crypto: switch to C++
This change switches nearly all of BoringSSL to use C++. The public
functions still use the C ABI, and so code written in C can still use
BoringSSL. Also the use of the C++ standard library is minimal and no
run-time requirement for it is intended.
Change-Id: I902d2f51a3c8d6bd0dc4aabe1b192a15d7b788e8
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/72747
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
diff --git a/build.json b/build.json
index eaf1a3e..dcb03ce 100644
--- a/build.json
+++ b/build.json
@@ -13,81 +13,81 @@
{
"bcm": {
"srcs": [
- "crypto/fipsmodule/bcm.c"
+ "crypto/fipsmodule/bcm.cc"
],
"internal_hdrs": [
- "crypto/fipsmodule/aes/aes.c.inc",
- "crypto/fipsmodule/aes/aes_nohw.c.inc",
- "crypto/fipsmodule/aes/key_wrap.c.inc",
- "crypto/fipsmodule/aes/mode_wrappers.c.inc",
- "crypto/fipsmodule/bn/add.c.inc",
- "crypto/fipsmodule/bn/asm/x86_64-gcc.c.inc",
- "crypto/fipsmodule/bn/bn.c.inc",
- "crypto/fipsmodule/bn/bytes.c.inc",
- "crypto/fipsmodule/bn/cmp.c.inc",
- "crypto/fipsmodule/bn/ctx.c.inc",
- "crypto/fipsmodule/bn/div.c.inc",
- "crypto/fipsmodule/bn/div_extra.c.inc",
- "crypto/fipsmodule/bn/exponentiation.c.inc",
- "crypto/fipsmodule/bn/gcd.c.inc",
- "crypto/fipsmodule/bn/gcd_extra.c.inc",
- "crypto/fipsmodule/bn/generic.c.inc",
- "crypto/fipsmodule/bn/jacobi.c.inc",
- "crypto/fipsmodule/bn/montgomery.c.inc",
- "crypto/fipsmodule/bn/montgomery_inv.c.inc",
- "crypto/fipsmodule/bn/mul.c.inc",
- "crypto/fipsmodule/bn/prime.c.inc",
- "crypto/fipsmodule/bn/random.c.inc",
- "crypto/fipsmodule/bn/rsaz_exp.c.inc",
- "crypto/fipsmodule/bn/shift.c.inc",
- "crypto/fipsmodule/bn/sqrt.c.inc",
- "crypto/fipsmodule/cipher/aead.c.inc",
- "crypto/fipsmodule/cipher/cipher.c.inc",
- "crypto/fipsmodule/cipher/e_aes.c.inc",
- "crypto/fipsmodule/cipher/e_aesccm.c.inc",
- "crypto/fipsmodule/cmac/cmac.c.inc",
- "crypto/fipsmodule/dh/check.c.inc",
- "crypto/fipsmodule/dh/dh.c.inc",
- "crypto/fipsmodule/digest/digest.c.inc",
- "crypto/fipsmodule/digest/digests.c.inc",
- "crypto/fipsmodule/digestsign/digestsign.c.inc",
- "crypto/fipsmodule/ec/ec.c.inc",
- "crypto/fipsmodule/ec/ec_key.c.inc",
- "crypto/fipsmodule/ec/ec_montgomery.c.inc",
- "crypto/fipsmodule/ec/felem.c.inc",
- "crypto/fipsmodule/ec/oct.c.inc",
- "crypto/fipsmodule/ec/p224-64.c.inc",
- "crypto/fipsmodule/ec/p256-nistz.c.inc",
- "crypto/fipsmodule/ec/p256.c.inc",
- "crypto/fipsmodule/ec/scalar.c.inc",
- "crypto/fipsmodule/ec/simple.c.inc",
- "crypto/fipsmodule/ec/simple_mul.c.inc",
- "crypto/fipsmodule/ec/util.c.inc",
- "crypto/fipsmodule/ec/wnaf.c.inc",
- "crypto/fipsmodule/ecdh/ecdh.c.inc",
- "crypto/fipsmodule/ecdsa/ecdsa.c.inc",
- "crypto/fipsmodule/hkdf/hkdf.c.inc",
- "crypto/fipsmodule/hmac/hmac.c.inc",
- "crypto/fipsmodule/modes/cbc.c.inc",
- "crypto/fipsmodule/modes/cfb.c.inc",
- "crypto/fipsmodule/modes/ctr.c.inc",
- "crypto/fipsmodule/modes/gcm.c.inc",
- "crypto/fipsmodule/modes/gcm_nohw.c.inc",
- "crypto/fipsmodule/modes/ofb.c.inc",
- "crypto/fipsmodule/modes/polyval.c.inc",
- "crypto/fipsmodule/rand/ctrdrbg.c.inc",
- "crypto/fipsmodule/rand/rand.c.inc",
- "crypto/fipsmodule/rsa/blinding.c.inc",
- "crypto/fipsmodule/rsa/padding.c.inc",
- "crypto/fipsmodule/rsa/rsa.c.inc",
- "crypto/fipsmodule/rsa/rsa_impl.c.inc",
- "crypto/fipsmodule/self_check/fips.c.inc",
- "crypto/fipsmodule/self_check/self_check.c.inc",
- "crypto/fipsmodule/service_indicator/service_indicator.c.inc",
- "crypto/fipsmodule/sha/sha1.c.inc",
- "crypto/fipsmodule/sha/sha256.c.inc",
- "crypto/fipsmodule/sha/sha512.c.inc",
- "crypto/fipsmodule/tls/kdf.c.inc"
+ "crypto/fipsmodule/aes/aes.cc.inc",
+ "crypto/fipsmodule/aes/aes_nohw.cc.inc",
+ "crypto/fipsmodule/aes/key_wrap.cc.inc",
+ "crypto/fipsmodule/aes/mode_wrappers.cc.inc",
+ "crypto/fipsmodule/bn/add.cc.inc",
+ "crypto/fipsmodule/bn/asm/x86_64-gcc.cc.inc",
+ "crypto/fipsmodule/bn/bn.cc.inc",
+ "crypto/fipsmodule/bn/bytes.cc.inc",
+ "crypto/fipsmodule/bn/cmp.cc.inc",
+ "crypto/fipsmodule/bn/ctx.cc.inc",
+ "crypto/fipsmodule/bn/div.cc.inc",
+ "crypto/fipsmodule/bn/div_extra.cc.inc",
+ "crypto/fipsmodule/bn/exponentiation.cc.inc",
+ "crypto/fipsmodule/bn/gcd.cc.inc",
+ "crypto/fipsmodule/bn/gcd_extra.cc.inc",
+ "crypto/fipsmodule/bn/generic.cc.inc",
+ "crypto/fipsmodule/bn/jacobi.cc.inc",
+ "crypto/fipsmodule/bn/montgomery.cc.inc",
+ "crypto/fipsmodule/bn/montgomery_inv.cc.inc",
+ "crypto/fipsmodule/bn/mul.cc.inc",
+ "crypto/fipsmodule/bn/prime.cc.inc",
+ "crypto/fipsmodule/bn/random.cc.inc",
+ "crypto/fipsmodule/bn/rsaz_exp.cc.inc",
+ "crypto/fipsmodule/bn/shift.cc.inc",
+ "crypto/fipsmodule/bn/sqrt.cc.inc",
+ "crypto/fipsmodule/cipher/aead.cc.inc",
+ "crypto/fipsmodule/cipher/cipher.cc.inc",
+ "crypto/fipsmodule/cipher/e_aes.cc.inc",
+ "crypto/fipsmodule/cipher/e_aesccm.cc.inc",
+ "crypto/fipsmodule/cmac/cmac.cc.inc",
+ "crypto/fipsmodule/dh/check.cc.inc",
+ "crypto/fipsmodule/dh/dh.cc.inc",
+ "crypto/fipsmodule/digest/digest.cc.inc",
+ "crypto/fipsmodule/digest/digests.cc.inc",
+ "crypto/fipsmodule/digestsign/digestsign.cc.inc",
+ "crypto/fipsmodule/ec/ec.cc.inc",
+ "crypto/fipsmodule/ec/ec_key.cc.inc",
+ "crypto/fipsmodule/ec/ec_montgomery.cc.inc",
+ "crypto/fipsmodule/ec/felem.cc.inc",
+ "crypto/fipsmodule/ec/oct.cc.inc",
+ "crypto/fipsmodule/ec/p224-64.cc.inc",
+ "crypto/fipsmodule/ec/p256-nistz.cc.inc",
+ "crypto/fipsmodule/ec/p256.cc.inc",
+ "crypto/fipsmodule/ec/scalar.cc.inc",
+ "crypto/fipsmodule/ec/simple.cc.inc",
+ "crypto/fipsmodule/ec/simple_mul.cc.inc",
+ "crypto/fipsmodule/ec/util.cc.inc",
+ "crypto/fipsmodule/ec/wnaf.cc.inc",
+ "crypto/fipsmodule/ecdh/ecdh.cc.inc",
+ "crypto/fipsmodule/ecdsa/ecdsa.cc.inc",
+ "crypto/fipsmodule/hkdf/hkdf.cc.inc",
+ "crypto/fipsmodule/hmac/hmac.cc.inc",
+ "crypto/fipsmodule/modes/cbc.cc.inc",
+ "crypto/fipsmodule/modes/cfb.cc.inc",
+ "crypto/fipsmodule/modes/ctr.cc.inc",
+ "crypto/fipsmodule/modes/gcm.cc.inc",
+ "crypto/fipsmodule/modes/gcm_nohw.cc.inc",
+ "crypto/fipsmodule/modes/ofb.cc.inc",
+ "crypto/fipsmodule/modes/polyval.cc.inc",
+ "crypto/fipsmodule/rand/ctrdrbg.cc.inc",
+ "crypto/fipsmodule/rand/rand.cc.inc",
+ "crypto/fipsmodule/rsa/blinding.cc.inc",
+ "crypto/fipsmodule/rsa/padding.cc.inc",
+ "crypto/fipsmodule/rsa/rsa.cc.inc",
+ "crypto/fipsmodule/rsa/rsa_impl.cc.inc",
+ "crypto/fipsmodule/self_check/fips.cc.inc",
+ "crypto/fipsmodule/self_check/self_check.cc.inc",
+ "crypto/fipsmodule/service_indicator/service_indicator.cc.inc",
+ "crypto/fipsmodule/sha/sha1.cc.inc",
+ "crypto/fipsmodule/sha/sha256.cc.inc",
+ "crypto/fipsmodule/sha/sha512.cc.inc",
+ "crypto/fipsmodule/tls/kdf.cc.inc"
],
"asm": [
"third_party/fiat/asm/fiat_p256_adx_mul.S",
@@ -149,254 +149,254 @@
},
"crypto": {
"srcs": [
- "crypto/asn1/a_bitstr.c",
- "crypto/asn1/a_bool.c",
- "crypto/asn1/a_d2i_fp.c",
- "crypto/asn1/a_dup.c",
- "crypto/asn1/a_gentm.c",
- "crypto/asn1/a_i2d_fp.c",
- "crypto/asn1/a_int.c",
- "crypto/asn1/a_mbstr.c",
- "crypto/asn1/a_object.c",
- "crypto/asn1/a_octet.c",
- "crypto/asn1/a_strex.c",
- "crypto/asn1/a_strnid.c",
- "crypto/asn1/a_time.c",
- "crypto/asn1/a_type.c",
- "crypto/asn1/a_utctm.c",
- "crypto/asn1/asn1_lib.c",
- "crypto/asn1/asn1_par.c",
- "crypto/asn1/asn_pack.c",
- "crypto/asn1/f_int.c",
- "crypto/asn1/f_string.c",
- "crypto/asn1/posix_time.c",
- "crypto/asn1/tasn_dec.c",
- "crypto/asn1/tasn_enc.c",
- "crypto/asn1/tasn_fre.c",
- "crypto/asn1/tasn_new.c",
- "crypto/asn1/tasn_typ.c",
- "crypto/asn1/tasn_utl.c",
- "crypto/base64/base64.c",
- "crypto/bio/bio.c",
- "crypto/bio/bio_mem.c",
- "crypto/bio/connect.c",
- "crypto/bio/errno.c",
- "crypto/bio/fd.c",
- "crypto/bio/file.c",
- "crypto/bio/hexdump.c",
- "crypto/bio/pair.c",
- "crypto/bio/printf.c",
- "crypto/bio/socket.c",
- "crypto/bio/socket_helper.c",
- "crypto/blake2/blake2.c",
- "crypto/bn_extra/bn_asn1.c",
- "crypto/bn_extra/convert.c",
- "crypto/buf/buf.c",
- "crypto/bytestring/asn1_compat.c",
- "crypto/bytestring/ber.c",
- "crypto/bytestring/cbb.c",
- "crypto/bytestring/cbs.c",
- "crypto/bytestring/unicode.c",
- "crypto/chacha/chacha.c",
- "crypto/cipher_extra/cipher_extra.c",
- "crypto/cipher_extra/derive_key.c",
- "crypto/cipher_extra/e_aesctrhmac.c",
- "crypto/cipher_extra/e_aesgcmsiv.c",
- "crypto/cipher_extra/e_chacha20poly1305.c",
- "crypto/cipher_extra/e_des.c",
- "crypto/cipher_extra/e_null.c",
- "crypto/cipher_extra/e_rc2.c",
- "crypto/cipher_extra/e_rc4.c",
- "crypto/cipher_extra/e_tls.c",
- "crypto/cipher_extra/tls_cbc.c",
- "crypto/conf/conf.c",
- "crypto/cpu_aarch64_apple.c",
- "crypto/cpu_aarch64_fuchsia.c",
- "crypto/cpu_aarch64_linux.c",
- "crypto/cpu_aarch64_openbsd.c",
- "crypto/cpu_aarch64_sysreg.c",
- "crypto/cpu_aarch64_win.c",
- "crypto/cpu_arm_freebsd.c",
- "crypto/cpu_arm_linux.c",
- "crypto/cpu_intel.c",
- "crypto/crypto.c",
- "crypto/curve25519/curve25519.c",
- "crypto/curve25519/curve25519_64_adx.c",
- "crypto/curve25519/spake25519.c",
- "crypto/des/des.c",
- "crypto/dh_extra/dh_asn1.c",
- "crypto/dh_extra/params.c",
- "crypto/digest_extra/digest_extra.c",
- "crypto/dilithium/dilithium.c",
- "crypto/dsa/dsa.c",
- "crypto/dsa/dsa_asn1.c",
- "crypto/ec_extra/ec_asn1.c",
- "crypto/ec_extra/ec_derive.c",
- "crypto/ec_extra/hash_to_curve.c",
- "crypto/ecdh_extra/ecdh_extra.c",
- "crypto/ecdsa_extra/ecdsa_asn1.c",
- "crypto/engine/engine.c",
- "crypto/err/err.c",
- "crypto/evp/evp.c",
- "crypto/evp/evp_asn1.c",
- "crypto/evp/evp_ctx.c",
- "crypto/evp/p_dh.c",
- "crypto/evp/p_dh_asn1.c",
- "crypto/evp/p_dsa_asn1.c",
- "crypto/evp/p_ec.c",
- "crypto/evp/p_ec_asn1.c",
- "crypto/evp/p_ed25519.c",
- "crypto/evp/p_ed25519_asn1.c",
- "crypto/evp/p_hkdf.c",
- "crypto/evp/p_rsa.c",
- "crypto/evp/p_rsa_asn1.c",
- "crypto/evp/p_x25519.c",
- "crypto/evp/p_x25519_asn1.c",
- "crypto/evp/pbkdf.c",
- "crypto/evp/print.c",
- "crypto/evp/scrypt.c",
- "crypto/evp/sign.c",
- "crypto/ex_data.c",
- "crypto/fipsmodule/fips_shared_support.c",
- "crypto/hpke/hpke.c",
- "crypto/hrss/hrss.c",
- "crypto/keccak/keccak.c",
- "crypto/kyber/kyber.c",
- "crypto/lhash/lhash.c",
- "crypto/md4/md4.c",
- "crypto/md5/md5.c",
- "crypto/mem.c",
+ "crypto/asn1/a_bitstr.cc",
+ "crypto/asn1/a_bool.cc",
+ "crypto/asn1/a_d2i_fp.cc",
+ "crypto/asn1/a_dup.cc",
+ "crypto/asn1/a_gentm.cc",
+ "crypto/asn1/a_i2d_fp.cc",
+ "crypto/asn1/a_int.cc",
+ "crypto/asn1/a_mbstr.cc",
+ "crypto/asn1/a_object.cc",
+ "crypto/asn1/a_octet.cc",
+ "crypto/asn1/a_strex.cc",
+ "crypto/asn1/a_strnid.cc",
+ "crypto/asn1/a_time.cc",
+ "crypto/asn1/a_type.cc",
+ "crypto/asn1/a_utctm.cc",
+ "crypto/asn1/asn1_lib.cc",
+ "crypto/asn1/asn1_par.cc",
+ "crypto/asn1/asn_pack.cc",
+ "crypto/asn1/f_int.cc",
+ "crypto/asn1/f_string.cc",
+ "crypto/asn1/posix_time.cc",
+ "crypto/asn1/tasn_dec.cc",
+ "crypto/asn1/tasn_enc.cc",
+ "crypto/asn1/tasn_fre.cc",
+ "crypto/asn1/tasn_new.cc",
+ "crypto/asn1/tasn_typ.cc",
+ "crypto/asn1/tasn_utl.cc",
+ "crypto/base64/base64.cc",
+ "crypto/bio/bio.cc",
+ "crypto/bio/bio_mem.cc",
+ "crypto/bio/connect.cc",
+ "crypto/bio/errno.cc",
+ "crypto/bio/fd.cc",
+ "crypto/bio/file.cc",
+ "crypto/bio/hexdump.cc",
+ "crypto/bio/pair.cc",
+ "crypto/bio/printf.cc",
+ "crypto/bio/socket.cc",
+ "crypto/bio/socket_helper.cc",
+ "crypto/blake2/blake2.cc",
+ "crypto/bn_extra/bn_asn1.cc",
+ "crypto/bn_extra/convert.cc",
+ "crypto/buf/buf.cc",
+ "crypto/bytestring/asn1_compat.cc",
+ "crypto/bytestring/ber.cc",
+ "crypto/bytestring/cbb.cc",
+ "crypto/bytestring/cbs.cc",
+ "crypto/bytestring/unicode.cc",
+ "crypto/chacha/chacha.cc",
+ "crypto/cipher_extra/cipher_extra.cc",
+ "crypto/cipher_extra/derive_key.cc",
+ "crypto/cipher_extra/e_aesctrhmac.cc",
+ "crypto/cipher_extra/e_aesgcmsiv.cc",
+ "crypto/cipher_extra/e_chacha20poly1305.cc",
+ "crypto/cipher_extra/e_des.cc",
+ "crypto/cipher_extra/e_null.cc",
+ "crypto/cipher_extra/e_rc2.cc",
+ "crypto/cipher_extra/e_rc4.cc",
+ "crypto/cipher_extra/e_tls.cc",
+ "crypto/cipher_extra/tls_cbc.cc",
+ "crypto/conf/conf.cc",
+ "crypto/cpu_aarch64_apple.cc",
+ "crypto/cpu_aarch64_fuchsia.cc",
+ "crypto/cpu_aarch64_linux.cc",
+ "crypto/cpu_aarch64_openbsd.cc",
+ "crypto/cpu_aarch64_sysreg.cc",
+ "crypto/cpu_aarch64_win.cc",
+ "crypto/cpu_arm_freebsd.cc",
+ "crypto/cpu_arm_linux.cc",
+ "crypto/cpu_intel.cc",
+ "crypto/crypto.cc",
+ "crypto/curve25519/curve25519.cc",
+ "crypto/curve25519/curve25519_64_adx.cc",
+ "crypto/curve25519/spake25519.cc",
+ "crypto/des/des.cc",
+ "crypto/dh_extra/dh_asn1.cc",
+ "crypto/dh_extra/params.cc",
+ "crypto/digest_extra/digest_extra.cc",
+ "crypto/dilithium/dilithium.cc",
+ "crypto/dsa/dsa.cc",
+ "crypto/dsa/dsa_asn1.cc",
+ "crypto/ec_extra/ec_asn1.cc",
+ "crypto/ec_extra/ec_derive.cc",
+ "crypto/ec_extra/hash_to_curve.cc",
+ "crypto/ecdh_extra/ecdh_extra.cc",
+ "crypto/ecdsa_extra/ecdsa_asn1.cc",
+ "crypto/engine/engine.cc",
+ "crypto/err/err.cc",
+ "crypto/evp/evp.cc",
+ "crypto/evp/evp_asn1.cc",
+ "crypto/evp/evp_ctx.cc",
+ "crypto/evp/p_dh.cc",
+ "crypto/evp/p_dh_asn1.cc",
+ "crypto/evp/p_dsa_asn1.cc",
+ "crypto/evp/p_ec.cc",
