaf}, {}, false},
{cbs_get_utf8, cbb_add_utf8, {0xe0, 0x80, 0xaf}, {}, false},
{cbs_get_utf8, cbb_add_utf8, {0xf0, 0x80, 0x80, 0xaf}, {}, false},
// 4.2 Maximum overlong sequences
{cbs_get_utf8, cbb_add_utf8, {0xc1, 0xbf}, {}, false},
{cbs_get_utf8, cbb_add_utf8, {0xe0, 0x9f, 0xbf}, {}, false},
{cbs_get_utf8, cbb_add_utf8, {0xf0, 0x8f, 0xbf, 0xbf}, {}, false},
// 4.3 Overlong representation of the NUL character
{cbs_get_utf8, cbb_add_utf8, {0xc0, 0x80}, {}, false},
{cbs_get_utf8, cbb_add_utf8, {0xe0, 0x80, 0x80}, {}, false},
{cbs_get_utf8, cbb_add_utf8, {0xf0, 0x80, 0x80, 0x80}, {}, false},
// 5.1 Single UTF-16 surrogates
{cbs_get_utf8, cbb_add_utf8, {0xed, 0xa0, 0x80}, {}, false},
{cbs_get_utf8, cbb_add_utf8, {0xed, 0xad, 0xbf}, {}, false},
{cbs_get_utf8, cbb_add_utf8, {0xed, 0xae, 0x80}, {}, false},
{cbs_get_utf8, cbb_add_utf8, {0xed, 0xb0, 0x80}, {}, false},
{cbs_get_utf8, cbb_add_utf8, {0xed, 0xbe, 0x80}, {}, false},
{cbs_get_utf8, cbb_add_utf8, {0xed, 0xbf, 0xbf}, {}, false},
// 5.2 Paired UTF-16 surrogates
{cbs_get_utf8,
cbb_add_utf8,
{0xed, 0xa0, 0x80, 0xed, 0xb0, 0x80},
{},
false},
{cbs_get_utf8,
cbb_add_utf8,
{0xed, 0xa0, 0x80, 0xed, 0xbf, 0xbf},
{},
false},
{cbs_get_utf8,
cbb_add_utf8,
{0xed, 0xad, 0xbf, 0xed, 0xb0, 0x80},
{},
false},
{cbs_get_utf8,
cbb_add_utf8,
{0xed, 0xad, 0xbf, 0xed, 0xbf, 0xbf},
{},
false},
{cbs_get_utf8,
cbb_add_utf8,
{0xed, 0xae, 0x80, 0xed, 0xb0, 0x80},
{},
false},
{cbs_get_utf8,
cbb_add_utf8,
{0xed, 0xae, 0x80, 0xed, 0xbf, 0xbf},
{},
false},
{cbs_get_utf8,
cbb_add_utf8,
{0xed, 0xaf, 0xbf, 0xed, 0xb0, 0x80},
{},
false},
{cbs_get_utf8,
cbb_add_utf8,
{0xed, 0xaf, 0xbf, 0xed, 0xbf, 0xbf},
{},
false},
// 5.3 Noncharacter code positions
{cbs_get_utf8, cbb_add_utf8, {0xef, 0xbf, 0xbe}, {}, false},
{cbs_get_utf8, cbb_add_utf8, {0xef, 0xbf, 0xbf}, {}, false},
{cbs_get_utf8, cbb_add_utf8, {0xef, 0xb7, 0x90}, {}, false},
{cbs_get_utf8, cbb_add_utf8, {0xef, 0xb7, 0xaf}, {}, false},
{cbs_get_utf8, cbb_add_utf8, {0xf0, 0x9f, 0xbf, 0xbe}, {}, false},
{cbs_get_utf8, cbb_add_utf8, {0xf0, 0x9f, 0xbf, 0xbf}, {}, false},
{cbs_get_latin1, cbb_add_latin1, LiteralToBytes("\xa1Hola!"),
LiteralToCodePoints(U"¡Hola!"), true},
// UCS-2 matches UTF-16 on the BMP.
{cbs_get_ucs2_be, cbb_add_ucs2_be, LiteralToBytes(u"Hello, 世界!"),
LiteralToCodePoints(U"Hello, 世界!"), true},
// It does not support characters beyond the BMP.
{cbs_get_ucs2_be, cbb_add_ucs2_be,
LiteralToBytes(u"Hello, 世界! ¡Hola, 🌎!"),
LiteralToCodePoints(U"Hello, 世界! ¡Hola, "), false},
// Unpaired surrogates and non-characters are also rejected.
{cbs_get_ucs2_be, cbb_add_ucs2_be, {0xd8, 0x00}, {}, false},
{cbs_get_ucs2_be, cbb_add_ucs2_be, {0xff, 0xfe}, {}, false},
{cbs_get_utf32_be, cbb_add_utf32_be,
LiteralToBytes(U"Hello, 世界! ¡Hola, 🌎!"),
LiteralToCodePoints(U"Hello, 世界! ¡Hola, 🌎!"), true},
// Unpaired surrogates and non-characters are rejected.
{cbs_get_utf32_be, cbb_add_utf32_be, {0x00, 0x00, 0xd8, 0x00}, {}, false},
{cbs_get_utf32_be, cbb_add_utf32_be, {0x00, 0x00, 0xff, 0xfe}, {}, false},
// Test that the NUL character can be encoded.
{cbs_get_latin1, cbb_add_latin1, {0}, {0}, true},
{cbs_get_utf8, cbb_add_utf8, {0}, {0}, true},
{cbs_get_ucs2_be, cbb_add_ucs2_be, {0, 0}, {0}, true},
{cbs_get_utf32_be, cbb_add_utf32_be, {0, 0, 0, 0}, {0}, true},
};
for (const auto &t : kTests) {
SCOPED_TRACE(Bytes(t.in));
// Test decoding.
CBS cbs;
CBS_init(&cbs, t.in.data(), t.in.size());
std::vector<uint32_t> out;
bool ok = true;
while (CBS_len(&cbs) != 0) {
uint32_t u;
if (!t.decode(&cbs, &u)) {
ok = false;
break;
}
out.push_back(u);
}
EXPECT_EQ(t.ok, ok);
EXPECT_EQ(t.out, out);
// Test encoding.
if (t.ok) {
bssl::ScopedCBB cbb;
ASSERT_TRUE(CBB_init(cbb.get(), 0));
for (uint32_t u : t.out) {
ASSERT_TRUE(t.encode(cbb.get(), u));
}
EXPECT_EQ(Bytes(t.in), Bytes(CBB_data(cbb.get()), CBB_len(cbb.get())));
}
}
static const uint32_t kBadCodePoints[] = {
// Surrogate pairs.
0xd800,
0xdfff,
// Non-characters.
0xfffe,
0xffff,
0xfdd0,
0x1fffe,
0x1ffff,
// Too big.
0x110000,
};
bssl::ScopedCBB cbb;
ASSERT_TRUE(CBB_init(cbb.get(), 0));
for (uint32_t v : kBadCodePoints) {
SCOPED_TRACE(v);
EXPECT_FALSE(cbb_add_utf8(cbb.get(), v));
EXPECT_FALSE(cbb_add_latin1(cbb.get(), v));
EXPECT_FALSE(cbb_add_ucs2_be(cbb.get(), v));
EXPECT_FALSE(cbb_add_utf32_be(cbb.get(), v));
}
// Additional values that are out of range.
EXPECT_FALSE(cbb_add_latin1(cbb.get(), 0x100));
EXPECT_FALSE(cbb_add_ucs2_be(cbb.get(), 0x10000));
EXPECT_EQ(1u, cbb_get_utf8_len(0));
EXPECT_EQ(1u, cbb_get_utf8_len(0x7f));
EXPECT_EQ(2u, cbb_get_utf8_len(0x80));
EXPECT_EQ(2u, cbb_get_utf8_len(0x7ff));
EXPECT_EQ(3u, cbb_get_utf8_len(0x800));
EXPECT_EQ(3u, cbb_get_utf8_len(0xffff));
EXPECT_EQ(4u, cbb_get_utf8_len(0x10000));
EXPECT_EQ(4u, cbb_get_utf8_len(0x10ffff));
}
src/crypto/bytestring/cbb.c → crypto/bytestring/cbb.c
+9 -60
View File
@@ -18,6 +18,7 @@
#include <limits.h>
#include <string.h>
#include <openssl/buf.h>
#include <openssl/mem.h>
#include "../internal.h"
@@ -43,7 +44,7 @@ static int cbb_init(CBB *cbb, uint8_t *buf, size_t cap) {
base->error = 0;
cbb->base = base;
cbb->is_child = 0;
cbb->is_top_level = 1;
return 1;
}
@@ -75,14 +76,11 @@ int CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len) {
}
void CBB_cleanup(CBB *cbb) {
// Child |CBB|s are non-owning. They are implicitly discarded and should not
// be used with |CBB_cleanup| or |ScopedCBB|.
assert(!cbb->is_child);
if (cbb->is_child) {
return;
}
if (cbb->base) {
// Only top-level |CBB|s are cleaned up. Child |CBB|s are non-owning. They
// are implicitly discarded when the parent is flushed or cleaned up.
assert(cbb->is_top_level);
if (cbb->base->can_resize) {
OPENSSL_free(cbb->base->buf);
}
@@ -146,7 +144,7 @@ static int cbb_buffer_add(struct cbb_buffer_st *base, uint8_t **out,
return 1;
}
static int cbb_buffer_add_u(struct cbb_buffer_st *base, uint64_t v,
static int cbb_buffer_add_u(struct cbb_buffer_st *base, uint32_t v,
size_t len_len) {
if (len_len == 0) {
return 1;
@@ -171,7 +169,7 @@ static int cbb_buffer_add_u(struct cbb_buffer_st *base, uint64_t v,
}
int CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len) {
if (cbb->is_child) {
if (!cbb->is_top_level) {
return 0;
}
@@ -312,7 +310,6 @@ static int cbb_add_length_prefixed(CBB *cbb, CBB *out_contents,
OPENSSL_memset(prefix_bytes, 0, len_len);
OPENSSL_memset(out_contents, 0, sizeof(CBB));
out_contents->base = cbb->base;
out_contents->is_child = 1;
cbb->child = out_contents;
cbb->child->offset = offset;
cbb->child->pending_len_len = len_len;
@@ -384,7 +381,6 @@ int CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned tag) {
OPENSSL_memset(out_contents, 0, sizeof(CBB));
out_contents->base = cbb->base;
out_contents->is_child = 1;
cbb->child = out_contents;
cbb->child->offset = offset;
cbb->child->pending_len_len = 1;
@@ -447,10 +443,6 @@ int CBB_add_u16(CBB *cbb, uint16_t value) {
return cbb_buffer_add_u(cbb->base, value, 2);
}
int CBB_add_u16le(CBB *cbb, uint16_t value) {
return CBB_add_u16(cbb, CRYPTO_bswap2(value));
}
int CBB_add_u24(CBB *cbb, uint32_t value) {
if (!CBB_flush(cbb)) {
return 0;
@@ -467,21 +459,6 @@ int CBB_add_u32(CBB *cbb, uint32_t value) {
return cbb_buffer_add_u(cbb->base, value, 4);
}
int CBB_add_u32le(CBB *cbb, uint32_t value) {
return CBB_add_u32(cbb, CRYPTO_bswap4(value));
}
int CBB_add_u64(CBB *cbb, uint64_t value) {
if (!CBB_flush(cbb)) {
return 0;
}
return cbb_buffer_add_u(cbb->base, value, 8);
}
int CBB_add_u64le(CBB *cbb, uint64_t value) {
return CBB_add_u64(cbb, CRYPTO_bswap8(value));
}
void CBB_discard_child(CBB *cbb) {
if (cbb->child == NULL) {
return;
@@ -528,34 +505,6 @@ int CBB_add_asn1_uint64(CBB *cbb, uint64_t value) {
return CBB_flush(cbb);
}
int CBB_add_asn1_int64(CBB *cbb, int64_t value) {
if (value >= 0) {
return CBB_add_asn1_uint64(cbb, value);
}
union {
int64_t i;
uint8_t bytes[sizeof(int64_t)];
} u;
u.i = value;
int start = 7;
// Skip leading sign-extension bytes unless they are necessary.
while (start > 0 && (u.bytes[start] == 0xff && (u.bytes[start - 1] & 0x80))) {
start--;
}
CBB child;
if (!CBB_add_asn1(cbb, &child, CBS_ASN1_INTEGER)) {
return 0;
}
for (int i = start; i >= 0; i--) {
if (!CBB_add_u8(&child, u.bytes[i])) {
return 0;
}
}
return CBB_flush(cbb);
}
int CBB_add_asn1_octet_string(CBB *cbb, const uint8_t *data, size_t data_len) {
CBB child;
if (!CBB_add_asn1(cbb, &child, CBS_ASN1_OCTETSTRING) ||
@@ -688,7 +637,7 @@ int CBB_flush_asn1_set_of(CBB *cbb) {
// remain valid as we rewrite |cbb|.
