diff options
author | Maurice Lam <yukl@google.com> | 2023-11-01 21:32:47 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2023-11-01 21:32:47 +0000 |
commit | 7535c88e2d0e0d5d60f4d2e7c5c8bd5f0e5f0896 (patch) | |
tree | 3fe7790f63b9c56226b75550ddce4de930a4c721 | |
parent | cce80c22fdde2b8422032e34bc4c5f18e5fbdf8c (diff) | |
parent | c72066cea230886dfc0c71e3f9975446e671ebc3 (diff) | |
download | boringssl-7535c88e2d0e0d5d60f4d2e7c5c8bd5f0e5f0896.tar.gz |
external/boringssl: Sync to 2a33faebe1827956e7fca8cbb15e2ca79b292d9c. am: b57bbdeeae am: 74a4310cc4 am: c72066cea2
Original change: https://android-review.googlesource.com/c/platform/external/boringssl/+/2812559
Change-Id: I5a084cf1a0eaac39901d11a8812f1ef7e4ee6652
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
131 files changed, 4935 insertions, 3358 deletions
diff --git a/BORINGSSL_REVISION b/BORINGSSL_REVISION index 9b2c4efc..09abe8f2 100644 --- a/BORINGSSL_REVISION +++ b/BORINGSSL_REVISION @@ -1 +1 @@ -bd20800c22fc8402611b537287bd6948c3f2a5a8 +2a33faebe1827956e7fca8cbb15e2ca79b292d9c diff --git a/BUILD.generated.bzl b/BUILD.generated.bzl index 55622b26..edb55c8d 100644 --- a/BUILD.generated.bzl +++ b/BUILD.generated.bzl @@ -256,6 +256,7 @@ crypto_internal_headers = [ "src/crypto/fipsmodule/tls/internal.h", "src/crypto/hrss/internal.h", "src/crypto/internal.h", + "src/crypto/keccak/internal.h", "src/crypto/kyber/internal.h", "src/crypto/lhash/internal.h", "src/crypto/obj/obj_dat.h", @@ -388,7 +389,7 @@ crypto_sources = [ "src/crypto/fipsmodule/fips_shared_support.c", "src/crypto/hpke/hpke.c", "src/crypto/hrss/hrss.c", - "src/crypto/kyber/keccak.c", + "src/crypto/keccak/keccak.c", "src/crypto/kyber/kyber.c", "src/crypto/lhash/lhash.c", "src/crypto/mem.c", @@ -629,6 +630,8 @@ crypto_sources_asm = [ "src/crypto/poly1305/poly1305_arm_asm.S", "src/third_party/fiat/asm/fiat_curve25519_adx_mul.S", "src/third_party/fiat/asm/fiat_curve25519_adx_square.S", + "src/third_party/fiat/asm/fiat_p256_adx_mul.S", + "src/third_party/fiat/asm/fiat_p256_adx_sqr.S", "win-aarch64/crypto/chacha/chacha-armv8-win.S", "win-aarch64/crypto/cipher_extra/chacha20_poly1305_armv8-win.S", "win-aarch64/crypto/fipsmodule/aesv8-armv8-win.S", diff --git a/BUILD.generated_tests.bzl b/BUILD.generated_tests.bzl index 423c6b0a..e6aa01b4 100644 --- a/BUILD.generated_tests.bzl +++ b/BUILD.generated_tests.bzl @@ -41,6 +41,7 @@ test_support_sources = [ "src/crypto/fipsmodule/tls/internal.h", "src/crypto/hrss/internal.h", "src/crypto/internal.h", + "src/crypto/keccak/internal.h", "src/crypto/kyber/internal.h", "src/crypto/lhash/internal.h", "src/crypto/obj/obj_dat.h", @@ -115,6 +116,7 @@ crypto_test_sources = [ "src/crypto/fipsmodule/cmac/cmac_test.cc", "src/crypto/fipsmodule/ec/ec_test.cc", "src/crypto/fipsmodule/ec/p256-nistz_test.cc", + "src/crypto/fipsmodule/ec/p256_test.cc", "src/crypto/fipsmodule/ecdsa/ecdsa_test.cc", "src/crypto/fipsmodule/hkdf/hkdf_test.cc", "src/crypto/fipsmodule/md5/md5_test.cc", @@ -127,6 +129,7 @@ crypto_test_sources = [ "src/crypto/hpke/hpke_test.cc", "src/crypto/hrss/hrss_test.cc", "src/crypto/impl_dispatch_test.cc", + "src/crypto/keccak/keccak_test.cc", "src/crypto/kyber/kyber_test.cc", "src/crypto/lhash/lhash_test.cc", "src/crypto/obj/obj_test.cc", @@ -183,6 +186,7 @@ pki_test_sources = [ "src/pki/path_builder_pkits_unittest.cc", "src/pki/path_builder_unittest.cc", "src/pki/path_builder_verify_certificate_chain_unittest.cc", + "src/pki/pem_unittest.cc", "src/pki/signature_algorithm_unittest.cc", "src/pki/simple_path_builder_delegate_unittest.cc", "src/pki/string_util_unittest.cc", @@ -255,7 +259,7 @@ crypto_test_data = [ "src/crypto/fipsmodule/rand/ctrdrbg_vectors.txt", "src/crypto/hmac_extra/hmac_tests.txt", "src/crypto/hpke/hpke_test_vectors.txt", - "src/crypto/kyber/keccak_tests.txt", + "src/crypto/keccak/keccak_tests.txt", "src/crypto/kyber/kyber_tests.txt", "src/crypto/pkcs8/test/empty_password.p12", "src/crypto/pkcs8/test/no_encryption.p12", diff --git a/CMakeLists.txt b/CMakeLists.txt index 88712b8d..b4de149f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -204,6 +204,8 @@ set( src/crypto/poly1305/poly1305_arm_asm.S src/third_party/fiat/asm/fiat_curve25519_adx_mul.S src/third_party/fiat/asm/fiat_curve25519_adx_square.S + src/third_party/fiat/asm/fiat_p256_adx_mul.S + src/third_party/fiat/asm/fiat_p256_adx_sqr.S win-aarch64/crypto/chacha/chacha-armv8-win.S win-aarch64/crypto/cipher_extra/chacha20_poly1305_armv8-win.S win-aarch64/crypto/fipsmodule/aesv8-armv8-win.S @@ -379,7 +381,7 @@ add_library( src/crypto/fipsmodule/fips_shared_support.c src/crypto/hpke/hpke.c src/crypto/hrss/hrss.c - src/crypto/kyber/keccak.c + src/crypto/keccak/keccak.c src/crypto/kyber/kyber.c src/crypto/lhash/lhash.c src/crypto/mem.c diff --git a/android-sources.cmake b/android-sources.cmake index 82631d02..d32cce49 100644 --- a/android-sources.cmake +++ b/android-sources.cmake @@ -127,7 +127,7 @@ set(crypto_sources ${BORINGSSL_ROOT}src/crypto/fipsmodule/fips_shared_support.c ${BORINGSSL_ROOT}src/crypto/hpke/hpke.c ${BORINGSSL_ROOT}src/crypto/hrss/hrss.c - ${BORINGSSL_ROOT}src/crypto/kyber/keccak.c + ${BORINGSSL_ROOT}src/crypto/keccak/keccak.c ${BORINGSSL_ROOT}src/crypto/kyber/kyber.c ${BORINGSSL_ROOT}src/crypto/lhash/lhash.c ${BORINGSSL_ROOT}src/crypto/mem.c @@ -367,6 +367,8 @@ set(crypto_sources_asm ${BORINGSSL_ROOT}src/crypto/poly1305/poly1305_arm_asm.S ${BORINGSSL_ROOT}src/third_party/fiat/asm/fiat_curve25519_adx_mul.S ${BORINGSSL_ROOT}src/third_party/fiat/asm/fiat_curve25519_adx_square.S + ${BORINGSSL_ROOT}src/third_party/fiat/asm/fiat_p256_adx_mul.S + ${BORINGSSL_ROOT}src/third_party/fiat/asm/fiat_p256_adx_sqr.S ${BORINGSSL_ROOT}win-aarch64/crypto/chacha/chacha-armv8-win.S ${BORINGSSL_ROOT}win-aarch64/crypto/cipher_extra/chacha20_poly1305_armv8-win.S ${BORINGSSL_ROOT}win-aarch64/crypto/fipsmodule/aesv8-armv8-win.S @@ -515,6 +517,7 @@ set(crypto_test_sources ${BORINGSSL_ROOT}src/crypto/fipsmodule/cmac/cmac_test.cc ${BORINGSSL_ROOT}src/crypto/fipsmodule/ec/ec_test.cc ${BORINGSSL_ROOT}src/crypto/fipsmodule/ec/p256-nistz_test.cc + ${BORINGSSL_ROOT}src/crypto/fipsmodule/ec/p256_test.cc ${BORINGSSL_ROOT}src/crypto/fipsmodule/ecdsa/ecdsa_test.cc ${BORINGSSL_ROOT}src/crypto/fipsmodule/hkdf/hkdf_test.cc ${BORINGSSL_ROOT}src/crypto/fipsmodule/md5/md5_test.cc @@ -527,6 +530,7 @@ set(crypto_test_sources ${BORINGSSL_ROOT}src/crypto/hpke/hpke_test.cc ${BORINGSSL_ROOT}src/crypto/hrss/hrss_test.cc ${BORINGSSL_ROOT}src/crypto/impl_dispatch_test.cc + ${BORINGSSL_ROOT}src/crypto/keccak/keccak_test.cc ${BORINGSSL_ROOT}src/crypto/kyber/kyber_test.cc ${BORINGSSL_ROOT}src/crypto/lhash/lhash_test.cc ${BORINGSSL_ROOT}src/crypto/obj/obj_test.cc diff --git a/apple-arm/crypto/chacha/chacha-armv4-apple.S b/apple-arm/crypto/chacha/chacha-armv4-apple.S index cf2644e0..bd836b60 100644 --- a/apple-arm/crypto/chacha/chacha-armv4-apple.S +++ b/apple-arm/crypto/chacha/chacha-armv4-apple.S @@ -46,7 +46,7 @@ _ChaCha20_ctr32: LChaCha20_ctr32: ldr r12,[sp,#0] @ pull pointer to counter and nonce stmdb sp!,{r0,r1,r2,r4-r11,lr} -#if __ARM_ARCH__<7 && !defined(__thumb2__) +#if __ARM_ARCH<7 && !defined(__thumb2__) sub r14,pc,#16 @ _ChaCha20_ctr32 #else adr r14,LChaCha20_ctr32 @@ -232,8 +232,8 @@ Loop: ldr r8,[sp,#4*(0)] @ load key material ldr r9,[sp,#4*(1)] -#if __ARM_ARCH__>=6 || !defined(__ARMEB__) -# if __ARM_ARCH__<7 +#if __ARM_ARCH>=6 || !defined(__ARMEB__) +# if __ARM_ARCH<7 orr r10,r12,r14 tst r10,#3 @ are input and output aligned? ldr r10,[sp,#4*(2)] @@ -259,7 +259,7 @@ Loop: # endif ldrhs r10,[r12,#-8] ldrhs r11,[r12,#-4] -# if __ARM_ARCH__>=6 && defined(__ARMEB__) +# if __ARM_ARCH>=6 && defined(__ARMEB__) rev r0,r0 rev r1,r1 rev r2,r2 @@ -296,7 +296,7 @@ Loop: # endif ldrhs r10,[r12,#-8] ldrhs r11,[r12,#-4] -# if __ARM_ARCH__>=6 && defined(__ARMEB__) +# if __ARM_ARCH>=6 && defined(__ARMEB__) rev r4,r4 rev r5,r5 rev r6,r6 @@ -341,7 +341,7 @@ Loop: # endif ldrhs r10,[r12,#-8] ldrhs r11,[r12,#-4] -# if __ARM_ARCH__>=6 && defined(__ARMEB__) +# if __ARM_ARCH>=6 && defined(__ARMEB__) rev r0,r0 rev r1,r1 rev r2,r2 @@ -383,7 +383,7 @@ Loop: # endif ldrhs r10,[r12,#-8] ldrhs r11,[r12,#-4] -# if __ARM_ARCH__>=6 && defined(__ARMEB__) +# if __ARM_ARCH>=6 && defined(__ARMEB__) rev r4,r4 rev r5,r5 rev r6,r6 @@ -414,7 +414,7 @@ Loop: bhi Loop_outer beq Ldone -# if __ARM_ARCH__<7 +# if __ARM_ARCH<7 b Ltail .align 4 @@ -422,7 +422,7 @@ Lunaligned:@ unaligned endian-neutral path cmp r11,#64 @ restore flags # endif #endif -#if __ARM_ARCH__<7 +#if __ARM_ARCH<7 ldr r11,[sp,#4*(3)] add r0,r0,r8 @ accumulate key material add r1,r1,r9 diff --git a/apple-arm/crypto/fipsmodule/armv4-mont-apple.S b/apple-arm/crypto/fipsmodule/armv4-mont-apple.S index 54bd13f2..07d1b064 100644 --- a/apple-arm/crypto/fipsmodule/armv4-mont-apple.S +++ b/apple-arm/crypto/fipsmodule/armv4-mont-apple.S @@ -195,7 +195,7 @@ Lcopy: ldr r7,[r4] @ conditional copy add sp,sp,#2*4 @ skip over {r0,r2} mov r0,#1 Labrt: -#if __ARM_ARCH__>=5 +#if __ARM_ARCH>=5 bx lr @ bx lr #else tst lr,#1 diff --git a/apple-arm/crypto/fipsmodule/bsaes-armv7-apple.S b/apple-arm/crypto/fipsmodule/bsaes-armv7-apple.S index 28cc6b36..67696ff4 100644 --- a/apple-arm/crypto/fipsmodule/bsaes-armv7-apple.S +++ b/apple-arm/crypto/fipsmodule/bsaes-armv7-apple.S @@ -67,7 +67,6 @@ # define VFP_ABI_FRAME 0 # define BSAES_ASM_EXTENDED_KEY # define XTS_CHAIN_TWEAK -# define __ARM_ARCH__ __LINUX_ARM_ARCH__ # define __ARM_MAX_ARCH__ 7 #endif diff --git a/apple-arm/crypto/fipsmodule/sha1-armv4-large-apple.S b/apple-arm/crypto/fipsmodule/sha1-armv4-large-apple.S index d653f2d1..aaae29b5 100644 --- a/apple-arm/crypto/fipsmodule/sha1-armv4-large-apple.S +++ b/apple-arm/crypto/fipsmodule/sha1-armv4-large-apple.S @@ -46,7 +46,7 @@ Lloop: mov r6,r6,ror#30 mov r7,r7,ror#30 @ [6] L_00_15: -#if __ARM_ARCH__<7 +#if __ARM_ARCH<7 ldrb r10,[r1,#2] ldrb r9,[r1,#3] ldrb r11,[r1,#1] @@ -71,7 +71,7 @@ L_00_15: eor r10,r10,r6,ror#2 @ F_00_19(B,C,D) str r9,[r14,#-4]! add r7,r7,r10 @ E+=F_00_19(B,C,D) -#if __ARM_ARCH__<7 +#if __ARM_ARCH<7 ldrb r10,[r1,#2] ldrb r9,[r1,#3] ldrb r11,[r1,#1] @@ -96,7 +96,7 @@ L_00_15: eor r10,r10,r5,ror#2 @ F_00_19(B,C,D) str r9,[r14,#-4]! add r6,r6,r10 @ E+=F_00_19(B,C,D) -#if __ARM_ARCH__<7 +#if __ARM_ARCH<7 ldrb r10,[r1,#2] ldrb r9,[r1,#3] ldrb r11,[r1,#1] @@ -121,7 +121,7 @@ L_00_15: eor r10,r10,r4,ror#2 @ F_00_19(B,C,D) str r9,[r14,#-4]! add r5,r5,r10 @ E+=F_00_19(B,C,D) -#if __ARM_ARCH__<7 +#if __ARM_ARCH<7 ldrb r10,[r1,#2] ldrb r9,[r1,#3] ldrb r11,[r1,#1] @@ -146,7 +146,7 @@ L_00_15: eor r10,r10,r3,ror#2 @ F_00_19(B,C,D) str r9,[r14,#-4]! add r4,r4,r10 @ E+=F_00_19(B,C,D) -#if __ARM_ARCH__<7 +#if __ARM_ARCH<7 ldrb r10,[r1,#2] ldrb r9,[r1,#3] ldrb r11,[r1,#1] @@ -179,7 +179,7 @@ L_00_15: #endif bne L_00_15 @ [((11+4)*5+2)*3] sub sp,sp,#25*4 -#if __ARM_ARCH__<7 +#if __ARM_ARCH<7 ldrb r10,[r1,#2] ldrb r9,[r1,#3] ldrb r11,[r1,#1] @@ -477,7 +477,7 @@ L_done: teq r1,r2 bne Lloop @ [+18], total 1307 -#if __ARM_ARCH__>=5 +#if __ARM_ARCH>=5 ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc} #else ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} diff --git a/apple-arm/crypto/fipsmodule/sha256-armv4-apple.S b/apple-arm/crypto/fipsmodule/sha256-armv4-apple.S index 8379765e..7e30b881 100644 --- a/apple-arm/crypto/fipsmodule/sha256-armv4-apple.S +++ b/apple-arm/crypto/fipsmodule/sha256-armv4-apple.S @@ -52,7 +52,7 @@ #ifndef __KERNEL__ # include <openssl/arm_arch.h> #else -# define __ARM_ARCH__ __LINUX_ARM_ARCH__ +# define __ARM_ARCH __LINUX_ARM_ARCH__ # define __ARM_MAX_ARCH__ 7 #endif @@ -103,7 +103,7 @@ LOPENSSL_armcap: #endif _sha256_block_data_order: Lsha256_block_data_order: -#if __ARM_ARCH__<7 && !defined(__thumb2__) +#if __ARM_ARCH<7 && !defined(__thumb2__) sub r3,pc,#8 @ _sha256_block_data_order #else adr r3,Lsha256_block_data_order @@ -125,14 +125,14 @@ Lsha256_block_data_order: sub r14,r3,#256+32 @ K256 sub sp,sp,#16*4 @ alloca(X[16]) Loop: -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 # else ldrb r2,[r1,#3] # endif eor r3,r5,r6 @ magic eor r12,r12,r12 -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr r2,[r1],#4 @ 0 # if 0==15 str r1,[sp,#17*4] @ make room for r1 @@ -173,7 +173,7 @@ Loop: cmp r12,#0xf2 @ done? #endif #if 0<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -190,7 +190,7 @@ Loop: eor r3,r3,r5 @ Maj(a,b,c) add r11,r11,r0,ror#2 @ h+=Sigma0(a) @ add r11,r11,r3 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr r2,[r1],#4 @ 1 # if 1==15 str r1,[sp,#17*4] @ make room for r1 @@ -231,7 +231,7 @@ Loop: cmp r3,#0xf2 @ done? #endif #if 1<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -248,7 +248,7 @@ Loop: eor r12,r12,r4 @ Maj(a,b,c) add r10,r10,r0,ror#2 @ h+=Sigma0(a) @ add r10,r10,r12 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr r2,[r1],#4 @ 2 # if 2==15 str r1,[sp,#17*4] @ make room for r1 @@ -289,7 +289,7 @@ Loop: cmp r12,#0xf2 @ done? #endif #if 2<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -306,7 +306,7 @@ Loop: eor r3,r3,r11 @ Maj(a,b,c) add r9,r9,r0,ror#2 @ h+=Sigma0(a) @ add r9,r9,r3 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr r2,[r1],#4 @ 3 # if 3==15 str r1,[sp,#17*4] @ make room for r1 @@ -347,7 +347,7 @@ Loop: cmp r3,#0xf2 @ done? #endif #if 3<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -364,7 +364,7 @@ Loop: eor r12,r12,r10 @ Maj(a,b,c) add r8,r8,r0,ror#2 @ h+=Sigma0(a) @ add r8,r8,r12 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr r2,[r1],#4 @ 4 # if 4==15 str r1,[sp,#17*4] @ make room for r1 @@ -405,7 +405,7 @@ Loop: cmp r12,#0xf2 @ done? #endif #if 4<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -422,7 +422,7 @@ Loop: eor r3,r3,r9 @ Maj(a,b,c) add r7,r7,r0,ror#2 @ h+=Sigma0(a) @ add r7,r7,r3 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr r2,[r1],#4 @ 5 # if 5==15 str r1,[sp,#17*4] @ make room for r1 @@ -463,7 +463,7 @@ Loop: cmp r3,#0xf2 @ done? #endif #if 5<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -480,7 +480,7 @@ Loop: eor r12,r12,r8 @ Maj(a,b,c) add r6,r6,r0,ror#2 @ h+=Sigma0(a) @ add r6,r6,r12 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr r2,[r1],#4 @ 6 # if 6==15 str r1,[sp,#17*4] @ make room for r1 @@ -521,7 +521,7 @@ Loop: cmp r12,#0xf2 @ done? #endif #if 6<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -538,7 +538,7 @@ Loop: eor r3,r3,r7 @ Maj(a,b,c) add r5,r5,r0,ror#2 @ h+=Sigma0(a) @ add r5,r5,r3 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr r2,[r1],#4 @ 7 # if 7==15 str r1,[sp,#17*4] @ make room for r1 @@ -579,7 +579,7 @@ Loop: cmp r3,#0xf2 @ done? #endif #if 7<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -596,7 +596,7 @@ Loop: eor r12,r12,r6 @ Maj(a,b,c) add r4,r4,r0,ror#2 @ h+=Sigma0(a) @ add r4,r4,r12 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr r2,[r1],#4 @ 8 # if 8==15 str r1,[sp,#17*4] @ make room for r1 @@ -637,7 +637,7 @@ Loop: cmp r12,#0xf2 @ done? #endif #if 8<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -654,7 +654,7 @@ Loop: eor r3,r3,r5 @ Maj(a,b,c) add r11,r11,r0,ror#2 @ h+=Sigma0(a) @ add r11,r11,r3 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr r2,[r1],#4 @ 9 # if 9==15 str r1,[sp,#17*4] @ make room for r1 @@ -695,7 +695,7 @@ Loop: cmp r3,#0xf2 @ done? #endif #if 9<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -712,7 +712,7 @@ Loop: eor r12,r12,r4 @ Maj(a,b,c) add r10,r10,r0,ror#2 @ h+=Sigma0(a) @ add r10,r10,r12 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr r2,[r1],#4 @ 10 # if 10==15 str r1,[sp,#17*4] @ make room for r1 @@ -753,7 +753,7 @@ Loop: cmp r12,#0xf2 @ done? #endif #if 10<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -770,7 +770,7 @@ Loop: eor r3,r3,r11 @ Maj(a,b,c) add r9,r9,r0,ror#2 @ h+=Sigma0(a) @ add r9,r9,r3 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr r2,[r1],#4 @ 11 # if 11==15 str r1,[sp,#17*4] @ make room for r1 @@ -811,7 +811,7 @@ Loop: cmp r3,#0xf2 @ done? #endif #if 11<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -828,7 +828,7 @@ Loop: eor r12,r12,r10 @ Maj(a,b,c) add r8,r8,r0,ror#2 @ h+=Sigma0(a) @ add r8,r8,r12 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr r2,[r1],#4 @ 12 # if 12==15 str r1,[sp,#17*4] @ make room for r1 @@ -869,7 +869,7 @@ Loop: cmp r12,#0xf2 @ done? #endif #if 12<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -886,7 +886,7 @@ Loop: eor r3,r3,r9 @ Maj(a,b,c) add r7,r7,r0,ror#2 @ h+=Sigma0(a) @ add r7,r7,r3 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr r2,[r1],#4 @ 13 # if 13==15 str r1,[sp,#17*4] @ make room for r1 @@ -927,7 +927,7 @@ Loop: cmp r3,#0xf2 @ done? #endif #if 13<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -944,7 +944,7 @@ Loop: eor r12,r12,r8 @ Maj(a,b,c) add r6,r6,r0,ror#2 @ h+=Sigma0(a) @ add r6,r6,r12 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr r2,[r1],#4 @ 14 # if 14==15 str r1,[sp,#17*4] @ make room for r1 @@ -985,7 +985,7 @@ Loop: cmp r12,#0xf2 @ done? #endif #if 14<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1002,7 +1002,7 @@ Loop: eor r3,r3,r7 @ Maj(a,b,c) add r5,r5,r0,ror#2 @ h+=Sigma0(a) @ add r5,r5,r3 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr r2,[r1],#4 @ 15 # if 15==15 str r1,[sp,#17*4] @ make room for r1 @@ -1043,7 +1043,7 @@ Loop: cmp r3,#0xf2 @ done? #endif #if 15<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1093,7 +1093,7 @@ Lrounds_16_xx: cmp r12,#0xf2 @ done? #endif #if 16<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1142,7 +1142,7 @@ Lrounds_16_xx: cmp r3,#0xf2 @ done? #endif #if 17<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1191,7 +1191,7 @@ Lrounds_16_xx: cmp r12,#0xf2 @ done? #endif #if 18<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1240,7 +1240,7 @@ Lrounds_16_xx: cmp r3,#0xf2 @ done? #endif #if 19<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1289,7 +1289,7 @@ Lrounds_16_xx: cmp r12,#0xf2 @ done? #endif #if 20<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1338,7 +1338,7 @@ Lrounds_16_xx: cmp r3,#0xf2 @ done? #endif #if 21<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1387,7 +1387,7 @@ Lrounds_16_xx: cmp r12,#0xf2 @ done? #endif #if 22<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1436,7 +1436,7 @@ Lrounds_16_xx: cmp r3,#0xf2 @ done? #endif #if 23<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1485,7 +1485,7 @@ Lrounds_16_xx: cmp r12,#0xf2 @ done? #endif #if 24<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1534,7 +1534,7 @@ Lrounds_16_xx: cmp r3,#0xf2 @ done? #endif #if 25<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1583,7 +1583,7 @@ Lrounds_16_xx: cmp r12,#0xf2 @ done? #endif #if 26<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1632,7 +1632,7 @@ Lrounds_16_xx: cmp r3,#0xf2 @ done? #endif #if 27<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1681,7 +1681,7 @@ Lrounds_16_xx: cmp r12,#0xf2 @ done? #endif #if 28<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1730,7 +1730,7 @@ Lrounds_16_xx: cmp r3,#0xf2 @ done? #endif #if 29<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1779,7 +1779,7 @@ Lrounds_16_xx: cmp r12,#0xf2 @ done? #endif #if 30<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1828,7 +1828,7 @@ Lrounds_16_xx: cmp r3,#0xf2 @ done? #endif #if 31<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1845,7 +1845,7 @@ Lrounds_16_xx: eor r12,r12,r6 @ Maj(a,b,c) add r4,r4,r0,ror#2 @ h+=Sigma0(a) @ add r4,r4,r12 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 ite eq @ Thumb2 thing, sanity check in ARM #endif ldreq r3,[sp,#16*4] @ pull ctx @@ -1876,7 +1876,7 @@ Lrounds_16_xx: bne Loop add sp,sp,#19*4 @ destroy frame -#if __ARM_ARCH__>=5 +#if __ARM_ARCH>=5 ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,pc} #else ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,lr} diff --git a/apple-arm/crypto/fipsmodule/sha512-armv4-apple.S b/apple-arm/crypto/fipsmodule/sha512-armv4-apple.S index 12884b55..2b1cd500 100644 --- a/apple-arm/crypto/fipsmodule/sha512-armv4-apple.S +++ b/apple-arm/crypto/fipsmodule/sha512-armv4-apple.S @@ -63,7 +63,6 @@ # define VFP_ABI_PUSH vstmdb sp!,{d8-d15} # define VFP_ABI_POP vldmia sp!,{d8-d15} #else -# define __ARM_ARCH__ __LINUX_ARM_ARCH__ # define __ARM_MAX_ARCH__ 7 # define VFP_ABI_PUSH # define VFP_ABI_POP @@ -151,7 +150,7 @@ LOPENSSL_armcap: #endif _sha512_block_data_order: Lsha512_block_data_order: -#if __ARM_ARCH__<7 && !defined(__thumb2__) +#if __ARM_ARCH<7 && !defined(__thumb2__) sub r3,pc,#8 @ _sha512_block_data_order #else adr r3,Lsha512_block_data_order @@ -201,7 +200,7 @@ Loop: str r4,[sp,#40+4] L00_15: -#if __ARM_ARCH__<7 +#if __ARM_ARCH<7 ldrb r3,[r1,#7] ldrb r9, [r1,#6] ldrb r10, [r1,#5] @@ -278,7 +277,7 @@ L00_15: teq r9,#148 ldr r12,[sp,#16+0] @ c.lo -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 it eq @ Thumb2 thing, sanity check in ARM #endif orreq r14,r14,#1 @@ -418,7 +417,7 @@ L16_79: teq r9,#23 ldr r12,[sp,#16+0] @ c.lo -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 it eq @ Thumb2 thing, sanity check in ARM #endif orreq r14,r14,#1 @@ -455,7 +454,7 @@ L16_79: adc r6,r6,r4 @ h += T tst r14,#1 add r14,r14,#8 -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 ittt eq @ Thumb2 thing, sanity check in ARM #endif ldreq r9,[sp,#184+0] @@ -534,7 +533,7 @@ L16_79: bne Loop add sp,sp,#8*9 @ destroy frame -#if __ARM_ARCH__>=5 +#if __ARM_ARCH>=5 ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc} #else ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} diff --git a/crypto_test_data.cc b/crypto_test_data.cc index 393c79c6..69c12b4e 100644 --- a/crypto_test_data.cc +++ b/crypto_test_data.cc @@ -74,7 +74,7 @@ * crypto/fipsmodule/rand/ctrdrbg_vectors.txt \ * crypto/hmac_extra/hmac_tests.txt \ * crypto/hpke/hpke_test_vectors.txt \ - * crypto/kyber/keccak_tests.txt \ + * crypto/keccak/keccak_tests.txt \ * crypto/kyber/kyber_tests.txt \ * crypto/pkcs8/test/empty_password.p12 \ * crypto/pkcs8/test/no_encryption.p12 \ @@ -5270,7 +5270,7 @@ std::string GetTestData(const char *path) { if (strcmp(path, "crypto/hpke/hpke_test_vectors.txt") == 0) { return AssembleString(kData59, kLen59); } - if (strcmp(path, "crypto/kyber/keccak_tests.txt") == 0) { + if (strcmp(path, "crypto/keccak/keccak_tests.txt") == 0) { return AssembleString(kData60, kLen60); } if (strcmp(path, "crypto/kyber/kyber_tests.txt") == 0) { @@ -195,51 +195,51 @@ const uint32_t kOpenSSLReasonValues[] = { 0x283500f7, 0x28358c81, 0x2836099a, - 0x2c3232d0, + 0x2c3232e7, 0x2c329372, - 0x2c3332de, - 0x2c33b2f0, - 0x2c343304, - 0x2c34b316, - 0x2c353331, - 0x2c35b343, - 0x2c363373, + 0x2c3332f5, + 0x2c33b307, + 0x2c34331b, + 0x2c34b32d, + 0x2c353348, + 0x2c35b35a, + 0x2c36338a, 0x2c36833a, - 0x2c373380, - 0x2c37b3ac, - 0x2c3833ea, - 0x2c38b401, - 0x2c39341f, - 0x2c39b42f, - 0x2c3a3441, - 0x2c3ab455, - 0x2c3b3466, - 0x2c3bb485, + 0x2c373397, + 0x2c37b3c3, + 0x2c383401, + 0x2c38b418, + 0x2c393436, + 0x2c39b446, + 0x2c3a3458, + 0x2c3ab46c, + 0x2c3b347d, + 0x2c3bb49c, 0x2c3c1384, 0x2c3c939a, - 0x2c3d34ca, + 0x2c3d34e1, 0x2c3d93b3, - 0x2c3e34f4, - 0x2c3eb502, - 0x2c3f351a, - 0x2c3fb532, - 0x2c40355c, + 0x2c3e350b, + 0x2c3eb519, + 0x2c3f3531, + 0x2c3fb549, + 0x2c403573, 0x2c409285, - 0x2c41356d, - 0x2c41b580, + 0x2c413584, + 0x2c41b597, 0x2c42124b, - 0x2c42b591, + 0x2c42b5a8, 0x2c43076d, - 0x2c43b477, - 0x2c4433bf, - 0x2c44b53f, - 0x2c453356, - 0x2c45b392, - 0x2c46340f, - 0x2c46b499, - 0x2c4734ae, - 0x2c47b4e7, - 0x2c4833d1, + 0x2c43b48e, + 0x2c4433d6, + 0x2c44b556, + 0x2c45336d, + 0x2c45b3a9, + 0x2c463426, + 0x2c46b4b0, + 0x2c4734c5, + 0x2c47b4fe, + 0x2c4833e8, 0x30320000, 0x30328015, 0x3033001f, @@ -437,202 +437,203 @@ const uint32_t kOpenSSLReasonValues[] = { 0x404da092, 0x404e20a6, 0x404ea0b3, - 0x404f214d, - 0x404fa1c3, - 0x40502232, - 0x4050a246, - 0x40512279, - 0x40522289, - 0x4052a2ad, - 0x405322c5, - 0x4053a2d8, - 0x405422ed, - 0x4054a310, - 0x4055233b, - 0x4055a378, - 0x4056239d, - 0x4056a3b6, - 0x405723ce, - 0x4057a3e1, - 0x405823f6, - 0x4058a41d, - 0x4059244c, - 0x4059a479, - 0x405aa48d, - 0x405b24a5, - 0x405ba4b6, - 0x405c24c9, - 0x405ca508, - 0x405d2515, - 0x405da53a, - 0x405e2578, + 0x404f2164, + 0x404fa1da, + 0x40502249, + 0x4050a25d, + 0x40512290, + 0x405222a0, + 0x4052a2c4, + 0x405322dc, + 0x4053a2ef, + 0x40542304, + 0x4054a327, + 0x40552352, + 0x4055a38f, + 0x405623b4, + 0x4056a3cd, + 0x405723e5, + 0x4057a3f8, + 0x4058240d, + 0x4058a434, + 0x40592463, + 0x4059a490, + 0x405aa4a4, + 0x405b24bc, + 0x405ba4cd, + 0x405c24e0, + 0x405ca51f, + 0x405d252c, + 0x405da551, + 0x405e258f, 0x405e8afe, - 0x405f2599, - 0x405fa5a6, - 0x406025b4, - 0x4060a5d6, - 0x40612637, - 0x4061a66f, - 0x40622686, - 0x4062a697, - 0x406326e4, - 0x4063a6f9, - 0x40642710, - 0x4064a73c, - 0x40652757, - 0x4065a76e, - 0x40662786, - 0x4066a7b0, - 0x406727db, - 0x4067a820, - 0x40682868, - 0x4068a889, - 0x406928bb, - 0x4069a8e9, - 0x406a290a, - 0x406aa92a, - 0x406b2ab2, - 0x406baad5, - 0x406c2aeb, - 0x406cadf5, - 0x406d2e24, - 0x406dae4c, - 0x406e2e7a, - 0x406eaec7, - 0x406f2f20, - 0x406faf58, - 0x40702f6b, - 0x4070af88, + 0x405f25b0, + 0x405fa5bd, + 0x406025cb, + 0x4060a5ed, + 0x4061264e, + 0x4061a686, + 0x4062269d, + 0x4062a6ae, + 0x406326fb, + 0x4063a710, + 0x40642727, + 0x4064a753, + 0x4065276e, + 0x4065a785, + 0x4066279d, + 0x4066a7c7, + 0x406727f2, + 0x4067a837, + 0x4068287f, + 0x4068a8a0, + 0x406928d2, + 0x4069a900, + 0x406a2921, + 0x406aa941, + 0x406b2ac9, + 0x406baaec, + 0x406c2b02, + 0x406cae0c, + 0x406d2e3b, + 0x406dae63, + 0x406e2e91, + 0x406eaede, + 0x406f2f37, + 0x406faf6f, + 0x40702f82, + 0x4070af9f, 0x4071084d, - 0x4071af9a, - 0x40722fad, - 0x4072afe3, - 0x40732ffb, + 0x4071afb1, + 0x40722fc4, + 0x4072affa, + 0x40733012, 0x4073959c, - 0x4074300f, - 0x4074b029, - 0x4075303a, - 0x4075b04e, - 0x4076305c, + 0x40743026, + 0x4074b040, + 0x40753051, + 0x4075b065, + 0x40763073, 0x40769348, - 0x40773081, - 0x4077b0c1, - 0x407830dc, - 0x4078b115, - 0x4079312c, - 0x4079b142, - 0x407a316e, - 0x407ab181, - 0x407b3196, - 0x407bb1a8, - 0x407c31d9, - 0x407cb1e2, - 0x407d28a4, - 0x407da1eb, - 0x407e30f1, - 0x407ea42d, + 0x40773098, + 0x4077b0d8, + 0x407830f3, + 0x4078b12c, + 0x40793143, + 0x4079b159, + 0x407a3185, + 0x407ab198, + 0x407b31ad, + 0x407bb1bf, + 0x407c31f0, + 0x407cb1f9, + 0x407d28bb, + 0x407da202, + 0x407e3108, + 0x407ea444, 0x407f1e27, 0x407f9ffa, - 0x4080215d, + 0x40802174, 0x40809e4f, - 0x4081229b, + 0x408122b2, 0x4081a101, - 0x40822e65, + 0x40822e7c, 0x40829ba2, - 0x40832408, - 0x4083a721, + 0x4083241f, + 0x4083a738, 0x40841e63, - 0x4084a465, - 0x408524da, - 0x4085a5fe, - 0x4086255a, - 0x4086a205, - 0x40872eab, - 0x4087a64c, + 0x4084a47c, + 0x408524f1, + 0x4085a615, + 0x40862571, + 0x4086a21c, + 0x40872ec2, + 0x4087a663, 0x40881be0, - 0x4088a833, + 0x4088a84a, 0x40891c2f, 0x40899bbc, - 0x408a2b23, + 0x408a2b3a, 0x408a99b4, - 0x408b31bd, - 0x408baf35, - 0x408c24ea, + 0x408b31d4, + 0x408baf4c, + 0x408c2501, 0x408c99ec, 0x408d1f4b, 0x408d9e95, 0x408e207b, - 0x408ea358, - 0x408f2847, - 0x408fa61a, - 0x409027fc, - 0x4090a52c, - 0x40912b0b, + 0x408ea36f, + 0x408f285e, + 0x408fa631, + 0x40902813, + 0x4090a543, + 0x40912b22, 0x40919a12, 0x40921c7c, - 0x4092aee6, - 0x40932fc6, - 0x4093a216, + 0x4092aefd, + 0x40932fdd, + 0x4093a22d, 0x40941e77, - 0x4094ab3c, - 0x409526a8, - 0x4095b14e, - 0x40962e92, - 0x4096a176, - 0x40972261, + 0x4094ab53, + 0x409526bf, + 0x4095b165, + 0x40962ea9, + 0x4096a18d, + 0x40972278, 0x4097a0ca, 0x40981cdc, - 0x4098a6bc, - 0x40992f02, - 0x4099a385, - 0x409a231e, + 0x4098a6d3, + 0x40992f19, + 0x4099a39c, + 0x409a2335, 0x409a99d0, 0x409b1ed1, 0x409b9efc, - 0x409c30a3, + 0x409c30ba, 0x409c9f24, - 0x409d2132, + 0x409d2149, 0x409da117, 0x409e1d6d, - 0x409ea1ab, - 0x409f2193, + 0x409ea1c2, + 0x409f21aa, 0x409f9ec4, - 0x40a021d3, + 0x40a021ea, 0x40a0a0e4, - 0x41f429dd, - 0x41f92a6f, - 0x41fe2962, - 0x41feac18, - 0x41ff2d46, - 0x420329f6, - 0x42082a18, - 0x4208aa54, - 0x42092946, - 0x4209aa8e, - 0x420a299d, - 0x420aa97d, - 0x420b29bd, - 0x420baa36, - 0x420c2d62, - 0x420cab4c, - 0x420d2bff, - 0x420dac36, - 0x42122c69, - 0x42172d29, - 0x4217acab, - 0x421c2ccd, - 0x421f2c88, - 0x42212dda, - 0x42262d0c, - 0x422b2db8, - 0x422babda, - 0x422c2d9a, - 0x422cab8d, - 0x422d2b66, - 0x422dad79, - 0x422e2bb9, - 0x42302ce8, - 0x4230ac50, + 0x40a12132, + 0x41f429f4, + 0x41f92a86, + 0x41fe2979, + 0x41feac2f, + 0x41ff2d5d, + 0x42032a0d, + 0x42082a2f, + 0x4208aa6b, + 0x4209295d, + 0x4209aaa5, + 0x420a29b4, + 0x420aa994, + 0x420b29d4, + 0x420baa4d, + 0x420c2d79, + 0x420cab63, + 0x420d2c16, + 0x420dac4d, + 0x42122c80, + 0x42172d40, + 0x4217acc2, + 0x421c2ce4, + 0x421f2c9f, + 0x42212df1, + 0x42262d23, + 0x422b2dcf, + 0x422babf1, + 0x422c2db1, + 0x422caba4, + 0x422d2b7d, + 0x422dad90, + 0x422e2bd0, + 0x42302cff, + 0x4230ac67, 0x44320778, 0x44328787, 0x44330793, @@ -688,71 +689,71 @@ const uint32_t kOpenSSLReasonValues[] = { 0x4c41947c, 0x4c4215e5, 0x4c4293c4, - 0x503235a3, - 0x5032b5b2, - 0x503335bd, - 0x5033b5cd, - 0x503435e6, - 0x5034b600, - 0x5035360e, - 0x5035b624, - 0x50363636, - 0x5036b64c, - 0x50373665, - 0x5037b678, - 0x50383690, - 0x5038b6a1, - 0x503936b6, - 0x5039b6ca, - 0x503a36ea, - 0x503ab700, - 0x503b3718, - 0x503bb72a, - 0x503c3746, - 0x503cb75d, - 0x503d3776, - 0x503db78c, - 0x503e3799, - 0x503eb7af, - 0x503f37c1, + 0x503235ba, + 0x5032b5c9, + 0x503335d4, + 0x5033b5e4, + 0x503435fd, + 0x5034b617, + 0x50353625, + 0x5035b63b, + 0x5036364d, + 0x5036b663, + 0x5037367c, + 0x5037b68f, + 0x503836a7, + 0x5038b6b8, + 0x503936cd, + 0x5039b6e1, + 0x503a3701, + 0x503ab717, + 0x503b372f, + 0x503bb741, + 0x503c375d, + 0x503cb774, + 0x503d378d, + 0x503db7a3, + 0x503e37b0, + 0x503eb7c6, + 0x503f37d8, 0x503f83b3, - 0x504037d4, - 0x5040b7e4, - 0x504137fe, - 0x5041b80d, - 0x50423827, - 0x5042b844, - 0x50433854, - 0x5043b864, - 0x50443881, + 0x504037eb, + 0x5040b7fb, + 0x50413815, + 0x5041b824, + 0x5042383e, + 0x5042b85b, + 0x5043386b, + 0x5043b87b, + 0x50443898, 0x50448469, - 0x50453895, - 0x5045b8b3, - 0x504638c6, - 0x5046b8dc, - 0x504738ee, - 0x5047b903, - 0x50483929, - 0x5048b937, - 0x5049394a, - 0x5049b95f, - 0x504a3975, - 0x504ab985, - 0x504b39a5, - 0x504bb9b8, - 0x504c39db, - 0x504cba09, - 0x504d3a36, - 0x504dba53, - 0x504e3a6e, - 0x504eba8a, - 0x504f3a9c, - 0x504fbab3, - 0x50503ac2, + 0x504538ac, + 0x5045b8ca, + 0x504638dd, + 0x5046b8f3, + 0x50473905, + 0x5047b91a, + 0x50483940, + 0x5048b94e, + 0x50493961, + 0x5049b976, + 0x504a398c, + 0x504ab99c, + 0x504b39bc, + 0x504bb9cf, + 0x504c39f2, + 0x504cba20, + 0x504d3a4d, + 0x504dba6a, + 0x504e3a85, + 0x504ebaa1, + 0x504f3ab3, + 0x504fbaca, + 0x50503ad9, 0x50508729, - 0x50513ad5, - 0x5051b873, - 0x50523a1b, + 0x50513aec, + 0x5051b88a, + 0x50523a32, 0x58320fd1, 0x68320f93, 0x68328ceb, @@ -797,19 +798,19 @@ const uint32_t kOpenSSLReasonValues[] = { 0x7c321261, 0x8032148f, 0x80328090, - 0x8033329f, + 0x803332b6, 0x803380b9, - 0x803432ae, - 0x8034b216, - 0x80353234, - 0x8035b2c2, - 0x80363276, - 0x8036b225, - 0x80373268, - 0x8037b203, - 0x80383289, - 0x8038b245, - 0x8039325a, + 0x803432c5, + 0x8034b22d, + 0x8035324b, + 0x8035b2d9, + 0x8036328d, + 0x8036b23c, + 0x8037327f, + 0x8037b21a, + 0x803832a0, + 0x8038b25c, + 0x80393271, }; const size_t kOpenSSLReasonValuesLen = sizeof(kOpenSSLReasonValues) / sizeof(kOpenSSLReasonValues[0]); @@ -1230,6 +1231,7 @@ const char kOpenSSLReasonStringData[] = "INCONSISTENT_ECH_NEGOTIATION\0" "INVALID_ALPN_PROTOCOL\0" "INVALID_ALPN_PROTOCOL_LIST\0" + "INVALID_ALPS_CODEPOINT\0" "INVALID_CLIENT_HELLO_INNER\0" "INVALID_COMMAND\0" "INVALID_COMPRESSION_LIST\0" @@ -125,7 +125,7 @@ crypto_sources := \ src/crypto/fipsmodule/fips_shared_support.c\ src/crypto/hpke/hpke.c\ src/crypto/hrss/hrss.c\ - src/crypto/kyber/keccak.c\ + src/crypto/keccak/keccak.c\ src/crypto/kyber/kyber.c\ src/crypto/lhash/lhash.c\ src/crypto/mem.c\ @@ -365,6 +365,8 @@ crypto_sources_asm := \ src/crypto/poly1305/poly1305_arm_asm.S\ src/third_party/fiat/asm/fiat_curve25519_adx_mul.S\ src/third_party/fiat/asm/fiat_curve25519_adx_square.S\ + src/third_party/fiat/asm/fiat_p256_adx_mul.S\ + src/third_party/fiat/asm/fiat_p256_adx_sqr.S\ win-aarch64/crypto/chacha/chacha-armv8-win.S\ win-aarch64/crypto/cipher_extra/chacha20_poly1305_armv8-win.S\ win-aarch64/crypto/fipsmodule/aesv8-armv8-win.S\ diff --git a/linux-arm/crypto/chacha/chacha-armv4-linux.S b/linux-arm/crypto/chacha/chacha-armv4-linux.S index 9974e14c..4494c50b 100644 --- a/linux-arm/crypto/chacha/chacha-armv4-linux.S +++ b/linux-arm/crypto/chacha/chacha-armv4-linux.S @@ -44,7 +44,7 @@ ChaCha20_ctr32: .LChaCha20_ctr32: ldr r12,[sp,#0] @ pull pointer to counter and nonce stmdb sp!,{r0,r1,r2,r4-r11,lr} -#if __ARM_ARCH__<7 && !defined(__thumb2__) +#if __ARM_ARCH<7 && !defined(__thumb2__) sub r14,pc,#16 @ ChaCha20_ctr32 #else adr r14,.LChaCha20_ctr32 @@ -230,8 +230,8 @@ ChaCha20_ctr32: ldr r8,[sp,#4*(0)] @ load key material ldr r9,[sp,#4*(1)] -#if __ARM_ARCH__>=6 || !defined(__ARMEB__) -# if __ARM_ARCH__<7 +#if __ARM_ARCH>=6 || !defined(__ARMEB__) +# if __ARM_ARCH<7 orr r10,r12,r14 tst r10,#3 @ are input and output aligned? ldr r10,[sp,#4*(2)] @@ -257,7 +257,7 @@ ChaCha20_ctr32: # endif ldrhs r10,[r12,#-8] ldrhs r11,[r12,#-4] -# if __ARM_ARCH__>=6 && defined(__ARMEB__) +# if __ARM_ARCH>=6 && defined(__ARMEB__) rev r0,r0 rev r1,r1 rev r2,r2 @@ -294,7 +294,7 @@ ChaCha20_ctr32: # endif ldrhs r10,[r12,#-8] ldrhs r11,[r12,#-4] -# if __ARM_ARCH__>=6 && defined(__ARMEB__) +# if __ARM_ARCH>=6 && defined(__ARMEB__) rev r4,r4 rev r5,r5 rev r6,r6 @@ -339,7 +339,7 @@ ChaCha20_ctr32: # endif ldrhs r10,[r12,#-8] ldrhs r11,[r12,#-4] -# if __ARM_ARCH__>=6 && defined(__ARMEB__) +# if __ARM_ARCH>=6 && defined(__ARMEB__) rev r0,r0 rev r1,r1 rev r2,r2 @@ -381,7 +381,7 @@ ChaCha20_ctr32: # endif ldrhs r10,[r12,#-8] ldrhs r11,[r12,#-4] -# if __ARM_ARCH__>=6 && defined(__ARMEB__) +# if __ARM_ARCH>=6 && defined(__ARMEB__) rev r4,r4 rev r5,r5 rev r6,r6 @@ -412,7 +412,7 @@ ChaCha20_ctr32: bhi .Loop_outer beq .Ldone -# if __ARM_ARCH__<7 +# if __ARM_ARCH<7 b .Ltail .align 4 @@ -420,7 +420,7 @@ ChaCha20_ctr32: cmp r11,#64 @ restore flags # endif #endif -#if __ARM_ARCH__<7 +#if __ARM_ARCH<7 ldr r11,[sp,#4*(3)] add r0,r0,r8 @ accumulate key material add r1,r1,r9 diff --git a/linux-arm/crypto/fipsmodule/armv4-mont-linux.S b/linux-arm/crypto/fipsmodule/armv4-mont-linux.S index 0ec68610..8073aa62 100644 --- a/linux-arm/crypto/fipsmodule/armv4-mont-linux.S +++ b/linux-arm/crypto/fipsmodule/armv4-mont-linux.S @@ -193,7 +193,7 @@ bn_mul_mont: add sp,sp,#2*4 @ skip over {r0,r2} mov r0,#1 .Labrt: -#if __ARM_ARCH__>=5 +#if __ARM_ARCH>=5 bx lr @ bx lr #else tst lr,#1 diff --git a/linux-arm/crypto/fipsmodule/bsaes-armv7-linux.S b/linux-arm/crypto/fipsmodule/bsaes-armv7-linux.S index 49eda8d6..01a9ead2 100644 --- a/linux-arm/crypto/fipsmodule/bsaes-armv7-linux.S +++ b/linux-arm/crypto/fipsmodule/bsaes-armv7-linux.S @@ -67,7 +67,6 @@ # define VFP_ABI_FRAME 0 # define BSAES_ASM_EXTENDED_KEY # define XTS_CHAIN_TWEAK -# define __ARM_ARCH__ __LINUX_ARM_ARCH__ # define __ARM_MAX_ARCH__ 7 #endif diff --git a/linux-arm/crypto/fipsmodule/sha1-armv4-large-linux.S b/linux-arm/crypto/fipsmodule/sha1-armv4-large-linux.S index 660ccbaa..b284c3f9 100644 --- a/linux-arm/crypto/fipsmodule/sha1-armv4-large-linux.S +++ b/linux-arm/crypto/fipsmodule/sha1-armv4-large-linux.S @@ -44,7 +44,7 @@ sha1_block_data_order: mov r6,r6,ror#30 mov r7,r7,ror#30 @ [6] .L_00_15: -#if __ARM_ARCH__<7 +#if __ARM_ARCH<7 ldrb r10,[r1,#2] ldrb r9,[r1,#3] ldrb r11,[r1,#1] @@ -69,7 +69,7 @@ sha1_block_data_order: eor r10,r10,r6,ror#2 @ F_00_19(B,C,D) str r9,[r14,#-4]! add r7,r7,r10 @ E+=F_00_19(B,C,D) -#if __ARM_ARCH__<7 +#if __ARM_ARCH<7 ldrb r10,[r1,#2] ldrb r9,[r1,#3] ldrb r11,[r1,#1] @@ -94,7 +94,7 @@ sha1_block_data_order: eor r10,r10,r5,ror#2 @ F_00_19(B,C,D) str r9,[r14,#-4]! add r6,r6,r10 @ E+=F_00_19(B,C,D) -#if __ARM_ARCH__<7 +#if __ARM_ARCH<7 ldrb r10,[r1,#2] ldrb r9,[r1,#3] ldrb r11,[r1,#1] @@ -119,7 +119,7 @@ sha1_block_data_order: eor r10,r10,r4,ror#2 @ F_00_19(B,C,D) str r9,[r14,#-4]! add r5,r5,r10 @ E+=F_00_19(B,C,D) -#if __ARM_ARCH__<7 +#if __ARM_ARCH<7 ldrb r10,[r1,#2] ldrb r9,[r1,#3] ldrb r11,[r1,#1] @@ -144,7 +144,7 @@ sha1_block_data_order: eor r10,r10,r3,ror#2 @ F_00_19(B,C,D) str r9,[r14,#-4]! add r4,r4,r10 @ E+=F_00_19(B,C,D) -#if __ARM_ARCH__<7 +#if __ARM_ARCH<7 ldrb r10,[r1,#2] ldrb r9,[r1,#3] ldrb r11,[r1,#1] @@ -177,7 +177,7 @@ sha1_block_data_order: #endif bne .L_00_15 @ [((11+4)*5+2)*3] sub sp,sp,#25*4 -#if __ARM_ARCH__<7 +#if __ARM_ARCH<7 ldrb r10,[r1,#2] ldrb r9,[r1,#3] ldrb r11,[r1,#1] @@ -475,7 +475,7 @@ sha1_block_data_order: teq r1,r2 bne .Lloop @ [+18], total 1307 -#if __ARM_ARCH__>=5 +#if __ARM_ARCH>=5 ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc} #else ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} diff --git a/linux-arm/crypto/fipsmodule/sha256-armv4-linux.S b/linux-arm/crypto/fipsmodule/sha256-armv4-linux.S index 2450322e..75ebaeb4 100644 --- a/linux-arm/crypto/fipsmodule/sha256-armv4-linux.S +++ b/linux-arm/crypto/fipsmodule/sha256-armv4-linux.S @@ -52,7 +52,7 @@ #ifndef __KERNEL__ # include <openssl/arm_arch.h> #else -# define __ARM_ARCH__ __LINUX_ARM_ARCH__ +# define __ARM_ARCH __LINUX_ARM_ARCH__ # define __ARM_MAX_ARCH__ 7 #endif @@ -101,7 +101,7 @@ K256: .type sha256_block_data_order,%function sha256_block_data_order: .Lsha256_block_data_order: -#if __ARM_ARCH__<7 && !defined(__thumb2__) +#if __ARM_ARCH<7 && !defined(__thumb2__) sub r3,pc,#8 @ sha256_block_data_order #else adr r3,.Lsha256_block_data_order @@ -123,14 +123,14 @@ sha256_block_data_order: sub r14,r3,#256+32 @ K256 sub sp,sp,#16*4 @ alloca(X[16]) .Loop: -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 # else ldrb r2,[r1,#3] # endif eor r3,r5,r6 @ magic eor r12,r12,r12 -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr r2,[r1],#4 @ 0 # if 0==15 str r1,[sp,#17*4] @ make room for r1 @@ -171,7 +171,7 @@ sha256_block_data_order: cmp r12,#0xf2 @ done? #endif #if 0<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -188,7 +188,7 @@ sha256_block_data_order: eor r3,r3,r5 @ Maj(a,b,c) add r11,r11,r0,ror#2 @ h+=Sigma0(a) @ add r11,r11,r3 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr r2,[r1],#4 @ 1 # if 1==15 str r1,[sp,#17*4] @ make room for r1 @@ -229,7 +229,7 @@ sha256_block_data_order: cmp r3,#0xf2 @ done? #endif #if 1<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -246,7 +246,7 @@ sha256_block_data_order: eor r12,r12,r4 @ Maj(a,b,c) add r10,r10,r0,ror#2 @ h+=Sigma0(a) @ add r10,r10,r12 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr r2,[r1],#4 @ 2 # if 2==15 str r1,[sp,#17*4] @ make room for r1 @@ -287,7 +287,7 @@ sha256_block_data_order: cmp r12,#0xf2 @ done? #endif #if 2<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -304,7 +304,7 @@ sha256_block_data_order: eor r3,r3,r11 @ Maj(a,b,c) add r9,r9,r0,ror#2 @ h+=Sigma0(a) @ add r9,r9,r3 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr r2,[r1],#4 @ 3 # if 3==15 str r1,[sp,#17*4] @ make room for r1 @@ -345,7 +345,7 @@ sha256_block_data_order: cmp r3,#0xf2 @ done? #endif #if 3<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -362,7 +362,7 @@ sha256_block_data_order: eor r12,r12,r10 @ Maj(a,b,c) add r8,r8,r0,ror#2 @ h+=Sigma0(a) @ add r8,r8,r12 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr r2,[r1],#4 @ 4 # if 4==15 str r1,[sp,#17*4] @ make room for r1 @@ -403,7 +403,7 @@ sha256_block_data_order: cmp r12,#0xf2 @ done? #endif #if 4<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -420,7 +420,7 @@ sha256_block_data_order: eor r3,r3,r9 @ Maj(a,b,c) add r7,r7,r0,ror#2 @ h+=Sigma0(a) @ add r7,r7,r3 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr r2,[r1],#4 @ 5 # if 5==15 str r1,[sp,#17*4] @ make room for r1 @@ -461,7 +461,7 @@ sha256_block_data_order: cmp r3,#0xf2 @ done? #endif #if 5<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -478,7 +478,7 @@ sha256_block_data_order: eor r12,r12,r8 @ Maj(a,b,c) add r6,r6,r0,ror#2 @ h+=Sigma0(a) @ add r6,r6,r12 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr r2,[r1],#4 @ 6 # if 6==15 str r1,[sp,#17*4] @ make room for r1 @@ -519,7 +519,7 @@ sha256_block_data_order: cmp r12,#0xf2 @ done? #endif #if 6<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -536,7 +536,7 @@ sha256_block_data_order: eor r3,r3,r7 @ Maj(a,b,c) add r5,r5,r0,ror#2 @ h+=Sigma0(a) @ add r5,r5,r3 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr r2,[r1],#4 @ 7 # if 7==15 str r1,[sp,#17*4] @ make room for r1 @@ -577,7 +577,7 @@ sha256_block_data_order: cmp r3,#0xf2 @ done? #endif #if 7<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -594,7 +594,7 @@ sha256_block_data_order: eor r12,r12,r6 @ Maj(a,b,c) add r4,r4,r0,ror#2 @ h+=Sigma0(a) @ add r4,r4,r12 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr r2,[r1],#4 @ 8 # if 8==15 str r1,[sp,#17*4] @ make room for r1 @@ -635,7 +635,7 @@ sha256_block_data_order: cmp r12,#0xf2 @ done? #endif #if 8<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -652,7 +652,7 @@ sha256_block_data_order: eor r3,r3,r5 @ Maj(a,b,c) add r11,r11,r0,ror#2 @ h+=Sigma0(a) @ add r11,r11,r3 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr r2,[r1],#4 @ 9 # if 9==15 str r1,[sp,#17*4] @ make room for r1 @@ -693,7 +693,7 @@ sha256_block_data_order: cmp r3,#0xf2 @ done? #endif #if 9<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -710,7 +710,7 @@ sha256_block_data_order: eor r12,r12,r4 @ Maj(a,b,c) add r10,r10,r0,ror#2 @ h+=Sigma0(a) @ add r10,r10,r12 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr r2,[r1],#4 @ 10 # if 10==15 str r1,[sp,#17*4] @ make room for r1 @@ -751,7 +751,7 @@ sha256_block_data_order: cmp r12,#0xf2 @ done? #endif #if 10<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -768,7 +768,7 @@ sha256_block_data_order: eor r3,r3,r11 @ Maj(a,b,c) add r9,r9,r0,ror#2 @ h+=Sigma0(a) @ add r9,r9,r3 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr r2,[r1],#4 @ 11 # if 11==15 str r1,[sp,#17*4] @ make room for r1 @@ -809,7 +809,7 @@ sha256_block_data_order: cmp r3,#0xf2 @ done? #endif #if 11<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -826,7 +826,7 @@ sha256_block_data_order: eor r12,r12,r10 @ Maj(a,b,c) add r8,r8,r0,ror#2 @ h+=Sigma0(a) @ add r8,r8,r12 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr r2,[r1],#4 @ 12 # if 12==15 str r1,[sp,#17*4] @ make room for r1 @@ -867,7 +867,7 @@ sha256_block_data_order: cmp r12,#0xf2 @ done? #endif #if 12<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -884,7 +884,7 @@ sha256_block_data_order: eor r3,r3,r9 @ Maj(a,b,c) add r7,r7,r0,ror#2 @ h+=Sigma0(a) @ add r7,r7,r3 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr r2,[r1],#4 @ 13 # if 13==15 str r1,[sp,#17*4] @ make room for r1 @@ -925,7 +925,7 @@ sha256_block_data_order: cmp r3,#0xf2 @ done? #endif #if 13<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -942,7 +942,7 @@ sha256_block_data_order: eor r12,r12,r8 @ Maj(a,b,c) add r6,r6,r0,ror#2 @ h+=Sigma0(a) @ add r6,r6,r12 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr r2,[r1],#4 @ 14 # if 14==15 str r1,[sp,#17*4] @ make room for r1 @@ -983,7 +983,7 @@ sha256_block_data_order: cmp r12,#0xf2 @ done? #endif #if 14<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1000,7 +1000,7 @@ sha256_block_data_order: eor r3,r3,r7 @ Maj(a,b,c) add r5,r5,r0,ror#2 @ h+=Sigma0(a) @ add r5,r5,r3 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr r2,[r1],#4 @ 15 # if 15==15 str r1,[sp,#17*4] @ make room for r1 @@ -1041,7 +1041,7 @@ sha256_block_data_order: cmp r3,#0xf2 @ done? #endif #if 15<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1091,7 +1091,7 @@ sha256_block_data_order: cmp r12,#0xf2 @ done? #endif #if 16<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1140,7 +1140,7 @@ sha256_block_data_order: cmp r3,#0xf2 @ done? #endif #if 17<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1189,7 +1189,7 @@ sha256_block_data_order: cmp r12,#0xf2 @ done? #endif #if 18<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1238,7 +1238,7 @@ sha256_block_data_order: cmp r3,#0xf2 @ done? #endif #if 19<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1287,7 +1287,7 @@ sha256_block_data_order: cmp r12,#0xf2 @ done? #endif #if 20<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1336,7 +1336,7 @@ sha256_block_data_order: cmp r3,#0xf2 @ done? #endif #if 21<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1385,7 +1385,7 @@ sha256_block_data_order: cmp r12,#0xf2 @ done? #endif #if 22<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1434,7 +1434,7 @@ sha256_block_data_order: cmp r3,#0xf2 @ done? #endif #if 23<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1483,7 +1483,7 @@ sha256_block_data_order: cmp r12,#0xf2 @ done? #endif #if 24<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1532,7 +1532,7 @@ sha256_block_data_order: cmp r3,#0xf2 @ done? #endif #if 25<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1581,7 +1581,7 @@ sha256_block_data_order: cmp r12,#0xf2 @ done? #endif #if 26<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1630,7 +1630,7 @@ sha256_block_data_order: cmp r3,#0xf2 @ done? #endif #if 27<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1679,7 +1679,7 @@ sha256_block_data_order: cmp r12,#0xf2 @ done? #endif #if 28<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1728,7 +1728,7 @@ sha256_block_data_order: cmp r3,#0xf2 @ done? #endif #if 29<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1777,7 +1777,7 @@ sha256_block_data_order: cmp r12,#0xf2 @ done? #endif #if 30<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1826,7 +1826,7 @@ sha256_block_data_order: cmp r3,#0xf2 @ done? #endif #if 31<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr r2,[r1],#4 @ prefetch # else ldrb r2,[r1,#3] @@ -1843,7 +1843,7 @@ sha256_block_data_order: eor r12,r12,r6 @ Maj(a,b,c) add r4,r4,r0,ror#2 @ h+=Sigma0(a) @ add r4,r4,r12 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 ite eq @ Thumb2 thing, sanity check in ARM #endif ldreq r3,[sp,#16*4] @ pull ctx @@ -1874,7 +1874,7 @@ sha256_block_data_order: bne .Loop add sp,sp,#19*4 @ destroy frame -#if __ARM_ARCH__>=5 +#if __ARM_ARCH>=5 ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,pc} #else ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,lr} diff --git a/linux-arm/crypto/fipsmodule/sha512-armv4-linux.S b/linux-arm/crypto/fipsmodule/sha512-armv4-linux.S index 9aed7cb6..40031688 100644 --- a/linux-arm/crypto/fipsmodule/sha512-armv4-linux.S +++ b/linux-arm/crypto/fipsmodule/sha512-armv4-linux.S @@ -63,7 +63,6 @@ # define VFP_ABI_PUSH vstmdb sp!,{d8-d15} # define VFP_ABI_POP vldmia sp!,{d8-d15} #else -# define __ARM_ARCH__ __LINUX_ARM_ARCH__ # define __ARM_MAX_ARCH__ 7 # define VFP_ABI_PUSH # define VFP_ABI_POP @@ -149,7 +148,7 @@ K512: .type sha512_block_data_order,%function sha512_block_data_order: .Lsha512_block_data_order: -#if __ARM_ARCH__<7 && !defined(__thumb2__) +#if __ARM_ARCH<7 && !defined(__thumb2__) sub r3,pc,#8 @ sha512_block_data_order #else adr r3,.Lsha512_block_data_order @@ -199,7 +198,7 @@ sha512_block_data_order: str r4,[sp,#40+4] .L00_15: -#if __ARM_ARCH__<7 +#if __ARM_ARCH<7 ldrb r3,[r1,#7] ldrb r9, [r1,#6] ldrb r10, [r1,#5] @@ -276,7 +275,7 @@ sha512_block_data_order: teq r9,#148 ldr r12,[sp,#16+0] @ c.lo -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 it eq @ Thumb2 thing, sanity check in ARM #endif orreq r14,r14,#1 @@ -416,7 +415,7 @@ sha512_block_data_order: teq r9,#23 ldr r12,[sp,#16+0] @ c.lo -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 it eq @ Thumb2 thing, sanity check in ARM #endif orreq r14,r14,#1 @@ -453,7 +452,7 @@ sha512_block_data_order: adc r6,r6,r4 @ h += T tst r14,#1 add r14,r14,#8 -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 ittt eq @ Thumb2 thing, sanity check in ARM #endif ldreq r9,[sp,#184+0] @@ -532,7 +531,7 @@ sha512_block_data_order: bne .Loop add sp,sp,#8*9 @ destroy frame -#if __ARM_ARCH__>=5 +#if __ARM_ARCH>=5 ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc} #else ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} @@ -42,6 +42,8 @@ libcrypto_sources_asm = [ "src/crypto/poly1305/poly1305_arm_asm.S", "src/third_party/fiat/asm/fiat_curve25519_adx_mul.S", "src/third_party/fiat/asm/fiat_curve25519_adx_square.S", + "src/third_party/fiat/asm/fiat_p256_adx_mul.S", + "src/third_party/fiat/asm/fiat_p256_adx_sqr.S", "win-aarch64/crypto/chacha/chacha-armv8-win.S", "win-aarch64/crypto/cipher_extra/chacha20_poly1305_armv8-win.S", "win-aarch64/crypto/test/trampoline-armv8-win.S", @@ -159,7 +161,7 @@ cc_defaults { "src/crypto/fipsmodule/fips_shared_support.c", "src/crypto/hpke/hpke.c", "src/crypto/hrss/hrss.c", - "src/crypto/kyber/keccak.c", + "src/crypto/keccak/keccak.c", "src/crypto/kyber/kyber.c", "src/crypto/lhash/lhash.c", "src/crypto/mem.c", @@ -529,6 +531,7 @@ cc_defaults { "src/crypto/fipsmodule/cmac/cmac_test.cc", "src/crypto/fipsmodule/ec/ec_test.cc", "src/crypto/fipsmodule/ec/p256-nistz_test.cc", + "src/crypto/fipsmodule/ec/p256_test.cc", "src/crypto/fipsmodule/ecdsa/ecdsa_test.cc", "src/crypto/fipsmodule/hkdf/hkdf_test.cc", "src/crypto/fipsmodule/md5/md5_test.cc", @@ -541,6 +544,7 @@ cc_defaults { "src/crypto/hpke/hpke_test.cc", "src/crypto/hrss/hrss_test.cc", "src/crypto/impl_dispatch_test.cc", + "src/crypto/keccak/keccak_test.cc", "src/crypto/kyber/kyber_test.cc", "src/crypto/lhash/lhash_test.cc", "src/crypto/obj/obj_test.cc", @@ -125,7 +125,7 @@ crypto_sources := \ src/crypto/fipsmodule/fips_shared_support.c\ src/crypto/hpke/hpke.c\ src/crypto/hrss/hrss.c\ - src/crypto/kyber/keccak.c\ + src/crypto/keccak/keccak.c\ src/crypto/kyber/kyber.c\ src/crypto/lhash/lhash.c\ src/crypto/mem.c\ @@ -365,6 +365,8 @@ crypto_sources_asm := \ src/crypto/poly1305/poly1305_arm_asm.S\ src/third_party/fiat/asm/fiat_curve25519_adx_mul.S\ src/third_party/fiat/asm/fiat_curve25519_adx_square.S\ + src/third_party/fiat/asm/fiat_p256_adx_mul.S\ + src/third_party/fiat/asm/fiat_p256_adx_sqr.S\ win-aarch64/crypto/chacha/chacha-armv8-win.S\ win-aarch64/crypto/cipher_extra/chacha20_poly1305_armv8-win.S\ win-aarch64/crypto/fipsmodule/aesv8-armv8-win.S\ diff --git a/src/crypto/CMakeLists.txt b/src/crypto/CMakeLists.txt index 68fb65b3..3cde009c 100644 --- a/src/crypto/CMakeLists.txt +++ b/src/crypto/CMakeLists.txt @@ -18,6 +18,8 @@ set( poly1305/poly1305_arm_asm.S ../third_party/fiat/asm/fiat_curve25519_adx_mul.S ../third_party/fiat/asm/fiat_curve25519_adx_square.S + ../third_party/fiat/asm/fiat_p256_adx_mul.S + ../third_party/fiat/asm/fiat_p256_adx_sqr.S ) perlasm(CRYPTO_SOURCES aarch64 chacha/chacha-armv8 chacha/asm/chacha-armv8.pl) perlasm(CRYPTO_SOURCES aarch64 cipher_extra/chacha20_poly1305_armv8 cipher_extra/asm/chacha20_poly1305_armv8.pl) @@ -173,7 +175,7 @@ add_library( ex_data.c hpke/hpke.c hrss/hrss.c - kyber/keccak.c + keccak/keccak.c kyber/kyber.c lhash/lhash.c mem.c diff --git a/src/crypto/asn1/internal.h b/src/crypto/asn1/internal.h index 5dca7280..414b5a97 100644 --- a/src/crypto/asn1/internal.h +++ b/src/crypto/asn1/internal.h @@ -256,7 +256,6 @@ typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it); typedef struct ASN1_EXTERN_FUNCS_st { ASN1_ex_new_func *asn1_ex_new; ASN1_ex_free_func *asn1_ex_free; - ASN1_ex_free_func *asn1_ex_clear; ASN1_ex_d2i *asn1_ex_d2i; ASN1_ex_i2d *asn1_ex_i2d; } ASN1_EXTERN_FUNCS; diff --git a/src/crypto/asn1/tasn_enc.c b/src/crypto/asn1/tasn_enc.c index e85400b2..bffc3cc4 100644 --- a/src/crypto/asn1/tasn_enc.c +++ b/src/crypto/asn1/tasn_enc.c @@ -452,14 +452,9 @@ static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, return 1; } - if (sk_ASN1_VALUE_num(sk) > ((size_t)-1) / sizeof(DER_ENC)) { - OPENSSL_PUT_ERROR(ASN1, ERR_R_OVERFLOW); - return 0; - } - int ret = 0; unsigned char *const buf = OPENSSL_malloc(skcontlen); - DER_ENC *encoded = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) * sizeof(*encoded)); + DER_ENC *encoded = OPENSSL_calloc(sk_ASN1_VALUE_num(sk), sizeof(*encoded)); if (encoded == NULL || buf == NULL) { goto err; } diff --git a/src/crypto/asn1/tasn_new.c b/src/crypto/asn1/tasn_new.c index 8a90b436..76c52c3e 100644 --- a/src/crypto/asn1/tasn_new.c +++ b/src/crypto/asn1/tasn_new.c @@ -127,11 +127,10 @@ int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { return 1; } } - *pval = OPENSSL_malloc(it->size); + *pval = OPENSSL_zalloc(it->size); if (!