+ "crypto/evp/p_ec_asn1.cc",
+ "crypto/evp/p_ed25519.cc",
+ "crypto/evp/p_ed25519_asn1.cc",
+ "crypto/evp/p_hkdf.cc",
+ "crypto/evp/p_rsa.cc",
+ "crypto/evp/p_rsa_asn1.cc",
+ "crypto/evp/p_x25519.cc",
+ "crypto/evp/p_x25519_asn1.cc",
+ "crypto/evp/pbkdf.cc",
+ "crypto/evp/print.cc",
+ "crypto/evp/scrypt.cc",
+ "crypto/evp/sign.cc",
+ "crypto/ex_data.cc",
+ "crypto/fipsmodule/fips_shared_support.cc",
+ "crypto/hpke/hpke.cc",
+ "crypto/hrss/hrss.cc",
+ "crypto/keccak/keccak.cc",
+ "crypto/kyber/kyber.cc",
+ "crypto/lhash/lhash.cc",
+ "crypto/md4/md4.cc",
+ "crypto/md5/md5.cc",
+ "crypto/mem.cc",
"crypto/mldsa/mldsa.cc",
"crypto/mlkem/mlkem.cc",
- "crypto/obj/obj.c",
- "crypto/obj/obj_xref.c",
- "crypto/pem/pem_all.c",
- "crypto/pem/pem_info.c",
- "crypto/pem/pem_lib.c",
- "crypto/pem/pem_oth.c",
- "crypto/pem/pem_pk8.c",
- "crypto/pem/pem_pkey.c",
- "crypto/pem/pem_x509.c",
- "crypto/pem/pem_xaux.c",
- "crypto/pkcs7/pkcs7.c",
- "crypto/pkcs7/pkcs7_x509.c",
- "crypto/pkcs8/p5_pbev2.c",
- "crypto/pkcs8/pkcs8.c",
- "crypto/pkcs8/pkcs8_x509.c",
- "crypto/poly1305/poly1305.c",
- "crypto/poly1305/poly1305_arm.c",
- "crypto/poly1305/poly1305_vec.c",
- "crypto/pool/pool.c",
- "crypto/rand_extra/deterministic.c",
- "crypto/rand_extra/fork_detect.c",
- "crypto/rand_extra/forkunsafe.c",
- "crypto/rand_extra/getentropy.c",
- "crypto/rand_extra/ios.c",
- "crypto/rand_extra/passive.c",
- "crypto/rand_extra/rand_extra.c",
- "crypto/rand_extra/trusty.c",
- "crypto/rand_extra/urandom.c",
- "crypto/rand_extra/windows.c",
- "crypto/rc4/rc4.c",
- "crypto/refcount.c",
- "crypto/rsa_extra/rsa_asn1.c",
- "crypto/rsa_extra/rsa_crypt.c",
- "crypto/rsa_extra/rsa_extra.c",
- "crypto/rsa_extra/rsa_print.c",
- "crypto/sha/sha1.c",
- "crypto/sha/sha256.c",
- "crypto/sha/sha512.c",
- "crypto/siphash/siphash.c",
- "crypto/slhdsa/fors.c",
- "crypto/slhdsa/merkle.c",
- "crypto/slhdsa/slhdsa.c",
- "crypto/slhdsa/thash.c",
- "crypto/slhdsa/wots.c",
- "crypto/spx/spx_address.c",
- "crypto/spx/spx_fors.c",
- "crypto/spx/spx_merkle.c",
- "crypto/spx/spx.c",
- "crypto/spx/spx_util.c",
- "crypto/spx/spx_thash.c",
- "crypto/spx/spx_wots.c",
- "crypto/stack/stack.c",
- "crypto/thread.c",
- "crypto/thread_none.c",
- "crypto/thread_pthread.c",
- "crypto/thread_win.c",
- "crypto/trust_token/pmbtoken.c",
- "crypto/trust_token/trust_token.c",
- "crypto/trust_token/voprf.c",
- "crypto/x509/a_digest.c",
- "crypto/x509/a_sign.c",
- "crypto/x509/a_verify.c",
- "crypto/x509/algorithm.c",
- "crypto/x509/asn1_gen.c",
- "crypto/x509/by_dir.c",
- "crypto/x509/by_file.c",
- "crypto/x509/i2d_pr.c",
- "crypto/x509/name_print.c",
- "crypto/x509/policy.c",
- "crypto/x509/rsa_pss.c",
- "crypto/x509/t_crl.c",
- "crypto/x509/t_req.c",
- "crypto/x509/t_x509.c",
- "crypto/x509/t_x509a.c",
- "crypto/x509/v3_akey.c",
- "crypto/x509/v3_akeya.c",
- "crypto/x509/v3_alt.c",
- "crypto/x509/v3_bcons.c",
- "crypto/x509/v3_bitst.c",
- "crypto/x509/v3_conf.c",
- "crypto/x509/v3_cpols.c",
- "crypto/x509/v3_crld.c",
- "crypto/x509/v3_enum.c",
- "crypto/x509/v3_extku.c",
- "crypto/x509/v3_genn.c",
- "crypto/x509/v3_ia5.c",
- "crypto/x509/v3_info.c",
- "crypto/x509/v3_int.c",
- "crypto/x509/v3_lib.c",
- "crypto/x509/v3_ncons.c",
- "crypto/x509/v3_ocsp.c",
- "crypto/x509/v3_pcons.c",
- "crypto/x509/v3_pmaps.c",
- "crypto/x509/v3_prn.c",
- "crypto/x509/v3_purp.c",
- "crypto/x509/v3_skey.c",
- "crypto/x509/v3_utl.c",
- "crypto/x509/x509.c",
- "crypto/x509/x509_att.c",
- "crypto/x509/x509_cmp.c",
- "crypto/x509/x509_d2.c",
- "crypto/x509/x509_def.c",
- "crypto/x509/x509_ext.c",
- "crypto/x509/x509_lu.c",
- "crypto/x509/x509_obj.c",
- "crypto/x509/x509_req.c",
- "crypto/x509/x509_set.c",
- "crypto/x509/x509_trs.c",
- "crypto/x509/x509_txt.c",
- "crypto/x509/x509_v3.c",
- "crypto/x509/x509_vfy.c",
- "crypto/x509/x509_vpm.c",
- "crypto/x509/x509cset.c",
- "crypto/x509/x509name.c",
- "crypto/x509/x509rset.c",
- "crypto/x509/x509spki.c",
- "crypto/x509/x_algor.c",
- "crypto/x509/x_all.c",
- "crypto/x509/x_attrib.c",
- "crypto/x509/x_crl.c",
- "crypto/x509/x_exten.c",
- "crypto/x509/x_name.c",
- "crypto/x509/x_pubkey.c",
- "crypto/x509/x_req.c",
- "crypto/x509/x_sig.c",
- "crypto/x509/x_spki.c",
- "crypto/x509/x_val.c",
- "crypto/x509/x_x509.c",
- "crypto/x509/x_x509a.c"
+ "crypto/obj/obj.cc",
+ "crypto/obj/obj_xref.cc",
+ "crypto/pem/pem_all.cc",
+ "crypto/pem/pem_info.cc",
+ "crypto/pem/pem_lib.cc",
+ "crypto/pem/pem_oth.cc",
+ "crypto/pem/pem_pk8.cc",
+ "crypto/pem/pem_pkey.cc",
+ "crypto/pem/pem_x509.cc",
+ "crypto/pem/pem_xaux.cc",
+ "crypto/pkcs7/pkcs7.cc",
+ "crypto/pkcs7/pkcs7_x509.cc",
+ "crypto/pkcs8/p5_pbev2.cc",
+ "crypto/pkcs8/pkcs8.cc",
+ "crypto/pkcs8/pkcs8_x509.cc",
+ "crypto/poly1305/poly1305.cc",
+ "crypto/poly1305/poly1305_arm.cc",
+ "crypto/poly1305/poly1305_vec.cc",
+ "crypto/pool/pool.cc",
+ "crypto/rand_extra/deterministic.cc",
+ "crypto/rand_extra/fork_detect.cc",
+ "crypto/rand_extra/forkunsafe.cc",
+ "crypto/rand_extra/getentropy.cc",
+ "crypto/rand_extra/ios.cc",
+ "crypto/rand_extra/passive.cc",
+ "crypto/rand_extra/rand_extra.cc",
+ "crypto/rand_extra/trusty.cc",
+ "crypto/rand_extra/urandom.cc",
+ "crypto/rand_extra/windows.cc",
+ "crypto/rc4/rc4.cc",
+ "crypto/refcount.cc",
+ "crypto/rsa_extra/rsa_asn1.cc",
+ "crypto/rsa_extra/rsa_crypt.cc",
+ "crypto/rsa_extra/rsa_extra.cc",
+ "crypto/rsa_extra/rsa_print.cc",
+ "crypto/sha/sha1.cc",
+ "crypto/sha/sha256.cc",
+ "crypto/sha/sha512.cc",
+ "crypto/siphash/siphash.cc",
+ "crypto/slhdsa/fors.cc",
+ "crypto/slhdsa/merkle.cc",
+ "crypto/slhdsa/slhdsa.cc",
+ "crypto/slhdsa/thash.cc",
+ "crypto/slhdsa/wots.cc",
+ "crypto/spx/spx_address.cc",
+ "crypto/spx/spx_fors.cc",
+ "crypto/spx/spx_merkle.cc",
+ "crypto/spx/spx.cc",
+ "crypto/spx/spx_util.cc",
+ "crypto/spx/spx_thash.cc",
+ "crypto/spx/spx_wots.cc",
+ "crypto/stack/stack.cc",
+ "crypto/thread.cc",
+ "crypto/thread_none.cc",
+ "crypto/thread_pthread.cc",
+ "crypto/thread_win.cc",
+ "crypto/trust_token/pmbtoken.cc",
+ "crypto/trust_token/trust_token.cc",
+ "crypto/trust_token/voprf.cc",
+ "crypto/x509/a_digest.cc",
+ "crypto/x509/a_sign.cc",
+ "crypto/x509/a_verify.cc",
+ "crypto/x509/algorithm.cc",
+ "crypto/x509/asn1_gen.cc",
+ "crypto/x509/by_dir.cc",
+ "crypto/x509/by_file.cc",
+ "crypto/x509/i2d_pr.cc",
+ "crypto/x509/name_print.cc",
+ "crypto/x509/policy.cc",
+ "crypto/x509/rsa_pss.cc",
+ "crypto/x509/t_crl.cc",
+ "crypto/x509/t_req.cc",
+ "crypto/x509/t_x509.cc",
+ "crypto/x509/t_x509a.cc",
+ "crypto/x509/v3_akey.cc",
+ "crypto/x509/v3_akeya.cc",
+ "crypto/x509/v3_alt.cc",
+ "crypto/x509/v3_bcons.cc",
+ "crypto/x509/v3_bitst.cc",
+ "crypto/x509/v3_conf.cc",
+ "crypto/x509/v3_cpols.cc",
+ "crypto/x509/v3_crld.cc",
+ "crypto/x509/v3_enum.cc",
+ "crypto/x509/v3_extku.cc",
+ "crypto/x509/v3_genn.cc",
+ "crypto/x509/v3_ia5.cc",
+ "crypto/x509/v3_info.cc",
+ "crypto/x509/v3_int.cc",
+ "crypto/x509/v3_lib.cc",
+ "crypto/x509/v3_ncons.cc",
+ "crypto/x509/v3_ocsp.cc",
+ "crypto/x509/v3_pcons.cc",
+ "crypto/x509/v3_pmaps.cc",
+ "crypto/x509/v3_prn.cc",
+ "crypto/x509/v3_purp.cc",
+ "crypto/x509/v3_skey.cc",
+ "crypto/x509/v3_utl.cc",
+ "crypto/x509/x509.cc",
+ "crypto/x509/x509_att.cc",
+ "crypto/x509/x509_cmp.cc",
+ "crypto/x509/x509_d2.cc",
+ "crypto/x509/x509_def.cc",
+ "crypto/x509/x509_ext.cc",
+ "crypto/x509/x509_lu.cc",
+ "crypto/x509/x509_obj.cc",
+ "crypto/x509/x509_req.cc",
+ "crypto/x509/x509_set.cc",
+ "crypto/x509/x509_trs.cc",
+ "crypto/x509/x509_txt.cc",
+ "crypto/x509/x509_v3.cc",
+ "crypto/x509/x509_vfy.cc",
+ "crypto/x509/x509_vpm.cc",
+ "crypto/x509/x509cset.cc",
+ "crypto/x509/x509name.cc",
+ "crypto/x509/x509rset.cc",
+ "crypto/x509/x509spki.cc",
+ "crypto/x509/x_algor.cc",
+ "crypto/x509/x_all.cc",
+ "crypto/x509/x_attrib.cc",
+ "crypto/x509/x_crl.cc",
+ "crypto/x509/x_exten.cc",
+ "crypto/x509/x_name.cc",
+ "crypto/x509/x_pubkey.cc",
+ "crypto/x509/x_req.cc",
+ "crypto/x509/x_sig.cc",
+ "crypto/x509/x_spki.cc",
+ "crypto/x509/x_val.cc",
+ "crypto/x509/x_x509.cc",
+ "crypto/x509/x_x509a.cc"
],
"hdrs": [
"include/openssl/aead.h",
@@ -741,23 +741,23 @@
},
"decrepit": {
"srcs": [
- "decrepit/bio/base64_bio.c",
- "decrepit/blowfish/blowfish.c",
- "decrepit/cast/cast.c",
- "decrepit/cast/cast_tables.c",
- "decrepit/cfb/cfb.c",
- "decrepit/des/cfb64ede.c",
- "decrepit/dh/dh_decrepit.c",
- "decrepit/dsa/dsa_decrepit.c",
- "decrepit/evp/dss1.c",
- "decrepit/evp/evp_do_all.c",
- "decrepit/obj/obj_decrepit.c",
- "decrepit/rc4/rc4_decrepit.c",
- "decrepit/ripemd/ripemd.c",
- "decrepit/rsa/rsa_decrepit.c",
- "decrepit/ssl/ssl_decrepit.c",
- "decrepit/x509/x509_decrepit.c",
- "decrepit/xts/xts.c"
+ "decrepit/bio/base64_bio.cc",
+ "decrepit/blowfish/blowfish.cc",
+ "decrepit/cast/cast.cc",
+ "decrepit/cast/cast_tables.cc",
+ "decrepit/cfb/cfb.cc",
+ "decrepit/des/cfb64ede.cc",
+ "decrepit/dh/dh_decrepit.cc",
+ "decrepit/dsa/dsa_decrepit.cc",
+ "decrepit/evp/dss1.cc",
+ "decrepit/evp/evp_do_all.cc",
+ "decrepit/obj/obj_decrepit.cc",
+ "decrepit/rc4/rc4_decrepit.cc",
+ "decrepit/ripemd/ripemd.cc",
+ "decrepit/rsa/rsa_decrepit.cc",
+ "decrepit/ssl/ssl_decrepit.cc",
+ "decrepit/x509/x509_decrepit.cc",
+ "decrepit/xts/xts.cc"
],
"internal_hdrs": [
"decrepit/cast/internal.h",
diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.cc
similarity index 98%
rename from crypto/asn1/a_bitstr.c
rename to crypto/asn1/a_bitstr.cc
index 2be07a4..04a14f2 100644
--- a/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.cc
@@ -142,6 +142,7 @@
const unsigned char *p;
unsigned char *s;
int padding;
+ uint8_t padding_mask;
if (len < 1) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_STRING_TOO_SHORT);
@@ -170,7 +171,7 @@
}
// Unused bits in a BIT STRING must be zero.
- uint8_t padding_mask = (1 << padding) - 1;
+ padding_mask = (1 << padding) - 1;
if (padding != 0 && (len < 1 || (p[len - 1] & padding_mask) != 0)) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_BIT_STRING_PADDING);
goto err;
@@ -182,7 +183,7 @@
ret->flags |= (ASN1_STRING_FLAG_BITS_LEFT | padding); // set
if (len > 0) {
- s = OPENSSL_memdup(p, len);
+ s = reinterpret_cast<uint8_t *>(OPENSSL_memdup(p, len));
if (s == NULL) {
goto err;
}
diff --git a/crypto/asn1/a_bool.c b/crypto/asn1/a_bool.cc
similarity index 100%
rename from crypto/asn1/a_bool.c
rename to crypto/asn1/a_bool.cc
diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.cc
similarity index 97%
rename from crypto/asn1/a_d2i_fp.c
rename to crypto/asn1/a_d2i_fp.cc
index 36c9d69..6508a9e 100644
--- a/crypto/asn1/a_d2i_fp.c
+++ b/crypto/asn1/a_d2i_fp.cc
@@ -72,7 +72,7 @@
return NULL;
}
const uint8_t *ptr = data;
- void *ret = ASN1_item_d2i(x, &ptr, len, it);
+ void *ret = ASN1_item_d2i(reinterpret_cast<ASN1_VALUE **>(x), &ptr, len, it);
OPENSSL_free(data);
return ret;
}
diff --git a/crypto/asn1/a_dup.c b/crypto/asn1/a_dup.cc
similarity index 97%
rename from crypto/asn1/a_dup.c
rename to crypto/asn1/a_dup.cc
index b37a5c6..387c75e 100644
--- a/crypto/asn1/a_dup.c
+++ b/crypto/asn1/a_dup.cc
@@ -73,7 +73,7 @@
return NULL;
}
- i = ASN1_item_i2d(x, &b, it);
+ i = ASN1_item_i2d(reinterpret_cast<ASN1_VALUE *>(x), &b, it);
if (b == NULL) {
return NULL;
}
diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.cc
similarity index 100%
rename from crypto/asn1/a_gentm.c
rename to crypto/asn1/a_gentm.cc
diff --git a/crypto/asn1/a_i2d_fp.c b/crypto/asn1/a_i2d_fp.cc
similarity index 97%
rename from crypto/asn1/a_i2d_fp.c
rename to crypto/asn1/a_i2d_fp.cc
index e0713fa..c74fa06 100644
--- a/crypto/asn1/a_i2d_fp.c
+++ b/crypto/asn1/a_i2d_fp.cc
@@ -74,7 +74,7 @@
int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x) {
unsigned char *b = NULL;
- int n = ASN1_item_i2d(x, &b, it);
+ int n = ASN1_item_i2d(reinterpret_cast<ASN1_VALUE *>(x), &b, it);
if (b == NULL) {
return 0;
}
diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.cc
similarity index 99%
rename from crypto/asn1/a_int.c
rename to crypto/asn1/a_int.cc
index 27845c0..6837f8c 100644
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.cc
@@ -408,6 +408,7 @@
} else {
ret = ai;
}
+ int len;
if (ret == NULL) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
goto err;
@@ -419,7 +420,7 @@
ret->type = type;
}
- int len = BN_num_bytes(bn);
+ len = BN_num_bytes(bn);
if (!ASN1_STRING_set(ret, NULL, len) ||
!BN_bn2bin_padded(ret->data, len, bn)) {
goto err;
diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.cc
similarity index 95%
rename from crypto/asn1/a_mbstr.c
rename to crypto/asn1/a_mbstr.cc
index 4d7ea14..e0e2916 100644
--- a/crypto/asn1/a_mbstr.c
+++ b/crypto/asn1/a_mbstr.cc
@@ -226,6 +226,8 @@
CBB cbb;
CBB_zero(&cbb);
// If both the same type just copy across
+ uint8_t *data = NULL;
+ size_t data_len = 0;
if (inform == outform) {
if (!ASN1_STRING_set(dest, in, len)) {
goto err;
@@ -245,12 +247,12 @@
goto err;
}
}
- uint8_t *data = NULL;
- size_t data_len;
- if (// OpenSSL historically NUL-terminated this value with a single byte,
- // even for |MBSTRING_BMP| and |MBSTRING_UNIV|.