int ret = 0;
size_t buf_len = CBB_len(cbb);
uint8_t *buf = OPENSSL_memdup(CBB_data(cbb), buf_len);
uint8_t *buf = BUF_memdup(CBB_data(cbb), buf_len);
CBS *children = OPENSSL_malloc(num_children * sizeof(CBS));
if (buf == NULL || children == NULL) {
goto err;
src/crypto/bytestring/cbs.c → crypto/bytestring/cbs.c
+18 -89
View File
@@ -12,6 +12,11 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
#if !defined(__STDC_FORMAT_MACROS)
#define __STDC_FORMAT_MACROS
#endif
#include <openssl/buf.h>
#include <openssl/mem.h>
#include <openssl/bytestring.h>
@@ -60,7 +65,7 @@ int CBS_stow(const CBS *cbs, uint8_t **out_ptr, size_t *out_len) {
if (cbs->len == 0) {
return 1;
}
*out_ptr = OPENSSL_memdup(cbs->data, cbs->len);
*out_ptr = BUF_memdup(cbs->data, cbs->len);
if (*out_ptr == NULL) {
return 0;
}
@@ -72,7 +77,7 @@ int CBS_strdup(const CBS *cbs, char **out_ptr) {
if (*out_ptr != NULL) {
OPENSSL_free(*out_ptr);
}
*out_ptr = OPENSSL_strndup((const char*)cbs->data, cbs->len);
*out_ptr = BUF_strndup((const char*)cbs->data, cbs->len);
return (*out_ptr != NULL);
}
@@ -87,8 +92,8 @@ int CBS_mem_equal(const CBS *cbs, const uint8_t *data, size_t len) {
return CRYPTO_memcmp(cbs->data, data, len) == 0;
}
static int cbs_get_u(CBS *cbs, uint64_t *out, size_t len) {
uint64_t result = 0;
static int cbs_get_u(CBS *cbs, uint32_t *out, size_t len) {
uint32_t result = 0;
const uint8_t *data;
if (!cbs_get(cbs, &data, len)) {
@@ -112,7 +117,7 @@ int CBS_get_u8(CBS *cbs, uint8_t *out) {
}
int CBS_get_u16(CBS *cbs, uint16_t *out) {
uint64_t v;
uint32_t v;
if (!cbs_get_u(cbs, &v, 2)) {
return 0;
}
@@ -120,50 +125,12 @@ int CBS_get_u16(CBS *cbs, uint16_t *out) {
return 1;
}
int CBS_get_u16le(CBS *cbs, uint16_t *out) {
if (!CBS_get_u16(cbs, out)) {
return 0;
}
*out = CRYPTO_bswap2(*out);
return 1;
}
int CBS_get_u24(CBS *cbs, uint32_t *out) {
uint64_t v;
if (!cbs_get_u(cbs, &v, 3)) {
return 0;
}
*out = v;
return 1;
return cbs_get_u(cbs, out, 3);
}
int CBS_get_u32(CBS *cbs, uint32_t *out) {
uint64_t v;
if (!cbs_get_u(cbs, &v, 4)) {
return 0;
}
*out = v;
return 1;
}
int CBS_get_u32le(CBS *cbs, uint32_t *out) {
if (!CBS_get_u32(cbs, out)) {
return 0;
}
*out = CRYPTO_bswap4(*out);
return 1;
}
int CBS_get_u64(CBS *cbs, uint64_t *out) {
return cbs_get_u(cbs, out, 8);
}
int CBS_get_u64le(CBS *cbs, uint64_t *out) {
if (!cbs_get_u(cbs, out, 8)) {
return 0;
}
*out = CRYPTO_bswap8(*out);
return 1;
return cbs_get_u(cbs, out, 4);
}
int CBS_get_last_u8(CBS *cbs, uint8_t *out) {
@@ -194,13 +161,10 @@ int CBS_copy_bytes(CBS *cbs, uint8_t *out, size_t len) {
}
static int cbs_get_length_prefixed(CBS *cbs, CBS *out, size_t len_len) {
uint64_t len;
uint32_t len;
if (!cbs_get_u(cbs, &len, len_len)) {
return 0;
}
// If |len_len| <= 3 then we know that |len| will fit into a |size_t|, even on
// 32-bit systems.
assert(len_len <= 3);
return CBS_get_bytes(cbs, out, len);
}
@@ -314,7 +278,7 @@ static int cbs_get_any_asn1_element(CBS *cbs, CBS *out, unsigned *out_tag,
// encode the number of subsequent octets used to encode the length (ITU-T
// X.690 clause 8.1.3.5.b).
const size_t num_bytes = length_byte & 0x7f;
uint64_t len64;
uint32_t len32;
if (ber_ok && (tag & CBS_ASN1_CONSTRUCTED) != 0 && num_bytes == 0) {
// indefinite length
@@ -330,20 +294,20 @@ static int cbs_get_any_asn1_element(CBS *cbs, CBS *out, unsigned *out_tag,
if (num_bytes == 0 || num_bytes > 4) {
return 0;
}
if (!cbs_get_u(&header, &len64, num_bytes)) {
if (!cbs_get_u(&header, &len32, num_bytes)) {
return 0;
}
// ITU-T X.690 section 10.1 (DER length forms) requires encoding the length
// with the minimum number of octets.
if (len64 < 128) {
if (len32 < 128) {
// Length should have used short-form encoding.
return 0;
}
if ((len64 >> ((num_bytes-1)*8)) == 0) {
if ((len32 >> ((num_bytes-1)*8)) == 0) {
// Length should have been at least one byte shorter.
return 0;
}
len = len64;
len = len32;
if (len + header_len + num_bytes < len) {
// Overflow.
return 0;
@@ -461,40 +425,6 @@ int CBS_get_asn1_uint64(CBS *cbs, uint64_t *out) {
return 1;
}
int CBS_get_asn1_int64(CBS *cbs, int64_t *out) {
CBS bytes;
if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_INTEGER)) {
return 0;
}
const uint8_t *data = CBS_data(&bytes);
const size_t len = CBS_len(&bytes);
if (len == 0 || len > sizeof(int64_t)) {
// An INTEGER is encoded with at least one octet.
return 0;
}
if (len > 1) {
if (data[0] == 0 && (data[1] & 0x80) == 0) {
return 0; // Extra leading zeros.
}
if (data[0] == 0xff && (data[1] & 0x80) != 0) {
return 0; // Extra leading 0xff.
}
}
union {
int64_t i;
uint8_t bytes[sizeof(int64_t)];
} u;
const int is_negative = (data[0] & 0x80);
memset(u.bytes, is_negative ? 0xff : 0, sizeof(u.bytes)); // Sign-extend.
for (size_t i = 0; i < len; i++) {
u.bytes[i] = data[len - i - 1];
}
*out = u.i;
return 1;
}
int CBS_get_asn1_bool(CBS *cbs, int *out) {
CBS bytes;
if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_BOOLEAN) ||
@@ -536,7 +466,6 @@ int CBS_get_optional_asn1_octet_string(CBS *cbs, CBS *out, int *out_present,
return 0;
}
if (present) {
assert(out);
if (!CBS_get_asn1(&child, out, CBS_ASN1_OCTETSTRING) ||
CBS_len(&child) != 0) {
return 0;
crypto/bytestring/internal.h
+75
View File
@@ -0,0 +1,75 @@
/* Copyright (c) 2014, Google Inc.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
#ifndef OPENSSL_HEADER_BYTESTRING_INTERNAL_H
#define OPENSSL_HEADER_BYTESTRING_INTERNAL_H
#include <openssl/base.h>
#if defined(__cplusplus)
extern "C" {
#endif
// CBS_asn1_ber_to_der reads a BER element from |in|. If it finds
// indefinite-length elements or constructed strings then it converts the BER
// data to DER and sets |*out| and |*out_length| to describe a malloced buffer
// containing the DER data. Additionally, |*in| will be advanced over the BER
// element.
//
// If it doesn't find any indefinite-length elements or constructed strings then
// it sets |*out| to NULL and |*in| is unmodified.
//
// This function should successfully process any valid BER input, however it
// will not convert all of BER's deviations from DER. BER is ambiguous between
// implicitly-tagged SEQUENCEs of strings and implicitly-tagged constructed
// strings. Implicitly-tagged strings must be parsed with
// |CBS_get_ber_implicitly_tagged_string| instead of |CBS_get_asn1|. The caller
// must also account for BER variations in the contents of a primitive.
//
// It returns one on success and zero otherwise.
OPENSSL_EXPORT int CBS_asn1_ber_to_der(CBS *in, uint8_t **out, size_t *out_len);
// CBS_get_asn1_implicit_string parses a BER string of primitive type
// |inner_tag| implicitly-tagged with |outer_tag|. It sets |out| to the
// contents. If concatenation was needed, it sets |*out_storage| to a buffer
// which the caller must release with |OPENSSL_free|. Otherwise, it sets
// |*out_storage| to NULL.
//
// This function does not parse all of BER. It requires the string be
// definite-length. Constructed strings are allowed, but all children of the
// outermost element must be primitive. The caller should use
// |CBS_asn1_ber_to_der| before running this function.
//
// It returns one on success and zero otherwise.
OPENSSL_EXPORT int CBS_get_asn1_implicit_string(CBS *in, CBS *out,
uint8_t **out_storage,
unsigned outer_tag,
unsigned inner_tag);
// CBB_finish_i2d calls |CBB_finish| on |cbb| which must have been initialized
// with |CBB_init|. If |outp| is not NULL then the result is written to |*outp|
// and |*outp| is advanced just past the output. It returns the number of bytes
// in the result, whether written or not, or a negative value on error. On
// error, it calls |CBB_cleanup| on |cbb|.
//
// This function may be used to help implement legacy i2d ASN.1 functions.
int CBB_finish_i2d(CBB *cbb, uint8_t **outp);
#if defined(__cplusplus)
} // extern C
#endif
#endif // OPENSSL_HEADER_BYTESTRING_INTERNAL_H
crypto/chacha/CMakeLists.txt
+48
View File
@@ -0,0 +1,48 @@
include_directories(../../include)
if (${ARCH} STREQUAL "arm")
set(
CHACHA_ARCH_SOURCES
chacha-armv4.${ASM_EXT}
)
endif()
if (${ARCH} STREQUAL "aarch64")
set(
CHACHA_ARCH_SOURCES
chacha-armv8.${ASM_EXT}
)
endif()
if (${ARCH} STREQUAL "x86")
set(
CHACHA_ARCH_SOURCES
chacha-x86.${ASM_EXT}
)
endif()
if (${ARCH} STREQUAL "x86_64")
set(
CHACHA_ARCH_SOURCES
chacha-x86_64.${ASM_EXT}
)
endif()
add_library(
chacha
OBJECT
chacha.c
${CHACHA_ARCH_SOURCES}
)
perlasm(chacha-armv4.${ASM_EXT} asm/chacha-armv4.pl)
perlasm(chacha-armv8.${ASM_EXT} asm/chacha-armv8.pl)
perlasm(chacha-x86.${ASM_EXT} asm/chacha-x86.pl)
perlasm(chacha-x86_64.${ASM_EXT} asm/chacha-x86_64.pl)
src/crypto/chacha/asm/chacha-armv4.pl → crypto/chacha/asm/chacha-armv4.pl
+3 -5
View File
@@ -44,11 +44,9 @@ if ($flavour && $flavour ne "void") {
( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or
die "can't locate arm-xlate.pl";
open OUT,"| \"$^X\" $xlate $flavour $output";
*STDOUT=*OUT;
open STDOUT,"| \"$^X\" $xlate $flavour $output";
} else {
open OUT,">$output";
*STDOUT=*OUT;
open STDOUT,">$output";
}
sub AUTOLOAD() # thunk [simplified] x86-style perlasm
@@ -1163,4 +1161,4 @@ foreach (split("\n",$code)) {
print $_,"\n";
}
close STDOUT or die "error closing STDOUT";
close STDOUT;
src/crypto/chacha/asm/chacha-armv8.pl → crypto/chacha/asm/chacha-armv8.pl
+19 -17
View File
@@ -122,32 +122,37 @@ my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2));
$code.=<<___;
#include <openssl/arm_arch.h>
.extern OPENSSL_armcap_P
.text
.section .rodata
.extern OPENSSL_armcap_P
.align 5
.Lsigma:
.quad 0x3320646e61707865,0x6b20657479622d32 // endian-neutral
.Lone:
.long 1,0,0,0
.LOPENSSL_armcap_P:
#ifdef __ILP32__
.long OPENSSL_armcap_P-.
#else
.quad OPENSSL_armcap_P-.
#endif
.asciz "ChaCha20 for ARMv8, CRYPTOGAMS by <appro\@openssl.org>"
.text
.globl ChaCha20_ctr32
.type ChaCha20_ctr32,%function
.align 5
ChaCha20_ctr32:
cbz $len,.Labort
#if __has_feature(hwaddress_sanitizer) && __clang_major__ >= 10
adrp @x[0],:pg_hi21_nc:OPENSSL_armcap_P
#else
adrp @x[0],:pg_hi21:OPENSSL_armcap_P
#endif
adr @x[0],.LOPENSSL_armcap_P
cmp $len,#192
b.lo .Lshort
ldr w17,[@x[0],:lo12:OPENSSL_armcap_P]
#ifdef __ILP32__
ldrsw @x[1],[@x[0]]
#else
ldr @x[1],[@x[0]]
#endif
ldr w17,[@x[1],@x[0]]
tst w17,#ARMV7_NEON
b.ne ChaCha20_neon
@@ -155,8 +160,7 @@ ChaCha20_ctr32:
stp x29,x30,[sp,#-96]!
add x29,sp,#0
adrp @x[0],:pg_hi21:.Lsigma
add @x[0],@x[0],:lo12:.Lsigma
adr @x[0],.Lsigma
stp x19,x20,[sp,#16]
stp x21,x22,[sp,#32]
stp x23,x24,[sp,#48]
@@ -376,8 +380,7 @@ ChaCha20_neon:
stp x29,x30,[sp,#-96]!
add x29,sp,#0
adrp @x[0],:pg_hi21:.Lsigma
add @x[0],@x[0],:lo12:.Lsigma
adr @x[0],.Lsigma
stp x19,x20,[sp,#16]
stp x21,x22,[sp,#32]
stp x23,x24,[sp,#48]
@@ -696,8 +699,7 @@ ChaCha20_512_neon:
stp x29,x30,[sp,#-96]!