*pval) { goto memerr; } - OPENSSL_memset(*pval, 0, it->size); asn1_set_choice_selector(pval, -1, it); if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) { goto auxerr2; @@ -151,11 +150,10 @@ int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { return 1; } } - *pval = OPENSSL_malloc(it->size); + *pval = OPENSSL_zalloc(it->size); if (!*pval) { goto memerr; } - OPENSSL_memset(*pval, 0, it->size); asn1_refcount_set_one(pval, it); asn1_enc_init(pval, it); for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { @@ -185,16 +183,9 @@ auxerr: } static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) { - const ASN1_EXTERN_FUNCS *ef; - switch (it->itype) { case ASN1_ITYPE_EXTERN: - ef = it->funcs; - if (ef && ef->asn1_ex_clear) { - ef->asn1_ex_clear(pval, it); - } else { - *pval = NULL; - } + *pval = NULL; break; case ASN1_ITYPE_PRIMITIVE: @@ -276,7 +267,7 @@ static int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { } switch (utype) { case V_ASN1_OBJECT: - *pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef); + *pval = (ASN1_VALUE *)OBJ_get_undef(); return 1; case V_ASN1_BOOLEAN: diff --git a/src/crypto/base64/base64.c b/src/crypto/base64/base64.c index d2b1e584..666f8326 100644 --- a/src/crypto/base64/base64.c +++ b/src/crypto/base64/base64.c @@ -121,12 +121,7 @@ int EVP_EncodedLength(size_t *out_len, size_t len) { } EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void) { - EVP_ENCODE_CTX *ret = OPENSSL_malloc(sizeof(EVP_ENCODE_CTX)); - if (ret == NULL) { - return NULL; - } - OPENSSL_memset(ret, 0, sizeof(EVP_ENCODE_CTX)); - return ret; + return OPENSSL_zalloc(sizeof(EVP_ENCODE_CTX)); } void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx) { diff --git a/src/crypto/bio/bio.c b/src/crypto/bio/bio.c index b2d95638..ed245607 100644 --- a/src/crypto/bio/bio.c +++ b/src/crypto/bio/bio.c @@ -70,12 +70,11 @@ BIO *BIO_new(const BIO_METHOD *method) { - BIO *ret = OPENSSL_malloc(sizeof(BIO)); + BIO *ret = OPENSSL_zalloc(sizeof(BIO)); if (ret == NULL) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(BIO)); ret->method = method; ret->shutdown = 1; ret->references = 1; @@ -640,11 +639,10 @@ int BIO_get_new_index(void) { } BIO_METHOD *BIO_meth_new(int type, const char *name) { - BIO_METHOD *method = OPENSSL_malloc(sizeof(BIO_METHOD)); + BIO_METHOD *method = OPENSSL_zalloc(sizeof(BIO_METHOD)); if (method == NULL) { return NULL; } - OPENSSL_memset(method, 0, sizeof(BIO_METHOD)); method->type = type; method->name = name; return method; diff --git a/src/crypto/bio/connect.c b/src/crypto/bio/connect.c index d48d14e9..900e659b 100644 --- a/src/crypto/bio/connect.c +++ b/src/crypto/bio/connect.c @@ -296,13 +296,10 @@ end: } static BIO_CONNECT *BIO_CONNECT_new(void) { - BIO_CONNECT *ret = OPENSSL_malloc(sizeof(BIO_CONNECT)); - + BIO_CONNECT *ret = OPENSSL_zalloc(sizeof(BIO_CONNECT)); if (ret == NULL) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(BIO_CONNECT)); - ret->state = BIO_CONN_S_BEFORE; return ret; } diff --git a/src/crypto/bio/pair.c b/src/crypto/bio/pair.c index 40711cdf..988b4cea 100644 --- a/src/crypto/bio/pair.c +++ b/src/crypto/bio/pair.c @@ -81,13 +81,10 @@ struct bio_bio_st { }; static int bio_new(BIO *bio) { - struct bio_bio_st *b; - - b = OPENSSL_malloc(sizeof *b); + struct bio_bio_st *b = OPENSSL_zalloc(sizeof *b); if (b == NULL) { return 0; } - OPENSSL_memset(b, 0, sizeof(struct bio_bio_st)); b->size = 17 * 1024; // enough for one TLS record (just a default) bio->ptr = b; diff --git a/src/crypto/buf/buf.c b/src/crypto/buf/buf.c index 57bf34d4..1fe8fe61 100644 --- a/src/crypto/buf/buf.c +++ b/src/crypto/buf/buf.c @@ -64,17 +64,7 @@ #include "../internal.h" -BUF_MEM *BUF_MEM_new(void) { - BUF_MEM *ret; - - ret = OPENSSL_malloc(sizeof(BUF_MEM)); - if (ret == NULL) { - return NULL; - } - - OPENSSL_memset(ret, 0, sizeof(BUF_MEM)); - return ret; -} +BUF_MEM *BUF_MEM_new(void) { return OPENSSL_zalloc(sizeof(BUF_MEM)); } void BUF_MEM_free(BUF_MEM *buf) { if (buf == NULL) { diff --git a/src/crypto/bytestring/cbb.c b/src/crypto/bytestring/cbb.c index 5280dc8f..d126acf7 100644 --- a/src/crypto/bytestring/cbb.c +++ b/src/crypto/bytestring/cbb.c @@ -155,6 +155,29 @@ static struct cbb_buffer_st *cbb_get_base(CBB *cbb) { return &cbb->u.base; } +static void cbb_on_error(CBB *cbb) { + // Due to C's lack of destructors and |CBB|'s auto-flushing API, a failing + // |CBB|-taking function may leave a dangling pointer to a child |CBB|. As a + // result, the convention is callers may not write to |CBB|s that have failed. + // But, as a safety measure, we lock the |CBB| into an error state. Once the + // error bit is set, |cbb->child| will not be read. + // + // TODO(davidben): This still isn't quite ideal. A |CBB| function *outside* + // this file may originate an error while the |CBB| points to a local child. + // In that case we don't set the error bit and are reliant on the error + // convention. Perhaps we allow |CBB_cleanup| on child |CBB|s and make every + // child's |CBB_cleanup| set the error bit if unflushed. That will be + // convenient for C++ callers, but very tedious for C callers. So C callers + // perhaps should get a |CBB_on_error| function that can be, less tediously, + // stuck in a |goto err| block. + cbb_get_base(cbb)->error = 1; + + // Clearing the pointer is not strictly necessary, but GCC's dangling pointer + // warning does not know |cbb->child| will not be read once |error| is set + // above. + cbb->child = NULL; +} + // CBB_flush recurses and then writes out any pending length prefix. The // current length of the underlying base is taken to be the length of the // length-prefixed data. @@ -244,7 +267,7 @@ int CBB_flush(CBB *cbb) { return 1; err: - base->error = 1; + cbb_on_error(cbb); return 0; } @@ -420,7 +443,7 @@ static int cbb_add_u(CBB *cbb, uint64_t v, size_t len_len) { // |v| must fit in |len_len| bytes. if (v != 0) { - cbb_get_base(cbb)->error = 1; + cbb_on_error(cbb); return 0; } @@ -479,7 +502,7 @@ int CBB_add_asn1_uint64(CBB *cbb, uint64_t value) { int CBB_add_asn1_uint64_with_tag(CBB *cbb, uint64_t value, CBS_ASN1_TAG tag) { CBB child; if (!CBB_add_asn1(cbb, &child, tag)) { - return 0; + goto err; } int started = 0; @@ -493,21 +516,25 @@ int CBB_add_asn1_uint64_with_tag(CBB *cbb, uint64_t value, CBS_ASN1_TAG tag) { // If the high bit is set, add a padding byte to make it // unsigned. if ((byte & 0x80) && !CBB_add_u8(&child, 0)) { - return 0; + goto err; } started = 1; } if (!CBB_add_u8(&child, byte)) { - return 0; + goto err; } } // 0 is encoded as a single 0, not the empty string. if (!started && !CBB_add_u8(&child, 0)) { - return 0; + goto err; } return CBB_flush(cbb); + +err: + cbb_on_error(cbb); + return 0; } int CBB_add_asn1_int64(CBB *cbb, int64_t value) { @@ -529,14 +556,18 @@ int CBB_add_asn1_int64_with_tag(CBB *cbb, int64_t value, CBS_ASN1_TAG tag) { CBB child; if (!CBB_add_asn1(cbb, &child, tag)) { - return 0; + goto err; } for (int i = start; i >= 0; i--) { if (!CBB_add_u8(&child, bytes[i])) { - return 0; + goto err; } } return CBB_flush(cbb); + +err: + cbb_on_error(cbb); + return 0; } int CBB_add_asn1_octet_string(CBB *cbb, const uint8_t *data, size_t data_len) { @@ -544,6 +575,7 @@ int CBB_add_asn1_octet_string(CBB *cbb, const uint8_t *data, size_t data_len) { if (!CBB_add_asn1(cbb, &child, CBS_ASN1_OCTETSTRING) || !CBB_add_bytes(&child, data, data_len) || !CBB_flush(cbb)) { + cbb_on_error(cbb); return 0; } @@ -555,6 +587,7 @@ int CBB_add_asn1_bool(CBB *cbb, int value) { if (!CBB_add_asn1(cbb, &child, CBS_ASN1_BOOLEAN) || !CBB_add_u8(&child, value != 0 ? 0xff : 0) || !CBB_flush(cbb)) { + cbb_on_error(cbb); return 0; } @@ -649,16 +682,13 @@ int CBB_flush_asn1_set_of(CBB *cbb) { if (num_children < 2) { return 1; // Nothing to do. This is the common case for X.509. } - if (num_children > ((size_t)-1) / sizeof(CBS)) { - return 0; // Overflow. - } // Parse out the children and sort. We alias them into a copy of so they // remain valid as we rewrite |cbb|. int ret = 0; size_t buf_len = CBB_len(cbb); uint8_t *buf = OPENSSL_memdup(CBB_data(cbb), buf_len); - CBS *children = OPENSSL_malloc(num_children * sizeof(CBS)); + CBS *children = OPENSSL_calloc(num_children, sizeof(CBS)); if (buf == NULL || children == NULL) { goto err; } diff --git a/src/crypto/chacha/asm/chacha-armv4.pl b/src/crypto/chacha/asm/chacha-armv4.pl index 5c78a9fc..1f5ceffb 100755 --- a/src/crypto/chacha/asm/chacha-armv4.pl +++ b/src/crypto/chacha/asm/chacha-armv4.pl @@ -210,7 +210,7 @@ ChaCha20_ctr32: .LChaCha20_ctr32: ldr r12,[sp,#0] @ pull pointer to counter and nonce stmdb sp!,{r0-r2,r4-r11,lr} -#if __ARM_ARCH__<7 && !defined(__thumb2__) +#if __ARM_ARCH<7 && !defined(__thumb2__) sub r14,pc,#16 @ ChaCha20_ctr32 #else adr r14,.LChaCha20_ctr32 @@ -292,8 +292,8 @@ $code.=<<___; ldr @t[0],[sp,#4*(0)] @ load key material ldr @t[1],[sp,#4*(1)] -#if __ARM_ARCH__>=6 || !defined(__ARMEB__) -# if __ARM_ARCH__<7 +#if __ARM_ARCH>=6 || !defined(__ARMEB__) +# if __ARM_ARCH<7 orr @t[2],r12,r14 tst @t[2],#3 @ are input and output aligned? ldr @t[2],[sp,#4*(2)] @@ -319,7 +319,7 @@ $code.=<<___; # endif ldrhs @t[2],[r12,#-8] ldrhs @t[3],[r12,#-4] -# if __ARM_ARCH__>=6 && defined(__ARMEB__) +# if __ARM_ARCH>=6 && defined(__ARMEB__) rev @x[0],@x[0] rev @x[1],@x[1] rev @x[2],@x[2] @@ -356,7 +356,7 @@ $code.=<<___; # endif ldrhs @t[2],[r12,#-8] ldrhs @t[3],[r12,#-4] -# if __ARM_ARCH__>=6 && defined(__ARMEB__) +# if __ARM_ARCH>=6 && defined(__ARMEB__) rev @x[4],@x[4] rev @x[5],@x[5] rev @x[6],@x[6] @@ -401,7 +401,7 @@ $code.=<<___; # endif ldrhs @t[2],[r12,#-8] ldrhs @t[3],[r12,#-4] -# if __ARM_ARCH__>=6 && defined(__ARMEB__) +# if __ARM_ARCH>=6 && defined(__ARMEB__) rev @x[0],@x[0] rev @x[1],@x[1] rev @x[2],@x[2] @@ -443,7 +443,7 @@ $code.=<<___; # endif ldrhs @t[2],[r12,#-8] ldrhs @t[3],[r12,#-4] -# if __ARM_ARCH__>=6 && defined(__ARMEB__) +# if __ARM_ARCH>=6 && defined(__ARMEB__) rev @x[4],@x[4] rev @x[5],@x[5] rev @x[6],@x[6] @@ -474,7 +474,7 @@ $code.=<<___; bhi .Loop_outer beq .Ldone -# if __ARM_ARCH__<7 +# if __ARM_ARCH<7 b .Ltail .align 4 @@ -482,7 +482,7 @@ $code.=<<___; cmp @t[3],#64 @ restore flags # endif #endif -#if __ARM_ARCH__<7 +#if __ARM_ARCH<7 ldr @t[3],[sp,#4*(3)] ___ for ($i=0;$i<16;$i+=4) { diff --git a/src/crypto/conf/conf.c b/src/crypto/conf/conf.c index ca950d62..024fa744 100644 --- a/src/crypto/conf/conf.c +++ b/src/crypto/conf/conf.c @@ -118,14 +118,7 @@ CONF *NCONF_new(void *method) { return conf; } -CONF_VALUE *CONF_VALUE_new(void) { - CONF_VALUE *v = OPENSSL_malloc(sizeof(CONF_VALUE)); - if (!v) { - return NULL; - } - OPENSSL_memset(v, 0, sizeof(CONF_VALUE)); - return v; -} +CONF_VALUE *CONF_VALUE_new(void) { return OPENSSL_zalloc(sizeof(CONF_VALUE)); } static void value_free_contents(CONF_VALUE *value) { OPENSSL_free(value->section); diff --git a/src/crypto/curve25519/spake25519.c b/src/crypto/curve25519/spake25519.c index c45d15a5..adbf60d5 100644 --- a/src/crypto/curve25519/spake25519.c +++ b/src/crypto/curve25519/spake25519.c @@ -272,12 +272,11 @@ static const uint8_t kSpakeMSmallPrecomp[15 * 2 * 32] = { SPAKE2_CTX *SPAKE2_CTX_new(enum spake2_role_t my_role, const uint8_t *my_name, size_t my_name_len, const uint8_t *their_name, size_t their_name_len) { - SPAKE2_CTX *ctx = OPENSSL_malloc(sizeof(SPAKE2_CTX)); + SPAKE2_CTX *ctx = OPENSSL_zalloc(sizeof(SPAKE2_CTX)); if (ctx == NULL) { return NULL; } - OPENSSL_memset(ctx, 0, sizeof(SPAKE2_CTX)); ctx->my_role = my_role; CBS my_name_cbs, their_name_cbs; diff --git a/src/crypto/dsa/dsa.c b/src/crypto/dsa/dsa.c index 5eb78948..4583dc6f 100644 --- a/src/crypto/dsa/dsa.c +++ b/src/crypto/dsa/dsa.c @@ -88,18 +88,14 @@ static int dsa_sign_setup(const DSA *dsa, BN_CTX *ctx_in, BIGNUM **out_kinv, static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT; DSA *DSA_new(void) { - DSA *dsa = OPENSSL_malloc(sizeof(DSA)); + DSA *dsa = OPENSSL_zalloc(sizeof(DSA)); if (dsa == NULL) { return NULL; } - OPENSSL_memset(dsa, 0, sizeof(DSA)); - dsa->references = 1; - CRYPTO_MUTEX_init(&dsa->method_mont_lock); CRYPTO_new_ex_data(&dsa->ex_data); - return dsa; } @@ -533,16 +529,7 @@ err: return ok; } -DSA_SIG *DSA_SIG_new(void) { - DSA_SIG *sig; - sig = OPENSSL_malloc(sizeof(DSA_SIG)); - if (!sig) { - return NULL; - } - sig->r = NULL; - sig->s = NULL; - return sig; -} +DSA_SIG *DSA_SIG_new(void) { return OPENSSL_zalloc(sizeof(DSA_SIG)); } void DSA_SIG_free(DSA_SIG *sig) { if (!sig) { diff --git a/src/crypto/engine/engine.c b/src/crypto/engine/engine.c index 973a57c8..831d4689 100644 --- a/src/crypto/engine/engine.c +++ b/src/crypto/engine/engine.c @@ -31,15 +31,7 @@ struct engine_st { ECDSA_METHOD *ecdsa_method; }; -ENGINE *ENGINE_new(void) { - ENGINE *engine = OPENSSL_malloc(sizeof(ENGINE)); - if (engine == NULL) { - return NULL; - } - - OPENSSL_memset(engine, 0, sizeof(ENGINE)); - return engine; -} +ENGINE *ENGINE_new(void) { return OPENSSL_zalloc(sizeof(ENGINE)); } int ENGINE_free(ENGINE *engine) { // Methods are currently required to be static so are not unref'ed. diff --git a/src/crypto/err/ssl.errordata b/src/crypto/err/ssl.errordata index 7e588c50..a8e6e088 100644 --- a/src/crypto/err/ssl.errordata +++ b/src/crypto/err/ssl.errordata @@ -83,6 +83,7 @@ SSL,303,INCONSISTENT_CLIENT_HELLO SSL,321,INCONSISTENT_ECH_NEGOTIATION SSL,259,INVALID_ALPN_PROTOCOL SSL,315,INVALID_ALPN_PROTOCOL_LIST +SSL,322,INVALID_ALPS_CODEPOINT SSL,314,INVALID_CLIENT_HELLO_INNER SSL,158,INVALID_COMMAND SSL,256,INVALID_COMPRESSION_LIST diff --git a/src/crypto/evp/evp.c b/src/crypto/evp/evp.c index 37b3631d..f3f3d7e5 100644 --- a/src/crypto/evp/evp.c +++ b/src/crypto/evp/evp.c @@ -81,17 +81,13 @@ OPENSSL_DECLARE_ERROR_REASON(EVP, NOT_XOF_OR_INVALID_LENGTH) OPENSSL_DECLARE_ERROR_REASON(EVP, EMPTY_PSK) EVP_PKEY *EVP_PKEY_new(void) { - EVP_PKEY *ret; - - ret = OPENSSL_malloc(sizeof(EVP_PKEY)); + EVP_PKEY *ret = OPENSSL_zalloc(sizeof(EVP_PKEY)); if (ret == NULL) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(EVP_PKEY)); ret->type = EVP_PKEY_NONE; ret->references = 1; - return ret; } diff --git a/src/crypto/evp/evp_ctx.c b/src/crypto/evp/evp_ctx.c index 771f13f0..ea2781f0 100644 --- a/src/crypto/evp/evp_ctx.c +++ b/src/crypto/evp/evp_ctx.c @@ -86,11 +86,10 @@ static const EVP_PKEY_METHOD *evp_pkey_meth_find(int type) { static EVP_PKEY_CTX *evp_pkey_ctx_new(EVP_PKEY *pkey, ENGINE *e, const EVP_PKEY_METHOD *pmeth) { - EVP_PKEY_CTX *ret = OPENSSL_malloc(sizeof(EVP_PKEY_CTX)); + EVP_PKEY_CTX *ret = OPENSSL_zalloc(sizeof(EVP_PKEY_CTX)); if (!ret) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(EVP_PKEY_CTX)); ret->engine = e; ret->pmeth = pmeth; @@ -156,13 +155,11 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx) { return NULL; } - EVP_PKEY_CTX *ret = OPENSSL_malloc(sizeof(EVP_PKEY_CTX)); + EVP_PKEY_CTX *ret = OPENSSL_zalloc(sizeof(EVP_PKEY_CTX)); if (!ret) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(EVP_PKEY_CTX)); - ret->pmeth = ctx->pmeth; ret->engine = ctx->engine; ret->operation = ctx->operation; diff --git a/src/crypto/evp/p_ec.c b/src/crypto/evp/p_ec.c index ed89cc38..0e4349f0 100644 --- a/src/crypto/evp/p_ec.c +++ b/src/crypto/evp/p_ec.c @@ -80,15 +80,12 @@ typedef struct { static int pkey_ec_init(EVP_PKEY_CTX *ctx) { - EC_PKEY_CTX *dctx; - dctx = OPENSSL_malloc(sizeof(EC_PKEY_CTX)); + EC_PKEY_CTX *dctx = OPENSSL_zalloc(sizeof(EC_PKEY_CTX)); if (!dctx) { return 0; } - OPENSSL_memset(dctx, 0, sizeof(EC_PKEY_CTX)); ctx->data = dctx; - return 1; } diff --git a/src/crypto/evp/p_hkdf.c b/src/crypto/evp/p_hkdf.c index 0d7ede82..d9cbfc7c 100644 --- a/src/crypto/evp/p_hkdf.c +++ b/src/crypto/evp/p_hkdf.c @@ -35,12 +35,11 @@ typedef struct { } HKDF_PKEY_CTX; static int pkey_hkdf_init(EVP_PKEY_CTX *ctx) { - HKDF_PKEY_CTX *hctx = OPENSSL_malloc(sizeof(HKDF_PKEY_CTX)); + HKDF_PKEY_CTX *hctx = OPENSSL_zalloc(sizeof(HKDF_PKEY_CTX)); if (hctx == NULL) { return 0; } - OPENSSL_memset(hctx, 0, sizeof(HKDF_PKEY_CTX)); if (!CBB_init(&hctx->info, 0)) { OPENSSL_free(hctx); return 0; diff --git a/src/crypto/evp/p_rsa.c b/src/crypto/evp/p_rsa.c index 15eb1efb..3bdd85d6 100644 --- a/src/crypto/evp/p_rsa.c +++ b/src/crypto/evp/p_rsa.c @@ -97,12 +97,10 @@ typedef struct { } RSA_OAEP_LABEL_PARAMS; static int pkey_rsa_init(EVP_PKEY_CTX *ctx) { - RSA_PKEY_CTX *rctx; - rctx = OPENSSL_malloc(sizeof(RSA_PKEY_CTX)); + RSA_PKEY_CTX *rctx = OPENSSL_zalloc(sizeof(RSA_PKEY_CTX)); if (!rctx) { return 0; } - OPENSSL_memset(rctx, 0, sizeof(RSA_PKEY_CTX)); rctx->nbits = 2048; rctx->pad_mode = RSA_PKCS1_PADDING; diff --git a/src/crypto/evp/scrypt.c b/src/crypto/evp/scrypt.c index 8212cd15..28302672 100644 --- a/src/crypto/evp/scrypt.c +++ b/src/crypto/evp/scrypt.c @@ -170,12 +170,12 @@ int EVP_PBE_scrypt(const char *password, size_t password_len, // Allocate and divide up the scratch space. |max_mem| fits in a size_t, which // is no bigger than uint64_t, so none of these operations may overflow. - static_assert(UINT64_MAX >= ((size_t)-1), "size_t exceeds uint64_t"); + static_assert(UINT64_MAX >= SIZE_MAX, "size_t exceeds uint64_t"); size_t B_blocks = p * 2 * r; size_t B_bytes = B_blocks * sizeof(block_t); size_t T_blocks = 2 * r; size_t V_blocks = N * 2 * r; - block_t *B = OPENSSL_malloc((B_blocks + T_blocks + V_blocks) * sizeof(block_t)); + block_t *B = OPENSSL_calloc(B_blocks + T_blocks + V_blocks, sizeof(block_t)); if (B == NULL) { return 0; } diff --git a/src/crypto/fipsmodule/aes/asm/bsaes-armv7.pl b/src/crypto/fipsmodule/aes/asm/bsaes-armv7.pl index c537730f..fd6272d9 100644 --- a/src/crypto/fipsmodule/aes/asm/bsaes-armv7.pl +++ b/src/crypto/fipsmodule/aes/asm/bsaes-armv7.pl @@ -718,7 +718,6 @@ $code.=<<___; # define VFP_ABI_FRAME 0 # define BSAES_ASM_EXTENDED_KEY # define XTS_CHAIN_TWEAK -# define __ARM_ARCH__ __LINUX_ARM_ARCH__ # define __ARM_MAX_ARCH__ 7 #endif diff --git a/src/crypto/fipsmodule/bn/asm/armv4-mont.pl b/src/crypto/fipsmodule/bn/asm/armv4-mont.pl index 207b8e4c..dcbaee5e 100644 --- a/src/crypto/fipsmodule/bn/asm/armv4-mont.pl +++ b/src/crypto/fipsmodule/bn/asm/armv4-mont.pl @@ -285,7 +285,7 @@ bn_mul_mont: add sp,sp,#2*4 @ skip over {r0,r2} mov r0,#1 .Labrt: -#if __ARM_ARCH__>=5 +#if __ARM_ARCH>=5 ret @ bx lr #else tst lr,#1 diff --git a/src/crypto/fipsmodule/bn/bn.c b/src/crypto/fipsmodule/bn/bn.c index d7d86263..ecebcca5 100644 --- a/src/crypto/fipsmodule/bn/bn.c +++ b/src/crypto/fipsmodule/bn/bn.c @@ -361,7 +361,7 @@ int bn_wexpand(BIGNUM *bn, size_t words) { return 0; } - a = OPENSSL_malloc(sizeof(BN_ULONG) * words); + a = OPENSSL_calloc(words, sizeof(BN_ULONG)); if (a == NULL) { return 0; } diff --git a/src/crypto/fipsmodule/bn/ctx.c b/src/crypto/fipsmodule/bn/ctx.c index 00731611..740fb78c 100644 --- a/src/crypto/fipsmodule/bn/ctx.c +++ b/src/crypto/fipsmodule/bn/ctx.c @@ -210,7 +210,7 @@ static int BN_STACK_push(BN_STACK *st, size_t idx) { // This function intentionally does not push to the error queue on error. // Error-reporting is deferred to |BN_CTX_get|. size_t new_size = st->size != 0 ? st->size * 3 / 2 : BN_CTX_START_FRAMES; - if (new_size <= st->size || new_size > ((size_t)-1) / sizeof(size_t)) { + if (new_size <= st->size || new_size > SIZE_MAX / sizeof(size_t)) { return 0; } size_t *new_indexes = diff --git a/src/crypto/fipsmodule/bn/exponentiation.c b/src/crypto/fipsmodule/bn/exponentiation.c index 41c72335..632771eb 100644 --- a/src/crypto/fipsmodule/bn/exponentiation.c +++ b/src/crypto/fipsmodule/bn/exponentiation.c @@ -724,7 +724,7 @@ void bn_mod_exp_mont_small(BN_ULONG *r, const BN_ULONG *a, size_t num, const BN_ULONG *p, size_t num_p, const BN_MONT_CTX *mont) { if (num != (size_t)mont->N.width || num > BN_SMALL_MAX_WORDS || - num_p > ((size_t)-1) / BN_BITS2) { + num_p > SIZE_MAX / BN_BITS2) { abort(); } assert(BN_is_odd(&mont->N)); diff --git a/src/crypto/fipsmodule/bn/prime.c b/src/crypto/fipsmodule/bn/prime.c index 2d2ab693..fb307683 100644 --- a/src/crypto/fipsmodule/bn/prime.c +++ b/src/crypto/fipsmodule/bn/prime.c @@ -359,14 +359,7 @@ static int probable_prime_dh(BIGNUM *rnd, int bits, const BIGNUM *add, static int probable_prime_dh_safe(BIGNUM *rnd, int bits, const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); -BN_GENCB *BN_GENCB_new(void) { - BN_GENCB *callback = OPENSSL_malloc(sizeof(BN_GENCB)); - if (callback == NULL) { - return NULL; - } - OPENSSL_memset(callback, 0, sizeof(BN_GENCB)); - return callback; -} +BN_GENCB *BN_GENCB_new(void) { return OPENSSL_zalloc(sizeof(BN_GENCB)); } void BN_GENCB_free(BN_GENCB *callback) { OPENSSL_free(callback); } diff --git a/src/crypto/fipsmodule/cipher/cipher.c b/src/crypto/fipsmodule/cipher/cipher.c index bff7996a..7ce3c20c 100644 --- a/src/crypto/fipsmodule/cipher/cipher.c +++ b/src/crypto/fipsmodule/cipher/cipher.c @@ -113,12 +113,11 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) { OPENSSL_memcpy(out, in, sizeof(EVP_CIPHER_CTX)); if (in->cipher_data && in->cipher->ctx_size) { - out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size); + out->cipher_data = OPENSSL_memdup(in->cipher_data, in->cipher->ctx_size); if (!out->cipher_data) { out->cipher = NULL; return 0; } - OPENSSL_memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size); } if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) { diff --git a/src/crypto/fipsmodule/cipher/e_aesccm.c b/src/crypto/fipsmodule/cipher/e_aesccm.c index c00bf61e..295aa056 100644 --- a/src/crypto/fipsmodule/cipher/e_aesccm.c +++ b/src/crypto/fipsmodule/cipher/e_aesccm.c @@ -86,7 +86,7 @@ static int CRYPTO_ccm128_init(struct ccm128_context *ctx, const AES_KEY *key, } static size_t CRYPTO_ccm128_max_input(const struct ccm128_context *ctx) { - return ctx->L >= sizeof(size_t) ? (size_t)-1 + return ctx->L >= sizeof(size_t) ? SIZE_MAX : (((size_t)1) << (ctx->L * 8)) - 1; } diff --git a/src/crypto/fipsmodule/dh/dh.c b/src/crypto/fipsmodule/dh/dh.c index a20b6d11..39c6b8e9 100644 --- a/src/crypto/fipsmodule/dh/dh.c +++ b/src/crypto/fipsmodule/dh/dh.c @@ -71,17 +71,13 @@ DH *DH_new(void) { - DH *dh = OPENSSL_malloc(sizeof(DH)); + DH *dh = OPENSSL_zalloc(sizeof(DH)); if (dh == NULL) { return NULL; } - OPENSSL_memset(dh, 0, sizeof(DH)); - CRYPTO_MUTEX_init(&dh->method_mont_p_lock); - dh->references = 1; - return dh; } @@ -398,7 +394,7 @@ int DH_compute_key(unsigned char *out, const BIGNUM *peers_key, DH *dh) { int DH_compute_key_hashed(DH *dh, uint8_t *out, size_t *out_len, size_t max_out_len, const BIGNUM *peers_key, const EVP_MD *digest) { - *out_len = (size_t)-1; + *out_len = SIZE_MAX; const size_t digest_len = EVP_MD_size(digest); if (digest_len > max_out_len) { diff --git a/src/crypto/fipsmodule/ec/ec.c b/src/crypto/fipsmodule/ec/ec.c index 00587a1f..0ae566a9 100644 --- a/src/crypto/fipsmodule/ec/ec.c +++ b/src/crypto/fipsmodule/ec/ec.c @@ -250,11 +250,10 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, goto err; } - ret = OPENSSL_malloc(sizeof(EC_GROUP)); + ret = OPENSSL_zalloc(sizeof(EC_GROUP)); if (ret == NULL) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(EC_GROUP)); ret->references = 1; ret->meth = EC_GFp_mont_method(); bn_mont_ctx_init(&ret->field); diff --git a/src/crypto/fipsmodule/ec/ec_key.c b/src/crypto/fipsmodule/ec/ec_key.c index 90a4404c..a48671a2 100644 --- a/src/crypto/fipsmodule/ec/ec_key.c +++ b/src/crypto/fipsmodule/ec/ec_key.c @@ -86,12 +86,11 @@ DEFINE_STATIC_EX_DATA_CLASS(g_ec_ex_data_class) static EC_WRAPPED_SCALAR *ec_wrapped_scalar_new(const EC_GROUP *group) { - EC_WRAPPED_SCALAR *wrapped = OPENSSL_malloc(sizeof(EC_WRAPPED_SCALAR)); + EC_WRAPPED_SCALAR *wrapped = OPENSSL_zalloc(sizeof(EC_WRAPPED_SCALAR)); if (wrapped == NULL) { return NULL; } - OPENSSL_memset(wrapped, 0, sizeof(EC_WRAPPED_SCALAR)); wrapped->bignum.d = wrapped->scalar.words; wrapped->bignum.width = group->order.N.width; wrapped->bignum.dmax = group->order.N.width; @@ -106,13 +105,11 @@ static void ec_wrapped_scalar_free(EC_WRAPPED_SCALAR *scalar) { EC_KEY *EC_KEY_new(void) { return EC_KEY_new_method(NULL); } EC_KEY *EC_KEY_new_method(const ENGINE *engine) { - EC_KEY *ret = OPENSSL_malloc(sizeof(EC_KEY)); + EC_KEY *ret = OPENSSL_zalloc(sizeof(EC_KEY)); if (ret == NULL) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(EC_KEY)); - if (engine) { ret->ecdsa_meth = ENGINE_get_ECDSA_method(engine); } diff --git a/src/crypto/fipsmodule/ec/p256_test.cc b/src/crypto/fipsmodule/ec/p256_test.cc new file mode 100644 index 00000000..2af9319b --- /dev/null +++ b/src/crypto/fipsmodule/ec/p256_test.cc @@ -0,0 +1,47 @@ +/* Copyright (c) 2023, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include <gtest/gtest.h> +#include "../../internal.h" +#include "../../test/abi_test.h" + +#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) && defined(__x86_64__) && \ + defined(SUPPORTS_ABI_TEST) +extern "C" { +#include "../../../third_party/fiat/p256_64.h" +} + +TEST(P256Test, AdxMulABI) { + static const uint64_t in1[4] = {0}, in2[4] = {0}; + uint64_t out[4]; + if (CRYPTO_is_BMI1_capable() && CRYPTO_is_BMI2_capable() && + CRYPTO_is_ADX_capable()) { + CHECK_ABI(fiat_p256_adx_mul, out, in1, in2); + } else { + GTEST_SKIP() << "Can't test ABI of ADX code without ADX"; + } +} + +#include <assert.h> +TEST(P256Test, AdxSquareABI) { + static const uint64_t in[4] = {0}; + uint64_t out[4]; + if (CRYPTO_is_BMI1_capable() && CRYPTO_is_BMI2_capable() && + CRYPTO_is_ADX_capable()) { + CHECK_ABI(fiat_p256_adx_sqr, out, in); + } else { + GTEST_SKIP() << "Can't test ABI of ADX code without ADX"; + } +} +#endif diff --git a/src/crypto/fipsmodule/ec/wnaf.c b/src/crypto/fipsmodule/ec/wnaf.c index f5214b24..225cdfe1 100644 --- a/src/crypto/fipsmodule/ec/wnaf.c +++ b/src/crypto/fipsmodule/ec/wnaf.c @@ -197,13 +197,8 @@ int ec_GFp_mont_mul_public_batch(const EC_GROUP *group, EC_JACOBIAN *r, wNAF = wNAF_stack; precomp = precomp_stack; } else { - if (num >= ((size_t)-1) / sizeof(wNAF_alloc[0]) || - num >= ((size_t)-1) / sizeof(precomp_alloc[0])) { - OPENSSL_PUT_ERROR(EC, ERR_R_OVERFLOW); - goto err; - } - wNAF_alloc = OPENSSL_malloc(num * sizeof(wNAF_alloc[0])); - precomp_alloc = OPENSSL_malloc(num * sizeof(precomp_alloc[0])); + wNAF_alloc = OPENSSL_calloc(num, sizeof(wNAF_alloc[0])); + precomp_alloc = OPENSSL_calloc(num, sizeof(precomp_alloc[0])); if (wNAF_alloc == NULL || precomp_alloc == NULL) { goto err; } diff --git a/src/crypto/fipsmodule/rand/fork_detect.c b/src/crypto/fipsmodule/rand/fork_detect.c index 71a02c89..a2cf3a05 100644 --- a/src/crypto/fipsmodule/rand/fork_detect.c +++ b/src/crypto/fipsmodule/rand/fork_detect.c @@ -17,31 +17,34 @@ #endif #include <openssl/base.h> - #include "fork_detect.h" -#if defined(OPENSSL_LINUX) -#include <assert.h> -#include <sys/mman.h> +#if defined(OPENSSL_FORK_DETECTION_MADVISE) #include <unistd.h> #include <stdlib.h> - -#include "../delocate.h" -#include "../../internal.h" - - +#include <assert.h> +#include <sys/mman.h> #if defined(MADV_WIPEONFORK) static_assert(MADV_WIPEONFORK == 18, "MADV_WIPEONFORK is not 18"); #else #define MADV_WIPEONFORK 18 #endif +#elif defined(OPENSSL_FORK_DETECTION_PTHREAD_ATFORK) +#include <unistd.h> +#include <stdlib.h> +#include <pthread.h> +#endif // OPENSSL_FORK_DETECTION_MADVISE +#include "../delocate.h" +#include "../../internal.h" + +#if defined(OPENSSL_FORK_DETECTION_MADVISE) +DEFINE_BSS_GET(int, g_force_madv_wipeonfork); +DEFINE_BSS_GET(int, g_force_madv_wipeonfork_enabled); DEFINE_STATIC_ONCE(g_fork_detect_once); DEFINE_STATIC_MUTEX(g_fork_detect_lock); DEFINE_BSS_GET(CRYPTO_atomic_u32 *, g_fork_detect_addr); DEFINE_BSS_GET(uint64_t, g_fork_generation); -DEFINE_BSS_GET(int, g_force_madv_wipeonfork); -DEFINE_BSS_GET(int, g_force_madv_wipeonfork_enabled); static void init_fork_detect(void) { if (*g_force_madv_wipeonfork_bss_get()) { @@ -73,9 +76,12 @@ static void init_fork_detect(void) { CRYPTO_atomic_store_u32(addr, 1); *g_fork_detect_addr_bss_get() = addr; *g_fork_generation_bss_get() = 1; + } uint64_t CRYPTO_get_fork_generation(void) { + CRYPTO_once(g_fork_detect_once_bss_get(), init_fork_detect); + // In a single-threaded process, there are obviously no races because there's // only a single mutator in the address space. // @@ -87,7 +93,6 @@ uint64_t CRYPTO_get_fork_generation(void) { // child process is single-threaded, the child may become multi-threaded // before it observes this. Therefore, we must synchronize the logic below. - CRYPTO_once(g_fork_detect_once_bss_get(), init_fork_detect); CRYPTO_atomic_u32 *const flag_ptr = *g_fork_detect_addr_bss_get(); if (flag_ptr == NULL) { // Our kernel is too old to support |MADV_WIPEONFORK| or @@ -98,6 +103,12 @@ uint64_t CRYPTO_get_fork_generation(void) { // doesn't support it. return 42; } + // With Linux and clone(), we do not believe that pthread_atfork() is + // sufficient for detecting all forms of address space duplication. At this + // point we have a kernel that does not support MADV_WIPEONFORK. We could + // return the generation number from pthread_atfork() here and it would + // probably be safe in almost any situation, but to ensure safety we return + // 0 and force an entropy draw on every call. return 0; } @@ -140,7 +151,34 @@ void CRYPTO_fork_detect_force_madv_wipeonfork_for_testing(int on) { *g_force_madv_wipeonfork_enabled_bss_get() = on; } -#elif defined(OPENSSL_WINDOWS) || defined(OPENSSL_TRUSTY) +#elif defined(OPENSSL_FORK_DETECTION_PTHREAD_ATFORK) + +DEFINE_STATIC_ONCE(g_pthread_fork_detection_once); +DEFINE_BSS_GET(uint64_t, g_atfork_fork_generation); + +static void we_are_forked(void) { + // Immediately after a fork, the process must be single-threaded. + uint64_t value = *g_atfork_fork_generation_bss_get() + 1; + if (value == 0) { + value = 1; + } + *g_atfork_fork_generation_bss_get() = value; +} + +static void init_pthread_fork_detection(void) { + if (pthread_atfork(NULL, NULL, we_are_forked) != 0) { + abort(); + } + *g_atfork_fork_generation_bss_get() = 1; +} + +uint64_t CRYPTO_get_fork_generation(void) { + CRYPTO_once(g_pthread_fork_detection_once_bss_get(), init_pthread_fork_detection); + + return *g_atfork_fork_generation_bss_get(); +} + +#elif defined(OPENSSL_DOES_NOT_FORK) // These platforms are guaranteed not to fork, and therefore do not require // fork detection support. Returning a constant non zero value makes BoringSSL diff --git a/src/crypto/fipsmodule/rand/fork_detect.h b/src/crypto/fipsmodule/rand/fork_detect.h index f9bbe02f..c2678482 100644 --- a/src/crypto/fipsmodule/rand/fork_detect.h +++ b/src/crypto/fipsmodule/rand/fork_detect.h @@ -17,6 +17,23 @@ #include <openssl/base.h> +#if defined(OPENSSL_LINUX) +// On linux we use MADVISE instead of pthread_atfork(), due +// to concerns about clone() being used for address space +// duplication. +#define OPENSSL_FORK_DETECTION +#define OPENSSL_FORK_DETECTION_MADVISE +#elif defined(OPENSSL_MACOS) || defined(OPENSSL_IOS) || \ + defined(OPENSSL_OPENBSD) || defined(OPENSSL_FREEBSD) +// These platforms may detect address space duplication with pthread_atfork. +// iOS doesn't normally allow fork in apps, but it's there. +#define OPENSSL_FORK_DETECTION +#define OPENSSL_FORK_DETECTION_PTHREAD_ATFORK +#elif defined(OPENSSL_WINDOWS) || defined(OPENSSL_TRUSTY) +// These platforms do not fork. +#define OPENSSL_DOES_NOT_FORK +#endif + #if defined(__cplusplus) extern "C" { #endif diff --git a/src/crypto/fipsmodule/rand/fork_detect_test.cc b/src/crypto/fipsmodule/rand/fork_detect_test.cc index ab485127..f9cde28b 100644 --- a/src/crypto/fipsmodule/rand/fork_detect_test.cc +++ b/src/crypto/fipsmodule/rand/fork_detect_test.cc @@ -14,13 +14,17 @@ #include <openssl/base.h> +#include "fork_detect.h" + // TSAN cannot cope with this test and complains that "starting new threads // after multi-threaded fork is not supported". -#if defined(OPENSSL_LINUX) && !defined(OPENSSL_TSAN) +#if defined(OPENSSL_FORK_DETECTION) && !defined(OPENSSL_TSAN) && \ + !defined(OPENSSL_IOS) #include <errno.h> #include <inttypes.h> #include <stdio.h> #include <string.h> +#include <sys/wait.h> #include <unistd.h> #include <functional> @@ -32,8 +36,6 @@ #include <gtest/gtest.h> -#include "fork_detect.h" - static pid_t WaitpidEINTR(pid_t pid, int *out_status, int options) { pid_t ret; @@ -47,19 +49,20 @@ static pid_t WaitpidEINTR(pid_t pid, int *out_status, int options) { // The *InChild functions run inside a child process and must report errors via // |stderr| and |_exit| rather than GTest. -static void CheckGenerationInChild(const char *name, uint64_t expected) { +static void CheckGenerationAtLeastInChild(const char *name, + uint64_t minimum_expected) { uint64_t generation = CRYPTO_get_fork_generation(); - if (generation != expected) { + if (generation < minimum_expected) { fprintf(stderr, "%s generation (#1) was %" PRIu64 ", wanted %" PRIu64 ".\n", - name, generation, expected); + name, generation, minimum_expected); _exit(1); } // The generation should be stable. - generation = CRYPTO_get_fork_generation(); - if (generation != expected) { + uint64_t new_generation = CRYPTO_get_fork_generation(); + if (new_generation != generation) { fprintf(stderr, "%s generation (#2) was %" PRIu64 ", wanted %" PRIu64 ".\n", - name, generation, expected); + name, new_generation, generation); _exit(1); } } @@ -95,10 +98,9 @@ static void ForkInChild(std::function<void()> f) { } TEST(ForkDetect, Test) { - const uint64_t start = CRYPTO_get_fork_generation(); + uint64_t start = CRYPTO_get_fork_generation(); if (start == 0) { - fprintf(stderr, "Fork detection not supported. Skipping test.\n"); - return; + GTEST_SKIP() << "Fork detection not supported. Skipping test.\n"; } // The fork generation should be stable. @@ -111,16 +113,22 @@ TEST(ForkDetect, Test) { // Fork grandchildren before observing the fork generation. The // grandchildren will observe |start| + 1. for (int i = 0; i < 2; i++) { - ForkInChild([&] { CheckGenerationInChild("Grandchild", start + 1); }); + ForkInChild( + [&] { CheckGenerationAtLeastInChild("Grandchild", start + 1); }); } // Now the child also observes |start| + 1. This is fine because it has // already diverged from the grandchild at this point. - CheckGenerationInChild("Child", start + 1); + CheckGenerationAtLeastInChild("Child", start + 1); + + // In the pthread_atfork the value may have changed. + uint64_t child_generation = CRYPTO_get_fork_generation(); // Forked grandchildren will now observe |start| + 2. for (int i = 0; i < 2; i++) { - ForkInChild([&] { CheckGenerationInChild("Grandchild", start + 2); }); + ForkInChild([&] { + CheckGenerationAtLeastInChild("Grandchild", child_generation + 1); + }); } #if defined(OPENSSL_THREADS) @@ -131,8 +139,10 @@ TEST(ForkDetect, Test) { std::vector<std::thread> threads(4); for (int i = 0; i < 2; i++) { for (auto &t : threads) { - t = std::thread( - [&] { CheckGenerationInChild("Grandchild thread", start + 2); }); + t = std::thread([&] { + CheckGenerationAtLeastInChild("Grandchild thread", + child_generation + 1); + }); } for (auto &t : threads) { t.join(); @@ -141,8 +151,15 @@ TEST(ForkDetect, Test) { }); #endif // OPENSSL_THREADS - // The child still observes |start| + 1. - CheckGenerationInChild("Child", start + 1); + // The child's observed value should be unchanged. + if (child_generation != CRYPTO_get_fork_generation()) { + fprintf(stderr, + "Child generation (final stable check) was %" PRIu64 + ", wanted %" PRIu64 ".\n", + child_generation, CRYPTO_get_fork_generation()); + _exit(1); + } + _exit(0); } @@ -157,4 +174,4 @@ TEST(ForkDetect, Test) { EXPECT_EQ(start, CRYPTO_get_fork_generation()); } -#endif // OPENSSL_LINUX && !OPENSSL_TSAN +#endif // OPENSSL_FORK_DETECTION && !OPENSSL_TSAN && !OPENSSL_IOS diff --git a/src/crypto/fipsmodule/rsa/blinding.c b/src/crypto/fipsmodule/rsa/blinding.c index c4cfcc23..8838ad8f 100644 --- a/src/crypto/fipsmodule/rsa/blinding.c +++ b/src/crypto/fipsmodule/rsa/blinding.c @@ -130,11 +130,10 @@ static int bn_blinding_create_param(BN_BLINDING *b, const BIGNUM *e, const BN_MONT_CTX *mont, BN_CTX *ctx); BN_BLINDING *BN_BLINDING_new(void) { - BN_BLINDING *ret = OPENSSL_malloc(sizeof(BN_BLINDING)); + BN_BLINDING *ret = OPENSSL_zalloc(sizeof(BN_BLINDING)); if (ret == NULL) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(BN_BLINDING)); ret->A = BN_new(); if (ret->A == NULL) { diff --git a/src/crypto/fipsmodule/rsa/rsa.c b/src/crypto/fipsmodule/rsa/rsa.c index 77ab6c6e..8babba18 100644 --- a/src/crypto/fipsmodule/rsa/rsa.c +++ b/src/crypto/fipsmodule/rsa/rsa.c @@ -206,13 +206,11 @@ RSA *RSA_new_private_key_large_e(const BIGNUM *n, const BIGNUM *e, RSA *RSA_new(void) { return RSA_new_method(NULL); } RSA *RSA_new_method(const ENGINE *engine) { - RSA *rsa = OPENSSL_malloc(sizeof(RSA)); + RSA *rsa = OPENSSL_zalloc(sizeof(RSA)); if (rsa == NULL) { return NULL; } - OPENSSL_memset(rsa, 0, sizeof(RSA)); - if (engine) { rsa->meth = ENGINE_get_RSA_method(engine); } diff --git a/src/crypto/fipsmodule/rsa/rsa_impl.c b/src/crypto/fipsmodule/rsa/rsa_impl.c index 6cdc2909..e847f935 100644 --- a/src/crypto/fipsmodule/rsa/rsa_impl.c +++ b/src/crypto/fipsmodule/rsa/rsa_impl.c @@ -376,7 +376,7 @@ static BN_BLINDING *rsa_blinding_get(RSA *rsa, size_t *index_used, assert(new_num_blindings > rsa->num_blindings); BN_BLINDING **new_blindings = - OPENSSL_malloc(sizeof(BN_BLINDING *) * new_num_blindings); + OPENSSL_calloc(new_num_blindings, sizeof(BN_BLINDING *)); uint8_t *new_blindings_inuse = OPENSSL_malloc(new_num_blindings); if (new_blindings == NULL || new_blindings_inuse == NULL) { goto err; diff --git a/src/crypto/fipsmodule/self_check/fips.c b/src/crypto/fipsmodule/self_check/fips.c index ce039576..c3515ea9 100644 --- a/src/crypto/fipsmodule/self_check/fips.c +++ b/src/crypto/fipsmodule/self_check/fips.c @@ -94,12 +94,11 @@ void boringssl_fips_inc_counter(enum fips_counter_t counter) { CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_FIPS_COUNTERS); if (!array) { const size_t num_bytes = sizeof(size_t) * (fips_counter_max + 1); - array = OPENSSL_malloc(num_bytes); + array = OPENSSL_zalloc(num_bytes); if (!array) { return; } - OPENSSL_memset(array, 0, num_bytes); if (!CRYPTO_set_thread_local(OPENSSL_THREAD_LOCAL_FIPS_COUNTERS, array, OPENSSL_free)) { // |OPENSSL_free| has already been called by |CRYPTO_set_thread_local|. diff --git a/src/crypto/fipsmodule/sha/asm/sha1-armv4-large.pl b/src/crypto/fipsmodule/sha/asm/sha1-armv4-large.pl index 2998b897..c52b546f 100644 --- a/src/crypto/fipsmodule/sha/asm/sha1-armv4-large.pl +++ b/src/crypto/fipsmodule/sha/asm/sha1-armv4-large.pl @@ -132,7 +132,7 @@ ___ sub BODY_00_15 { my ($a,$b,$c,$d,$e)=@_; $code.=<<___; -#if __ARM_ARCH__<7 +#if __ARM_ARCH<7 ldrb $t1,[$inp,#2] ldrb $t0,[$inp,#3] ldrb $t2,[$inp,#1] @@ -296,7 +296,7 @@ $code.=<<___; teq $inp,$len bne .Lloop @ [+18], total 1307 -#if __ARM_ARCH__>=5 +#if __ARM_ARCH>=5 ldmia sp!,{r4-r12,pc} #else ldmia sp!,{r4-r12,lr} diff --git a/src/crypto/fipsmodule/sha/asm/sha256-armv4.pl b/src/crypto/fipsmodule/sha/asm/sha256-armv4.pl index 0f459e06..6812b27a 100644 --- a/src/crypto/fipsmodule/sha/asm/sha256-armv4.pl +++ b/src/crypto/fipsmodule/sha/asm/sha256-armv4.pl @@ -86,7 +86,7 @@ sub BODY_00_15 { my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_; $code.=<<___ if ($i<16); -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 @ ldr $t1,[$inp],#4 @ $i # if $i==15 str $inp,[sp,#17*4] @ make room for $t4 @@ -129,7 +129,7 @@ $code.=<<___; cmp $t2,#0xf2 @ done? #endif #if $i<15 -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr $t1,[$inp],#4 @ prefetch # else ldrb $t1,[$inp,#3] @@ -179,7 +179,7 @@ $code=<<___; #ifndef __KERNEL__ # include <openssl/arm_arch.h> #else -# define __ARM_ARCH__ __LINUX_ARM_ARCH__ +# define __ARM_ARCH __LINUX_ARM_ARCH__ # define __ARM_MAX_ARCH__ 7 #endif @@ -227,7 +227,7 @@ K256: .type sha256_block_data_order,%function sha256_block_data_order: .Lsha256_block_data_order: -#if __ARM_ARCH__<7 && !defined(__thumb2__) +#if __ARM_ARCH<7 && !defined(__thumb2__) sub r3,pc,#8 @ sha256_block_data_order #else adr r3,.Lsha256_block_data_order @@ -249,7 +249,7 @@ sha256_block_data_order: sub $Ktbl,r3,#256+32 @ K256 sub sp,sp,#16*4 @ alloca(X[16]) .Loop: -# if __ARM_ARCH__>=7 +# if __ARM_ARCH>=7 ldr $t1,[$inp],#4 # else ldrb $t1,[$inp,#3] @@ -261,7 +261,7 @@ for($i=0;$i<16;$i++) { &BODY_00_15($i,@V); unshift(@V,pop(@V)); } $code.=".Lrounds_16_xx:\n"; for (;$i<32;$i++) { &BODY_16_XX($i,@V); unshift(@V,pop(@V)); } $code.