- !CBB_add_u8(&cbb, 0) || !CBB_finish(&cbb, &data, &data_len) ||
- data_len < 1 || data_len > INT_MAX) {
+ if (/* OpenSSL historically NUL-terminated this value with a single byte,
+ * even for |MBSTRING_BMP| and |MBSTRING_UNIV|. */
+ !CBB_add_u8(&cbb, 0) || //
+ !CBB_finish(&cbb, &data, &data_len) || //
+ data_len < 1 || //
+ data_len > INT_MAX) {
OPENSSL_PUT_ERROR(ASN1, ERR_R_INTERNAL_ERROR);
OPENSSL_free(data);
goto err;
@@ -272,7 +274,7 @@
if (value > 0x7f) {
return 0;
}
- return OPENSSL_isalnum(value) || //
+ return OPENSSL_isalnum(value) || //
value == ' ' || value == '\'' || value == '(' || value == ')' ||
value == '+' || value == ',' || value == '-' || value == '.' ||
value == '/' || value == ':' || value == '=' || value == '?';
diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.cc
similarity index 98%
rename from crypto/asn1/a_object.c
rename to crypto/asn1/a_object.cc
index e501934..f8a3a4f 100644
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.cc
@@ -114,7 +114,7 @@
int len = i2t_ASN1_OBJECT(buf, sizeof(buf), a);
if (len > (int)sizeof(buf) - 1) {
// The input was truncated. Allocate a buffer that fits.
- allocated = OPENSSL_malloc(len + 1);
+ allocated = reinterpret_cast<char *>(OPENSSL_malloc(len + 1));
if (allocated == NULL) {
return -1;
}
diff --git a/crypto/asn1/a_octet.c b/crypto/asn1/a_octet.cc
similarity index 100%
rename from crypto/asn1/a_octet.c
rename to crypto/asn1/a_octet.cc
diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.cc
similarity index 100%
rename from crypto/asn1/a_strex.c
rename to crypto/asn1/a_strex.cc
diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.cc
similarity index 95%
rename from crypto/asn1/a_strnid.c
rename to crypto/asn1/a_strnid.cc
index db25b2a..2b49396 100644
--- a/crypto/asn1/a_strnid.c
+++ b/crypto/asn1/a_strnid.cc
@@ -159,7 +159,8 @@
}
static int table_cmp_void(const void *a, const void *b) {
- return table_cmp(a, b);
+ return table_cmp(reinterpret_cast<const ASN1_STRING_TABLE *>(a),
+ reinterpret_cast<const ASN1_STRING_TABLE *>(b));
}
static uint32_t table_hash(const ASN1_STRING_TABLE *tbl) {
@@ -169,9 +170,9 @@
static const ASN1_STRING_TABLE *asn1_string_table_get(int nid) {
ASN1_STRING_TABLE key;
key.nid = nid;
- const ASN1_STRING_TABLE *tbl =
+ const ASN1_STRING_TABLE *tbl = reinterpret_cast<ASN1_STRING_TABLE *>(
bsearch(&key, tbl_standard, OPENSSL_ARRAY_SIZE(tbl_standard),
- sizeof(ASN1_STRING_TABLE), table_cmp_void);
+ sizeof(ASN1_STRING_TABLE), table_cmp_void));
if (tbl != NULL) {
return tbl;
}
@@ -198,6 +199,7 @@
int ret = 0;
CRYPTO_MUTEX_lock_write(&string_tables_lock);
+ ASN1_STRING_TABLE *tbl = NULL;
if (string_tables == NULL) {
string_tables = lh_ASN1_STRING_TABLE_new(table_hash, table_cmp);
if (string_tables == NULL) {
@@ -214,7 +216,8 @@
}
}
- ASN1_STRING_TABLE *tbl = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE));
+ tbl = reinterpret_cast<ASN1_STRING_TABLE *>(
+ OPENSSL_malloc(sizeof(ASN1_STRING_TABLE)));
if (tbl == NULL) {
goto err;
}
diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.cc
similarity index 100%
rename from crypto/asn1/a_time.c
rename to crypto/asn1/a_time.cc
diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.cc
similarity index 95%
rename from crypto/asn1/a_type.c
rename to crypto/asn1/a_type.cc
index af603a3..dfc992c 100644
--- a/crypto/asn1/a_type.c
+++ b/crypto/asn1/a_type.cc
@@ -137,10 +137,10 @@
a->value.boolean = value ? ASN1_BOOLEAN_TRUE : ASN1_BOOLEAN_FALSE;
break;
case V_ASN1_OBJECT:
- a->value.object = value;
+ a->value.object = reinterpret_cast<ASN1_OBJECT *>(value);
break;
default:
- a->value.asn1_string = value;
+ a->value.asn1_string = reinterpret_cast<ASN1_STRING *>(value);
break;
}
}
@@ -151,14 +151,14 @@
ASN1_TYPE_set(a, type, p);
} else if (type == V_ASN1_OBJECT) {
ASN1_OBJECT *odup;
- odup = OBJ_dup(value);
+ odup = OBJ_dup(reinterpret_cast<const ASN1_OBJECT *>(value));
if (!odup) {
return 0;
}
ASN1_TYPE_set(a, type, odup);
} else {
ASN1_STRING *sdup;
- sdup = ASN1_STRING_dup(value);
+ sdup = ASN1_STRING_dup(reinterpret_cast<const ASN1_STRING *>(value));
if (!sdup) {
return 0;
}
diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.cc
similarity index 100%
rename from crypto/asn1/a_utctm.c
rename to crypto/asn1/a_utctm.cc
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.cc
similarity index 97%
rename from crypto/asn1/asn1_lib.c
rename to crypto/asn1/asn1_lib.cc
index 0158622..78ea33f 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.cc
@@ -271,7 +271,7 @@
}
int ASN1_STRING_set(ASN1_STRING *str, const void *_data, ossl_ssize_t len_s) {
- const char *data = _data;
+ const char *data = reinterpret_cast<const char *>(_data);
size_t len;
if (len_s < 0) {
if (data == NULL) {
@@ -291,9 +291,9 @@
if (str->length <= (int)len || str->data == NULL) {
unsigned char *c = str->data;
if (c == NULL) {
- str->data = OPENSSL_malloc(len + 1);
+ str->data = reinterpret_cast<uint8_t *>(OPENSSL_malloc(len + 1));
} else {
- str->data = OPENSSL_realloc(c, len + 1);
+ str->data = reinterpret_cast<uint8_t *>(OPENSSL_realloc(c, len + 1));
}
if (str->data == NULL) {
@@ -315,7 +315,7 @@
void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len) {
OPENSSL_free(str->data);
- str->data = data;
+ str->data = reinterpret_cast<uint8_t *>(data);
str->length = len;
}
diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.cc
similarity index 100%
rename from crypto/asn1/asn1_par.c
rename to crypto/asn1/asn1_par.cc
diff --git a/crypto/asn1/asn_pack.c b/crypto/asn1/asn_pack.cc
similarity index 96%
rename from crypto/asn1/asn_pack.c
rename to crypto/asn1/asn_pack.cc
index c42cc05..971ea63 100644
--- a/crypto/asn1/asn_pack.c
+++ b/crypto/asn1/asn_pack.cc
@@ -62,7 +62,7 @@
ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **out) {
uint8_t *new_data = NULL;
- int len = ASN1_item_i2d(obj, &new_data, it);
+ int len = ASN1_item_i2d(reinterpret_cast<ASN1_VALUE *>(obj), &new_data, it);
if (len <= 0) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_ENCODE_ERROR);
return NULL;
@@ -91,7 +91,7 @@
void *ret = ASN1_item_d2i(NULL, &p, oct->length, it);
if (ret == NULL || p != oct->data + oct->length) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_DECODE_ERROR);
- ASN1_item_free(ret, it);
+ ASN1_item_free(reinterpret_cast<ASN1_VALUE *>(ret), it);
return NULL;
}
return ret;
diff --git a/crypto/asn1/f_int.c b/crypto/asn1/f_int.cc
similarity index 100%
rename from crypto/asn1/f_int.c
rename to crypto/asn1/f_int.cc
diff --git a/crypto/asn1/f_string.c b/crypto/asn1/f_string.cc
similarity index 100%
rename from crypto/asn1/f_string.c
rename to crypto/asn1/f_string.cc
diff --git a/crypto/asn1/posix_time.c b/crypto/asn1/posix_time.cc
similarity index 99%
rename from crypto/asn1/posix_time.c
rename to crypto/asn1/posix_time.cc
index ff95cca..d4d3c5e 100644
--- a/crypto/asn1/posix_time.c
+++ b/crypto/asn1/posix_time.cc
@@ -154,7 +154,7 @@
}
int OPENSSL_posix_to_tm(int64_t time, struct tm *out_tm) {
- struct tm tmp_tm = {0};
+ struct tm tmp_tm = {};
if (!utc_from_posix_time(time, &tmp_tm.tm_year, &tmp_tm.tm_mon,
&tmp_tm.tm_mday, &tmp_tm.tm_hour, &tmp_tm.tm_min,
&tmp_tm.tm_sec)) {
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.cc
similarity index 98%
rename from crypto/asn1/tasn_dec.c
rename to crypto/asn1/tasn_dec.cc
index 94891c8..56bbf0d 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.cc
@@ -282,7 +282,8 @@
OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_TEMPLATE);
goto err;
}
- const ASN1_EXTERN_FUNCS *ef = it->funcs;
+ const ASN1_EXTERN_FUNCS *ef =
+ reinterpret_cast<const ASN1_EXTERN_FUNCS *>(it->funcs);
return ef->asn1_ex_d2i(pval, in, len, it, opt, NULL);
}
@@ -294,7 +295,7 @@
goto err;
}
- const ASN1_AUX *aux = it->funcs;
+ const ASN1_AUX *aux = reinterpret_cast<const ASN1_AUX *>(it->funcs);
ASN1_aux_cb *asn1_cb = aux != NULL ? aux->asn1_cb : NULL;
if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) {
goto auxerr;
@@ -379,7 +380,7 @@
goto err;
}
- const ASN1_AUX *aux = it->funcs;
+ const ASN1_AUX *aux = reinterpret_cast<const ASN1_AUX *>(it->funcs);
ASN1_aux_cb *asn1_cb = aux != NULL ? aux->asn1_cb : NULL;
if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) {
goto auxerr;
diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.cc
similarity index 97%
rename from crypto/asn1/tasn_enc.c
rename to crypto/asn1/tasn_enc.cc
index bffc3cc..ab6f580 100644
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.cc
@@ -90,7 +90,7 @@
if (len <= 0) {
return len;
}
- buf = OPENSSL_malloc(len);
+ buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(len));
if (!buf) {
return -1;
}
@@ -191,7 +191,8 @@
OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_TEMPLATE);
return -1;
}
- const ASN1_EXTERN_FUNCS *ef = it->funcs;
+ const ASN1_EXTERN_FUNCS *ef =
+ reinterpret_cast<const ASN1_EXTERN_FUNCS *>(it->funcs);
int ret = ef->asn1_ex_i2d(pval, out, it);
if (ret == 0) {
// |asn1_ex_i2d| should never return zero. We have already checked
@@ -424,7 +425,8 @@
} DER_ENC;
static int der_cmp(const void *a, const void *b) {
- const DER_ENC *d1 = a, *d2 = b;
+ const DER_ENC *d1 = reinterpret_cast<const DER_ENC *>(a),
+ *d2 = reinterpret_cast<const DER_ENC *>(b);
int cmplen, i;
cmplen = (d1->length < d2->length) ? d1->length : d2->length;
i = OPENSSL_memcmp(d1->data, d2->data, cmplen);
@@ -453,14 +455,15 @@
}
int ret = 0;
- unsigned char *const buf = OPENSSL_malloc(skcontlen);
- DER_ENC *encoded = OPENSSL_calloc(sk_ASN1_VALUE_num(sk), sizeof(*encoded));
+ uint8_t *const buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(skcontlen));
+ DER_ENC *encoded = reinterpret_cast<DER_ENC *>(
+ OPENSSL_calloc(sk_ASN1_VALUE_num(sk), sizeof(*encoded)));
+ uint8_t *p = buf;
if (encoded == NULL || buf == NULL) {
goto err;
}
// Encode all the elements into |buf| and populate |encoded|.
- unsigned char *p = buf;
for (size_t i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
ASN1_VALUE *skitem = sk_ASN1_VALUE_value(sk, i);
encoded[i].data = p;
diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.cc
similarity index 96%
rename from crypto/asn1/tasn_fre.c
rename to crypto/asn1/tasn_fre.cc
index add46f5..3cb3d80 100644
--- a/crypto/asn1/tasn_fre.c
+++ b/crypto/asn1/tasn_fre.cc
@@ -94,7 +94,7 @@
break;
case ASN1_ITYPE_CHOICE: {
- const ASN1_AUX *aux = it->funcs;
+ const ASN1_AUX *aux = reinterpret_cast<const ASN1_AUX *>(it->funcs);
ASN1_aux_cb *asn1_cb = aux != NULL ? aux->asn1_cb : NULL;
if (asn1_cb) {
i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL);
@@ -118,7 +118,7 @@
}
case ASN1_ITYPE_EXTERN:
- ef = it->funcs;
+ ef = reinterpret_cast<const ASN1_EXTERN_FUNCS *>(it->funcs);
if (ef && ef->asn1_ex_free) {
ef->asn1_ex_free(pval, it);
}
@@ -128,7 +128,7 @@
if (!asn1_refcount_dec_and_test_zero(pval, it)) {
return;
}
- const ASN1_AUX *aux = it->funcs;
+ const ASN1_AUX *aux = reinterpret_cast<const ASN1_AUX *>(it->funcs);
ASN1_aux_cb *asn1_cb = aux != NULL ? aux->asn1_cb : NULL;
if (asn1_cb) {
i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL);
diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.cc
similarity index 94%
rename from crypto/asn1/tasn_new.c
rename to crypto/asn1/tasn_new.cc
index 76c52c3..38b30a9 100644
--- a/crypto/asn1/tasn_new.c
+++ b/crypto/asn1/tasn_new.cc
@@ -91,7 +91,7 @@
switch (it->itype) {
case ASN1_ITYPE_EXTERN:
- ef = it->funcs;
+ ef = reinterpret_cast<const ASN1_EXTERN_FUNCS *>(it->funcs);
if (ef && ef->asn1_ex_new) {
if (!ef->asn1_ex_new(pval, it)) {
goto memerr;
@@ -116,7 +116,7 @@
break;
case ASN1_ITYPE_CHOICE: {
- const ASN1_AUX *aux = it->funcs;
+ const ASN1_AUX *aux = reinterpret_cast<const ASN1_AUX *>(it->funcs);
ASN1_aux_cb *asn1_cb = aux != NULL ? aux->asn1_cb : NULL;
if (asn1_cb) {
i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL);
@@ -127,7 +127,7 @@
return 1;
}
}
- *pval = OPENSSL_zalloc(it->size);
+ *pval = reinterpret_cast<ASN1_VALUE *>(OPENSSL_zalloc(it->size));
if (!*pval) {
goto memerr;
}
@@ -139,7 +139,7 @@
}
case ASN1_ITYPE_SEQUENCE: {
- const ASN1_AUX *aux = it->funcs;
+ const ASN1_AUX *aux = reinterpret_cast<const ASN1_AUX *>(it->funcs);
ASN1_aux_cb *asn1_cb = aux != NULL ? aux->asn1_cb : NULL;
if (asn1_cb) {
i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL);
@@ -150,7 +150,7 @@
return 1;
}
}
- *pval = OPENSSL_zalloc(it->size);
+ *pval = reinterpret_cast<ASN1_VALUE *>(OPENSSL_zalloc(it->size));
if (!*pval) {
goto memerr;
}
@@ -279,7 +279,8 @@
return 1;
case V_ASN1_ANY: {
- ASN1_TYPE *typ = OPENSSL_malloc(sizeof(ASN1_TYPE));
+ ASN1_TYPE *typ =
+ reinterpret_cast<ASN1_TYPE *>(OPENSSL_malloc(sizeof(ASN1_TYPE)));
if (!typ) {
return 0;
}
diff --git a/crypto/asn1/tasn_typ.c b/crypto/asn1/tasn_typ.cc
similarity index 100%
rename from crypto/asn1/tasn_typ.c
rename to crypto/asn1/tasn_typ.cc
diff --git a/crypto/asn1/tasn_utl.c b/crypto/asn1/tasn_utl.cc
similarity index 91%
rename from crypto/asn1/tasn_utl.c
rename to crypto/asn1/tasn_utl.cc
index 488c206..420f1db 100644
--- a/crypto/asn1/tasn_utl.c
+++ b/crypto/asn1/tasn_utl.cc
@@ -77,7 +77,7 @@
// Given an ASN1_ITEM CHOICE type return the selector value
int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it) {
- int *sel = offset2ptr(*pval, it->utype);
+ int *sel = reinterpret_cast<int *>(offset2ptr(*pval, it->utype));
return *sel;
}
@@ -85,7 +85,7 @@
int asn1_set_choice_selector(ASN1_VALUE **pval, int value,
const ASN1_ITEM *it) {
int *sel, ret;
- sel = offset2ptr(*pval, it->utype);
+ sel = reinterpret_cast<int *>(offset2ptr(*pval, it->utype));
ret = *sel;
*sel = value;
return ret;
@@ -96,11 +96,12 @@
if (it->itype != ASN1_ITYPE_SEQUENCE) {
return NULL;
}
- const ASN1_AUX *aux = it->funcs;
+ const ASN1_AUX *aux = reinterpret_cast<const ASN1_AUX *>(it->funcs);
if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT)) {
return NULL;
}
- return offset2ptr(*pval, aux->ref_offset);
+ return reinterpret_cast<CRYPTO_refcount_t *>(
+ offset2ptr(*pval, aux->ref_offset));
}
void asn1_refcount_set_one(ASN1_VALUE **pval, const ASN1_ITEM *it) {
@@ -124,11 +125,11 @@
if (!pval || !*pval) {
return NULL;
}
- aux = it->funcs;
+ aux = reinterpret_cast<const ASN1_AUX *>(it->funcs);
if (!aux || !(aux->flags & ASN1_AFLG_ENCODING)) {
return NULL;
}
- return offset2ptr(*pval, aux->enc_offset);
+ return reinterpret_cast<ASN1_ENCODING *>(offset2ptr(*pval, aux->enc_offset));
}
void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it) {
@@ -163,7 +164,7 @@
enc->buf = buf;
enc->enc = (uint8_t *)in;
} else {
- enc->enc = OPENSSL_memdup(in, in_len);
+ enc->enc = reinterpret_cast<uint8_t *>(OPENSSL_memdup(in, in_len));
if (!enc->enc) {
return 0;
}
@@ -202,7 +203,8 @@
// Given an ASN1_TEMPLATE get a pointer to a field
ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) {
- ASN1_VALUE **pvaltmp = offset2ptr(*pval, tt->offset);
+ ASN1_VALUE **pvaltmp =
+ reinterpret_cast<ASN1_VALUE **>(offset2ptr(*pval, tt->offset));
// NOTE for BOOLEAN types the field is just a plain int so we can't return
// int **, so settle for (int *).