add x29,sp,#0
adrp @x[0],:pg_hi21:.Lsigma
add @x[0],@x[0],:lo12:.Lsigma
adr @x[0],.Lsigma
stp x19,x20,[sp,#16]
stp x21,x22,[sp,#32]
stp x23,x24,[sp,#48]
@@ -1131,4 +1133,4 @@ foreach (split("\n",$code)) {
print $_,"\n";
}
close STDOUT or die "error closing STDOUT"; # flush
close STDOUT; # flush
src/crypto/chacha/asm/chacha-x86.pl → crypto/chacha/asm/chacha-x86.pl
+1 -1
View File
@@ -769,4 +769,4 @@ sub SSSE3ROUND { # critical path is 20 "SIMD ticks" per round
&asm_finish();
close STDOUT or die "error closing STDOUT";
close STDOUT;
src/crypto/chacha/asm/chacha-x86_64.pl → crypto/chacha/asm/chacha-x86_64.pl
+1 -37
View File
@@ -228,7 +228,6 @@ $code.=<<___;
.type ChaCha20_ctr32,\@function,5
.align 64
ChaCha20_ctr32:
.cfi_startproc
cmp \$0,$len
je .Lno_data
mov OPENSSL_ia32cap_P+4(%rip),%r10
@@ -242,19 +241,12 @@ $code.=<<___;
jnz .LChaCha20_ssse3
push %rbx
.cfi_push rbx
push %rbp
.cfi_push rbp
push %r12
.cfi_push r12
push %r13
.cfi_push r13
push %r14
.cfi_push r14
push %r15
.cfi_push r15
sub \$64+24,%rsp
.cfi_adjust_cfa_offset `64+24`
.Lctr32_body:
#movdqa .Lsigma(%rip),%xmm0
@@ -396,22 +388,14 @@ $code.=<<___;
.Ldone:
lea 64+24+48(%rsp),%rsi
mov -48(%rsi),%r15
.cfi_restore r15
mov -40(%rsi),%r14
.cfi_restore r14
mov -32(%rsi),%r13
.cfi_restore r13
mov -24(%rsi),%r12
.cfi_restore r12
mov -16(%rsi),%rbp
.cfi_restore rbp
mov -8(%rsi),%rbx
.cfi_restore rbx
lea (%rsi),%rsp
.cfi_adjust_cfa_offset `-64-24-48`
.Lno_data:
ret
.cfi_endproc
.size ChaCha20_ctr32,.-ChaCha20_ctr32
___
@@ -451,9 +435,7 @@ $code.=<<___;
.align 32
ChaCha20_ssse3:
.LChaCha20_ssse3:
.cfi_startproc
mov %rsp,%r9 # frame pointer
.cfi_def_cfa_register r9
___
$code.=<<___;
cmp \$128,$len # we might throw away some data,
@@ -565,10 +547,8 @@ $code.=<<___ if ($win64);
___
$code.=<<___;
lea (%r9),%rsp
.cfi_def_cfa_register rsp
.Lssse3_epilogue:
ret
.cfi_endproc
.size ChaCha20_ssse3,.-ChaCha20_ssse3
___
}
@@ -711,9 +691,7 @@ $code.=<<___;
.align 32
ChaCha20_4x:
.LChaCha20_4x:
.cfi_startproc
mov %rsp,%r9 # frame pointer
.cfi_def_cfa_register r9
mov %r10,%r11
___
$code.=<<___ if ($avx>1);
@@ -1153,10 +1131,8 @@ $code.=<<___ if ($win64);
___
$code.=<<___;
lea (%r9),%rsp
.cfi_def_cfa_register rsp
.L4x_epilogue:
ret
.cfi_endproc
.size ChaCha20_4x,.-ChaCha20_4x
___
}
@@ -1290,9 +1266,7 @@ $code.=<<___;
.align 32
ChaCha20_8x:
.LChaCha20_8x:
.cfi_startproc
mov %rsp,%r9 # frame register
.cfi_def_cfa_register r9
sub \$0x280+$xframe,%rsp
and \$-32,%rsp
___
@@ -1798,10 +1772,8 @@ $code.=<<___ if ($win64);
___
$code.=<<___;
lea (%r9),%rsp
.cfi_def_cfa_register rsp
.L8x_epilogue:
ret
.cfi_endproc
.size ChaCha20_8x,.-ChaCha20_8x
___
}
@@ -1839,9 +1811,7 @@ $code.=<<___;
.align 32
ChaCha20_avx512:
.LChaCha20_avx512:
.cfi_startproc
mov %rsp,%r9 # frame pointer
.cfi_def_cfa_register r9
cmp \$512,$len
ja .LChaCha20_16x
@@ -2021,10 +1991,8 @@ $code.=<<___ if ($win64);
___
$code.=<<___;
lea (%r9),%rsp
.cfi_def_cfa_register rsp
.Lavx512_epilogue:
ret
.cfi_endproc
.size ChaCha20_avx512,.-ChaCha20_avx512
___
}
@@ -2107,9 +2075,7 @@ $code.=<<___;
.align 32
ChaCha20_16x:
.LChaCha20_16x:
.cfi_startproc
mov %rsp,%r9 # frame register
.cfi_def_cfa_register r9
sub \$64+$xframe,%rsp
and \$-64,%rsp
___
@@ -2527,10 +2493,8 @@ $code.=<<___ if ($win64);
___
$code.=<<___;
lea (%r9),%rsp
.cfi_def_cfa_register rsp
.L16x_epilogue:
ret
.cfi_endproc
.size ChaCha20_16x,.-ChaCha20_16x
___
}
@@ -2782,4 +2746,4 @@ foreach (split("\n",$code)) {
print $_,"\n";
}
close STDOUT or die "error closing STDOUT";
close STDOUT;
src/crypto/chacha/chacha.c → crypto/chacha/chacha.c
+19 -36
View File
@@ -22,49 +22,19 @@
#include <openssl/cpu.h>
#include "../internal.h"
#include "internal.h"
#define U8TO32_LITTLE(p) \
(((uint32_t)((p)[0])) | ((uint32_t)((p)[1]) << 8) | \
((uint32_t)((p)[2]) << 16) | ((uint32_t)((p)[3]) << 24))
// sigma contains the ChaCha constants, which happen to be an ASCII string.
static const uint8_t sigma[16] = { 'e', 'x', 'p', 'a', 'n', 'd', ' ', '3',
'2', '-', 'b', 'y', 't', 'e', ' ', 'k' };
#if !defined(OPENSSL_NO_ASM) && \
(defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \
defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64))
#define ROTATE(v, n) (((v) << (n)) | ((v) >> (32 - (n))))
// QUARTERROUND updates a, b, c, d with a ChaCha "quarter" round.
#define QUARTERROUND(a, b, c, d) \
x[a] += x[b]; x[d] = ROTATE(x[d] ^ x[a], 16); \
x[c] += x[d]; x[b] = ROTATE(x[b] ^ x[c], 12); \
x[a] += x[b]; x[d] = ROTATE(x[d] ^ x[a], 8); \
x[c] += x[d]; x[b] = ROTATE(x[b] ^ x[c], 7);
void CRYPTO_hchacha20(uint8_t out[32], const uint8_t key[32],
const uint8_t nonce[16]) {
uint32_t x[16];
OPENSSL_memcpy(x, sigma, sizeof(sigma));
OPENSSL_memcpy(&x[4], key, 32);
OPENSSL_memcpy(&x[12], nonce, 16);
for (size_t i = 0; i < 20; i += 2) {
QUARTERROUND(0, 4, 8, 12)
QUARTERROUND(1, 5, 9, 13)
QUARTERROUND(2, 6, 10, 14)
QUARTERROUND(3, 7, 11, 15)
QUARTERROUND(0, 5, 10, 15)
QUARTERROUND(1, 6, 11, 12)
QUARTERROUND(2, 7, 8, 13)
QUARTERROUND(3, 4, 9, 14)
}
OPENSSL_memcpy(out, &x[0], sizeof(uint32_t) * 4);
OPENSSL_memcpy(&out[16], &x[12], sizeof(uint32_t) * 4);
}
#if defined(CHACHA20_ASM)
// ChaCha20_ctr32 is defined in asm/chacha-*.pl.
void ChaCha20_ctr32(uint8_t *out, const uint8_t *in, size_t in_len,
const uint32_t key[8], const uint32_t counter[4]);
void CRYPTO_chacha_20(uint8_t *out, const uint8_t *in, size_t in_len,
const uint8_t key[32], const uint8_t nonce[12],
@@ -99,6 +69,12 @@ void CRYPTO_chacha_20(uint8_t *out, const uint8_t *in, size_t in_len,
#else
// sigma contains the ChaCha constants, which happen to be an ASCII string.
static const uint8_t sigma[16] = { 'e', 'x', 'p', 'a', 'n', 'd', ' ', '3',
'2', '-', 'b', 'y', 't', 'e', ' ', 'k' };
#define ROTATE(v, n) (((v) << (n)) | ((v) >> (32 - (n))))
#define U32TO8_LITTLE(p, v) \
{ \
(p)[0] = (v >> 0) & 0xff; \
@@ -107,6 +83,13 @@ void CRYPTO_chacha_20(uint8_t *out, const uint8_t *in, size_t in_len,
(p)[3] = (v >> 24) & 0xff; \
}
// QUARTERROUND updates a, b, c, d with a ChaCha "quarter" round.
#define QUARTERROUND(a, b, c, d) \
x[a] += x[b]; x[d] = ROTATE(x[d] ^ x[a], 16); \
x[c] += x[d]; x[b] = ROTATE(x[b] ^ x[c], 12); \
x[a] += x[b]; x[d] = ROTATE(x[d] ^ x[a], 8); \
x[c] += x[d]; x[b] = ROTATE(x[b] ^ x[c], 7);
// chacha_core performs 20 rounds of ChaCha on the input words in
// |input| and writes the 64 output bytes to |output|.
static void chacha_core(uint8_t output[64], const uint32_t input[16]) {
src/crypto/chacha/chacha_test.cc → crypto/chacha/chacha_test.cc
-24
View File
@@ -23,9 +23,7 @@
#include <openssl/crypto.h>
#include <openssl/chacha.h>
#include "internal.h"
#include "../internal.h"
#include "../test/abi_test.h"
#include "../test/test_util.h"
@@ -236,25 +234,3 @@ TEST(ChaChaTest, TestVector) {
EXPECT_EQ(Bytes(kOutput, len), Bytes(buf.get(), len));
}
}
#if defined(CHACHA20_ASM) && defined(SUPPORTS_ABI_TEST)
TEST(ChaChaTest, ABI) {
uint32_t key[8];
OPENSSL_memcpy(key, kKey, sizeof(key));
static const uint32_t kCounterNonce[4] = {0};
std::unique_ptr<uint8_t[]> buf(new uint8_t[sizeof(kInput)]);
for (size_t len = 0; len <= 32; len++) {
SCOPED_TRACE(len);
CHECK_ABI(ChaCha20_ctr32, buf.get(), kInput, len, key, kCounterNonce);
}
for (size_t len : {32 * 2, 32 * 4, 32 * 8, 32 * 16, 32 * 24}) {
SCOPED_TRACE(len);
CHECK_ABI(ChaCha20_ctr32, buf.get(), kInput, len, key, kCounterNonce);
// Cover the partial block paths.
CHECK_ABI(ChaCha20_ctr32, buf.get(), kInput, len + 15, key, kCounterNonce);
}
}
#endif // CHACHA20_ASM && SUPPORTS_ABI_TEST
crypto/cipher_extra/CMakeLists.txt
+36
View File
@@ -0,0 +1,36 @@
include_directories(../../include)
if (${ARCH} STREQUAL "x86_64")
set(
CIPHER_ARCH_SOURCES
aes128gcmsiv-x86_64.${ASM_EXT}
chacha20_poly1305_x86_64.${ASM_EXT}
)
endif()
add_library(
cipher_extra
OBJECT
cipher_extra.c
derive_key.c
e_null.c
e_rc2.c
e_rc4.c
e_aesgcmsiv.c
e_aesctrhmac.c
e_aesccm.c
e_chacha20poly1305.c
tls_cbc.c
e_tls.c
e_ssl3.c
${CIPHER_ARCH_SOURCES}
)
perlasm(aes128gcmsiv-x86_64.${ASM_EXT} asm/aes128gcmsiv-x86_64.pl)
perlasm(chacha20_poly1305_x86_64.${ASM_EXT} asm/chacha20_poly1305_x86_64.pl)
crypto/cipher_extra/aead_test.cc
+691
View File
@@ -0,0 +1,691 @@
/* Copyright (c) 2014, Google Inc.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
#include <stdint.h>
#include <string.h>
#include <vector>
#include <gtest/gtest.h>
#include <openssl/aead.h>
#include <openssl/cipher.h>
#include <openssl/err.h>
#include "../fipsmodule/cipher/internal.h"
#include "../internal.h"
#include "../test/file_test.h"
#include "../test/test_util.h"
struct KnownAEAD {
const char name[40];
const EVP_AEAD *(*func)(void);
const char *test_vectors;
// limited_implementation indicates that tests that assume a generic AEAD
// interface should not be performed. For example, the key-wrap AEADs only
// handle inputs that are a multiple of eight bytes in length and the
// SSLv3/TLS AEADs have the concept of “direction”.
bool limited_implementation;
// truncated_tags is true if the AEAD supports truncating tags to arbitrary
// lengths.
bool truncated_tags;
// ad_len, if non-zero, is the required length of the AD.
size_t ad_len;
};
static const struct KnownAEAD kAEADs[] = {
{"AES_128_GCM", EVP_aead_aes_128_gcm, "aes_128_gcm_tests.txt", false, true,
0},
{"AES_128_GCM_NIST", EVP_aead_aes_128_gcm, "nist_cavp/aes_128_gcm.txt",
false, true, 0},
{"AES_256_GCM", EVP_aead_aes_256_gcm, "aes_256_gcm_tests.txt", false, true,
0},
{"AES_256_GCM_NIST", EVP_aead_aes_256_gcm, "nist_cavp/aes_256_gcm.txt",
false, true, 0},
#if !defined(OPENSSL_SMALL)
{"AES_128_GCM_SIV", EVP_aead_aes_128_gcm_siv, "aes_128_gcm_siv_tests.txt",
false, false, 0},
{"AES_256_GCM_SIV", EVP_aead_aes_256_gcm_siv, "aes_256_gcm_siv_tests.txt",
false, false, 0},
#endif
{"ChaCha20Poly1305", EVP_aead_chacha20_poly1305,
"chacha20_poly1305_tests.txt", false, true, 0},
{"AES_128_CBC_SHA1_TLS", EVP_aead_aes_128_cbc_sha1_tls,
"aes_128_cbc_sha1_tls_tests.txt", true, false, 11},
{"AES_128_CBC_SHA1_TLSImplicitIV",
EVP_aead_aes_128_cbc_sha1_tls_implicit_iv,
"aes_128_cbc_sha1_tls_implicit_iv_tests.txt", true, false, 11},
{"AES_128_CBC_SHA256_TLS", EVP_aead_aes_128_cbc_sha256_tls,
"aes_128_cbc_sha256_tls_tests.txt", true, false, 11},
{"AES_256_CBC_SHA1_TLS", EVP_aead_aes_256_cbc_sha1_tls,
"aes_256_cbc_sha1_tls_tests.txt", true, false, 11},
{"AES_256_CBC_SHA1_TLSImplicitIV",
EVP_aead_aes_256_cbc_sha1_tls_implicit_iv,
"aes_256_cbc_sha1_tls_implicit_iv_tests.txt", true, false, 11},
{"AES_256_CBC_SHA256_TLS", EVP_aead_aes_256_cbc_sha256_tls,
"aes_256_cbc_sha256_tls_tests.txt", true, false, 11},
{"AES_256_CBC_SHA384_TLS", EVP_aead_aes_256_cbc_sha384_tls,
"aes_256_cbc_sha384_tls_tests.txt", true, false, 11},
{"DES_EDE3_CBC_SHA1_TLS", EVP_aead_des_ede3_cbc_sha1_tls,
"des_ede3_cbc_sha1_tls_tests.txt", true, false, 11},
{"DES_EDE3_CBC_SHA1_TLSImplicitIV",
EVP_aead_des_ede3_cbc_sha1_tls_implicit_iv,
"des_ede3_cbc_sha1_tls_implicit_iv_tests.txt", true, false, 11},
{"AES_128_CBC_SHA1_SSL3", EVP_aead_aes_128_cbc_sha1_ssl3,
"aes_128_cbc_sha1_ssl3_tests.txt", true, false, 9},
{"AES_256_CBC_SHA1_SSL3", EVP_aead_aes_256_cbc_sha1_ssl3,
"aes_256_cbc_sha1_ssl3_tests.txt", true, false, 9},
{"DES_EDE3_CBC_SHA1_SSL3", EVP_aead_des_ede3_cbc_sha1_ssl3,
"des_ede3_cbc_sha1_ssl3_tests.txt", true, false, 9},
{"AES_128_CTR_HMAC_SHA256", EVP_aead_aes_128_ctr_hmac_sha256,
"aes_128_ctr_hmac_sha256.txt", false, true, 0},
{"AES_256_CTR_HMAC_SHA256", EVP_aead_aes_256_ctr_hmac_sha256,
"aes_256_ctr_hmac_sha256.txt", false, true, 0},
{"AES_128_CCM_BLUETOOTH", EVP_aead_aes_128_ccm_bluetooth,
"aes_128_ccm_bluetooth_tests.txt", false, false, 0},
};
class PerAEADTest : public testing::TestWithParam<KnownAEAD> {
public:
const EVP_AEAD *aead() { return GetParam().func(); }
};
INSTANTIATE_TEST_CASE_P(, PerAEADTest, testing::ValuesIn(kAEADs),
[](const testing::TestParamInfo<KnownAEAD> &params)
-> std::string { return params.param.name; });
// Tests an AEAD against a series of test vectors from a file, using the
// FileTest format. As an example, here's a valid test case:
//
// KEY: 5a19f3173586b4c42f8412f4d5a786531b3231753e9e00998aec12fda8df10e4
// NONCE: 978105dfce667bf4
// IN: 6a4583908d
// AD: b654574932
// CT: 5294265a60
// TAG: 1d45758621762e061368e68868e2f929
TEST_P(PerAEADTest, TestVector) {
std::string test_vectors = "crypto/cipher_extra/test/";
test_vectors += GetParam().test_vectors;
FileTestGTest(test_vectors.c_str(), [&](FileTest *t) {
std::vector<uint8_t> key, nonce, in, ad, ct, tag;
ASSERT_TRUE(t->GetBytes(&key, "KEY"));
ASSERT_TRUE(t->GetBytes(&nonce, "NONCE"));
ASSERT_TRUE(t->GetBytes(&in, "IN"));
ASSERT_TRUE(t->GetBytes(&ad, "AD"));
ASSERT_TRUE(t->GetBytes(&ct, "CT"));
ASSERT_TRUE(t->GetBytes(&tag, "TAG"));
size_t tag_len = tag.size();
if (t->HasAttribute("TAG_LEN")) {
// Legacy AEADs are MAC-then-encrypt and may include padding in the TAG
// field. TAG_LEN contains the actual size of the digest in that case.