=<<___; -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 ite eq @ Thumb2 thing, sanity check in ARM #endif ldreq $t3,[sp,#16*4] @ pull ctx @@ -292,7 +292,7 @@ $code.=<<___; bne .Loop add sp,sp,#`16+3`*4 @ destroy frame -#if __ARM_ARCH__>=5 +#if __ARM_ARCH>=5 ldmia sp!,{r4-r11,pc} #else ldmia sp!,{r4-r11,lr} diff --git a/src/crypto/fipsmodule/sha/asm/sha512-armv4.pl b/src/crypto/fipsmodule/sha/asm/sha512-armv4.pl index 185635fc..d470dafa 100644 --- a/src/crypto/fipsmodule/sha/asm/sha512-armv4.pl +++ b/src/crypto/fipsmodule/sha/asm/sha512-armv4.pl @@ -159,7 +159,7 @@ $code.=<<___; teq $t0,#$magic ldr $t3,[sp,#$Coff+0] @ c.lo -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 it eq @ Thumb2 thing, sanity check in ARM #endif orreq $Ktbl,$Ktbl,#1 @@ -204,7 +204,6 @@ $code=<<___; # define VFP_ABI_PUSH vstmdb sp!,{d8-d15} # define VFP_ABI_POP vldmia sp!,{d8-d15} #else -# define __ARM_ARCH__ __LINUX_ARM_ARCH__ # define __ARM_MAX_ARCH__ 7 # define VFP_ABI_PUSH # define VFP_ABI_POP @@ -289,7 +288,7 @@ WORD64(0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817) .type sha512_block_data_order,%function sha512_block_data_order: .Lsha512_block_data_order: -#if __ARM_ARCH__<7 && !defined(__thumb2__) +#if __ARM_ARCH<7 && !defined(__thumb2__) sub r3,pc,#8 @ sha512_block_data_order #else adr r3,.Lsha512_block_data_order @@ -339,7 +338,7 @@ sha512_block_data_order: str $Thi,[sp,#$Foff+4] .L00_15: -#if __ARM_ARCH__<7 +#if __ARM_ARCH<7 ldrb $Tlo,[$inp,#7] ldrb $t0, [$inp,#6] ldrb $t1, [$inp,#5] @@ -417,7 +416,7 @@ $code.=<<___; ___ &BODY_00_15(0x17); $code.=<<___; -#if __ARM_ARCH__>=7 +#if __ARM_ARCH>=7 ittt eq @ Thumb2 thing, sanity check in ARM #endif ldreq $t0,[sp,#`$Xoff+8*(16-1)`+0] @@ -496,7 +495,7 @@ $code.=<<___; bne .Loop add sp,sp,#8*9 @ destroy frame -#if __ARM_ARCH__>=5 +#if __ARM_ARCH>=5 ldmia sp!,{r4-r12,pc} #else ldmia sp!,{r4-r12,lr} diff --git a/src/crypto/keccak/internal.h b/src/crypto/keccak/internal.h new file mode 100644 index 00000000..e68b126e --- /dev/null +++ b/src/crypto/keccak/internal.h @@ -0,0 +1,70 @@ +/* Copyright (c) 2023, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#ifndef OPENSSL_HEADER_CRYPTO_KECCAK_INTERNAL_H +#define OPENSSL_HEADER_CRYPTO_KECCAK_INTERNAL_H + +#include <openssl/base.h> + +#if defined(__cplusplus) +extern "C" { +#endif + + +enum boringssl_keccak_config_t { + boringssl_sha3_256, + boringssl_sha3_512, + boringssl_shake128, + boringssl_shake256, +}; + +enum boringssl_keccak_phase_t { + boringssl_keccak_phase_absorb, + boringssl_keccak_phase_squeeze, +}; + +struct BORINGSSL_keccak_st { + enum boringssl_keccak_config_t config; + enum boringssl_keccak_phase_t phase; + uint64_t state[25]; + size_t rate_bytes; + size_t absorb_offset; + size_t squeeze_offset; +}; + +// BORINGSSL_keccak hashes |in_len| bytes from |in| and writes |out_len| bytes +// of output to |out|. If the |config| specifies a fixed-output function, like +// SHA3-256, then |out_len| must be the correct length for that function. +OPENSSL_EXPORT void BORINGSSL_keccak(uint8_t *out, size_t out_len, + const uint8_t *in, size_t in_len, + enum boringssl_keccak_config_t config); + +// BORINGSSL_keccak_init prepares |ctx| for absorbing. The |config| must specify +// a SHAKE variant, otherwise callers should use |BORINGSSL_keccak|. +OPENSSL_EXPORT void BORINGSSL_keccak_init( + struct BORINGSSL_keccak_st *ctx, enum boringssl_keccak_config_t config); + +// BORINGSSL_keccak_absorb absorbs |in_len| bytes from |in|. +OPENSSL_EXPORT void BORINGSSL_keccak_absorb(struct BORINGSSL_keccak_st *ctx, + const uint8_t *in, size_t in_len); + +// BORINGSSL_keccak_squeeze writes |out_len| bytes to |out| from |ctx|. +OPENSSL_EXPORT void BORINGSSL_keccak_squeeze(struct BORINGSSL_keccak_st *ctx, + uint8_t *out, size_t out_len); + +#if defined(__cplusplus) +} +#endif + +#endif // OPENSSL_HEADER_CRYPTO_KECCAK_INTERNAL_H diff --git a/src/crypto/kyber/keccak.c b/src/crypto/keccak/keccak.c index f1c012d1..e4824044 100644 --- a/src/crypto/kyber/keccak.c +++ b/src/crypto/keccak/keccak.c @@ -105,40 +105,90 @@ static void keccak_f(uint64_t state[25]) { } static void keccak_init(struct BORINGSSL_keccak_st *ctx, - size_t *out_required_out_len, const uint8_t *in, - size_t in_len, enum boringssl_keccak_config_t config) { + size_t *out_required_out_len, + enum boringssl_keccak_config_t config) { size_t capacity_bytes; - uint8_t terminator; switch (config) { case boringssl_sha3_256: capacity_bytes = 512 / 8; *out_required_out_len = 32; - terminator = 0x06; break; case boringssl_sha3_512: capacity_bytes = 1024 / 8; *out_required_out_len = 64; - terminator = 0x06; break; case boringssl_shake128: capacity_bytes = 256 / 8; *out_required_out_len = 0; - terminator = 0x1f; break; case boringssl_shake256: capacity_bytes = 512 / 8; *out_required_out_len = 0; - terminator = 0x1f; break; default: abort(); } OPENSSL_memset(ctx, 0, sizeof(*ctx)); + ctx->config = config; + ctx->phase = boringssl_keccak_phase_absorb; ctx->rate_bytes = 200 - capacity_bytes; assert(ctx->rate_bytes % 8 == 0); +} + +void BORINGSSL_keccak(uint8_t *out, size_t out_len, const uint8_t *in, + size_t in_len, enum boringssl_keccak_config_t config) { + struct BORINGSSL_keccak_st ctx; + size_t required_out_len; + keccak_init(&ctx, &required_out_len, config); + if (required_out_len != 0 && out_len != required_out_len) { + abort(); + } + BORINGSSL_keccak_absorb(&ctx, in, in_len); + BORINGSSL_keccak_squeeze(&ctx, out, out_len); +} + +void BORINGSSL_keccak_init(struct BORINGSSL_keccak_st *ctx, + enum boringssl_keccak_config_t config) { + size_t required_out_len; + keccak_init(ctx, &required_out_len, config); + if (required_out_len != 0) { + abort(); + } +} + +void BORINGSSL_keccak_absorb(struct BORINGSSL_keccak_st *ctx, const uint8_t *in, + size_t in_len) { + if (ctx->phase == boringssl_keccak_phase_squeeze) { + // It's illegal to call absorb() again after calling squeeze(). + abort(); + } + const size_t rate_words = ctx->rate_bytes / 8; + // XOR the input. Accessing |ctx->state| as a |uint8_t*| is allowed by strict + // aliasing because we require |uint8_t| to be a character type. + uint8_t *state_bytes = (uint8_t *)ctx->state; + + // Absorb partial block. + if (ctx->absorb_offset != 0) { + assert(ctx->absorb_offset < ctx->rate_bytes); + size_t first_block_len = ctx->rate_bytes - ctx->absorb_offset; + for (size_t i = 0; i < first_block_len && i < in_len; i++) { + state_bytes[ctx->absorb_offset + i] ^= in[i]; + } + + // This input didn't fill the block. + if (first_block_len > in_len) { + ctx->absorb_offset += in_len; + return; + } + + keccak_f(ctx->state); + in += first_block_len; + in_len -= first_block_len; + } + // Absorb full blocks. while (in_len >= ctx->rate_bytes) { for (size_t i = 0; i < rate_words; i++) { ctx->state[i] ^= CRYPTO_load_u64_le(in + 8 * i); @@ -148,57 +198,60 @@ static void keccak_init(struct BORINGSSL_keccak_st *ctx, in_len -= ctx->rate_bytes; } - // XOR the final block. Accessing |ctx->state| as a |uint8_t*| is allowed by - // strict aliasing because we require |uint8_t| to be a character type. - uint8_t *state_bytes = (uint8_t *)ctx->state; + // Absorb partial block. assert(in_len < ctx->rate_bytes); for (size_t i = 0; i < in_len; i++) { state_bytes[i] ^= in[i]; } - state_bytes[in_len] ^= terminator; - state_bytes[ctx->rate_bytes - 1] ^= 0x80; - keccak_f(ctx->state); + ctx->absorb_offset = in_len; } -void BORINGSSL_keccak(uint8_t *out, size_t out_len, const uint8_t *in, - size_t in_len, enum boringssl_keccak_config_t config) { - struct BORINGSSL_keccak_st ctx; - size_t required_out_len; - keccak_init(&ctx, &required_out_len, in, in_len, config); - if (required_out_len != 0 && out_len != required_out_len) { - abort(); +static void keccak_finalize(struct BORINGSSL_keccak_st *ctx) { + uint8_t terminator; + switch (ctx->config) { + case boringssl_sha3_256: + case boringssl_sha3_512: + terminator = 0x06; + break; + case boringssl_shake128: + case boringssl_shake256: + terminator = 0x1f; + break; + default: + abort(); } - BORINGSSL_keccak_squeeze(&ctx, out, out_len); -} -void BORINGSSL_keccak_init(struct BORINGSSL_keccak_st *ctx, const uint8_t *in, - size_t in_len, - enum boringssl_keccak_config_t config) { - size_t required_out_len; - keccak_init(ctx, &required_out_len, in, in_len, config); - if (required_out_len != 0) { - abort(); - } + // XOR the terminator. Accessing |ctx->state| as a |uint8_t*| is allowed by + // strict aliasing because we require |uint8_t| to be a character type. + uint8_t *state_bytes = (uint8_t *)ctx->state; + state_bytes[ctx->absorb_offset] ^= terminator; + state_bytes[ctx->rate_bytes - 1] ^= 0x80; + keccak_f(ctx->state); } void BORINGSSL_keccak_squeeze(struct BORINGSSL_keccak_st *ctx, uint8_t *out, size_t out_len) { + if (ctx->phase == boringssl_keccak_phase_absorb) { + keccak_finalize(ctx); + ctx->phase = boringssl_keccak_phase_squeeze; + } + // Accessing |ctx->state| as a |uint8_t*| is allowed by strict aliasing // because we require |uint8_t| to be a character type. const uint8_t *state_bytes = (const uint8_t *)ctx->state; while (out_len) { - size_t remaining = ctx->rate_bytes - ctx->offset; + size_t remaining = ctx->rate_bytes - ctx->squeeze_offset; size_t todo = out_len; if (todo > remaining) { todo = remaining; } - OPENSSL_memcpy(out, &state_bytes[ctx->offset], todo); + OPENSSL_memcpy(out, &state_bytes[ctx->squeeze_offset], todo); out += todo; out_len -= todo; - ctx->offset += todo; - if (ctx->offset == ctx->rate_bytes) { + ctx->squeeze_offset += todo; + if (ctx->squeeze_offset == ctx->rate_bytes) { keccak_f(ctx->state); - ctx->offset = 0; + ctx->squeeze_offset = 0; } } } diff --git a/src/crypto/keccak/keccak_test.cc b/src/crypto/keccak/keccak_test.cc new file mode 100644 index 00000000..f0ac3d9b --- /dev/null +++ b/src/crypto/keccak/keccak_test.cc @@ -0,0 +1,289 @@ +/* Copyright (c) 2023, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include <vector> + +#include <string.h> + +#include <gtest/gtest.h> + +#include <openssl/bytestring.h> + +#include "../test/file_test.h" +#include "../test/test_util.h" +#include "./internal.h" + + +static void KeccakFileTest(FileTest *t) { + std::vector<uint8_t> input, sha3_256_expected, sha3_512_expected, + shake128_expected, shake256_expected; + ASSERT_TRUE(t->GetBytes(&input, "Input")); + ASSERT_TRUE(t->GetBytes(&sha3_256_expected, "SHA3-256")); + ASSERT_TRUE(t->GetBytes(&sha3_512_expected, "SHA3-512")); + ASSERT_TRUE(t->GetBytes(&shake128_expected, "SHAKE-128")); + ASSERT_TRUE(t->GetBytes(&shake256_expected, "SHAKE-256")); + + uint8_t sha3_256_digest[32]; + BORINGSSL_keccak(sha3_256_digest, sizeof(sha3_256_digest), input.data(), + input.size(), boringssl_sha3_256); + uint8_t sha3_512_digest[64]; + BORINGSSL_keccak(sha3_512_digest, sizeof(sha3_512_digest), input.data(), + input.size(), boringssl_sha3_512); + uint8_t shake128_output[512]; + BORINGSSL_keccak(shake128_output, sizeof(shake128_output), input.data(), + input.size(), boringssl_shake128); + uint8_t shake256_output[512]; + BORINGSSL_keccak(shake256_output, sizeof(shake256_output), input.data(), + input.size(), boringssl_shake256); + + EXPECT_EQ(Bytes(sha3_256_expected), Bytes(sha3_256_digest)); + EXPECT_EQ(Bytes(sha3_512_expected), Bytes(sha3_512_digest)); + EXPECT_EQ(Bytes(shake128_expected), Bytes(shake128_output)); + EXPECT_EQ(Bytes(shake256_expected), Bytes(shake256_output)); + + struct BORINGSSL_keccak_st ctx; + + // Single-pass absorb/squeeze. + OPENSSL_memset(shake128_output, 0, sizeof(shake128_output)); + BORINGSSL_keccak_init(&ctx, boringssl_shake128); + BORINGSSL_keccak_absorb(&ctx, input.data(), input.size()); + BORINGSSL_keccak_squeeze(&ctx, shake128_output, sizeof(shake128_output)); + EXPECT_EQ(Bytes(shake128_expected), Bytes(shake128_output)); + + OPENSSL_memset(shake256_output, 0, sizeof(shake256_output)); + BORINGSSL_keccak_init(&ctx, boringssl_shake256); + BORINGSSL_keccak_absorb(&ctx, input.data(), input.size()); + BORINGSSL_keccak_squeeze(&ctx, shake256_output, sizeof(shake256_output)); + EXPECT_EQ(Bytes(shake256_expected), Bytes(shake256_output)); + + // Byte-by-byte absorb/squeeze. + OPENSSL_memset(shake128_output, 0, sizeof(shake128_output)); + BORINGSSL_keccak_init(&ctx, boringssl_shake128); + for (size_t i = 0; i < input.size(); i++) { + BORINGSSL_keccak_absorb(&ctx, &input[i], 1); + } + for (size_t i = 0; i < sizeof(shake128_output); i++) { + BORINGSSL_keccak_squeeze(&ctx, &shake128_output[i], 1); + } + EXPECT_EQ(Bytes(shake128_expected), Bytes(shake128_output)); + + OPENSSL_memset(shake256_output, 0, sizeof(shake256_output)); + BORINGSSL_keccak_init(&ctx, boringssl_shake256); + for (size_t i = 0; i < input.size(); i++) { + BORINGSSL_keccak_absorb(&ctx, &input[i], 1); + } + for (size_t i = 0; i < sizeof(shake256_output); i++) { + BORINGSSL_keccak_squeeze(&ctx, &shake256_output[i], 1); + } + EXPECT_EQ(Bytes(shake256_expected), Bytes(shake256_output)); +} + +TEST(KeccakTest, KeccakTestVectors) { + FileTestGTest("crypto/keccak/keccak_tests.txt", KeccakFileTest); +} + +TEST(KeccakTest, MultiPass) { + // Example from keccak_tests.txt with an input long enough to be interesting. + uint8_t input[500] = { + 0xd0, 0xee, 0x72, 0x13, 0xea, 0x0c, 0xd3, 0x4f, 0x99, 0xe8, 0x27, 0x8c, + 0x24, 0xb0, 0x06, 0x3d, 0x41, 0x6e, 0x64, 0xda, 0x5a, 0xee, 0x96, 0x39, + 0xa1, 0x81, 0x94, 0xe3, 0x95, 0x6b, 0x5f, 0xc8, 0x4e, 0xbb, 0x17, 0xf5, + 0x92, 0xc2, 0xef, 0x45, 0xf9, 0xec, 0x9b, 0x75, 0xc6, 0x48, 0xc8, 0x08, + 0xdc, 0x43, 0x69, 0xa7, 0x42, 0x15, 0xba, 0x89, 0x40, 0xd6, 0x40, 0xb3, + 0xd0, 0x02, 0xdf, 0xb5, 0xae, 0xd7, 0xc6, 0x38, 0x84, 0xba, 0x6e, 0x52, + 0x27, 0x8b, 0x65, 0x7f, 0x70, 0xde, 0x05, 0x10, 0xce, 0x88, 0x65, 0xfa, + 0xca, 0x55, 0x31, 0xd4, 0x22, 0xa8, 0x37, 0x49, 0x75, 0xad, 0xd8, 0xcf, + 0xa7, 0x9c, 0x05, 0x8a, 0x94, 0x2d, 0x55, 0xf3, 0x2d, 0xd7, 0x61, 0xda, + 0xec, 0xcf, 0xb8, 0xc5, 0x28, 0x61, 0x04, 0x5d, 0x4f, 0x69, 0xa9, 0x17, + 0x6b, 0x09, 0x09, 0xd9, 0x28, 0xef, 0x71, 0xf9, 0x1e, 0xb1, 0x81, 0x86, + 0x62, 0x00, 0xbf, 0x0f, 0xc3, 0x01, 0x7a, 0x98, 0x02, 0x44, 0x0a, 0x9b, + 0xdf, 0x78, 0xa2, 0x3a, 0x8d, 0x08, 0x69, 0x63, 0xaa, 0x9f, 0x3f, 0x33, + 0x11, 0x3b, 0xac, 0x5e, 0xcc, 0xd0, 0x8f, 0x4b, 0x2b, 0x34, 0xda, 0x4c, + 0x7a, 0x64, 0x61, 0xbd, 0x5c, 0x1f, 0x1b, 0x4e, 0x29, 0x33, 0x8d, 0x21, + 0x1b, 0x87, 0xfa, 0xda, 0x3f, 0x48, 0x6a, 0x13, 0x01, 0x74, 0x85, 0xdb, + 0x83, 0x39, 0x5f, 0x22, 0xd4, 0xf9, 0x2a, 0xca, 0x95, 0x34, 0x53, 0xdf, + 0x16, 0x5b, 0x0a, 0xbf, 0xef, 0x9b, 0xab, 0xad, 0xb1, 0x6e, 0xe7, 0x6a, + 0xc4, 0x68, 0x43, 0xd9, 0xc9, 0x76, 0xf8, 0x60, 0xe6, 0xff, 0xa9, 0x60, + 0xc3, 0x45, 0x11, 0x62, 0xf6, 0x48, 0x15, 0x47, 0x5b, 0x9c, 0x91, 0xf3, + 0xc9, 0x8c, 0x60, 0xc3, 0x3c, 0x6f, 0x03, 0x06, 0xa8, 0xc2, 0xc2, 0x30, + 0xaa, 0x69, 0x81, 0x20, 0x5d, 0x74, 0xfa, 0xcf, 0x69, 0xb2, 0x98, 0xb0, + 0xb9, 0x6e, 0x29, 0xa0, 0x24, 0xa9, 0xb2, 0xa4, 0x8c, 0xd5, 0xf3, 0xda, + 0x5a, 0x61, 0x71, 0x96, 0x9f, 0x9a, 0xdf, 0x4a, 0x79, 0x8f, 0x36, 0xeb, + 0xf6, 0x1f, 0x3e, 0x40, 0x18, 0xf8, 0x1f, 0xf9, 0x0f, 0xfd, 0x9c, 0xe2, + 0x6d, 0x63, 0x84, 0x28, 0xf7, 0xbe, 0x42, 0x49, 0xb6, 0xa2, 0x81, 0x48, + 0xe4, 0xc6, 0xe9, 0xd3, 0xd6, 0x1f, 0x68, 0xbe, 0x10, 0x3e, 0x6d, 0x43, + 0x0c, 0x15, 0x1a, 0x02, 0x50, 0xde, 0x13, 0x8b, 0x57, 0x70, 0x29, 0x3a, + 0x97, 0x7f, 0xa9, 0xbf, 0x5f, 0x52, 0x08, 0xb3, 0x8a, 0x9f, 0xf9, 0x9d, + 0x08, 0x36, 0x3b, 0x9d, 0xc9, 0xcc, 0x65, 0xf2, 0x66, 0xb9, 0x68, 0xcd, + 0xf7, 0x08, 0xfc, 0x31, 0x59, 0x8b, 0xaa, 0x3c, 0x10, 0xf3, 0xce, 0x7a, + 0x50, 0xb3, 0xb2, 0x0a, 0x35, 0xac, 0xb4, 0x24, 0xdc, 0xa4, 0x04, 0xcd, + 0xf9, 0x9f, 0xde, 0xbb, 0xa6, 0x0e, 0xe1, 0x9b, 0x76, 0xac, 0xa1, 0x24, + 0xbd, 0x90, 0xbe, 0xe9, 0xa4, 0xd5, 0x4e, 0xfa, 0x30, 0xb7, 0x14, 0x49, + 0x13, 0xc5, 0x2e, 0x84, 0x83, 0x76, 0x37, 0x93, 0x8f, 0x2d, 0x27, 0x13, + 0x51, 0x19, 0xef, 0x06, 0xd0, 0xdf, 0x74, 0x18, 0x0c, 0xa6, 0xd9, 0x9c, + 0xc1, 0xaa, 0xa6, 0x65, 0x4e, 0x93, 0xf5, 0x4f, 0x9e, 0x92, 0xd1, 0x2e, + 0x18, 0xa0, 0x47, 0xf3, 0x0f, 0xe5, 0x31, 0x9f, 0xfa, 0xcc, 0x1d, 0x46, + 0xe5, 0xcb, 0xcc, 0x56, 0x53, 0xab, 0x24, 0xfa, 0xc1, 0xc2, 0x34, 0x2e, + 0x89, 0x81, 0xf9, 0x7f, 0x44, 0x83, 0x5e, 0xda, 0x88, 0x01, 0x52, 0x6b, + 0x2d, 0x7d, 0x1b, 0x9c, 0x15, 0x98, 0x40, 0x87, 0x46, 0x7b, 0x6c, 0x39, + 0x1e, 0xb0, 0xac, 0xaf, 0x98, 0xda, 0x31, 0x1d, + }; + uint8_t shake128_expected[512] = { + 0x40, 0x2e, 0x49, 0x68, 0xee, 0x3f, 0x9a, 0x3e, 0xfc, 0x60, 0x02, 0x65, + 0x2c, 0xee, 0x0f, 0xa9, 0x0e, 0xd2, 0x1f, 0x76, 0xce, 0xd9, 0xbb, 0x5f, + 0xda, 0xa6, 0x9a, 0x65, 0x4b, 0xa0, 0x9f, 0x56, 0x4a, 0xb7, 0x92, 0x7c, + 0xa7, 0x7b, 0x48, 0x88, 0xbe, 0xf3, 0x12, 0xbd, 0xb8, 0xf9, 0xa6, 0x89, + 0x23, 0x50, 0xf5, 0x94, 0xc8, 0x1a, 0xde, 0x8d, 0x90, 0xd3, 0x00, 0x0a, + 0x45, 0xe6, 0x60, 0x4e, 0x3b, 0xaf, 0xd7, 0x23, 0x2b, 0xdc, 0x48, 0x20, + 0x3e, 0xe1, 0x31, 0xf8, 0x09, 0x22, 0xdf, 0xed, 0x86, 0x38, 0x80, 0xf7, + 0x4d, 0x0d, 0x18, 0x0b, 0xb4, 0x1f, 0x3a, 0xb3, 0xd4, 0x92, 0x5a, 0x53, + 0xc0, 0x2b, 0xbf, 0x11, 0x8b, 0x07, 0xb4, 0xe0, 0x3d, 0x88, 0x10, 0xff, + 0x0f, 0x69, 0x5e, 0x7f, 0x0f, 0x27, 0x59, 0x5d, 0xf7, 0xb7, 0x9d, 0x4d, + 0x7e, 0xca, 0x27, 0xda, 0x5d, 0xe3, 0xc2, 0x72, 0x3b, 0x95, 0xf3, 0x24, + 0xbe, 0xac, 0x86, 0x3d, 0x0d, 0x65, 0x32, 0x44, 0x3a, 0x29, 0xc9, 0x77, + 0xcd, 0x52, 0x9b, 0x57, 0xf9, 0xc2, 0xf9, 0x10, 0xbe, 0x6a, 0x60, 0x48, + 0x93, 0x23, 0x7f, 0xd8, 0x3b, 0xed, 0x46, 0xdb, 0xbd, 0xa4, 0xcd, 0x72, + 0x11, 0x2f, 0xab, 0xa1, 0x14, 0x41, 0xb0, 0x47, 0x01, 0x9d, 0x7d, 0x7a, + 0xfe, 0x18, 0xac, 0x2a, 0x90, 0xc8, 0xb1, 0x5f, 0xe7, 0xf0, 0x7d, 0xb0, + 0xff, 0xbe, 0xca, 0xdb, 0x06, 0x20, 0x76, 0xb4, 0xd9, 0x0b, 0x1f, 0x02, + 0x5b, 0x9c, 0x2c, 0x45, 0x83, 0x5e, 0x64, 0x25, 0x29, 0xf2, 0x08, 0xd6, + 0xd4, 0x4f, 0x04, 0xb7, 0xd6, 0x04, 0xdf, 0x49, 0x53, 0x0d, 0x9c, 0x80, + 0xa5, 0xdf, 0x30, 0x6b, 0xfb, 0x55, 0x3d, 0x07, 0x89, 0xed, 0x83, 0x16, + 0x12, 0x54, 0x46, 0x47, 0xcd, 0x47, 0x44, 0x56, 0x78, 0xd3, 0x91, 0xd5, + 0x0a, 0xab, 0xce, 0x70, 0x0d, 0x18, 0xa1, 0x4c, 0xdf, 0x78, 0x42, 0x7d, + 0x54, 0x58, 0x40, 0xe9, 0xad, 0x70, 0x45, 0x28, 0x6b, 0x62, 0xeb, 0x51, + 0xec, 0x49, 0xe3, 0xb1, 0x00, 0x49, 0x9d, 0xa6, 0x50, 0xb0, 0x92, 0xe2, + 0x9a, 0xaf, 0x5c, 0xfd, 0x6d, 0x62, 0x89, 0xda, 0x9d, 0x49, 0x14, 0xd5, + 0x34, 0xaa, 0x41, 0x26, 0xaf, 0x72, 0x8d, 0xa9, 0xb6, 0xf5, 0x79, 0xa0, + 0x36, 0x0e, 0x57, 0xf5, 0xb9, 0xe3, 0x7c, 0xdc, 0x9c, 0xfc, 0x8a, 0x69, + 0x6a, 0x9c, 0x2a, 0xd9, 0xfd, 0xc3, 0x34, 0xe7, 0x99, 0x70, 0xaf, 0x8d, + 0x65, 0x51, 0x19, 0xf9, 0xae, 0x86, 0xd4, 0x0a, 0x5f, 0x47, 0xe9, 0xbf, + 0x1d, 0x05, 0x9e, 0xa3, 0x29, 0x97, 0x3a, 0x43, 0x14, 0x2e, 0xa3, 0x48, + 0x1e, 0x40, 0xc6, 0xf6, 0x7f, 0x8a, 0x26, 0xed, 0x9b, 0x27, 0x98, 0x2d, + 0x27, 0xa5, 0x61, 0xd9, 0xf6, 0xa6, 0x13, 0x55, 0xd8, 0xb4, 0x73, 0x5e, + 0xcf, 0x7b, 0x08, 0x85, 0x74, 0x82, 0x42, 0x11, 0x0f, 0x01, 0xcc, 0xc3, + 0x2a, 0xda, 0x45, 0x47, 0x84, 0x87, 0xa2, 0xa5, 0x41, 0xc0, 0xe1, 0x87, + 0xc5, 0xee, 0x1d, 0xd2, 0x57, 0xbc, 0x7c, 0x81, 0x02, 0x42, 0xb7, 0xf6, + 0x3a, 0x3a, 0xb1, 0x4e, 0xe7, 0xc4, 0x57, 0xd3, 0xbf, 0x6d, 0xef, 0x86, + 0x90, 0x46, 0xbf, 0x4b, 0x82, 0xe9, 0x9f, 0x5b, 0x40, 0x62, 0xa9, 0x9c, + 0x11, 0xfc, 0xd7, 0x79, 0x39, 0xf6, 0x2a, 0x44, 0xe8, 0x3d, 0x0b, 0x7a, + 0x19, 0xeb, 0x92, 0x87, 0xd5, 0x5d, 0xcd, 0x35, 0xfe, 0x89, 0xb8, 0x25, + 0x84, 0xf0, 0xfc, 0xfc, 0x47, 0x0e, 0xdc, 0xb7, 0x5f, 0xf8, 0xe8, 0x8b, + 0x13, 0xa7, 0x14, 0x53, 0xcf, 0xd4, 0xeb, 0x25, 0x9f, 0x9e, 0x0d, 0x04, + 0x61, 0xae, 0x9a, 0x44, 0x0e, 0x67, 0x85, 0x90, 0xed, 0x0e, 0x2a, 0x5f, + 0x4c, 0xd9, 0xd7, 0xbe, 0x94, 0x61, 0x64, 0xdc, + }; + uint8_t shake256_expected[512] = { + 0x6b, 0x70, 0x1d, 0x95, 0xb4, 0x8d, 0xa5, 0x89, 0xea, 0xde, 0x36, 0xf6, + 0x21, 0xfd, 0x24, 0x9b, 0x85, 0x9c, 0x71, 0x25, 0xd2, 0x63, 0x30, 0xbe, + 0x02, 0xee, 0xab, 0xb5, 0x7e, 0x13, 0x92, 0x34, 0x27, 0x5f, 0x78, 0x05, + 0x86, 0x5d, 0x1c, 0x74, 0xd3, 0xb5, 0x22, 0x79, 0x16, 0x80, 0xab, 0x29, + 0x71, 0xa7, 0x28, 0x52, 0xc8, 0xf0, 0x24, 0x6e, 0xf2, 0xa4, 0x15, 0x7a, + 0xee, 0x78, 0xba, 0x5d, 0x75, 0x58, 0x6c, 0x31, 0x49, 0xde, 0x32, 0x29, + 0xbf, 0xb3, 0x21, 0xf6, 0xb8, 0xbd, 0x0a, 0xc7, 0x64, 0x1b, 0x15, 0x92, + 0x21, 0x02, 0x7b, 0x51, 0xd3, 0xb3, 0x8a, 0x57, 0x3a, 0xfa, 0xa9, 0x0e, + 0x79, 0xf4, 0xb7, 0xcc, 0x0a, 0xec, 0x99, 0x81, 0x6c, 0x78, 0x61, 0xa9, + 0x7b, 0x6f, 0xb5, 0x45, 0xa2, 0xa6, 0xc0, 0x12, 0xce, 0x0b, 0x95, 0x58, + 0x0f, 0x25, 0x0a, 0xb3, 0x39, 0x87, 0x14, 0xb8, 0x8c, 0x2a, 0xfb, 0x87, + 0x91, 0x6a, 0x09, 0x6e, 0x6d, 0x1a, 0xd6, 0xc3, 0x99, 0xab, 0xd3, 0x2d, + 0x4a, 0xb2, 0x2b, 0x22, 0xb9, 0x5a, 0x70, 0x1e, 0x93, 0xd7, 0x91, 0x7f, + 0xbd, 0x16, 0xe9, 0x43, 0x1e, 0xd3, 0x68, 0x44, 0x60, 0x4f, 0xe0, 0xc3, + 0x6a, 0xa9, 0xd1, 0x05, 0xd8, 0x1b, 0xfa, 0xb8, 0xea, 0x7b, 0xcf, 0x82, + 0xb1, 0x2c, 0x42, 0x0c, 0x17, 0x6e, 0x96, 0xd6, 0xe5, 0xd0, 0xbd, 0x1d, + 0x7f, 0x66, 0x36, 0x31, 0x48, 0x44, 0x60, 0x5d, 0x0d, 0x69, 0x00, 0x23, + 0xe4, 0xcc, 0x72, 0x84, 0x09, 0xd2, 0xd3, 0x4f, 0x47, 0x63, 0xcb, 0xc3, + 0x19, 0x50, 0xaa, 0x57, 0x69, 0xbf, 0x5a, 0x08, 0x65, 0xf8, 0xe1, 0xbd, + 0xe0, 0xeb, 0xed, 0x59, 0x6e, 0xb9, 0xee, 0x8c, 0x58, 0xe4, 0x0a, 0x43, + 0xcc, 0x38, 0x39, 0x1f, 0x28, 0xad, 0xab, 0x3a, 0x5c, 0xae, 0x5c, 0x6b, + 0x23, 0xd0, 0x19, 0x49, 0x81, 0xa8, 0x97, 0x8c, 0x59, 0x17, 0xb3, 0x84, + 0x11, 0x77, 0xff, 0x33, 0x19, 0xb6, 0xa9, 0xa9, 0xa4, 0x8c, 0x2f, 0x0f, + 0xb9, 0xb3, 0x12, 0xa3, 0x0f, 0x89, 0x84, 0xd4, 0xc4, 0x9f, 0xeb, 0x27, + 0xa6, 0x61, 0x34, 0x9a, 0x2a, 0x2c, 0xc5, 0x3f, 0x45, 0xcc, 0xe6, 0xad, + 0x2f, 0xa3, 0x16, 0x7b, 0x42, 0xda, 0x34, 0xae, 0xa8, 0x58, 0xc1, 0xe3, + 0xf9, 0xd5, 0xef, 0xfc, 0x64, 0xbc, 0xb6, 0xad, 0x6a, 0x71, 0x17, 0x09, + 0x21, 0x06, 0x80, 0x6a, 0x19, 0xb6, 0x0a, 0x1b, 0xb9, 0xe0, 0xf5, 0x43, + 0x87, 0xe4, 0x84, 0x7e, 0x5f, 0x09, 0xde, 0x97, 0x31, 0xdc, 0x9f, 0xe8, + 0xd8, 0xdc, 0x1d, 0x6b, 0x01, 0xfa, 0x1e, 0xd0, 0x11, 0x1f, 0x8b, 0x28, + 0x8e, 0xc1, 0x4d, 0x4f, 0x32, 0x27, 0x2d, 0x7c, 0x4a, 0xc2, 0x3c, 0x85, + 0x98, 0xf2, 0xa4, 0x5a, 0x5a, 0xaa, 0x1f, 0xac, 0x35, 0xef, 0xca, 0x81, + 0x6b, 0xf2, 0xcb, 0x83, 0x33, 0x97, 0xb7, 0x46, 0x8e, 0x99, 0x27, 0x48, + 0xbc, 0x0f, 0x85, 0xac, 0xc2, 0xc7, 0x31, 0x58, 0x11, 0x1e, 0x88, 0xd6, + 0xc6, 0x8e, 0xad, 0x22, 0xa8, 0x3f, 0xb6, 0x16, 0x28, 0xcc, 0x28, 0x4a, + 0x05, 0x4f, 0x4e, 0x52, 0x6a, 0xb2, 0xe1, 0x4b, 0x57, 0xc7, 0x9a, 0xa4, + 0x3a, 0x00, 0xb5, 0x5b, 0x1b, 0xe2, 0xdd, 0xf3, 0x2f, 0xf8, 0xe7, 0xf4, + 0xc5, 0x0a, 0x8a, 0x7e, 0xc4, 0x90, 0xb1, 0xc6, 0x4a, 0xcd, 0x66, 0x9e, + 0xe9, 0x8a, 0xde, 0x15, 0x07, 0x16, 0xe7, 0xdc, 0x23, 0x16, 0xb3, 0xb2, + 0xe0, 0x4b, 0x94, 0x9d, 0xec, 0x9f, 0x50, 0x6b, 0x70, 0x50, 0xb2, 0xb0, + 0x12, 0x11, 0x46, 0x16, 0x4e, 0xb6, 0x60, 0x22, 0x83, 0x27, 0x6c, 0x76, + 0x62, 0xb3, 0xb7, 0x83, 0x91, 0xd7, 0x10, 0x3f, 0xbf, 0x7a, 0x3b, 0x39, + 0x5d, 0xf9, 0x50, 0x1d, 0x05, 0x46, 0xa0, 0xe7, + }; + + uint8_t shake128_output[512]; + uint8_t shake256_output[512]; + + struct BORINGSSL_keccak_st ctx; + + // Multi-pass absorb. + for (size_t j = 0; j < sizeof(input); j++) { + for (size_t i = 0; i < j; i++) { + OPENSSL_memset(shake128_output, 0, sizeof(shake128_output)); + BORINGSSL_keccak_init(&ctx, boringssl_shake128); + BORINGSSL_keccak_absorb(&ctx, input, i); + BORINGSSL_keccak_absorb(&ctx, &input[i], j - i); + BORINGSSL_keccak_absorb(&ctx, &input[j], sizeof(input) - j); + BORINGSSL_keccak_squeeze(&ctx, shake128_output, sizeof(shake128_output)); + EXPECT_EQ(Bytes(shake128_expected), Bytes(shake128_output)); + } + } + + for (size_t j = 0; j < sizeof(input); j++) { + for (size_t i = 0; i < j; i++) { + OPENSSL_memset(shake256_output, 0, sizeof(shake256_output)); + BORINGSSL_keccak_init(&ctx, boringssl_shake256); + BORINGSSL_keccak_absorb(&ctx, input, i); + BORINGSSL_keccak_absorb(&ctx, &input[i], j - i); + BORINGSSL_keccak_absorb(&ctx, &input[j], sizeof(input) - j); + BORINGSSL_keccak_squeeze(&ctx, shake256_output, sizeof(shake256_output)); + EXPECT_EQ(Bytes(shake256_expected), Bytes(shake256_output)); + } + } + + // Multi-pass squeeze. + for (size_t j = 0; j < sizeof(shake128_output); j++) { + for (size_t i = 0; i < j; i++) { + OPENSSL_memset(shake128_output, 0, sizeof(shake128_output)); + BORINGSSL_keccak_init(&ctx, boringssl_shake128); + BORINGSSL_keccak_absorb(&ctx, input, sizeof(input)); + BORINGSSL_keccak_squeeze(&ctx, shake128_output, i); + BORINGSSL_keccak_squeeze(&ctx, &shake128_output[i], j - i); + BORINGSSL_keccak_squeeze(&ctx, &shake128_output[j], + sizeof(shake128_output) - j); + EXPECT_EQ(Bytes(shake128_expected), Bytes(shake128_output)); + } + } + + for (size_t j = 0; j < sizeof(shake256_output); j++) { + for (size_t i = 0; i < j; i++) { + OPENSSL_memset(shake256_output, 0, sizeof(shake256_output)); + BORINGSSL_keccak_init(&ctx, boringssl_shake256); + BORINGSSL_keccak_absorb(&ctx, input, sizeof(input)); + BORINGSSL_keccak_squeeze(&ctx, shake256_output, i); + BORINGSSL_keccak_squeeze(&ctx, &shake256_output[i], j - i); + BORINGSSL_keccak_squeeze(&ctx, &shake256_output[j], + sizeof(shake256_output) - j); + EXPECT_EQ(Bytes(shake256_expected), Bytes(shake256_output)); + } + } +} diff --git a/src/crypto/kyber/keccak_tests.txt b/src/crypto/keccak/keccak_tests.txt index c13aeb3d..c13aeb3d 100644 --- a/src/crypto/kyber/keccak_tests.txt +++ b/src/crypto/keccak/keccak_tests.txt diff --git a/src/crypto/kyber/internal.h b/src/crypto/kyber/internal.h index b3bfa86b..b1121172 100644 --- a/src/crypto/kyber/internal.h +++ b/src/crypto/kyber/internal.h @@ -32,37 +32,6 @@ extern "C" { // necessary to generate a key. #define KYBER_GENERATE_KEY_ENTROPY 64 -struct BORINGSSL_keccak_st { - uint64_t state[25]; - size_t rate_bytes; - size_t offset; -}; - -enum boringssl_keccak_config_t { - boringssl_sha3_256, - boringssl_sha3_512, - boringssl_shake128, - boringssl_shake256, -}; - -// BORINGSSL_keccak hashes |in_len| bytes from |in| and writes |out_len| bytes -// of output to |out|. If the |config| specifies a fixed-output function, like -// SHA3-256, then |out_len| must be the correct length for that function. -OPENSSL_EXPORT void BORINGSSL_keccak(uint8_t *out, size_t out_len, - const uint8_t *in, size_t in_len, - enum boringssl_keccak_config_t config); - -// BORINGSSL_keccak_init absorbs |in_len| bytes from |in| and sets up |ctx| for -// squeezing. The |config| must specify a SHAKE variant, otherwise callers -// should use |BORINGSSL_keccak|. -OPENSSL_EXPORT void BORINGSSL_keccak_init( - struct BORINGSSL_keccak_st *ctx, const uint8_t *in, size_t in_len, - enum boringssl_keccak_config_t config); - -// BORINGSSL_keccak_squeeze writes |out_len| bytes to |out| from |ctx|. -OPENSSL_EXPORT void BORINGSSL_keccak_squeeze(struct BORINGSSL_keccak_st *ctx, - uint8_t *out, size_t out_len); - // KYBER_generate_key_external_entropy is a deterministic function to create a // pair of Kyber768 keys, using the supplied entropy. The entropy needs to be // uniformly random generated. This function is should only be used for tests, diff --git a/src/crypto/kyber/kyber.c b/src/crypto/kyber/kyber.c index 98c70e6e..d3ea0209 100644 --- a/src/crypto/kyber/kyber.c +++ b/src/crypto/kyber/kyber.c @@ -21,6 +21,7 @@ #include <openssl/rand.h> #include "../internal.h" +#include "../keccak/internal.h" #include "./internal.h" @@ -283,7 +284,7 @@ static void scalar_inner_product(scalar *out, const vector *lhs, // operates on public inputs. static void scalar_from_keccak_vartime(scalar *out, struct BORINGSSL_keccak_st *keccak_ctx) { - assert(keccak_ctx->offset == 0); + assert(keccak_ctx->squeeze_offset == 0); assert(keccak_ctx->rate_bytes == 168); static_assert(168 % 3 == 0, "block and coefficient boundaries do not align"); @@ -354,8 +355,8 @@ static void matrix_expand(matrix *out, const uint8_t rho[32]) { input[32] = i; input[33] = j; struct BORINGSSL_keccak_st keccak_ctx; - BORINGSSL_keccak_init(&keccak_ctx, input, sizeof(input), - boringssl_shake128); + BORINGSSL_keccak_init(&keccak_ctx, boringssl_shake128); + BORINGSSL_keccak_absorb(&keccak_ctx, input, sizeof(input)); scalar_from_keccak_vartime(&out->v[i][j], &keccak_ctx); } } diff --git a/src/crypto/kyber/kyber_test.cc b/src/crypto/kyber/kyber_test.cc index eb76b5bd..b9daa87d 100644 --- a/src/crypto/kyber/kyber_test.cc +++ b/src/crypto/kyber/kyber_test.cc @@ -24,55 +24,10 @@ #include "../test/file_test.h" #include "../test/test_util.h" +#include "../keccak/internal.h" #include "./internal.h" -static void KeccakFileTest(FileTest *t) { - std::vector<uint8_t> input, sha3_256_expected, sha3_512_expected, - shake128_expected, shake256_expected; - ASSERT_TRUE(t->GetBytes(&input, "Input")); - ASSERT_TRUE(t->GetBytes(&sha3_256_expected, "SHA3-256")); - ASSERT_TRUE(t->GetBytes(&sha3_512_expected, "SHA3-512")); - ASSERT_TRUE(t->GetBytes(&shake128_expected, "SHAKE-128")); - ASSERT_TRUE(t->GetBytes(&shake256_expected, "SHAKE-256")); - - uint8_t sha3_256_digest[32]; - BORINGSSL_keccak(sha3_256_digest, sizeof(sha3_256_digest), input.data(), - input.size(), boringssl_sha3_256); - uint8_t sha3_512_digest[64]; - BORINGSSL_keccak(sha3_512_digest, sizeof(sha3_512_digest), input.data(), - input.size(), boringssl_sha3_512); - uint8_t shake128_output[512]; - BORINGSSL_keccak(shake128_output, sizeof(shake128_output), input.data(), - input.size(), boringssl_shake128); - uint8_t shake256_output[512]; - BORINGSSL_keccak(shake256_output, sizeof(shake256_output), input.data(), - input.size(), boringssl_shake256); - - EXPECT_EQ(Bytes(sha3_256_expected), Bytes(sha3_256_digest)); - EXPECT_EQ(Bytes(sha3_512_expected), Bytes(sha3_512_digest)); - EXPECT_EQ(Bytes(shake128_expected), Bytes(shake128_output)); - EXPECT_EQ(Bytes(shake256_expected), Bytes(shake256_output)); - - struct BORINGSSL_keccak_st ctx; - - BORINGSSL_keccak_init(&ctx, input.data(), input.size(), boringssl_shake128); - for (size_t i = 0; i < sizeof(shake128_output); i++) { - BORINGSSL_keccak_squeeze(&ctx, &shake128_output[i], 1); - } - EXPECT_EQ(Bytes(shake128_expected), Bytes(shake128_output)); - - BORINGSSL_keccak_init(&ctx, input.data(), input.size(), boringssl_shake256); - for (size_t i = 0; i < sizeof(shake256_output); i++) { - BORINGSSL_keccak_squeeze(&ctx, &shake256_output[i], 1); - } - EXPECT_EQ(Bytes(shake256_expected), Bytes(shake256_output)); -} - -TEST(KyberTest, KeccakTestVectors) { - FileTestGTest("crypto/kyber/keccak_tests.txt", KeccakFileTest); -} - template <typename T> static std::vector<uint8_t> Marshal(int (*marshal_func)(CBB *, const T *), const T *t) { diff --git a/src/crypto/lhash/lhash.c b/src/crypto/lhash/lhash.c index 4a95a2e6..fbab430a 100644 --- a/src/crypto/lhash/lhash.c +++ b/src/crypto/lhash/lhash.c @@ -104,19 +104,17 @@ struct lhash_st { }; _LHASH *OPENSSL_lh_new(lhash_hash_func hash, lhash_cmp_func comp) { - _LHASH *ret = OPENSSL_malloc(sizeof(_LHASH)); + _LHASH *ret = OPENSSL_zalloc(sizeof(_LHASH)); if (ret == NULL) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(_LHASH)); ret->num_buckets = kMinNumBuckets; - ret->buckets = OPENSSL_malloc(sizeof(LHASH_ITEM *) * ret->num_buckets); + ret->buckets = OPENSSL_calloc(ret->num_buckets, sizeof(LHASH_ITEM *)); if (ret->buckets == NULL) { OPENSSL_free(ret); return NULL; } - OPENSSL_memset(ret->buckets, 0, sizeof(LHASH_ITEM *) * ret->num_buckets); ret->comp = comp; ret->hash = hash; @@ -214,11 +212,10 @@ static void lh_rebucket(_LHASH *lh, const size_t new_num_buckets) { return; } - new_buckets = OPENSSL_malloc(alloc_size); + new_buckets = OPENSSL_zalloc(alloc_size); if (new_buckets == NULL) { return; } - OPENSSL_memset(new_buckets, 0, alloc_size); for (i = 0; i < lh->num_buckets; i++) { for (cur = lh->buckets[i]; cur != NULL; cur = next) { diff --git a/src/crypto/mem.c b/src/crypto/mem.c index 89832fce..9e81476d 100644 --- a/src/crypto/mem.c +++ b/src/crypto/mem.c @@ -133,31 +133,6 @@ WEAK_SYMBOL_FUNC(void *, OPENSSL_memory_alloc, (size_t size)); WEAK_SYMBOL_FUNC(void, OPENSSL_memory_free, (void *ptr)); WEAK_SYMBOL_FUNC(size_t, OPENSSL_memory_get_size, (void *ptr)); -// kBoringSSLBinaryTag is a distinctive byte sequence to identify binaries that -// are linking in BoringSSL and, roughly, what version they are using. -static const uint8_t kBoringSSLBinaryTag[18] = { - // 16 bytes of magic tag. - 0x8c, - 0x62, - 0x20, - 0x0b, - 0xd2, - 0xa0, - 0x72, - 0x58, - 0x44, - 0xa8, - 0x96, - 0x69, - 0xad, - 0x55, - 0x7e, - 0xec, - // Current source iteration. Incremented ~monthly. - 3, - 0, -}; - #if defined(BORINGSSL_MALLOC_FAILURE_TESTING) static CRYPTO_MUTEX malloc_failure_lock = CRYPTO_MUTEX_INIT; static uint64_t current_malloc_count = 0; @@ -240,14 +215,6 @@ void *OPENSSL_malloc(size_t size) { } if (size + OPENSSL_MALLOC_PREFIX < size) { - // |OPENSSL_malloc| is a central function in BoringSSL thus a reference to - // |kBoringSSLBinaryTag| is created here so that the tag isn't discarded by - // the linker. The following is sufficient to stop GCC, Clang, and MSVC - // optimising away the reference at the time of writing. Since this - // probably results in an actual memory reference, it is put in this very - // rare code path. - uint8_t unused = *(volatile uint8_t *)kBoringSSLBinaryTag; - (void) unused; goto err; } @@ -267,6 +234,23 @@ void *OPENSSL_malloc(size_t size) { return NULL; } +void *OPENSSL_zalloc(size_t size) { + void *ret = OPENSSL_malloc(size); + if (ret != NULL) { + OPENSSL_memset(ret, 0, size); + } + return ret; +} + +void *OPENSSL_calloc(size_t num, size_t size) { + if (size != 0 && num > SIZE_MAX / size) { + OPENSSL_PUT_ERROR(CRYPTO, ERR_R_OVERFLOW); + return NULL; + } + + return OPENSSL_zalloc(num * size); +} + void OPENSSL_free(void *orig_ptr) { if (orig_ptr == NULL) { return; diff --git a/src/crypto/obj/obj.c b/src/crypto/obj/obj.c index 9be37305..41064247 100644 --- a/src/crypto/obj/obj.c +++ b/src/crypto/obj/obj.c @@ -115,16 +115,12 @@ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o) { } r->ln = r->sn = NULL; - data = OPENSSL_malloc(o->length); - if (data == NULL) { + // once data is attached to an object, it remains const + r->data = OPENSSL_memdup(o->data, o->length); + if (o->length != 0 && r->data == NULL) { goto err; } - if (o->data != NULL) { - OPENSSL_memcpy(data, o->data, o->length); - } - // once data is attached to an object, it remains const - r->data = data; r->length = o->length; r->nid = o->nid; @@ -183,12 +179,19 @@ size_t OBJ_length(const ASN1_OBJECT *obj) { return (size_t)obj->length; } +static const ASN1_OBJECT *get_builtin_object(int nid) { + // |NID_undef| is stored separately, so all the indices are off by one. The + // caller of this function must have a valid built-in, non-undef NID. + BSSL_CHECK(nid > 0 && nid < NUM_NID); + return &kObjects[nid - 1]; +} + // obj_cmp is called to search the kNIDsInOIDOrder array. The |key| argument is // an |ASN1_OBJECT|* that we're looking for and |element| is a pointer to an // unsigned int in the array. static int obj_cmp(const void *key, const void *element) { uint16_t nid = *((const uint16_t *)element); - return OBJ_cmp(key, &kObjects[nid]); + return OBJ_cmp(key, get_builtin_object(nid)); } int OBJ_obj2nid(const ASN1_OBJECT *obj) { @@ -219,7 +222,7 @@ int OBJ_obj2nid(const ASN1_OBJECT *obj) { return NID_undef; } - return kObjects[*nid_ptr].nid; + return get_builtin_object(*nid_ptr)->nid; } int OBJ_cbs2nid(const CBS *cbs) { @@ -242,7 +245,7 @@ static int short_name_cmp(const void *key, const void *element) { const char *name = (const char *)key; uint16_t nid = *((const uint16_t *)element); - return strcmp(name, kObjects[nid].sn); + return strcmp(name, get_builtin_object(nid)->sn); } int OBJ_sn2nid(const char *short_name) { @@ -267,7 +270,7 @@ int OBJ_sn2nid(const char *short_name) { return NID_undef; } - return kObjects[*nid_ptr].nid; + return get_builtin_object(*nid_ptr)->nid; } // long_name_cmp is called to search the kNIDsInLongNameOrder array. The @@ -277,7 +280,7 @@ static int long_name_cmp(const void *key, const void *element) { const char *name = (const char *)key; uint16_t nid = *((const uint16_t *)element); - return strcmp(name, kObjects[nid].ln); + return strcmp(name, get_builtin_object(nid)->ln); } int OBJ_ln2nid(const char *long_name) { @@ -301,7 +304,7 @@ int OBJ_ln2nid(const char *long_name) { return NID_undef; } - return kObjects[*nid_ptr].nid; + return get_builtin_object(*nid_ptr)->nid; } int OBJ_txt2nid(const char *s) { @@ -328,12 +331,29 @@ OPENSSL_EXPORT int OBJ_nid2cbb(CBB *out, int nid) { return 1; } +const ASN1_OBJECT *OBJ_get_undef(void) { + static const ASN1_OBJECT kUndef = { + /*sn=*/SN_undef, + /*ln=*/LN_undef, + /*nid=*/NID_undef, + /*length=*/0, + /*data=*/NULL, + /*flags=*/0, + }; + return &kUndef; +} + ASN1_OBJECT *OBJ_nid2obj(int nid) { - if (nid >= 0 && nid < NUM_NID) { - if (nid != NID_undef && kObjects[nid].nid == NID_undef) { + if (nid == NID_undef) { + return (ASN1_OBJECT *)OBJ_get_undef(); + } + + if (nid > 0 && nid < NUM_NID) { + const ASN1_OBJECT *obj = get_builtin_object(nid); + if (nid != NID_undef && obj->nid == NID_undef) { goto err; } - return (ASN1_OBJECT *)&kObjects[nid]; + return (ASN1_OBJECT *)obj; } CRYPTO_MUTEX_lock_read(&global_added_lock); diff --git a/src/crypto/obj/obj_dat.h b/src/crypto/obj/obj_dat.h index 654b3c08..71ef2d2b 100644 --- a/src/crypto/obj/obj_dat.h +++ b/src/crypto/obj/obj_dat.h @@ -7140,7 +7140,6 @@ static const uint8_t kObjectData[] = { }; static const ASN1_OBJECT kObjects[NUM_NID] = { - {"UNDEF", "undefined", NID_undef, 0, NULL, 0}, {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &kObjectData[0], 0}, {"pkcs", "RSA Data Security, Inc. PKCS", NID_pkcs, 7, &kObjectData[6], 0}, {"MD2", "md2", NID_md2, 8, &kObjectData[13], 0}, @@ -8980,7 +8979,6 @@ static const uint16_t kNIDsInShortNameOrder[] = { 16 /* ST */, 143 /* SXNetID */, 458 /* UID */, - 0 /* UNDEF */, 948 /* X25519 */, 964 /* X25519Kyber768Draft00 */, 961 /* X448 */, @@ -10670,7 +10668,6 @@ static const uint16_t kNIDsInLongNameOrder[] = { 106 /* title */, 682 /* tpBasis */, 436 /* ucl */, - 0 /* undefined */, 888 /* uniqueMember */, 55 /* unstructuredAddress */, 49 /* unstructuredName */, diff --git a/src/crypto/obj/obj_test.cc b/src/crypto/obj/obj_test.cc index 08796e2b..abea30d7 100644 --- a/src/crypto/obj/obj_test.cc +++ b/src/crypto/obj/obj_test.cc @@ -56,6 +56,10 @@ TEST(ObjTest, TestBasic) { }; CBS_init(&cbs, kUnknownDER, sizeof(kUnknownDER)); ASSERT_EQ(NID_undef, OBJ_cbs2nid(&cbs)); + + EXPECT_EQ(NID_undef, OBJ_sn2nid("UNDEF")); + EXPECT_EQ(NID_undef, OBJ_ln2nid("undefined")); + EXPECT_EQ(OBJ_get_undef(), OBJ_nid2obj(NID_undef)); } TEST(ObjTest, TestSignatureAlgorithms) { diff --git a/src/crypto/obj/objects.go b/src/crypto/obj/objects.go index 077a6e12..f938e126 100644 --- a/src/crypto/obj/objects.go +++ b/src/crypto/obj/objects.go @@ -614,6 +614,12 @@ func writeData(path string, objs *objects) error { // Emit an ASN1_OBJECT for each object. fmt.Fprintf(&b, "\nstatic const ASN1_OBJECT kObjects[NUM_NID] = {\n") for nid, obj := range objs.byNID { + // Skip the entry for NID_undef. It is stored separately, so that + // OBJ_get_undef avoids pulling in the table. + if nid == 0 { + continue + } + if len(obj.name) == 0 { fmt.Fprintf(&b, "{NULL, NULL, NID_undef, 0, NULL, 0},\n") continue @@ -640,7 +646,11 @@ func writeData(path string, objs *objects) error { fmt.Fprintf(&b, "\nstatic const uint16_t kNIDsInShortNameOrder[] = {\n") for _, nid := range nids { - fmt.Fprintf(&b, "%d /* %s */,\n", nid, objs.byNID[nid].shortName) + // Including NID_undef in the table does not do anything. Whether OBJ_sn2nid + // finds the object or not, it will return NID_undef. + if nid != 0 { + fmt.Fprintf(&b, "%d /* %s */,\n", nid, objs.byNID[nid].shortName) + } } fmt.Fprintf(&b, "};\n") @@ -656,7 +666,11 @@ func writeData(path string, objs *objects) error { fmt.Fprintf(&b, "\nstatic const uint16_t kNIDsInLongNameOrder[] = {\n") for _, nid := range nids { - fmt.Fprintf(&b, "%d /* %s */,\n", nid, objs.byNID[nid].longName) + // Including NID_undef in the table does not do anything. Whether OBJ_ln2nid + // finds the object or not, it will return NID_undef. + if nid != 0 { + fmt.Fprintf(&b, "%d /* %s */,\n", nid, objs.byNID[nid].longName) + } } fmt.Fprintf(&b, "};\n") diff --git a/src/crypto/pkcs7/pkcs7_x509.c b/src/crypto/pkcs7/pkcs7_x509.c index fd71bd7b..7b10f6f2 100644 --- a/src/crypto/pkcs7/pkcs7_x509.c +++ b/src/crypto/pkcs7/pkcs7_x509.c @@ -237,11 +237,10 @@ int PKCS7_bundle_CRLs(CBB *out, const STACK_OF(X509_CRL) *crls) { } static PKCS7 *pkcs7_new(CBS *cbs) { - PKCS7 *ret = OPENSSL_malloc(sizeof(PKCS7)); + PKCS7 *ret = OPENSSL_zalloc(sizeof(PKCS7)); if (ret == NULL) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(PKCS7)); ret->type = OBJ_nid2obj(NID_pkcs7_signed); ret->d.sign = OPENSSL_malloc(sizeof(PKCS7_SIGNED)); if (ret->d.sign == NULL) { @@ -326,11 +325,10 @@ int i2d_PKCS7(const PKCS7 *p7, uint8_t **out) { } if (*out == NULL) { - *out = OPENSSL_malloc(p7->ber_len); + *out = OPENSSL_memdup(p7->ber_bytes, p7->ber_len); if (*out == NULL) { return -1; } - OPENSSL_memcpy(*out, p7->ber_bytes, p7->ber_len); } else { OPENSSL_memcpy(*out, p7->ber_bytes, p7->ber_len); *out += p7->ber_len; diff --git a/src/crypto/pkcs8/pkcs8_x509.c b/src/crypto/pkcs8/pkcs8_x509.c index 92bdb9d1..2d0bf088 100644 --- a/src/crypto/pkcs8/pkcs8_x509.c +++ b/src/crypto/pkcs8/pkcs8_x509.c @@ -741,26 +741,22 @@ struct pkcs12_st { PKCS12 *d2i_PKCS12(PKCS12 **out_p12, const uint8_t **ber_bytes, size_t ber_len) { - PKCS12 *p12; - - p12 = OPENSSL_malloc(sizeof(PKCS12)); + PKCS12 *p12 = OPENSSL_malloc(sizeof(PKCS12)); if (!p12) { return NULL; } - p12->ber_bytes = OPENSSL_malloc(ber_len); + p12->ber_bytes = OPENSSL_memdup(*ber_bytes, ber_len); if (!p12->ber_bytes) { OPENSSL_free(p12); return NULL; } - OPENSSL_memcpy(p12->ber_bytes, *ber_bytes, ber_len); p12->ber_len = ber_len; *ber_bytes += ber_len; if (out_p12) { PKCS12_free(*out_p12); - *out_p12 = p12; } @@ -843,11 +839,10 @@ int i2d_PKCS12(const PKCS12 *p12, uint8_t **out) { } if (*out == NULL) { - *out = OPENSSL_malloc(p12->ber_len); + *out = OPENSSL_memdup(p12->ber_bytes, p12->ber_len); if (*out == NULL) { return -1; } - OPENSSL_memcpy(*out, p12->ber_bytes, p12->ber_len); } else { OPENSSL_memcpy(*out, p12->ber_bytes, p12->ber_len); *out += p12->ber_len; diff --git a/src/crypto/pool/pool.c b/src/crypto/pool/pool.c index e889f521..fc048409 100644 --- a/src/crypto/pool/pool.c +++ b/src/crypto/pool/pool.c @@ -42,12 +42,11 @@ static int CRYPTO_BUFFER_cmp(const CRYPTO_BUFFER *a, const CRYPTO_BUFFER *b) { } CRYPTO_BUFFER_POOL* CRYPTO_BUFFER_POOL_new(void) { - CRYPTO_BUFFER_POOL *pool = OPENSSL_malloc(sizeof(CRYPTO_BUFFER_POOL)); + CRYPTO_BUFFER_POOL *pool = OPENSSL_zalloc(sizeof(CRYPTO_BUFFER_POOL)); if (pool == NULL) { return NULL; } - OPENSSL_memset(pool, 0, sizeof(CRYPTO_BUFFER_POOL)); pool->bufs = lh_CRYPTO_BUFFER_new(CRYPTO_BUFFER_hash, CRYPTO_BUFFER_cmp); if (pool->bufs == NULL) { OPENSSL_free(pool); @@ -109,11 +108,10 @@ static CRYPTO_BUFFER *crypto_buffer_new(const uint8_t *data, size_t len, } } - CRYPTO_BUFFER *const buf = OPENSSL_malloc(sizeof(CRYPTO_BUFFER)); + CRYPTO_BUFFER *const buf = OPENSSL_zalloc(sizeof(CRYPTO_BUFFER)); if (buf == NULL) { return NULL; } - OPENSSL_memset(buf, 0, sizeof(CRYPTO_BUFFER)); if (data_is_static) { buf->data = (uint8_t *)data; @@ -170,11 +168,10 @@ CRYPTO_BUFFER *CRYPTO_BUFFER_new(const uint8_t *data, size_t len, } CRYPTO_BUFFER *CRYPTO_BUFFER_alloc(uint8_t **out_data, size_t len) { - CRYPTO_BUFFER *const buf = OPENSSL_malloc(sizeof(CRYPTO_BUFFER)); + CRYPTO_BUFFER *const buf = OPENSSL_zalloc(sizeof(CRYPTO_BUFFER)); if (buf == NULL) { return NULL; } - OPENSSL_memset(buf, 0, sizeof(CRYPTO_BUFFER)); buf->data = OPENSSL_malloc(len); if (len != 0 && buf->data == NULL) { diff --git a/src/crypto/rand_extra/forkunsafe.c b/src/crypto/rand_extra/forkunsafe.c index 356afddf..5bdcad38 100644 --- a/src/crypto/rand_extra/forkunsafe.c +++ b/src/crypto/rand_extra/forkunsafe.c @@ -33,6 +33,10 @@ void RAND_enable_fork_unsafe_buffering(int fd) { CRYPTO_atomic_store_u32(&g_buffering_enabled, 1); } + +void RAND_disable_fork_unsafe_buffering(void) { + CRYPTO_atomic_store_u32(&g_buffering_enabled, 0); +} #endif int rand_fork_unsafe_buffering_enabled(void) { diff --git a/src/crypto/stack/stack.c b/src/crypto/stack/stack.c index a326eb78..97fae1b9 100644 --- a/src/crypto/stack/stack.c +++ b/src/crypto/stack/stack.c @@ -84,19 +84,16 @@ struct stack_st { static const size_t kMinSize = 4; OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_cmp_func comp) { - OPENSSL_STACK *ret = OPENSSL_malloc(sizeof(OPENSSL_STACK)); + OPENSSL_STACK *ret = OPENSSL_zalloc(sizeof(OPENSSL_STACK)); if (ret == NULL) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(OPENSSL_STACK)); - ret->data = OPENSSL_malloc(sizeof(void *) * kMinSize); + ret->data = OPENSSL_calloc(kMinSize, sizeof(void *)); if (ret->data == NULL) { goto err; } - OPENSSL_memset(ret->data, 0, sizeof(void *) * kMinSize); - ret->comp = comp; ret->num_alloc = kMinSize; @@ -370,19 +367,17 @@ OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *sk) { return NULL; } - OPENSSL_STACK *ret = OPENSSL_malloc(sizeof(OPENSSL_STACK)); + OPENSSL_STACK *ret = OPENSSL_zalloc(sizeof(OPENSSL_STACK)); if (ret == NULL) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(OPENSSL_STACK)); - ret->data = OPENSSL_malloc(sizeof(void *) * sk->num_alloc); + ret->data = OPENSSL_memdup(sk->data, sizeof(void *) * sk->num_alloc); if (ret->data == NULL) { goto err; } ret->num = sk->num; - OPENSSL_memcpy(ret->data, sk->data, sizeof(void *) * sk->num); ret->sorted = sk->sorted; ret->num_alloc = sk->num_alloc; ret->comp = sk->comp; diff --git a/src/crypto/trust_token/pmbtoken.c b/src/crypto/trust_token/pmbtoken.c index 5334a0c6..0aa4d099 100644 --- a/src/crypto/trust_token/pmbtoken.c +++ b/src/crypto/trust_token/pmbtoken.c @@ -799,18 +799,12 @@ static int pmbtoken_sign(const PMBTOKEN_METHOD *method, return 0; } - if (num_to_issue > ((size_t)-1) / sizeof(EC_JACOBIAN) || - num_to_issue > ((size_t)-1) / sizeof(EC_SCALAR)) { - OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW); - return 0; - } - int ret = 0; - EC_JACOBIAN *Tps = OPENSSL_malloc(num_to_issue * sizeof(EC_JACOBIAN)); - EC_JACOBIAN *Sps = OPENSSL_malloc(num_to_issue * sizeof(EC_JACOBIAN)); - EC_JACOBIAN *Wps = OPENSSL_malloc(num_to_issue * sizeof(EC_JACOBIAN)); - EC_JACOBIAN *Wsps = OPENSSL_malloc(num_to_issue * sizeof(EC_JACOBIAN)); - EC_SCALAR *es = OPENSSL_malloc(num_to_issue * sizeof(EC_SCALAR)); + EC_JACOBIAN *Tps = OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN)); + EC_JACOBIAN *Sps = OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN)); + EC_JACOBIAN *Wps = OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN)); + EC_JACOBIAN *Wsps = OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN)); + EC_SCALAR *es = OPENSSL_calloc(num_to_issue, sizeof(EC_SCALAR)); CBB batch_cbb; CBB_zero(&batch_cbb); if (!Tps || @@ -940,19 +934,13 @@ static STACK_OF(TRUST_TOKEN) *pmbtoken_unblind( return NULL; } - if (count > ((size_t)-1) / sizeof(EC_JACOBIAN) || - count > ((size_t)-1) / sizeof(EC_SCALAR)) { - OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW); - return NULL; - } - int ok = 0; STACK_OF(TRUST_TOKEN) *ret = sk_TRUST_TOKEN_new_null(); - EC_JACOBIAN *Tps = OPENSSL_malloc(count * sizeof(EC_JACOBIAN)); - EC_JACOBIAN *Sps = OPENSSL_malloc(count * sizeof(EC_JACOBIAN)); - EC_JACOBIAN *Wps = OPENSSL_malloc(count * sizeof(EC_JACOBIAN)); - EC_JACOBIAN *Wsps = OPENSSL_malloc(count * sizeof(EC_JACOBIAN)); - EC_SCALAR *es = OPENSSL_malloc(count * sizeof(EC_SCALAR)); + EC_JACOBIAN *Tps = OPENSSL_calloc(count, sizeof(EC_JACOBIAN)); + EC_JACOBIAN *Sps = OPENSSL_calloc(count, sizeof(EC_JACOBIAN)); + EC_JACOBIAN *Wps = OPENSSL_calloc(count, sizeof(EC_JACOBIAN)); + EC_JACOBIAN *Wsps = OPENSSL_calloc(count, sizeof(EC_JACOBIAN)); + EC_SCALAR *es = OPENSSL_calloc(count, sizeof(EC_SCALAR)); CBB batch_cbb; CBB_zero(&batch_cbb); if (ret == NULL || diff --git a/src/crypto/trust_token/trust_token.c b/src/crypto/trust_token/trust_token.c index 93172c37..521e7adc 100644 --- a/src/crypto/trust_token/trust_token.c +++ b/src/crypto/trust_token/trust_token.c @@ -118,11 +118,10 @@ void TRUST_TOKEN_PRETOKEN_free(TRUST_TOKEN_PRETOKEN *pretoken) { } TRUST_TOKEN *TRUST_TOKEN_new(const uint8_t *data, size_t len) { - TRUST_TOKEN *ret = OPENSSL_malloc(sizeof(TRUST_TOKEN)); + TRUST_TOKEN *ret = OPENSSL_zalloc(sizeof(TRUST_TOKEN)); if (ret == NULL) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(TRUST_TOKEN)); ret->data = OPENSSL_memdup(data, len); if (len != 0 && ret->data == NULL) { OPENSSL_free(ret); @@ -205,11 +204,10 @@ TRUST_TOKEN_CLIENT *TRUST_TOKEN_CLIENT_new(const TRUST_TOKEN_METHOD *method, return NULL; } - TRUST_TOKEN_CLIENT *ret = OPENSSL_malloc(sizeof(TRUST_TOKEN_CLIENT)); + TRUST_TOKEN_CLIENT *ret = OPENSSL_zalloc(sizeof(TRUST_TOKEN_CLIENT)); if (ret == NULL) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(TRUST_TOKEN_CLIENT)); ret->method = method; ret->max_batchsize = (uint16_t)max_batchsize; return ret; @@ -446,11 +444,10 @@ TRUST_TOKEN_ISSUER *TRUST_TOKEN_ISSUER_new(const TRUST_TOKEN_METHOD *method, return NULL; } - TRUST_TOKEN_ISSUER *ret = OPENSSL_malloc(sizeof(TRUST_TOKEN_ISSUER)); + TRUST_TOKEN_ISSUER *ret = OPENSSL_zalloc(sizeof(TRUST_TOKEN_ISSUER)); if (ret == NULL) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(TRUST_TOKEN_ISSUER)); ret->method = method; ret->max_batchsize = (uint16_t)max_batchsize; return ret; diff --git a/src/crypto/trust_token/voprf.c b/src/crypto/trust_token/voprf.c index c2ab815b..504deee5 100644 --- a/src/crypto/trust_token/voprf.c +++ b/src/crypto/trust_token/voprf.c @@ -483,16 +483,10 @@ static int voprf_sign_tt(const VOPRF_METHOD *method, return 0; } - if (num_to_issue > ((size_t)-1) / sizeof(EC_JACOBIAN) || - num_to_issue > ((size_t)-1) / sizeof(EC_SCALAR)) { - OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW); - return 0; - } - int ret = 0; - EC_JACOBIAN *BTs = OPENSSL_malloc(num_to_issue * sizeof(EC_JACOBIAN)); - EC_JACOBIAN *Zs = OPENSSL_malloc(num_to_issue * sizeof(EC_JACOBIAN)); - EC_SCALAR *es = OPENSSL_malloc(num_to_issue * sizeof(EC_SCALAR)); + EC_JACOBIAN *BTs = OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN)); + EC_JACOBIAN *Zs = OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN)); + EC_SCALAR *es = OPENSSL_calloc(num_to_issue, sizeof(EC_SCALAR)); CBB batch_cbb; CBB_zero(&batch_cbb); if (!BTs || @@ -582,17 +576,11 @@ static STACK_OF(TRUST_TOKEN) *voprf_unblind_tt( return NULL; } - if (count > ((size_t)-1) / sizeof(EC_JACOBIAN) || - count > ((size_t)-1) / sizeof(EC_SCALAR)) { - OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW); - return NULL; - } - int ok = 0; STACK_OF(TRUST_TOKEN) *ret = sk_TRUST_TOKEN_new_null(); - EC_JACOBIAN *BTs = OPENSSL_malloc(count * sizeof(EC_JACOBIAN)); - EC_JACOBIAN *Zs = OPENSSL_malloc(count * sizeof(EC_JACOBIAN)); - EC_SCALAR *es = OPENSSL_malloc(count * sizeof(EC_SCALAR)); + EC_JACOBIAN *BTs = OPENSSL_calloc(count, sizeof(EC_JACOBIAN)); + EC_JACOBIAN *Zs = OPENSSL_calloc(count, sizeof(EC_JACOBIAN)); + EC_SCALAR *es = OPENSSL_calloc(count, sizeof(EC_SCALAR)); CBB batch_cbb; CBB_zero(&batch_cbb); if (ret == NULL || @@ -868,16 +856,10 @@ static int voprf_sign_impl(const VOPRF_METHOD *method, return 0; } - if (num_to_issue > ((size_t)-1) / sizeof(EC_JACOBIAN) || - num_to_issue > ((size_t)-1) / sizeof(EC_SCALAR)) { - OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW); - return 0; - } - int ret = 0; - EC_JACOBIAN *BTs = OPENSSL_malloc(num_to_issue * sizeof(EC_JACOBIAN)); - EC_JACOBIAN *Zs = OPENSSL_malloc(num_to_issue * sizeof(EC_JACOBIAN)); - EC_SCALAR *dis = OPENSSL_malloc(num_to_issue * sizeof(EC_SCALAR)); + EC_JACOBIAN *BTs = OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN)); + EC_JACOBIAN *Zs = OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN)); + EC_SCALAR *dis = OPENSSL_calloc(num_to_issue, sizeof(EC_SCALAR)); if (!BTs || !Zs || !dis) { goto err; } @@ -984,17 +966,11 @@ static STACK_OF(TRUST_TOKEN) *voprf_unblind( return NULL; } - if (count > ((size_t)-1) / sizeof(EC_JACOBIAN) || - count > ((size_t)-1) / sizeof(EC_SCALAR)) { - OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_OVERFLOW); - return NULL; - } - int ok = 0; STACK_OF(TRUST_TOKEN) *ret = sk_TRUST_TOKEN_new_null(); - EC_JACOBIAN *BTs = OPENSSL_malloc(count * sizeof(EC_JACOBIAN)); - EC_JACOBIAN *Zs = OPENSSL_malloc(count * sizeof(EC_JACOBIAN)); - EC_SCALAR *dis = OPENSSL_malloc(count * sizeof(EC_SCALAR)); + EC_JACOBIAN *BTs = OPENSSL_calloc(count, sizeof(EC_JACOBIAN)); + EC_JACOBIAN *Zs = OPENSSL_calloc(count, sizeof(EC_JACOBIAN)); + EC_SCALAR *dis = OPENSSL_calloc(count, sizeof(EC_SCALAR)); if (ret == NULL || !BTs || !Zs || !dis) { goto err; } diff --git a/src/crypto/x509/algorithm.c b/src/crypto/x509/algorithm.c index 16235eee..2d3f4d39 100644 --- a/src/crypto/x509/algorithm.c +++ b/src/crypto/x509/algorithm.c @@ -116,8 +116,7 @@ int x509_digest_sign_algorithm(EVP_MD_CTX *ctx, X509_ALGOR *algor) { // it. int paramtype = (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) ? V_ASN1_NULL : V_ASN1_UNDEF; - X509_ALGOR_set0(algor, OBJ_nid2obj(sign_nid), paramtype, NULL); - return 1; + return X509_ALGOR_set0(algor, OBJ_nid2obj(sign_nid), paramtype, NULL); } int x509_digest_verify_init(EVP_MD_CTX *ctx, const X509_ALGOR *sigalg, diff --git a/src/crypto/x509/policy.c b/src/crypto/x509/policy.c index b0c27126..ce995999 100644 --- a/src/crypto/x509/policy.c +++ b/src/crypto/x509/policy.c @@ -107,11 +107,10 @@ static void x509_policy_node_free(X509_POLICY_NODE *node) { static X509_POLICY_NODE *x509_policy_node_new(const ASN1_OBJECT *policy) { assert(!is_any_policy(policy)); - X509_POLICY_NODE *node = OPENSSL_malloc(sizeof(X509_POLICY_NODE)); + X509_POLICY_NODE *node = OPENSSL_zalloc(sizeof(X509_POLICY_NODE)); if (node == NULL) { return NULL; } - OPENSSL_memset(node, 0, sizeof(X509_POLICY_NODE)); node->policy = OBJ_dup(policy); node->parent_policies = sk_ASN1_OBJECT_new_null(); if (node->policy == NULL || node->parent_policies == NULL) { @@ -134,11 +133,10 @@ static void x509_policy_level_free(X509_POLICY_LEVEL *level) { } static X509_POLICY_LEVEL *x509_policy_level_new(void) { - X509_POLICY_LEVEL *level = OPENSSL_malloc(sizeof(X509_POLICY_LEVEL)); + X509_POLICY_LEVEL *level = OPENSSL_zalloc(sizeof(X509_POLICY_LEVEL)); if (level == NULL) { return NULL; } - OPENSSL_memset(level, 0, sizeof(X509_POLICY_LEVEL)); level->nodes = sk_X509_POLICY_NODE_new(x509_policy_node_cmp); if (level->nodes == NULL) { x509_policy_level_free(level); diff --git a/src/crypto/x509/rsa_pss.c b/src/crypto/x509/rsa_pss.c index 9e69663e..5974bfab 100644 --- a/src/crypto/x509/rsa_pss.c +++ b/src/crypto/x509/rsa_pss.c @@ -145,7 +145,9 @@ static int rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md) { if (!*palg) { goto err; } - X509_ALGOR_set0(*palg, OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp); + if (!X509_ALGOR_set0(*palg, OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp)) { + goto err; + } stmp = NULL; err: @@ -235,7 +237,9 @@ int x509_rsa_ctx_to_pss(EVP_MD_CTX *ctx, X509_ALGOR *algor) { goto err; } - X509_ALGOR_set0(algor, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os); + if (!X509_ALGOR_set0(algor, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os)) { + goto err; + } os = NULL; ret = 1; diff --git a/src/crypto/x509/x509_lu.c b/src/crypto/x509/x509_lu.c index c1389cc2..814f0ce9 100644 --- a/src/crypto/x509/x509_lu.c +++ b/src/crypto/x509/x509_lu.c @@ -164,10 +164,9 @@ static int x509_object_cmp_sk(const X509_OBJECT *const *a, X509_STORE *X509_STORE_new(void) { X509_STORE *ret; - if ((ret = (X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL) { + if ((ret = (X509_STORE *)OPENSSL_zalloc(sizeof(X509_STORE))) == NULL) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(*ret)); CRYPTO_MUTEX_init(&ret->objs_lock); ret->objs = sk_X509_OBJECT_new(x509_object_cmp_sk); if (ret->objs == NULL) { diff --git a/src/crypto/x509/x509_test.cc b/src/crypto/x509/x509_test.cc index 68d75d59..9699b5a7 100644 --- a/src/crypto/x509/x509_test.cc +++ b/src/crypto/x509/x509_test.cc @@ -6456,7 +6456,7 @@ TEST(X509Test, AddUnserializableExtension) { MakeTestCert("Issuer", "Subject", key.get(), /*is_ca=*/true); ASSERT_TRUE(x509); bssl::UniquePtr<X509_EXTENSION> ext(X509_EXTENSION_new()); - ASSERT_TRUE(X509_EXTENSION_set_object(ext.get(), OBJ_nid2obj(NID_undef))); + ASSERT_TRUE(X509_EXTENSION_set_object(ext.get(), OBJ_get_undef())); EXPECT_FALSE(X509_add_ext(x509.get(), ext.get(), /*loc=*/-1)); } @@ -6547,6 +6547,30 @@ TEST(X509Test, NameAttributeValues) { // we decide to later. static const uint8_t kOID[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, 0xb7, 0x09, 0x00}; + static const char kOIDText[] = "1.2.840.113554.4.1.72585.0"; + + auto encode_single_attribute_name = + [](CBS_ASN1_TAG tag, + const std::string &contents) -> std::vector<uint8_t> { + bssl::ScopedCBB cbb; + CBB seq, rdn, attr, attr_type, attr_value; + if (!CBB_init(cbb.get(), 128) || + !CBB_add_asn1(cbb.get(), &seq, CBS_ASN1_SEQUENCE) || + !CBB_add_asn1(&seq, &rdn, CBS_ASN1_SET) || + !CBB_add_asn1(&rdn, &attr, CBS_ASN1_SEQUENCE) || + !CBB_add_asn1(&attr, &attr_type, CBS_ASN1_OBJECT) || + !CBB_add_bytes(&attr_type, kOID, sizeof(kOID)) || + !CBB_add_asn1(&attr, &attr_value, tag) || + !CBB_add_bytes(&attr_value, + reinterpret_cast<const uint8_t *>(contents.data()), + contents.size()) || + !CBB_flush(cbb.get())) { + ADD_FAILURE() << "Could not encode name"; + return {}; + }; + return std::vector<uint8_t>(CBB_data(cbb.get()), + CBB_data(cbb.get()) + CBB_len(cbb.get())); + }; const struct { CBS_ASN1_TAG der_tag; @@ -6569,6 +6593,11 @@ TEST(X509Test, NameAttributeValues) { // ENUMERATED is supported but, currently, INTEGER is not. {CBS_ASN1_ENUMERATED, "\x01", V_ASN1_ENUMERATED, "\x01"}, + // Test negative values. These are interesting because, when encoding, the + // ASN.1 type must be determined from the string type, but the string type + // has an extra |V_ASN1_NEG| bit. + {CBS_ASN1_ENUMERATED, "\xff", V_ASN1_NEG_ENUMERATED, "\x01"}, + // SEQUENCE is supported but, currently, SET is not. Note the // |ASN1_STRING| representation will include the tag and length. {CBS_ASN1_SEQUENCE, "", V_ASN1_SEQUENCE, std::string("\x30\x00", 2)}, @@ -6596,27 +6625,16 @@ TEST(X509Test, NameAttributeValues) { // Construct an X.509 name containing a single RDN with a single attribute: // kOID with the specified value. - bssl::ScopedCBB cbb; - ASSERT_TRUE(CBB_init(cbb.get(), 128)); - CBB seq, rdn, attr, attr_type, attr_value; - ASSERT_TRUE(CBB_add_asn1(cbb.get(), &seq, CBS_ASN1_SEQUENCE)); - ASSERT_TRUE(CBB_add_asn1(&seq, &rdn, CBS_ASN1_SET)); - ASSERT_TRUE(CBB_add_asn1(&rdn, &attr, CBS_ASN1_SEQUENCE)); - ASSERT_TRUE(CBB_add_asn1(&attr, &attr_type, CBS_ASN1_OBJECT)); - ASSERT_TRUE(CBB_add_bytes(&attr_type, kOID, sizeof(kOID))); - ASSERT_TRUE(CBB_add_asn1(&attr, &attr_value, t.der_tag)); - ASSERT_TRUE(CBB_add_bytes( - &attr_value, reinterpret_cast<const uint8_t *>(t.der_contents.data()), - t.der_contents.size())); - ASSERT_TRUE(CBB_flush(cbb.get())); - SCOPED_TRACE(Bytes(CBB_data(cbb.get()), CBB_len(cbb.get()))); + auto encoded = encode_single_attribute_name(t.der_tag, t.der_contents); + ASSERT_FALSE(encoded.empty()); + SCOPED_TRACE(Bytes(encoded)); // The input should parse. - const uint8_t *inp = CBB_data(cbb.get()); + const uint8_t *inp = encoded.data(); bssl::UniquePtr<X509_NAME> name( - d2i_X509_NAME(nullptr, &inp, CBB_len(cbb.get()))); + d2i_X509_NAME(nullptr, &inp, encoded.size())); ASSERT_TRUE(name); - EXPECT_EQ(inp, CBB_data(cbb.get()) + CBB_len(cbb.get())) + EXPECT_EQ(inp, encoded.data() + encoded.size()) << "input was not fully consumed"; // Check there is a single attribute with the expected in-memory @@ -6635,7 +6653,141 @@ TEST(X509Test, NameAttributeValues) { int der_len = i2d_X509_NAME(name.get(), &der); ASSERT_GE(der_len, 0); bssl::UniquePtr<uint8_t> free_der(der); - EXPECT_EQ(Bytes(der, der_len), - (Bytes(CBB_data(cbb.get()), CBB_len(cbb.get())))); + EXPECT_EQ(Bytes(der, der_len), Bytes(encoded)); + + // X509_NAME internally caches its encoding, which means the check above + // does not fully test re-encoding. Repeat the test by constructing an + // |X509_NAME| from the string representation. + name.reset(X509_NAME_new()); + ASSERT_TRUE(name); + ASSERT_TRUE(X509_NAME_add_entry_by_txt( + name.get(), kOIDText, t.str_type, + reinterpret_cast<const uint8_t *>(t.str_contents.data()), + t.str_contents.size(), /*loc=*/-1, /*set=*/0)); + + // The name should re-encode with the same input. + der = nullptr; + der_len = i2d_X509_NAME(name.get(), &der); + ASSERT_GE(der_len, 0); + free_der.reset(der); + EXPECT_EQ(Bytes(der, der_len), Bytes(encoded)); + } + + const struct { + CBS_ASN1_TAG der_tag; + std::string der_contents; + } kInvalidTests[] = { + // Errors in supported universal types should be handled. + {CBS_ASN1_NULL, "not null"}, + {CBS_ASN1_BOOLEAN, "not bool"}, + {CBS_ASN1_OBJECT, ""}, + {CBS_ASN1_INTEGER, std::string("\0\0", 2)}, + {CBS_ASN1_ENUMERATED, std::string("\0\0", 2)}, + {CBS_ASN1_BITSTRING, ""}, + {CBS_ASN1_UTF8STRING, "not utf-8 \xff"}, + {CBS_ASN1_BMPSTRING, "not utf-16 "}, + {CBS_ASN1_UNIVERSALSTRING, "not utf-32"}, + {CBS_ASN1_UTCTIME, "not utctime"}, + {CBS_ASN1_GENERALIZEDTIME, "not generalizedtime"}, + {CBS_ASN1_UTF8STRING | CBS_ASN1_CONSTRUCTED, ""}, + {CBS_ASN1_SEQUENCE & ~CBS_ASN1_CONSTRUCTED, ""}, + + // TODO(crbug.com/boringssl/412): The following inputs should parse, but + // are currently rejected because they cannot be represented in + // |ASN1_PRINTABLE|, either because they don't fit in |ASN1_STRING| or + // simply in the |B_ASN1_PRINTABLE| bitmask. + {CBS_ASN1_NULL, ""}, + {CBS_ASN1_BOOLEAN, std::string("\x00", 1)}, + {CBS_ASN1_BOOLEAN, "\xff"}, + {CBS_ASN1_OBJECT, "\x01\x02\x03\x04"}, + {CBS_ASN1_INTEGER, "\x01"}, + {CBS_ASN1_INTEGER, "\xff"}, + {CBS_ASN1_OCTETSTRING, ""}, + {CBS_ASN1_UTCTIME, "700101000000Z"}, + {CBS_ASN1_GENERALIZEDTIME, "19700101000000Z"}, + {CBS_ASN1_SET, ""}, + {CBS_ASN1_APPLICATION | CBS_ASN1_CONSTRUCTED | 42, ""}, + {CBS_ASN1_APPLICATION | 42, ""}, + }; + for (const auto &t : kInvalidTests) { + SCOPED_TRACE(t.der_tag); + SCOPED_TRACE(Bytes(t.der_contents)); + + // Construct an X.509 name containing a single RDN with a single attribute: + // kOID with the specified value. + auto encoded = encode_single_attribute_name(t.der_tag, t.der_contents); + ASSERT_FALSE(encoded.empty()); + SCOPED_TRACE(Bytes(encoded)); + + // The input should not parse. + const uint8_t *inp = encoded.data(); + bssl::UniquePtr<X509_NAME> name( + d2i_X509_NAME(nullptr, &inp, encoded.size())); + EXPECT_FALSE(name); + } +} + +TEST(X509Test, GetTextByOBJ) { + struct OBJTestCase { + const char *content; + int content_type; + int len; + int expected_result; + const char *expected_string; + } kTests[] = { + {"", V_ASN1_UTF8STRING, 0, 0, ""}, + {"derp", V_ASN1_UTF8STRING, 4, 4, "derp"}, + {"\x30\x00", // Empty sequence can not be converted to UTF-8 + V_ASN1_SEQUENCE, 2, -1, ""}, + { + "der\0p", + V_ASN1_TELETEXSTRING, + 5, + -1, + "", + }, + { + "0123456789ABCDEF", + V_ASN1_IA5STRING, + 16, + 16, + "0123456789ABCDEF", + }, + { + "\x07\xff", + V_ASN1_BMPSTRING, + 2, + 2, + "\xdf\xbf", + }, + { + "\x00\xc3\x00\xaf", + V_ASN1_BMPSTRING, + 4, + 4, + "\xc3\x83\xc2\xaf", + }, + }; + for (const auto &test : kTests) { + bssl::UniquePtr<X509_NAME> name(X509_NAME_new()); + ASSERT_TRUE(name); + ASSERT_TRUE(X509_NAME_add_entry_by_NID( + name.get(), NID_commonName, test.content_type, + reinterpret_cast<const uint8_t *>(test.content), test.len, /*loc=*/-1, + /*set=*/0)); + char text[256] = {}; + EXPECT_EQ(test.expected_result, + X509_NAME_get_text_by_NID(name.get(), NID_commonName, text, + sizeof(text))); + EXPECT_STREQ(text, test.expected_string); + if (test.expected_result > 0) { + // Test truncation. The function writes a trailing NUL byte so the + // buffer needs to be one bigger than the expected result. + char small[2] = "a"; + EXPECT_EQ( + -1, X509_NAME_get_text_by_NID(name.get(), NID_commonName, small, 1)); + // The buffer should be unmodified by truncation failure. + EXPECT_STREQ(small, "a"); + } } } diff --git a/src/crypto/x509/x509_vpm.c b/src/crypto/x509/x509_vpm.c index 583b4a05..c13437d0 100644 --- a/src/crypto/x509/x509_vpm.c +++ b/src/crypto/x509/x509_vpm.c @@ -156,12 +156,10 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param) { } X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) { - X509_VERIFY_PARAM *param; - param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM)); + X509_VERIFY_PARAM *param = OPENSSL_zalloc(sizeof(X509_VERIFY_PARAM)); if (!param) { return NULL; } - OPENSSL_memset(param, 0, sizeof(X509_VERIFY_PARAM)); x509_verify_param_zero(param); return param; } diff --git a/src/crypto/x509/x509name.c b/src/crypto/x509/x509name.c index eec2c8e0..8d2d202f 100644 --- a/src/crypto/x509/x509name.c +++ b/src/crypto/x509/x509name.c @@ -57,6 +57,7 @@ #include <string.h> #include <openssl/asn1.h> +#include <openssl/bytestring.h> #include <openssl/err.h> #include <openssl/evp.h> #include <openssl/obj.h> @@ -86,13 +87,34 @@ int X509_NAME_get_text_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, } const ASN1_STRING *data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i)); - i = (data->length > (len - 1)) ? (len - 1) : data->length; - if (buf == NULL) { - return data->length; + unsigned char *text = NULL; + int ret = -1; + int text_len = ASN1_STRING_to_UTF8(&text, data); + // Fail if we could not encode as UTF-8. + if (text_len < 0) { + goto out; + } + CBS cbs; + CBS_init(&cbs, text, text_len); + // Fail if the UTF-8 encoding constains a 0 byte because this is + // returned as a C string and callers very often do not check. + if (CBS_contains_zero_byte(&cbs)) { + goto out; + } + // We still support the "pass NULL to find out how much" API + if (buf != NULL) { + if (text_len >= len || len <= 0 || + !CBS_copy_bytes(&cbs, (uint8_t *)buf, text_len)) { + goto out; + } + // It must be a C string + buf[text_len] = '\0'; } - OPENSSL_memcpy(buf, data->data, i); - buf[i] = '\0'; - return i; + ret = text_len; + +out: + OPENSSL_free(text); + return ret; } int X509_NAME_entry_count(const X509_NAME *name) { diff --git a/src/crypto/x509/x_name.c b/src/crypto/x509/x_name.c index 3063ce7b..0bca6399 100644 --- a/src/crypto/x509/x_name.c +++ b/src/crypto/x509/x_name.c @@ -122,7 +122,6 @@ ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL) static const ASN1_EXTERN_FUNCS x509_name_ff = { x509_name_ex_new, x509_name_ex_free, - 0, // Default clear behaviour is OK x509_name_ex_d2i, x509_name_ex_i2d, }; diff --git a/src/crypto/x509/x_pkey.c b/src/crypto/x509/x_pkey.c index d48ecd11..33a9aa91 100644 --- a/src/crypto/x509/x_pkey.c +++ b/src/crypto/x509/x_pkey.c @@ -67,11 +67,10 @@ X509_PKEY *X509_PKEY_new(void) { - X509_PKEY *ret = OPENSSL_malloc(sizeof(X509_PKEY)); + X509_PKEY *ret = OPENSSL_zalloc(sizeof(X509_PKEY)); if (ret == NULL) { goto err; } - OPENSSL_memset(ret, 0, sizeof(X509_PKEY)); ret->enc_algor = X509_ALGOR_new(); if (ret->enc_algor == NULL) { diff --git a/src/crypto/x509/x_x509.c b/src/crypto/x509/x_x509.c index 31dbebe1..2d4d5552 100644 --- a/src/crypto/x509/x_x509.c +++ b/src/crypto/x509/x_x509.c @@ -92,11 +92,10 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_CINF) // x509_new_null returns a new |X509| object where the |cert_info|, |sig_alg|, // and |signature| fields are not yet filled in. static X509 *x509_new_null(void) { - X509 *ret = OPENSSL_malloc(sizeof(X509)); + X509 *ret = OPENSSL_zalloc(sizeof(X509)); if (ret == NULL) { return NULL; } - OPENSSL_memset(ret, 0, sizeof(X509)); ret->references = 1; ret->ex_pathlen = -1; @@ -343,7 +342,6 @@ static int x509_i2d_cb(ASN1_VALUE **pval, unsigned char **out, static const ASN1_EXTERN_FUNCS x509_extern_funcs = { x509_new_cb, x509_free_cb, - /*asn1_ex_clear=*/NULL, x509_d2i_cb, x509_i2d_cb, }; diff --git a/src/decrepit/bio/base64_bio.c b/src/decrepit/bio/base64_bio.c index eb87186f..35218971 100644 --- a/src/decrepit/bio/base64_bio.c +++ b/src/decrepit/bio/base64_bio.c @@ -89,15 +89,11 @@ typedef struct b64_struct { } BIO_B64_CTX; static int b64_new(BIO *bio) { - BIO_B64_CTX *ctx; - - ctx = OPENSSL_malloc(sizeof(*ctx)); + BIO_B64_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx == NULL) { return 0; } - OPENSSL_memset(ctx, 0, sizeof(*ctx)); - ctx->cont = 1; ctx->start = 1; diff --git a/src/include/openssl/arm_arch.h b/src/include/openssl/arm_arch.h index 60b30f5d..f6361300 100644 --- a/src/include/openssl/arm_arch.h +++ b/src/include/openssl/arm_arch.h @@ -79,27 +79,6 @@ // ARMV8_SHA512 indicates support for hardware SHA-512 instructions. #define ARMV8_SHA512 (1 << 6) -#if defined(__ASSEMBLER__) - -// We require the ARM assembler provide |__ARM_ARCH| from Arm C Language -// Extensions (ACLE). This is supported in GCC 4.8+ and Clang 3.2+. MSVC does -// not implement ACLE, but we require Clang's assembler on Windows. -#if !defined(__ARM_ARCH) -#error "ARM assembler must define __ARM_ARCH" -#endif - -// __ARM_ARCH__ is used by OpenSSL assembly to determine the minimum target ARM -// version. -// -// TODO(davidben): Switch the assembly to use |__ARM_ARCH| directly. -#define __ARM_ARCH__ __ARM_ARCH - -// Even when building for 32-bit ARM, support for aarch64 crypto instructions -// will be included. -#define __ARM_MAX_ARCH__ 8 - -#endif // __ASSEMBLER__ - #endif // ARM || AARCH64 #endif // OPENSSL_HEADER_ARM_ARCH_H diff --git a/src/include/openssl/asm_base.h b/src/include/openssl/asm_base.h index 9eb31818..e6b95dfa 100644 --- a/src/include/openssl/asm_base.h +++ b/src/include/openssl/asm_base.h @@ -75,14 +75,13 @@ #error "ARM assembler must define __ARM_ARCH" #endif -// __ARM_ARCH__ is used by OpenSSL assembly to determine the minimum target ARM -// version. -// -// TODO(davidben): Switch the assembly to use |__ARM_ARCH| directly. -#define __ARM_ARCH__ __ARM_ARCH - // Even when building for 32-bit ARM, support for aarch64 crypto instructions // will be included. +// +// TODO(davidben): Remove this and the corresponding ifdefs? This is only +// defined because some OpenSSL assembly files would allow disabling the NEON +// code entirely. I think we'd prefer to do that by lifting the dispatch to C +// anyway. #define __ARM_MAX_ARCH__ 8 // Support macros for diff --git a/src/include/openssl/evp.h b/src/include/openssl/evp.h index 6f6eaa9b..8a9d6201 100644 --- a/src/include/openssl/evp.h +++ b/src/include/openssl/evp.h @@ -59,7 +59,7 @@ #include <openssl/base.h> -#include <openssl/evp_errors.h> +#include <openssl/evp_errors.h> // IWYU pragma: export #include <openssl/thread.h> // OpenSSL included digest and cipher functions in this header so we include diff --git a/src/include/openssl/mem.h b/src/include/openssl/mem.h index 8da1dd67..c60ea178 100644 --- a/src/include/openssl/mem.h +++ b/src/include/openssl/mem.h @@ -81,14 +81,16 @@ extern "C" { // the case of a malloc failure, prior to returning NULL |OPENSSL_malloc| will // push |ERR_R_MALLOC_FAILURE| onto the openssl error stack. OPENSSL_EXPORT void *OPENSSL_malloc(size_t size); -#endif // !_BORINGSSL_PROHIBIT_OPENSSL_MALLOC -// OPENSSL_free does nothing if |ptr| is NULL. Otherwise it zeros out the -// memory allocated at |ptr| and frees it along with the private data. -// It must only be used on on |ptr| values obtained from |OPENSSL_malloc| -OPENSSL_EXPORT void OPENSSL_free(void *ptr); +// OPENSSL_zalloc behaves like |OPENSSL_malloc| except it also initializes the +// resulting memory to zero. +OPENSSL_EXPORT void *OPENSSL_zalloc(size_t size); + +// OPENSSL_calloc is similar to a regular |calloc|, but allocates data with +// |OPENSSL_malloc|. On overflow, it will push |ERR_R_OVERFLOW| onto the error +// queue. +OPENSSL_EXPORT void *OPENSSL_calloc(size_t num, size_t size); -#ifndef _BORINGSSL_PROHIBIT_OPENSSL_MALLOC // OPENSSL_realloc returns a pointer to a buffer of |new_size| bytes that // contains the contents of |ptr|. Unlike |realloc|, a new buffer is always // allocated and the data at |ptr| is always wiped and freed. Memory is @@ -96,6 +98,11 @@ OPENSSL_EXPORT void OPENSSL_free(void *ptr); OPENSSL_EXPORT void *OPENSSL_realloc(void *ptr, size_t new_size); #endif // !_BORINGSSL_PROHIBIT_OPENSSL_MALLOC +// OPENSSL_free does nothing if |ptr| is NULL. Otherwise it zeros out the +// memory allocated at |ptr| and frees it along with the private data. +// It must only be used on on |ptr| values obtained from |OPENSSL_malloc| +OPENSSL_EXPORT void OPENSSL_free(void *ptr); + // OPENSSL_cleanse zeros out |len| bytes of memory at |ptr|. This is similar to // |memset_s| from C11. OPENSSL_EXPORT void OPENSSL_cleanse(void *ptr, size_t len); diff --git a/src/include/openssl/obj.h b/src/include/openssl/obj.h index 3fb8bdeb..57ea3975 100644 --- a/src/include/openssl/obj.h +++ b/src/include/openssl/obj.h @@ -60,7 +60,7 @@ #include <openssl/base.h> #include <openssl/bytestring.h> -#include <openssl/nid.h> +#include <openssl/nid.h> // IWYU pragma: export #if defined(__cplusplus) extern "C" { @@ -148,6 +148,10 @@ OPENSSL_EXPORT int OBJ_txt2nid(const char *s); // a non-const pointer and manage ownership. OPENSSL_EXPORT ASN1_OBJECT *OBJ_nid2obj(int nid); +// OBJ_get_undef returns the object for |NID_undef|. Prefer this function over +// |OBJ_nid2obj| to avoid pulling in the full OID table. +OPENSSL_EXPORT const ASN1_OBJECT *OBJ_get_undef(void); + // OBJ_nid2sn returns the short name for |nid|, or NULL if |nid| is unknown. OPENSSL_EXPORT const char *OBJ_nid2sn(int nid); diff --git a/src/include/openssl/opensslconf.h b/src/include/openssl/opensslconf.h index 51657030..feb9246c 100644 --- a/src/include/openssl/opensslconf.h +++ b/src/include/openssl/opensslconf.h @@ -18,6 +18,7 @@ #ifndef OPENSSL_HEADER_OPENSSLCONF_H #define OPENSSL_HEADER_OPENSSLCONF_H +/* Keep in sync with the list in rust/bssl-sys/build.rs */ #define OPENSSL_NO_ASYNC #define OPENSSL_NO_BF diff --git a/src/include/openssl/rand.h b/src/include/openssl/rand.h index 6193c001..215798e5 100644 --- a/src/include/openssl/rand.h +++ b/src/include/openssl/rand.h @@ -43,6 +43,11 @@ OPENSSL_EXPORT int RAND_bytes(uint8_t *buf, size_t len); // It has an unusual name because the buffer is unsafe across calls to |fork|. // Hence, this function should never be called by libraries. OPENSSL_EXPORT void RAND_enable_fork_unsafe_buffering(int fd); + +// RAND_disable_fork_unsafe_buffering disables efficient buffered reading of +// /dev/urandom, causing BoringSSL to always draw entropy on every request +// for random bytes. +OPENSSL_EXPORT void RAND_disable_fork_unsafe_buffering(void); #endif #if defined(BORINGSSL_UNSAFE_DETERMINISTIC_MODE) diff --git a/src/include/openssl/ssl.h b/src/include/openssl/ssl.h index e500dd76..003e0a5f 100644 --- a/src/include/openssl/ssl.h +++ b/src/include/openssl/ssl.h @@ -5840,6 +5840,7 @@ BSSL_NAMESPACE_END #define SSL_R_ECH_REJECTED 319 #define SSL_R_INVALID_OUTER_EXTENSION 320 #define SSL_R_INCONSISTENT_ECH_NEGOTIATION 321 +#define SSL_R_INVALID_ALPS_CODEPOINT 322 #define SSL_R_SSLV3_ALERT_CLOSE_NOTIFY 1000 #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 diff --git a/src/include/openssl/target.h b/src/include/openssl/target.h index 12736416..3e777313 100644 --- a/src/include/openssl/target.h +++ b/src/include/openssl/target.h @@ -55,10 +55,22 @@ #elif defined(__myriad2__) #define OPENSSL_32_BIT #else -// Note BoringSSL only supports standard 32-bit and 64-bit two's-complement, -// little-endian architectures. Functions will not produce the correct answer -// on other systems. Run the crypto_test binary, notably -// crypto/compiler_test.cc, before adding a new architecture. +// The list above enumerates the platforms that BoringSSL supports. For these +// platforms we keep a reasonable bar of not breaking them: automated test +// coverage, for one, but also we need access to these types for machines for +// fixing them. +// +// However, we know that anything that seems to work will soon be expected +// to work and, quickly, the implicit expectation is that every machine will +// always work. So this list serves to mark the boundary of what we guarantee. +// Of course, you can run the code any many more machines, but then you're +// taking on the burden of fixing it and, if you're doing that, then you must +// be able to carry local patches. In which case patching this list is trivial. +// +// BoringSSL will only possibly work on standard 32-bit and 64-bit +// two's-complement, little-endian architectures. Functions will not produce +// the correct answer on other systems. Run the crypto_test binary, notably +// crypto/compiler_test.cc, before trying a new architecture. #error "Unknown target CPU" #endif diff --git a/src/include/openssl/x509.h b/src/include/openssl/x509.h index 03344579..8a1e2933 100644 --- a/src/include/openssl/x509.h +++ b/src/include/openssl/x509.h @@ -2097,20 +2097,22 @@ OPENSSL_EXPORT ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl); OPENSSL_EXPORT ASN1_INTEGER *X509_get_serialNumber(X509 *x509); // X509_NAME_get_text_by_OBJ finds the first attribute with type |obj| in -// |name|. If found, it ignores the value's ASN.1 type, writes the raw -// |ASN1_STRING| representation to |buf|, followed by a NUL byte, and -// returns the number of bytes in output, excluding the NUL byte. -// -// This function writes at most |len| bytes, including the NUL byte. If |len| is -// not large enough, it silently truncates the output to fit. If |buf| is NULL, -// it instead writes enough and returns the number of bytes in the output, -// excluding the NUL byte. -// -// WARNING: Do not use this function. It does not return enough information for -// the caller to correctly interpret its output. The attribute value may be of -// any type, including one of several ASN.1 string encodings, but this function -// only outputs the raw |ASN1_STRING| representation. See -// https://crbug.com/boringssl/436. +// |name|. If found, it writes the value's UTF-8 representation to |buf|. +// followed by a NUL byte, and returns the number of bytes in the output, +// excluding the NUL byte. This is unlike OpenSSL which returns the raw +// ASN1_STRING data. The UTF-8 encoding of the |ASN1_STRING| may not contain a 0 +// codepoint. +// +// This function writes at most |len| bytes, including the NUL byte. If |buf| +// is NULL, it writes nothing and returns the number of bytes in the +// output, excluding the NUL byte that would be required for the full UTF-8 +// output. +// +// This function may return -1 if an error occurs for any reason, including the +// value not being a recognized string type, |len| being of insufficient size to +// hold the full UTF-8 encoding and NUL byte, memory allocation failures, an +// object with type |obj| not existing in |name|, or if the UTF-8 encoding of +// the string contains a zero byte. OPENSSL_EXPORT int X509_NAME_get_text_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, char *buf, int len); diff --git a/src/rust/bssl-crypto/src/cipher/aes_cbc.rs b/src/rust/bssl-crypto/src/cipher/aes_cbc.rs new file mode 100644 index 00000000..6d22a180 --- /dev/null +++ b/src/rust/bssl-crypto/src/cipher/aes_cbc.rs @@ -0,0 +1,194 @@ +/* Copyright (c) 2023, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +extern crate alloc; + +use crate::cipher::{ + BlockCipher, Cipher, CipherError, CipherInitPurpose, EvpAes128Cbc, EvpAes256Cbc, +}; +use alloc::vec::Vec; + +/// AES-CBC-128 Cipher implementation. +pub struct Aes128Cbc(Cipher<EvpAes128Cbc>); + +impl BlockCipher for Aes128Cbc { + type Key = [u8; 16]; + type Nonce = [u8; 16]; + + fn new_encrypt(key: &Self::Key, nonce: &Self::Nonce) -> Self { + Self(Cipher::new(key, nonce, CipherInitPurpose::Encrypt)) + } + + fn new_decrypt(key: &Self::Key, nonce: &Self::Nonce) -> Self { + Self(Cipher::new(key, nonce, CipherInitPurpose::Decrypt)) + } + + fn encrypt_padded(self, buffer: &[u8]) -> Result<Vec<u8>, CipherError> { + // Note: Padding is enabled because we did not disable it with `EVP_CIPHER_CTX_set_padding` + self.0.encrypt(buffer) + } + + fn decrypt_padded(self, buffer: &[u8]) -> Result<Vec<u8>, CipherError> { + // Note: Padding is enabled because we did not disable it with `EVP_CIPHER_CTX_set_padding` + self.0.decrypt(buffer) + } +} + +/// AES-CBC-256 Cipher implementation. +pub struct Aes256Cbc(Cipher<EvpAes256Cbc>); + +impl BlockCipher for Aes256Cbc { + type Key = [u8; 32]; + type Nonce = [u8; 16]; + + fn new_encrypt(key: &Self::Key, nonce: &Self::Nonce) -> Self { + Self(Cipher::new(key, nonce, CipherInitPurpose::Encrypt)) + } + + fn new_decrypt(key: &Self::Key, nonce: &Self::Nonce) -> Self { + Self(Cipher::new(key, nonce, CipherInitPurpose::Decrypt)) + } + + fn encrypt_padded(self, buffer: &[u8]) -> Result<Vec<u8>, CipherError> { + // Note: Padding is enabled because we did not disable it with `EVP_CIPHER_CTX_set_padding` + self.0.encrypt(buffer) + } + + fn decrypt_padded(self, buffer: &[u8]) -> Result<Vec<u8>, CipherError> { + // Note: Padding is enabled because we did not disable it with `EVP_CIPHER_CTX_set_padding` + self.0.decrypt(buffer) + } +} + +#[allow(clippy::expect_used)] +#[cfg(test)] +mod test { + use super::*; + use crate::test_helpers::decode_hex; + + #[test] + fn aes_128_cbc_test_encrypt() { + // https://github.com/google/wycheproof/blob/master/testvectors/aes_cbc_pkcs5_test.json#L30 + // tcId: 2 + let iv = decode_hex("c9ee3cd746bf208c65ca9e72a266d54f"); + let key = decode_hex("e09eaa5a3f5e56d279d5e7a03373f6ea"); + + let cipher = Aes128Cbc::new_encrypt(&key, &iv); + let msg: [u8; 16] = decode_hex("ef4eab37181f98423e53e947e7050fd0"); + + let output = cipher.encrypt_padded(&msg).expect("Failed to encrypt"); + + let expected_ciphertext: [u8; 32] = + decode_hex("d1fa697f3e2e04d64f1a0da203813ca5bc226a0b1d42287b2a5b994a66eaf14a"); + assert_eq!(expected_ciphertext, &output[..]); + } + + #[test] + fn aes_128_cbc_test_encrypt_more_than_one_block() { + // https://github.com/google/wycheproof/blob/master/testvectors/aes_cbc_pkcs5_test.json#L210 + // tcId: 20 + let iv = decode_hex("54f2459e40e002763144f4752cde2fb5"); + let key = decode_hex("831e664c9e3f0c3094c0b27b9d908eb2"); + + let cipher = Aes128Cbc::new_encrypt(&key, &iv); + let msg: [u8; 17] = decode_hex("26603bb76dd0a0180791c4ed4d3b058807"); + + let output = cipher.encrypt_padded(&msg).expect("Failed to encrypt"); + + let expected_ciphertext: [u8; 32] = + decode_hex("8d55dc10584e243f55d2bdbb5758b7fabcd58c8d3785f01c7e3640b2a1dadcd9"); + assert_eq!(expected_ciphertext, &output[..]); + } + + #[test] + fn aes_128_cbc_test_decrypt() { + // https://github.com/google/wycheproof/blob/master/testvectors/aes_cbc_pkcs5_test.json#L30 + // tcId: 2 + let key = decode_hex("e09eaa5a3f5e56d279d5e7a03373f6ea"); + let iv = decode_hex("c9ee3cd746bf208c65ca9e72a266d54f"); + let cipher = Aes128Cbc::new_decrypt(&key, &iv); + let ciphertext: [u8; 32] = + decode_hex("d1fa697f3e2e04d64f1a0da203813ca5bc226a0b1d42287b2a5b994a66eaf14a"); + let decrypted = cipher + .decrypt_padded(&ciphertext) + .expect("Failed to decrypt"); + let expected_plaintext: [u8; 16] = decode_hex("ef4eab37181f98423e53e947e7050fd0"); + assert_eq!(expected_plaintext, &decrypted[..]); + } + + #[test] + fn aes_128_cbc_test_decrypt_empty_message() { + // https://github.com/google/wycheproof/blob/master/testvectors/aes_cbc_pkcs5_test.json#L20 + // tcId: 1 + let key = decode_hex("e34f15c7bd819930fe9d66e0c166e61c"); + let iv = decode_hex("da9520f7d3520277035173299388bee2"); + let cipher = Aes128Cbc::new_decrypt(&key, &iv); + let ciphertext: [u8; 16] = decode_hex("b10ab60153276941361000414aed0a9d"); + let decrypted = cipher + .decrypt_padded(&ciphertext) + .expect("Failed to decrypt"); + let expected_plaintext: [u8; 0] = decode_hex(""); + assert_eq!(expected_plaintext, &decrypted[..]); + } + + #[test] + pub fn aes_256_cbc_test_encrypt() { + // https://github.com/google/wycheproof/blob/master/testvectors/aes_cbc_pkcs5_test.json#L1412 + // tcId: 124 + let iv = decode_hex("9ec7b863ac845cad5e4673da21f5b6a9"); + let key = decode_hex("612e837843ceae7f61d49625faa7e7494f9253e20cb3adcea686512b043936cd"); + + let cipher = Aes256Cbc::new_encrypt(&key, &iv); + let msg: [u8; 16] = decode_hex("cc37fae15f745a2f40e2c8b192f2b38d"); + + let output = cipher.encrypt_padded(&msg).expect("Failed to encrypt"); + + let expected_ciphertext: [u8; 32] = + decode_hex("299295be47e9f5441fe83a7a811c4aeb2650333e681e69fa6b767d28a6ccf282"); + assert_eq!(expected_ciphertext, &output[..]); + } + + #[test] + pub fn aes_256_cbc_test_encrypt_more_than_one_block() { + // https://github.com/google/wycheproof/blob/master/testvectors/aes_cbc_pkcs5_test.json#L1582C24-L1582C24 + // tcId: 141 + let iv = decode_hex("4b74bd981ea9d074757c3e2ef515e5fb"); + let key = decode_hex("73216fafd0022d0d6ee27198b2272578fa8f04dd9f44467fbb6437aa45641bf7"); + + let cipher = Aes256Cbc::new_encrypt(&key, &iv); + let msg: [u8; 17] = decode_hex("d5247b8f6c3edcbfb1d591d13ece23d2f5"); + + let output = cipher.encrypt_padded(&msg).expect("Failed to encrypt"); + + let expected_ciphertext: [u8; 32] = + decode_hex("fbea776fb1653635f88e2937ed2450ba4e9063e96d7cdba04928f01cb85492fe"); + assert_eq!(expected_ciphertext, &output[..]); + } + + #[test] + fn aes_256_cbc_test_decrypt() { + // https://github.com/google/wycheproof/blob/master/testvectors/aes_cbc_pkcs5_test.json#L1452 + // tcId: 128 + let key = decode_hex("ea3b016bdd387dd64d837c71683808f335dbdc53598a4ea8c5f952473fafaf5f"); + let iv = decode_hex("fae3e2054113f6b3b904aadbfe59655c"); + let cipher = Aes256Cbc::new_decrypt(&key, &iv); + let ciphertext: [u8; 16] = decode_hex("b90c326b72eb222ddb4dae47f2bc223c"); + let decrypted = cipher + .decrypt_padded(&ciphertext) + .expect("Failed to decrypt"); + let expected_plaintext: [u8; 2] = decode_hex("6601"); + assert_eq!(expected_plaintext, &decrypted[..]); + } +} diff --git a/src/rust/bssl-crypto/src/cipher/aes_ctr.rs b/src/rust/bssl-crypto/src/cipher/aes_ctr.rs index 1375d3e8..c9a122f0 100644 --- a/src/rust/bssl-crypto/src/cipher/aes_ctr.rs +++ b/src/rust/bssl-crypto/src/cipher/aes_ctr.rs @@ -13,7 +13,9 @@ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -use crate::cipher::{Cipher, CipherError, EvpAes128Ctr, EvpAes256Ctr, StreamCipher}; +use crate::cipher::{ + Cipher, CipherError, CipherInitPurpose, EvpAes128Ctr, EvpAes256Ctr, StreamCipher, +}; /// AES-CTR-128 Cipher implementation. pub struct Aes128Ctr(Cipher<EvpAes128Ctr>); @@ -24,7 +26,7 @@ impl StreamCipher for Aes128Ctr { /// Creates a new AES-128-CTR cipher instance from key material. fn new(key: &Self::Key, nonce: &Self::Nonce) -> Self { - Self(Cipher::new(key, nonce)) + Self(Cipher::new(key, nonce, CipherInitPurpose::Encrypt)) } /// Applies the keystream in-place, advancing the counter state appropriately. @@ -42,7 +44,7 @@ impl StreamCipher for Aes256Ctr { /// Creates a new AES-256-CTR cipher instance from key material. fn new(key: &Self::Key, nonce: &Self::Nonce) -> Self { - Self(Cipher::new(key, nonce)) + Self(Cipher::new(key, nonce, CipherInitPurpose::Encrypt)) } /// Applies the keystream in-place, advancing the counter state appropriately. diff --git a/src/rust/bssl-crypto/src/cipher/mod.rs b/src/rust/bssl-crypto/src/cipher/mod.rs index 2ff6b3ab..16def56b 100644 --- a/src/rust/bssl-crypto/src/cipher/mod.rs +++ b/src/rust/bssl-crypto/src/cipher/mod.rs @@ -13,7 +13,11 @@ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +extern crate alloc; + use crate::{CSlice, CSliceMut}; +use alloc::vec; +use alloc::vec::Vec; use bssl_sys::EVP_CIPHER; use core::ffi::c_int; use core::marker::PhantomData; @@ -21,6 +25,9 @@ use core::marker::PhantomData; /// AES-CTR stream cipher operations. pub mod aes_ctr; +/// AES-CBC stream cipher operations. +pub mod aes_cbc; + /// Error returned in the event of an unsuccessful cipher operation. #[derive(Debug)] pub struct CipherError; @@ -42,6 +49,33 @@ pub trait StreamCipher { fn apply_keystream(&mut self, buffer: &mut [u8]) -> Result<(), CipherError>; } +/// Synchronous block cipher trait. +pub trait BlockCipher { + /// The byte array key type which specifies the size of the key used to instantiate the cipher. + type Key: AsRef<[u8]>; + + /// The byte array nonce type which specifies the size of the nonce used in the cipher + /// operations. + type Nonce: AsRef<[u8]>; + + /// Instantiate a new instance of a block cipher for encryption from a `key` and `iv`. + fn new_encrypt(key: &Self::Key, iv: &Self::Nonce) -> Self; + + /// Instantiate a new instance of a block cipher for decryption from a `key` and `iv`. + fn new_decrypt(key: &Self::Key, iv: &Self::Nonce) -> Self; + + /// Encrypts the given data in `buffer`, and returns the result (with padding) in a newly + /// allocated vector, or a [`CipherError`] if the operation was unsuccessful. + fn encrypt_padded(self, buffer: &[u8]) -> Result<Vec<u8>, CipherError>; + + /// Decrypts the given data in a `buffer`, and returns the result (with padding removed) in a + /// newly allocated vector, or a [`CipherError`] if the operation was unsuccessful. + fn decrypt_padded(self, buffer: &[u8]) -> Result<Vec<u8>, CipherError>; +} + +/// A cipher type, where `Key` is the size of the Key and `Nonce` is the size of the nonce or IV. +/// This must only be exposed publicly by types who ensure that `Key` is the correct size for the +/// given CipherType. This can be checked via `bssl_sys::EVP_CIPHER_key_length`. trait EvpCipherType { type Key: AsRef<[u8]>; type Nonce: AsRef<[u8]>; @@ -70,19 +104,41 @@ impl EvpCipherType for EvpAes256Ctr { } } -// Internal cipher implementation which wraps EVP_CIPHER_*, where K is the size of the Key and I is -// the size of the IV. This must only be exposed publicly by types who ensure that K is the correct -// size for the given CipherType. This can be checked via bssl_sys::EVP_CIPHER_key_length. -// -// WARNING: This is not safe to re-use for the CBC mode of operation since it is applying the -// key stream in-place. +struct EvpAes128Cbc; +impl EvpCipherType for EvpAes128Cbc { + type Key = [u8; 16]; + type Nonce = [u8; 16]; + fn evp_cipher() -> *const EVP_CIPHER { + // Safety: + // - this just returns a constant value + unsafe { bssl_sys::EVP_aes_128_cbc() } + } +} + +struct EvpAes256Cbc; +impl EvpCipherType for EvpAes256Cbc { + type Key = [u8; 32]; + type Nonce = [u8; 16]; + fn evp_cipher() -> *const EVP_CIPHER { + // Safety: + // - this just returns a constant value + unsafe { bssl_sys::EVP_aes_256_cbc() } + } +} + +enum CipherInitPurpose { + Encrypt, + Decrypt, +} + +/// Internal cipher implementation which wraps `EVP_CIPHER_*` struct Cipher<C: EvpCipherType> { ctx: *mut bssl_sys::EVP_CIPHER_CTX, _marker: PhantomData<C>, } impl<C: EvpCipherType> Cipher<C> { - fn new(key: &C::Key, iv: &C::Nonce) -> Self { + fn new(key: &C::Key, iv: &C::Nonce, purpose: CipherInitPurpose) -> Self { // Safety: // - Panics on allocation failure. let ctx = unsafe { bssl_sys::EVP_CIPHER_CTX_new() }; @@ -94,14 +150,25 @@ impl<C: EvpCipherType> Cipher<C> { // Safety: // - Key size and iv size must be properly set by the higher level wrapper types. // - Panics on allocation failure. - let result = unsafe { - bssl_sys::EVP_EncryptInit_ex( - ctx, - C::evp_cipher(), - core::ptr::null_mut(), - key_cslice.as_ptr(), - iv_cslice.as_ptr(), - ) + let result = match purpose { + CipherInitPurpose::Encrypt => unsafe { + bssl_sys::EVP_EncryptInit_ex( + ctx, + C::evp_cipher(), + core::ptr::null_mut(), + key_cslice.as_ptr(), + iv_cslice.as_ptr(), + ) + }, + CipherInitPurpose::Decrypt => unsafe { + bssl_sys::EVP_DecryptInit_ex( + ctx, + C::evp_cipher(), + core::ptr::null_mut(), + key_cslice.as_ptr(), + iv_cslice.as_ptr(), + ) + }, }; assert_eq!(result, 1); @@ -111,7 +178,20 @@ impl<C: EvpCipherType> Cipher<C> { } } + fn cipher_mode(&self) -> u32 { + // Safety: + // - The cipher context is initialized with EVP_EncryptInit_ex in `new` + unsafe { bssl_sys::EVP_CIPHER_CTX_mode(self.ctx) } + } + fn apply_keystream_in_place(&mut self, buffer: &mut [u8]) -> Result<(), CipherError> { + // WARNING: This is not safe to re-use for the CBC mode of operation since it is applying + // the key stream in-place. + assert_eq!