return pvaltmp;
@@ -224,9 +226,10 @@
adb = ASN1_ADB_ptr(tt->item);
// Get the selector field
- sfld = offset2ptr(*pval, adb->offset);
+ sfld = reinterpret_cast<ASN1_VALUE **>(offset2ptr(*pval, adb->offset));
// Check if NULL
+ int selector;
if (*sfld == NULL) {
if (!adb->null_tt) {
goto err;
@@ -238,7 +241,7 @@
// NB: don't check for NID_undef here because it
// might be a legitimate value in the table
assert(tt->flags & ASN1_TFLG_ADB_OID);
- int selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld);
+ selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld);
// Try to find matching entry in table Maybe should check application types
// first to allow application override? Might also be useful to have a flag
diff --git a/crypto/base64/base64.c b/crypto/base64/base64.cc
similarity index 95%
rename from crypto/base64/base64.c
rename to crypto/base64/base64.cc
index 26ad974..6878321 100644
--- a/crypto/base64/base64.c
+++ b/crypto/base64/base64.cc
@@ -121,12 +121,11 @@
}
EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void) {
- return OPENSSL_zalloc(sizeof(EVP_ENCODE_CTX));
+ return reinterpret_cast<EVP_ENCODE_CTX *>(
+ OPENSSL_zalloc(sizeof(EVP_ENCODE_CTX)));
}
-void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx) {
- OPENSSL_free(ctx);
-}
+void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx) { OPENSSL_free(ctx); }
void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) {
OPENSSL_memset(ctx, 0, sizeof(EVP_ENCODE_CTX));
@@ -302,9 +301,9 @@
const uint32_t v = ((uint32_t)a) << 18 | ((uint32_t)b) << 12 |
((uint32_t)c) << 6 | (uint32_t)d;
- const unsigned padding_pattern = (in[0] == '=') << 3 |
- (in[1] == '=') << 2 |
- (in[2] == '=') << 1 |
+ const unsigned padding_pattern = (in[0] == '=') << 3 | //
+ (in[1] == '=') << 2 | //
+ (in[2] == '=') << 1 | //
(in[3] == '=');
// In presence of padding, the lowest bits of v are unused. Canonical encoding
@@ -412,8 +411,7 @@
}
size_t max_len;
- if (!EVP_DecodedLength(&max_len, in_len) ||
- max_out < max_len) {
+ if (!EVP_DecodedLength(&max_len, in_len) || max_out < max_len) {
return 0;
}
@@ -449,7 +447,7 @@
// Trim newlines, spaces and tabs from the end of the line.
while (src_len > 0) {
- switch (src[src_len-1]) {
+ switch (src[src_len - 1]) {
case ' ':
case '\t':
case '\r':
@@ -462,8 +460,7 @@
}
size_t dst_len;
- if (!EVP_DecodedLength(&dst_len, src_len) ||
- dst_len > INT_MAX ||
+ if (!EVP_DecodedLength(&dst_len, src_len) || dst_len > INT_MAX ||
!EVP_DecodeBase64(dst, &dst_len, dst_len, src, src_len)) {
return -1;
}
diff --git a/crypto/bio/bio.c b/crypto/bio/bio.cc
similarity index 89%
rename from crypto/bio/bio.c
rename to crypto/bio/bio.cc
index 1543b30..b1a91f7 100644
--- a/crypto/bio/bio.c
+++ b/crypto/bio/bio.cc
@@ -73,7 +73,7 @@
CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA;
BIO *BIO_new(const BIO_METHOD *method) {
- BIO *ret = OPENSSL_zalloc(sizeof(BIO));
+ BIO *ret = reinterpret_cast<BIO *>(OPENSSL_zalloc(sizeof(BIO)));
if (ret == NULL) {
return NULL;
}
@@ -116,13 +116,9 @@
return 1;
}
-void BIO_vfree(BIO *bio) {
- BIO_free(bio);
-}
+void BIO_vfree(BIO *bio) { BIO_free(bio); }
-void BIO_free_all(BIO *bio) {
- BIO_free(bio);
-}
+void BIO_free_all(BIO *bio) { BIO_free(bio); }
int BIO_read(BIO *bio, void *buf, int len) {
if (bio == NULL || bio->method == NULL || bio->method->bread == NULL) {
@@ -136,7 +132,7 @@
if (len <= 0) {
return 0;
}
- int ret = bio->method->bread(bio, buf, len);
+ int ret = bio->method->bread(bio, reinterpret_cast<char *>(buf), len);
if (ret > 0) {
bio->num_read += ret;
}
@@ -174,7 +170,7 @@
if (inl <= 0) {
return 0;
}
- int ret = bio->method->bwrite(bio, in, inl);
+ int ret = bio->method->bwrite(bio, reinterpret_cast<const char *>(in), inl);
if (ret > 0) {
bio->num_write += ret;
}
@@ -182,7 +178,7 @@
}
int BIO_write_all(BIO *bio, const void *data, size_t len) {
- const uint8_t *data_u8 = data;
+ const uint8_t *data_u8 = reinterpret_cast<const uint8_t *>(data);
while (len > 0) {
int ret = BIO_write(bio, data_u8, len > INT_MAX ? INT_MAX : (int)len);
if (ret <= 0) {
@@ -204,9 +200,7 @@
return BIO_write(bio, in, (int)len);
}
-int BIO_flush(BIO *bio) {
- return (int)BIO_ctrl(bio, BIO_CTRL_FLUSH, 0, NULL);
-}
+int BIO_flush(BIO *bio) { return (int)BIO_ctrl(bio, BIO_CTRL_FLUSH, 0, NULL); }
long BIO_ctrl(BIO *bio, int cmd, long larg, void *parg) {
if (bio == NULL) {
@@ -237,21 +231,13 @@
return BIO_ctrl(b, cmd, larg, (void *)&i);
}
-int BIO_reset(BIO *bio) {
- return (int)BIO_ctrl(bio, BIO_CTRL_RESET, 0, NULL);
-}
+int BIO_reset(BIO *bio) { return (int)BIO_ctrl(bio, BIO_CTRL_RESET, 0, NULL); }
-int BIO_eof(BIO *bio) {
- return (int)BIO_ctrl(bio, BIO_CTRL_EOF, 0, NULL);
-}
+int BIO_eof(BIO *bio) { return (int)BIO_ctrl(bio, BIO_CTRL_EOF, 0, NULL); }
-void BIO_set_flags(BIO *bio, int flags) {
- bio->flags |= flags;
-}
+void BIO_set_flags(BIO *bio, int flags) { bio->flags |= flags; }
-int BIO_test_flags(const BIO *bio, int flags) {
- return bio->flags & flags;
-}
+int BIO_test_flags(const BIO *bio, int flags) { return bio->flags & flags; }
int BIO_should_read(const BIO *bio) {
return BIO_test_flags(bio, BIO_FLAGS_READ);
@@ -273,9 +259,7 @@
void BIO_set_retry_reason(BIO *bio, int reason) { bio->retry_reason = reason; }
-void BIO_clear_flags(BIO *bio, int flags) {
- bio->flags &= ~flags;
-}
+void BIO_clear_flags(BIO *bio, int flags) { bio->flags &= ~flags; }
void BIO_set_retry_read(BIO *bio) {
bio->flags |= BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY;
@@ -287,9 +271,7 @@
static const int kRetryFlags = BIO_FLAGS_RWS | BIO_FLAGS_SHOULD_RETRY;
-int BIO_get_retry_flags(BIO *bio) {
- return bio->flags & kRetryFlags;
-}
+int BIO_get_retry_flags(BIO *bio) { return bio->flags & kRetryFlags; }
void BIO_clear_retry_flags(BIO *bio) {
bio->flags &= ~kRetryFlags;
@@ -318,7 +300,7 @@
}
size_t BIO_pending(const BIO *bio) {
- const long r = BIO_ctrl((BIO *) bio, BIO_CTRL_PENDING, 0, NULL);
+ const long r = BIO_ctrl((BIO *)bio, BIO_CTRL_PENDING, 0, NULL);
assert(r >= 0);
if (r < 0) {
@@ -327,12 +309,10 @@
return r;
}
-size_t BIO_ctrl_pending(const BIO *bio) {
- return BIO_pending(bio);
-}
+size_t BIO_ctrl_pending(const BIO *bio) { return BIO_pending(bio); }
size_t BIO_wpending(const BIO *bio) {
- const long r = BIO_ctrl((BIO *) bio, BIO_CTRL_WPENDING, 0, NULL);
+ const long r = BIO_ctrl((BIO *)bio, BIO_CTRL_WPENDING, 0, NULL);
assert(r >= 0);
if (r < 0) {
@@ -430,9 +410,7 @@
return BIO_write_all((BIO *)bio, str, len);
}
-void ERR_print_errors(BIO *bio) {
- ERR_print_errors_cb(print_bio, bio);
-}
+void ERR_print_errors(BIO *bio) { ERR_print_errors_cb(print_bio, bio); }
// bio_read_all reads everything from |bio| and prepends |prefix| to it. On
// success, |*out| is set to an allocated buffer (which should be freed with
@@ -454,7 +432,7 @@
if (len < prefix_len) {
return 0;
}
- *out = OPENSSL_malloc(len);
+ *out = reinterpret_cast<uint8_t *>(OPENSSL_malloc(len));
if (*out == NULL) {
return 0;
}
@@ -485,7 +463,8 @@
if (len < kChunkSize || len > max_len) {
len = max_len;
}
- uint8_t *new_buf = OPENSSL_realloc(*out, len);
+ uint8_t *new_buf =
+ reinterpret_cast<uint8_t *>(OPENSSL_realloc(*out, len));
if (new_buf == NULL) {
OPENSSL_free(*out);
return 0;
@@ -594,7 +573,7 @@
return 0;
}
- if ((len32 >> ((num_bytes-1)*8)) == 0) {
+ if ((len32 >> ((num_bytes - 1) * 8)) == 0) {
// Length should have been at least one byte shorter.
OPENSSL_PUT_ERROR(ASN1, ASN1_R_DECODE_ERROR);
return 0;
@@ -603,16 +582,14 @@
len = len32;
}
- if (len + header_len < len ||
- len + header_len > max_len ||
- len > INT_MAX) {
+ if (len + header_len < len || len + header_len > max_len || len > INT_MAX) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_TOO_LONG);
return 0;
}
len += header_len;
*out_len = len;
- *out = OPENSSL_malloc(len);
+ *out = reinterpret_cast<uint8_t *>(OPENSSL_malloc(len));
if (*out == NULL) {
return 0;
}
@@ -644,7 +621,8 @@
}
BIO_METHOD *BIO_meth_new(int type, const char *name) {
- BIO_METHOD *method = OPENSSL_zalloc(sizeof(BIO_METHOD));
+ BIO_METHOD *method =
+ reinterpret_cast<BIO_METHOD *>(OPENSSL_zalloc(sizeof(BIO_METHOD)));
if (method == NULL) {
return NULL;
}
@@ -653,18 +631,14 @@
return method;
}
-void BIO_meth_free(BIO_METHOD *method) {
- OPENSSL_free(method);
-}
+void BIO_meth_free(BIO_METHOD *method) { OPENSSL_free(method); }
-int BIO_meth_set_create(BIO_METHOD *method,
- int (*create_func)(BIO *)) {
+int BIO_meth_set_create(BIO_METHOD *method, int (*create_func)(BIO *)) {
method->create = create_func;
return 1;
}
-int BIO_meth_set_destroy(BIO_METHOD *method,
- int (*destroy_func)(BIO *)) {
+int BIO_meth_set_destroy(BIO_METHOD *method, int (*destroy_func)(BIO *)) {
method->destroy = destroy_func;
return 1;
}
@@ -710,10 +684,10 @@
return 1;
}
-int BIO_get_ex_new_index(long argl, void *argp,
- CRYPTO_EX_unused *unused,
- CRYPTO_EX_dup *dup_unused,
- CRYPTO_EX_free *free_func) {
+int BIO_get_ex_new_index(long argl, void *argp, //
+ CRYPTO_EX_unused *unused, //
+ CRYPTO_EX_dup *dup_unused, //
+ CRYPTO_EX_free *free_func) {
return CRYPTO_get_ex_new_index_ex(&g_ex_data_class, argl, argp, free_func);
}
diff --git a/crypto/bio/bio_mem.c b/crypto/bio/bio_mem.cc
similarity index 94%
rename from crypto/bio/bio_mem.c
rename to crypto/bio/bio_mem.cc
index 5d7534c..7d9c4b7 100644
--- a/crypto/bio/bio_mem.c
+++ b/crypto/bio/bio_mem.cc
@@ -83,7 +83,7 @@
b = (BUF_MEM *)ret->ptr;
// BIO_FLAGS_MEM_RDONLY ensures |b->data| is not written to.
- b->data = (void *)buf;
+ b->data = reinterpret_cast<char *>(const_cast<void *>(buf));
b->length = size;
b->max = size;
@@ -135,7 +135,7 @@
return 0;
}
- BUF_MEM *b = bio->ptr;
+ BUF_MEM *b = reinterpret_cast<BUF_MEM *>(bio->ptr);
int ret = outl;
if ((size_t)ret > b->length) {
ret = (int)b->length;
@@ -169,7 +169,7 @@
return -1;
}
- BUF_MEM *b = bio->ptr;
+ BUF_MEM *b = reinterpret_cast<BUF_MEM *>(bio->ptr);
if (!BUF_MEM_append(b, in, inl)) {
return -1;
}
@@ -185,14 +185,15 @@
// The buffer size includes space for the trailing NUL, so we can read at most
// one fewer byte.
- BUF_MEM *b = bio->ptr;
+ BUF_MEM *b = reinterpret_cast<BUF_MEM *>(bio->ptr);
int ret = size - 1;
if ((size_t)ret > b->length) {
ret = (int)b->length;
}
// Stop at the first newline.
- const char *newline = OPENSSL_memchr(b->data, '\n', ret);
+ const char *newline =
+ reinterpret_cast<char *>(OPENSSL_memchr(b->data, '\n', ret));
if (newline != NULL) {
ret = (int)(newline - b->data + 1);
}
@@ -231,7 +232,7 @@
case BIO_CTRL_INFO:
ret = (long)b->length;
if (ptr != NULL) {
- char **pptr = ptr;
+ char **pptr = reinterpret_cast<char **>(ptr);
*pptr = b->data;
}
break;
@@ -242,7 +243,7 @@
break;
case BIO_C_GET_BUF_MEM_PTR:
if (ptr != NULL) {
- BUF_MEM **pptr = ptr;
+ BUF_MEM **pptr = reinterpret_cast<BUF_MEM **>(ptr);
*pptr = b;
}
break;
diff --git a/crypto/bio/connect.c b/crypto/bio/connect.cc
similarity index 93%
rename from crypto/bio/connect.c
rename to crypto/bio/connect.cc
index 50d8983..7efd4ff 100644
--- a/crypto/bio/connect.c
+++ b/crypto/bio/connect.cc
@@ -63,9 +63,9 @@
#include <string.h>
#if !defined(OPENSSL_WINDOWS)
-#include <sys/socket.h>
-#include <netinet/in.h>
#include <arpa/inet.h>
+#include <netinet/in.h>
+#include <sys/socket.h>
#include <unistd.h>
#else
OPENSSL_MSVC_PRAGMA(warning(push, 3))
@@ -77,8 +77,8 @@
#include <openssl/err.h>
#include <openssl/mem.h>
-#include "internal.h"
#include "../internal.h"
+#include "internal.h"
enum {
@@ -109,9 +109,7 @@
} BIO_CONNECT;
#if !defined(OPENSSL_WINDOWS)
-static int closesocket(int sock) {
- return close(sock);
-}
+static int closesocket(int sock) { return close(sock); }
#endif
// split_host_and_port sets |*out_host| and |*out_port| to the host and port
@@ -231,7 +229,7 @@
}
BIO_clear_retry_flags(bio);
- ret = connect(bio->num, (struct sockaddr*) &c->them, c->them_length);
+ ret = connect(bio->num, (struct sockaddr *)&c->them, c->them_length);
if (ret < 0) {
if (bio_socket_should_retry(ret)) {
BIO_set_flags(bio, (BIO_FLAGS_IO_SPECIAL | BIO_FLAGS_SHOULD_RETRY));
@@ -261,7 +259,8 @@
BIO_clear_retry_flags(bio);
OPENSSL_PUT_SYSTEM_ERROR();
OPENSSL_PUT_ERROR(BIO, BIO_R_NBIO_CONNECT_ERROR);
- ERR_add_error_data(4, "host=", c->param_hostname, ":", c->param_port);
+ ERR_add_error_data(4, "host=", c->param_hostname, ":",
+ c->param_port);
ret = 0;
}
goto exit_loop;
@@ -296,7 +295,8 @@
}
static BIO_CONNECT *BIO_CONNECT_new(void) {
- BIO_CONNECT *ret = OPENSSL_zalloc(sizeof(BIO_CONNECT));
+ BIO_CONNECT *ret =
+ reinterpret_cast<BIO_CONNECT *>(OPENSSL_zalloc(sizeof(BIO_CONNECT)));
if (ret == NULL) {
return NULL;
}
@@ -323,7 +323,7 @@
}
static void conn_close_socket(BIO *bio) {
- BIO_CONNECT *c = (BIO_CONNECT *) bio->ptr;
+ BIO_CONNECT *c = (BIO_CONNECT *)bio->ptr;
if (bio->num == -1) {
return;
@@ -342,7 +342,7 @@
conn_close_socket(bio);
}
- BIO_CONNECT_free((BIO_CONNECT*) bio->ptr);
+ BIO_CONNECT_free((BIO_CONNECT *)bio->ptr);
return 1;
}
@@ -422,13 +422,15 @@
bio->init = 1;
if (num == 0) {
OPENSSL_free(data->param_hostname);
- data->param_hostname = OPENSSL_strdup(ptr);
+ data->param_hostname =
+ OPENSSL_strdup(reinterpret_cast<const char *>(ptr));
if (data->param_hostname == NULL) {
ret = 0;
}
} else if (num == 1) {
OPENSSL_free(data->param_port);
- data->param_port = OPENSSL_strdup(ptr);
+ data->param_port =
+ OPENSSL_strdup(reinterpret_cast<const char *>(ptr));
if (data->param_port == NULL) {
ret = 0;
}
@@ -464,7 +466,8 @@
case BIO_CTRL_FLUSH:
break;
case BIO_CTRL_GET_CALLBACK: {
- int (**fptr)(const BIO *bio, int state, int xret) = ptr;
+ int (**fptr)(const BIO *bio, int state, int xret);
+ fptr = reinterpret_cast<decltype(fptr)>(ptr);
*fptr = data->info_callback;
} break;
default:
@@ -488,7 +491,8 @@
OPENSSL_MSVC_PRAGMA(warning(push))
OPENSSL_MSVC_PRAGMA(warning(disable : 4191))
OPENSSL_CLANG_PRAGMA("clang diagnostic push")
- OPENSSL_CLANG_PRAGMA("clang diagnostic ignored \"-Wunknown-warning-option\"")
+ OPENSSL_CLANG_PRAGMA(
+ "clang diagnostic ignored \"-Wunknown-warning-option\"")
OPENSSL_CLANG_PRAGMA("clang diagnostic ignored \"-Wcast-function-type\"")
data->info_callback = (int (*)(const struct bio_st *, int, int))fp;
OPENSSL_CLANG_PRAGMA("clang diagnostic pop")
@@ -524,11 +528,11 @@
const BIO_METHOD *BIO_s_connect(void) { return &methods_connectp; }
int BIO_set_conn_hostname(BIO *bio, const char *name) {
- return (int)BIO_ctrl(bio, BIO_C_SET_CONNECT, 0, (void*) name);
+ return (int)BIO_ctrl(bio, BIO_C_SET_CONNECT, 0, (void *)name);
}
int BIO_set_conn_port(BIO *bio, const char *port_str) {
- return (int)BIO_ctrl(bio, BIO_C_SET_CONNECT, 1, (void*) port_str);
+ return (int)BIO_ctrl(bio, BIO_C_SET_CONNECT, 1, (void *)port_str);
}
int BIO_set_conn_int_port(BIO *bio, const int *port) {
diff --git a/crypto/bio/errno.c b/crypto/bio/errno.cc
similarity index 100%
rename from crypto/bio/errno.c
rename to crypto/bio/errno.cc
diff --git a/crypto/bio/fd.c b/crypto/bio/fd.cc
similarity index 100%
rename from crypto/bio/fd.c
rename to crypto/bio/fd.cc
diff --git a/crypto/bio/file.c b/crypto/bio/file.cc
similarity index 97%
rename from crypto/bio/file.c
rename to crypto/bio/file.cc
index e68a898..81d2f43 100644
--- a/crypto/bio/file.c
+++ b/crypto/bio/file.cc
@@ -143,7 +143,7 @@
}
if (bio->init && bio->ptr != NULL) {
- fclose(bio->ptr);
+ fclose(reinterpret_cast<FILE *>(bio->ptr));
bio->ptr = NULL;
}
bio->init = 0;
@@ -208,7 +208,7 @@
// tested under POSIX will inadvertently change the state of |FILE|
// objects when wrapping them in a |BIO|.