std::string tag_len_str;
ASSERT_TRUE(t->GetAttribute(&tag_len_str, "TAG_LEN"));
tag_len = strtoul(tag_len_str.c_str(), nullptr, 10);
ASSERT_TRUE(tag_len);
}
bssl::ScopedEVP_AEAD_CTX ctx;
ASSERT_TRUE(EVP_AEAD_CTX_init_with_direction(
ctx.get(), aead(), key.data(), key.size(), tag_len, evp_aead_seal));
std::vector<uint8_t> out(in.size() + EVP_AEAD_max_overhead(aead()));
if (!t->HasAttribute("NO_SEAL")) {
size_t out_len;
ASSERT_TRUE(EVP_AEAD_CTX_seal(ctx.get(), out.data(), &out_len, out.size(),
nonce.data(), nonce.size(), in.data(),
in.size(), ad.data(), ad.size()));
out.resize(out_len);
ASSERT_EQ(out.size(), ct.size() + tag.size());
EXPECT_EQ(Bytes(ct), Bytes(out.data(), ct.size()));
EXPECT_EQ(Bytes(tag), Bytes(out.data() + ct.size(), tag.size()));
} else {
out.resize(ct.size() + tag.size());
OPENSSL_memcpy(out.data(), ct.data(), ct.size());
OPENSSL_memcpy(out.data() + ct.size(), tag.data(), tag.size());
}
// The "stateful" AEADs for implementing pre-AEAD cipher suites need to be
// reset after each operation.
ctx.Reset();
ASSERT_TRUE(EVP_AEAD_CTX_init_with_direction(
ctx.get(), aead(), key.data(), key.size(), tag_len, evp_aead_open));
std::vector<uint8_t> out2(out.size());
size_t out2_len;
int ret = EVP_AEAD_CTX_open(ctx.get(), out2.data(), &out2_len, out2.size(),
nonce.data(), nonce.size(), out.data(),
out.size(), ad.data(), ad.size());
if (t->HasAttribute("FAILS")) {
ASSERT_FALSE(ret) << "Decrypted bad data.";
ERR_clear_error();
return;
}
ASSERT_TRUE(ret) << "Failed to decrypt.";
out2.resize(out2_len);
EXPECT_EQ(Bytes(in), Bytes(out2));
// The "stateful" AEADs for implementing pre-AEAD cipher suites need to be
// reset after each operation.
ctx.Reset();
ASSERT_TRUE(EVP_AEAD_CTX_init_with_direction(
ctx.get(), aead(), key.data(), key.size(), tag_len, evp_aead_open));
// Garbage at the end isn't ignored.
out.push_back(0);
out2.resize(out.size());
EXPECT_FALSE(EVP_AEAD_CTX_open(
ctx.get(), out2.data(), &out2_len, out2.size(), nonce.data(),
nonce.size(), out.data(), out.size(), ad.data(), ad.size()))
<< "Decrypted bad data with trailing garbage.";
ERR_clear_error();
// The "stateful" AEADs for implementing pre-AEAD cipher suites need to be
// reset after each operation.
ctx.Reset();
ASSERT_TRUE(EVP_AEAD_CTX_init_with_direction(
ctx.get(), aead(), key.data(), key.size(), tag_len, evp_aead_open));
// Verify integrity is checked.
out[0] ^= 0x80;
out.resize(out.size() - 1);
out2.resize(out.size());
EXPECT_FALSE(EVP_AEAD_CTX_open(
ctx.get(), out2.data(), &out2_len, out2.size(), nonce.data(),
nonce.size(), out.data(), out.size(), ad.data(), ad.size()))
<< "Decrypted bad data with corrupted byte.";
ERR_clear_error();
});
}
TEST_P(PerAEADTest, TestExtraInput) {
const KnownAEAD &aead_config = GetParam();
if (!aead()->seal_scatter_supports_extra_in) {
return;
}
const std::string test_vectors =
"crypto/cipher_extra/test/" + std::string(aead_config.test_vectors);
FileTestGTest(test_vectors.c_str(), [&](FileTest *t) {
if (t->HasAttribute("NO_SEAL") ||
t->HasAttribute("FAILS")) {
t->SkipCurrent();
return;
}
std::vector<uint8_t> key, nonce, in, ad, ct, tag;
ASSERT_TRUE(t->GetBytes(&key, "KEY"));
ASSERT_TRUE(t->GetBytes(&nonce, "NONCE"));
ASSERT_TRUE(t->GetBytes(&in, "IN"));
ASSERT_TRUE(t->GetBytes(&ad, "AD"));
ASSERT_TRUE(t->GetBytes(&ct, "CT"));
ASSERT_TRUE(t->GetBytes(&tag, "TAG"));
bssl::ScopedEVP_AEAD_CTX ctx;
ASSERT_TRUE(EVP_AEAD_CTX_init(ctx.get(), aead(), key.data(), key.size(),
tag.size(), nullptr));
std::vector<uint8_t> out_tag(EVP_AEAD_max_overhead(aead()) + in.size());
std::vector<uint8_t> out(in.size());
for (size_t extra_in_size = 0; extra_in_size < in.size(); extra_in_size++) {
size_t tag_bytes_written;
SCOPED_TRACE(extra_in_size);
ASSERT_TRUE(EVP_AEAD_CTX_seal_scatter(
ctx.get(), out.data(), out_tag.data(), &tag_bytes_written,
out_tag.size(), nonce.data(), nonce.size(), in.data(),
in.size() - extra_in_size, in.data() + in.size() - extra_in_size,
extra_in_size, ad.data(), ad.size()));
ASSERT_EQ(tag_bytes_written, extra_in_size + tag.size());
memcpy(out.data() + in.size() - extra_in_size, out_tag.data(),
extra_in_size);
EXPECT_EQ(Bytes(ct), Bytes(out.data(), in.size()));
EXPECT_EQ(Bytes(tag), Bytes(out_tag.data() + extra_in_size,
tag_bytes_written - extra_in_size));
}
});
}
TEST_P(PerAEADTest, TestVectorScatterGather) {
std::string test_vectors = "crypto/cipher_extra/test/";
const KnownAEAD &aead_config = GetParam();
test_vectors += aead_config.test_vectors;
FileTestGTest(test_vectors.c_str(), [&](FileTest *t) {
std::vector<uint8_t> key, nonce, in, ad, ct, tag;
ASSERT_TRUE(t->GetBytes(&key, "KEY"));
ASSERT_TRUE(t->GetBytes(&nonce, "NONCE"));
ASSERT_TRUE(t->GetBytes(&in, "IN"));
ASSERT_TRUE(t->GetBytes(&ad, "AD"));
ASSERT_TRUE(t->GetBytes(&ct, "CT"));
ASSERT_TRUE(t->GetBytes(&tag, "TAG"));
size_t tag_len = tag.size();
if (t->HasAttribute("TAG_LEN")) {
// Legacy AEADs are MAC-then-encrypt and may include padding in the TAG
// field. TAG_LEN contains the actual size of the digest in that case.
std::string tag_len_str;
ASSERT_TRUE(t->GetAttribute(&tag_len_str, "TAG_LEN"));
tag_len = strtoul(tag_len_str.c_str(), nullptr, 10);
ASSERT_TRUE(tag_len);
}
bssl::ScopedEVP_AEAD_CTX ctx;
ASSERT_TRUE(EVP_AEAD_CTX_init_with_direction(
ctx.get(), aead(), key.data(), key.size(), tag_len, evp_aead_seal));
std::vector<uint8_t> out(in.size());
std::vector<uint8_t> out_tag(EVP_AEAD_max_overhead(aead()));
if (!t->HasAttribute("NO_SEAL")) {
size_t out_tag_len;
ASSERT_TRUE(EVP_AEAD_CTX_seal_scatter(
ctx.get(), out.data(), out_tag.data(), &out_tag_len, out_tag.size(),
nonce.data(), nonce.size(), in.data(), in.size(), nullptr, 0,
ad.data(), ad.size()));
out_tag.resize(out_tag_len);
ASSERT_EQ(out.size(), ct.size());
ASSERT_EQ(out_tag.size(), tag.size());
EXPECT_EQ(Bytes(ct), Bytes(out.data(), ct.size()));
EXPECT_EQ(Bytes(tag), Bytes(out_tag.data(), tag.size()));
} else {
out.resize(ct.size());
out_tag.resize(tag.size());
OPENSSL_memcpy(out.data(), ct.data(), ct.size());
OPENSSL_memcpy(out_tag.data(), tag.data(), tag.size());
}
// The "stateful" AEADs for implementing pre-AEAD cipher suites need to be
// reset after each operation.
ctx.Reset();
ASSERT_TRUE(EVP_AEAD_CTX_init_with_direction(
ctx.get(), aead(), key.data(), key.size(), tag_len, evp_aead_open));
std::vector<uint8_t> out2(out.size());
int ret = EVP_AEAD_CTX_open_gather(
ctx.get(), out2.data(), nonce.data(), nonce.size(), out.data(),
out.size(), out_tag.data(), out_tag.size(), ad.data(), ad.size());
// Skip decryption for AEADs that don't implement open_gather().
if (!ret) {
int err = ERR_peek_error();
if (ERR_GET_LIB(err) == ERR_LIB_CIPHER &&
ERR_GET_REASON(err) == CIPHER_R_CTRL_NOT_IMPLEMENTED) {
t->SkipCurrent();
return;
}
}
if (t->HasAttribute("FAILS")) {
ASSERT_FALSE(ret) << "Decrypted bad data";
ERR_clear_error();
return;
}
ASSERT_TRUE(ret) << "Failed to decrypt: "
<< ERR_reason_error_string(ERR_get_error());
EXPECT_EQ(Bytes(in), Bytes(out2));
// The "stateful" AEADs for implementing pre-AEAD cipher suites need to be
// reset after each operation.
ctx.Reset();
ASSERT_TRUE(EVP_AEAD_CTX_init_with_direction(
ctx.get(), aead(), key.data(), key.size(), tag_len, evp_aead_open));
// Garbage at the end isn't ignored.
out_tag.push_back(0);
out2.resize(out.size());
EXPECT_FALSE(EVP_AEAD_CTX_open_gather(
ctx.get(), out2.data(), nonce.data(), nonce.size(), out.data(),
out.size(), out_tag.data(), out_tag.size(), ad.data(), ad.size()))
<< "Decrypted bad data with trailing garbage.";
ERR_clear_error();
// The "stateful" AEADs for implementing pre-AEAD cipher suites need to be
// reset after each operation.
ctx.Reset();
ASSERT_TRUE(EVP_AEAD_CTX_init_with_direction(
ctx.get(), aead(), key.data(), key.size(), tag_len, evp_aead_open));
// Verify integrity is checked.
out_tag[0] ^= 0x80;
out_tag.resize(out_tag.size() - 1);
out2.resize(out.size());
EXPECT_FALSE(EVP_AEAD_CTX_open_gather(
ctx.get(), out2.data(), nonce.data(), nonce.size(), out.data(),
out.size(), out_tag.data(), out_tag.size(), ad.data(), ad.size()))
<< "Decrypted bad data with corrupted byte.";
ERR_clear_error();
ctx.Reset();
ASSERT_TRUE(EVP_AEAD_CTX_init_with_direction(
ctx.get(), aead(), key.data(), key.size(), tag_len, evp_aead_open));
// Check edge case for tag length.
EXPECT_FALSE(EVP_AEAD_CTX_open_gather(
ctx.get(), out2.data(), nonce.data(), nonce.size(), out.data(),
out.size(), out_tag.data(), 0, ad.data(), ad.size()))
<< "Decrypted bad data with corrupted byte.";
ERR_clear_error();
});
}
TEST_P(PerAEADTest, CleanupAfterInitFailure) {
uint8_t key[EVP_AEAD_MAX_KEY_LENGTH];
OPENSSL_memset(key, 0, sizeof(key));
const size_t key_len = EVP_AEAD_key_length(aead());
ASSERT_GE(sizeof(key), key_len);
EVP_AEAD_CTX ctx;
ASSERT_FALSE(EVP_AEAD_CTX_init(
&ctx, aead(), key, key_len,
9999 /* a silly tag length to trigger an error */, NULL /* ENGINE */));
ERR_clear_error();
// Running a second, failed _init should not cause a memory leak.