( + self.cipher_mode(), + bssl_sys::EVP_CIPH_CTR_MODE as u32, + "Cannot use apply_keystraem_in_place for non-CTR modes" + ); let mut cslice_buf_mut = CSliceMut::from(buffer); let mut out_len = 0; @@ -135,6 +215,143 @@ impl<C: EvpCipherType> Cipher<C> { Err(CipherError) } } + + #[allow(clippy::expect_used)] + fn encrypt(self, buffer: &[u8]) -> Result<Vec<u8>, CipherError> { + // Safety: self.ctx is initialized with a cipher in `new()`. + let block_size_u32 = unsafe { bssl_sys::EVP_CIPHER_CTX_block_size(self.ctx) }; + let block_size: usize = block_size_u32 + .try_into() + .expect("Block size should always fit in usize"); + // Allocate an output vec that is large enough for both EncryptUpdate and EncryptFinal + // operations + let max_encrypt_update_output_size = buffer.len() + block_size - 1; + let max_encrypt_final_output_size = block_size; + let mut output_vec = + vec![0_u8; max_encrypt_update_output_size + max_encrypt_final_output_size]; + // EncryptUpdate block + let update_out_len_usize = { + let mut cslice_out_buf_mut = CSliceMut::from(&mut output_vec[..]); + let mut update_out_len = 0; + + let cslice_in_buf = CSlice::from(buffer); + let in_buff_len_int = c_int::try_from(cslice_in_buf.len()).map_err(|_| CipherError)?; + + // Safety: + // - `EVP_EncryptUpdate` requires that "The number of output bytes may be up to `in_len` + // plus the block length minus one and `out` must have sufficient space". This is the + // `max_encrypt_update_output_size` part of the output_vec's capacity. + let update_result = unsafe { + bssl_sys::EVP_EncryptUpdate( + self.ctx, + cslice_out_buf_mut.as_mut_ptr(), + &mut update_out_len, + cslice_in_buf.as_ptr(), + in_buff_len_int, + ) + }; + if update_result != 1 { + return Err(CipherError); + } + update_out_len + .try_into() + .expect("Output length should always fit in usize") + }; + + // EncryptFinal block + { + // Slice indexing here will not panic because we ensured `output_vec` is larger than + // what `EncryptUpdate` will write. + #[allow(clippy::indexing_slicing)] + let mut cslice_finalize_buf_mut = + CSliceMut::from(&mut output_vec[update_out_len_usize..]); + let mut final_out_len = 0; + let final_result = unsafe { + bssl_sys::EVP_EncryptFinal_ex( + self.ctx, + cslice_finalize_buf_mut.as_mut_ptr(), + &mut final_out_len, + ) + }; + let final_put_len_usize = + <usize>::try_from(final_out_len).expect("Output length should always fit in usize"); + if final_result == 1 { + output_vec.truncate(update_out_len_usize + final_put_len_usize) + } else { + return Err(CipherError); + } + } + Ok(output_vec) + } + + #[allow(clippy::expect_used)] + fn decrypt(self, in_buffer: &[u8]) -> Result<Vec<u8>, CipherError> { + // Safety: self.ctx is initialized with a cipher in `new()`. + let block_size_u32 = unsafe { bssl_sys::EVP_CIPHER_CTX_block_size(self.ctx) }; + let block_size: usize = block_size_u32 + .try_into() + .expect("Block size should always fit in usize"); + // Allocate an output vec that is large enough for both DecryptUpdate and DecryptFinal + // operations + let max_decrypt_update_output_size = in_buffer.len() + block_size - 1; + let max_decrypt_final_output_size = block_size; + let mut output_vec = + vec![0_u8; max_decrypt_update_output_size + max_decrypt_final_output_size]; + + // DecryptUpdate block + let update_out_len_usize = { + let mut cslice_out_buf_mut = CSliceMut::from(&mut output_vec[..]); + let mut update_out_len = 0; + + let cslice_in_buf = CSlice::from(in_buffer); + let in_buff_len_int = c_int::try_from(cslice_in_buf.len()).map_err(|_| CipherError)?; + + // Safety: + // - `EVP_DecryptUpdate` requires that "The number of output bytes may be up to `in_len` + // plus the block length minus one and `out` must have sufficient space". This is the + // `max_decrypt_update_output_size` part of the output_vec's capacity. + let update_result = unsafe { + bssl_sys::EVP_DecryptUpdate( + self.ctx, + cslice_out_buf_mut.as_mut_ptr(), + &mut update_out_len, + cslice_in_buf.as_ptr(), + in_buff_len_int, + ) + }; + if update_result != 1 { + return Err(CipherError); + } + update_out_len + .try_into() + .expect("Output length should always fit in usize") + }; + + // DecryptFinal block + { + // Slice indexing here will not panic because we ensured `output_vec` is larger than + // what `DecryptUpdate` will write. + #[allow(clippy::indexing_slicing)] + let mut cslice_final_buf_mut = CSliceMut::from(&mut output_vec[update_out_len_usize..]); + let mut final_out_len = 0; + let final_result = unsafe { + bssl_sys::EVP_DecryptFinal_ex( + self.ctx, + cslice_final_buf_mut.as_mut_ptr(), + &mut final_out_len, + ) + }; + let final_put_len_usize = + <usize>::try_from(final_out_len).expect("Output length should always fit in usize"); + + if final_result == 1 { + output_vec.truncate(update_out_len_usize + final_put_len_usize) + } else { + return Err(CipherError); + } + } + Ok(output_vec) + } } impl<C: EvpCipherType> Drop for Cipher<C> { @@ -144,3 +361,34 @@ impl<C: EvpCipherType> Drop for Cipher<C> { unsafe { bssl_sys::EVP_CIPHER_CTX_free(self.ctx) } } } + +#[cfg(test)] +mod test { + use crate::cipher::{CipherInitPurpose, EvpAes128Cbc, EvpAes128Ctr}; + + use super::Cipher; + + #[test] + fn test_cipher_mode() { + assert_eq!( + Cipher::<EvpAes128Ctr>::new(&[0; 16], &[0; 16], CipherInitPurpose::Encrypt) + .cipher_mode(), + bssl_sys::EVP_CIPH_CTR_MODE as u32 + ); + + assert_eq!( + Cipher::<EvpAes128Cbc>::new(&[0; 16], &[0; 16], CipherInitPurpose::Encrypt) + .cipher_mode(), + bssl_sys::EVP_CIPH_CBC_MODE as u32 + ); + } + + #[should_panic] + #[test] + fn test_apply_keystream_on_cbc() { + let mut cipher = + Cipher::<EvpAes128Cbc>::new(&[0; 16], &[0; 16], CipherInitPurpose::Encrypt); + let mut buf = [0; 16]; + let _ = cipher.apply_keystream_in_place(&mut buf); // This should panic + } +} diff --git a/src/rust/bssl-sys/Cargo.toml b/src/rust/bssl-sys/Cargo.toml index 634ed3cf..b01979a3 100644 --- a/src/rust/bssl-sys/Cargo.toml +++ b/src/rust/bssl-sys/Cargo.toml @@ -5,3 +5,7 @@ authors = ["Benjamin Brittain <bwb@google.com>"] edition = "2018" publish = false license = "MIT" + +# This exists to workaround a limitation in cargo: +# https://github.com/rust-lang/cargo/issues/3544 +links = "bssl" diff --git a/src/rust/bssl-sys/README.md b/src/rust/bssl-sys/README.md index e2efd6c4..c988813b 100644 --- a/src/rust/bssl-sys/README.md +++ b/src/rust/bssl-sys/README.md @@ -7,6 +7,8 @@ A low-level binding crate for Rust that moves in lockstop with BoringSSL. Boring `bssl-sys` uses `bindgen` as part of the cmake build process to generate Rust compatibility shims for the targeted platform. It is important to generate it for the correct platform because `bindgen` uses LLVM information for alignment which varies depending on architecture. ### To Use -Build `boringssl` with `-DRUST_BINDINGS=<rust-triple>` and ensure that you have `bindgen` installed. The `rust-triple` option should match the [Rust target triple](https://doc.rust-lang.org/nightly/rustc/platform-support.html) when building `bssl-sys`. +1. Build `boringssl` with `-DRUST_BINDINGS=<rust-triple>`, which should match the [Rust target triple](https://doc.rust-lang.org/nightly/rustc/platform-support.html) when building `bssl-sys`, +2. install `bindgen`, and +3. install [`cargo-deny`](https://github.com/EmbarkStudios/cargo-deny). -From there, the `bssl-sys` crate can be built. By default, it looks for `bindgen` output and BoringSSL static libraries in the `build` directory. This can be reconfigured with `BORINGSSL_BUILD_DIR` environment variable. Note the environment variable is evaluated relative to `rust/bssl-sys/src`, so using an absolute path may be more convenient. +After that, the `bssl-sys` crate can be built. By default, it looks for `bindgen` output and BoringSSL static libraries in the `build` directory. This can be reconfigured with `BORINGSSL_BUILD_DIR` environment variable. Note the environment variable is evaluated relative to `rust/bssl-sys/src`, so using an absolute path may be more convenient. diff --git a/src/rust/bssl-sys/build.rs b/src/rust/bssl-sys/build.rs index 2d7461ab..91a9f8a8 100644 --- a/src/rust/bssl-sys/build.rs +++ b/src/rust/bssl-sys/build.rs @@ -17,6 +17,57 @@ use std::env; use std::path::Path; use std::path::PathBuf; +// Keep in sync with the list in include/openssl/opensslconf.h +const OSSL_CONF_DEFINES: &[&str] = &[ + "OPENSSL_NO_ASYNC", + "OPENSSL_NO_BF", + "OPENSSL_NO_BLAKE2", + "OPENSSL_NO_BUF_FREELISTS", + "OPENSSL_NO_CAMELLIA", + "OPENSSL_NO_CAPIENG", + "OPENSSL_NO_CAST", + "OPENSSL_NO_CMS", + "OPENSSL_NO_COMP", + "OPENSSL_NO_CT", + "OPENSSL_NO_DANE", + "OPENSSL_NO_DEPRECATED", + "OPENSSL_NO_DGRAM", + "OPENSSL_NO_DYNAMIC_ENGINE", + "OPENSSL_NO_EC_NISTP_64_GCC_128", + "OPENSSL_NO_EC2M", + "OPENSSL_NO_EGD", + "OPENSSL_NO_ENGINE", + "OPENSSL_NO_GMP", + "OPENSSL_NO_GOST", + "OPENSSL_NO_HEARTBEATS", + "OPENSSL_NO_HW", + "OPENSSL_NO_IDEA", + "OPENSSL_NO_JPAKE", + "OPENSSL_NO_KRB5", + "OPENSSL_NO_MD2", + "OPENSSL_NO_MDC2", + "OPENSSL_NO_OCB", + "OPENSSL_NO_OCSP", + "OPENSSL_NO_RC2", + "OPENSSL_NO_RC5", + "OPENSSL_NO_RFC3779", + "OPENSSL_NO_RIPEMD", + "OPENSSL_NO_RMD160", + "OPENSSL_NO_SCTP", + "OPENSSL_NO_SEED", + "OPENSSL_NO_SM2", + "OPENSSL_NO_SM3", + "OPENSSL_NO_SM4", + "OPENSSL_NO_SRP", + "OPENSSL_NO_SSL_TRACE", + "OPENSSL_NO_SSL2", + "OPENSSL_NO_SSL3", + "OPENSSL_NO_SSL3_METHOD", + "OPENSSL_NO_STATIC_ENGINE", + "OPENSSL_NO_STORE", + "OPENSSL_NO_WHIRLPOOL", +]; + fn get_bssl_build_dir() -> PathBuf { println!("cargo:rerun-if-env-changed=BORINGSSL_BUILD_DIR"); if let Some(build_dir) = env::var_os("BORINGSSL_BUILD_DIR") { @@ -54,4 +105,6 @@ fn main() { bssl_sys_build_dir.display() ); println!("cargo:rustc-link-lib=static=rust_wrapper"); + + println!("cargo:conf={}", OSSL_CONF_DEFINES.join(",")); } diff --git a/src/sources.cmake b/src/sources.cmake index d2e15c73..1e90a60b 100644 --- a/src/sources.cmake +++ b/src/sources.cmake @@ -38,6 +38,7 @@ set( crypto/fipsmodule/cmac/cmac_test.cc crypto/fipsmodule/ec/ec_test.cc crypto/fipsmodule/ec/p256-nistz_test.cc + crypto/fipsmodule/ec/p256_test.cc crypto/fipsmodule/ecdsa/ecdsa_test.cc crypto/fipsmodule/hkdf/hkdf_test.cc crypto/fipsmodule/md5/md5_test.cc @@ -50,6 +51,7 @@ set( crypto/hmac_extra/hmac_test.cc crypto/hrss/hrss_test.cc crypto/impl_dispatch_test.cc + crypto/keccak/keccak_test.cc crypto/kyber/kyber_test.cc crypto/lhash/lhash_test.cc crypto/obj/obj_test.cc @@ -141,7 +143,7 @@ set( crypto/fipsmodule/rand/ctrdrbg_vectors.txt crypto/hmac_extra/hmac_tests.txt crypto/hpke/hpke_test_vectors.txt - crypto/kyber/keccak_tests.txt + crypto/keccak/keccak_tests.txt crypto/kyber/kyber_tests.txt crypto/pkcs8/test/empty_password.p12 crypto/pkcs8/test/no_encryption.p12 @@ -408,6 +410,7 @@ set( pki/path_builder_pkits_unittest.cc pki/path_builder_unittest.cc pki/path_builder_verify_certificate_chain_unittest.cc + pki/pem_unittest.cc pki/signature_algorithm_unittest.cc pki/simple_path_builder_delegate_unittest.cc pki/string_util_unittest.cc diff --git a/src/ssl/d1_both.cc b/src/ssl/d1_both.cc index 55c92fad..b910b96d 100644 --- a/src/ssl/d1_both.cc +++ b/src/ssl/d1_both.cc @@ -184,11 +184,10 @@ static UniquePtr<hm_fragment> dtls1_hm_fragment_new( return nullptr; } size_t bitmask_len = (msg_hdr->msg_len + 7) / 8; - frag->reassembly = (uint8_t *)OPENSSL_malloc(bitmask_len); + frag->reassembly = (uint8_t *)OPENSSL_zalloc(bitmask_len); if (frag->reassembly == NULL) { return nullptr; } - OPENSSL_memset(frag->reassembly, 0, bitmask_len); } return frag; diff --git a/src/ssl/handoff.cc b/src/ssl/handoff.cc index 037e070e..7f78a1a5 100644 --- a/src/ssl/handoff.cc +++ b/src/ssl/handoff.cc @@ -41,7 +41,7 @@ enum early_data_t { // serialize_features adds a description of features supported by this binary to // |out|. Returns true on success and false on error. -static bool serialize_features(CBB *out, uint16_t alps_extension_type) { +static bool serialize_features(CBB *out) { CBB ciphers; if (!CBB_add_asn1(out, &ciphers, CBS_ASN1_OCTETSTRING)) { return false; @@ -68,7 +68,8 @@ static bool serialize_features(CBB *out, uint16_t alps_extension_type) { // removed. CBB alps; if (!CBB_add_asn1(out, &alps, kHandoffTagALPS) || - !CBB_add_u16(&alps, alps_extension_type)) { + !CBB_add_u16(&alps, TLSEXT_TYPE_application_settings_old) || + !CBB_add_u16(&alps, TLSEXT_TYPE_application_settings)) { return false; } return CBB_flush(out); @@ -87,17 +88,13 @@ bool SSL_serialize_handoff(const SSL *ssl, CBB *out, SSLMessage msg; Span<const uint8_t> transcript = s3->hs->transcript.buffer(); - uint16_t alps_extension_type = TLSEXT_TYPE_application_settings_old; - if (s3->hs->config->alps_use_new_codepoint) { - alps_extension_type = TLSEXT_TYPE_application_settings; - } if (!CBB_add_asn1(out, &seq, CBS_ASN1_SEQUENCE) || !CBB_add_asn1_uint64(&seq, kHandoffVersion) || !CBB_add_asn1_octet_string(&seq, transcript.data(), transcript.size()) || !CBB_add_asn1_octet_string(&seq, reinterpret_cast<uint8_t *>(s3->hs_buf->data), s3->hs_buf->length) || - !serialize_features(&seq, alps_extension_type) || + !serialize_features(&seq) || !CBB_flush(out) || !ssl->method->get_message(ssl, &msg) || !ssl_client_hello_init(ssl, out_hello, msg.body)) { @@ -450,6 +447,16 @@ bool SSL_serialize_handback(const SSL *ssl, CBB *out) { hs->early_traffic_secret().size())) { return false; } + + if (session->has_application_settings) { + uint16_t alps_codepoint = TLSEXT_TYPE_application_settings_old; + if (hs->config->alps_use_new_codepoint) { + alps_codepoint = TLSEXT_TYPE_application_settings; + } + if (!CBB_add_asn1_uint64(&seq, alps_codepoint)) { + return false; + } + } } return CBB_flush(out); } @@ -469,7 +476,8 @@ bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) { } SSL3_STATE *const s3 = ssl->s3; - uint64_t handback_version, unused_token_binding_param, cipher, type_u64; + uint64_t handback_version, unused_token_binding_param, cipher, type_u64, + alps_codepoint; CBS seq, read_seq, write_seq, server_rand, client_rand, read_iv, write_iv, next_proto, alpn, hostname, unused_channel_id, transcript, key_share; @@ -569,6 +577,28 @@ bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) { !CBS_get_asn1(&seq, &early_traffic_secret, CBS_ASN1_OCTETSTRING)) { return false; } + + if (session->has_application_settings) { + // Making it optional to keep compatibility with older handshakers. + // Older handshakers won't send the field. + if (CBS_len(&seq) == 0) { + hs->config->alps_use_new_codepoint = false; + } else { + if (!CBS_get_asn1_uint64(&seq, &alps_codepoint)) { + return false; + } + + if (alps_codepoint == TLSEXT_TYPE_application_settings) { + hs->config->alps_use_new_codepoint = true; + } else if (alps_codepoint == TLSEXT_TYPE_application_settings_old) { + hs->config->alps_use_new_codepoint = false; + } else { + OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_ALPS_CODEPOINT); + return false; + } + } + } + if (ticket_age_skew > std::numeric_limits<int32_t>::max() || ticket_age_skew < std::numeric_limits<int32_t>::min()) { return false; @@ -750,13 +780,8 @@ using namespace bssl; int SSL_serialize_capabilities(const SSL *ssl, CBB *out) { CBB seq; - const SSL_HANDSHAKE *hs = ssl->s3->hs.get(); - uint16_t alps_extension_type = TLSEXT_TYPE_application_settings_old; - if (hs->config->alps_use_new_codepoint) { - alps_extension_type = TLSEXT_TYPE_application_settings; - } if (!CBB_add_asn1(out, &seq, CBS_ASN1_SEQUENCE) || - !serialize_features(&seq, alps_extension_type) || // + !serialize_features(&seq) || // !CBB_flush(out)) { return 0; } diff --git a/src/ssl/ssl_test.cc b/src/ssl/ssl_test.cc index b97680d1..a8f4f215 100644 --- a/src/ssl/ssl_test.cc +++ b/src/ssl/ssl_test.cc @@ -1677,6 +1677,38 @@ static bssl::UniquePtr<SSL_SESSION> CreateClientSession( return std::move(g_last_session); } +static void SetUpExpectedNewCodePoint(SSL_CTX *ctx) { + SSL_CTX_set_select_certificate_cb( + ctx, + [](const SSL_CLIENT_HELLO *client_hello) -> ssl_select_cert_result_t { + const uint8_t *data; + size_t len; + if (!SSL_early_callback_ctx_extension_get( + client_hello, TLSEXT_TYPE_application_settings, &data, + &len)) { + ADD_FAILURE() << "Could not find alps new codepoint."; + return ssl_select_cert_error; + } + return ssl_select_cert_success; + }); +} + +static void SetUpExpectedOldCodePoint(SSL_CTX *ctx) { + SSL_CTX_set_select_certificate_cb( + ctx, + [](const SSL_CLIENT_HELLO *client_hello) -> ssl_select_cert_result_t { + const uint8_t *data; + size_t len; + if (!SSL_early_callback_ctx_extension_get( + client_hello, TLSEXT_TYPE_application_settings_old, &data, + &len)) { + ADD_FAILURE() << "Could not find alps old codepoint."; + return ssl_select_cert_error; + } + return ssl_select_cert_success; + }); +} + // Test that |SSL_get_client_CA_list| echoes back the configured parameter even // before configuring as a server. TEST(SSLTest, ClientCAList) { @@ -4725,8 +4757,8 @@ enum ssl_test_ticket_aead_failure_mode { }; struct ssl_test_ticket_aead_state { - unsigned retry_count; - ssl_test_ticket_aead_failure_mode failure_mode; + unsigned retry_count = 0; + ssl_test_ticket_aead_failure_mode failure_mode = ssl_test_ticket_aead_ok; }; static int ssl_test_ticket_aead_ex_index_dup(CRYPTO_EX_DATA *to, @@ -4739,12 +4771,7 @@ static int ssl_test_ticket_aead_ex_index_dup(CRYPTO_EX_DATA *to, static void ssl_test_ticket_aead_ex_index_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int index, long argl, void *argp) { - auto state = reinterpret_cast<ssl_test_ticket_aead_state*>(ptr); - if (state == nullptr) { - return; - } - - OPENSSL_free(state); + delete reinterpret_cast<ssl_test_ticket_aead_state*>(ptr); } static CRYPTO_once_t g_ssl_test_ticket_aead_ex_index_once = CRYPTO_ONCE_INIT; @@ -4835,10 +4862,7 @@ static void ConnectClientAndServerWithTicketMethod( SSL_set_connect_state(client.get()); SSL_set_accept_state(server.get()); - auto state = reinterpret_cast<ssl_test_ticket_aead_state *>( - OPENSSL_malloc(sizeof(ssl_test_ticket_aead_state))); - ASSERT_TRUE(state); - OPENSSL_memset(state, 0, sizeof(ssl_test_ticket_aead_state)); + auto state = new ssl_test_ticket_aead_state; state->retry_count = retry_count; state->failure_mode = failure_mode; @@ -5239,7 +5263,11 @@ void MoveBIOs(SSL *dest, SSL *src) { SSL_set0_wbio(src, nullptr); } -TEST(SSLTest, Handoff) { +void VerifyHandoff(bool use_new_alps_codepoint) { + static const uint8_t alpn[] = {0x03, 'f', 'o', 'o'}; + static const uint8_t proto[] = {'f', 'o', 'o'}; + static const uint8_t alps[] = {0x04, 'a', 'l', 'p', 's'}; + bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())); bssl::UniquePtr<SSL_CTX> server_ctx(SSL_CTX_new(TLS_method())); bssl::UniquePtr<SSL_CTX> handshaker_ctx( @@ -5248,6 +5276,12 @@ TEST(SSLTest, Handoff) { ASSERT_TRUE(server_ctx); ASSERT_TRUE(handshaker_ctx); + if (!use_new_alps_codepoint) { + SetUpExpectedOldCodePoint(server_ctx.get()); + } else { + SetUpExpectedNewCodePoint(server_ctx.get()); + } + SSL_CTX_set_session_cache_mode(client_ctx.get(), SSL_SESS_CACHE_CLIENT); SSL_CTX_sess_set_new_cb(client_ctx.get(), SaveLastSession); SSL_CTX_set_handoff_mode(server_ctx.get(), true); @@ -5263,6 +5297,12 @@ TEST(SSLTest, Handoff) { ASSERT_TRUE(CreateClientAndServer(&client, &server, client_ctx.get(), server_ctx.get())); SSL_set_early_data_enabled(client.get(), early_data); + + // Set up client ALPS settings. + SSL_set_alps_use_new_codepoint(client.get(), use_new_alps_codepoint); + ASSERT_TRUE(SSL_set_alpn_protos(client.get(), alpn, sizeof(alpn)) == 0); + ASSERT_TRUE(SSL_add_application_settings(client.get(), proto, + sizeof(proto), nullptr, 0)); if (is_resume) { ASSERT_TRUE(g_last_session); SSL_set_session(client.get(), g_last_session.get()); @@ -5303,6 +5343,23 @@ TEST(SSLTest, Handoff) { // handshake and newly-issued tickets, entirely by |handshaker|. There is // no need to call |SSL_set_early_data_enabled| on |server|. SSL_set_early_data_enabled(handshaker.get(), 1); + + // Set up handshaker ALPS settings. + SSL_set_alps_use_new_codepoint(handshaker.get(), use_new_alps_codepoint); + SSL_CTX_set_alpn_select_cb( + handshaker_ctx.get(), + [](SSL *ssl, const uint8_t **out, uint8_t *out_len, const uint8_t *in, + unsigned in_len, void *arg) -> int { + return SSL_select_next_proto( + const_cast<uint8_t **>(out), out_len, in, in_len, + alpn, sizeof(alpn)) == OPENSSL_NPN_NEGOTIATED + ? SSL_TLSEXT_ERR_OK + : SSL_TLSEXT_ERR_NOACK; + }, + nullptr); + ASSERT_TRUE(SSL_add_application_settings(handshaker.get(), proto, + sizeof(proto), alps, sizeof(alps))); + ASSERT_TRUE(SSL_apply_handoff(handshaker.get(), handoff)); MoveBIOs(handshaker.get(), server.get()); @@ -5330,6 +5387,8 @@ TEST(SSLTest, Handoff) { MoveBIOs(server2.get(), handshaker.get()); ASSERT_TRUE(CompleteHandshakes(client.get(), server2.get())); EXPECT_EQ(is_resume, SSL_session_reused(client.get())); + // Verify application settings. + ASSERT_TRUE(SSL_has_application_settings(client.get())); if (early_data && is_resume) { // In this case, one byte of early data has already been written above. @@ -5350,6 +5409,13 @@ TEST(SSLTest, Handoff) { } } +TEST(SSLTest, Handoff) { + for (bool use_new_alps_codepoint : {false, true}) { + SCOPED_TRACE(use_new_alps_codepoint); + VerifyHandoff(use_new_alps_codepoint); + } +} + TEST(SSLTest, HandoffDeclined) { bssl::UniquePtr<SSL_CTX> client_ctx(SSL_CTX_new(TLS_method())); bssl::UniquePtr<SSL_CTX> server_ctx( @@ -8002,38 +8068,6 @@ class AlpsNewCodepointTest : public testing::Test { ASSERT_TRUE(server_ctx_); } - void SetUpExpectedNewCodePoint() { - SSL_CTX_set_select_certificate_cb( - server_ctx_.get(), - [](const SSL_CLIENT_HELLO *client_hello) -> ssl_select_cert_result_t { - const uint8_t *data; - size_t len; - if (!SSL_early_callback_ctx_extension_get( - client_hello, TLSEXT_TYPE_application_settings, &data, - &len)) { - ADD_FAILURE() << "Could not find alps new codpoint."; - return ssl_select_cert_error; - } - return ssl_select_cert_success; - }); - } - - void SetUpExpectedOldCodePoint() { - SSL_CTX_set_select_certificate_cb( - server_ctx_.get(), - [](const SSL_CLIENT_HELLO *client_hello) -> ssl_select_cert_result_t { - const uint8_t *data; - size_t len; - if (!SSL_early_callback_ctx_extension_get( - client_hello, TLSEXT_TYPE_application_settings_old, &data, - &len)) { - ADD_FAILURE() << "Could not find alps old codpoint."; - return ssl_select_cert_error; - } - return ssl_select_cert_success; - }); - } - void SetUpApplicationSetting() { static const uint8_t alpn[] = {0x03, 'f', 'o', 'o'}; static const uint8_t proto[] = {'f', 'o', 'o'}; @@ -8066,7 +8100,7 @@ class AlpsNewCodepointTest : public testing::Test { }; TEST_F(AlpsNewCodepointTest, Enabled) { - SetUpExpectedNewCodePoint(); + SetUpExpectedNewCodePoint(server_ctx_.get()); ASSERT_TRUE(CreateClientAndServer(&client_, &server_, client_ctx_.get(), server_ctx_.get())); @@ -8081,7 +8115,7 @@ TEST_F(AlpsNewCodepointTest, Enabled) { TEST_F(AlpsNewCodepointTest, Disabled) { // Both client and server disable alps new codepoint. - SetUpExpectedOldCodePoint(); + SetUpExpectedOldCodePoint(server_ctx_.get()); ASSERT_TRUE(CreateClientAndServer(&client_, &server_, client_ctx_.get(), server_ctx_.get())); @@ -8096,7 +8130,7 @@ TEST_F(AlpsNewCodepointTest, Disabled) { TEST_F(AlpsNewCodepointTest, ClientOnly) { // If client set new codepoint but server doesn't set, server ignores it. - SetUpExpectedNewCodePoint(); + SetUpExpectedNewCodePoint(server_ctx_.get()); ASSERT_TRUE(CreateClientAndServer(&client_, &server_, client_ctx_.get(), server_ctx_.get())); @@ -8111,7 +8145,7 @@ TEST_F(AlpsNewCodepointTest, ClientOnly) { TEST_F(AlpsNewCodepointTest, ServerOnly) { // If client doesn't set new codepoint, while server set. - SetUpExpectedOldCodePoint(); + SetUpExpectedOldCodePoint(server_ctx_.get()); ASSERT_TRUE(CreateClientAndServer(&client_, &server_, client_ctx_.get(), server_ctx_.get())); diff --git a/src/ssl/test/async_bio.cc b/src/ssl/test/async_bio.cc index 9eae290f..1c9859af 100644 --- a/src/ssl/test/async_bio.cc +++ b/src/ssl/test/async_bio.cc @@ -108,11 +108,10 @@ static long AsyncCtrl(BIO *bio, int cmd, long num, void *ptr) { } static int AsyncNew(BIO *bio) { - AsyncBio *a = (AsyncBio *)OPENSSL_malloc(sizeof(*a)); + AsyncBio *a = (AsyncBio *)OPENSSL_zalloc(sizeof(*a)); if (a == NULL) { return 0; } - OPENSSL_memset(a, 0, sizeof(*a)); a->enforce_write_quota = true; bio->init = 1; bio->ptr = (char *)a; diff --git a/src/third_party/fiat/asm/fiat_p256_adx_mul.S b/src/third_party/fiat/asm/fiat_p256_adx_mul.S new file mode 100644 index 00000000..d7ebd217 --- /dev/null +++ b/src/third_party/fiat/asm/fiat_p256_adx_mul.S @@ -0,0 +1,178 @@ +#include <openssl/asm_base.h> + +#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && \ + (defined(__APPLE__) || defined(__ELF__)) + +.intel_syntax noprefix +.text +#if defined(__APPLE__) +.private_extern _fiat_p256_adx_mul +.global _fiat_p256_adx_mul +_fiat_p256_adx_mul: +#else +.type fiat_p256_adx_mul, @function +.hidden fiat_p256_adx_mul +.global fiat_p256_adx_mul +fiat_p256_adx_mul: +#endif + +.cfi_startproc +_CET_ENDBR +push rbp +.cfi_adjust_cfa_offset 8 +.cfi_offset rbp, -16 +mov rbp, rsp +mov rax, rdx +mov rdx, [ rsi + 0x0 ] +test al, al +mulx r8, rcx, [ rax + 0x0 ] +mov [ rsp - 0x80 ], rbx +.cfi_offset rbx, -16-0x80 +mulx rbx, r9, [ rax + 0x8 ] +mov [ rsp - 0x68 ], r14 +.cfi_offset r14, -16-0x68 +adc r9, r8 +mov [ rsp - 0x60 ], r15 +.cfi_offset r15, -16-0x60 +mulx r15, r14, [ rax + 0x10 ] +mov [ rsp - 0x78 ], r12 +.cfi_offset r12, -16-0x78 +adc r14, rbx +mulx r11, r10, [ rax + 0x18 ] +mov [ rsp - 0x70 ], r13 +.cfi_offset r13, -16-0x70 +adc r10, r15 +mov rdx, [ rsi + 0x8 ] +mulx rbx, r8, [ rax + 0x0 ] +adc r11, 0x0 +xor r15, r15 +adcx r8, r9 +adox rbx, r14 +mov [ rsp - 0x58 ], rdi +mulx rdi, r9, [ rax + 0x8 ] +adcx r9, rbx +adox rdi, r10 +mulx rbx, r14, [ rax + 0x10 ] +adcx r14, rdi +adox rbx, r11 +mulx r13, r12, [ rax + 0x18 ] +adcx r12, rbx +mov rdx, 0x100000000 +mulx r11, r10, rcx +adox r13, r15 +adcx r13, r15 +xor rdi, rdi +adox r10, r8 +mulx r8, rbx, r10 +adox r11, r9 +adcx rbx, r11 +adox r8, r14 +mov rdx, 0xffffffff00000001 +mulx r9, r15, rcx +adcx r15, r8 +adox r9, r12 +mulx r14, rcx, r10 +mov rdx, [ rsi + 0x10 ] +mulx r10, r12, [ rax + 0x8 ] +adcx rcx, r9 +adox r14, r13 +mulx r11, r13, [ rax + 0x0 ] +mov r9, rdi +adcx r14, r9 +adox rdi, rdi +adc rdi, 0x0 +xor r9, r9 +adcx r13, rbx +adox r11, r15 +mov rdx, [ rsi + 0x10 ] +mulx r15, r8, [ rax + 0x10 ] +adox r10, rcx +mulx rcx, rbx, [ rax + 0x18 ] +mov rdx, [ rsi + 0x18 ] +adcx r12, r11 +mulx rsi, r11, [ rax + 0x8 ] +adcx r8, r10 +adox r15, r14 +adcx rbx, r15 +adox rcx, r9 +adcx rcx, r9 +mulx r15, r10, [ rax + 0x0 ] +add rcx, rdi +mov r14, r9 +adc r14, 0 +xor r9, r9 +adcx r10, r12 +adox r15, r8 +adcx r11, r15 +adox rsi, rbx +mulx r8, r12, [ rax + 0x10 ] +adox r8, rcx +mulx rcx, rbx, [ rax + 0x18 ] +adcx r12, rsi +adox rcx, r9 +mov rdx, 0x100000000 +adcx rbx, r8 +adc rcx, 0 +mulx rdi, r15, r13 +xor rax, rax +adcx rcx, r14 +adc rax, 0 +xor r9, r9 +adox r15, r10 +mulx r14, r10, r15 +adox rdi, r11 +mov rdx, 0xffffffff00000001 +adox r14, r12 +adcx r10, rdi +mulx r12, r11, r13 +adcx r11, r14 +adox r12, rbx +mulx rbx, r13, r15 +adcx r13, r12 +adox rbx, rcx +mov r8, r9 +adox rax, r9 +adcx r8, rbx +adc rax, 0x0 +mov rcx, rax +mov r15, 0xffffffffffffffff +mov rdi, r10 +sub rdi, r15 +mov r14, 0xffffffff +mov r12, r11 +sbb r12, r14 +mov rbx, r13 +sbb rbx, r9 +mov rax, rax +mov rax, r8 +sbb rax, rdx +sbb rcx, r9 +cmovc rdi, r10 +mov r10, [ rsp - 0x58 ] +cmovc rbx, r13 +mov r13, [ rsp - 0x70 ] +.cfi_restore r13 +cmovc r12, r11 +cmovc rax, r8 +mov [ r10 + 0x10 ], rbx +mov rbx, [ rsp - 0x80 ] +.cfi_restore rbx +mov [ r10 + 0x0 ], rdi +mov [ r10 + 0x8 ], r12 +mov [ r10 + 0x18 ], rax +mov r12, [ rsp - 0x78 ] +.cfi_restore r12 +mov r14, [ rsp - 0x68 ] +.cfi_restore r14 +mov r15, [ rsp - 0x60 ] +.cfi_restore r15 +pop rbp +.cfi_restore rbp +.cfi_adjust_cfa_offset -8 +ret +.cfi_endproc +#if defined(__ELF__) +.size fiat_p256_adx_mul, .-fiat_p256_adx_mul +#endif + +#endif diff --git a/src/third_party/fiat/asm/fiat_p256_adx_sqr.S b/src/third_party/fiat/asm/fiat_p256_adx_sqr.S new file mode 100644 index 00000000..cca269f5 --- /dev/null +++ b/src/third_party/fiat/asm/fiat_p256_adx_sqr.S @@ -0,0 +1,167 @@ +#include <openssl/asm_base.h> + +#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && \ + (defined(__APPLE__) || defined(__ELF__)) + +.intel_syntax noprefix +.text +#if defined(__APPLE__) +.private_extern _fiat_p256_adx_sqr +.global _fiat_p256_adx_sqr +_fiat_p256_adx_sqr: +#else +.type fiat_p256_adx_sqr, @function +.hidden fiat_p256_adx_sqr +.global fiat_p256_adx_sqr +fiat_p256_adx_sqr: +#endif + +.cfi_startproc +_CET_ENDBR +push rbp +.cfi_adjust_cfa_offset 8 +.cfi_offset rbp, -16 +mov rbp, rsp +mov rdx, [ rsi + 0x0 ] +mulx r10, rax, [ rsi + 0x18 ] +mulx rcx, r11, rdx +mulx r9, r8, [ rsi + 0x8 ] +mov [ rsp - 0x80 ], rbx +.cfi_offset rbx, -16-0x80 +xor rbx, rbx +adox r8, r8 +mov [ rsp - 0x78 ], r12 +.cfi_offset r12, -16-0x78 +mulx r12, rbx, [ rsi + 0x10 ] +mov rdx, [ rsi + 0x8 ] +mov [ rsp - 0x70 ], r13 +.cfi_offset r13, -16-0x70 +mov [ rsp - 0x68 ], r14 +.cfi_offset r14, -16-0x68 +mulx r14, r13, rdx +mov [ rsp - 0x60 ], r15 +.cfi_offset r15, -16-0x60 +mov [ rsp - 0x58 ], rdi +mulx rdi, r15, [ rsi + 0x10 ] +adcx r12, r15 +mov [ rsp - 0x50 ], r11 +mulx r11, r15, [ rsi + 0x18 ] +adcx r10, rdi +mov rdi, 0x0 +adcx r11, rdi +clc +adcx rbx, r9 +adox rbx, rbx +adcx rax, r12 +adox rax, rax +adcx r15, r10 +adox r15, r15 +mov rdx, [ rsi + 0x10 ] +mulx r12, r9, [ rsi + 0x18 ] +adcx r9, r11 +adcx r12, rdi +mulx r11, r10, rdx +clc +adcx rcx, r8 +adcx r13, rbx +adcx r14, rax +adox r9, r9 +adcx r10, r15 +mov rdx, [ rsi + 0x18 ] +mulx rbx, r8, rdx +adox r12, r12 +adcx r11, r9 +mov rsi, [ rsp - 0x50 ] +adcx r8, r12 +mov rax, 0x100000000 +mov rdx, rax +mulx r15, rax, rsi +adcx rbx, rdi +adox rbx, rdi +xor r9, r9 +adox rax, rcx +adox r15, r13 +mulx rcx, rdi, rax +adcx rdi, r15 +adox rcx, r14 +mov rdx, 0xffffffff00000001 +mulx r14, r13, rsi +adox r14, r10 +adcx r13, rcx +mulx r12, r10, rax +adox r12, r11 +mov r11, r9 +adox r11, r8 +adcx r10, r14 +mov r8, r9 +adcx r8, r12 +mov rax, r9 +adcx rax, r11 +mov r15, r9 +adox r15, rbx +mov rdx, 0x100000000 +mulx rcx, rbx, rdi +mov r14, r9 +adcx r14, r15 +mov r12, r9 +adox r12, r12 +adcx r12, r9 +adox rbx, r13 +mulx r11, r13, rbx +mov r15, 0xffffffff00000001 +mov rdx, r15 +mulx rsi, r15, rbx +adox rcx, r10 +adox r11, r8 +mulx r8, r10, rdi +adcx r13, rcx +adox r8, rax +adcx r10, r11 +adox rsi, r14 +mov rdi, r12 +mov rax, r9 +adox rdi, rax +adcx r15, r8 +mov r14, rax +adcx r14, rsi +adcx rdi, r9 +dec r9 +mov rbx, r13 +sub rbx, r9 +mov rcx, 0xffffffff +mov r11, r10 +sbb r11, rcx +mov r8, r15 +sbb r8, rax +mov rsi, r14 +sbb rsi, rdx +sbb rdi, rax +cmovc rbx, r13 +cmovc r8, r15 +cmovc r11, r10 +cmovc rsi, r14 +mov rdi, [ rsp - 0x58 ] +mov [ rdi + 0x18 ], rsi +mov [ rdi + 0x0 ], rbx +mov [ rdi + 0x8 ], r11 +mov [ rdi + 0x10 ], r8 +mov rbx, [ rsp - 0x80 ] +.cfi_restore rbx +mov r12, [ rsp - 0x78 ] +.cfi_restore r12 +mov r13, [ rsp - 0x70 ] +.cfi_restore r13 +mov r14, [ rsp - 0x68 ] +.cfi_restore r14 +mov r15, [ rsp - 0x60 ] +.cfi_restore r15 +pop rbp +.cfi_restore rbp +.cfi_adjust_cfa_offset -8 +ret +.cfi_endproc +#if defined(__ELF__) +.size fiat_p256_adx_sqr, .-fiat_p256_adx_sqr +#endif + +#endif diff --git a/src/third_party/fiat/curve25519_64_adx.h b/src/third_party/fiat/curve25519_64_adx.h index f50f5b83..8acfc1b7 100644 --- a/src/third_party/fiat/curve25519_64_adx.h +++ b/src/third_party/fiat/curve25519_64_adx.h @@ -1,7 +1,9 @@ +#include <openssl/base.h> +#include "../../crypto/internal.h" + #include <stdbool.h> #include <stdint.h> #include <immintrin.h> -#include <string.h> typedef uint64_t fe4[4]; typedef uint8_t fiat_uint1; @@ -468,7 +470,7 @@ __attribute__((target("adx,bmi2"))) void x25519_scalar_mult_adx(uint8_t out[32], const uint8_t scalar[32], const uint8_t point[32]) { uint8_t e[32]; - memcpy(e, scalar, 32); + OPENSSL_memcpy(e, scalar, 32); e[0] &= 248; e[31] &= 127; e[31] |= 64; diff --git a/src/third_party/fiat/p256_64.h b/src/third_party/fiat/p256_64.h index c7726384..6667b31f 100644 --- a/src/third_party/fiat/p256_64.h +++ b/src/third_party/fiat/p256_64.h @@ -1,3 +1,10 @@ +#include <openssl/base.h> +#include "../../crypto/internal.h" +#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) && defined(__x86_64__) +void fiat_p256_adx_mul(uint64_t*, const uint64_t*, const uint64_t*); +void fiat_p256_adx_sqr(uint64_t*, const uint64_t*); +#endif + /* Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --inline --static --use-value-barrier p256 64 '2^256 - 2^224 + 2^192 + 2^96 - 1' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp */ /* curve description: p256 */ /* machine_wordsize = 64 (from "64") */ @@ -165,6 +172,13 @@ static FIAT_P256_FIAT_INLINE void fiat_p256_cmovznz_u64(uint64_t* out1, fiat_p25 * */ static FIAT_P256_FIAT_INLINE void fiat_p256_mul(fiat_p256_montgomery_domain_field_element out1, const fiat_p256_montgomery_domain_field_element arg1, const fiat_p256_montgomery_domain_field_element arg2) { +#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) && defined(__x86_64__) + if (CRYPTO_is_BMI1_capable() && CRYPTO_is_BMI2_capable() && + CRYPTO_is_ADX_capable()) { + fiat_p256_adx_mul(out1, arg1, arg2); + return; + } +#endif uint64_t x1; uint64_t x2; uint64_t x3; @@ -472,6 +486,13 @@ static FIAT_P256_FIAT_INLINE void fiat_p256_mul(fiat_p256_montgomery_domain_fiel * */ static FIAT_P256_FIAT_INLINE void fiat_p256_square(fiat_p256_montgomery_domain_field_element out1, const fiat_p256_montgomery_domain_field_element arg1) { +#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) && defined(__x86_64__) + if (CRYPTO_is_BMI1_capable() && CRYPTO_is_BMI2_capable() && + CRYPTO_is_ADX_capable()) { + fiat_p256_adx_sqr(out1, arg1); + return; + } +#endif uint64_t x1; uint64_t x2; uint64_t x3; diff --git a/src/util/bot/DEPS b/src/util/bot/DEPS index 8f5a412d..b645ca34 100644 --- a/src/util/bot/DEPS +++ b/src/util/bot/DEPS @@ -16,6 +16,7 @@ vars = { 'chromium_git': 'https://chromium.googlesource.com', 'checkout_clang': False, + 'checkout_fuzzer': False, 'checkout_sde': False, 'checkout_nasm': False, 'checkout_libcxx': False, @@ -25,20 +26,30 @@ vars = { # cipd describe PACKAGE_NAME -version latest # infra/3pp/tools/cmake/linux-amd64 - 'cmake_version': 'version:2@3.26.4.chromium.7', + 'cmake_version': 'version:2@3.27.7.chromium.8', # infra/3pp/tools/go/linux-amd64 - 'go_version': 'version:2@1.20.5', + 'go_version': 'version:2@1.21.2', # infra/3pp/tools/perl/windows-amd64 'perl_version': 'version:2@5.32.1.1', # Update the following from # https://chromium.googlesource.com/chromium/src/+/main/DEPS - 'android_sdk_platform-tools_version': 'RSI3iwryh7URLGRgJHsCvUxj092woTPnKt4pwFcJ6L8C', - 'android_ndk_revision': '310956bd122ec2b96049f8d7398de6b717f3452e', - 'libfuzzer_revision': 'debe7d2d1982e540fbd6bd78604bf001753f9e74', - 'libcxx_revision': 'f8279b01085b800724f5c5629dc365b9f040dc53', - 'libcxxabi_revision': '899caea3814eeb45c689fc206052968943fd5cb8', + 'android_sdk_platform-tools_version': 'HWVsGs2HCKgSVv41FsOcsfJbNcB0UFiNrF6Tc4yRArYC', + 'libfuzzer_revision': '758bd21f103a501b362b1ca46fa8fcb692eaa303', + 'libcxx_revision': '8fc17971d629c19a17b006d0c4fc41e721cc2f7f', + 'libcxxabi_revision': 'db9800c042df3ee2691031a58b5e37e89a7356a3', 'ninja_version': 'version:2@1.11.1.chromium.6', + + # The Android NDK cannot be updated on CI for two reasons: + # + # Until https://crbug.com/boringssl/454 is fixed, we rely on an older NDK to + # test building without NEON instructions as the baseline. + # + # Until https://crbug.com/boringssl/653 is fixed, we cannot update past + # Chromium's version:2@r25c.cr0 package. Chromium has since switched building + # minimal CIPD packages which do not contain all the NDK files we need. We'll + # probably need to make our own NDK package. + 'android_ndk_revision': '310956bd122ec2b96049f8d7398de6b717f3452e', } deps = { @@ -82,7 +93,7 @@ deps = { }, 'boringssl/util/bot/libFuzzer': { - 'url': Var('chromium_git') + '/chromium/llvm-project/compiler-rt/lib/fuzzer.git' +'@' + Var('libfuzzer_revision'), + 'url': Var('chromium_git') + '/external/github.com/llvm/llvm-project/compiler-rt/lib/fuzzer.git' +'@' + Var('libfuzzer_revision'), 'condition': 'checkout_fuzzer', }, diff --git a/src/util/bot/libcxx-config/__config_site b/src/util/bot/libcxx-config/__config_site index f1feeab1..eb16b9d4 100644 --- a/src/util/bot/libcxx-config/__config_site +++ b/src/util/bot/libcxx-config/__config_site @@ -3,4 +3,10 @@ #define _LIBCPP_HAS_NO_VENDOR_AVAILABILITY_ANNOTATIONS +#if defined(__APPLE__) +#define _LIBCPP_PSTL_CPU_BACKEND_LIBDISPATCH +#else +#define _LIBCPP_PSTL_CPU_BACKEND_THREAD +#endif + #endif // BORINGSSL_LIBCXX_CONFIG_SITE_ diff --git a/src/util/bot/update_clang.py b/src/util/bot/update_clang.py index d0b188ad..96066f05 100644 --- a/src/util/bot/update_clang.py +++ b/src/util/bot/update_clang.py @@ -29,8 +29,8 @@ except ImportError: # CLANG_REVISION and CLANG_SUB_REVISION determine the build of clang # to use. These should be synced with tools/clang/scripts/update.py in # Chromium. -CLANG_REVISION = 'llvmorg-17-init-12166-g7586aeab' -CLANG_SUB_REVISION = 3 +CLANG_REVISION = 'llvmorg-18-init-7785-geef35c28' +CLANG_SUB_REVISION = 1 PACKAGE_VERSION = '%s-%s' % (CLANG_REVISION, CLANG_SUB_REVISION) diff --git a/src/util/fipstools/break-tests.sh b/src/util/fipstools/break-tests.sh index 736d0664..736d0664 100755..100644 --- a/src/util/fipstools/break-tests.sh +++ b/src/util/fipstools/break-tests.sh diff --git a/src/util/fipstools/delocate/delocate.peg b/src/util/fipstools/delocate/delocate.peg index 9ba357a2..d5537e2d 100644 --- a/src/util/fipstools/delocate/delocate.peg +++ b/src/util/fipstools/delocate/delocate.peg @@ -45,7 +45,7 @@ Arg <- QuotedArg / [[0-9a-z%+\-*_@.]]* QuotedArg <- '"' QuotedText '"' QuotedText <- (EscapedChar / [^"])* LabelContainingDirective <- LabelContainingDirectiveName WS SymbolArgs -LabelContainingDirectiveName <- ".xword" / ".word" / ".long" / ".set" / ".byte" / ".8byte" / ".4byte" / ".quad" / ".tc" / ".localentry" / ".size" / ".type" / ".uleb128" / ".sleb128" +LabelContainingDirectiveName <- ".xword" / ".word" / ".hword" / ".long" / ".set" / ".byte" / ".8byte" / ".4byte" / ".quad" / ".tc" / ".localentry" / ".size" / ".type" / ".uleb128" / ".sleb128" SymbolArgs <- SymbolArg ((WS? ',' WS?) SymbolArg)* SymbolArg <- SymbolExpr diff --git a/src/util/fipstools/delocate/delocate.peg.go b/src/util/fipstools/delocate/delocate.peg.go index c65eb502..7659cbc5 100644 --- a/src/util/fipstools/delocate/delocate.peg.go +++ b/src/util/fipstools/delocate/delocate.peg.go @@ -1425,7 +1425,7 @@ func (p *Asm) Init(options ...func(*Asm) error) error { position, tokenIndex = position145, tokenIndex145 return false }, - /* 13 LabelContainingDirectiveName <- <(('.' ('x' / 'X') ('w' / 'W') ('o' / 'O') ('r' / 'R') ('d' / 'D')) / ('.' ('w' / 'W') ('o' / 'O') ('r' / 'R') ('d' / 'D')) / ('.' ('l' / 'L') ('o' / 'O') ('n' / 'N') ('g' / 'G')) / ('.' ('s' / 'S') ('e' / 'E') ('t' / 'T')) / ('.' ('b' / 'B') ('y' / 'Y') ('t' / 'T') ('e' / 'E')) / ('.' '8' ('b' / 'B') ('y' / 'Y') ('t' / 'T') ('e' / 'E')) / ('.' '4' ('b' / 'B') ('y' / 'Y') ('t' / 'T') ('e' / 'E')) / ('.' ('q' / 'Q') ('u' / 'U') ('a' / 'A') ('d' / 'D')) / ('.' ('t' / 'T') ('c' / 'C')) / ('.' ('l' / 'L') ('o' / 'O') ('c' / 'C') ('a' / 'A') ('l' / 'L') ('e' / 'E') ('n' / 'N') ('t' / 'T') ('r' / 'R') ('y' / 'Y')) / ('.' ('s' / 'S') ('i' / 'I') ('z' / 'Z') ('e' / 'E')) / ('.' ('t' / 'T') ('y' / 'Y') ('p' / 'P') ('e' / 'E')) / ('.' ('u' / 'U') ('l' / 'L') ('e' / 'E') ('b' / 'B') '1' '2' '8') / ('.' ('s' / 'S') ('l' / 'L') ('e' / 'E') ('b' / 'B') '1' '2' '8'))> */ + /* 13 LabelContainingDirectiveName <- <(('.' ('x' / 'X') ('w' / 'W') ('o' / 'O') ('r' / 'R') ('d' / 'D')) / ('.' ('w' / 'W') ('o' / 'O') ('r' / 'R') ('d' / 'D')) / ('.' ('h' / 'H') ('w' / 'W') ('o' / 'O') ('r' / 'R') ('d' / 'D')) / ('.' ('l' / 'L') ('o' / 'O') ('n' / 'N') ('g' / 'G')) / ('.' ('s' / 'S') ('e' / 'E') ('t' / 'T')) / ('.' ('b' / 'B') ('y' / 'Y') ('t' / 'T') ('e' / 'E')) / ('.' '8' ('b' / 'B') ('y' / 'Y') ('t' / 'T') ('e' / 'E')) / ('.' '4' ('b' / 'B') ('y' / 'Y') ('t' / 'T') ('e' / 'E')) / ('.' ('q' / 'Q') ('u' / 'U') ('a' / 'A') ('d' / 'D')) / ('.' ('t' / 'T') ('c' / 'C')) / ('.' ('l' / 'L') ('o' / 'O') ('c' / 'C') ('a' / 'A') ('l' / 'L') ('e' / 'E') ('n' / 'N') ('t' / 'T') ('r' / 'R') ('y' / 'Y')) / ('.' ('s' / 'S') ('i' / 'I') ('z' / 'Z') ('e' / 'E')) / ('.' ('t' / 'T') ('y' / 'Y') ('p' / 'P') ('e' / 'E')) / ('.' ('u' / 'U') ('l' / 'L') ('e' / 'E') ('b' / 'B') '1' '2' '8') / ('.' ('s' / 'S') ('l' / 'L') ('e' / 'E') ('b' / 'B') '1' '2' '8'))> */ func() bool { position147, tokenIndex147 := position, tokenIndex { @@ -1587,14 +1587,14 @@ func (p *Asm) Init(options ...func(*Asm) error) error { position++ { position171, tokenIndex171 := position, tokenIndex - if buffer[position] != rune('l') { + if buffer[position] != rune('h') { goto l172 } position++ goto l171 l172: position, tokenIndex = position171, tokenIndex171 - if buffer[position] != rune('L') { + if buffer[position] != rune('H') { goto l170 } position++ @@ -1602,14 +1602,14 @@ func (p *Asm) Init(options ...func(*Asm) error) error { l171: { position173, tokenIndex173 := position, tokenIndex - if buffer[position] != rune('o') { + if buffer[position] != rune('w') { goto l174 } position++ goto l173 l174: position, tokenIndex = position173, tokenIndex173 - if buffer[position] != rune('O') { + if buffer[position] != rune('W') { goto l170 } position++ @@ -1617,14 +1617,14 @@ func (p *Asm) Init(options ...func(*Asm) error) error { l173: { position175, tokenIndex175 := position, tokenIndex - if buffer[position] != rune('n') { + if buffer[position] != rune('o') { goto l176 } position++ goto l175 l176: position, tokenIndex = position175, tokenIndex175 - if buffer[position] != rune('N') { + if buffer[position] != rune('O') { goto l170 } position++ @@ -1632,119 +1632,119 @@ func (p *Asm) Init(options ...func(*Asm) error) error { l175: { position177, tokenIndex177 := position, tokenIndex - if buffer[position] != rune('g') { + if buffer[position] != rune('r') { goto l178 } position++ goto l177 l178: position, tokenIndex = position177, tokenIndex177 - if buffer[position] != rune('G') { + if buffer[position] != rune('R') { goto l170 } position++ } l177: - goto l149 - l170: - position, tokenIndex = position149, tokenIndex149 - if buffer[position] != rune('.') { - goto l179 - } - position++ { - position180, tokenIndex180 := position, tokenIndex - if buffer[position] != rune('s') { - goto l181 + position179, tokenIndex179 := position, tokenIndex + if buffer[position] != rune('d') { + goto l180 } position++ - goto l180 - l181: - position, tokenIndex = position180, tokenIndex180 - if buffer[position] != rune('S') { - goto l179 + goto l179 + l180: + position, tokenIndex = position179, tokenIndex179 + if buffer[position] != rune('D') { + goto l170 } position++ } - l180: + l179: + goto l149 + l170: + position, tokenIndex = position149, tokenIndex149 + if buffer[position] != rune('.') { + goto l181 + } + position++ { position182, tokenIndex182 := position, tokenIndex - if buffer[position] != rune('e') { + if buffer[position] != rune('l') { goto l183 } position++ goto l182 l183: position, tokenIndex = position182, tokenIndex182 - if buffer[position] != rune('E') { - goto l179 + if buffer[position] != rune('L') { + goto l181 } position++ } l182: { position184, tokenIndex184 := position, tokenIndex - if buffer[position] != rune('t') { + if buffer[position] != rune('o') { goto l185 } position++ goto l184 l185: position, tokenIndex = position184, tokenIndex184 - if buffer[position] != rune('T') { - goto l179 + if buffer[position] != rune('O') { + goto l181 } position++ } l184: - goto l149 - l179: - position, tokenIndex = position149, tokenIndex149 - if buffer[position] != rune('.') { - goto l186 - } - position++ { - position187, tokenIndex187 := position, tokenIndex - if buffer[position] != rune('b') { - goto l188 + position186, tokenIndex186 := position, tokenIndex + if buffer[position] != rune('n') { + goto l187 } position++ - goto l187 - l188: - position, tokenIndex = position187, tokenIndex187 - if buffer[position] != rune('B') { - goto l186 + goto l186 + l187: + position, tokenIndex = position186, tokenIndex186 + if buffer[position] != rune('N') { + goto l181 } position++ } - l187: + l186: { - position189, tokenIndex189 := position, tokenIndex - if buffer[position] != rune('y') { - goto l190 + position188, tokenIndex188 := position, tokenIndex + if buffer[position] != rune('g') { + goto l189 } position++ - goto l189 - l190: - position, tokenIndex = position189, tokenIndex189 - if buffer[position] != rune('Y') { - goto l186 + goto l188 + l189: + position, tokenIndex = position188, tokenIndex188 + if buffer[position] != rune('G') { + goto l181 } position++ } - l189: + l188: + goto l149 + l181: + position, tokenIndex = position149, tokenIndex149 + if buffer[position] != rune('.') { + goto l190 + } + position++ { position191, tokenIndex191 := position, tokenIndex - if buffer[position] != rune('t') { + if buffer[position] != rune('s') { goto l192 } position++ goto l191 l192: position, tokenIndex = position191, tokenIndex191 - if buffer[position] != rune('T') { - goto l186 + if buffer[position] != rune('S') { + goto l190 } position++ } @@ -1759,694 +1759,776 @@ func (p *Asm) Init(options ...func(*Asm) error) error { l194: position, tokenIndex = position193, tokenIndex193 if buffer[position] != rune('E') { - goto l186 + goto l190 } position++ } l193: - goto l149 - l186: - position, tokenIndex = position149, tokenIndex149 - if buffer[position] != rune('.') { - goto l195 - } - position++ - if buffer[position] != rune('8') { - goto l195 - } - position++ { - position196, tokenIndex196 := position, tokenIndex - if buffer[position] != rune('b') { - goto l197 + position195, tokenIndex195 := position, tokenIndex + if buffer[position] != rune('t') { + goto l196 } position++ - goto l196 - l197: - position, tokenIndex = position196, tokenIndex196 - if buffer[position] != rune('B') { - goto l195 + goto l195 + l196: + position, tokenIndex = position195, tokenIndex195 + if buffer[position] != rune('T') { + goto l190 } position++ } - l196: + l195: + goto l149 + l190: + position, tokenIndex = position149, tokenIndex149 + if buffer[position] != rune('.') { + goto l197 + } + position++ { position198, tokenIndex198 := position, tokenIndex - if buffer[position] != rune('y') { + if buffer[position] != rune('b') { goto l199 } position++ goto l198 l199: position, tokenIndex = position198, tokenIndex198 - if buffer[position] != rune('Y') { - goto l195 + if buffer[position] != rune('B') { + goto l197 } position++ } l198: { position200, tokenIndex200 := position, tokenIndex - if buffer[position] != rune('t') { + if