if (num & BIO_FP_TEXT) {
- _setmode(_fileno(ptr), _O_TEXT);
+ _setmode(_fileno(reinterpret_cast<FILE *>(ptr)), _O_TEXT);
}
#endif
b->shutdown = (int)num & BIO_CLOSE;
@@ -236,7 +236,7 @@
ret = 0;
break;
}
- fp = fopen_if_available(ptr, mode);
+ fp = fopen_if_available(reinterpret_cast<const char *>(ptr), mode);
if (fp == NULL) {
OPENSSL_PUT_SYSTEM_ERROR();
ERR_add_error_data(5, "fopen('", ptr, "','", mode, "')");
diff --git a/crypto/bio/hexdump.c b/crypto/bio/hexdump.cc
similarity index 100%
rename from crypto/bio/hexdump.c
rename to crypto/bio/hexdump.cc
diff --git a/crypto/bio/pair.c b/crypto/bio/pair.cc
similarity index 90%
rename from crypto/bio/pair.c
rename to crypto/bio/pair.cc
index 988b4ce..02a8ae6 100644
--- a/crypto/bio/pair.c
+++ b/crypto/bio/pair.cc
@@ -81,7 +81,8 @@
};
static int bio_new(BIO *bio) {
- struct bio_bio_st *b = OPENSSL_zalloc(sizeof *b);
+ struct bio_bio_st *b =
+ reinterpret_cast<bio_bio_st *>(OPENSSL_zalloc(sizeof *b));
if (b == NULL) {
return 0;
}
@@ -92,7 +93,7 @@
}
static void bio_destroy_pair(BIO *bio) {
- struct bio_bio_st *b = bio->ptr;
+ struct bio_bio_st *b = reinterpret_cast<bio_bio_st *>(bio->ptr);
BIO *peer_bio;
struct bio_bio_st *peer_b;
@@ -105,7 +106,7 @@
return;
}
- peer_b = peer_bio->ptr;
+ peer_b = reinterpret_cast<bio_bio_st *>(peer_bio->ptr);
assert(peer_b != NULL);
assert(peer_b->peer == bio);
@@ -124,7 +125,7 @@
}
static int bio_free(BIO *bio) {
- struct bio_bio_st *b = bio->ptr;
+ struct bio_bio_st *b = reinterpret_cast<bio_bio_st *>(bio->ptr);
assert(b != NULL);
@@ -149,10 +150,10 @@
return 0;
}
- b = bio->ptr;
+ b = reinterpret_cast<bio_bio_st *>(bio->ptr);
assert(b != NULL);
assert(b->peer != NULL);
- peer_b = b->peer->ptr;
+ peer_b = reinterpret_cast<bio_bio_st *>(b->peer->ptr);
assert(peer_b != NULL);
assert(peer_b->buf != NULL);
@@ -233,7 +234,7 @@
return 0;
}
- b = bio->ptr;
+ b = reinterpret_cast<bio_bio_st *>(bio->ptr);
assert(b != NULL);
assert(b->peer != NULL);
assert(b->buf != NULL);
@@ -302,8 +303,8 @@
assert(bio1 != NULL);
assert(bio2 != NULL);
- b1 = bio1->ptr;
- b2 = bio2->ptr;
+ b1 = reinterpret_cast<bio_bio_st *>(bio1->ptr);
+ b2 = reinterpret_cast<bio_bio_st *>(bio2->ptr);
if (b1->peer != NULL || b2->peer != NULL) {
OPENSSL_PUT_ERROR(BIO, BIO_R_IN_USE);
@@ -314,7 +315,7 @@
if (writebuf1_len) {
b1->size = writebuf1_len;
}
- b1->buf = OPENSSL_malloc(b1->size);
+ b1->buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(b1->size));
if (b1->buf == NULL) {
return 0;
}
@@ -326,7 +327,7 @@
if (writebuf2_len) {
b2->size = writebuf2_len;
}
- b2->buf = OPENSSL_malloc(b2->size);
+ b2->buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(b2->size));
if (b2->buf == NULL) {
return 0;
}
@@ -349,13 +350,12 @@
static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) {
long ret;
- struct bio_bio_st *b = bio->ptr;
+ struct bio_bio_st *b = reinterpret_cast<bio_bio_st *>(bio->ptr);
assert(b != NULL);
switch (cmd) {
- // specific CTRL codes
-
+ // Specific control codes first:
case BIO_C_GET_WRITE_BUF_SIZE:
ret = (long)b->size;
break;
@@ -392,8 +392,8 @@
ret = 1;
break;
- // standard CTRL codes follow
+ // Standard control codes:
case BIO_CTRL_GET_CLOSE:
ret = bio->shutdown;
break;
@@ -405,7 +405,8 @@
case BIO_CTRL_PENDING:
if (b->peer != NULL) {
- struct bio_bio_st *peer_b = b->peer->ptr;
+ struct bio_bio_st *peer_b =
+ reinterpret_cast<bio_bio_st *>(b->peer->ptr);
ret = (long)peer_b->len;
} else {
ret = 0;
@@ -424,10 +425,11 @@
break;
case BIO_CTRL_EOF: {
- BIO *other_bio = ptr;
+ BIO *other_bio = reinterpret_cast<BIO *>(ptr);
if (other_bio) {
- struct bio_bio_st *other_b = other_bio->ptr;
+ struct bio_bio_st *other_b =
+ reinterpret_cast<bio_bio_st *>(other_bio->ptr);
assert(other_b != NULL);
ret = other_b->len == 0 && other_b->closed;
} else {
@@ -449,8 +451,8 @@
static const BIO_METHOD *bio_s_bio(void) { return &methods_biop; }
-int BIO_new_bio_pair(BIO** bio1_p, size_t writebuf1_len,
- BIO** bio2_p, size_t writebuf2_len) {
+int BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1_len, BIO **bio2_p,
+ size_t writebuf2_len) {
BIO *bio1 = BIO_new(bio_s_bio());
BIO *bio2 = BIO_new(bio_s_bio());
if (bio1 == NULL || bio2 == NULL ||
diff --git a/crypto/bio/printf.c b/crypto/bio/printf.cc
similarity index 96%
rename from crypto/bio/printf.c
rename to crypto/bio/printf.cc
index 102256b..37f4510 100644
--- a/crypto/bio/printf.c
+++ b/crypto/bio/printf.cc
@@ -75,12 +75,12 @@
return -1;
}
- if ((size_t) out_len >= sizeof(buf)) {
+ if ((size_t)out_len >= sizeof(buf)) {
const int requested_len = out_len;
// The output was truncated. Note that vsnprintf's return value
// does not include a trailing NUL, but the buffer must be sized
// for it.
- out = OPENSSL_malloc(requested_len + 1);
+ out = reinterpret_cast<char *>(OPENSSL_malloc(requested_len + 1));
out_malloced = 1;
if (out == NULL) {
return -1;
diff --git a/crypto/bio/socket.c b/crypto/bio/socket.cc
similarity index 100%
rename from crypto/bio/socket.c
rename to crypto/bio/socket.cc
diff --git a/crypto/bio/socket_helper.c b/crypto/bio/socket_helper.cc
similarity index 100%
rename from crypto/bio/socket_helper.c
rename to crypto/bio/socket_helper.cc
diff --git a/crypto/blake2/blake2.c b/crypto/blake2/blake2.cc
similarity index 98%
rename from crypto/blake2/blake2.c
rename to crypto/blake2/blake2.cc
index 14bbe5b..d129dbd 100644
--- a/crypto/blake2/blake2.c
+++ b/crypto/blake2/blake2.cc
@@ -121,7 +121,7 @@
return;
}
- const uint8_t *data = in_data;
+ const uint8_t *data = reinterpret_cast<const uint8_t *>(in_data);
size_t todo = sizeof(b2b->block) - b2b->block_used;
if (todo > len) {
todo = len;
diff --git a/crypto/bn_extra/bn_asn1.c b/crypto/bn_extra/bn_asn1.cc
similarity index 100%
rename from crypto/bn_extra/bn_asn1.c
rename to crypto/bn_extra/bn_asn1.cc
diff --git a/crypto/bn_extra/convert.c b/crypto/bn_extra/convert.cc
similarity index 92%
rename from crypto/bn_extra/convert.c
rename to crypto/bn_extra/convert.cc
index c9161fa..e540523 100644
--- a/crypto/bn_extra/convert.c
+++ b/crypto/bn_extra/convert.cc
@@ -78,8 +78,9 @@
char *BN_bn2hex(const BIGNUM *bn) {
int width = bn_minimal_width(bn);
- char *buf = OPENSSL_malloc(1 /* leading '-' */ + 1 /* zero is non-empty */ +
- width * BN_BYTES * 2 + 1 /* trailing NUL */);
+ char *buf = reinterpret_cast<char *>(
+ OPENSSL_malloc(1 /* leading '-' */ + 1 /* zero is non-empty */ +
+ width * BN_BYTES * 2 + 1 /* trailing NUL */));
if (buf == NULL) {
return NULL;
}
@@ -112,7 +113,7 @@
// decode_hex decodes |in_len| bytes of hex data from |in| and updates |bn|.
static int decode_hex(BIGNUM *bn, const char *in, int in_len) {
- if (in_len > INT_MAX/4) {
+ if (in_len > INT_MAX / 4) {
OPENSSL_PUT_ERROR(BN, BN_R_BIGNUM_TOO_LONG);
return 0;
}
@@ -163,8 +164,7 @@
l *= 10;
l += in[i] - '0';
if (++j == BN_DEC_NUM) {
- if (!BN_mul_word(bn, BN_DEC_CONV) ||
- !BN_add_word(bn, l)) {
+ if (!BN_mul_word(bn, BN_DEC_CONV) || !BN_add_word(bn, l)) {
return 0;
}
l = 0;
@@ -174,10 +174,11 @@
return 1;
}
-typedef int (*decode_func) (BIGNUM *bn, const char *in, int in_len);
-typedef int (*char_test_func) (int c);
+typedef int (*decode_func)(BIGNUM *bn, const char *in, int in_len);
+typedef int (*char_test_func)(int c);
-static int bn_x2bn(BIGNUM **outp, const char *in, decode_func decode, char_test_func want_char) {
+static int bn_x2bn(BIGNUM **outp, const char *in, decode_func decode,
+ char_test_func want_char) {
BIGNUM *ret = NULL;
int neg = 0, i;
int num;
@@ -191,7 +192,8 @@
in++;
}
- for (i = 0; want_char((unsigned char)in[i]) && i + neg < INT_MAX; i++) {}
+ for (i = 0; want_char((unsigned char)in[i]) && i + neg < INT_MAX; i++) {
+ }
num = i + neg;
if (outp == NULL) {
@@ -238,7 +240,7 @@
// and fix at the end.
BIGNUM *copy = NULL;
CBB cbb;
- if (!CBB_init(&cbb, 16) ||
+ if (!CBB_init(&cbb, 16) || //
!CBB_add_u8(&cbb, 0 /* trailing NUL */)) {
goto err;
}
@@ -270,7 +272,7 @@
}
}
- if (BN_is_negative(a) &&
+ if (BN_is_negative(a) && //
!CBB_add_u8(&cbb, '-')) {
goto err;
}
@@ -282,7 +284,7 @@
}
// Reverse the buffer.
- for (size_t i = 0; i < len/2; i++) {
+ for (size_t i = 0; i < len / 2; i++) {
uint8_t tmp = data[i];
data[i] = data[len - 1 - i];
data[len - 1 - i] = tmp;
@@ -308,7 +310,7 @@
}
if (in[0] == '0' && (in[1] == 'X' || in[1] == 'x')) {
- if (!BN_hex2bn(outp, in+2)) {
+ if (!BN_hex2bn(outp, in + 2)) {
return 0;
}
} else {
@@ -377,9 +379,7 @@
}
const size_t len = bytes + extend;
- if (len < bytes ||
- 4 + len < len ||
- (len & 0xffffffff) != len) {
+ if (len < bytes || 4 + len < len || (len & 0xffffffff) != len) {
// If we cannot represent the number then we emit zero as the interface
// doesn't allow an error to be signalled.
if (out) {
@@ -411,9 +411,9 @@
OPENSSL_PUT_ERROR(BN, BN_R_BAD_ENCODING);
return NULL;
}
- const size_t in_len = ((size_t)in[0] << 24) |
- ((size_t)in[1] << 16) |
- ((size_t)in[2] << 8) |
+ const size_t in_len = ((size_t)in[0] << 24) | //
+ ((size_t)in[1] << 16) | //
+ ((size_t)in[2] << 8) | //
((size_t)in[3]);
if (in_len != len - 4) {
OPENSSL_PUT_ERROR(BN, BN_R_BAD_ENCODING);
@@ -449,7 +449,7 @@
}
int BN_bn2binpad(const BIGNUM *in, uint8_t *out, int len) {
- if (len < 0 ||
+ if (len < 0 || //
!BN_bn2bin_padded(out, (size_t)len, in)) {
return -1;
}
@@ -457,7 +457,7 @@
}
int BN_bn2lebinpad(const BIGNUM *in, uint8_t *out, int len) {
- if (len < 0 ||
+ if (len < 0 || //
!BN_bn2le_padded(out, (size_t)len, in)) {
return -1;
}
diff --git a/crypto/buf/buf.c b/crypto/buf/buf.cc
similarity index 96%
rename from crypto/buf/buf.c
rename to crypto/buf/buf.cc
index 1fe8fe6..c63ada6 100644
--- a/crypto/buf/buf.c
+++ b/crypto/buf/buf.cc
@@ -58,13 +58,15 @@
#include <string.h>
-#include <openssl/mem.h>
#include <openssl/err.h>
+#include <openssl/mem.h>
#include "../internal.h"
-BUF_MEM *BUF_MEM_new(void) { return OPENSSL_zalloc(sizeof(BUF_MEM)); }
+BUF_MEM *BUF_MEM_new(void) {
+ return reinterpret_cast<BUF_MEM *>(OPENSSL_zalloc(sizeof(BUF_MEM)));
+}
void BUF_MEM_free(BUF_MEM *buf) {
if (buf == NULL) {
@@ -92,7 +94,8 @@
return 0;
}
- char *new_buf = OPENSSL_realloc(buf->data, alloc_size);
+ char *new_buf =
+ reinterpret_cast<char *>(OPENSSL_realloc(buf->data, alloc_size));
if (new_buf == NULL) {
return 0;
}
diff --git a/crypto/bytestring/asn1_compat.c b/crypto/bytestring/asn1_compat.cc
similarity index 100%
rename from crypto/bytestring/asn1_compat.c
rename to crypto/bytestring/asn1_compat.cc
diff --git a/crypto/bytestring/ber.c b/crypto/bytestring/ber.cc
similarity index 100%
rename from crypto/bytestring/ber.c
rename to crypto/bytestring/ber.cc
diff --git a/crypto/bytestring/cbb.c b/crypto/bytestring/cbb.cc
similarity index 90%
rename from crypto/bytestring/cbb.c
rename to crypto/bytestring/cbb.cc
index d126acf..17baf64 100644
--- a/crypto/bytestring/cbb.c
+++ b/crypto/bytestring/cbb.cc
@@ -18,15 +18,13 @@
#include <limits.h>
#include <string.h>
-#include <openssl/mem.h>
#include <openssl/err.h>
+#include <openssl/mem.h>
#include "../internal.h"
-void CBB_zero(CBB *cbb) {
- OPENSSL_memset(cbb, 0, sizeof(CBB));
-}
+void CBB_zero(CBB *cbb) { OPENSSL_memset(cbb, 0, sizeof(CBB)); }
static void cbb_init(CBB *cbb, uint8_t *buf, size_t cap, int can_resize) {
cbb->is_child = 0;
@@ -41,7 +39,7 @@
int CBB_init(CBB *cbb, size_t initial_capacity) {
CBB_zero(cbb);
- uint8_t *buf = OPENSSL_malloc(initial_capacity);
+ uint8_t *buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(initial_capacity));
if (initial_capacity > 0 && buf == NULL) {
return 0;
}
@@ -92,7 +90,8 @@
if (newcap < base->cap || newcap < newlen) {
newcap = newlen;
}
- uint8_t *newbuf = OPENSSL_realloc(base->buf, newcap);
+ uint8_t *newbuf =
+ reinterpret_cast<uint8_t *>(OPENSSL_realloc(base->buf, newcap));
if (newbuf == NULL) {
goto err;
}
@@ -200,13 +199,13 @@
assert(child->base == base);
size_t child_start = child->offset + child->pending_len_len;
- if (!CBB_flush(cbb->child) ||
- child_start < child->offset ||
+ size_t len;
+ if (!CBB_flush(cbb->child) || child_start < child->offset ||
base->len < child_start) {
goto err;
}
- size_t len = base->len - child_start;
+ len = base->len - child_start;
if (child->pending_is_asn1) {
// For ASN.1 we assume that we'll only need a single byte for the length.
@@ -215,7 +214,7 @@
uint8_t len_len;
uint8_t initial_length_byte;
- assert (child->pending_len_len == 1);
+ assert(child->pending_len_len == 1);
if (len > 0xfffffffe) {
OPENSSL_PUT_ERROR(CRYPTO, ERR_R_OVERFLOW);
@@ -403,8 +402,7 @@
}
int CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len) {
- if (!CBB_flush(cbb) ||
- !cbb_buffer_add(cbb_get_base(cbb), out_data, len)) {
+ if (!CBB_flush(cbb) || !cbb_buffer_add(cbb_get_base(cbb), out_data, len)) {
return 0;
}
return 1;
@@ -421,9 +419,7 @@
int CBB_did_write(CBB *cbb, size_t len) {
struct cbb_buffer_st *base = cbb_get_base(cbb);
size_t newlen = base->len + len;
- if (cbb->child != NULL ||
- newlen < base->len ||
- newlen > base->cap) {
+ if (cbb->child != NULL || newlen < base->len || newlen > base->cap) {
return 0;
}
base->len = newlen;
@@ -450,33 +446,23 @@
return 1;
}
-int CBB_add_u8(CBB *cbb, uint8_t value) {
- return cbb_add_u(cbb, value, 1);
-}
+int CBB_add_u8(CBB *cbb, uint8_t value) { return cbb_add_u(cbb, value, 1); }
-int CBB_add_u16(CBB *cbb, uint16_t value) {
- return cbb_add_u(cbb, value, 2);
-}
+int CBB_add_u16(CBB *cbb, uint16_t value) { return cbb_add_u(cbb, value, 2); }
int CBB_add_u16le(CBB *cbb, uint16_t value) {
return CBB_add_u16(cbb, CRYPTO_bswap2(value));
}
-int CBB_add_u24(CBB *cbb, uint32_t value) {
- return cbb_add_u(cbb, value, 3);
-}
+int CBB_add_u24(CBB *cbb, uint32_t value) { return cbb_add_u(cbb, value, 3); }
-int CBB_add_u32(CBB *cbb, uint32_t value) {
- return cbb_add_u(cbb, value, 4);
-}
+int CBB_add_u32(CBB *cbb, uint32_t value) { return cbb_add_u(cbb, value, 4); }
int CBB_add_u32le(CBB *cbb, uint32_t value) {
return CBB_add_u32(cbb, CRYPTO_bswap4(value));
}
-int CBB_add_u64(CBB *cbb, uint64_t value) {
- return cbb_add_u(cbb, value, 8);
-}
+int CBB_add_u64(CBB *cbb, uint64_t value) { return cbb_add_u(cbb, value, 8); }
int CBB_add_u64le(CBB *cbb, uint64_t value) {
return CBB_add_u64(cbb, CRYPTO_bswap8(value));
@@ -501,13 +487,13 @@
int CBB_add_asn1_uint64_with_tag(CBB *cbb, uint64_t value, CBS_ASN1_TAG tag) {
CBB child;
+ int started = 0;
if (!CBB_add_asn1(cbb, &child, tag)) {
goto err;
}
- int started = 0;
for (size_t i = 0; i < 8; i++) {
- uint8_t byte = (value >> 8*(7-i)) & 0xff;
+ uint8_t byte = (value >> 8 * (7 - i)) & 0xff;
if (!started) {
if (byte == 0) {
// Don't encode leading zeros.