ASSERT_FALSE(EVP_AEAD_CTX_init(
&ctx, aead(), key, key_len,
9999 /* a silly tag length to trigger an error */, NULL /* ENGINE */));
ERR_clear_error();
// Calling _cleanup on an |EVP_AEAD_CTX| after a failed _init should be a
// no-op.
EVP_AEAD_CTX_cleanup(&ctx);
}
TEST_P(PerAEADTest, TruncatedTags) {
if (!GetParam().truncated_tags) {
return;
}
uint8_t key[EVP_AEAD_MAX_KEY_LENGTH];
OPENSSL_memset(key, 0, sizeof(key));
const size_t key_len = EVP_AEAD_key_length(aead());
ASSERT_GE(sizeof(key), key_len);
uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH];
OPENSSL_memset(nonce, 0, sizeof(nonce));
const size_t nonce_len = EVP_AEAD_nonce_length(aead());
ASSERT_GE(sizeof(nonce), nonce_len);
bssl::ScopedEVP_AEAD_CTX ctx;
ASSERT_TRUE(EVP_AEAD_CTX_init(ctx.get(), aead(), key, key_len,
1 /* one byte tag */, NULL /* ENGINE */));
const uint8_t plaintext[1] = {'A'};
uint8_t ciphertext[128];
size_t ciphertext_len;
constexpr uint8_t kSentinel = 42;
OPENSSL_memset(ciphertext, kSentinel, sizeof(ciphertext));
ASSERT_TRUE(EVP_AEAD_CTX_seal(ctx.get(), ciphertext, &ciphertext_len,
sizeof(ciphertext), nonce, nonce_len, plaintext,
sizeof(plaintext), nullptr /* ad */, 0));
for (size_t i = ciphertext_len; i < sizeof(ciphertext); i++) {
// Sealing must not write past where it said it did.
EXPECT_EQ(kSentinel, ciphertext[i])
<< "Sealing wrote off the end of the buffer.";
}
const size_t overhead_used = ciphertext_len - sizeof(plaintext);
const size_t expected_overhead =
1 + EVP_AEAD_max_overhead(aead()) - EVP_AEAD_max_tag_len(aead());
EXPECT_EQ(overhead_used, expected_overhead)
<< "AEAD is probably ignoring request to truncate tags.";
uint8_t plaintext2[sizeof(plaintext) + 16];
OPENSSL_memset(plaintext2, kSentinel, sizeof(plaintext2));
size_t plaintext2_len;
ASSERT_TRUE(EVP_AEAD_CTX_open(
ctx.get(), plaintext2, &plaintext2_len, sizeof(plaintext2), nonce,
nonce_len, ciphertext, ciphertext_len, nullptr /* ad */, 0))
<< "Opening with truncated tag didn't work.";
for (size_t i = plaintext2_len; i < sizeof(plaintext2); i++) {
// Likewise, opening should also stay within bounds.
EXPECT_EQ(kSentinel, plaintext2[i])
<< "Opening wrote off the end of the buffer.";
}
EXPECT_EQ(Bytes(plaintext), Bytes(plaintext2, plaintext2_len));
}
TEST_P(PerAEADTest, AliasedBuffers) {
if (GetParam().limited_implementation) {
return;
}
const size_t key_len = EVP_AEAD_key_length(aead());
const size_t nonce_len = EVP_AEAD_nonce_length(aead());
const size_t max_overhead = EVP_AEAD_max_overhead(aead());
std::vector<uint8_t> key(key_len, 'a');
bssl::ScopedEVP_AEAD_CTX ctx;
ASSERT_TRUE(EVP_AEAD_CTX_init(ctx.get(), aead(), key.data(), key_len,
EVP_AEAD_DEFAULT_TAG_LENGTH, nullptr));
static const uint8_t kPlaintext[260] =
"testing123456testing123456testing123456testing123456testing123456testing"
"123456testing123456testing123456testing123456testing123456testing123456t"
"esting123456testing123456testing123456testing123456testing123456testing1"
"23456testing123456testing123456testing12345";
const std::vector<size_t> offsets = {
0, 1, 2, 8, 15, 16, 17, 31, 32, 33, 63,
64, 65, 95, 96, 97, 127, 128, 129, 255, 256, 257,
};
std::vector<uint8_t> nonce(nonce_len, 'b');
std::vector<uint8_t> valid_encryption(sizeof(kPlaintext) + max_overhead);
size_t valid_encryption_len;
ASSERT_TRUE(EVP_AEAD_CTX_seal(
ctx.get(), valid_encryption.data(), &valid_encryption_len,
sizeof(kPlaintext) + max_overhead, nonce.data(), nonce_len, kPlaintext,
sizeof(kPlaintext), nullptr, 0))
<< "EVP_AEAD_CTX_seal failed with disjoint buffers.";
// Test with out != in which we expect to fail.
std::vector<uint8_t> buffer(2 + valid_encryption_len);
uint8_t *in = buffer.data() + 1;
uint8_t *out1 = buffer.data();
uint8_t *out2 = buffer.data() + 2;
OPENSSL_memcpy(in, kPlaintext, sizeof(kPlaintext));
size_t out_len;
EXPECT_FALSE(EVP_AEAD_CTX_seal(
ctx.get(), out1 /* in - 1 */, &out_len, sizeof(kPlaintext) + max_overhead,
nonce.data(), nonce_len, in, sizeof(kPlaintext), nullptr, 0));
EXPECT_FALSE(EVP_AEAD_CTX_seal(
ctx.get(), out2 /* in + 1 */, &out_len, sizeof(kPlaintext) + max_overhead,
nonce.data(), nonce_len, in, sizeof(kPlaintext), nullptr, 0));
ERR_clear_error();
OPENSSL_memcpy(in, valid_encryption.data(), valid_encryption_len);
EXPECT_FALSE(EVP_AEAD_CTX_open(ctx.get(), out1 /* in - 1 */, &out_len,
valid_encryption_len, nonce.data(), nonce_len,
in, valid_encryption_len, nullptr, 0));
EXPECT_FALSE(EVP_AEAD_CTX_open(ctx.get(), out2 /* in + 1 */, &out_len,
valid_encryption_len, nonce.data(), nonce_len,
in, valid_encryption_len, nullptr, 0));
ERR_clear_error();
// Test with out == in, which we expect to work.
OPENSSL_memcpy(in, kPlaintext, sizeof(kPlaintext));
ASSERT_TRUE(EVP_AEAD_CTX_seal(ctx.get(), in, &out_len,
sizeof(kPlaintext) + max_overhead, nonce.data(),
nonce_len, in, sizeof(kPlaintext), nullptr, 0));
EXPECT_EQ(Bytes(valid_encryption.data(), valid_encryption_len),
Bytes(in, out_len));
OPENSSL_memcpy(in, valid_encryption.data(), valid_encryption_len);
ASSERT_TRUE(EVP_AEAD_CTX_open(ctx.get(), in, &out_len, valid_encryption_len,
nonce.data(), nonce_len, in,
valid_encryption_len, nullptr, 0));
EXPECT_EQ(Bytes(kPlaintext), Bytes(in, out_len));
}
TEST_P(PerAEADTest, UnalignedInput) {
alignas(64) uint8_t key[EVP_AEAD_MAX_KEY_LENGTH + 1];
alignas(64) uint8_t nonce[EVP_AEAD_MAX_NONCE_LENGTH + 1];
alignas(64) uint8_t plaintext[32 + 1];
alignas(64) uint8_t ad[32 + 1];
OPENSSL_memset(key, 'K', sizeof(key));
OPENSSL_memset(nonce, 'N', sizeof(nonce));
OPENSSL_memset(plaintext, 'P', sizeof(plaintext));
OPENSSL_memset(ad, 'A', sizeof(ad));
const size_t key_len = EVP_AEAD_key_length(aead());
ASSERT_GE(sizeof(key) - 1, key_len);
const size_t nonce_len = EVP_AEAD_nonce_length(aead());
ASSERT_GE(sizeof(nonce) - 1, nonce_len);
const size_t ad_len =
GetParam().ad_len != 0 ? GetParam().ad_len : sizeof(ad) - 1;
ASSERT_GE(sizeof(ad) - 1, ad_len);
// Encrypt some input.
bssl::ScopedEVP_AEAD_CTX ctx;
ASSERT_TRUE(EVP_AEAD_CTX_init_with_direction(
ctx.get(), aead(), key + 1, key_len, EVP_AEAD_DEFAULT_TAG_LENGTH,
evp_aead_seal));
alignas(64) uint8_t ciphertext[sizeof(plaintext) + EVP_AEAD_MAX_OVERHEAD];
size_t ciphertext_len;
ASSERT_TRUE(EVP_AEAD_CTX_seal(ctx.get(), ciphertext + 1, &ciphertext_len,
sizeof(ciphertext) - 1, nonce + 1, nonce_len,
plaintext + 1, sizeof(plaintext) - 1, ad + 1,
ad_len));
// It must successfully decrypt.
alignas(64) uint8_t out[sizeof(ciphertext)];
ctx.Reset();
ASSERT_TRUE(EVP_AEAD_CTX_init_with_direction(
ctx.get(), aead(), key + 1, key_len, EVP_AEAD_DEFAULT_TAG_LENGTH,
evp_aead_open));
size_t out_len;
ASSERT_TRUE(EVP_AEAD_CTX_open(ctx.get(), out + 1, &out_len, sizeof(out) - 1,
nonce + 1, nonce_len, ciphertext + 1,
ciphertext_len, ad + 1, ad_len));
EXPECT_EQ(Bytes(plaintext + 1, sizeof(plaintext) - 1),
Bytes(out + 1, out_len));
}
TEST_P(PerAEADTest, Overflow) {
alignas(64) uint8_t key[EVP_AEAD_MAX_KEY_LENGTH];
OPENSSL_memset(key, 'K', sizeof(key));
bssl::ScopedEVP_AEAD_CTX ctx;
const size_t max_tag_len = EVP_AEAD_max_tag_len(aead());
ASSERT_TRUE(EVP_AEAD_CTX_init_with_direction(ctx.get(), aead(), key,
EVP_AEAD_key_length(aead()),
max_tag_len, evp_aead_seal));
uint8_t plaintext[1] = {0};
uint8_t ciphertext[1024] = {0};
size_t ciphertext_len;
// The AEAD must not overflow when calculating the ciphertext length.
ASSERT_FALSE(EVP_AEAD_CTX_seal(
ctx.get(), ciphertext, &ciphertext_len, sizeof(ciphertext), nullptr, 0,
plaintext, std::numeric_limits<size_t>::max() - max_tag_len + 1, nullptr,
0));
ERR_clear_error();
// (Can't test the scatter interface because it'll attempt to zero the output
// buffer on error and the primary output buffer is implicitly the same size
// as the input.)
}
// Test that EVP_aead_aes_128_gcm and EVP_aead_aes_256_gcm reject empty nonces.
// AES-GCM is not defined for those.
TEST(AEADTest, AESGCMEmptyNonce) {
static const uint8_t kZeros[32] = {0};
// Test AES-128-GCM.
uint8_t buf[16];
size_t len;
bssl::ScopedEVP_AEAD_CTX ctx;
ASSERT_TRUE(EVP_AEAD_CTX_init(ctx.get(), EVP_aead_aes_128_gcm(), kZeros, 16,
EVP_AEAD_DEFAULT_TAG_LENGTH, nullptr));
EXPECT_FALSE(EVP_AEAD_CTX_seal(ctx.get(), buf, &len, sizeof(buf),
nullptr /* nonce */, 0, nullptr /* in */, 0,
nullptr /* ad */, 0));
uint32_t err = ERR_get_error();
EXPECT_EQ(ERR_LIB_CIPHER, ERR_GET_LIB(err));
EXPECT_EQ(CIPHER_R_INVALID_NONCE_SIZE, ERR_GET_REASON(err));
EXPECT_FALSE(EVP_AEAD_CTX_open(ctx.get(), buf, &len, sizeof(buf),
nullptr /* nonce */, 0, kZeros /* in */,
sizeof(kZeros), nullptr /* ad */, 0));
err = ERR_get_error();
EXPECT_EQ(ERR_LIB_CIPHER, ERR_GET_LIB(err));
EXPECT_EQ(CIPHER_R_INVALID_NONCE_SIZE, ERR_GET_REASON(err));
// Test AES-256-GCM.
ctx.Reset();
ASSERT_TRUE(EVP_AEAD_CTX_init(ctx.get(), EVP_aead_aes_256_gcm(), kZeros, 32,
EVP_AEAD_DEFAULT_TAG_LENGTH, nullptr));
EXPECT_FALSE(EVP_AEAD_CTX_seal(ctx.get(), buf, &len, sizeof(buf),
nullptr /* nonce */, 0, nullptr /* in */, 0,
nullptr /* ad */, 0));
err = ERR_get_error();
EXPECT_EQ(ERR_LIB_CIPHER, ERR_GET_LIB(err));
EXPECT_EQ(CIPHER_R_INVALID_NONCE_SIZE, ERR_GET_REASON(err));
EXPECT_FALSE(EVP_AEAD_CTX_open(ctx.get(), buf, &len, sizeof(buf),
nullptr /* nonce */, 0, kZeros /* in */,
sizeof(kZeros), nullptr /* ad */, 0));
err = ERR_get_error();
EXPECT_EQ(ERR_LIB_CIPHER, ERR_GET_LIB(err));
EXPECT_EQ(CIPHER_R_INVALID_NONCE_SIZE, ERR_GET_REASON(err));
}
TEST(AEADTest, AESCCMLargeAD) {
static const std::vector<uint8_t> kKey(16, 'A');
static const std::vector<uint8_t> kNonce(13, 'N');
static const std::vector<uint8_t> kAD(65536, 'D');
static const std::vector<uint8_t> kPlaintext = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f};
static const std::vector<uint8_t> kCiphertext = {
0xa2, 0x12, 0x3f, 0x0b, 0x07, 0xd5, 0x02, 0xff,
0xa9, 0xcd, 0xa0, 0xf3, 0x69, 0x1c, 0x49, 0x0c};
static const std::vector<uint8_t> kTag = {0x4a, 0x31, 0x82, 0x96};
// Test AES-128-CCM-Bluetooth.