buffer[position] != rune('y') { goto l201 } position++ goto l200 l201: position, tokenIndex = position200, tokenIndex200 - if buffer[position] != rune('T') { - goto l195 + if buffer[position] != rune('Y') { + goto l197 } position++ } l200: { position202, tokenIndex202 := position, tokenIndex - if buffer[position] != rune('e') { + if buffer[position] != rune('t') { goto l203 } position++ goto l202 l203: position, tokenIndex = position202, tokenIndex202 - if buffer[position] != rune('E') { - goto l195 + if buffer[position] != rune('T') { + goto l197 } position++ } l202: + { + position204, tokenIndex204 := position, tokenIndex + if buffer[position] != rune('e') { + goto l205 + } + position++ + goto l204 + l205: + position, tokenIndex = position204, tokenIndex204 + if buffer[position] != rune('E') { + goto l197 + } + position++ + } + l204: goto l149 - l195: + l197: position, tokenIndex = position149, tokenIndex149 if buffer[position] != rune('.') { - goto l204 + goto l206 } position++ - if buffer[position] != rune('4') { - goto l204 + if buffer[position] != rune('8') { + goto l206 } position++ { - position205, tokenIndex205 := position, tokenIndex - if buffer[position] != rune('b') { - goto l206 - } - position++ - goto l205 - l206: - position, tokenIndex = position205, tokenIndex205 - if buffer[position] != rune('B') { - goto l204 - } - position++ - } - l205: - { position207, tokenIndex207 := position, tokenIndex - if buffer[position] != rune('y') { + if buffer[position] != rune('b') { goto l208 } position++ goto l207 l208: position, tokenIndex = position207, tokenIndex207 - if buffer[position] != rune('Y') { - goto l204 + if buffer[position] != rune('B') { + goto l206 } position++ } l207: { position209, tokenIndex209 := position, tokenIndex - if buffer[position] != rune('t') { + if buffer[position] != rune('y') { goto l210 } position++ goto l209 l210: position, tokenIndex = position209, tokenIndex209 - if buffer[position] != rune('T') { - goto l204 + if buffer[position] != rune('Y') { + goto l206 } position++ } l209: { position211, tokenIndex211 := position, tokenIndex - if buffer[position] != rune('e') { + if buffer[position] != rune('t') { goto l212 } position++ goto l211 l212: position, tokenIndex = position211, tokenIndex211 - if buffer[position] != rune('E') { - goto l204 + if buffer[position] != rune('T') { + goto l206 } position++ } l211: - goto l149 - l204: - position, tokenIndex = position149, tokenIndex149 - if buffer[position] != rune('.') { - goto l213 - } - position++ { - position214, tokenIndex214 := position, tokenIndex - if buffer[position] != rune('q') { - goto l215 + position213, tokenIndex213 := position, tokenIndex + if buffer[position] != rune('e') { + goto l214 } position++ - goto l214 - l215: - position, tokenIndex = position214, tokenIndex214 - if buffer[position] != rune('Q') { - goto l213 + goto l213 + l214: + position, tokenIndex = position213, tokenIndex213 + if buffer[position] != rune('E') { + goto l206 } position++ } - l214: + l213: + goto l149 + l206: + position, tokenIndex = position149, tokenIndex149 + if buffer[position] != rune('.') { + goto l215 + } + position++ + if buffer[position] != rune('4') { + goto l215 + } + position++ { position216, tokenIndex216 := position, tokenIndex - if buffer[position] != rune('u') { + if buffer[position] != rune('b') { goto l217 } position++ goto l216 l217: position, tokenIndex = position216, tokenIndex216 - if buffer[position] != rune('U') { - goto l213 + if buffer[position] != rune('B') { + goto l215 } position++ } l216: { position218, tokenIndex218 := position, tokenIndex - if buffer[position] != rune('a') { + if buffer[position] != rune('y') { goto l219 } position++ goto l218 l219: position, tokenIndex = position218, tokenIndex218 - if buffer[position] != rune('A') { - goto l213 + if buffer[position] != rune('Y') { + goto l215 } position++ } l218: { position220, tokenIndex220 := position, tokenIndex - if buffer[position] != rune('d') { + if buffer[position] != rune('t') { goto l221 } position++ goto l220 l221: position, tokenIndex = position220, tokenIndex220 - if buffer[position] != rune('D') { - goto l213 + if buffer[position] != rune('T') { + goto l215 } position++ } l220: - goto l149 - l213: - position, tokenIndex = position149, tokenIndex149 - if buffer[position] != rune('.') { - goto l222 - } - position++ { - position223, tokenIndex223 := position, tokenIndex - if buffer[position] != rune('t') { - goto l224 + position222, tokenIndex222 := position, tokenIndex + if buffer[position] != rune('e') { + goto l223 } position++ - goto l223 - l224: - position, tokenIndex = position223, tokenIndex223 - if buffer[position] != rune('T') { - goto l222 + goto l222 + l223: + position, tokenIndex = position222, tokenIndex222 + if buffer[position] != rune('E') { + goto l215 } position++ } - l223: + l222: + goto l149 + l215: + position, tokenIndex = position149, tokenIndex149 + if buffer[position] != rune('.') { + goto l224 + } + position++ { position225, tokenIndex225 := position, tokenIndex - if buffer[position] != rune('c') { + if buffer[position] != rune('q') { goto l226 } position++ goto l225 l226: position, tokenIndex = position225, tokenIndex225 - if buffer[position] != rune('C') { - goto l222 + if buffer[position] != rune('Q') { + goto l224 } position++ } l225: - goto l149 - l222: - position, tokenIndex = position149, tokenIndex149 - if buffer[position] != rune('.') { - goto l227 - } - position++ { - position228, tokenIndex228 := position, tokenIndex - if buffer[position] != rune('l') { - goto l229 + position227, tokenIndex227 := position, tokenIndex + if buffer[position] != rune('u') { + goto l228 } position++ - goto l228 - l229: - position, tokenIndex = position228, tokenIndex228 - if buffer[position] != rune('L') { - goto l227 + goto l227 + l228: + position, tokenIndex = position227, tokenIndex227 + if buffer[position] != rune('U') { + goto l224 } position++ } - l228: + l227: { - position230, tokenIndex230 := position, tokenIndex - if buffer[position] != rune('o') { - goto l231 + position229, tokenIndex229 := position, tokenIndex + if buffer[position] != rune('a') { + goto l230 } position++ - goto l230 - l231: - position, tokenIndex = position230, tokenIndex230 - if buffer[position] != rune('O') { - goto l227 + goto l229 + l230: + position, tokenIndex = position229, tokenIndex229 + if buffer[position] != rune('A') { + goto l224 } position++ } - l230: + l229: { - position232, tokenIndex232 := position, tokenIndex - if buffer[position] != rune('c') { - goto l233 + position231, tokenIndex231 := position, tokenIndex + if buffer[position] != rune('d') { + goto l232 } position++ - goto l232 - l233: - position, tokenIndex = position232, tokenIndex232 - if buffer[position] != rune('C') { - goto l227 + goto l231 + l232: + position, tokenIndex = position231, tokenIndex231 + if buffer[position] != rune('D') { + goto l224 } position++ } - l232: + l231: + goto l149 + l224: + position, tokenIndex = position149, tokenIndex149 + if buffer[position] != rune('.') { + goto l233 + } + position++ { position234, tokenIndex234 := position, tokenIndex - if buffer[position] != rune('a') { + if buffer[position] != rune('t') { goto l235 } position++ goto l234 l235: position, tokenIndex = position234, tokenIndex234 - if buffer[position] != rune('A') { - goto l227 + if buffer[position] != rune('T') { + goto l233 } position++ } l234: { position236, tokenIndex236 := position, tokenIndex - if buffer[position] != rune('l') { + if buffer[position] != rune('c') { goto l237 } position++ goto l236 l237: position, tokenIndex = position236, tokenIndex236 - if buffer[position] != rune('L') { - goto l227 + if buffer[position] != rune('C') { + goto l233 } position++ } l236: + goto l149 + l233: + position, tokenIndex = position149, tokenIndex149 + if buffer[position] != rune('.') { + goto l238 + } + position++ { - position238, tokenIndex238 := position, tokenIndex - if buffer[position] != rune('e') { - goto l239 + position239, tokenIndex239 := position, tokenIndex + if buffer[position] != rune('l') { + goto l240 } position++ - goto l238 - l239: - position, tokenIndex = position238, tokenIndex238 - if buffer[position] != rune('E') { - goto l227 + goto l239 + l240: + position, tokenIndex = position239, tokenIndex239 + if buffer[position] != rune('L') { + goto l238 } position++ } - l238: + l239: { - position240, tokenIndex240 := position, tokenIndex - if buffer[position] != rune('n') { - goto l241 + position241, tokenIndex241 := position, tokenIndex + if buffer[position] != rune('o') { + goto l242 } position++ - goto l240 - l241: - position, tokenIndex = position240, tokenIndex240 - if buffer[position] != rune('N') { - goto l227 + goto l241 + l242: + position, tokenIndex = position241, tokenIndex241 + if buffer[position] != rune('O') { + goto l238 } position++ } - l240: + l241: { - position242, tokenIndex242 := position, tokenIndex - if buffer[position] != rune('t') { - goto l243 + position243, tokenIndex243 := position, tokenIndex + if buffer[position] != rune('c') { + goto l244 } position++ - goto l242 - l243: - position, tokenIndex = position242, tokenIndex242 - if buffer[position] != rune('T') { - goto l227 + goto l243 + l244: + position, tokenIndex = position243, tokenIndex243 + if buffer[position] != rune('C') { + goto l238 } position++ } - l242: + l243: { - position244, tokenIndex244 := position, tokenIndex - if buffer[position] != rune('r') { - goto l245 + position245, tokenIndex245 := position, tokenIndex + if buffer[position] != rune('a') { + goto l246 } position++ - goto l244 - l245: - position, tokenIndex = position244, tokenIndex244 - if buffer[position] != rune('R') { - goto l227 + goto l245 + l246: + position, tokenIndex = position245, tokenIndex245 + if buffer[position] != rune('A') { + goto l238 } position++ } - l244: + l245: { - position246, tokenIndex246 := position, tokenIndex - if buffer[position] != rune('y') { - goto l247 + position247, tokenIndex247 := position, tokenIndex + if buffer[position] != rune('l') { + goto l248 } position++ - goto l246 - l247: - position, tokenIndex = position246, tokenIndex246 - if buffer[position] != rune('Y') { - goto l227 + goto l247 + l248: + position, tokenIndex = position247, tokenIndex247 + if buffer[position] != rune('L') { + goto l238 } position++ } - l246: - goto l149 - l227: - position, tokenIndex = position149, tokenIndex149 - if buffer[position] != rune('.') { - goto l248 - } - position++ + l247: { position249, tokenIndex249 := position, tokenIndex - if buffer[position] != rune('s') { + if buffer[position] != rune('e') { goto l250 } position++ goto l249 l250: position, tokenIndex = position249, tokenIndex249 - if buffer[position] != rune('S') { - goto l248 + if buffer[position] != rune('E') { + goto l238 } position++ } l249: { position251, tokenIndex251 := position, tokenIndex - if buffer[position] != rune('i') { + if buffer[position] != rune('n') { goto l252 } position++ goto l251 l252: position, tokenIndex = position251, tokenIndex251 - if buffer[position] != rune('I') { - goto l248 + if buffer[position] != rune('N') { + goto l238 } position++ } l251: { position253, tokenIndex253 := position, tokenIndex - if buffer[position] != rune('z') { + if buffer[position] != rune('t') { goto l254 } position++ goto l253 l254: position, tokenIndex = position253, tokenIndex253 - if buffer[position] != rune('Z') { - goto l248 + if buffer[position] != rune('T') { + goto l238 } position++ } l253: { position255, tokenIndex255 := position, tokenIndex - if buffer[position] != rune('e') { + if buffer[position] != rune('r') { goto l256 } position++ goto l255 l256: position, tokenIndex = position255, tokenIndex255 - if buffer[position] != rune('E') { - goto l248 + if buffer[position] != rune('R') { + goto l238 } position++ } l255: - goto l149 - l248: - position, tokenIndex = position149, tokenIndex149 - if buffer[position] != rune('.') { - goto l257 - } - position++ { - position258, tokenIndex258 := position, tokenIndex - if buffer[position] != rune('t') { - goto l259 + position257, tokenIndex257 := position, tokenIndex + if buffer[position] != rune('y') { + goto l258 } position++ - goto l258 - l259: - position, tokenIndex = position258, tokenIndex258 - if buffer[position] != rune('T') { - goto l257 + goto l257 + l258: + position, tokenIndex = position257, tokenIndex257 + if buffer[position] != rune('Y') { + goto l238 } position++ } - l258: + l257: + goto l149 + l238: + position, tokenIndex = position149, tokenIndex149 + if buffer[position] != rune('.') { + goto l259 + } + position++ { position260, tokenIndex260 := position, tokenIndex - if buffer[position] != rune('y') { + if buffer[position] != rune('s') { goto l261 } position++ goto l260 l261: position, tokenIndex = position260, tokenIndex260 - if buffer[position] != rune('Y') { - goto l257 + if buffer[position] != rune('S') { + goto l259 } position++ } l260: { position262, tokenIndex262 := position, tokenIndex - if buffer[position] != rune('p') { + if buffer[position] != rune('i') { goto l263 } position++ goto l262 l263: position, tokenIndex = position262, tokenIndex262 - if buffer[position] != rune('P') { - goto l257 + if buffer[position] != rune('I') { + goto l259 } position++ } l262: { position264, tokenIndex264 := position, tokenIndex - if buffer[position] != rune('e') { + if buffer[position] != rune('z') { goto l265 } position++ goto l264 l265: position, tokenIndex = position264, tokenIndex264 - if buffer[position] != rune('E') { - goto l257 + if buffer[position] != rune('Z') { + goto l259 } position++ } l264: - goto l149 - l257: - position, tokenIndex = position149, tokenIndex149 - if buffer[position] != rune('.') { - goto l266 - } - position++ { - position267, tokenIndex267 := position, tokenIndex - if buffer[position] != rune('u') { - goto l268 + position266, tokenIndex266 := position, tokenIndex + if buffer[position] != rune('e') { + goto l267 } position++ - goto l267 - l268: - position, tokenIndex = position267, tokenIndex267 - if buffer[position] != rune('U') { - goto l266 + goto l266 + l267: + position, tokenIndex = position266, tokenIndex266 + if buffer[position] != rune('E') { + goto l259 } position++ } - l267: + l266: + goto l149 + l259: + position, tokenIndex = position149, tokenIndex149 + if buffer[position] != rune('.') { + goto l268 + } + position++ { position269, tokenIndex269 := position, tokenIndex - if buffer[position] != rune('l') { + if buffer[position] != rune('t') { goto l270 } position++ goto l269 l270: position, tokenIndex = position269, tokenIndex269 - if buffer[position] != rune('L') { - goto l266 + if buffer[position] != rune('T') { + goto l268 } position++ } l269: { position271, tokenIndex271 := position, tokenIndex - if buffer[position] != rune('e') { + if buffer[position] != rune('y') { goto l272 } position++ goto l271 l272: position, tokenIndex = position271, tokenIndex271 - if buffer[position] != rune('E') { - goto l266 + if buffer[position] != rune('Y') { + goto l268 } position++ } l271: { position273, tokenIndex273 := position, tokenIndex - if buffer[position] != rune('b') { + if buffer[position] != rune('p') { goto l274 } position++ goto l273 l274: position, tokenIndex = position273, tokenIndex273 - if buffer[position] != rune('B') { - goto l266 + if buffer[position] != rune('P') { + goto l268 } position++ } l273: + { + position275, tokenIndex275 := position, tokenIndex + if buffer[position] != rune('e') { + goto l276 + } + position++ + goto l275 + l276: + position, tokenIndex = position275, tokenIndex275 + if buffer[position] != rune('E') { + goto l268 + } + position++ + } + l275: + goto l149 + l268: + position, tokenIndex = position149, tokenIndex149 + if buffer[position] != rune('.') { + goto l277 + } + position++ + { + position278, tokenIndex278 := position, tokenIndex + if buffer[position] != rune('u') { + goto l279 + } + position++ + goto l278 + l279: + position, tokenIndex = position278, tokenIndex278 + if buffer[position] != rune('U') { + goto l277 + } + position++ + } + l278: + { + position280, tokenIndex280 := position, tokenIndex + if buffer[position] != rune('l') { + goto l281 + } + position++ + goto l280 + l281: + position, tokenIndex = position280, tokenIndex280 + if buffer[position] != rune('L') { + goto l277 + } + position++ + } + l280: + { + position282, tokenIndex282 := position, tokenIndex + if buffer[position] != rune('e') { + goto l283 + } + position++ + goto l282 + l283: + position, tokenIndex = position282, tokenIndex282 + if buffer[position] != rune('E') { + goto l277 + } + position++ + } + l282: + { + position284, tokenIndex284 := position, tokenIndex + if buffer[position] != rune('b') { + goto l285 + } + position++ + goto l284 + l285: + position, tokenIndex = position284, tokenIndex284 + if buffer[position] != rune('B') { + goto l277 + } + position++ + } + l284: if buffer[position] != rune('1') { - goto l266 + goto l277 } position++ if buffer[position] != rune('2') { - goto l266 + goto l277 } position++ if buffer[position] != rune('8') { - goto l266 + goto l277 } position++ goto l149 - l266: + l277: position, tokenIndex = position149, tokenIndex149 if buffer[position] != rune('.') { goto l147 } position++ { - position275, tokenIndex275 := position, tokenIndex + position286, tokenIndex286 := position, tokenIndex if buffer[position] != rune('s') { - goto l276 + goto l287 } position++ - goto l275 - l276: - position, tokenIndex = position275, tokenIndex275 + goto l286 + l287: + position, tokenIndex = position286, tokenIndex286 if buffer[position] != rune('S') { goto l147 } position++ } - l275: + l286: { - position277, tokenIndex277 := position, tokenIndex + position288, tokenIndex288 := position, tokenIndex if buffer[position] != rune('l') { - goto l278 + goto l289 } position++ - goto l277 - l278: - position, tokenIndex = position277, tokenIndex277 + goto l288 + l289: + position, tokenIndex = position288, tokenIndex288 if buffer[position] != rune('L') { goto l147 } position++ } - l277: + l288: { - position279, tokenIndex279 := position, tokenIndex + position290, tokenIndex290 := position, tokenIndex if buffer[position] != rune('e') { - goto l280 + goto l291 } position++ - goto l279 - l280: - position, tokenIndex = position279, tokenIndex279 + goto l290 + l291: + position, tokenIndex = position290, tokenIndex290 if buffer[position] != rune('E') { goto l147 } position++ } - l279: + l290: { - position281, tokenIndex281 := position, tokenIndex + position292, tokenIndex292 := position, tokenIndex if buffer[position] != rune('b') { - goto l282 + goto l293 } position++ - goto l281 - l282: - position, tokenIndex = position281, tokenIndex281 + goto l292 + l293: + position, tokenIndex = position292, tokenIndex292 if buffer[position] != rune('B') { goto l147 } position++ } - l281: + l292: if buffer[position] != rune('1') { goto l147 } @@ -2470,3917 +2552,3917 @@ func (p *Asm) Init(options ...func(*Asm) error) error { }, /* 14 SymbolArgs <- <(SymbolArg (WS? ',' WS? SymbolArg)*)> */ func() bool { - position283, tokenIndex283 := position, tokenIndex + position294, tokenIndex294 := position, tokenIndex { - position284 := position + position295 := position if !_rules[ruleSymbolArg]() { - goto l283 + goto l294 } - l285: + l296: { - position286, tokenIndex286 := position, tokenIndex + position297, tokenIndex297 := position, tokenIndex { - position287, tokenIndex287 := position, tokenIndex + position298, tokenIndex298 := position, tokenIndex if !_rules[ruleWS]() { - goto l287 + goto l298 } - goto l288 - l287: - position, tokenIndex = position287, tokenIndex287 + goto l299 + l298: + position, tokenIndex = position298, tokenIndex298 } - l288: + l299: if buffer[position] != rune(',') { - goto l286 + goto l297 } position++ { - position289, tokenIndex289 := position, tokenIndex + position300, tokenIndex300 := position, tokenIndex if !_rules[ruleWS]() { - goto l289 + goto l300 } - goto l290 - l289: - position, tokenIndex = position289, tokenIndex289 + goto l301 + l300: + position, tokenIndex = position300, tokenIndex300 } - l290: + l301: if !_rules[ruleSymbolArg]() { - goto l286 + goto l297 } - goto l285 - l286: - position, tokenIndex = position286, tokenIndex286 + goto l296 + l297: + position, tokenIndex = position297, tokenIndex297 } - add(ruleSymbolArgs, position284) + add(ruleSymbolArgs, position295) } return true - l283: - position, tokenIndex = position283, tokenIndex283 + l294: + position, tokenIndex = position294, tokenIndex294 return false }, /* 15 SymbolArg <- <SymbolExpr> */ func() bool { - position291, tokenIndex291 := position, tokenIndex + position302, tokenIndex302 := position, tokenIndex { - position292 := position + position303 := position if !_rules[ruleSymbolExpr]() { - goto l291 + goto l302 } - add(ruleSymbolArg, position292) + add(ruleSymbolArg, position303) } return true - l291: - position, tokenIndex = position291, tokenIndex291 + l302: + position, tokenIndex = position302, tokenIndex302 return false }, /* 16 SymbolExpr <- <(SymbolAtom (WS? SymbolOperator WS? SymbolExpr)?)> */ func() bool { - position293, tokenIndex293 := position, tokenIndex + position304, tokenIndex304 := position, tokenIndex { - position294 := position + position305 := position if !_rules[ruleSymbolAtom]() { - goto l293 + goto l304 } { - position295, tokenIndex295 := position, tokenIndex + position306, tokenIndex306 := position, tokenIndex { - position297, tokenIndex297 := position, tokenIndex + position308, tokenIndex308 := position, tokenIndex if !_rules[ruleWS]() { - goto l297 + goto l308 } - goto l298 - l297: - position, tokenIndex = position297, tokenIndex297 + goto l309 + l308: + position, tokenIndex = position308, tokenIndex308 } - l298: + l309: if !_rules[ruleSymbolOperator]() { - goto l295 + goto l306 } { - position299, tokenIndex299 := position, tokenIndex + position310, tokenIndex310 := position, tokenIndex if !_rules[ruleWS]() { - goto l299 + goto l310 } - goto l300 - l299: - position, tokenIndex = position299, tokenIndex299 + goto l311 + l310: + position, tokenIndex = position310, tokenIndex310 } - l300: + l311: if !_rules[ruleSymbolExpr]() { - goto l295 + goto l306 } - goto l296 - l295: - position, tokenIndex = position295, tokenIndex295 + goto l307 + l306: + position, tokenIndex = position306, tokenIndex306 } - l296: - add(ruleSymbolExpr, position294) + l307: + add(ruleSymbolExpr, position305) } return true - l293: - position, tokenIndex = position293, tokenIndex293 + l304: + position, tokenIndex = position304, tokenIndex304 return false }, /* 17 SymbolAtom <- <(Offset / SymbolType / (LocalSymbol TCMarker?) / (SymbolName Offset) / (SymbolName TCMarker?) / Dot / (OpenParen WS? SymbolExpr WS? CloseParen))> */ func() bool { - position301, tokenIndex301 := position, tokenIndex + position312, tokenIndex312 := position, tokenIndex { - position302 := position + position313 := position { - position303, tokenIndex303 := position, tokenIndex + position314, tokenIndex314 := position, tokenIndex if !_rules[ruleOffset]() { - goto l304 + goto l315 } - goto l303 - l304: - position, tokenIndex = position303, tokenIndex303 + goto l314 + l315: + position, tokenIndex = position314, tokenIndex314 if !_rules[ruleSymbolType]() { - goto l305 + goto l316 } - goto l303 - l305: - position, tokenIndex = position303, tokenIndex303 + goto l314 + l316: + position, tokenIndex = position314, tokenIndex314 if !_rules[ruleLocalSymbol]() { - goto l306 + goto l317 } { - position307, tokenIndex307 := position, tokenIndex + position318, tokenIndex318 := position, tokenIndex if !_rules[ruleTCMarker]() { - goto l307 + goto l318 } - goto l308 - l307: - position, tokenIndex = position307, tokenIndex307 + goto l319 + l318: + position, tokenIndex = position318, tokenIndex318 } - l308: - goto l303 - l306: - position, tokenIndex = position303, tokenIndex303 + l319: + goto l314 + l317: + position, tokenIndex = position314, tokenIndex314 if !_rules[ruleSymbolName]() { - goto l309 + goto l320 } if !_rules[ruleOffset]() { - goto l309 + goto l320 } - goto l303 - l309: - position, tokenIndex = position303, tokenIndex303 + goto l314 + l320: + position, tokenIndex = position314, tokenIndex314 if !_rules[ruleSymbolName]() { - goto l310 + goto l321 } { - position311, tokenIndex311 := position, tokenIndex + position322, tokenIndex322 := position, tokenIndex if !_rules[ruleTCMarker]() { - goto l311 + goto l322 } - goto l312 - l311: - position, tokenIndex = position311, tokenIndex311 + goto l323 + l322: + position, tokenIndex = position322, tokenIndex322 } - l312: - goto l303 - l310: - position, tokenIndex = position303, tokenIndex303 + l323: + goto l314 + l321: + position, tokenIndex = position314, tokenIndex314 if !_rules[ruleDot]() { - goto l313 + goto l324 } - goto l303 - l313: - position, tokenIndex = position303, tokenIndex303 + goto l314 + l324: + position, tokenIndex = position314, tokenIndex314 if !_rules[ruleOpenParen]() { - goto l301 + goto l312 } { - position314, tokenIndex314 := position, tokenIndex + position325, tokenIndex325 := position, tokenIndex if !_rules[ruleWS]() { - goto l314 + goto l325 } - goto l315 - l314: - position, tokenIndex = position314, tokenIndex314 + goto l326 + l325: + position, tokenIndex = position325, tokenIndex325 } - l315: + l326: if !_rules[ruleSymbolExpr]() { - goto l301 + goto l312 } { - position316, tokenIndex316 := position, tokenIndex + position327, tokenIndex327 := position, tokenIndex if !_rules[ruleWS]() { - goto l316 + goto l327 } - goto l317 - l316: - position, tokenIndex = position316, tokenIndex316 + goto l328 + l327: + position, tokenIndex = position327, tokenIndex327 } - l317: + l328: if !_rules[ruleCloseParen]() { - goto l301 + goto l312 } } - l303: - add(ruleSymbolAtom, position302) + l314: + add(ruleSymbolAtom, position313) } return true - l301: - position, tokenIndex = position301, tokenIndex301 + l312: + position, tokenIndex = position312, tokenIndex312 return false }, /* 18 SymbolOperator <- <('+' / '-' / '|' / ('<' '<') / ('>' '>'))> */ func() bool { - position318, tokenIndex318 := position, tokenIndex + position329, tokenIndex329 := position, tokenIndex { - position319 := position + position330 := position { - position320, tokenIndex320 := position, tokenIndex + position331, tokenIndex331 := position, tokenIndex if buffer[position] != rune('+') { - goto l321 + goto l332 } position++ - goto l320 - l321: - position, tokenIndex = position320, tokenIndex320 + goto l331 + l332: + position, tokenIndex = position331, tokenIndex331 if buffer[position] != rune('-') { - goto l322 + goto l333 } position++ - goto l320 - l322: - position, tokenIndex = position320, tokenIndex320 + goto l331 + l333: + position, tokenIndex = position331, tokenIndex331 if buffer[position] != rune('|') { - goto l323 + goto l334 } position++ - goto l320 - l323: - position, tokenIndex = position320, tokenIndex320 + goto l331 + l334: + position, tokenIndex = position331, tokenIndex331 if buffer[position] != rune('<') { - goto l324 + goto l335 } position++ if buffer[position] != rune('<') { - goto l324 + goto l335 } position++ - goto l320 - l324: - position, tokenIndex = position320, tokenIndex320 + goto l331 + l335: + position, tokenIndex = position331, tokenIndex331 if buffer[position] != rune('>') { - goto l318 + goto l329 } position++ if buffer[position] != rune('>') { - goto l318 + goto l329 } position++ } - l320: - add(ruleSymbolOperator, position319) + l331: + add(ruleSymbolOperator, position330) } return true - l318: - position, tokenIndex = position318, tokenIndex318 + l329: + position, tokenIndex = position329, tokenIndex329 return false }, /* 19 OpenParen <- <'('> */ func() bool { - position325, tokenIndex325 := position, tokenIndex + position336, tokenIndex336 := position, tokenIndex { - position326 := position + position337 := position if buffer[position] != rune('(') { - goto l325 + goto l336 } position++ - add(ruleOpenParen, position326) + add(ruleOpenParen, position337) } return true - l325: - position, tokenIndex = position325, tokenIndex325 + l336: + position, tokenIndex = position336, tokenIndex336 return false }, /* 20 CloseParen <- <')'> */ func() bool { - position327, tokenIndex327 := position, tokenIndex + position338, tokenIndex338 := position, tokenIndex { - position328 := position + position339 := position if buffer[position] != rune(')') { - goto l327 + goto l338 } position++ - add(ruleCloseParen, position328) + add(ruleCloseParen, position339) } return true - l327: - position, tokenIndex = position327, tokenIndex327 + l338: + position, tokenIndex = position338, tokenIndex338 return false }, /* 21 SymbolType <- <(('@' / '%') (('f' 'u' 'n' 'c' 't' 'i' 'o' 'n') / ('o' 'b' 'j' 'e' 'c' 't')))> */ func() bool { - position329, tokenIndex329 := position, tokenIndex + position340, tokenIndex340 := position, tokenIndex { - position330 := position + position341 := position { - position331, tokenIndex331 := position, tokenIndex + position342, tokenIndex342 := position, tokenIndex if buffer[position] != rune('@') { - goto l332 + goto l343 } position++ - goto l331 - l332: - position, tokenIndex = position331, tokenIndex331 + goto l342 + l343: + position, tokenIndex = position342, tokenIndex342 if buffer[position] != rune('%') { - goto l329 + goto l340 } position++ } - l331: + l342: { - position333, tokenIndex333 := position, tokenIndex + position344, tokenIndex344 := position, tokenIndex if buffer[position] != rune('f') { - goto l334 + goto l345 } position++ if buffer[position] != rune('u') { - goto l334 + goto l345 } position++ if buffer[position] != rune('n') { - goto l334 + goto l345 } position++ if buffer[position] != rune('c') { - goto l334 + goto l345 } position++ if buffer[position] != rune('t') { - goto l334 + goto l345 } position++ if buffer[position] != rune('i') { - goto l334 + goto l345 } position++ if buffer[position] != rune('o') { - goto l334 + goto l345 } position++ if buffer[position] != rune('n') { - goto l334 + goto l345 } position++ - goto l333 - l334: - position, tokenIndex = position333, tokenIndex333 + goto l344 + l345: + position, tokenIndex = position344, tokenIndex344 if buffer[position] != rune('o') { - goto l329 + goto l340 } position++ if buffer[position] != rune('b') { - goto l329 + goto l340 } position++ if buffer[position] != rune('j') { - goto l329 + goto l340 } position++ if buffer[position] != rune('e') { - goto l329 + goto l340 } position++ if buffer[position] != rune('c') { - goto l329 + goto l340 } position++ if buffer[position] != rune('t') { - goto l329 + goto l340 } position++ } - l333: - add(ruleSymbolType, position330) + l344: + add(ruleSymbolType, position341) } return true - l329: - position, tokenIndex = position329, tokenIndex329 + l340: + position, tokenIndex = position340, tokenIndex340 return false }, /* 22 Dot <- <'.'> */ func() bool { - position335, tokenIndex335 := position, tokenIndex + position346, tokenIndex346 := position, tokenIndex { - position336 := position + position347 := position if buffer[position] != rune('.') { - goto l335 + goto l346 } position++ - add(ruleDot, position336) + add(ruleDot, position347) } return true - l335: - position, tokenIndex = position335, tokenIndex335 + l346: + position, tokenIndex = position346, tokenIndex346 return false }, /* 23 TCMarker <- <('[' 'T' 'C' ']')> */ func() bool { - position337, tokenIndex337 := position, tokenIndex + position348, tokenIndex348 := position, tokenIndex { - position338 := position + position349 := position if buffer[position] != rune('[') { - goto l337 + goto l348 } position++ if buffer[position] != rune('T') { - goto l337 + goto l348 } position++ if buffer[position] != rune('C') { - goto l337 + goto l348 } position++ if buffer[position] != rune(']') { - goto l337 + goto l348 } position++ - add(ruleTCMarker, position338) + add(ruleTCMarker, position349) } return true - l337: - position, tokenIndex = position337, tokenIndex337 + l348: + position, tokenIndex = position348, tokenIndex348 return false }, /* 24 EscapedChar <- <('\\' .)> */ func() bool { - position339, tokenIndex339 := position, tokenIndex + position350, tokenIndex350 := position, tokenIndex { - position340 := position + position351 := position if buffer[position] != rune('\\') { - goto l339 + goto l350 } position++ if !matchDot() { - goto l339 + goto l350 } - add(ruleEscapedChar, position340) + add(ruleEscapedChar, position351) } return true - l339: - position, tokenIndex = position339, tokenIndex339 + l350: + position, tokenIndex = position350, tokenIndex350 return false }, /* 25 WS <- <(' ' / '\t')+> */ func() bool { - position341, tokenIndex341 := position, tokenIndex + position352, tokenIndex352 := position, tokenIndex { - position342 := position + position353 := position { - position345, tokenIndex345 := position, tokenIndex + position356, tokenIndex356 := position, tokenIndex if buffer[position] != rune(' ') { - goto l346 + goto l357 } position++ - goto l345 - l346: - position, tokenIndex = position345, tokenIndex345 + goto l356 + l357: + position, tokenIndex = position356, tokenIndex356 if buffer[position] != rune('\t') { - goto l341 + goto l352 } position++ } - l345: - l343: + l356: + l354: { - position344, tokenIndex344 := position, tokenIndex + position355, tokenIndex355 := position, tokenIndex { - position347, tokenIndex347 := position, tokenIndex + position358, tokenIndex358 := position, tokenIndex if buffer[position] != rune(' ') { - goto l348 + goto l359 } position++ - goto l347 - l348: - position, tokenIndex = position347, tokenIndex347 + goto l358 + l359: + position, tokenIndex = position358, tokenIndex358 if buffer[position] != rune('\t') { - goto l344 + goto l355 } position++ } - l347: - goto l343 - l344: - position, tokenIndex = position344, tokenIndex344 + l358: + goto l354 + l355: + position, tokenIndex = position355, tokenIndex355 } - add(ruleWS, position342) + add(ruleWS, position353) } return true - l341: - position, tokenIndex = position341, tokenIndex341 + l352: + position, tokenIndex = position352, tokenIndex352 return false }, /* 26 Comment <- <((('/' '/') / '#') (!'\n' .)*)> */ func() bool { - position349, tokenIndex349 := position, tokenIndex + position360, tokenIndex360 := position, tokenIndex { - position350 := position + position361 := position { - position351, tokenIndex351 := position, tokenIndex + position362, tokenIndex362 := position, tokenIndex if buffer[position] != rune('/') { - goto l352 + goto l363 } position++ if buffer[position] != rune('/') { - goto l352 + goto l363 } position++ - goto l351 - l352: - position, tokenIndex = position351, tokenIndex351 + goto l362 + l363: + position, tokenIndex = position362, tokenIndex362 if buffer[position] != rune('#') { - goto l349 + goto l360 } position++ } - l351: - l353: + l362: + l364: { - position354, tokenIndex354 := position, tokenIndex + position365, tokenIndex365 := position, tokenIndex { - position355, tokenIndex355 := position, tokenIndex + position366, tokenIndex366 := position, tokenIndex if buffer[position] != rune('\n') { - goto l355 + goto l366 } position++ - goto l354 - l355: - position, tokenIndex = position355, tokenIndex355 + goto l365 + l366: + position, tokenIndex = position366, tokenIndex366 } if !matchDot() { - goto l354 + goto l365 } - goto l353 - l354: - position, tokenIndex = position354, tokenIndex354 + goto l364 + l365: + position, tokenIndex = position365, tokenIndex365 } - add(ruleComment, position350) + add(ruleComment, position361) } return true - l349: - position, tokenIndex = position349, tokenIndex349 + l360: + position, tokenIndex = position360, tokenIndex360 return false }, /* 27 Label <- <((LocalSymbol / LocalLabel / SymbolName) ':')> */ func() bool { - position356, tokenIndex356 := position, tokenIndex + position367, tokenIndex367 := position, tokenIndex { - position357 := position + position368 := position { - position358, tokenIndex358 := position, tokenIndex + position369, tokenIndex369 := position, tokenIndex if !_rules[ruleLocalSymbol]() { - goto l359 + goto l370 } - goto l358 - l359: - position, tokenIndex = position358, tokenIndex358 + goto l369 + l370: + position, tokenIndex = position369, tokenIndex369 if !_rules[ruleLocalLabel]() { - goto l360 + goto l371 } - goto l358 - l360: - position, tokenIndex = position358, tokenIndex358 + goto l369 + l371: + position, tokenIndex = position369, tokenIndex369 if !_rules[ruleSymbolName]() { - goto l356 + goto l367 } } - l358: + l369: if buffer[position] != rune(':') { - goto l356 + goto l367 } position++ - add(ruleLabel, position357) + add(ruleLabel, position368) } return true - l356: - position, tokenIndex = position356, tokenIndex356 + l367: + position, tokenIndex = position367, tokenIndex367 return false }, /* 28 SymbolName <- <(([a-z] / [A-Z] / '.' / '_') ([a-z] / [A-Z] / '.' / ([0-9] / [0-9]) / '$' / '_')*)> */ func() bool { - position361, tokenIndex361 := position, tokenIndex + position372, tokenIndex372 := position, tokenIndex { - position362 := position + position373 := position { - position363, tokenIndex363 := position, tokenIndex + position374, tokenIndex374 := position, tokenIndex if c := buffer[position]; c < rune('a') || c > rune('z') { - goto l364 + goto l375 } position++ - goto l363 - l364: - position, tokenIndex = position363, tokenIndex363 + goto l374 + l375: + position, tokenIndex = position374, tokenIndex374 if c := buffer[position]; c < rune('A') || c > rune('Z') { - goto l365 + goto l376 } position++ - goto l363 - l365: - position, tokenIndex = position363, tokenIndex363 + goto l374 + l376: + position, tokenIndex = position374, tokenIndex374 if buffer[position] != rune('.') { - goto l366 + goto l377 } position++ - goto l363 - l366: - position, tokenIndex = position363, tokenIndex363 + goto l374 + l377: + position, tokenIndex = position374, tokenIndex374 if buffer[position] != rune('_') { - goto l361 + goto l372 } position++ } - l363: - l367: + l374: + l378: { - position368, tokenIndex368 := position, tokenIndex + position379, tokenIndex379 := position, tokenIndex { - position369, tokenIndex369 := position, tokenIndex + position380, tokenIndex380 := position, tokenIndex if c := buffer[position]; c < rune('a') || c > rune('z') { - goto l370 + goto l381 } position++ - goto l369 - l370: - position, tokenIndex = position369, tokenIndex369 + goto l380 + l381: + position, tokenIndex = position380, tokenIndex380 if c := buffer[position]; c < rune('A') || c > rune('Z') { - goto l371 + goto l382 } position++ - goto l369 - l371: - position, tokenIndex = position369, tokenIndex369 + goto l380 + l382: + position, tokenIndex = position380, tokenIndex380 if buffer[position] != rune('.') { - goto l372 + goto l383 } position++ - goto l369 - l372: - position, tokenIndex = position369, tokenIndex369 + goto l380 + l383: + position, tokenIndex = position380, tokenIndex380 { - position374, tokenIndex374 := position, tokenIndex + position385, tokenIndex385 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l375 + goto l386 } position++ - goto l374 - l375: - position, tokenIndex = position374, tokenIndex374 + goto l385 + l386: + position, tokenIndex = position385, tokenIndex385 if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l373 + goto l384 } position++ } - l374: - goto l369 - l373: - position, tokenIndex = position369, tokenIndex369 + l385: + goto l380 + l384: + position, tokenIndex = position380, tokenIndex380 if buffer[position] != rune('$') { - goto l376 + goto l387 } position++ - goto l369 - l376: - position, tokenIndex = position369, tokenIndex369 + goto l380 + l387: + position, tokenIndex = position380, tokenIndex380 if buffer[position] != rune('_') { - goto l368 + goto l379 } position++ } - l369: - goto l367 - l368: - position, tokenIndex = position368, tokenIndex368 + l380: + goto l378 + l379: + position, tokenIndex = position379, tokenIndex379 } - add(ruleSymbolName, position362) + add(ruleSymbolName, position373) } return true - l361: - position, tokenIndex = position361, tokenIndex361 + l372: + position, tokenIndex = position372, tokenIndex372 return false }, /* 29 LocalSymbol <- <('.' 'L' ([a-z] / [A-Z] / ([a-z] / [A-Z]) / '.' / ([0-9] / [0-9]) / '$' / '_')+)> */ func() bool { - position377, tokenIndex377 := position, tokenIndex + position388, tokenIndex388 := position, tokenIndex { - position378 := position + position389 := position if buffer[position] != rune('.') { - goto l377 + goto l388 } position++ if buffer[position] != rune('L') { - goto l377 + goto l388 } position++ { - position381, tokenIndex381 := position, tokenIndex + position392, tokenIndex392 := position, tokenIndex if c := buffer[position]; c < rune('a') || c > rune('z') { - goto l382 + goto l393 } position++ - goto l381 - l382: - position, tokenIndex = position381, tokenIndex381 + goto l392 + l393: + position, tokenIndex = position392, tokenIndex392 if c := buffer[position]; c < rune('A') || c > rune('Z') { - goto l383 + goto l394 } position++ - goto l381 - l383: - position, tokenIndex = position381, tokenIndex381 + goto l392 + l394: + position, tokenIndex = position392, tokenIndex392 { - position385, tokenIndex385 := position, tokenIndex + position396, tokenIndex396 := position, tokenIndex if c := buffer[position]; c < rune('a') || c > rune('z') { - goto l386 + goto l397 } position++ - goto l385 - l386: - position, tokenIndex = position385, tokenIndex385 + goto l396 + l397: + position, tokenIndex = position396, tokenIndex396 if c := buffer[position]; c < rune('A') || c > rune('Z') { - goto l384 + goto l395 } position++ } - l385: - goto l381 - l384: - position, tokenIndex = position381, tokenIndex381 + l396: + goto l392 + l395: + position, tokenIndex = position392, tokenIndex392 if buffer[position] != rune('.') { - goto l387 + goto l398 } position++ - goto l381 - l387: - position, tokenIndex = position381, tokenIndex381 + goto l392 + l398: + position, tokenIndex = position392, tokenIndex392 { - position389, tokenIndex389 := position, tokenIndex + position400, tokenIndex400 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l390 + goto l401 } position++ - goto l389 - l390: - position, tokenIndex = position389, tokenIndex389 + goto l400 + l401: + position, tokenIndex = position400, tokenIndex400 if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l388 + goto l399 } position++ } - l389: - goto l381 - l388: - position, tokenIndex = position381, tokenIndex381 + l400: + goto l392 + l399: + position, tokenIndex = position392, tokenIndex392 if buffer[position] != rune('$') { - goto l391 + goto l402 } position++ - goto l381 - l391: - position, tokenIndex = position381, tokenIndex381 + goto l392 + l402: + position, tokenIndex = position392, tokenIndex392 if buffer[position] != rune('_') { - goto l377 + goto l388 } position++ } - l381: - l379: + l392: + l390: { - position380, tokenIndex380 := position, tokenIndex + position391, tokenIndex391 := position, tokenIndex { - position392, tokenIndex392 := position, tokenIndex + position403, tokenIndex403 := position, tokenIndex if c := buffer[position]; c < rune('a') || c > rune('z') { - goto l393 + goto l404 } position++ - goto l392 - l393: - position, tokenIndex = position392, tokenIndex392 + goto l403 + l404: + position, tokenIndex = position403, tokenIndex403 if c := buffer[position]; c < rune('A') || c > rune('Z') { - goto l394 + goto l405 } position++ - goto l392 - l394: - position, tokenIndex = position392, tokenIndex392 + goto l403 + l405: + position, tokenIndex = position403, tokenIndex403 { - position396, tokenIndex396 := position, tokenIndex + position407, tokenIndex407 := position, tokenIndex if c := buffer[position]; c < rune('a') || c > rune('z') { - goto l397 + goto l408 } position++ - goto l396 - l397: - position, tokenIndex = position396, tokenIndex396 + goto l407 + l408: + position, tokenIndex = position407, tokenIndex407 if c := buffer[position]; c < rune('A') || c > rune('Z') { - goto l395 + goto l406 } position++ } - l396: - goto l392 - l395: - position, tokenIndex = position392, tokenIndex392 + l407: + goto l403 + l406: + position, tokenIndex = position403, tokenIndex403 if buffer[position] != rune('.') { - goto l398 + goto l409 } position++ - goto l392 - l398: - position, tokenIndex = position392, tokenIndex392 + goto l403 + l409: + position, tokenIndex = position403, tokenIndex403 { - position400, tokenIndex400 := position, tokenIndex + position411, tokenIndex411 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l401 + goto l412 } position++ - goto l400 - l401: - position, tokenIndex = position400, tokenIndex400 + goto l411 + l412: + position, tokenIndex = position411, tokenIndex411 if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l399 + goto l410 } position++ } - l400: - goto l392 - l399: - position, tokenIndex = position392, tokenIndex392 + l411: + goto l403 + l410: + position, tokenIndex = position403, tokenIndex403 if buffer[position] != rune('$') { - goto l402 + goto l413 } position++ - goto l392 - l402: - position, tokenIndex = position392, tokenIndex392 + goto l403 + l413: + position, tokenIndex = position403, tokenIndex403 if buffer[position] != rune('_') { - goto l380 + goto l391 } position++ } - l392: - goto l379 - l380: - position, tokenIndex = position380, tokenIndex380 + l403: + goto l390 + l391: + position, tokenIndex = position391, tokenIndex391 } - add(ruleLocalSymbol, position378) + add(ruleLocalSymbol, position389) } return true - l377: - position, tokenIndex = position377, tokenIndex377 + l388: + position, tokenIndex = position388, tokenIndex388 return false }, /* 30 LocalLabel <- <([0-9] ([0-9] / '$')*)> */ func() bool { - position403, tokenIndex403 := position, tokenIndex + position414, tokenIndex414 := position, tokenIndex { - position404 := position + position415 := position if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l403 + goto l414 } position++ - l405: + l416: { - position406, tokenIndex406 := position, tokenIndex + position417, tokenIndex417 := position, tokenIndex { - position407, tokenIndex407 := position, tokenIndex + position418, tokenIndex418 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l408 + goto l419 } position++ - goto l407 - l408: - position, tokenIndex = position407, tokenIndex407 + goto l418 + l419: + position, tokenIndex = position418, tokenIndex418 if buffer[position] != rune('$') { - goto l406 + goto l417 } position++ } - l407: - goto l405 - l406: - position, tokenIndex = position406, tokenIndex406 + l418: + goto l416 + l417: + position, tokenIndex = position417, tokenIndex417 } - add(ruleLocalLabel, position404) + add(ruleLocalLabel, position415) } return true - l403: - position, tokenIndex = position403, tokenIndex403 + l414: + position, tokenIndex = position414, tokenIndex414 return false }, /* 31 LocalLabelRef <- <([0-9] ([0-9] / '$')* ('b' / 'f'))> */ func() bool { - position409, tokenIndex409 := position, tokenIndex + position420, tokenIndex420 := position, tokenIndex { - position410 := position + position421 := position if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l409 + goto l420 } position++ - l411: + l422: { - position412, tokenIndex412 := position, tokenIndex + position423, tokenIndex423 := position, tokenIndex { - position413, tokenIndex413 := position, tokenIndex + position424, tokenIndex424 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l414 + goto l425 } position++ - goto l413 - l414: - position, tokenIndex = position413, tokenIndex413 + goto l424 + l425: + position, tokenIndex = position424, tokenIndex424 if buffer[position] != rune('$') { - goto l412 + goto l423 } position++ } - l413: - goto l411 - l412: - position, tokenIndex = position412, tokenIndex412 + l424: + goto l422 + l423: + position, tokenIndex = position423, tokenIndex423 } { - position415, tokenIndex415 := position, tokenIndex + position426, tokenIndex426 := position, tokenIndex if buffer[position] != rune('b') { - goto l416 + goto l427 } position++ - goto l415 - l416: - position, tokenIndex = position415, tokenIndex415 + goto l426 + l427: + position, tokenIndex = position426, tokenIndex426 if buffer[position] != rune('f') { - goto l409 + goto l420 } position++ } - l415: - add(ruleLocalLabelRef, position410) + l426: + add(ruleLocalLabelRef, position421) } return true - l409: - position, tokenIndex = position409, tokenIndex409 + l420: + position, tokenIndex = position420, tokenIndex420 return false }, /* 32 Instruction <- <(InstructionName (WS InstructionArg (WS? ',' WS? InstructionArg)*)?)