@@ -573,8 +559,7 @@
int CBB_add_asn1_octet_string(CBB *cbb, const uint8_t *data, size_t data_len) {
CBB child;
if (!CBB_add_asn1(cbb, &child, CBS_ASN1_OCTETSTRING) ||
- !CBB_add_bytes(&child, data, data_len) ||
- !CBB_flush(cbb)) {
+ !CBB_add_bytes(&child, data, data_len) || !CBB_flush(cbb)) {
cbb_on_error(cbb);
return 0;
}
@@ -585,8 +570,7 @@
int CBB_add_asn1_bool(CBB *cbb, int value) {
CBB child;
if (!CBB_add_asn1(cbb, &child, CBS_ASN1_BOOLEAN) ||
- !CBB_add_u8(&child, value != 0 ? 0xff : 0) ||
- !CBB_flush(cbb)) {
+ !CBB_add_u8(&child, value != 0 ? 0xff : 0) || !CBB_flush(cbb)) {
cbb_on_error(cbb);
return 0;
}
@@ -620,24 +604,20 @@
// OIDs must have at least two components.
uint64_t a, b;
- if (!parse_dotted_decimal(&cbs, &a) ||
- !parse_dotted_decimal(&cbs, &b)) {
+ if (!parse_dotted_decimal(&cbs, &a) || !parse_dotted_decimal(&cbs, &b)) {
return 0;
}
// The first component is encoded as 40 * |a| + |b|. This assumes that |a| is
// 0, 1, or 2 and that, when it is 0 or 1, |b| is at most 39.
- if (a > 2 ||
- (a < 2 && b > 39) ||
- b > UINT64_MAX - 80 ||
+ if (a > 2 || (a < 2 && b > 39) || b > UINT64_MAX - 80 ||
!add_base128_integer(cbb, 40u * a + b)) {
return 0;
}
// The remaining components are encoded unmodified.
while (CBS_len(&cbs) > 0) {
- if (!parse_dotted_decimal(&cbs, &a) ||
- !add_base128_integer(cbb, a)) {
+ if (!parse_dotted_decimal(&cbs, &a) || !add_base128_integer(cbb, a)) {
return 0;
}
}
@@ -648,7 +628,8 @@
static int compare_set_of_element(const void *a_ptr, const void *b_ptr) {
// See X.690, section 11.6 for the ordering. They are sorted in ascending
// order by their DER encoding.
- const CBS *a = a_ptr, *b = b_ptr;
+ const CBS *a = reinterpret_cast<const CBS *>(a_ptr),
+ *b = reinterpret_cast<const CBS *>(b_ptr);
size_t a_len = CBS_len(a), b_len = CBS_len(b);
size_t min_len = a_len < b_len ? a_len : b_len;
int ret = OPENSSL_memcmp(CBS_data(a), CBS_data(b), min_len);
@@ -687,8 +668,12 @@
// remain valid as we rewrite |cbb|.
int ret = 0;
size_t buf_len = CBB_len(cbb);
- uint8_t *buf = OPENSSL_memdup(CBB_data(cbb), buf_len);
- CBS *children = OPENSSL_calloc(num_children, sizeof(CBS));
+ uint8_t *buf =
+ reinterpret_cast<uint8_t *>(OPENSSL_memdup(CBB_data(cbb), buf_len));
+ CBS *children =
+ reinterpret_cast<CBS *>(OPENSSL_calloc(num_children, sizeof(CBS)));
+ uint8_t *out;
+ size_t offset = 0;
if (buf == NULL || children == NULL) {
goto err;
}
@@ -701,8 +686,7 @@
qsort(children, num_children, sizeof(CBS), compare_set_of_element);
// Write the contents back in the new order.
- uint8_t *out = (uint8_t *)CBB_data(cbb);
- size_t offset = 0;
+ out = (uint8_t *)CBB_data(cbb);
for (size_t i = 0; i < num_children; i++) {
OPENSSL_memcpy(out + offset, CBS_data(&children[i]), CBS_len(&children[i]));
offset += CBS_len(&children[i]);
diff --git a/crypto/bytestring/cbs.c b/crypto/bytestring/cbs.cc
similarity index 94%
rename from crypto/bytestring/cbs.c
rename to crypto/bytestring/cbs.cc
index c5f0464..cc5752f 100644
--- a/crypto/bytestring/cbs.c
+++ b/crypto/bytestring/cbs.cc
@@ -50,7 +50,7 @@
if (cbs->len == 0) {
return 1;
}
- *out_ptr = OPENSSL_memdup(cbs->data, cbs->len);
+ *out_ptr = reinterpret_cast<uint8_t *>(OPENSSL_memdup(cbs->data, cbs->len));
if (*out_ptr == NULL) {
return 0;
}
@@ -62,7 +62,7 @@
if (*out_ptr != NULL) {
OPENSSL_free(*out_ptr);
}
- *out_ptr = OPENSSL_strndup((const char*)cbs->data, cbs->len);
+ *out_ptr = OPENSSL_strndup((const char *)cbs->data, cbs->len);
return (*out_ptr != NULL);
}
@@ -144,9 +144,7 @@
return 1;
}
-int CBS_get_u64(CBS *cbs, uint64_t *out) {
- return cbs_get_u(cbs, out, 8);
-}
+int CBS_get_u64(CBS *cbs, uint64_t *out) { return cbs_get_u(cbs, out, 8); }
int CBS_get_u64le(CBS *cbs, uint64_t *out) {
if (!cbs_get_u(cbs, out, 8)) {
@@ -207,7 +205,8 @@
}
int CBS_get_until_first(CBS *cbs, CBS *out, uint8_t c) {
- const uint8_t *split = OPENSSL_memchr(CBS_data(cbs), c, CBS_len(cbs));
+ const uint8_t *split = reinterpret_cast<const uint8_t *>(
+ OPENSSL_memchr(CBS_data(cbs), c, CBS_len(cbs)));
if (split == NULL) {
return 0;
}
@@ -223,7 +222,7 @@
break;
}
CBS_skip(cbs, 1);
- if (// Forbid stray leading zeros.
+ if (/* Forbid stray leading zeros */
(v == 0 && seen_digit) ||
// Check for overflow.
v > UINT64_MAX / 10 || //
@@ -341,7 +340,7 @@
// 8.1.3.
if ((length_byte & 0x80) == 0) {
// Short form length.
- len = ((size_t) length_byte) + header_len;
+ len = ((size_t)length_byte) + header_len;
if (out_header_len != NULL) {
*out_header_len = header_len;
}
@@ -420,7 +419,7 @@
}
int CBS_get_any_asn1_element(CBS *cbs, CBS *out, CBS_ASN1_TAG *out_tag,
- size_t *out_header_len) {
+ size_t *out_header_len) {
return cbs_get_any_asn1_element(cbs, out, out_tag, out_header_len, NULL, NULL,
/*ber_ok=*/0);
}
@@ -515,8 +514,7 @@
int CBS_get_asn1_bool(CBS *cbs, int *out) {
CBS bytes;
- if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_BOOLEAN) ||
- CBS_len(&bytes) != 1) {
+ if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_BOOLEAN) || CBS_len(&bytes) != 1) {
return 0;
}
@@ -529,7 +527,8 @@
return 1;
}
-int CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present, CBS_ASN1_TAG tag) {
+int CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present,
+ CBS_ASN1_TAG tag) {
int present = 0;
if (CBS_peek_asn1_tag(cbs, tag)) {
@@ -576,8 +575,7 @@
return 0;
}
if (present) {
- if (!CBS_get_asn1_uint64(&child, out) ||
- CBS_len(&child) != 0) {
+ if (!CBS_get_asn1_uint64(&child, out) || CBS_len(&child) != 0) {
return 0;
}
} else {
@@ -597,8 +595,7 @@
uint8_t boolean;
if (!CBS_get_asn1(&child, &child2, CBS_ASN1_BOOLEAN) ||
- CBS_len(&child2) != 1 ||
- CBS_len(&child) != 0) {
+ CBS_len(&child2) != 1 || CBS_len(&child) != 0) {
return 0;
}
@@ -619,8 +616,7 @@
int CBS_is_valid_asn1_bitstring(const CBS *cbs) {
CBS in = *cbs;
uint8_t num_unused_bits;
- if (!CBS_get_u8(&in, &num_unused_bits) ||
- num_unused_bits > 7) {
+ if (!CBS_get_u8(&in, &num_unused_bits) || num_unused_bits > 7) {
return 0;
}
@@ -707,12 +703,12 @@
}
char *CBS_asn1_oid_to_text(const CBS *cbs) {
+ CBS copy = *cbs;
CBB cbb;
if (!CBB_init(&cbb, 32)) {
goto err;
}
- CBS copy = *cbs;
// The first component is 40 * value1 + value2, where value1 is 0, 1, or 2.
uint64_t v;
if (!parse_base128_integer(©, &v)) {
@@ -724,15 +720,13 @@
!add_decimal(&cbb, v - 80)) {
goto err;
}
- } else if (!add_decimal(&cbb, v / 40) ||
- !CBB_add_u8(&cbb, '.') ||
+ } else if (!add_decimal(&cbb, v / 40) || !CBB_add_u8(&cbb, '.') ||
!add_decimal(&cbb, v % 40)) {
goto err;
}
while (CBS_len(©) != 0) {
- if (!parse_base128_integer(©, &v) ||
- !CBB_add_u8(&cbb, '.') ||
+ if (!parse_base128_integer(©, &v) || !CBB_add_u8(&cbb, '.') ||
!add_decimal(&cbb, v)) {
goto err;
}
@@ -740,8 +734,7 @@
uint8_t *txt;
size_t txt_len;
- if (!CBB_add_u8(&cbb, '\0') ||
- !CBB_finish(&cbb, &txt, &txt_len)) {
+ if (!CBB_add_u8(&cbb, '\0') || !CBB_finish(&cbb, &txt, &txt_len)) {
goto err;
}
@@ -814,7 +807,7 @@
if (!cbs_get_two_digits(©, &tmp)) {
return 0;
}
- year += tmp;
+ year += tmp;
} else {
year = 1900;
if (!cbs_get_two_digits(©, &tmp)) {
diff --git a/crypto/bytestring/unicode.c b/crypto/bytestring/unicode.cc
similarity index 100%
rename from crypto/bytestring/unicode.c
rename to crypto/bytestring/unicode.cc
diff --git a/crypto/chacha/chacha.c b/crypto/chacha/chacha.cc
similarity index 100%
rename from crypto/chacha/chacha.c
rename to crypto/chacha/chacha.cc
diff --git a/crypto/cipher_extra/cipher_extra.c b/crypto/cipher_extra/cipher_extra.cc
similarity index 100%
rename from crypto/cipher_extra/cipher_extra.c
rename to crypto/cipher_extra/cipher_extra.cc
diff --git a/crypto/cipher_extra/derive_key.c b/crypto/cipher_extra/derive_key.cc
similarity index 100%
rename from crypto/cipher_extra/derive_key.c
rename to crypto/cipher_extra/derive_key.cc
diff --git a/crypto/cipher_extra/e_aesctrhmac.c b/crypto/cipher_extra/e_aesctrhmac.cc
similarity index 100%
rename from crypto/cipher_extra/e_aesctrhmac.c
rename to crypto/cipher_extra/e_aesctrhmac.cc
diff --git a/crypto/cipher_extra/e_aesgcmsiv.c b/crypto/cipher_extra/e_aesgcmsiv.cc
similarity index 95%
rename from crypto/cipher_extra/e_aesgcmsiv.c
rename to crypto/cipher_extra/e_aesgcmsiv.cc
index c2bf993..985d6de 100644
--- a/crypto/cipher_extra/e_aesgcmsiv.c
+++ b/crypto/cipher_extra/e_aesgcmsiv.cc
@@ -36,7 +36,7 @@
// Optimised AES-GCM-SIV
struct aead_aes_gcm_siv_asm_ctx {
- alignas(16) uint8_t key[16*15];
+ alignas(16) uint8_t key[16 * 15];
int is_128_bit;
};
@@ -57,15 +57,17 @@
return (struct aead_aes_gcm_siv_asm_ctx *)(&ctx->state.opaque[offset]);
}
+extern "C" {
// aes128gcmsiv_aes_ks writes an AES-128 key schedule for |key| to
// |out_expanded_key|.
-extern void aes128gcmsiv_aes_ks(
- const uint8_t key[16], uint8_t out_expanded_key[16*15]);
+extern void aes128gcmsiv_aes_ks(const uint8_t key[16],
+ uint8_t out_expanded_key[16 * 15]);
// aes256gcmsiv_aes_ks writes an AES-256 key schedule for |key| to
// |out_expanded_key|.
-extern void aes256gcmsiv_aes_ks(
- const uint8_t key[32], uint8_t out_expanded_key[16*15]);
+extern void aes256gcmsiv_aes_ks(const uint8_t key[32],
+ uint8_t out_expanded_key[16 * 15]);
+}
static int aead_aes_gcm_siv_asm_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
size_t key_len, size_t tag_len) {
@@ -103,6 +105,7 @@
static void aead_aes_gcm_siv_asm_cleanup(EVP_AEAD_CTX *ctx) {}
+extern "C" {
// aesgcmsiv_polyval_horner updates the POLYVAL value in |in_out_poly| to
// include a number (|in_blocks|) of 16-byte blocks of data from |in|, given
// the POLYVAL key in |key|.
@@ -217,6 +220,7 @@
const uint8_t *tag,
const struct aead_aes_gcm_siv_asm_ctx *key,
size_t in_len);
+}
// gcm_siv_asm_polyval evaluates POLYVAL at |auth_key| on the given plaintext
// and AD. The result is written to |out_tag|.
@@ -228,7 +232,7 @@
const size_t ad_blocks = ad_len / 16;
const size_t in_blocks = in_len / 16;
int htable_init = 0;
- alignas(16) uint8_t htable[16*8];
+ alignas(16) uint8_t htable[16 * 8];
if (ad_blocks > 8 || in_blocks > 8) {
htable_init = 1;
@@ -335,8 +339,7 @@
const uint64_t in_len_64 = in_len;
const uint64_t ad_len_64 = ad_len;
- if (in_len_64 > (UINT64_C(1) << 36) ||
- ad_len_64 >= (UINT64_C(1) << 61)) {
+ if (in_len_64 > (UINT64_C(1) << 36) || ad_len_64 >= (UINT64_C(1) << 61)) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
@@ -424,9 +427,9 @@
struct aead_aes_gcm_siv_asm_ctx expanded_key;
if (gcm_siv_ctx->is_128_bit) {
- aes128gcmsiv_aes_ks((const uint8_t *) record_enc_key, &expanded_key.key[0]);
+ aes128gcmsiv_aes_ks((const uint8_t *)record_enc_key, &expanded_key.key[0]);
} else {
- aes256gcmsiv_aes_ks((const uint8_t *) record_enc_key, &expanded_key.key[0]);
+ aes256gcmsiv_aes_ks((const uint8_t *)record_enc_key, &expanded_key.key[0]);
}
// calculated_tag is 16*8 bytes, rather than 16 bytes, because
// aes[128|256]gcmsiv_dec uses the extra as scratch space.
@@ -535,7 +538,7 @@
AES_KEY ks;
} ks;
block128_f kgk_block;
- unsigned is_256:1;
+ unsigned is_256 : 1;
};
static_assert(sizeof(((EVP_AEAD_CTX *)NULL)->state) >=
@@ -635,8 +638,8 @@
}
uint8_t length_block[16];
- CRYPTO_store_u64_le(length_block, ((uint64_t) ad_len) * 8);
- CRYPTO_store_u64_le(length_block + 8, ((uint64_t) in_len) * 8);
+ CRYPTO_store_u64_le(length_block, ((uint64_t)ad_len) * 8);
+ CRYPTO_store_u64_le(length_block + 8, ((uint64_t)in_len) * 8);
CRYPTO_POLYVAL_update_blocks(&polyval_ctx, length_block,
sizeof(length_block));
@@ -659,10 +662,9 @@
// gcm_siv_keys calculates the keys for a specific GCM-SIV record with the
// given nonce and writes them to |*out_keys|.