bssl::ScopedEVP_AEAD_CTX ctx;
ASSERT_TRUE(EVP_AEAD_CTX_init(ctx.get(), EVP_aead_aes_128_ccm_bluetooth(),
kKey.data(), kKey.size(),
EVP_AEAD_DEFAULT_TAG_LENGTH, nullptr));
std::vector<uint8_t> out(kCiphertext.size() + kTag.size());
size_t out_len;
EXPECT_TRUE(EVP_AEAD_CTX_seal(ctx.get(), out.data(), &out_len, out.size(),
kNonce.data(), kNonce.size(), kPlaintext.data(),
kPlaintext.size(), kAD.data(), kAD.size()));
ASSERT_EQ(out_len, kCiphertext.size() + kTag.size());
EXPECT_EQ(Bytes(kCiphertext), Bytes(out.data(), kCiphertext.size()));
EXPECT_EQ(Bytes(kTag), Bytes(out.data() + kCiphertext.size(), kTag.size()));
EXPECT_TRUE(EVP_AEAD_CTX_open(ctx.get(), out.data(), &out_len, out.size(),
kNonce.data(), kNonce.size(), out.data(),
out.size(), kAD.data(), kAD.size()));
ASSERT_EQ(out_len, kPlaintext.size());
EXPECT_EQ(Bytes(kPlaintext), Bytes(out.data(), kPlaintext.size()));
}
src/crypto/cipher_extra/asm/aes128gcmsiv-x86_64.pl → crypto/cipher_extra/asm/aes128gcmsiv-x86_64.pl
+1 -1
View File
@@ -2253,4 +2253,4 @@ aes256gcmsiv_kdf();
print $code;
close STDOUT or die "error closing STDOUT";
close STDOUT;
src/crypto/cipher_extra/asm/chacha20_poly1305_x86_64.pl → crypto/cipher_extra/asm/chacha20_poly1305_x86_64.pl
+1 -2
View File
@@ -2478,7 +2478,6 @@ if (!$win64) {
print $code;
} else {
print <<___;
.text
.globl dummy_chacha20_poly1305_asm
.type dummy_chacha20_poly1305_asm,\@abi-omnipotent
dummy_chacha20_poly1305_asm:
@@ -2486,4 +2485,4 @@ dummy_chacha20_poly1305_asm:
___
}
close STDOUT or die "error closing STDOUT";
close STDOUT;
src/crypto/cipher_extra/cipher_extra.c → crypto/cipher_extra/cipher_extra.c
-29
View File
@@ -94,49 +94,20 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name) {
} else if (OPENSSL_strcasecmp(name, "des-cbc") == 0) {
return EVP_des_cbc();
} else if (OPENSSL_strcasecmp(name, "des-ede3-cbc") == 0 ||
// This is not a name used by OpenSSL, but tcpdump registers it
// with |EVP_add_cipher_alias|. Our |EVP_add_cipher_alias| is a
// no-op, so we support the name here.
OPENSSL_strcasecmp(name, "3des") == 0) {
return EVP_des_ede3_cbc();
} else if (OPENSSL_strcasecmp(name, "aes-128-cbc") == 0) {
return EVP_aes_128_cbc();
} else if (OPENSSL_strcasecmp(name, "aes-192-cbc") == 0) {
return EVP_aes_192_cbc();
} else if (OPENSSL_strcasecmp(name, "aes-256-cbc") == 0) {
return EVP_aes_256_cbc();
} else if (OPENSSL_strcasecmp(name, "aes-128-ctr") == 0) {
return EVP_aes_128_ctr();
} else if (OPENSSL_strcasecmp(name, "aes-192-ctr") == 0) {
return EVP_aes_192_ctr();
} else if (OPENSSL_strcasecmp(name, "aes-256-ctr") == 0) {
return EVP_aes_256_ctr();
} else if (OPENSSL_strcasecmp(name, "aes-128-ecb") == 0) {
return EVP_aes_128_ecb();
} else if (OPENSSL_strcasecmp(name, "aes-192-ecb") == 0) {
return EVP_aes_192_ecb();
} else if (OPENSSL_strcasecmp(name, "aes-256-ecb") == 0) {
return EVP_aes_256_ecb();
} else if (OPENSSL_strcasecmp(name, "aes-128-gcm") == 0) {
return EVP_aes_128_gcm();
} else if (OPENSSL_strcasecmp(name, "aes-192-gcm") == 0) {
return EVP_aes_192_gcm();
} else if (OPENSSL_strcasecmp(name, "aes-256-gcm") == 0) {
return EVP_aes_256_gcm();
} else if (OPENSSL_strcasecmp(name, "aes-128-ofb") == 0) {
return EVP_aes_128_ofb();
} else if (OPENSSL_strcasecmp(name, "aes-192-ofb") == 0) {
return EVP_aes_192_ofb();
} else if (OPENSSL_strcasecmp(name, "aes-256-ofb") == 0) {
return EVP_aes_256_ofb();
} else if (OPENSSL_strcasecmp(name, "des-ecb") == 0) {
return EVP_des_ecb();
} else if (OPENSSL_strcasecmp(name, "des-ede") == 0) {
return EVP_des_ede();
} else if (OPENSSL_strcasecmp(name, "des-ede-cbc") == 0) {
return EVP_des_ede_cbc();
} else if (OPENSSL_strcasecmp(name, "rc2-cbc") == 0) {
return EVP_rc2_cbc();
}
return NULL;
crypto/cipher_extra/cipher_test.cc
+287
View File
@@ -0,0 +1,287 @@
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
/* ====================================================================
* Copyright (c) 2015 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*/
#include <stdlib.h>
#include <string.h>
#include <string>
#include <vector>
#include <gtest/gtest.h>
#include <openssl/cipher.h>
#include <openssl/err.h>
#include "../test/file_test.h"
#include "../test/test_util.h"
static const EVP_CIPHER *GetCipher(const std::string &name) {
if (name == "DES-CBC") {
return EVP_des_cbc();
} else if (name == "DES-ECB") {
return EVP_des_ecb();
} else if (name == "DES-EDE") {
return EVP_des_ede();
} else if (name == "DES-EDE3") {
return EVP_des_ede3();
} else if (name == "DES-EDE-CBC") {
return EVP_des_ede_cbc();
} else if (name == "DES-EDE3-CBC") {
return EVP_des_ede3_cbc();
} else if (name == "RC4") {
return EVP_rc4();
} else if (name == "AES-128-ECB") {
return EVP_aes_128_ecb();
} else if (name == "AES-256-ECB") {
return EVP_aes_256_ecb();
} else if (name == "AES-128-CBC") {
return EVP_aes_128_cbc();
} else if (name == "AES-128-GCM") {
return EVP_aes_128_gcm();
} else if (name == "AES-128-OFB") {
return EVP_aes_128_ofb();
} else if (name == "AES-192-CBC") {
return EVP_aes_192_cbc();
} else if (name == "AES-192-CTR") {
return EVP_aes_192_ctr();
} else if (name == "AES-192-ECB") {
return EVP_aes_192_ecb();
} else if (name == "AES-256-CBC") {
return EVP_aes_256_cbc();
} else if (name == "AES-128-CTR") {
return EVP_aes_128_ctr();
} else if (name == "AES-256-CTR") {
return EVP_aes_256_ctr();
} else if (name == "AES-256-GCM") {
return EVP_aes_256_gcm();
} else if (name == "AES-256-OFB") {
return EVP_aes_256_ofb();
}
return nullptr;
}
static void TestOperation(FileTest *t, const EVP_CIPHER *cipher, bool encrypt,
size_t chunk_size, const std::vector<uint8_t> &key,
const std::vector<uint8_t> &iv,
const std::vector<uint8_t> &plaintext,
const std::vector<uint8_t> &ciphertext,
const std::vector<uint8_t> &aad,
const std::vector<uint8_t> &tag) {
const std::vector<uint8_t> *in, *out;
if (encrypt) {
in = &plaintext;
out = &ciphertext;
} else {
in = &ciphertext;
out = &plaintext;
}
bool is_aead = EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE;
bssl::ScopedEVP_CIPHER_CTX ctx;
ASSERT_TRUE(EVP_CipherInit_ex(ctx.get(), cipher, nullptr, nullptr, nullptr,
encrypt ? 1 : 0));
if (t->HasAttribute("IV")) {
if (is_aead) {
ASSERT_TRUE(
EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_SET_IVLEN, iv.size(), 0));
} else {
ASSERT_EQ(iv.size(), EVP_CIPHER_CTX_iv_length(ctx.get()));
}
}
if (is_aead && !encrypt) {
ASSERT_TRUE(EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_SET_TAG, tag.size(),
const_cast<uint8_t *>(tag.data())));
}
// The ciphers are run with no padding. For each of the ciphers we test, the
// output size matches the input size.
std::vector<uint8_t> result(in->size());
ASSERT_EQ(in->size(), out->size());
int unused, result_len1 = 0, result_len2;
ASSERT_TRUE(EVP_CIPHER_CTX_set_key_length(ctx.get(), key.size()));
ASSERT_TRUE(EVP_CipherInit_ex(ctx.get(), nullptr, nullptr, key.data(),
iv.data(), -1));
// Note: the deprecated |EVP_CIPHER|-based AES-GCM API is sensitive to whether
// parameters are NULL, so it is important to skip the |in| and |aad|
// |EVP_CipherUpdate| calls when empty.
if (!aad.empty()) {
ASSERT_TRUE(
EVP_CipherUpdate(ctx.get(), nullptr, &unused, aad.data(), aad.size()));
}
ASSERT_TRUE(EVP_CIPHER_CTX_set_padding(ctx.get(), 0));
if (chunk_size != 0) {
for (size_t i = 0; i < in->size();) {
size_t todo = chunk_size;
if (i + todo > in->size()) {
todo = in->size() - i;
}
int len;
ASSERT_TRUE(EVP_CipherUpdate(ctx.get(), result.data() + result_len1, &len,
in->data() + i, todo));
result_len1 += len;
i += todo;
}
} else if (!in->empty()) {
ASSERT_TRUE(EVP_CipherUpdate(ctx.get(), result.data(), &result_len1,
in->data(), in->size()));
}
ASSERT_TRUE(
EVP_CipherFinal_ex(ctx.get(), result.data() + result_len1, &result_len2));
result.resize(result_len1 + result_len2);
EXPECT_EQ(Bytes(*out), Bytes(result));
if (encrypt && is_aead) {
uint8_t rtag[16];
ASSERT_LE(tag.size(), sizeof(rtag));
ASSERT_TRUE(
EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_GET_TAG, tag.size(), rtag));
EXPECT_EQ(Bytes(tag), Bytes(rtag, tag.size()));
}
}
static void TestCipher(FileTest *t) {
std::string cipher_str;
ASSERT_TRUE(t->GetAttribute(&cipher_str, "Cipher"));
const EVP_CIPHER *cipher = GetCipher(cipher_str);
ASSERT_TRUE(cipher);
std::vector<uint8_t> key, iv, plaintext, ciphertext, aad, tag;
ASSERT_TRUE(t->GetBytes(&key, "Key"));
ASSERT_TRUE(t->GetBytes(&plaintext, "Plaintext"));
ASSERT_TRUE(t->GetBytes(&ciphertext, "Ciphertext"));
if (EVP_CIPHER_iv_length(cipher) > 0) {
ASSERT_TRUE(t->GetBytes(&iv, "IV"));
}
if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE) {
ASSERT_TRUE(t->GetBytes(&aad, "AAD"));
ASSERT_TRUE(t->GetBytes(&tag, "Tag"));
}
enum {
kEncrypt,
kDecrypt,
kBoth,
} operation = kBoth;
if (t->HasAttribute("Operation")) {
const std::string &str = t->GetAttributeOrDie("Operation");
if (str == "ENCRYPT") {
operation = kEncrypt;
} else if (str == "DECRYPT") {
operation = kDecrypt;
} else {
FAIL() << "Unknown operation: " << str;
}
}
const std::vector<size_t> chunk_sizes = {0, 1, 2, 5, 7, 8, 9, 15, 16,
17, 31, 32, 33, 63, 64, 65, 512};
for (size_t chunk_size : chunk_sizes) {
SCOPED_TRACE(chunk_size);
// By default, both directions are run, unless overridden by the operation.
if (operation != kDecrypt) {
SCOPED_TRACE("encrypt");
TestOperation(t, cipher, true /* encrypt */, chunk_size, key, iv,
plaintext, ciphertext, aad, tag);
}
if (operation != kEncrypt) {
SCOPED_TRACE("decrypt");
TestOperation(t, cipher, false /* decrypt */, chunk_size, key, iv,
plaintext, ciphertext, aad, tag);
}
}
}
TEST(CipherTest, TestVectors) {
FileTestGTest("crypto/cipher_extra/test/cipher_tests.txt", TestCipher);
}
TEST(CipherTest, CAVP_AES_128_CBC) {
FileTestGTest("crypto/cipher_extra/test/nist_cavp/aes_128_cbc.txt",
TestCipher);
}
TEST(CipherTest, CAVP_AES_128_CTR) {
FileTestGTest("crypto/cipher_extra/test/nist_cavp/aes_128_ctr.txt",
TestCipher);
}
TEST(CipherTest, CAVP_AES_192_CBC) {
FileTestGTest("crypto/cipher_extra/test/nist_cavp/aes_192_cbc.txt",
TestCipher);
}
TEST(CipherTest, CAVP_AES_192_CTR) {
FileTestGTest("crypto/cipher_extra/test/nist_cavp/aes_192_ctr.txt",
TestCipher);
}
TEST(CipherTest, CAVP_AES_256_CBC) {
FileTestGTest("crypto/cipher_extra/test/nist_cavp/aes_256_cbc.txt",
TestCipher);
}
TEST(CipherTest, CAVP_AES_256_CTR) {
FileTestGTest("crypto/cipher_extra/test/nist_cavp/aes_256_ctr.txt",
TestCipher);
}
TEST(CipherTest, CAVP_TDES_CBC) {
FileTestGTest("crypto/cipher_extra/test/nist_cavp/tdes_cbc.txt", TestCipher);
}
TEST(CipherTest, CAVP_TDES_ECB) {
FileTestGTest("crypto/cipher_extra/test/nist_cavp/tdes_ecb.txt", TestCipher);
}
src/crypto/cipher_extra/derive_key.c → crypto/cipher_extra/derive_key.c
View File
crypto/cipher_extra/e_aesccm.c
+171
View File
@@ -0,0 +1,171 @@
/* Copyright (c) 2018, Google Inc.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
#include <openssl/aead.h>
#include <assert.h>
#include <openssl/cipher.h>
#include <openssl/err.h>
#include <openssl/mem.h>
#include "../fipsmodule/cipher/internal.h"
#define EVP_AEAD_AES_CCM_BLUETOOTH_TAG_LEN 4
#define EVP_AEAD_AES_CCM_BLUETOOTH_NONCE_LEN 13
#define EVP_AEAD_AES_CCM_MAX_TAG_LEN 16
struct aead_aes_ccm_ctx {
union {
double align;
AES_KEY ks;
} ks;
CCM128_CONTEXT ccm;
};
static int aead_aes_ccm_bluetooth_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
size_t key_len, size_t tag_len) {
if (key_len != 16) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_KEY_LENGTH);
return 0; // EVP_AEAD_CTX_init should catch this.