> */ func() bool { - position417, tokenIndex417 := position, tokenIndex + position428, tokenIndex428 := position, tokenIndex { - position418 := position + position429 := position if !_rules[ruleInstructionName]() { - goto l417 + goto l428 } { - position419, tokenIndex419 := position, tokenIndex + position430, tokenIndex430 := position, tokenIndex if !_rules[ruleWS]() { - goto l419 + goto l430 } if !_rules[ruleInstructionArg]() { - goto l419 + goto l430 } - l421: + l432: { - position422, tokenIndex422 := position, tokenIndex + position433, tokenIndex433 := position, tokenIndex { - position423, tokenIndex423 := position, tokenIndex + position434, tokenIndex434 := position, tokenIndex if !_rules[ruleWS]() { - goto l423 + goto l434 } - goto l424 - l423: - position, tokenIndex = position423, tokenIndex423 + goto l435 + l434: + position, tokenIndex = position434, tokenIndex434 } - l424: + l435: if buffer[position] != rune(',') { - goto l422 + goto l433 } position++ { - position425, tokenIndex425 := position, tokenIndex + position436, tokenIndex436 := position, tokenIndex if !_rules[ruleWS]() { - goto l425 + goto l436 } - goto l426 - l425: - position, tokenIndex = position425, tokenIndex425 + goto l437 + l436: + position, tokenIndex = position436, tokenIndex436 } - l426: + l437: if !_rules[ruleInstructionArg]() { - goto l422 + goto l433 } - goto l421 - l422: - position, tokenIndex = position422, tokenIndex422 + goto l432 + l433: + position, tokenIndex = position433, tokenIndex433 } - goto l420 - l419: - position, tokenIndex = position419, tokenIndex419 + goto l431 + l430: + position, tokenIndex = position430, tokenIndex430 } - l420: - add(ruleInstruction, position418) + l431: + add(ruleInstruction, position429) } return true - l417: - position, tokenIndex = position417, tokenIndex417 + l428: + position, tokenIndex = position428, tokenIndex428 return false }, /* 33 InstructionName <- <(([a-z] / [A-Z]) ([a-z] / [A-Z] / '.' / ([0-9] / [0-9]))* ('.' / '+' / '-')?)> */ func() bool { - position427, tokenIndex427 := position, tokenIndex + position438, tokenIndex438 := position, tokenIndex { - position428 := position + position439 := position { - position429, tokenIndex429 := position, tokenIndex + position440, tokenIndex440 := position, tokenIndex if c := buffer[position]; c < rune('a') || c > rune('z') { - goto l430 + goto l441 } position++ - goto l429 - l430: - position, tokenIndex = position429, tokenIndex429 + goto l440 + l441: + position, tokenIndex = position440, tokenIndex440 if c := buffer[position]; c < rune('A') || c > rune('Z') { - goto l427 + goto l438 } position++ } - l429: - l431: + l440: + l442: { - position432, tokenIndex432 := position, tokenIndex + position443, tokenIndex443 := position, tokenIndex { - position433, tokenIndex433 := position, tokenIndex + position444, tokenIndex444 := position, tokenIndex if c := buffer[position]; c < rune('a') || c > rune('z') { - goto l434 + goto l445 } position++ - goto l433 - l434: - position, tokenIndex = position433, tokenIndex433 + goto l444 + l445: + position, tokenIndex = position444, tokenIndex444 if c := buffer[position]; c < rune('A') || c > rune('Z') { - goto l435 + goto l446 } position++ - goto l433 - l435: - position, tokenIndex = position433, tokenIndex433 + goto l444 + l446: + position, tokenIndex = position444, tokenIndex444 if buffer[position] != rune('.') { - goto l436 + goto l447 } position++ - goto l433 - l436: - position, tokenIndex = position433, tokenIndex433 + goto l444 + l447: + position, tokenIndex = position444, tokenIndex444 { - position437, tokenIndex437 := position, tokenIndex + position448, tokenIndex448 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l438 + goto l449 } position++ - goto l437 - l438: - position, tokenIndex = position437, tokenIndex437 + goto l448 + l449: + position, tokenIndex = position448, tokenIndex448 if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l432 + goto l443 } position++ } - l437: + l448: } - l433: - goto l431 - l432: - position, tokenIndex = position432, tokenIndex432 + l444: + goto l442 + l443: + position, tokenIndex = position443, tokenIndex443 } { - position439, tokenIndex439 := position, tokenIndex + position450, tokenIndex450 := position, tokenIndex { - position441, tokenIndex441 := position, tokenIndex + position452, tokenIndex452 := position, tokenIndex if buffer[position] != rune('.') { - goto l442 + goto l453 } position++ - goto l441 - l442: - position, tokenIndex = position441, tokenIndex441 + goto l452 + l453: + position, tokenIndex = position452, tokenIndex452 if buffer[position] != rune('+') { - goto l443 + goto l454 } position++ - goto l441 - l443: - position, tokenIndex = position441, tokenIndex441 + goto l452 + l454: + position, tokenIndex = position452, tokenIndex452 if buffer[position] != rune('-') { - goto l439 + goto l450 } position++ } - l441: - goto l440 - l439: - position, tokenIndex = position439, tokenIndex439 + l452: + goto l451 + l450: + position, tokenIndex = position450, tokenIndex450 } - l440: - add(ruleInstructionName, position428) + l451: + add(ruleInstructionName, position439) } return true - l427: - position, tokenIndex = position427, tokenIndex427 + l438: + position, tokenIndex = position438, tokenIndex438 return false }, /* 34 InstructionArg <- <(IndirectionIndicator? (ARMConstantTweak / RegisterOrConstant / LocalLabelRef / TOCRefHigh / TOCRefLow / GOTLocation / GOTSymbolOffset / MemoryRef) AVX512Token*)> */ func() bool { - position444, tokenIndex444 := position, tokenIndex + position455, tokenIndex455 := position, tokenIndex { - position445 := position + position456 := position { - position446, tokenIndex446 := position, tokenIndex + position457, tokenIndex457 := position, tokenIndex if !_rules[ruleIndirectionIndicator]() { - goto l446 + goto l457 } - goto l447 - l446: - position, tokenIndex = position446, tokenIndex446 + goto l458 + l457: + position, tokenIndex = position457, tokenIndex457 } - l447: + l458: { - position448, tokenIndex448 := position, tokenIndex + position459, tokenIndex459 := position, tokenIndex if !_rules[ruleARMConstantTweak]() { - goto l449 + goto l460 } - goto l448 - l449: - position, tokenIndex = position448, tokenIndex448 + goto l459 + l460: + position, tokenIndex = position459, tokenIndex459 if !_rules[ruleRegisterOrConstant]() { - goto l450 + goto l461 } - goto l448 - l450: - position, tokenIndex = position448, tokenIndex448 + goto l459 + l461: + position, tokenIndex = position459, tokenIndex459 if !_rules[ruleLocalLabelRef]() { - goto l451 + goto l462 } - goto l448 - l451: - position, tokenIndex = position448, tokenIndex448 + goto l459 + l462: + position, tokenIndex = position459, tokenIndex459 if !_rules[ruleTOCRefHigh]() { - goto l452 + goto l463 } - goto l448 - l452: - position, tokenIndex = position448, tokenIndex448 + goto l459 + l463: + position, tokenIndex = position459, tokenIndex459 if !_rules[ruleTOCRefLow]() { - goto l453 + goto l464 } - goto l448 - l453: - position, tokenIndex = position448, tokenIndex448 + goto l459 + l464: + position, tokenIndex = position459, tokenIndex459 if !_rules[ruleGOTLocation]() { - goto l454 + goto l465 } - goto l448 - l454: - position, tokenIndex = position448, tokenIndex448 + goto l459 + l465: + position, tokenIndex = position459, tokenIndex459 if !_rules[ruleGOTSymbolOffset]() { - goto l455 + goto l466 } - goto l448 - l455: - position, tokenIndex = position448, tokenIndex448 + goto l459 + l466: + position, tokenIndex = position459, tokenIndex459 if !_rules[ruleMemoryRef]() { - goto l444 + goto l455 } } - l448: - l456: + l459: + l467: { - position457, tokenIndex457 := position, tokenIndex + position468, tokenIndex468 := position, tokenIndex if !_rules[ruleAVX512Token]() { - goto l457 + goto l468 } - goto l456 - l457: - position, tokenIndex = position457, tokenIndex457 + goto l467 + l468: + position, tokenIndex = position468, tokenIndex468 } - add(ruleInstructionArg, position445) + add(ruleInstructionArg, position456) } return true - l444: - position, tokenIndex = position444, tokenIndex444 + l455: + position, tokenIndex = position455, tokenIndex455 return false }, /* 35 GOTLocation <- <('$' '_' 'G' 'L' 'O' 'B' 'A' 'L' '_' 'O' 'F' 'F' 'S' 'E' 'T' '_' 'T' 'A' 'B' 'L' 'E' '_' '-' LocalSymbol)> */ func() bool { - position458, tokenIndex458 := position, tokenIndex + position469, tokenIndex469 := position, tokenIndex { - position459 := position + position470 := position if buffer[position] != rune('$') { - goto l458 + goto l469 } position++ if buffer[position] != rune('_') { - goto l458 + goto l469 } position++ if buffer[position] != rune('G') { - goto l458 + goto l469 } position++ if buffer[position] != rune('L') { - goto l458 + goto l469 } position++ if buffer[position] != rune('O') { - goto l458 + goto l469 } position++ if buffer[position] != rune('B') { - goto l458 + goto l469 } position++ if buffer[position] != rune('A') { - goto l458 + goto l469 } position++ if buffer[position] != rune('L') { - goto l458 + goto l469 } position++ if buffer[position] != rune('_') { - goto l458 + goto l469 } position++ if buffer[position] != rune('O') { - goto l458 + goto l469 } position++ if buffer[position] != rune('F') { - goto l458 + goto l469 } position++ if buffer[position] != rune('F') { - goto l458 + goto l469 } position++ if buffer[position] != rune('S') { - goto l458 + goto l469 } position++ if buffer[position] != rune('E') { - goto l458 + goto l469 } position++ if buffer[position] != rune('T') { - goto l458 + goto l469 } position++ if buffer[position] != rune('_') { - goto l458 + goto l469 } position++ if buffer[position] != rune('T') { - goto l458 + goto l469 } position++ if buffer[position] != rune('A') { - goto l458 + goto l469 } position++ if buffer[position] != rune('B') { - goto l458 + goto l469 } position++ if buffer[position] != rune('L') { - goto l458 + goto l469 } position++ if buffer[position] != rune('E') { - goto l458 + goto l469 } position++ if buffer[position] != rune('_') { - goto l458 + goto l469 } position++ if buffer[position] != rune('-') { - goto l458 + goto l469 } position++ if !_rules[ruleLocalSymbol]() { - goto l458 + goto l469 } - add(ruleGOTLocation, position459) + add(ruleGOTLocation, position470) } return true - l458: - position, tokenIndex = position458, tokenIndex458 + l469: + position, tokenIndex = position469, tokenIndex469 return false }, /* 36 GOTSymbolOffset <- <(('$' SymbolName ('@' 'G' 'O' 'T') ('O' 'F' 'F')?) / (':' ('g' / 'G') ('o' / 'O') ('t' / 'T') ':' SymbolName))> */ func() bool { - position460, tokenIndex460 := position, tokenIndex + position471, tokenIndex471 := position, tokenIndex { - position461 := position + position472 := position { - position462, tokenIndex462 := position, tokenIndex + position473, tokenIndex473 := position, tokenIndex if buffer[position] != rune('$') { - goto l463 + goto l474 } position++ if !_rules[ruleSymbolName]() { - goto l463 + goto l474 } if buffer[position] != rune('@') { - goto l463 + goto l474 } position++ if buffer[position] != rune('G') { - goto l463 + goto l474 } position++ if buffer[position] != rune('O') { - goto l463 + goto l474 } position++ if buffer[position] != rune('T') { - goto l463 + goto l474 } position++ { - position464, tokenIndex464 := position, tokenIndex + position475, tokenIndex475 := position, tokenIndex if buffer[position] != rune('O') { - goto l464 + goto l475 } position++ if buffer[position] != rune('F') { - goto l464 + goto l475 } position++ if buffer[position] != rune('F') { - goto l464 + goto l475 } position++ - goto l465 - l464: - position, tokenIndex = position464, tokenIndex464 + goto l476 + l475: + position, tokenIndex = position475, tokenIndex475 } - l465: - goto l462 - l463: - position, tokenIndex = position462, tokenIndex462 + l476: + goto l473 + l474: + position, tokenIndex = position473, tokenIndex473 if buffer[position] != rune(':') { - goto l460 + goto l471 } position++ { - position466, tokenIndex466 := position, tokenIndex + position477, tokenIndex477 := position, tokenIndex if buffer[position] != rune('g') { - goto l467 + goto l478 } position++ - goto l466 - l467: - position, tokenIndex = position466, tokenIndex466 + goto l477 + l478: + position, tokenIndex = position477, tokenIndex477 if buffer[position] != rune('G') { - goto l460 + goto l471 } position++ } - l466: + l477: { - position468, tokenIndex468 := position, tokenIndex + position479, tokenIndex479 := position, tokenIndex if buffer[position] != rune('o') { - goto l469 + goto l480 } position++ - goto l468 - l469: - position, tokenIndex = position468, tokenIndex468 + goto l479 + l480: + position, tokenIndex = position479, tokenIndex479 if buffer[position] != rune('O') { - goto l460 + goto l471 } position++ } - l468: + l479: { - position470, tokenIndex470 := position, tokenIndex + position481, tokenIndex481 := position, tokenIndex if buffer[position] != rune('t') { - goto l471 + goto l482 } position++ - goto l470 - l471: - position, tokenIndex = position470, tokenIndex470 + goto l481 + l482: + position, tokenIndex = position481, tokenIndex481 if buffer[position] != rune('T') { - goto l460 + goto l471 } position++ } - l470: + l481: if buffer[position] != rune(':') { - goto l460 + goto l471 } position++ if !_rules[ruleSymbolName]() { - goto l460 + goto l471 } } - l462: - add(ruleGOTSymbolOffset, position461) + l473: + add(ruleGOTSymbolOffset, position472) } return true - l460: - position, tokenIndex = position460, tokenIndex460 + l471: + position, tokenIndex = position471, tokenIndex471 return false }, /* 37 AVX512Token <- <(WS? '{' '%'? ([0-9] / [a-z])* '}')> */ func() bool { - position472, tokenIndex472 := position, tokenIndex + position483, tokenIndex483 := position, tokenIndex { - position473 := position + position484 := position { - position474, tokenIndex474 := position, tokenIndex + position485, tokenIndex485 := position, tokenIndex if !_rules[ruleWS]() { - goto l474 + goto l485 } - goto l475 - l474: - position, tokenIndex = position474, tokenIndex474 + goto l486 + l485: + position, tokenIndex = position485, tokenIndex485 } - l475: + l486: if buffer[position] != rune('{') { - goto l472 + goto l483 } position++ { - position476, tokenIndex476 := position, tokenIndex + position487, tokenIndex487 := position, tokenIndex if buffer[position] != rune('%') { - goto l476 + goto l487 } position++ - goto l477 - l476: - position, tokenIndex = position476, tokenIndex476 + goto l488 + l487: + position, tokenIndex = position487, tokenIndex487 } - l477: - l478: + l488: + l489: { - position479, tokenIndex479 := position, tokenIndex + position490, tokenIndex490 := position, tokenIndex { - position480, tokenIndex480 := position, tokenIndex + position491, tokenIndex491 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l481 + goto l492 } position++ - goto l480 - l481: - position, tokenIndex = position480, tokenIndex480 + goto l491 + l492: + position, tokenIndex = position491, tokenIndex491 if c := buffer[position]; c < rune('a') || c > rune('z') { - goto l479 + goto l490 } position++ } - l480: - goto l478 - l479: - position, tokenIndex = position479, tokenIndex479 + l491: + goto l489 + l490: + position, tokenIndex = position490, tokenIndex490 } if buffer[position] != rune('}') { - goto l472 + goto l483 } position++ - add(ruleAVX512Token, position473) + add(ruleAVX512Token, position484) } return true - l472: - position, tokenIndex = position472, tokenIndex472 + l483: + position, tokenIndex = position483, tokenIndex483 return false }, /* 38 TOCRefHigh <- <('.' 'T' 'O' 'C' '.' '-' (('0' 'b') / ('.' 'L' ([a-z] / [A-Z] / '_' / [0-9])+)) ('@' ('h' / 'H') ('a' / 'A')))> */ func() bool { - position482, tokenIndex482 := position, tokenIndex + position493, tokenIndex493 := position, tokenIndex { - position483 := position + position494 := position if buffer[position] != rune('.') { - goto l482 + goto l493 } position++ if buffer[position] != rune('T') { - goto l482 + goto l493 } position++ if buffer[position] != rune('O') { - goto l482 + goto l493 } position++ if buffer[position] != rune('C') { - goto l482 + goto l493 } position++ if buffer[position] != rune('.') { - goto l482 + goto l493 } position++ if buffer[position] != rune('-') { - goto l482 + goto l493 } position++ { - position484, tokenIndex484 := position, tokenIndex + position495, tokenIndex495 := position, tokenIndex if buffer[position] != rune('0') { - goto l485 + goto l496 } position++ if buffer[position] != rune('b') { - goto l485 + goto l496 } position++ - goto l484 - l485: - position, tokenIndex = position484, tokenIndex484 + goto l495 + l496: + position, tokenIndex = position495, tokenIndex495 if buffer[position] != rune('.') { - goto l482 + goto l493 } position++ if buffer[position] != rune('L') { - goto l482 + goto l493 } position++ { - position488, tokenIndex488 := position, tokenIndex + position499, tokenIndex499 := position, tokenIndex if c := buffer[position]; c < rune('a') || c > rune('z') { - goto l489 + goto l500 } position++ - goto l488 - l489: - position, tokenIndex = position488, tokenIndex488 + goto l499 + l500: + position, tokenIndex = position499, tokenIndex499 if c := buffer[position]; c < rune('A') || c > rune('Z') { - goto l490 + goto l501 } position++ - goto l488 - l490: - position, tokenIndex = position488, tokenIndex488 + goto l499 + l501: + position, tokenIndex = position499, tokenIndex499 if buffer[position] != rune('_') { - goto l491 + goto l502 } position++ - goto l488 - l491: - position, tokenIndex = position488, tokenIndex488 + goto l499 + l502: + position, tokenIndex = position499, tokenIndex499 if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l482 + goto l493 } position++ } - l488: - l486: + l499: + l497: { - position487, tokenIndex487 := position, tokenIndex + position498, tokenIndex498 := position, tokenIndex { - position492, tokenIndex492 := position, tokenIndex + position503, tokenIndex503 := position, tokenIndex if c := buffer[position]; c < rune('a') || c > rune('z') { - goto l493 + goto l504 } position++ - goto l492 - l493: - position, tokenIndex = position492, tokenIndex492 + goto l503 + l504: + position, tokenIndex = position503, tokenIndex503 if c := buffer[position]; c < rune('A') || c > rune('Z') { - goto l494 + goto l505 } position++ - goto l492 - l494: - position, tokenIndex = position492, tokenIndex492 + goto l503 + l505: + position, tokenIndex = position503, tokenIndex503 if buffer[position] != rune('_') { - goto l495 + goto l506 } position++ - goto l492 - l495: - position, tokenIndex = position492, tokenIndex492 + goto l503 + l506: + position, tokenIndex = position503, tokenIndex503 if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l487 + goto l498 } position++ } - l492: - goto l486 - l487: - position, tokenIndex = position487, tokenIndex487 + l503: + goto l497 + l498: + position, tokenIndex = position498, tokenIndex498 } } - l484: + l495: if buffer[position] != rune('@') { - goto l482 + goto l493 } position++ { - position496, tokenIndex496 := position, tokenIndex + position507, tokenIndex507 := position, tokenIndex if buffer[position] != rune('h') { - goto l497 + goto l508 } position++ - goto l496 - l497: - position, tokenIndex = position496, tokenIndex496 + goto l507 + l508: + position, tokenIndex = position507, tokenIndex507 if buffer[position] != rune('H') { - goto l482 + goto l493 } position++ } - l496: + l507: { - position498, tokenIndex498 := position, tokenIndex + position509, tokenIndex509 := position, tokenIndex if buffer[position] != rune('a') { - goto l499 + goto l510 } position++ - goto l498 - l499: - position, tokenIndex = position498, tokenIndex498 + goto l509 + l510: + position, tokenIndex = position509, tokenIndex509 if buffer[position] != rune('A') { - goto l482 + goto l493 } position++ } - l498: - add(ruleTOCRefHigh, position483) + l509: + add(ruleTOCRefHigh, position494) } return true - l482: - position, tokenIndex = position482, tokenIndex482 + l493: + position, tokenIndex = position493, tokenIndex493 return false }, /* 39 TOCRefLow <- <('.' 'T' 'O' 'C' '.' '-' (('0' 'b') / ('.' 'L' ([a-z] / [A-Z] / '_' / [0-9])+)) ('@' ('l' / 'L')))> */ func() bool { - position500, tokenIndex500 := position, tokenIndex + position511, tokenIndex511 := position, tokenIndex { - position501 := position + position512 := position if buffer[position] != rune('.') { - goto l500 + goto l511 } position++ if buffer[position] != rune('T') { - goto l500 + goto l511 } position++ if buffer[position] != rune('O') { - goto l500 + goto l511 } position++ if buffer[position] != rune('C') { - goto l500 + goto l511 } position++ if buffer[position] != rune('.') { - goto l500 + goto l511 } position++ if buffer[position] != rune('-') { - goto l500 + goto l511 } position++ { - position502, tokenIndex502 := position, tokenIndex + position513, tokenIndex513 := position, tokenIndex if buffer[position] != rune('0') { - goto l503 + goto l514 } position++ if buffer[position] != rune('b') { - goto l503 + goto l514 } position++ - goto l502 - l503: - position, tokenIndex = position502, tokenIndex502 + goto l513 + l514: + position, tokenIndex = position513, tokenIndex513 if buffer[position] != rune('.') { - goto l500 + goto l511 } position++ if buffer[position] != rune('L') { - goto l500 + goto l511 } position++ { - position506, tokenIndex506 := position, tokenIndex + position517, tokenIndex517 := position, tokenIndex if c := buffer[position]; c < rune('a') || c > rune('z') { - goto l507 + goto l518 } position++ - goto l506 - l507: - position, tokenIndex = position506, tokenIndex506 + goto l517 + l518: + position, tokenIndex = position517, tokenIndex517 if c := buffer[position]; c < rune('A') || c > rune('Z') { - goto l508 + goto l519 } position++ - goto l506 - l508: - position, tokenIndex = position506, tokenIndex506 + goto l517 + l519: + position, tokenIndex = position517, tokenIndex517 if buffer[position] != rune('_') { - goto l509 + goto l520 } position++ - goto l506 - l509: - position, tokenIndex = position506, tokenIndex506 + goto l517 + l520: + position, tokenIndex = position517, tokenIndex517 if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l500 + goto l511 } position++ } - l506: - l504: + l517: + l515: { - position505, tokenIndex505 := position, tokenIndex + position516, tokenIndex516 := position, tokenIndex { - position510, tokenIndex510 := position, tokenIndex + position521, tokenIndex521 := position, tokenIndex if c := buffer[position]; c < rune('a') || c > rune('z') { - goto l511 + goto l522 } position++ - goto l510 - l511: - position, tokenIndex = position510, tokenIndex510 + goto l521 + l522: + position, tokenIndex = position521, tokenIndex521 if c := buffer[position]; c < rune('A') || c > rune('Z') { - goto l512 + goto l523 } position++ - goto l510 - l512: - position, tokenIndex = position510, tokenIndex510 + goto l521 + l523: + position, tokenIndex = position521, tokenIndex521 if buffer[position] != rune('_') { - goto l513 + goto l524 } position++ - goto l510 - l513: - position, tokenIndex = position510, tokenIndex510 + goto l521 + l524: + position, tokenIndex = position521, tokenIndex521 if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l505 + goto l516 } position++ } - l510: - goto l504 - l505: - position, tokenIndex = position505, tokenIndex505 + l521: + goto l515 + l516: + position, tokenIndex = position516, tokenIndex516 } } - l502: + l513: if buffer[position] != rune('@') { - goto l500 + goto l511 } position++ { - position514, tokenIndex514 := position, tokenIndex + position525, tokenIndex525 := position, tokenIndex if buffer[position] != rune('l') { - goto l515 + goto l526 } position++ - goto l514 - l515: - position, tokenIndex = position514, tokenIndex514 + goto l525 + l526: + position, tokenIndex = position525, tokenIndex525 if buffer[position] != rune('L') { - goto l500 + goto l511 } position++ } - l514: - add(ruleTOCRefLow, position501) + l525: + add(ruleTOCRefLow, position512) } return true - l500: - position, tokenIndex = position500, tokenIndex500 + l511: + position, tokenIndex = position511, tokenIndex511 return false }, /* 40 IndirectionIndicator <- <'*'> */ func() bool { - position516, tokenIndex516 := position, tokenIndex + position527, tokenIndex527 := position, tokenIndex { - position517 := position + position528 := position if buffer[position] != rune('*') { - goto l516 + goto l527 } position++ - add(ruleIndirectionIndicator, position517) + add(ruleIndirectionIndicator, position528) } return true - l516: - position, tokenIndex = position516, tokenIndex516 + l527: + position, tokenIndex = position527, tokenIndex527 return false }, /* 41 RegisterOrConstant <- <((('%' ([a-z] / [A-Z]) ([a-z] / [A-Z] / ([0-9] / [0-9]))*) / ('$'? ((Offset Offset) / Offset)) / ('#' Offset ('*' [0-9]+ ('-' [0-9] [0-9]*)?)?) / ('#' '~'? '(' [0-9] WS? ('<' '<') WS? [0-9] ')') / ARMRegister) !('f' / 'b' / ':' / '(' / '+' / '-'))> */ func() bool { - position518, tokenIndex518 := position, tokenIndex + position529, tokenIndex529 := position, tokenIndex { - position519 := position + position530 := position { - position520, tokenIndex520 := position, tokenIndex + position531, tokenIndex531 := position, tokenIndex if buffer[position] != rune('%') { - goto l521 + goto l532 } position++ { - position522, tokenIndex522 := position, tokenIndex + position533, tokenIndex533 := position, tokenIndex if c := buffer[position]; c < rune('a') || c > rune('z') { - goto l523 + goto l534 } position++ - goto l522 - l523: - position, tokenIndex = position522, tokenIndex522 + goto l533 + l534: + position, tokenIndex = position533, tokenIndex533 if c := buffer[position]; c < rune('A') || c > rune('Z') { - goto l521 + goto l532 } position++ } - l522: - l524: + l533: + l535: { - position525, tokenIndex525 := position, tokenIndex + position536, tokenIndex536 := position, tokenIndex { - position526, tokenIndex526 := position, tokenIndex + position537, tokenIndex537 := position, tokenIndex if c := buffer[position]; c < rune('a') || c > rune('z') { - goto l527 + goto l538 } position++ - goto l526 - l527: - position, tokenIndex = position526, tokenIndex526 + goto l537 + l538: + position, tokenIndex = position537, tokenIndex537 if c := buffer[position]; c < rune('A') || c > rune('Z') { - goto l528 + goto l539 } position++ - goto l526 - l528: - position, tokenIndex = position526, tokenIndex526 + goto l537 + l539: + position, tokenIndex = position537, tokenIndex537 { - position529, tokenIndex529 := position, tokenIndex + position540, tokenIndex540 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l530 + goto l541 } position++ - goto l529 - l530: - position, tokenIndex = position529, tokenIndex529 + goto l540 + l541: + position, tokenIndex = position540, tokenIndex540 if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l525 + goto l536 } position++ } - l529: + l540: } - l526: - goto l524 - l525: - position, tokenIndex = position525, tokenIndex525 + l537: + goto l535 + l536: + position, tokenIndex = position536, tokenIndex536 } - goto l520 - l521: - position, tokenIndex = position520, tokenIndex520 + goto l531 + l532: + position, tokenIndex = position531, tokenIndex531 { - position532, tokenIndex532 := position, tokenIndex + position543, tokenIndex543 := position, tokenIndex if buffer[position] != rune('$') { - goto l532 + goto l543 } position++ - goto l533 - l532: - position, tokenIndex = position532, tokenIndex532 + goto l544 + l543: + position, tokenIndex = position543, tokenIndex543 } - l533: + l544: { - position534, tokenIndex534 := position, tokenIndex + position545, tokenIndex545 := position, tokenIndex if !_rules[ruleOffset]() { - goto l535 + goto l546 } if !_rules[ruleOffset]() { - goto l535 + goto l546 } - goto l534 - l535: - position, tokenIndex = position534, tokenIndex534 + goto l545 + l546: + position, tokenIndex = position545, tokenIndex545 if !_rules[ruleOffset]() { - goto l531 + goto l542 } } - l534: - goto l520 - l531: - position, tokenIndex = position520, tokenIndex520 + l545: + goto l531 + l542: + position, tokenIndex = position531, tokenIndex531 if buffer[position] != rune('#') { - goto l536 + goto l547 } position++ if !_rules[ruleOffset]() { - goto l536 + goto l547 } { - position537, tokenIndex537 := position, tokenIndex + position548, tokenIndex548 := position, tokenIndex if buffer[position] != rune('*') { - goto l537 + goto l548 } position++ if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l537 + goto l548 } position++ - l539: + l550: { - position540, tokenIndex540 := position, tokenIndex + position551, tokenIndex551 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l540 + goto l551 } position++ - goto l539 - l540: - position, tokenIndex = position540, tokenIndex540 + goto l550 + l551: + position, tokenIndex = position551, tokenIndex551 } { - position541, tokenIndex541 := position, tokenIndex + position552, tokenIndex552 := position, tokenIndex if buffer[position] != rune('-') { - goto l541 + goto l552 } position++ if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l541 + goto l552 } position++ - l543: + l554: { - position544, tokenIndex544 := position, tokenIndex + position555, tokenIndex555 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l544 + goto l555 } position++ - goto l543 - l544: - position, tokenIndex = position544, tokenIndex544 + goto l554 + l555: + position, tokenIndex = position555, tokenIndex555 } - goto l542 - l541: - position, tokenIndex = position541, tokenIndex541 + goto l553 + l552: + position, tokenIndex = position552, tokenIndex552 } - l542: - goto l538 - l537: - position, tokenIndex = position537, tokenIndex537 + l553: + goto l549 + l548: + position, tokenIndex = position548, tokenIndex548 } - l538: - goto l520 - l536: - position, tokenIndex = position520, tokenIndex520 + l549: + goto l531 + l547: + position, tokenIndex = position531, tokenIndex531 if buffer[position] != rune('#') { - goto l545 + goto l556 } position++ { - position546, tokenIndex546 := position, tokenIndex + position557, tokenIndex557 := position, tokenIndex if buffer[position] != rune('~') { - goto l546 + goto l557 } position++ - goto l547 - l546: - position, tokenIndex = position546, tokenIndex546 + goto l558 + l557: + position, tokenIndex = position557, tokenIndex557 } - l547: + l558: if buffer[position] != rune('(') { - goto l545 + goto l556 } position++ if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l545 + goto l556 } position++ { - position548, tokenIndex548 := position, tokenIndex + position559, tokenIndex559 := position, tokenIndex if !_rules[ruleWS]() { - goto l548 + goto l559 } - goto l549 - l548: - position, tokenIndex = position548, tokenIndex548 + goto l560 + l559: + position, tokenIndex = position559, tokenIndex559 } - l549: + l560: if buffer[position] != rune('<') { - goto l545 + goto l556 } position++ if buffer[position] != rune('<') { - goto l545 + goto l556 } position++ { - position550, tokenIndex550 := position, tokenIndex + position561, tokenIndex561 := position, tokenIndex if !_rules[ruleWS]() { - goto l550 + goto l561 } - goto l551 - l550: - position, tokenIndex = position550, tokenIndex550 + goto l562 + l561: + position, tokenIndex = position561, tokenIndex561 } - l551: + l562: if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l545 + goto l556 } position++ if buffer[position] != rune(')') { - goto l545 + goto l556 } position++ - goto l520 - l545: - position, tokenIndex = position520, tokenIndex520 + goto l531 + l556: + position, tokenIndex = position531, tokenIndex531 if !_rules[ruleARMRegister]() { - goto l518 + goto l529 } } - l520: + l531: { - position552, tokenIndex552 := position, tokenIndex + position563, tokenIndex563 := position, tokenIndex { - position553, tokenIndex553 := position, tokenIndex + position564, tokenIndex564 := position, tokenIndex if buffer[position] != rune('f') { - goto l554 + goto l565 } position++ - goto l553 - l554: - position, tokenIndex = position553, tokenIndex553 + goto l564 + l565: + position, tokenIndex = position564, tokenIndex564 if buffer[position] != rune('b') { - goto l555 + goto l566 } position++ - goto l553 - l555: - position, tokenIndex = position553, tokenIndex553 + goto l564 + l566: + position, tokenIndex = position564, tokenIndex564 if buffer[position] != rune(':') { - goto l556 + goto l567 } position++ - goto l553 - l556: - position, tokenIndex = position553, tokenIndex553 + goto l564 + l567: + position, tokenIndex = position564, tokenIndex564 if buffer[position] != rune('(') { - goto l557 + goto l568 } position++ - goto l553 - l557: - position, tokenIndex = position553, tokenIndex553 + goto l564 + l568: + position, tokenIndex = position564, tokenIndex564 if buffer[position] != rune('+') { - goto l558 + goto l569 } position++ - goto l553 - l558: - position, tokenIndex = position553, tokenIndex553 + goto l564 + l569: + position, tokenIndex = position564, tokenIndex564 if buffer[position] != rune('-') { - goto l552 + goto l563 } position++ } - l553: - goto l518 - l552: - position, tokenIndex = position552, tokenIndex552 + l564: + goto l529 + l563: + position, tokenIndex = position563, tokenIndex563 } - add(ruleRegisterOrConstant, position519) + add(ruleRegisterOrConstant, position530) } return true - l518: - position, tokenIndex = position518, tokenIndex518 + l529: + position, tokenIndex = position529, tokenIndex529 return false }, /* 42 ARMConstantTweak <- <(((('u' / 's') (('x' / 'X') ('t' / 'T')) ('x' / 'w' / 'h' / 'b')) / (('l' / 'L') ('s' / 'S') ('l' / 'L')) / (('l' / 'L') ('s' / 'S') ('r' / 'R')) / (('r' / 'R') ('o' / 'O') ('r' / 'R')) / (('a' / 'A') ('s' / 'S') ('r' / 'R'))) (WS '#' Offset)?)> */ func() bool { - position559, tokenIndex559 := position, tokenIndex + position570, tokenIndex570 := position, tokenIndex { - position560 := position + position571 := position { - position561, tokenIndex561 := position, tokenIndex + position572, tokenIndex572 := position, tokenIndex { - position563, tokenIndex563 := position, tokenIndex + position574, tokenIndex574 := position, tokenIndex if buffer[position] != rune('u') { - goto l564 + goto l575 } position++ - goto l563 - l564: - position, tokenIndex = position563, tokenIndex563 + goto l574 + l575: + position, tokenIndex = position574, tokenIndex574 if buffer[position] != rune('s') { - goto l562 + goto l573 } position++ } - l563: + l574: { - position565, tokenIndex565 := position, tokenIndex + position576, tokenIndex576 := position, tokenIndex if buffer[position] != rune('x') { - goto l566 + goto l577 } position++ - goto l565 - l566: - position, tokenIndex = position565, tokenIndex565 + goto l576 + l577: + position, tokenIndex = position576, tokenIndex576 if buffer[position] != rune('X') { - goto l562 + goto l573 } position++ } - l565: + l576: { - position567, tokenIndex567 := position, tokenIndex + position578, tokenIndex578 := position, tokenIndex if buffer[position] != rune('t') { - goto l568 + goto l579 } position++ - goto l567 - l568: - position, tokenIndex = position567, tokenIndex567 + goto l578 + l579: + position, tokenIndex = position578, tokenIndex578 if buffer[position] != rune('T') { - goto l562 + goto l573 } position++ } - l567: + l578: { - position569, tokenIndex569 := position, tokenIndex + position580, tokenIndex580 := position, tokenIndex if buffer[position] != rune('x') { - goto l570 + goto l581 } position++ - goto l569 - l570: - position, tokenIndex = position569, tokenIndex569 + goto l580 + l581: + position, tokenIndex = position580, tokenIndex580 if buffer[position] != rune('w') { - goto l571 + goto l582 } position++ - goto l569 - l571: - position, tokenIndex = position569, tokenIndex569 + goto l580 + l582: + position, tokenIndex = position580, tokenIndex580 if buffer[position] != rune('h') { - goto l572 + goto l583 } position++ - goto l569 - l572: - position, tokenIndex = position569, tokenIndex569 + goto l580 + l583: + position, tokenIndex = position580, tokenIndex580 if buffer[position] != rune('b') { - goto l562 + goto l573 } position++ } - l569: - goto l561 - l562: - position, tokenIndex = position561, tokenIndex561 + l580: + goto l572 + l573: + position, tokenIndex = position572, tokenIndex572 { - position574, tokenIndex574 := position, tokenIndex + position585, tokenIndex585 := position, tokenIndex if buffer[position] != rune('l') { - goto l575 + goto l586 } position++ - goto l574 - l575: - position, tokenIndex = position574, tokenIndex574 + goto l585 + l586: + position, tokenIndex = position585, tokenIndex585 if buffer[position] != rune('L') { - goto l573 + goto l584 } position++ } - l574: + l585: { - position576, tokenIndex576 := position, tokenIndex + position587, tokenIndex587 := position, tokenIndex if buffer[position] != rune('s') { - goto l577 + goto l588 } position++ - goto l576 - l577: - position, tokenIndex = position576, tokenIndex576 + goto l587 + l588: + position, tokenIndex = position587, tokenIndex587 if buffer[position] != rune('S') { - goto l573 + goto l584 } position++ } - l576: + l587: { - position578, tokenIndex578 := position, tokenIndex + position589, tokenIndex589 := position, tokenIndex if buffer[position] != rune('l') { - goto l579 + goto l590 } position++ - goto l578 - l579: - position, tokenIndex = position578, tokenIndex578 + goto l589 + l590: + position, tokenIndex = position589, tokenIndex589 if buffer[position] != rune('L') { - goto l573 + goto l584 } position++ } - l578: - goto l561 - l573: - position, tokenIndex = position561, tokenIndex561 + l589: + goto l572 + l584: + position, tokenIndex = position572, tokenIndex572 { - position581, tokenIndex581 := position, tokenIndex + position592, tokenIndex592 := position, tokenIndex if buffer[position] != rune('l') { - goto l582 + goto l593 } position++ - goto l581 - l582: - position, tokenIndex = position581, tokenIndex581 + goto l592 + l593: + position, tokenIndex = position592, tokenIndex592 if buffer[position] != rune('L') { - goto l580 + goto l591 } position++ } - l581: + l592: { - position583, tokenIndex583 := position, tokenIndex + position594, tokenIndex594 := position, tokenIndex if buffer[position] != rune('s') { - goto l584 + goto l595 } position++ - goto l583 - l584: - position, tokenIndex = position583, tokenIndex583 + goto l594 + l595: + position, tokenIndex = position594, tokenIndex594 if buffer[position] != rune('S') { - goto l580 + goto l591 } position++ } - l583: + l594: { - position585, tokenIndex585 := position, tokenIndex + position596, tokenIndex596 := position, tokenIndex if buffer[position] != rune('r') { - goto l586 + goto l597 } position++ - goto l585 - l586: - position, tokenIndex = position585, tokenIndex585 + goto l596 + l597: + position, tokenIndex = position596, tokenIndex596 if buffer[position] != rune('R') { - goto l580 + goto l591 } position++ } - l585: - goto l561 - l580: - position, tokenIndex = position561, tokenIndex561 + l596: + goto l572 + l591: + position, tokenIndex = position572, tokenIndex572 { - position588, tokenIndex588 := position, tokenIndex + position599, tokenIndex599 := position, tokenIndex if buffer[position] != rune('r') { - goto l589 + goto l600 } position++ - goto l588 - l589: - position, tokenIndex = position588, tokenIndex588 + goto l599 + l600: + position, tokenIndex = position599, tokenIndex599 if buffer[position] != rune('R') { - goto l587 + goto l598 } position++ } - l588: + l599: { - position590, tokenIndex590 := position, tokenIndex + position601, tokenIndex601 := position, tokenIndex if buffer[position] != rune('o') { - goto l591 + goto l602 } position++ - goto l590 - l591: - position, tokenIndex = position590, tokenIndex590 + goto l601 + l602: + position, tokenIndex = position601, tokenIndex601 if buffer[position] != rune('O') { - goto l587 + goto l598 } position++ } - l590: + l601: { - position592, tokenIndex592 := position, tokenIndex + position603, tokenIndex603 := position, tokenIndex if buffer[position] != rune('r') { - goto l593 + goto l604 } position++ - goto l592 - l593: - position, tokenIndex = position592, tokenIndex592 + goto l603 + l604: + position, tokenIndex = position603, tokenIndex603 if buffer[position] != rune('R') { - goto l587 + goto l598 } position++ } - l592: - goto l561 - l587: - position, tokenIndex = position561, tokenIndex561 + l603: + goto l572 + l598: + position, tokenIndex = position572, tokenIndex572 { - position594, tokenIndex594 := position, tokenIndex + position605, tokenIndex605 := position, tokenIndex if buffer[position] != rune('a') { - goto l595 + goto l606 } position++ - goto l594 - l595: - position, tokenIndex = position594, tokenIndex594 + goto l605 + l606: + position, tokenIndex = position605, tokenIndex605 if buffer[position] != rune('A') { - goto l559 + goto l570 } position++ } - l594: + l605: { - position596, tokenIndex596 := position, tokenIndex + position607, tokenIndex607 := position, tokenIndex if buffer[position] != rune('s') { - goto l597 + goto l608 } position++ - goto l596 - l597: - position, tokenIndex = position596, tokenIndex596 + goto l607 + l608: + position, tokenIndex = position607, tokenIndex607 if buffer[position] != rune('S') { - goto l559 + goto l570 } position++ } - l596: + l607: { - position598, tokenIndex598 := position, tokenIndex + position609, tokenIndex609 := position, tokenIndex if buffer[position] != rune('r') { - goto l599 + goto l610 } position++ - goto l598 - l599: - position, tokenIndex = position598, tokenIndex598 + goto l609 + l610: + position, tokenIndex = position609, tokenIndex609 if buffer[position] != rune('R') { - goto l559 + goto l570 } position++ } - l598: + l609: } - l561: + l572: { - position600, tokenIndex600 := position, tokenIndex + position611, tokenIndex611 := position, tokenIndex if !_rules[ruleWS]() { - goto l600 + goto l611 } if buffer[position] != rune('#') { - goto l600 + goto l611 } position++ if !_rules[ruleOffset]() { - goto l600 + goto l611 } - goto l601 - l600: - position, tokenIndex = position600, tokenIndex600 + goto l612 + l611: + position, tokenIndex = position611, tokenIndex611 } - l601: - add(ruleARMConstantTweak, position560) + l612: + add(ruleARMConstantTweak, position571) } return true - l559: - position, tokenIndex = position559, tokenIndex559 + l570: + position, tokenIndex = position570, tokenIndex570 return false }, /* 43 ARMRegister <- <((('s' / 'S') ('p' / 'P')) / (('x' / 'w' / 'd' / 'q' / 's' / 'h' / 'b') [0-9] [0-9]?) / (('x' / 'X') ('z' / 'Z') ('r' / 'R')) / (('w' / 'W') ('z' / 'Z') ('r' / 'R')) / (('n' / 'N') ('z' / 'Z') ('c' / 'C') ('v' / 'V')) / ARMVectorRegister / ('{' WS? ARMVectorRegister (',' WS? ARMVectorRegister)* WS? '}' ('[' [0-9] [0-9]? ']')?))