-static void gcm_siv_keys(
- const struct aead_aes_gcm_siv_ctx *gcm_siv_ctx,
- struct gcm_siv_record_keys *out_keys,
- const uint8_t nonce[EVP_AEAD_AES_GCM_SIV_NONCE_LEN]) {
+static void gcm_siv_keys(const struct aead_aes_gcm_siv_ctx *gcm_siv_ctx,
+ struct gcm_siv_record_keys *out_keys,
+ const uint8_t nonce[EVP_AEAD_AES_GCM_SIV_NONCE_LEN]) {
const AES_KEY *const key = &gcm_siv_ctx->ks.ks;
uint8_t key_material[(128 /* POLYVAL key */ + 256 /* max AES key */) / 8];
const size_t blocks_needed = gcm_siv_ctx->is_256 ? 6 : 4;
@@ -703,8 +705,7 @@
const uint64_t ad_len_64 = ad_len;
if (in_len + EVP_AEAD_AES_GCM_SIV_TAG_LEN < in_len ||
- in_len_64 > (UINT64_C(1) << 36) ||
- ad_len_64 >= (UINT64_C(1) << 61)) {
+ in_len_64 > (UINT64_C(1) << 36) || ad_len_64 >= (UINT64_C(1) << 61)) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
}
@@ -830,12 +831,8 @@
#else
-const EVP_AEAD *EVP_aead_aes_128_gcm_siv(void) {
- return &aead_aes_128_gcm_siv;
-}
+const EVP_AEAD *EVP_aead_aes_128_gcm_siv(void) { return &aead_aes_128_gcm_siv; }
-const EVP_AEAD *EVP_aead_aes_256_gcm_siv(void) {
- return &aead_aes_256_gcm_siv;
-}
+const EVP_AEAD *EVP_aead_aes_256_gcm_siv(void) { return &aead_aes_256_gcm_siv; }
#endif // AES_GCM_SIV_ASM
diff --git a/crypto/cipher_extra/e_chacha20poly1305.c b/crypto/cipher_extra/e_chacha20poly1305.cc
similarity index 100%
rename from crypto/cipher_extra/e_chacha20poly1305.c
rename to crypto/cipher_extra/e_chacha20poly1305.cc
diff --git a/crypto/cipher_extra/e_des.c b/crypto/cipher_extra/e_des.cc
similarity index 79%
rename from crypto/cipher_extra/e_des.c
rename to crypto/cipher_extra/e_des.cc
index 62ac2a0..586e2ff 100644
--- a/crypto/cipher_extra/e_des.c
+++ b/crypto/cipher_extra/e_des.cc
@@ -85,14 +85,16 @@
}
static const EVP_CIPHER evp_des_cbc = {
- .nid = NID_des_cbc,
- .block_size = 8,
- .key_len = 8,
- .iv_len = 8,
- .ctx_size = sizeof(EVP_DES_KEY),
- .flags = EVP_CIPH_CBC_MODE,
- .init = des_init_key,
- .cipher = des_cbc_cipher,
+ /*nid=*/NID_des_cbc,
+ /*block_size=*/8,
+ /*key_len=*/8,
+ /*iv_len=*/8,
+ /*ctx_size=*/sizeof(EVP_DES_KEY),
+ /*flags=*/EVP_CIPH_CBC_MODE,
+ /*init=*/des_init_key,
+ /*cipher=*/des_cbc_cipher,
+ /*cleanup=*/nullptr,
+ /*ctrl=*/nullptr,
};
const EVP_CIPHER *EVP_des_cbc(void) { return &evp_des_cbc; }
@@ -112,14 +114,16 @@
}
static const EVP_CIPHER evp_des_ecb = {
- .nid = NID_des_ecb,
- .block_size = 8,
- .key_len = 8,
- .iv_len = 0,
- .ctx_size = sizeof(EVP_DES_KEY),
- .flags = EVP_CIPH_ECB_MODE,
- .init = des_init_key,
- .cipher = des_ecb_cipher,
+ /*nid=*/NID_des_ecb,
+ /*block_size=*/8,
+ /*key_len=*/8,
+ /*iv_len=*/0,
+ /*ctx_size=*/sizeof(EVP_DES_KEY),
+ /*flags=*/EVP_CIPH_ECB_MODE,
+ /*init=*/des_init_key,
+ /*cipher=*/des_ecb_cipher,
+ /*cleanup=*/nullptr,
+ /*ctrl=*/nullptr,
};
const EVP_CIPHER *EVP_des_ecb(void) { return &evp_des_ecb; }
@@ -149,14 +153,16 @@
}
static const EVP_CIPHER evp_des_ede3_cbc = {
- .nid = NID_des_ede3_cbc,
- .block_size = 8,
- .key_len = 24,
- .iv_len = 8,
- .ctx_size = sizeof(DES_EDE_KEY),
- .flags = EVP_CIPH_CBC_MODE,
- .init = des_ede3_init_key,
- .cipher = des_ede3_cbc_cipher,
+ /*nid=*/NID_des_ede3_cbc,
+ /*block_size=*/8,
+ /*key_len=*/24,
+ /*iv_len=*/8,
+ /*ctx_size=*/sizeof(DES_EDE_KEY),
+ /*flags=*/EVP_CIPH_CBC_MODE,
+ /*init=*/des_ede3_init_key,
+ /*cipher=*/des_ede3_cbc_cipher,
+ /*cleanup=*/nullptr,
+ /*ctrl=*/nullptr,
};
const EVP_CIPHER *EVP_des_ede3_cbc(void) { return &evp_des_ede3_cbc; }
@@ -172,14 +178,16 @@
}
static const EVP_CIPHER evp_des_ede_cbc = {
- .nid = NID_des_ede_cbc,
- .block_size = 8,
- .key_len = 16,
- .iv_len = 8,
- .ctx_size = sizeof(DES_EDE_KEY),
- .flags = EVP_CIPH_CBC_MODE,
- .init = des_ede_init_key,
- .cipher = des_ede3_cbc_cipher,
+ /*nid=*/NID_des_ede_cbc,
+ /*block_size=*/8,
+ /*key_len=*/16,
+ /*iv_len=*/8,
+ /*ctx_size=*/sizeof(DES_EDE_KEY),
+ /*flags=*/EVP_CIPH_CBC_MODE,
+ /*init=*/des_ede_init_key,
+ /*cipher=*/des_ede3_cbc_cipher,
+ /*cleanup=*/nullptr,
+ /*ctrl=*/nullptr,
};
const EVP_CIPHER *EVP_des_ede_cbc(void) { return &evp_des_ede_cbc; }
@@ -191,7 +199,7 @@
}
in_len -= ctx->cipher->block_size;
- DES_EDE_KEY *dat = (DES_EDE_KEY *) ctx->cipher_data;
+ DES_EDE_KEY *dat = (DES_EDE_KEY *)ctx->cipher_data;
for (size_t i = 0; i <= in_len; i += ctx->cipher->block_size) {
DES_ecb3_encrypt_ex(in + i, out + i, &dat->ks.ks[0], &dat->ks.ks[1],
&dat->ks.ks[2], ctx->encrypt);
@@ -200,27 +208,31 @@
}
static const EVP_CIPHER evp_des_ede = {
- .nid = NID_des_ede_ecb,
- .block_size = 8,
- .key_len = 16,
- .iv_len = 0,
- .ctx_size = sizeof(DES_EDE_KEY),
- .flags = EVP_CIPH_ECB_MODE,
- .init = des_ede_init_key,
- .cipher = des_ede_ecb_cipher,
+ /*nid=*/NID_des_ede_ecb,
+ /*block_size=*/8,
+ /*key_len=*/16,
+ /*iv_len=*/0,
+ /*ctx_size=*/sizeof(DES_EDE_KEY),
+ /*flags=*/EVP_CIPH_ECB_MODE,
+ /*init=*/des_ede_init_key,
+ /*cipher=*/des_ede_ecb_cipher,
+ /*cleanup=*/nullptr,
+ /*ctrl=*/nullptr,
};
const EVP_CIPHER *EVP_des_ede(void) { return &evp_des_ede; }
static const EVP_CIPHER evp_des_ede3 = {
- .nid = NID_des_ede3_ecb,
- .block_size = 8,
- .key_len = 24,
- .iv_len = 0,
- .ctx_size = sizeof(DES_EDE_KEY),
- .flags = EVP_CIPH_ECB_MODE,
- .init = des_ede3_init_key,
- .cipher = des_ede_ecb_cipher,
+ /*nid=*/NID_des_ede3_ecb,
+ /*block_size=*/8,
+ /*key_len=*/24,
+ /*iv_len=*/0,
+ /*ctx_size=*/sizeof(DES_EDE_KEY),
+ /*flags=*/EVP_CIPH_ECB_MODE,
+ /*init=*/des_ede3_init_key,
+ /*cipher=*/des_ede_ecb_cipher,
+ /*cleanup=*/nullptr,
+ /*ctrl=*/nullptr,
};
const EVP_CIPHER *EVP_des_ede3(void) { return &evp_des_ede3; }
diff --git a/crypto/cipher_extra/e_null.c b/crypto/cipher_extra/e_null.cc
similarity index 91%
rename from crypto/cipher_extra/e_null.c
rename to crypto/cipher_extra/e_null.cc
index ad99df9..34b15a9 100644
--- a/crypto/cipher_extra/e_null.c
+++ b/crypto/cipher_extra/e_null.cc
@@ -69,8 +69,8 @@
return 1;
}
-static int null_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out,
- const uint8_t *in, size_t in_len) {
+static int null_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
+ size_t in_len) {
if (in != out) {
OPENSSL_memcpy(out, in, in_len);
}
@@ -78,13 +78,16 @@
}
static const EVP_CIPHER n_cipher = {
- .nid = NID_undef,
- .block_size = 1,
- .key_len = 0,
- .iv_len = 0,
- .ctx_size = 0,
- .init = null_init_key,
- .cipher = null_cipher,
+ /*nid=*/NID_undef,
+ /*block_size=*/1,
+ /*key_len=*/0,
+ /*iv_len=*/0,
+ /*ctx_size=*/0,
+ /*flags=*/0,
+ /*init=*/null_init_key,
+ /*cipher=*/null_cipher,
+ /*cleanup=*/nullptr,
+ /*ctrl=*/nullptr,
};
const EVP_CIPHER *EVP_enc_null(void) { return &n_cipher; }
diff --git a/crypto/cipher_extra/e_rc2.c b/crypto/cipher_extra/e_rc2.cc
similarity index 95%
rename from crypto/cipher_extra/e_rc2.c
rename to crypto/cipher_extra/e_rc2.cc
index c2a143e..f826e71 100644
--- a/crypto/cipher_extra/e_rc2.c
+++ b/crypto/cipher_extra/e_rc2.cc
@@ -138,7 +138,9 @@
} \
} while (0)
-typedef struct rc2_key_st { uint16_t data[64]; } RC2_KEY;
+typedef struct rc2_key_st {
+ uint16_t data[64];
+} RC2_KEY;
static void RC2_encrypt(uint32_t *d, RC2_KEY *key) {
int i, n;
@@ -427,29 +429,31 @@
}
static const EVP_CIPHER rc2_40_cbc = {
- .nid = NID_rc2_40_cbc,
- .block_size = 8,
- .key_len = 5 /* 40 bit */,
- .iv_len = 8,
- .ctx_size = sizeof(EVP_RC2_KEY),
- .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
- .init = rc2_init_key,
- .cipher = rc2_cbc_cipher,
- .ctrl = rc2_ctrl,
+ /*nid=*/NID_rc2_40_cbc,
+ /*block_size=*/8,
+ /*key_len=*/5 /* 40 bit */,
+ /*iv_len=*/8,
+ /*ctx_size=*/sizeof(EVP_RC2_KEY),
+ /*flags=*/EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+ /*init=*/rc2_init_key,
+ /*cipher=*/rc2_cbc_cipher,
+ /*cleanup=*/nullptr,
+ /*ctrl=*/rc2_ctrl,
};
const EVP_CIPHER *EVP_rc2_40_cbc(void) { return &rc2_40_cbc; }
static const EVP_CIPHER rc2_cbc = {
- .nid = NID_rc2_cbc,
- .block_size = 8,
- .key_len = 16 /* 128 bit */,
- .iv_len = 8,
- .ctx_size = sizeof(EVP_RC2_KEY),
- .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
- .init = rc2_init_key,
- .cipher = rc2_cbc_cipher,
- .ctrl = rc2_ctrl,
+ /*nid=*/NID_rc2_cbc,
+ /*block_size=*/8,
+ /*key_len=*/16 /* 128 bit */,
+ /*iv_len=*/8,
+ /*ctx_size=*/sizeof(EVP_RC2_KEY),
+ /*flags=*/EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+ /*init=*/rc2_init_key,
+ /*cipher=*/rc2_cbc_cipher,
+ /*cleanup=*/nullptr,
+ /*ctrl=*/rc2_ctrl,
};
const EVP_CIPHER *EVP_rc2_cbc(void) { return &rc2_cbc; }
diff --git a/crypto/cipher_extra/e_rc4.c b/crypto/cipher_extra/e_rc4.cc
similarity index 93%
rename from crypto/cipher_extra/e_rc4.c
rename to crypto/cipher_extra/e_rc4.cc
index 0c3404f..4e736e3 100644
--- a/crypto/cipher_extra/e_rc4.c
+++ b/crypto/cipher_extra/e_rc4.cc
@@ -81,14 +81,16 @@
}
static const EVP_CIPHER rc4 = {
- .nid = NID_rc4,
- .block_size = 1,
- .key_len = 16,
- .iv_len = 0,
- .ctx_size = sizeof(RC4_KEY),
- .flags = EVP_CIPH_VARIABLE_LENGTH,
- .init = rc4_init_key,
- .cipher = rc4_cipher,
+ /*nid=*/NID_rc4,
+ /*block_size=*/1,
+ /*key_len=*/16,
+ /*iv_len=*/0,
+ /*ctx_size=*/sizeof(RC4_KEY),
+ /*flags=*/EVP_CIPH_VARIABLE_LENGTH,
+ /*init=*/rc4_init_key,
+ /*cipher=*/rc4_cipher,
+ /*cleanup=*/nullptr,
+ /*ctrl=*/nullptr,
};
const EVP_CIPHER *EVP_rc4(void) { return &rc4; }
diff --git a/crypto/cipher_extra/e_tls.c b/crypto/cipher_extra/e_tls.cc
similarity index 100%
rename from crypto/cipher_extra/e_tls.c
rename to crypto/cipher_extra/e_tls.cc
diff --git a/crypto/cipher_extra/tls_cbc.c b/crypto/cipher_extra/tls_cbc.cc
similarity index 100%
rename from crypto/cipher_extra/tls_cbc.c
rename to crypto/cipher_extra/tls_cbc.cc
diff --git a/crypto/conf/conf.c b/crypto/conf/conf.cc
similarity index 95%
rename from crypto/conf/conf.c
rename to crypto/conf/conf.cc
index 1faba5f..cdcd3e9 100644
--- a/crypto/conf/conf.c
+++ b/crypto/conf/conf.cc
@@ -57,8 +57,8 @@
#include <openssl/conf.h>
#include <assert.h>
-#include <string.h>
#include <ctype.h>
+#include <string.h>
#include <openssl/bio.h>
#include <openssl/buf.h>
@@ -66,8 +66,8 @@
#include <openssl/lhash.h>
#include <openssl/mem.h>
-#include "internal.h"
#include "../internal.h"
+#include "internal.h"
struct conf_section_st {
@@ -106,7 +106,7 @@
return NULL;
}
- CONF *conf = OPENSSL_malloc(sizeof(CONF));
+ CONF *conf = reinterpret_cast<CONF *>(OPENSSL_malloc(sizeof(CONF)));
if (conf == NULL) {
return NULL;
}
@@ -121,7 +121,9 @@
return conf;
}
-CONF_VALUE *CONF_VALUE_new(void) { return OPENSSL_zalloc(sizeof(CONF_VALUE)); }
+CONF_VALUE *CONF_VALUE_new(void) {
+ return reinterpret_cast<CONF_VALUE *>(OPENSSL_zalloc(sizeof(CONF_VALUE)));
+}
static void value_free(CONF_VALUE *value) {
if (value == NULL) {
@@ -161,7 +163,8 @@
}
static CONF_SECTION *NCONF_new_section(const CONF *conf, const char *section) {
- CONF_SECTION *s = OPENSSL_malloc(sizeof(CONF_SECTION));
+ CONF_SECTION *s =
+ reinterpret_cast<CONF_SECTION *>(OPENSSL_malloc(sizeof(CONF_SECTION)));
if (!s) {
return NULL;
}
@@ -275,10 +278,10 @@
}
static CONF_SECTION *get_section(const CONF *conf, const char *section) {
- CONF_SECTION template;
- OPENSSL_memset(&template, 0, sizeof(template));
- template.name = (char *) section;
- return lh_CONF_SECTION_retrieve(conf->sections, &template);
+ CONF_SECTION templ;
+ OPENSSL_memset(&templ, 0, sizeof(templ));
+ templ.name = (char *)section;
+ return lh_CONF_SECTION_retrieve(conf->sections, &templ);
}
const STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,
@@ -292,16 +295,16 @@
const char *NCONF_get_string(const CONF *conf, const char *section,
const char *name) {
- CONF_VALUE template, *value;
+ CONF_VALUE templ, *value;
if (section == NULL) {
section = kDefaultSectionName;
}
- OPENSSL_memset(&template, 0, sizeof(template));
- template.section = (char *)section;
- template.name = (char *)name;
- value = lh_CONF_VALUE_retrieve(conf->values, &template);
+ OPENSSL_memset(&templ, 0, sizeof(templ));
+ templ.section = (char *)section;
+ templ.name = (char *)name;
+ value = lh_CONF_VALUE_retrieve(conf->values, &templ);
if (value == NULL) {
return NULL;
}
diff --git a/crypto/cpu_aarch64_apple.c b/crypto/cpu_aarch64_apple.cc
similarity index 100%
rename from crypto/cpu_aarch64_apple.c
rename to crypto/cpu_aarch64_apple.cc
diff --git a/crypto/cpu_aarch64_fuchsia.c b/crypto/cpu_aarch64_fuchsia.cc
similarity index 100%
rename from crypto/cpu_aarch64_fuchsia.c
rename to crypto/cpu_aarch64_fuchsia.cc
diff --git a/crypto/cpu_aarch64_linux.c b/crypto/cpu_aarch64_linux.cc
similarity index 100%
rename from crypto/cpu_aarch64_linux.c
rename to crypto/cpu_aarch64_linux.cc
diff --git a/crypto/cpu_aarch64_openbsd.c b/crypto/cpu_aarch64_openbsd.cc
similarity index 100%
rename from crypto/cpu_aarch64_openbsd.c
rename to crypto/cpu_aarch64_openbsd.cc
diff --git a/crypto/cpu_aarch64_sysreg.c b/crypto/cpu_aarch64_sysreg.cc
similarity index 100%
rename from crypto/cpu_aarch64_sysreg.c
rename to crypto/cpu_aarch64_sysreg.cc
diff --git a/crypto/cpu_aarch64_win.c b/crypto/cpu_aarch64_win.cc
similarity index 100%
rename from crypto/cpu_aarch64_win.c
rename to crypto/cpu_aarch64_win.cc
diff --git a/crypto/cpu_arm_freebsd.c b/crypto/cpu_arm_freebsd.cc
similarity index 100%
rename from crypto/cpu_arm_freebsd.c
rename to crypto/cpu_arm_freebsd.cc
diff --git a/crypto/cpu_arm_linux.c b/crypto/cpu_arm_linux.cc
similarity index 96%
rename from crypto/cpu_arm_linux.c
rename to crypto/cpu_arm_linux.cc
index 426dfe2..d9e3fb3 100644
--- a/crypto/cpu_arm_linux.c
+++ b/crypto/cpu_arm_linux.cc
@@ -55,7 +55,7 @@
static const size_t kReadSize = 1024;
int ret = 0;
size_t cap = kReadSize, len = 0;
- char *buf = OPENSSL_malloc(cap);
+ char *buf = reinterpret_cast<char *>(OPENSSL_malloc(cap));
if (buf == NULL) {
goto err;
}
@@ -66,7 +66,7 @@
if (new_cap < cap) {
goto err;
}
- char *new_buf = OPENSSL_realloc(buf, new_cap);
+ char *new_buf = reinterpret_cast<char *>(OPENSSL_realloc(buf, new_cap));
if (new_buf == NULL) {
goto err;
}
diff --git a/crypto/cpu_intel.c b/crypto/cpu_intel.cc
similarity index 90%
rename from crypto/cpu_intel.c
rename to crypto/cpu_intel.cc
index 7193493..f8950fb 100644
--- a/crypto/cpu_intel.c
+++ b/crypto/cpu_intel.cc
@@ -56,7 +56,8 @@
#include <openssl/base.h>
-#if !defined(OPENSSL_NO_ASM) && (defined(OPENSSL_X86) || defined(OPENSSL_X86_64))
+#if !defined(OPENSSL_NO_ASM) && \
+ (defined(OPENSSL_X86) || defined(OPENSSL_X86_64))
#include <inttypes.h>
#include <stdio.h>
@@ -88,21 +89,19 @@
#elif defined(__pic__) && defined(OPENSSL_32_BIT)
// Inline assembly may not clobber the PIC register. For 32-bit, this is EBX.
// See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=47602.
- __asm__ volatile (
- "xor %%ecx, %%ecx\n"
- "mov %%ebx, %%edi\n"
- "cpuid\n"
- "xchg %%edi, %%ebx\n"
- : "=a"(*out_eax), "=D"(*out_ebx), "=c"(*out_ecx), "=d"(*out_edx)
- : "a"(leaf)
- );
+ __asm__ volatile(
+ "xor %%ecx, %%ecx\n"
+ "mov %%ebx, %%edi\n"
+ "cpuid\n"
+ "xchg %%edi, %%ebx\n"
+ : "=a"(*out_eax), "=D"(*out_ebx), "=c"(*out_ecx), "=d"(*out_edx)
+ : "a"(leaf));
#else
- __asm__ volatile (
- "xor %%ecx, %%ecx\n"
- "cpuid\n"
- : "=a"(*out_eax), "=b"(*out_ebx), "=c"(*out_ecx), "=d"(*out_edx)
- : "a"(leaf)
- );
+ __asm__ volatile(
+ "xor %%ecx, %%ecx\n"
+ "cpuid\n"
+ : "=a"(*out_eax), "=b"(*out_ebx), "=c"(*out_ecx), "=d"(*out_edx)
+ : "a"(leaf));
#endif
}
@@ -113,7 +112,7 @@
return (uint64_t)_xgetbv(xcr);
#else
uint32_t eax, edx;
- __asm__ volatile ("xgetbv" : "=a"(eax), "=d"(edx) : "c"(xcr));
+ __asm__ volatile("xgetbv" : "=a"(eax), "=d"(edx) : "c"(xcr));
return (((uint64_t)edx) << 32) | eax;
#endif
}
@@ -121,27 +120,27 @@
// handle_cpu_env applies the value from |in| to the CPUID values in |out[0]|
// and |out[1]|. See the comment in |OPENSSL_cpuid_setup| about this.
static void handle_cpu_env(uint32_t *out, const char *in) {
- const int invert = in[0] == '~';
- const int or = in[0] == '|';
- const int skip_first_byte = invert || or;
- const int hex = in[skip_first_byte] == '0' && in[skip_first_byte+1] == 'x';
+ const int invert_op = in[0] == '~';
+ const int or_op = in[0] == '|';
+ const int skip_first_byte = invert_op || or_op;
+ const int hex = in[skip_first_byte] == '0' && in[skip_first_byte + 1] == 'x';
int sscanf_result;
uint64_t v;
if (hex) {
- sscanf_result = sscanf(in + invert + 2, "%" PRIx64, &v);
+ sscanf_result = sscanf(in + invert_op + 2, "%" PRIx64, &v);
} else {
- sscanf_result = sscanf(in + invert, "%" PRIu64, &v);
+ sscanf_result = sscanf(in + invert_op, "%" PRIu64, &v);
}
if (!sscanf_result) {
return;
}
- if (invert) {
+ if (invert_op) {
out[0] &= ~v;
out[1] &= ~(v >> 32);
- } else if (or) {
+ } else if (or_op) {
out[0] |= v;
out[1] |= (v >> 32);
} else {
@@ -157,11 +156,11 @@
uint32_t num_ids = eax;
- int is_intel = ebx == 0x756e6547 /* Genu */ &&
- edx == 0x49656e69 /* ineI */ &&
+ int is_intel = ebx == 0x756e6547 /* Genu */ && //
+ edx == 0x49656e69 /* ineI */ && //
ecx == 0x6c65746e /* ntel */;
- int is_amd = ebx == 0x68747541 /* Auth */ &&
- edx == 0x69746e65 /* enti */ &&
+ int is_amd = ebx == 0x68747541 /* Auth */ && //
+ edx == 0x69746e65 /* enti */ && //
ecx == 0x444d4163 /* cAMD */;
uint32_t extended_features[2] = {0};
@@ -225,9 +224,9 @@
// See Intel manual, volume 1, section 14.3.
if ((xcr0 & 6) != 6) {
// YMM registers cannot be used.