}
if (tag_len == EVP_AEAD_DEFAULT_TAG_LENGTH) {
tag_len = EVP_AEAD_AES_CCM_BLUETOOTH_TAG_LEN;
}
if (tag_len != EVP_AEAD_AES_CCM_BLUETOOTH_TAG_LEN) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TAG_TOO_LARGE);
return 0;
}
struct aead_aes_ccm_ctx *ccm_ctx =
OPENSSL_malloc(sizeof(struct aead_aes_ccm_ctx));
if (ccm_ctx == NULL) {
OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE);
return 0;
}
block128_f block;
ctr128_f ctr = aes_ctr_set_key(&ccm_ctx->ks.ks, NULL, &block, key, key_len);
ctx->tag_len = tag_len;
if (!CRYPTO_ccm128_init(&ccm_ctx->ccm, &ccm_ctx->ks.ks, block, ctr, tag_len,
15 - EVP_AEAD_AES_CCM_BLUETOOTH_NONCE_LEN)) {
OPENSSL_PUT_ERROR(CIPHER, ERR_R_INTERNAL_ERROR);
OPENSSL_free(ccm_ctx);
return 0;
}
ctx->aead_state = ccm_ctx;
return 1;
}
static void aead_aes_ccm_cleanup(EVP_AEAD_CTX *ctx) {
OPENSSL_free(ctx->aead_state);
}
static int aead_aes_ccm_seal_scatter(
const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag,
size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce,
size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in,
size_t extra_in_len, const uint8_t *ad, size_t ad_len) {
const struct aead_aes_ccm_ctx *ccm_ctx = ctx->aead_state;
if (in_len > CRYPTO_ccm128_max_input(&ccm_ctx->ccm)) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
if (max_out_tag_len < ctx->tag_len) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
return 0;
}
if (nonce_len != EVP_AEAD_nonce_length(ctx->aead)) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_NONCE_SIZE);
return 0;
}
if (!CRYPTO_ccm128_encrypt(&ccm_ctx->ccm, &ccm_ctx->ks.ks, out, out_tag,
ctx->tag_len, nonce, nonce_len, in, in_len, ad,
ad_len)) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
*out_tag_len = ctx->tag_len;
return 1;
}
static int aead_aes_ccm_open_gather(const EVP_AEAD_CTX *ctx, uint8_t *out,
const uint8_t *nonce, size_t nonce_len,
const uint8_t *in, size_t in_len,
const uint8_t *in_tag, size_t in_tag_len,
const uint8_t *ad, size_t ad_len) {
const struct aead_aes_ccm_ctx *ccm_ctx = ctx->aead_state;
if (in_len > CRYPTO_ccm128_max_input(&ccm_ctx->ccm)) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
if (nonce_len != EVP_AEAD_nonce_length(ctx->aead)) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_NONCE_SIZE);
return 0;
}
if (in_tag_len != ctx->tag_len) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
uint8_t tag[EVP_AEAD_AES_CCM_MAX_TAG_LEN];
assert(ctx->tag_len <= EVP_AEAD_AES_CCM_MAX_TAG_LEN);
if (!CRYPTO_ccm128_decrypt(&ccm_ctx->ccm, &ccm_ctx->ks.ks, out, tag,
ctx->tag_len, nonce, nonce_len, in, in_len, ad,
ad_len)) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
if (CRYPTO_memcmp(tag, in_tag, ctx->tag_len) != 0) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
return 1;
}
static const EVP_AEAD aead_aes_128_ccm_bluetooth = {
16,
EVP_AEAD_AES_CCM_BLUETOOTH_NONCE_LEN, // nonce length
EVP_AEAD_AES_CCM_BLUETOOTH_TAG_LEN, // overhead
EVP_AEAD_AES_CCM_BLUETOOTH_TAG_LEN, // max tag length
0, // seal_scatter_supports_extra_in
aead_aes_ccm_bluetooth_init,
NULL /* init_with_direction */,
aead_aes_ccm_cleanup,
NULL /* open */,
aead_aes_ccm_seal_scatter,
aead_aes_ccm_open_gather,
NULL /* get_iv */,
NULL /* tag_len */,
};
const EVP_AEAD *EVP_aead_aes_128_ccm_bluetooth(void) {
return &aead_aes_128_ccm_bluetooth;
}
src/crypto/cipher_extra/e_aesctrhmac.c → crypto/cipher_extra/e_aesctrhmac.c
+14 -16
View File
@@ -35,15 +35,6 @@ struct aead_aes_ctr_hmac_sha256_ctx {
SHA256_CTX outer_init_state;
};
OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
sizeof(struct aead_aes_ctr_hmac_sha256_ctx),
"AEAD state is too small");
#if defined(__GNUC__) || defined(__clang__)
OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >=
alignof(struct aead_aes_ctr_hmac_sha256_ctx),
"AEAD state has insufficient alignment");
#endif
static void hmac_init(SHA256_CTX *out_inner, SHA256_CTX *out_outer,
const uint8_t hmac_key[32]) {
static const size_t hmac_key_len = 32;
@@ -70,8 +61,7 @@ static void hmac_init(SHA256_CTX *out_inner, SHA256_CTX *out_outer,
static int aead_aes_ctr_hmac_sha256_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
size_t key_len, size_t tag_len) {
struct aead_aes_ctr_hmac_sha256_ctx *aes_ctx =
(struct aead_aes_ctr_hmac_sha256_ctx *)&ctx->state;
struct aead_aes_ctr_hmac_sha256_ctx *aes_ctx;
static const size_t hmac_key_len = 32;
if (key_len < hmac_key_len) {
@@ -94,16 +84,26 @@ static int aead_aes_ctr_hmac_sha256_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
return 0;
}
aes_ctx = OPENSSL_malloc(sizeof(struct aead_aes_ctr_hmac_sha256_ctx));
if (aes_ctx == NULL) {
OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE);
return 0;
}
aes_ctx->ctr =
aes_ctr_set_key(&aes_ctx->ks.ks, NULL, &aes_ctx->block, key, aes_key_len);
ctx->tag_len = tag_len;
hmac_init(&aes_ctx->inner_init_state, &aes_ctx->outer_init_state,
key + aes_key_len);
ctx->aead_state = aes_ctx;
return 1;
}
static void aead_aes_ctr_hmac_sha256_cleanup(EVP_AEAD_CTX *ctx) {}
static void aead_aes_ctr_hmac_sha256_cleanup(EVP_AEAD_CTX *ctx) {
OPENSSL_free(ctx->aead_state);
}
static void hmac_update_uint64(SHA256_CTX *sha256, uint64_t value) {
unsigned i;
@@ -178,8 +178,7 @@ static int aead_aes_ctr_hmac_sha256_seal_scatter(
size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce,
size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in,
size_t extra_in_len, const uint8_t *ad, size_t ad_len) {
const struct aead_aes_ctr_hmac_sha256_ctx *aes_ctx =
(struct aead_aes_ctr_hmac_sha256_ctx *) &ctx->state;
const struct aead_aes_ctr_hmac_sha256_ctx *aes_ctx = ctx->aead_state;
const uint64_t in_len_64 = in_len;
if (in_len_64 >= (UINT64_C(1) << 32) * AES_BLOCK_SIZE) {
@@ -213,8 +212,7 @@ static int aead_aes_ctr_hmac_sha256_open_gather(
const EVP_AEAD_CTX *ctx, uint8_t *out, const uint8_t *nonce,
size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *in_tag,
size_t in_tag_len, const uint8_t *ad, size_t ad_len) {
const struct aead_aes_ctr_hmac_sha256_ctx *aes_ctx =
(struct aead_aes_ctr_hmac_sha256_ctx *) &ctx->state;
const struct aead_aes_ctr_hmac_sha256_ctx *aes_ctx = ctx->aead_state;
if (in_tag_len != ctx->tag_len) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
src/crypto/cipher_extra/e_aesgcmsiv.c → crypto/cipher_extra/e_aesgcmsiv.c
+38 -62
View File
@@ -27,47 +27,28 @@
#define EVP_AEAD_AES_GCM_SIV_NONCE_LEN 12
#define EVP_AEAD_AES_GCM_SIV_TAG_LEN 16
// TODO(davidben): AES-GCM-SIV assembly is not correct for Windows. It must save
// and restore xmm6 through xmm15.
#if defined(OPENSSL_X86_64) && !defined(OPENSSL_NO_ASM) && \
!defined(OPENSSL_WINDOWS)
#define AES_GCM_SIV_ASM
#if defined(OPENSSL_X86_64) && !defined(OPENSSL_NO_ASM)
// Optimised AES-GCM-SIV
struct aead_aes_gcm_siv_asm_ctx {
alignas(16) uint8_t key[16*15];
int is_128_bit;
// ptr contains the original pointer from |OPENSSL_malloc|, which may only be
// 8-byte aligned. When freeing this structure, actually call |OPENSSL_free|
// on this pointer.
void *ptr;
};
// The assembly code assumes 8-byte alignment of the EVP_AEAD_CTX's state, and
// aligns to 16 bytes itself.
OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) + 8 >=
sizeof(struct aead_aes_gcm_siv_asm_ctx),
"AEAD state is too small");
#if defined(__GNUC__) || defined(__clang__)
OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >= 8,
"AEAD state has insufficient alignment");
#endif
// asm_ctx_from_ctx returns a 16-byte aligned context pointer from |ctx|.
static struct aead_aes_gcm_siv_asm_ctx *asm_ctx_from_ctx(
const EVP_AEAD_CTX *ctx) {
// ctx->state must already be 8-byte aligned. Thus, at most, we may need to
// add eight to align it to 16 bytes.
const uintptr_t offset = ((uintptr_t)&ctx->state) & 8;
return (struct aead_aes_gcm_siv_asm_ctx *)(&ctx->state.opaque[offset]);
}
// aes128gcmsiv_aes_ks writes an AES-128 key schedule for |key| to
// |out_expanded_key|.
extern void aes128gcmsiv_aes_ks(
const uint8_t key[16], uint8_t out_expanded_key[16*15]);
// aes256gcmsiv_aes_ks writes an AES-256 key schedule for |key| to
// aes128gcmsiv_aes_ks writes an AES-128 key schedule for |key| to
// |out_expanded_key|.
extern void aes256gcmsiv_aes_ks(
const uint8_t key[32], uint8_t out_expanded_key[16*15]);
const uint8_t key[16], uint8_t out_expanded_key[16*15]);
static int aead_aes_gcm_siv_asm_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
size_t key_len, size_t tag_len) {
@@ -87,8 +68,18 @@ static int aead_aes_gcm_siv_asm_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
return 0;
}
struct aead_aes_gcm_siv_asm_ctx *gcm_siv_ctx = asm_ctx_from_ctx(ctx);
char *ptr = OPENSSL_malloc(sizeof(struct aead_aes_gcm_siv_asm_ctx) + 8);
if (ptr == NULL) {
return 0;
}
assert((((uintptr_t)ptr) & 7) == 0);
// gcm_siv_ctx needs to be 16-byte aligned in a cross-platform way.
struct aead_aes_gcm_siv_asm_ctx *gcm_siv_ctx =
(struct aead_aes_gcm_siv_asm_ctx *)(ptr + (((uintptr_t)ptr) & 8));
assert((((uintptr_t)gcm_siv_ctx) & 15) == 0);
gcm_siv_ctx->ptr = ptr;
if (key_bits == 128) {
aes128gcmsiv_aes_ks(key, &gcm_siv_ctx->key[0]);
@@ -97,13 +88,16 @@ static int aead_aes_gcm_siv_asm_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
aes256gcmsiv_aes_ks(key, &gcm_siv_ctx->key[0]);
gcm_siv_ctx->is_128_bit = 0;
}
ctx->aead_state = gcm_siv_ctx;
ctx->tag_len = tag_len;
return 1;
}
static void aead_aes_gcm_siv_asm_cleanup(EVP_AEAD_CTX *ctx) {}
static void aead_aes_gcm_siv_asm_cleanup(EVP_AEAD_CTX *ctx) {
const struct aead_aes_gcm_siv_asm_ctx *gcm_siv_ctx = ctx->aead_state;
OPENSSL_free(gcm_siv_ctx->ptr);
}
// aesgcmsiv_polyval_horner updates the POLYVAL value in |in_out_poly| to
// include a number (|in_blocks|) of 16-byte blocks of data from |in|, given
@@ -343,7 +337,7 @@ static int aead_aes_gcm_siv_asm_seal_scatter(
size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce,
size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in,
size_t extra_in_len, const uint8_t *ad, size_t ad_len) {
const struct aead_aes_gcm_siv_asm_ctx *gcm_siv_ctx = asm_ctx_from_ctx(ctx);
const struct aead_aes_gcm_siv_asm_ctx *gcm_siv_ctx = ctx->aead_state;
const uint64_t in_len_64 = in_len;
const uint64_t ad_len_64 = ad_len;
@@ -426,12 +420,7 @@ static int aead_aes_gcm_siv_asm_open(const EVP_AEAD_CTX *ctx, uint8_t *out,
return 0;
}
if (nonce_len != EVP_AEAD_AES_GCM_SIV_NONCE_LEN) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
return 0;
}
const struct aead_aes_gcm_siv_asm_ctx *gcm_siv_ctx = asm_ctx_from_ctx(ctx);
const struct aead_aes_gcm_siv_asm_ctx *gcm_siv_ctx = ctx->aead_state;
const size_t plaintext_len = in_len - EVP_AEAD_AES_GCM_SIV_TAG_LEN;
const uint8_t *const given_tag = in + plaintext_len;
@@ -558,7 +547,7 @@ static const EVP_AEAD aead_aes_256_gcm_siv_asm = {
NULL /* tag_len */,
};
#endif // X86_64 && !NO_ASM && !WINDOWS
#endif // X86_64 && !NO_ASM
struct aead_aes_gcm_siv_ctx {
union {
@@ -569,15 +558,6 @@ struct aead_aes_gcm_siv_ctx {
unsigned is_256:1;
};
OPENSSL_STATIC_ASSERT(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
sizeof(struct aead_aes_gcm_siv_ctx),
"AEAD state is too small");
#if defined(__GNUC__) || defined(__clang__)
OPENSSL_STATIC_ASSERT(alignof(union evp_aead_ctx_st_state) >=
alignof(struct aead_aes_gcm_siv_ctx),
"AEAD state has insufficient alignment");
#endif
static int aead_aes_gcm_siv_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
size_t key_len, size_t tag_len) {
const size_t key_bits = key_len * 8;
@@ -596,18 +576,24 @@ static int aead_aes_gcm_siv_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
}
struct aead_aes_gcm_siv_ctx *gcm_siv_ctx =
(struct aead_aes_gcm_siv_ctx *)&ctx->state;
OPENSSL_malloc(sizeof(struct aead_aes_gcm_siv_ctx));
if (gcm_siv_ctx == NULL) {
return 0;
}
OPENSSL_memset(gcm_siv_ctx, 0, sizeof(struct aead_aes_gcm_siv_ctx));
aes_ctr_set_key(&gcm_siv_ctx->ks.ks, NULL, &gcm_siv_ctx->kgk_block, key,
key_len);
gcm_siv_ctx->is_256 = (key_len == 32);
ctx->aead_state = gcm_siv_ctx;
ctx->tag_len = tag_len;
return 1;
}
static void aead_aes_gcm_siv_cleanup(EVP_AEAD_CTX *ctx) {}
static void aead_aes_gcm_siv_cleanup(EVP_AEAD_CTX *ctx) {
OPENSSL_free(ctx->aead_state);
}
// gcm_siv_crypt encrypts (or decrypts—it's the same thing) |in_len| bytes from
// |in| to |out|, using the block function |enc_block| with |key| in counter
@@ -723,14 +709,6 @@ static void gcm_siv_keys(
}
OPENSSL_memcpy(out_keys->auth_key, key_material, 16);
// Note the |ctr128_f| function uses a big-endian couner, while AES-GCM-SIV
// uses a little-endian counter. We ignore the return value and only use
// |block128_f|. This has a significant performance cost for the fallback
// bitsliced AES implementations (bsaes and aes_nohw).