> */ func() bool { - position602, tokenIndex602 := position, tokenIndex + position613, tokenIndex613 := position, tokenIndex { - position603 := position + position614 := position { - position604, tokenIndex604 := position, tokenIndex + position615, tokenIndex615 := position, tokenIndex { - position606, tokenIndex606 := position, tokenIndex + position617, tokenIndex617 := position, tokenIndex if buffer[position] != rune('s') { - goto l607 + goto l618 } position++ - goto l606 - l607: - position, tokenIndex = position606, tokenIndex606 + goto l617 + l618: + position, tokenIndex = position617, tokenIndex617 if buffer[position] != rune('S') { - goto l605 + goto l616 } position++ } - l606: + l617: { - position608, tokenIndex608 := position, tokenIndex + position619, tokenIndex619 := position, tokenIndex if buffer[position] != rune('p') { - goto l609 + goto l620 } position++ - goto l608 - l609: - position, tokenIndex = position608, tokenIndex608 + goto l619 + l620: + position, tokenIndex = position619, tokenIndex619 if buffer[position] != rune('P') { - goto l605 + goto l616 } position++ } - l608: - goto l604 - l605: - position, tokenIndex = position604, tokenIndex604 + l619: + goto l615 + l616: + position, tokenIndex = position615, tokenIndex615 { - position611, tokenIndex611 := position, tokenIndex + position622, tokenIndex622 := position, tokenIndex if buffer[position] != rune('x') { - goto l612 + goto l623 } position++ - goto l611 - l612: - position, tokenIndex = position611, tokenIndex611 + goto l622 + l623: + position, tokenIndex = position622, tokenIndex622 if buffer[position] != rune('w') { - goto l613 + goto l624 } position++ - goto l611 - l613: - position, tokenIndex = position611, tokenIndex611 + goto l622 + l624: + position, tokenIndex = position622, tokenIndex622 if buffer[position] != rune('d') { - goto l614 + goto l625 } position++ - goto l611 - l614: - position, tokenIndex = position611, tokenIndex611 + goto l622 + l625: + position, tokenIndex = position622, tokenIndex622 if buffer[position] != rune('q') { - goto l615 + goto l626 } position++ - goto l611 - l615: - position, tokenIndex = position611, tokenIndex611 + goto l622 + l626: + position, tokenIndex = position622, tokenIndex622 if buffer[position] != rune('s') { - goto l616 + goto l627 } position++ - goto l611 - l616: - position, tokenIndex = position611, tokenIndex611 + goto l622 + l627: + position, tokenIndex = position622, tokenIndex622 if buffer[position] != rune('h') { - goto l617 + goto l628 } position++ - goto l611 - l617: - position, tokenIndex = position611, tokenIndex611 + goto l622 + l628: + position, tokenIndex = position622, tokenIndex622 if buffer[position] != rune('b') { - goto l610 + goto l621 } position++ } - l611: + l622: if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l610 + goto l621 } position++ { - position618, tokenIndex618 := position, tokenIndex + position629, tokenIndex629 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l618 + goto l629 } position++ - goto l619 - l618: - position, tokenIndex = position618, tokenIndex618 + goto l630 + l629: + position, tokenIndex = position629, tokenIndex629 } - l619: - goto l604 - l610: - position, tokenIndex = position604, tokenIndex604 + l630: + goto l615 + l621: + position, tokenIndex = position615, tokenIndex615 { - position621, tokenIndex621 := position, tokenIndex + position632, tokenIndex632 := position, tokenIndex if buffer[position] != rune('x') { - goto l622 + goto l633 } position++ - goto l621 - l622: - position, tokenIndex = position621, tokenIndex621 + goto l632 + l633: + position, tokenIndex = position632, tokenIndex632 if buffer[position] != rune('X') { - goto l620 + goto l631 } position++ } - l621: + l632: { - position623, tokenIndex623 := position, tokenIndex + position634, tokenIndex634 := position, tokenIndex if buffer[position] != rune('z') { - goto l624 + goto l635 } position++ - goto l623 - l624: - position, tokenIndex = position623, tokenIndex623 + goto l634 + l635: + position, tokenIndex = position634, tokenIndex634 if buffer[position] != rune('Z') { - goto l620 + goto l631 } position++ } - l623: + l634: { - position625, tokenIndex625 := position, tokenIndex + position636, tokenIndex636 := position, tokenIndex if buffer[position] != rune('r') { - goto l626 + goto l637 } position++ - goto l625 - l626: - position, tokenIndex = position625, tokenIndex625 + goto l636 + l637: + position, tokenIndex = position636, tokenIndex636 if buffer[position] != rune('R') { - goto l620 + goto l631 } position++ } - l625: - goto l604 - l620: - position, tokenIndex = position604, tokenIndex604 + l636: + goto l615 + l631: + position, tokenIndex = position615, tokenIndex615 { - position628, tokenIndex628 := position, tokenIndex + position639, tokenIndex639 := position, tokenIndex if buffer[position] != rune('w') { - goto l629 + goto l640 } position++ - goto l628 - l629: - position, tokenIndex = position628, tokenIndex628 + goto l639 + l640: + position, tokenIndex = position639, tokenIndex639 if buffer[position] != rune('W') { - goto l627 + goto l638 } position++ } - l628: + l639: { - position630, tokenIndex630 := position, tokenIndex + position641, tokenIndex641 := position, tokenIndex if buffer[position] != rune('z') { - goto l631 + goto l642 } position++ - goto l630 - l631: - position, tokenIndex = position630, tokenIndex630 + goto l641 + l642: + position, tokenIndex = position641, tokenIndex641 if buffer[position] != rune('Z') { - goto l627 + goto l638 } position++ } - l630: + l641: { - position632, tokenIndex632 := position, tokenIndex + position643, tokenIndex643 := position, tokenIndex if buffer[position] != rune('r') { - goto l633 + goto l644 } position++ - goto l632 - l633: - position, tokenIndex = position632, tokenIndex632 + goto l643 + l644: + position, tokenIndex = position643, tokenIndex643 if buffer[position] != rune('R') { - goto l627 + goto l638 } position++ } - l632: - goto l604 - l627: - position, tokenIndex = position604, tokenIndex604 + l643: + goto l615 + l638: + position, tokenIndex = position615, tokenIndex615 { - position635, tokenIndex635 := position, tokenIndex + position646, tokenIndex646 := position, tokenIndex if buffer[position] != rune('n') { - goto l636 + goto l647 } position++ - goto l635 - l636: - position, tokenIndex = position635, tokenIndex635 + goto l646 + l647: + position, tokenIndex = position646, tokenIndex646 if buffer[position] != rune('N') { - goto l634 + goto l645 } position++ } - l635: + l646: { - position637, tokenIndex637 := position, tokenIndex + position648, tokenIndex648 := position, tokenIndex if buffer[position] != rune('z') { - goto l638 + goto l649 } position++ - goto l637 - l638: - position, tokenIndex = position637, tokenIndex637 + goto l648 + l649: + position, tokenIndex = position648, tokenIndex648 if buffer[position] != rune('Z') { - goto l634 + goto l645 } position++ } - l637: + l648: { - position639, tokenIndex639 := position, tokenIndex + position650, tokenIndex650 := position, tokenIndex if buffer[position] != rune('c') { - goto l640 + goto l651 } position++ - goto l639 - l640: - position, tokenIndex = position639, tokenIndex639 + goto l650 + l651: + position, tokenIndex = position650, tokenIndex650 if buffer[position] != rune('C') { - goto l634 + goto l645 } position++ } - l639: + l650: { - position641, tokenIndex641 := position, tokenIndex + position652, tokenIndex652 := position, tokenIndex if buffer[position] != rune('v') { - goto l642 + goto l653 } position++ - goto l641 - l642: - position, tokenIndex = position641, tokenIndex641 + goto l652 + l653: + position, tokenIndex = position652, tokenIndex652 if buffer[position] != rune('V') { - goto l634 + goto l645 } position++ } - l641: - goto l604 - l634: - position, tokenIndex = position604, tokenIndex604 + l652: + goto l615 + l645: + position, tokenIndex = position615, tokenIndex615 if !_rules[ruleARMVectorRegister]() { - goto l643 + goto l654 } - goto l604 - l643: - position, tokenIndex = position604, tokenIndex604 + goto l615 + l654: + position, tokenIndex = position615, tokenIndex615 if buffer[position] != rune('{') { - goto l602 + goto l613 } position++ { - position644, tokenIndex644 := position, tokenIndex + position655, tokenIndex655 := position, tokenIndex if !_rules[ruleWS]() { - goto l644 + goto l655 } - goto l645 - l644: - position, tokenIndex = position644, tokenIndex644 + goto l656 + l655: + position, tokenIndex = position655, tokenIndex655 } - l645: + l656: if !_rules[ruleARMVectorRegister]() { - goto l602 + goto l613 } - l646: + l657: { - position647, tokenIndex647 := position, tokenIndex + position658, tokenIndex658 := position, tokenIndex if buffer[position] != rune(',') { - goto l647 + goto l658 } position++ { - position648, tokenIndex648 := position, tokenIndex + position659, tokenIndex659 := position, tokenIndex if !_rules[ruleWS]() { - goto l648 + goto l659 } - goto l649 - l648: - position, tokenIndex = position648, tokenIndex648 + goto l660 + l659: + position, tokenIndex = position659, tokenIndex659 } - l649: + l660: if !_rules[ruleARMVectorRegister]() { - goto l647 + goto l658 } - goto l646 - l647: - position, tokenIndex = position647, tokenIndex647 + goto l657 + l658: + position, tokenIndex = position658, tokenIndex658 } { - position650, tokenIndex650 := position, tokenIndex + position661, tokenIndex661 := position, tokenIndex if !_rules[ruleWS]() { - goto l650 + goto l661 } - goto l651 - l650: - position, tokenIndex = position650, tokenIndex650 + goto l662 + l661: + position, tokenIndex = position661, tokenIndex661 } - l651: + l662: if buffer[position] != rune('}') { - goto l602 + goto l613 } position++ { - position652, tokenIndex652 := position, tokenIndex + position663, tokenIndex663 := position, tokenIndex if buffer[position] != rune('[') { - goto l652 + goto l663 } position++ if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l652 + goto l663 } position++ { - position654, tokenIndex654 := position, tokenIndex + position665, tokenIndex665 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l654 + goto l665 } position++ - goto l655 - l654: - position, tokenIndex = position654, tokenIndex654 + goto l666 + l665: + position, tokenIndex = position665, tokenIndex665 } - l655: + l666: if buffer[position] != rune(']') { - goto l652 + goto l663 } position++ - goto l653 - l652: - position, tokenIndex = position652, tokenIndex652 + goto l664 + l663: + position, tokenIndex = position663, tokenIndex663 } - l653: + l664: } - l604: - add(ruleARMRegister, position603) + l615: + add(ruleARMRegister, position614) } return true - l602: - position, tokenIndex = position602, tokenIndex602 + l613: + position, tokenIndex = position613, tokenIndex613 return false }, /* 44 ARMVectorRegister <- <(('v' / 'V') [0-9] [0-9]? ('.' [0-9]* ('b' / 's' / 'd' / 'h' / 'q') ('[' [0-9] [0-9]? ']')?)?)> */ func() bool { - position656, tokenIndex656 := position, tokenIndex + position667, tokenIndex667 := position, tokenIndex { - position657 := position + position668 := position { - position658, tokenIndex658 := position, tokenIndex + position669, tokenIndex669 := position, tokenIndex if buffer[position] != rune('v') { - goto l659 + goto l670 } position++ - goto l658 - l659: - position, tokenIndex = position658, tokenIndex658 + goto l669 + l670: + position, tokenIndex = position669, tokenIndex669 if buffer[position] != rune('V') { - goto l656 + goto l667 } position++ } - l658: + l669: if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l656 + goto l667 } position++ { - position660, tokenIndex660 := position, tokenIndex + position671, tokenIndex671 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l660 + goto l671 } position++ - goto l661 - l660: - position, tokenIndex = position660, tokenIndex660 + goto l672 + l671: + position, tokenIndex = position671, tokenIndex671 } - l661: + l672: { - position662, tokenIndex662 := position, tokenIndex + position673, tokenIndex673 := position, tokenIndex if buffer[position] != rune('.') { - goto l662 + goto l673 } position++ - l664: + l675: { - position665, tokenIndex665 := position, tokenIndex + position676, tokenIndex676 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l665 + goto l676 } position++ - goto l664 - l665: - position, tokenIndex = position665, tokenIndex665 + goto l675 + l676: + position, tokenIndex = position676, tokenIndex676 } { - position666, tokenIndex666 := position, tokenIndex + position677, tokenIndex677 := position, tokenIndex if buffer[position] != rune('b') { - goto l667 + goto l678 } position++ - goto l666 - l667: - position, tokenIndex = position666, tokenIndex666 + goto l677 + l678: + position, tokenIndex = position677, tokenIndex677 if buffer[position] != rune('s') { - goto l668 + goto l679 } position++ - goto l666 - l668: - position, tokenIndex = position666, tokenIndex666 + goto l677 + l679: + position, tokenIndex = position677, tokenIndex677 if buffer[position] != rune('d') { - goto l669 + goto l680 } position++ - goto l666 - l669: - position, tokenIndex = position666, tokenIndex666 + goto l677 + l680: + position, tokenIndex = position677, tokenIndex677 if buffer[position] != rune('h') { - goto l670 + goto l681 } position++ - goto l666 - l670: - position, tokenIndex = position666, tokenIndex666 + goto l677 + l681: + position, tokenIndex = position677, tokenIndex677 if buffer[position] != rune('q') { - goto l662 + goto l673 } position++ } - l666: + l677: { - position671, tokenIndex671 := position, tokenIndex + position682, tokenIndex682 := position, tokenIndex if buffer[position] != rune('[') { - goto l671 + goto l682 } position++ if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l671 + goto l682 } position++ { - position673, tokenIndex673 := position, tokenIndex + position684, tokenIndex684 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l673 + goto l684 } position++ - goto l674 - l673: - position, tokenIndex = position673, tokenIndex673 + goto l685 + l684: + position, tokenIndex = position684, tokenIndex684 } - l674: + l685: if buffer[position] != rune(']') { - goto l671 + goto l682 } position++ - goto l672 - l671: - position, tokenIndex = position671, tokenIndex671 + goto l683 + l682: + position, tokenIndex = position682, tokenIndex682 } - l672: - goto l663 - l662: - position, tokenIndex = position662, tokenIndex662 + l683: + goto l674 + l673: + position, tokenIndex = position673, tokenIndex673 } - l663: - add(ruleARMVectorRegister, position657) + l674: + add(ruleARMVectorRegister, position668) } return true - l656: - position, tokenIndex = position656, tokenIndex656 + l667: + position, tokenIndex = position667, tokenIndex667 return false }, /* 45 MemoryRef <- <((SymbolRef BaseIndexScale) / SymbolRef / Low12BitsSymbolRef / (Offset* BaseIndexScale) / (SegmentRegister Offset BaseIndexScale) / (SegmentRegister BaseIndexScale) / (SegmentRegister Offset) / ARMBaseIndexScale / BaseIndexScale)> */ func() bool { - position675, tokenIndex675 := position, tokenIndex + position686, tokenIndex686 := position, tokenIndex { - position676 := position + position687 := position { - position677, tokenIndex677 := position, tokenIndex + position688, tokenIndex688 := position, tokenIndex if !_rules[ruleSymbolRef]() { - goto l678 + goto l689 } if !_rules[ruleBaseIndexScale]() { - goto l678 + goto l689 } - goto l677 - l678: - position, tokenIndex = position677, tokenIndex677 + goto l688 + l689: + position, tokenIndex = position688, tokenIndex688 if !_rules[ruleSymbolRef]() { - goto l679 + goto l690 } - goto l677 - l679: - position, tokenIndex = position677, tokenIndex677 + goto l688 + l690: + position, tokenIndex = position688, tokenIndex688 if !_rules[ruleLow12BitsSymbolRef]() { - goto l680 + goto l691 } - goto l677 - l680: - position, tokenIndex = position677, tokenIndex677 - l682: + goto l688 + l691: + position, tokenIndex = position688, tokenIndex688 + l693: { - position683, tokenIndex683 := position, tokenIndex + position694, tokenIndex694 := position, tokenIndex if !_rules[ruleOffset]() { - goto l683 + goto l694 } - goto l682 - l683: - position, tokenIndex = position683, tokenIndex683 + goto l693 + l694: + position, tokenIndex = position694, tokenIndex694 } if !_rules[ruleBaseIndexScale]() { - goto l681 + goto l692 } - goto l677 - l681: - position, tokenIndex = position677, tokenIndex677 + goto l688 + l692: + position, tokenIndex = position688, tokenIndex688 if !_rules[ruleSegmentRegister]() { - goto l684 + goto l695 } if !_rules[ruleOffset]() { - goto l684 + goto l695 } if !_rules[ruleBaseIndexScale]() { - goto l684 + goto l695 } - goto l677 - l684: - position, tokenIndex = position677, tokenIndex677 + goto l688 + l695: + position, tokenIndex = position688, tokenIndex688 if !_rules[ruleSegmentRegister]() { - goto l685 + goto l696 } if !_rules[ruleBaseIndexScale]() { - goto l685 + goto l696 } - goto l677 - l685: - position, tokenIndex = position677, tokenIndex677 + goto l688 + l696: + position, tokenIndex = position688, tokenIndex688 if !_rules[ruleSegmentRegister]() { - goto l686 + goto l697 } if !_rules[ruleOffset]() { - goto l686 + goto l697 } - goto l677 - l686: - position, tokenIndex = position677, tokenIndex677 + goto l688 + l697: + position, tokenIndex = position688, tokenIndex688 if !_rules[ruleARMBaseIndexScale]() { - goto l687 + goto l698 } - goto l677 - l687: - position, tokenIndex = position677, tokenIndex677 + goto l688 + l698: + position, tokenIndex = position688, tokenIndex688 if !_rules[ruleBaseIndexScale]() { - goto l675 + goto l686 } } - l677: - add(ruleMemoryRef, position676) + l688: + add(ruleMemoryRef, position687) } return true - l675: - position, tokenIndex = position675, tokenIndex675 + l686: + position, tokenIndex = position686, tokenIndex686 return false }, /* 46 SymbolRef <- <((Offset* '+')? (LocalSymbol / SymbolName) Offset* ('@' Section Offset*)?)> */ func() bool { - position688, tokenIndex688 := position, tokenIndex + position699, tokenIndex699 := position, tokenIndex { - position689 := position + position700 := position { - position690, tokenIndex690 := position, tokenIndex - l692: + position701, tokenIndex701 := position, tokenIndex + l703: { - position693, tokenIndex693 := position, tokenIndex + position704, tokenIndex704 := position, tokenIndex if !_rules[ruleOffset]() { - goto l693 + goto l704 } - goto l692 - l693: - position, tokenIndex = position693, tokenIndex693 + goto l703 + l704: + position, tokenIndex = position704, tokenIndex704 } if buffer[position] != rune('+') { - goto l690 + goto l701 } position++ - goto l691 - l690: - position, tokenIndex = position690, tokenIndex690 + goto l702 + l701: + position, tokenIndex = position701, tokenIndex701 } - l691: + l702: { - position694, tokenIndex694 := position, tokenIndex + position705, tokenIndex705 := position, tokenIndex if !_rules[ruleLocalSymbol]() { - goto l695 + goto l706 } - goto l694 - l695: - position, tokenIndex = position694, tokenIndex694 + goto l705 + l706: + position, tokenIndex = position705, tokenIndex705 if !_rules[ruleSymbolName]() { - goto l688 + goto l699 } } - l694: - l696: + l705: + l707: { - position697, tokenIndex697 := position, tokenIndex + position708, tokenIndex708 := position, tokenIndex if !_rules[ruleOffset]() { - goto l697 + goto l708 } - goto l696 - l697: - position, tokenIndex = position697, tokenIndex697 + goto l707 + l708: + position, tokenIndex = position708, tokenIndex708 } { - position698, tokenIndex698 := position, tokenIndex + position709, tokenIndex709 := position, tokenIndex if buffer[position] != rune('@') { - goto l698 + goto l709 } position++ if !_rules[ruleSection]() { - goto l698 + goto l709 } - l700: + l711: { - position701, tokenIndex701 := position, tokenIndex + position712, tokenIndex712 := position, tokenIndex if !_rules[ruleOffset]() { - goto l701 + goto l712 } - goto l700 - l701: - position, tokenIndex = position701, tokenIndex701 + goto l711 + l712: + position, tokenIndex = position712, tokenIndex712 } - goto l699 - l698: - position, tokenIndex = position698, tokenIndex698 + goto l710 + l709: + position, tokenIndex = position709, tokenIndex709 } - l699: - add(ruleSymbolRef, position689) + l710: + add(ruleSymbolRef, position700) } return true - l688: - position, tokenIndex = position688, tokenIndex688 + l699: + position, tokenIndex = position699, tokenIndex699 return false }, /* 47 Low12BitsSymbolRef <- <(':' ('l' / 'L') ('o' / 'O') '1' '2' ':' (LocalSymbol / SymbolName) Offset?)> */ func() bool { - position702, tokenIndex702 := position, tokenIndex + position713, tokenIndex713 := position, tokenIndex { - position703 := position + position714 := position if buffer[position] != rune(':') { - goto l702 + goto l713 } position++ { - position704, tokenIndex704 := position, tokenIndex + position715, tokenIndex715 := position, tokenIndex if buffer[position] != rune('l') { - goto l705 + goto l716 } position++ - goto l704 - l705: - position, tokenIndex = position704, tokenIndex704 + goto l715 + l716: + position, tokenIndex = position715, tokenIndex715 if buffer[position] != rune('L') { - goto l702 + goto l713 } position++ } - l704: + l715: { - position706, tokenIndex706 := position, tokenIndex + position717, tokenIndex717 := position, tokenIndex if buffer[position] != rune('o') { - goto l707 + goto l718 } position++ - goto l706 - l707: - position, tokenIndex = position706, tokenIndex706 + goto l717 + l718: + position, tokenIndex = position717, tokenIndex717 if buffer[position] != rune('O') { - goto l702 + goto l713 } position++ } - l706: + l717: if buffer[position] != rune('1') { - goto l702 + goto l713 } position++ if buffer[position] != rune('2') { - goto l702 + goto l713 } position++ if buffer[position] != rune(':') { - goto l702 + goto l713 } position++ { - position708, tokenIndex708 := position, tokenIndex + position719, tokenIndex719 := position, tokenIndex if !_rules[ruleLocalSymbol]() { - goto l709 + goto l720 } - goto l708 - l709: - position, tokenIndex = position708, tokenIndex708 + goto l719 + l720: + position, tokenIndex = position719, tokenIndex719 if !_rules[ruleSymbolName]() { - goto l702 + goto l713 } } - l708: + l719: { - position710, tokenIndex710 := position, tokenIndex + position721, tokenIndex721 := position, tokenIndex if !_rules[ruleOffset]() { - goto l710 + goto l721 } - goto l711 - l710: - position, tokenIndex = position710, tokenIndex710 + goto l722 + l721: + position, tokenIndex = position721, tokenIndex721 } - l711: - add(ruleLow12BitsSymbolRef, position703) + l722: + add(ruleLow12BitsSymbolRef, position714) } return true - l702: - position, tokenIndex = position702, tokenIndex702 + l713: + position, tokenIndex = position713, tokenIndex713 return false }, /* 48 ARMBaseIndexScale <- <('[' ARMRegister (',' WS? (('#' Offset (('*' [0-9]+) / ('*' '(' [0-9]+ Operator [0-9]+ ')') / ('+' [0-9]+)*)?) / ARMGOTLow12 / Low12BitsSymbolRef / ARMRegister) (',' WS? ARMConstantTweak)?)? ']' ARMPostincrement?)> */ func() bool { - position712, tokenIndex712 := position, tokenIndex + position723, tokenIndex723 := position, tokenIndex { - position713 := position + position724 := position if buffer[position] != rune('[') { - goto l712 + goto l723 } position++ if !_rules[ruleARMRegister]() { - goto l712 + goto l723 } { - position714, tokenIndex714 := position, tokenIndex + position725, tokenIndex725 := position, tokenIndex if buffer[position] != rune(',') { - goto l714 + goto l725 } position++ { - position716, tokenIndex716 := position, tokenIndex + position727, tokenIndex727 := position, tokenIndex if !_rules[ruleWS]() { - goto l716 + goto l727 } - goto l717 - l716: - position, tokenIndex = position716, tokenIndex716 + goto l728 + l727: + position, tokenIndex = position727, tokenIndex727 } - l717: + l728: { - position718, tokenIndex718 := position, tokenIndex + position729, tokenIndex729 := position, tokenIndex if buffer[position] != rune('#') { - goto l719 + goto l730 } position++ if !_rules[ruleOffset]() { - goto l719 + goto l730 } { - position720, tokenIndex720 := position, tokenIndex + position731, tokenIndex731 := position, tokenIndex { - position722, tokenIndex722 := position, tokenIndex + position733, tokenIndex733 := position, tokenIndex if buffer[position] != rune('*') { - goto l723 + goto l734 } position++ if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l723 + goto l734 } position++ - l724: + l735: { - position725, tokenIndex725 := position, tokenIndex + position736, tokenIndex736 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l725 + goto l736 } position++ - goto l724 - l725: - position, tokenIndex = position725, tokenIndex725 + goto l735 + l736: + position, tokenIndex = position736, tokenIndex736 } - goto l722 - l723: - position, tokenIndex = position722, tokenIndex722 + goto l733 + l734: + position, tokenIndex = position733, tokenIndex733 if buffer[position] != rune('*') { - goto l726 + goto l737 } position++ if buffer[position] != rune('(') { - goto l726 + goto l737 } position++ if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l726 + goto l737 } position++ - l727: + l738: { - position728, tokenIndex728 := position, tokenIndex + position739, tokenIndex739 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l728 + goto l739 } position++ - goto l727 - l728: - position, tokenIndex = position728, tokenIndex728 + goto l738 + l739: + position, tokenIndex = position739, tokenIndex739 } if !_rules[ruleOperator]() { - goto l726 + goto l737 } if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l726 + goto l737 } position++ - l729: + l740: { - position730, tokenIndex730 := position, tokenIndex + position741, tokenIndex741 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l730 + goto l741 } position++ - goto l729 - l730: - position, tokenIndex = position730, tokenIndex730 + goto l740 + l741: + position, tokenIndex = position741, tokenIndex741 } if buffer[position] != rune(')') { - goto l726 + goto l737 } position++ - goto l722 - l726: - position, tokenIndex = position722, tokenIndex722 - l731: + goto l733 + l737: + position, tokenIndex = position733, tokenIndex733 + l742: { - position732, tokenIndex732 := position, tokenIndex + position743, tokenIndex743 := position, tokenIndex if buffer[position] != rune('+') { - goto l732 + goto l743 } position++ if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l732 + goto l743 } position++ - l733: + l744: { - position734, tokenIndex734 := position, tokenIndex + position745, tokenIndex745 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l734 + goto l745 } position++ - goto l733 - l734: - position, tokenIndex = position734, tokenIndex734 + goto l744 + l745: + position, tokenIndex = position745, tokenIndex745 } - goto l731 - l732: - position, tokenIndex = position732, tokenIndex732 + goto l742 + l743: + position, tokenIndex = position743, tokenIndex743 } } - l722: - goto l721 + l733: + goto l732 - position, tokenIndex = position720, tokenIndex720 + position, tokenIndex = position731, tokenIndex731 } - l721: - goto l718 - l719: - position, tokenIndex = position718, tokenIndex718 + l732: + goto l729 + l730: + position, tokenIndex = position729, tokenIndex729 if !_rules[ruleARMGOTLow12]() { - goto l735 + goto l746 } - goto l718 - l735: - position, tokenIndex = position718, tokenIndex718 + goto l729 + l746: + position, tokenIndex = position729, tokenIndex729 if !_rules[ruleLow12BitsSymbolRef]() { - goto l736 + goto l747 } - goto l718 - l736: - position, tokenIndex = position718, tokenIndex718 + goto l729 + l747: + position, tokenIndex = position729, tokenIndex729 if !_rules[ruleARMRegister]() { - goto l714 + goto l725 } } - l718: + l729: { - position737, tokenIndex737 := position, tokenIndex + position748, tokenIndex748 := position, tokenIndex if buffer[position] != rune(',') { - goto l737 + goto l748 } position++ { - position739, tokenIndex739 := position, tokenIndex + position750, tokenIndex750 := position, tokenIndex if !_rules[ruleWS]() { - goto l739 + goto l750 } - goto l740 - l739: - position, tokenIndex = position739, tokenIndex739 + goto l751 + l750: + position, tokenIndex = position750, tokenIndex750 } - l740: + l751: if !_rules[ruleARMConstantTweak]() { - goto l737 + goto l748 } - goto l738 - l737: - position, tokenIndex = position737, tokenIndex737 + goto l749 + l748: + position, tokenIndex = position748, tokenIndex748 } - l738: - goto l715 - l714: - position, tokenIndex = position714, tokenIndex714 + l749: + goto l726 + l725: + position, tokenIndex = position725, tokenIndex725 } - l715: + l726: if buffer[position] != rune(']') { - goto l712 + goto l723 } position++ { - position741, tokenIndex741 := position, tokenIndex + position752, tokenIndex752 := position, tokenIndex if !_rules[ruleARMPostincrement]() { - goto l741 + goto l752 } - goto l742 - l741: - position, tokenIndex = position741, tokenIndex741 + goto l753 + l752: + position, tokenIndex = position752, tokenIndex752 } - l742: - add(ruleARMBaseIndexScale, position713) + l753: + add(ruleARMBaseIndexScale, position724) } return true - l712: - position, tokenIndex = position712, tokenIndex712 + l723: + position, tokenIndex = position723, tokenIndex723 return false }, /* 49 ARMGOTLow12 <- <(':' ('g' / 'G') ('o' / 'O') ('t' / 'T') '_' ('l' / 'L') ('o' / 'O') '1' '2' ':' SymbolName)> */ func() bool { - position743, tokenIndex743 := position, tokenIndex + position754, tokenIndex754 := position, tokenIndex { - position744 := position + position755 := position if buffer[position] != rune(':') { - goto l743 + goto l754 } position++ { - position745, tokenIndex745 := position, tokenIndex + position756, tokenIndex756 := position, tokenIndex if buffer[position] != rune('g') { - goto l746 + goto l757 } position++ - goto l745 - l746: - position, tokenIndex = position745, tokenIndex745 + goto l756 + l757: + position, tokenIndex = position756, tokenIndex756 if buffer[position] != rune('G') { - goto l743 + goto l754 } position++ } - l745: + l756: { - position747, tokenIndex747 := position, tokenIndex + position758, tokenIndex758 := position, tokenIndex if buffer[position] != rune('o') { - goto l748 + goto l759 } position++ - goto l747 - l748: - position, tokenIndex = position747, tokenIndex747 + goto l758 + l759: + position, tokenIndex = position758, tokenIndex758 if buffer[position] != rune('O') { - goto l743 + goto l754 } position++ } - l747: + l758: { - position749, tokenIndex749 := position, tokenIndex + position760, tokenIndex760 := position, tokenIndex if buffer[position] != rune('t') { - goto l750 + goto l761 } position++ - goto l749 - l750: - position, tokenIndex = position749, tokenIndex749 + goto l760 + l761: + position, tokenIndex = position760, tokenIndex760 if buffer[position] != rune('T') { - goto l743 + goto l754 } position++ } - l749: + l760: if buffer[position] != rune('_') { - goto l743 + goto l754 } position++ { - position751, tokenIndex751 := position, tokenIndex + position762, tokenIndex762 := position, tokenIndex if buffer[position] != rune('l') { - goto l752 + goto l763 } position++ - goto l751 - l752: - position, tokenIndex = position751, tokenIndex751 + goto l762 + l763: + position, tokenIndex = position762, tokenIndex762 if buffer[position] != rune('L') { - goto l743 + goto l754 } position++ } - l751: + l762: { - position753, tokenIndex753 := position, tokenIndex + position764, tokenIndex764 := position, tokenIndex if buffer[position] != rune('o') { - goto l754 + goto l765 } position++ - goto l753 - l754: - position, tokenIndex = position753, tokenIndex753 + goto l764 + l765: + position, tokenIndex = position764, tokenIndex764 if buffer[position] != rune('O') { - goto l743 + goto l754 } position++ } - l753: + l764: if buffer[position] != rune('1') { - goto l743 + goto l754 } position++ if buffer[position] != rune('2') { - goto l743 + goto l754 } position++ if buffer[position] != rune(':') { - goto l743 + goto l754 } position++ if !_rules[ruleSymbolName]() { - goto l743 + goto l754 } - add(ruleARMGOTLow12, position744) + add(ruleARMGOTLow12, position755) } return true - l743: - position, tokenIndex = position743, tokenIndex743 + l754: + position, tokenIndex = position754, tokenIndex754 return false }, /* 50 ARMPostincrement <- <'!'> */ func() bool { - position755, tokenIndex755 := position, tokenIndex + position766, tokenIndex766 := position, tokenIndex { - position756 := position + position767 := position if buffer[position] != rune('!') { - goto l755 + goto l766 } position++ - add(ruleARMPostincrement, position756) + add(ruleARMPostincrement, position767) } return true - l755: - position, tokenIndex = position755, tokenIndex755 + l766: + position, tokenIndex = position766, tokenIndex766 return false }, /* 51 BaseIndexScale <- <('(' RegisterOrConstant? WS? (',' WS? RegisterOrConstant WS? (',' [0-9]+)?)? ')')> */ func() bool { - position757, tokenIndex757 := position, tokenIndex + position768, tokenIndex768 := position, tokenIndex { - position758 := position + position769 := position if buffer[position] != rune('(') { - goto l757 + goto l768 } position++ { - position759, tokenIndex759 := position, tokenIndex + position770, tokenIndex770 := position, tokenIndex if !_rules[ruleRegisterOrConstant]() { - goto l759 + goto l770 } - goto l760 - l759: - position, tokenIndex = position759, tokenIndex759 + goto l771 + l770: + position, tokenIndex = position770, tokenIndex770 } - l760: + l771: { - position761, tokenIndex761 := position, tokenIndex + position772, tokenIndex772 := position, tokenIndex if !_rules[ruleWS]() { - goto l761 + goto l772 } - goto l762 - l761: - position, tokenIndex = position761, tokenIndex761 + goto l773 + l772: + position, tokenIndex = position772, tokenIndex772 } - l762: + l773: { - position763, tokenIndex763 := position, tokenIndex + position774, tokenIndex774 := position, tokenIndex if buffer[position] != rune(',') { - goto l763 + goto l774 } position++ { - position765, tokenIndex765 := position, tokenIndex + position776, tokenIndex776 := position, tokenIndex if !_rules[ruleWS]() { - goto l765 + goto l776 } - goto l766 - l765: - position, tokenIndex = position765, tokenIndex765 + goto l777 + l776: + position, tokenIndex = position776, tokenIndex776 } - l766: + l777: if !_rules[ruleRegisterOrConstant]() { - goto l763 + goto l774 } { - position767, tokenIndex767 := position, tokenIndex + position778, tokenIndex778 := position, tokenIndex if !_rules[ruleWS]() { - goto l767 + goto l778 } - goto l768 - l767: - position, tokenIndex = position767, tokenIndex767 + goto l779 + l778: + position, tokenIndex = position778, tokenIndex778 } - l768: + l779: { - position769, tokenIndex769 := position, tokenIndex + position780, tokenIndex780 := position, tokenIndex if buffer[position] != rune(',') { - goto l769 + goto l780 } position++ if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l769 + goto l780 } position++ - l771: + l782: { - position772, tokenIndex772 := position, tokenIndex + position783, tokenIndex783 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l772 + goto l783 } position++ - goto l771 - l772: - position, tokenIndex = position772, tokenIndex772 + goto l782 + l783: + position, tokenIndex = position783, tokenIndex783 } - goto l770 - l769: - position, tokenIndex = position769, tokenIndex769 + goto l781 + l780: + position, tokenIndex = position780, tokenIndex780 } - l770: - goto l764 - l763: - position, tokenIndex = position763, tokenIndex763 + l781: + goto l775 + l774: + position, tokenIndex = position774, tokenIndex774 } - l764: + l775: if buffer[position] != rune(')') { - goto l757 + goto l768 } position++ - add(ruleBaseIndexScale, position758) + add(ruleBaseIndexScale, position769) } return true - l757: - position, tokenIndex = position757, tokenIndex757 + l768: + position, tokenIndex = position768, tokenIndex768 return false }, /* 52 Operator <- <('+' / '-')> */ func() bool { - position773, tokenIndex773 := position, tokenIndex + position784, tokenIndex784 := position, tokenIndex { - position774 := position + position785 := position { - position775, tokenIndex775 := position, tokenIndex + position786, tokenIndex786 := position, tokenIndex if buffer[position] != rune('+') { - goto l776 + goto l787 } position++ - goto l775 - l776: - position, tokenIndex = position775, tokenIndex775 + goto l786 + l787: + position, tokenIndex = position786, tokenIndex786 if buffer[position] != rune('-') { - goto l773 + goto l784 } position++ } - l775: - add(ruleOperator, position774) + l786: + add(ruleOperator, position785) } return true - l773: - position, tokenIndex = position773, tokenIndex773 + l784: + position, tokenIndex = position784, tokenIndex784 return false }, /* 53 Offset <- <('+'? '-'? (('0' ('b' / 'B') ('0' / '1')+) / ('0' ('x' / 'X') ([0-9] / [0-9] / ([a-f] / [A-F]))+) / [0-9]+))> */ func() bool { - position777, tokenIndex777 := position, tokenIndex + position788, tokenIndex788 := position, tokenIndex { - position778 := position + position789 := position { - position779, tokenIndex779 := position, tokenIndex + position790, tokenIndex790 := position, tokenIndex if buffer[position] != rune('+') { - goto l779 + goto l790 } position++ - goto l780 - l779: - position, tokenIndex = position779, tokenIndex779 + goto l791 + l790: + position, tokenIndex = position790, tokenIndex790 } - l780: + l791: { - position781, tokenIndex781 := position, tokenIndex + position792, tokenIndex792 := position, tokenIndex if buffer[position] != rune('-') { - goto l781 + goto l792 } position++ - goto l782 - l781: - position, tokenIndex = position781, tokenIndex781 + goto l793 + l792: + position, tokenIndex = position792, tokenIndex792 } - l782: + l793: { - position783, tokenIndex783 := position, tokenIndex + position794, tokenIndex794 := position, tokenIndex if buffer[position] != rune('0') { - goto l784 + goto l795 } position++ { - position785, tokenIndex785 := position, tokenIndex + position796, tokenIndex796 := position, tokenIndex if buffer[position] != rune('b') { - goto l786 + goto l797 } position++ - goto l785 - l786: - position, tokenIndex = position785, tokenIndex785 + goto l796 + l797: + position, tokenIndex = position796, tokenIndex796 if buffer[position] != rune('B') { - goto l784 + goto l795 } position++ } - l785: + l796: { - position789, tokenIndex789 := position, tokenIndex + position800, tokenIndex800 := position, tokenIndex if buffer[position] != rune('0') { - goto l790 + goto l801 } position++ - goto l789 - l790: - position, tokenIndex = position789, tokenIndex789 + goto l800 + l801: + position, tokenIndex = position800, tokenIndex800 if buffer[position] != rune('1') { - goto l784 + goto l795 } position++ } - l789: - l787: + l800: + l798: { - position788, tokenIndex788 := position, tokenIndex + position799, tokenIndex799 := position, tokenIndex { - position791, tokenIndex791 := position, tokenIndex + position802, tokenIndex802 := position, tokenIndex if buffer[position] != rune('0') { - goto l792 + goto l803 } position++ - goto l791 - l792: - position, tokenIndex = position791, tokenIndex791 + goto l802 + l803: + position, tokenIndex = position802, tokenIndex802 if buffer[position] != rune('1') { - goto l788 + goto l799 } position++ } - l791: - goto l787 - l788: - position, tokenIndex = position788, tokenIndex788 + l802: + goto l798 + l799: + position, tokenIndex = position799, tokenIndex799 } - goto l783 - l784: - position, tokenIndex = position783, tokenIndex783 + goto l794 + l795: + position, tokenIndex = position794, tokenIndex794 if buffer[position] != rune('0') { - goto l793 + goto l804 } position++ { - position794, tokenIndex794 := position, tokenIndex + position805, tokenIndex805 := position, tokenIndex if buffer[position] != rune('x') { - goto l795 + goto l806 } position++ - goto l794 - l795: - position, tokenIndex = position794, tokenIndex794 + goto l805 + l806: + position, tokenIndex = position805, tokenIndex805 if buffer[position] != rune('X') { - goto l793 + goto l804 } position++ } - l794: + l805: { - position798, tokenIndex798 := position, tokenIndex + position809, tokenIndex809 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l799 + goto l810 } position++ - goto l798 - l799: - position, tokenIndex = position798, tokenIndex798 + goto l809 + l810: + position, tokenIndex = position809, tokenIndex809 if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l800 + goto l811 } position++ - goto l798 - l800: - position, tokenIndex = position798, tokenIndex798 + goto l809 + l811: + position, tokenIndex = position809, tokenIndex809 { - position801, tokenIndex801 := position, tokenIndex + position812, tokenIndex812 := position, tokenIndex if c := buffer[position]; c < rune('a') || c > rune('f') { - goto l802 + goto l813 } position++ - goto l801 - l802: - position, tokenIndex = position801, tokenIndex801 + goto l812 + l813: + position, tokenIndex = position812, tokenIndex812 if c := buffer[position]; c < rune('A') || c > rune('F') { - goto l793 + goto l804 } position++ } - l801: + l812: } - l798: - l796: + l809: + l807: { - position797, tokenIndex797 := position, tokenIndex + position808, tokenIndex808 := position, tokenIndex { - position803, tokenIndex803 := position, tokenIndex + position814, tokenIndex814 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l804 + goto l815 } position++ - goto l803 - l804: - position, tokenIndex = position803, tokenIndex803 + goto l814 + l815: + position, tokenIndex = position814, tokenIndex814 if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l805 + goto l816 } position++ - goto l803 - l805: - position, tokenIndex = position803, tokenIndex803 + goto l814 + l816: + position, tokenIndex = position814, tokenIndex814 { - position806, tokenIndex806 := position, tokenIndex + position817, tokenIndex817 := position, tokenIndex if c := buffer[position]; c < rune('a') || c > rune('f') { - goto l807 + goto l818 } position++ - goto l806 - l807: - position, tokenIndex = position806, tokenIndex806 + goto l817 + l818: + position, tokenIndex = position817, tokenIndex817 if c := buffer[position]; c < rune('A') || c > rune('F') { - goto l797 + goto l808 } position++ } - l806: + l817: } - l803: - goto l796 - l797: - position, tokenIndex = position797, tokenIndex797 + l814: + goto l807 + l808: + position, tokenIndex = position808, tokenIndex808 } - goto l783 - l793: - position, tokenIndex = position783, tokenIndex783 + goto l794 + l804: + position, tokenIndex = position794, tokenIndex794 if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l777 + goto l788 } position++ - l808: + l819: { - position809, tokenIndex809 := position, tokenIndex + position820, tokenIndex820 := position, tokenIndex if c := buffer[position]; c < rune('0') || c > rune('9') { - goto l809 + goto l820 } position++ - goto l808 - l809: - position, tokenIndex = position809, tokenIndex809 + goto l819 + l820: + position, tokenIndex = position820, tokenIndex820 } } - l783: - add(ruleOffset, position778) + l794: + add(ruleOffset, position789) } return true - l777: - position, tokenIndex = position777, tokenIndex777 + l788: + position, tokenIndex = position788, tokenIndex788 return false }, /* 54 Section <- <([a-z] / [A-Z] / '@')+> */ func() bool { - position810, tokenIndex810 := position, tokenIndex + position821, tokenIndex821 := position, tokenIndex { - position811 := position + position822 := position { - position814, tokenIndex814 := position, tokenIndex + position825, tokenIndex825 := position, tokenIndex if c := buffer[position]; c < rune('a') || c > rune('z') { - goto l815 + goto l826 } position++ - goto l814 - l815: - position, tokenIndex = position814, tokenIndex814 + goto l825 + l826: + position, tokenIndex = position825, tokenIndex825 if c := buffer[position]; c < rune('A') || c > rune('Z') { - goto l816 + goto l827 } position++ - goto l814 - l816: - position, tokenIndex = position814, tokenIndex814 + goto l825 + l827: + position, tokenIndex = position825, tokenIndex825 if buffer[position] != rune('@') { - goto l810 + goto l821 } position++ } - l814: - l812: + l825: + l823: { - position813, tokenIndex813 := position, tokenIndex + position824, tokenIndex824 := position, tokenIndex { - position817, tokenIndex817 := position, tokenIndex + position828, tokenIndex828 := position, tokenIndex if c := buffer[position]; c < rune('a') || c > rune('z') { - goto l818 + goto l829 } position++ - goto l817 - l818: - position, tokenIndex = position817, tokenIndex817 + goto l828 + l829: + position, tokenIndex = position828, tokenIndex828 if c := buffer[position]; c < rune('A') || c > rune('Z') { - goto l819 + goto l830 } position++ - goto l817 - l819: - position, tokenIndex = position817, tokenIndex817 + goto l828 + l830: + position, tokenIndex = position828, tokenIndex828 if buffer[position] != rune('@') { - goto l813 + goto l824 } position++ } - l817: - goto l812 - l813: - position, tokenIndex = position813, tokenIndex813 + l828: + goto l823 + l824: + position, tokenIndex = position824, tokenIndex824 } - add(ruleSection, position811) + add(ruleSection, position822) } return true - l810: - position, tokenIndex = position810, tokenIndex810 + l821: + position, tokenIndex = position821, tokenIndex821 return false }, /* 55 SegmentRegister <- <('%' ([c-g] / 's') ('s' ':'))> */ func() bool { - position820, tokenIndex820 := position, tokenIndex + position831, tokenIndex831 := position, tokenIndex { - position821 := position + position832 := position if buffer[position] != rune('%') { - goto l820 + goto l831 } position++ { - position822, tokenIndex822 := position, tokenIndex + position833, tokenIndex833 := position, tokenIndex if c := buffer[position]; c < rune('c') || c > rune('g') { - goto l823 + goto l834 } position++ - goto l822 - l823: - position, tokenIndex = position822, tokenIndex822 + goto l833 + l834: + position, tokenIndex = position833, tokenIndex833 if buffer[position] != rune('s') { - goto l820 + goto l831 } position++ } - l822: + l833: if buffer[position] != rune('s') { - goto l820 + goto l831 } position++ if buffer[position] != rune(':') { - goto l820 + goto l831 } position++ - add(ruleSegmentRegister, position821) + add(ruleSegmentRegister, position832) } return true - l820: - position, tokenIndex = position820, tokenIndex820 + l831: + position, tokenIndex = position831, tokenIndex831 return false }, } diff --git a/src/util/generate_build_files.py b/src/util/generate_build_files.py index 1dd1629d..e4e95cad 100644 --- a/src/util/generate_build_files.py +++ b/src/util/generate_build_files.py @@ -48,6 +48,8 @@ NON_PERL_FILES = { ('apple', 'x86_64'): [ 'src/third_party/fiat/asm/fiat_curve25519_adx_mul.S', 'src/third_party/fiat/asm/fiat_curve25519_adx_square.S', + 'src/third_party/fiat/asm/fiat_p256_adx_mul.S', + 'src/third_party/fiat/asm/fiat_p256_adx_sqr.S', ], ('linux', 'arm'): [ 'src/crypto/curve25519/asm/x25519-asm-arm.S', @@ -57,6 +59,8 @@ NON_PERL_FILES = { 'src/crypto/hrss/asm/poly_rq_mul.S', 'src/third_party/fiat/asm/fiat_curve25519_adx_mul.S', 'src/third_party/fiat/asm/fiat_curve25519_adx_square.S', + 'src/third_party/fiat/asm/fiat_p256_adx_mul.S', + 'src/third_party/fiat/asm/fiat_p256_adx_sqr.S', ], } @@ -355,7 +359,9 @@ class GN(object): files['ssl'] + files['ssl_internal_headers']) self.PrintVariableSection(out, 'ssl_headers', files['ssl_headers']) self.PrintVariableSection(out, 'pki_sources', - files['pki'] + files['pki_internal_headers']) + files['pki']) + self.PrintVariableSection(out, 'pki_internal_headers', + files['pki_internal_headers']) self.PrintVariableSection(out, 'tool_sources', files['tool'] + files['tool_headers']) |