//
// We currently do not consider AES-GCM-SIV to be performance-sensitive on
// client hardware. If this changes, we can write little-endian |ctr128_f|
// functions.
aes_ctr_set_key(&out_keys->enc_key.ks, NULL, &out_keys->enc_block,
key_material + 16, gcm_siv_ctx->is_256 ? 32 : 16);
}
@@ -740,8 +718,7 @@ static int aead_aes_gcm_siv_seal_scatter(
size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce,
size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in,
size_t extra_in_len, const uint8_t *ad, size_t ad_len) {
const struct aead_aes_gcm_siv_ctx *gcm_siv_ctx =
(struct aead_aes_gcm_siv_ctx *)&ctx->state;
const struct aead_aes_gcm_siv_ctx *gcm_siv_ctx = ctx->aead_state;
const uint64_t in_len_64 = in_len;
const uint64_t ad_len_64 = ad_len;
@@ -801,8 +778,7 @@ static int aead_aes_gcm_siv_open_gather(const EVP_AEAD_CTX *ctx, uint8_t *out,
return 0;
}
const struct aead_aes_gcm_siv_ctx *gcm_siv_ctx =
(struct aead_aes_gcm_siv_ctx *)&ctx->state;
const struct aead_aes_gcm_siv_ctx *gcm_siv_ctx = ctx->aead_state;
struct gcm_siv_record_keys keys;
gcm_siv_keys(gcm_siv_ctx, &keys, nonce);
@@ -855,7 +831,7 @@ static const EVP_AEAD aead_aes_256_gcm_siv = {
NULL /* tag_len */,
};
#if defined(AES_GCM_SIV_ASM)
#if defined(OPENSSL_X86_64) && !defined(OPENSSL_NO_ASM)
static char avx_aesni_capable(void) {
const uint32_t ecx = OPENSSL_ia32cap_P[1];
@@ -888,4 +864,4 @@ const EVP_AEAD *EVP_aead_aes_256_gcm_siv(void) {
return &aead_aes_256_gcm_siv;
}
#endif // AES_GCM_SIV_ASM
#endif // X86_64 && !NO_ASM
crypto/cipher_extra/e_chacha20poly1305.c
+326
View File
@@ -0,0 +1,326 @@
/* Copyright (c) 2014, Google Inc.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
#include <openssl/aead.h>
#include <string.h>
#include <openssl/chacha.h>
#include <openssl/cipher.h>
#include <openssl/cpu.h>
#include <openssl/err.h>
#include <openssl/mem.h>
#include <openssl/poly1305.h>
#include <openssl/type_check.h>
#include "../fipsmodule/cipher/internal.h"
#include "../internal.h"
#define POLY1305_TAG_LEN 16
struct aead_chacha20_poly1305_ctx {
uint8_t key[32];
};
// For convenience (the x86_64 calling convention allows only six parameters in
// registers), the final parameter for the assembly functions is both an input
// and output parameter.
union open_data {
struct {
alignas(16) uint8_t key[32];
uint32_t counter;
uint8_t nonce[12];
} in;
struct {
uint8_t tag[POLY1305_TAG_LEN];
} out;
};
union seal_data {
struct {
alignas(16) uint8_t key[32];
uint32_t counter;
uint8_t nonce[12];
const uint8_t *extra_ciphertext;
size_t extra_ciphertext_len;
} in;
struct {
uint8_t tag[POLY1305_TAG_LEN];
} out;
};
#if defined(OPENSSL_X86_64) && !defined(OPENSSL_NO_ASM) && \
!defined(OPENSSL_WINDOWS)
static int asm_capable(void) {
const int sse41_capable = (OPENSSL_ia32cap_P[1] & (1 << 19)) != 0;
return sse41_capable;
}
OPENSSL_COMPILE_ASSERT(sizeof(union open_data) == 48, wrong_open_data_size);
OPENSSL_COMPILE_ASSERT(sizeof(union seal_data) == 48 + 8 + 8,
wrong_seal_data_size);
// chacha20_poly1305_open is defined in chacha20_poly1305_x86_64.pl. It decrypts
// |plaintext_len| bytes from |ciphertext| and writes them to |out_plaintext|.
// Additional input parameters are passed in |aead_data->in|. On exit, it will
// write calculated tag value to |aead_data->out.tag|, which the caller must
// check.
extern void chacha20_poly1305_open(uint8_t *out_plaintext,
const uint8_t *ciphertext,
size_t plaintext_len, const uint8_t *ad,
size_t ad_len, union open_data *aead_data);
// chacha20_poly1305_open is defined in chacha20_poly1305_x86_64.pl. It encrypts
// |plaintext_len| bytes from |plaintext| and writes them to |out_ciphertext|.
// Additional input parameters are passed in |aead_data->in|. The calculated tag
// value is over the computed ciphertext concatenated with |extra_ciphertext|
// and written to |aead_data->out.tag|.
extern void chacha20_poly1305_seal(uint8_t *out_ciphertext,
const uint8_t *plaintext,
size_t plaintext_len, const uint8_t *ad,
size_t ad_len, union seal_data *aead_data);
#else
static int asm_capable(void) { return 0; }
static void chacha20_poly1305_open(uint8_t *out_plaintext,
const uint8_t *ciphertext,
size_t plaintext_len, const uint8_t *ad,
size_t ad_len, union open_data *aead_data) {}
static void chacha20_poly1305_seal(uint8_t *out_ciphertext,
const uint8_t *plaintext,
size_t plaintext_len, const uint8_t *ad,
size_t ad_len, union seal_data *aead_data) {}
#endif
static int aead_chacha20_poly1305_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
size_t key_len, size_t tag_len) {
struct aead_chacha20_poly1305_ctx *c20_ctx;
if (tag_len == 0) {
tag_len = POLY1305_TAG_LEN;
}
if (tag_len > POLY1305_TAG_LEN) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
if (key_len != sizeof(c20_ctx->key)) {
return 0; // internal error - EVP_AEAD_CTX_init should catch this.
}
c20_ctx = OPENSSL_malloc(sizeof(struct aead_chacha20_poly1305_ctx));
if (c20_ctx == NULL) {
return 0;
}
OPENSSL_memcpy(c20_ctx->key, key, key_len);
ctx->aead_state = c20_ctx;
ctx->tag_len = tag_len;
return 1;
}
static void aead_chacha20_poly1305_cleanup(EVP_AEAD_CTX *ctx) {
OPENSSL_free(ctx->aead_state);
}
static void poly1305_update_length(poly1305_state *poly1305, size_t data_len) {
uint8_t length_bytes[8];
for (unsigned i = 0; i < sizeof(length_bytes); i++) {
length_bytes[i] = data_len;
data_len >>= 8;
}
CRYPTO_poly1305_update(poly1305, length_bytes, sizeof(length_bytes));
}
// calc_tag fills |tag| with the authentication tag for the given inputs.
static void calc_tag(uint8_t tag[POLY1305_TAG_LEN],
const struct aead_chacha20_poly1305_ctx *c20_ctx,
const uint8_t nonce[12], const uint8_t *ad, size_t ad_len,
const uint8_t *ciphertext, size_t ciphertext_len,
const uint8_t *ciphertext_extra,
size_t ciphertext_extra_len) {
alignas(16) uint8_t poly1305_key[32];
OPENSSL_memset(poly1305_key, 0, sizeof(poly1305_key));
CRYPTO_chacha_20(poly1305_key, poly1305_key, sizeof(poly1305_key),
c20_ctx->key, nonce, 0);
static const uint8_t padding[16] = { 0 }; // Padding is all zeros.
poly1305_state ctx;
CRYPTO_poly1305_init(&ctx, poly1305_key);
CRYPTO_poly1305_update(&ctx, ad, ad_len);
if (ad_len % 16 != 0) {
CRYPTO_poly1305_update(&ctx, padding, sizeof(padding) - (ad_len % 16));
}
CRYPTO_poly1305_update(&ctx, ciphertext, ciphertext_len);
CRYPTO_poly1305_update(&ctx, ciphertext_extra, ciphertext_extra_len);
const size_t ciphertext_total = ciphertext_len + ciphertext_extra_len;
if (ciphertext_total % 16 != 0) {
CRYPTO_poly1305_update(&ctx, padding,
sizeof(padding) - (ciphertext_total % 16));
}
poly1305_update_length(&ctx, ad_len);
poly1305_update_length(&ctx, ciphertext_total);
CRYPTO_poly1305_finish(&ctx, tag);
}
static int aead_chacha20_poly1305_seal_scatter(
const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag,
size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce,
size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in,
size_t extra_in_len, const uint8_t *ad, size_t ad_len) {
const struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state;
if (extra_in_len + ctx->tag_len < ctx->tag_len) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
if (max_out_tag_len < ctx->tag_len + extra_in_len) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
return 0;
}
if (nonce_len != 12) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
return 0;
}
// |CRYPTO_chacha_20| uses a 32-bit block counter. Therefore we disallow
// individual operations that work on more than 256GB at a time.
// |in_len_64| is needed because, on 32-bit platforms, size_t is only
// 32-bits and this produces a warning because it's always false.
// Casting to uint64_t inside the conditional is not sufficient to stop
// the warning.
const uint64_t in_len_64 = in_len;
if (in_len_64 >= (UINT64_C(1) << 32) * 64 - 64) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
if (max_out_tag_len < ctx->tag_len) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
return 0;
}
// The the extra input is given, it is expected to be very short and so is
// encrypted byte-by-byte first.
if (extra_in_len) {
static const size_t kChaChaBlockSize = 64;
uint32_t block_counter = 1 + (in_len / kChaChaBlockSize);
size_t offset = in_len % kChaChaBlockSize;
uint8_t block[64 /* kChaChaBlockSize */];
for (size_t done = 0; done < extra_in_len; block_counter++) {
memset(block, 0, sizeof(block));
CRYPTO_chacha_20(block, block, sizeof(block), c20_ctx->key, nonce,
block_counter);
for (size_t i = offset; i < sizeof(block) && done < extra_in_len;
i++, done++) {
out_tag[done] = extra_in[done] ^ block[i];
}
offset = 0;
}
}
union seal_data data;
if (asm_capable()) {
OPENSSL_memcpy(data.in.key, c20_ctx->key, 32);
data.in.counter = 0;
OPENSSL_memcpy(data.in.nonce, nonce, 12);
data.in.extra_ciphertext = out_tag;
data.in.extra_ciphertext_len = extra_in_len;
chacha20_poly1305_seal(out, in, in_len, ad, ad_len, &data);
} else {
CRYPTO_chacha_20(out, in, in_len, c20_ctx->key, nonce, 1);
calc_tag(data.out.tag, c20_ctx, nonce, ad, ad_len, out, in_len, out_tag,
extra_in_len);
}
OPENSSL_memcpy(out_tag + extra_in_len, data.out.tag, ctx->tag_len);
*out_tag_len = extra_in_len + ctx->tag_len;
return 1;
}
static int aead_chacha20_poly1305_open_gather(
const EVP_AEAD_CTX *ctx, uint8_t *out, const uint8_t *nonce,
size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *in_tag,
size_t in_tag_len, const uint8_t *ad, size_t ad_len) {
const struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state;
if (nonce_len != 12) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
return 0;
}
if (in_tag_len != ctx->tag_len) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
// |CRYPTO_chacha_20| uses a 32-bit block counter. Therefore we disallow
// individual operations that work on more than 256GB at a time.
// |in_len_64| is needed because, on 32-bit platforms, size_t is only
// 32-bits and this produces a warning because it's always false.
// Casting to uint64_t inside the conditional is not sufficient to stop
// the warning.
const uint64_t in_len_64 = in_len;
if (in_len_64 >= (UINT64_C(1) << 32) * 64 - 64) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
union open_data data;
if (asm_capable()) {
OPENSSL_memcpy(data.in.key, c20_ctx->key, 32);
data.in.counter = 0;
OPENSSL_memcpy(data.in.nonce, nonce, 12);
chacha20_poly1305_open(out, in, in_len, ad, ad_len, &data);
} else {
calc_tag(data.out.tag, c20_ctx, nonce, ad, ad_len, in, in_len, NULL, 0);
CRYPTO_chacha_20(out, in, in_len, c20_ctx->key, nonce, 1);
}
if (CRYPTO_memcmp(data.out.tag, in_tag, ctx->tag_len) != 0) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BAD_DECRYPT);
return 0;
}
return 1;
}
static const EVP_AEAD aead_chacha20_poly1305 = {
32, // key len
12, // nonce len
POLY1305_TAG_LEN, // overhead
POLY1305_TAG_LEN, // max tag length
1, // seal_scatter_supports_extra_in
aead_chacha20_poly1305_init,
NULL, // init_with_direction
aead_chacha20_poly1305_cleanup,
NULL /* open */,
aead_chacha20_poly1305_seal_scatter,
aead_chacha20_poly1305_open_gather,
NULL, // get_iv
NULL, // tag_len
};
const EVP_AEAD *EVP_aead_chacha20_poly1305(void) {
return &aead_chacha20_poly1305;
}

Some files were not shown because too many files have changed in this diff Show More