- ecx &= ~(1u << 28); // AVX
- ecx &= ~(1u << 12); // FMA
- ecx &= ~(1u << 11); // AMD XOP
+ ecx &= ~(1u << 28); // AVX
+ ecx &= ~(1u << 12); // FMA
+ ecx &= ~(1u << 11); // AMD XOP
extended_features[0] &= ~(1u << 5); // AVX2
extended_features[1] &= ~(1u << 9); // VAES
extended_features[1] &= ~(1u << 10); // VPCLMULQDQ
diff --git a/crypto/crypto.c b/crypto/crypto.cc
similarity index 100%
rename from crypto/crypto.c
rename to crypto/crypto.cc
diff --git a/crypto/curve25519/curve25519.c b/crypto/curve25519/curve25519.cc
similarity index 97%
rename from crypto/curve25519/curve25519.c
rename to crypto/curve25519/curve25519.cc
index 761af4c..7b2a5e2 100644
--- a/crypto/curve25519/curve25519.c
+++ b/crypto/curve25519/curve25519.cc
@@ -26,8 +26,8 @@
#include <openssl/rand.h>
#include <openssl/sha.h>
-#include "internal.h"
#include "../internal.h"
+#include "internal.h"
// Various pre-computed constants.
#include "./curve25519_tables.h"
@@ -168,13 +168,9 @@
}
// h = 0
-static void fe_0(fe *h) {
- OPENSSL_memset(h, 0, sizeof(fe));
-}
+static void fe_0(fe *h) { OPENSSL_memset(h, 0, sizeof(fe)); }
-static void fe_loose_0(fe_loose *h) {
- OPENSSL_memset(h, 0, sizeof(fe_loose));
-}
+static void fe_loose_0(fe_loose *h) { OPENSSL_memset(h, 0, sizeof(fe_loose)); }
// h = 1
static void fe_1(fe *h) {
@@ -205,7 +201,7 @@
assert_fe_loose(h->v);
}
-static void fe_carry(fe *h, const fe_loose* f) {
+static void fe_carry(fe *h, const fe_loose *f) {
assert_fe_loose(f->v);
fiat_25519_carry(h->v, f->v);
assert_fe(h->v);
@@ -261,7 +257,7 @@
//
// Preconditions: b in {0,1}.
static void fe_cswap(fe *f, fe *g, fe_limb_t b) {
- b = 0-b;
+ b = 0 - b;
for (unsigned i = 0; i < FE_NUM_LIMBS; i++) {
fe_limb_t x = f->v[i] ^ g->v[i];
x &= b;
@@ -293,9 +289,8 @@
//
// TODO(davidben): Switch to fiat's calling convention, or ask fiat to emit a
// different one.
- (void)fiat_25519_selectznz;
- b = 0-b;
+ b = 0 - b;
for (unsigned i = 0; i < FE_NUM_LIMBS; i++) {
fe_limb_t x = f->v[i] ^ g->v[i];
x &= b;
@@ -304,9 +299,7 @@
}
// h = f
-static void fe_copy(fe *h, const fe *f) {
- OPENSSL_memmove(h, f, sizeof(fe));
-}
+static void fe_copy(fe *h, const fe *f) { OPENSSL_memmove(h, f, sizeof(fe)); }
static void fe_copy_lt(fe_loose *h, const fe *f) {
static_assert(sizeof(fe_loose) == sizeof(fe), "fe and fe_loose mismatch");
@@ -506,8 +499,8 @@
fe_carry(&u, &v);
fe_add(&v, &vxx, &h->Z); // v = dy^2+1
- fe_mul_ttl(&w, &u, &v); // w = u*v
- fe_pow22523(&h->X, &w); // x = w^((q-5)/8)
+ fe_mul_ttl(&w, &u, &v); // w = u*v
+ fe_pow22523(&h->X, &w); // x = w^((q-5)/8)
fe_mul_ttt(&h->X, &h->X, &u); // x = u*w^((q-5)/8)
fe_sq_tt(&vxx, &h->X);
@@ -706,7 +699,7 @@
for (i = 0; i < 15; i++) {
// The precomputed table is assumed to already clear the top bit, so
// |fe_frombytes_strict| may be used directly.
- const uint8_t *bytes = &precomp_table[i*(2 * 32)];
+ const uint8_t *bytes = &precomp_table[i * (2 * 32)];
fe x, y;
fe_frombytes_strict(&x, bytes);
fe_frombytes_strict(&y, bytes + 32);
@@ -736,7 +729,7 @@
ge_precomp_0(&e);
for (j = 1; j < 16; j++) {
- cmov(&e, &multiples[j-1], 1&constant_time_eq_w(index, j));
+ cmov(&e, &multiples[j - 1], 1 & constant_time_eq_w(index, j));
}
ge_cached cached;
@@ -763,9 +756,11 @@
uint8_t babs = b - ((bnegative & b) << 1);
uint8_t t_bytes[3][32] = {
- {constant_time_is_zero_w(b) & 1}, {constant_time_is_zero_w(b) & 1}, {0}};
-#if defined(__clang__) // materialize for vectorization, 6% speedup
- __asm__("" : "+m" (t_bytes) : /*no inputs*/);
+ {static_cast<uint8_t>(constant_time_is_zero_w(b) & 1)},
+ {static_cast<uint8_t>(constant_time_is_zero_w(b) & 1)},
+ {0}};
+#if defined(__clang__) // materialize for vectorization, 6% speedup
+ __asm__("" : "+m"(t_bytes) : /*no inputs*/);
#endif
static_assert(sizeof(t_bytes) == sizeof(k25519Precomp[pos][0]), "");
for (int i = 0; i < 8; i++) {
@@ -787,7 +782,7 @@
fe_copy_lt(&minust.yplusx, &yminusx);
fe_copy_lt(&minust.yminusx, &yplusx);
fe_neg(&minust.xy2d, &xy2d);
- cmov(t, &minust, bnegative>>7);
+ cmov(t, &minust, bnegative >> 7);
}
// h = a * B
@@ -903,7 +898,7 @@
ge_p2_dbl(&t, r);
x25519_ge_p1p1_to_p3(&u, &t);
- uint8_t index = scalar[31 - i/8];
+ uint8_t index = scalar[31 - i / 8];
index >>= 4 - (i & 4);
index &= 0xf;
@@ -911,7 +906,7 @@
ge_cached selected;
ge_cached_0(&selected);
for (j = 0; j < 16; j++) {
- cmov_cached(&selected, &Ai[j], 1&constant_time_eq_w(index, j));
+ cmov_cached(&selected, &Ai[j], 1 & constant_time_eq_w(index, j));
}
x25519_ge_add(&t, &u, &selected);
@@ -1937,10 +1932,10 @@
// kOrder is the order of Curve25519 in little-endian form.
static const uint64_t kOrder[4] = {
- UINT64_C(0x5812631a5cf5d3ed),
- UINT64_C(0x14def9dea2f79cd6),
- 0,
- UINT64_C(0x1000000000000000),
+ UINT64_C(0x5812631a5cf5d3ed),
+ UINT64_C(0x14def9dea2f79cd6),
+ 0,
+ UINT64_C(0x1000000000000000),
};
for (size_t i = 3;; i--) {
uint64_t word = CRYPTO_load_u64_le(scopy + i * 8);
@@ -2045,8 +2040,10 @@
// Coq transcription of ladderstep formula (called from transcribed loop):
// <https://github.com/mit-plv/fiat-crypto/blob/2456d821825521f7e03e65882cc3521795b0320f/src/Curves/Montgomery/XZ.v#L89>
// <https://github.com/mit-plv/fiat-crypto/blob/2456d821825521f7e03e65882cc3521795b0320f/src/Curves/Montgomery/XZProofs.v#L131>
- // x1 != 0 <https://github.com/mit-plv/fiat-crypto/blob/2456d821825521f7e03e65882cc3521795b0320f/src/Curves/Montgomery/XZProofs.v#L217>
- // x1 = 0 <https://github.com/mit-plv/fiat-crypto/blob/2456d821825521f7e03e65882cc3521795b0320f/src/Curves/Montgomery/XZProofs.v#L147>
+ // x1 != 0
+ // <https://github.com/mit-plv/fiat-crypto/blob/2456d821825521f7e03e65882cc3521795b0320f/src/Curves/Montgomery/XZProofs.v#L217>
+ // x1 = 0
+ // <https://github.com/mit-plv/fiat-crypto/blob/2456d821825521f7e03e65882cc3521795b0320f/src/Curves/Montgomery/XZProofs.v#L147>
fe_sub(&tmp0l, &x3, &z3);
fe_sub(&tmp1l, &x2, &z2);
fe_add(&x2l, &x2, &z2);
diff --git a/crypto/curve25519/curve25519_64_adx.c b/crypto/curve25519/curve25519_64_adx.cc
similarity index 100%
rename from crypto/curve25519/curve25519_64_adx.c
rename to crypto/curve25519/curve25519_64_adx.cc
diff --git a/crypto/curve25519/spake25519.c b/crypto/curve25519/spake25519.cc
similarity index 95%
rename from crypto/curve25519/spake25519.c
rename to crypto/curve25519/spake25519.cc
index adbf60d..f9b1b5f 100644
--- a/crypto/curve25519/spake25519.c
+++ b/crypto/curve25519/spake25519.cc
@@ -31,13 +31,17 @@
// points used in the SPAKE2 protocol.
//
// N:
-// x: 49918732221787544735331783592030787422991506689877079631459872391322455579424
-// y: 54629554431565467720832445949441049581317094546788069926228343916274969994000
+// x:
+// 49918732221787544735331783592030787422991506689877079631459872391322455579424
+// y:
+// 54629554431565467720832445949441049581317094546788069926228343916274969994000
// encoded: 10e3df0ae37d8e7a99b5fe74b44672103dbddcbd06af680d71329a11693bc778
//
// M:
-// x: 31406539342727633121250288103050113562375374900226415211311216773867585644232
-// y: 21177308356423958466833845032658859666296341766942662650232962324899758529114
+// x:
+// 31406539342727633121250288103050113562375374900226415211311216773867585644232
+// y:
+// 21177308356423958466833845032658859666296341766942662650232962324899758529114
// encoded: 5ada7e4bf6ddd9adb6626d32131c6b5c51a1e347a3478f53cfcf441b88eed12e
//
// These points and their precomputation tables are generated with the
@@ -269,10 +273,11 @@
0xa6, 0x76, 0x81, 0x28, 0xb2, 0x65, 0xe8, 0x47, 0x14, 0xc6, 0x39, 0x06,
};
-SPAKE2_CTX *SPAKE2_CTX_new(enum spake2_role_t my_role,
- const uint8_t *my_name, size_t my_name_len,
- const uint8_t *their_name, size_t their_name_len) {
- SPAKE2_CTX *ctx = OPENSSL_zalloc(sizeof(SPAKE2_CTX));
+SPAKE2_CTX *SPAKE2_CTX_new(enum spake2_role_t my_role, const uint8_t *my_name,
+ size_t my_name_len, const uint8_t *their_name,
+ size_t their_name_len) {
+ SPAKE2_CTX *ctx =
+ reinterpret_cast<SPAKE2_CTX *>(OPENSSL_zalloc(sizeof(SPAKE2_CTX)));
if (ctx == NULL) {
return NULL;
}
@@ -341,8 +346,8 @@
}
int SPAKE2_generate_msg(SPAKE2_CTX *ctx, uint8_t *out, size_t *out_len,
- size_t max_out_len, const uint8_t *password,
- size_t password_len) {
+ size_t max_out_len, const uint8_t *password,
+ size_t password_len) {
if (ctx->state != spake2_state_init) {
return 0;
}
@@ -459,8 +464,7 @@
int SPAKE2_process_msg(SPAKE2_CTX *ctx, uint8_t *out_key, size_t *out_key_len,
size_t max_out_key_len, const uint8_t *their_msg,
size_t their_msg_len) {
- if (ctx->state != spake2_state_msg_generated ||
- their_msg_len != 32) {
+ if (ctx->state != spake2_state_msg_generated || their_msg_len != 32) {
return 0;
}
@@ -473,9 +477,9 @@
// Unmask peer's value.
ge_p3 peers_mask;
x25519_ge_scalarmult_small_precomp(&peers_mask, ctx->password_scalar,
- ctx->my_role == spake2_role_alice
- ? kSpakeNSmallPrecomp
- : kSpakeMSmallPrecomp);
+ ctx->my_role == spake2_role_alice
+ ? kSpakeNSmallPrecomp
+ : kSpakeMSmallPrecomp);
ge_cached peers_mask_cached;
x25519_ge_p3_to_cached(&peers_mask_cached, &peers_mask);
diff --git a/crypto/des/des.c b/crypto/des/des.cc
similarity index 100%
rename from crypto/des/des.c
rename to crypto/des/des.cc
diff --git a/crypto/dh_extra/dh_asn1.c b/crypto/dh_extra/dh_asn1.cc
similarity index 100%
rename from crypto/dh_extra/dh_asn1.c
rename to crypto/dh_extra/dh_asn1.cc
diff --git a/crypto/dh_extra/params.c b/crypto/dh_extra/params.cc
similarity index 100%
rename from crypto/dh_extra/params.c
rename to crypto/dh_extra/params.cc
diff --git a/crypto/digest_extra/digest_extra.c b/crypto/digest_extra/digest_extra.cc
similarity index 79%
rename from crypto/digest_extra/digest_extra.c
rename to crypto/digest_extra/digest_extra.cc
index 7033d9c..0b30897 100644
--- a/crypto/digest_extra/digest_extra.c
+++ b/crypto/digest_extra/digest_extra.cc
@@ -60,19 +60,19 @@
#include <openssl/blake2.h>
#include <openssl/bytestring.h>
-#include <openssl/obj.h>
#include <openssl/md4.h>
#include <openssl/md5.h>
#include <openssl/nid.h>
+#include <openssl/obj.h>
#include "../asn1/internal.h"
-#include "../internal.h"
#include "../fipsmodule/digest/internal.h"
+#include "../internal.h"
struct nid_to_digest {
int nid;
- const EVP_MD* (*md_func)(void);
+ const EVP_MD *(*md_func)(void);
const char *short_name;
const char *long_name;
};
@@ -107,7 +107,7 @@
LN_sha512WithRSAEncryption},
};
-const EVP_MD* EVP_get_digestbynid(int nid) {
+const EVP_MD *EVP_get_digestbynid(int nid) {
if (nid == NID_undef) {
// Skip the |NID_undef| entries in |nid_to_digest_mapping|.
return NULL;
@@ -127,20 +127,20 @@
uint8_t oid_len;
int nid;
} kMDOIDs[] = {
- // 1.2.840.113549.2.4
- { {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x04}, 8, NID_md4 },
- // 1.2.840.113549.2.5
- { {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05}, 8, NID_md5 },
- // 1.3.14.3.2.26
- { {0x2b, 0x0e, 0x03, 0x02, 0x1a}, 5, NID_sha1 },
- // 2.16.840.1.101.3.4.2.1
- { {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01}, 9, NID_sha256 },
- // 2.16.840.1.101.3.4.2.2
- { {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02}, 9, NID_sha384 },
- // 2.16.840.1.101.3.4.2.3
- { {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03}, 9, NID_sha512 },
- // 2.16.840.1.101.3.4.2.4
- { {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04}, 9, NID_sha224 },
+ // 1.2.840.113549.2.4
+ {{0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x04}, 8, NID_md4},
+ // 1.2.840.113549.2.5
+ {{0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05}, 8, NID_md5},
+ // 1.3.14.3.2.26
+ {{0x2b, 0x0e, 0x03, 0x02, 0x1a}, 5, NID_sha1},
+ // 2.16.840.1.101.3.4.2.1
+ {{0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01}, 9, NID_sha256},
+ // 2.16.840.1.101.3.4.2.2
+ {{0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02}, 9, NID_sha384},
+ // 2.16.840.1.101.3.4.2.3
+ {{0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03}, 9, NID_sha512},
+ // 2.16.840.1.101.3.4.2.4
+ {{0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04}, 9, NID_sha224},
};
static const EVP_MD *cbs_to_md(const CBS *cbs) {
@@ -188,7 +188,7 @@
if (CBS_len(&algorithm) > 0) {
CBS param;
if (!CBS_get_asn1(&algorithm, ¶m, CBS_ASN1_NULL) ||
- CBS_len(¶m) != 0 ||
+ CBS_len(¶m) != 0 || //
CBS_len(&algorithm) != 0) {
OPENSSL_PUT_ERROR(DIGEST, DIGEST_R_DECODE_ERROR);
return NULL;
@@ -223,7 +223,7 @@
}
// TODO(crbug.com/boringssl/710): Is this correct? See RFC 4055, section 2.1.
- if (!CBB_add_asn1(&algorithm, &null, CBS_ASN1_NULL) ||
+ if (!CBB_add_asn1(&algorithm, &null, CBS_ASN1_NULL) || //
!CBB_flush(cbb)) {
return 0;
}
@@ -244,76 +244,69 @@
return NULL;
}
-static void blake2b256_init(EVP_MD_CTX *ctx) { BLAKE2B256_Init(ctx->md_data); }
+static void blake2b256_init(EVP_MD_CTX *ctx) {
+ BLAKE2B256_Init(reinterpret_cast<BLAKE2B_CTX *>(ctx->md_data));
+}
static void blake2b256_update(EVP_MD_CTX *ctx, const void *data, size_t len) {
- BLAKE2B256_Update(ctx->md_data, data, len);
+ BLAKE2B256_Update(reinterpret_cast<BLAKE2B_CTX *>(ctx->md_data), data, len);
}
static void blake2b256_final(EVP_MD_CTX *ctx, uint8_t *md) {
- BLAKE2B256_Final(md, ctx->md_data);
+ BLAKE2B256_Final(md, reinterpret_cast<BLAKE2B_CTX *>(ctx->md_data));
}
static const EVP_MD evp_md_blake2b256 = {
- NID_undef,
- BLAKE2B256_DIGEST_LENGTH,
- 0,
- blake2b256_init,
- blake2b256_update,
- blake2b256_final,
- BLAKE2B_CBLOCK,
- sizeof(BLAKE2B_CTX),
+ NID_undef, BLAKE2B256_DIGEST_LENGTH, 0,
+ blake2b256_init, blake2b256_update, blake2b256_final,
+ BLAKE2B_CBLOCK, sizeof(BLAKE2B_CTX),
};
const EVP_MD *EVP_blake2b256(void) { return &evp_md_blake2b256; }
static void md4_init(EVP_MD_CTX *ctx) {
- BSSL_CHECK(MD4_Init(ctx->md_data));
+ BSSL_CHECK(MD4_Init(reinterpret_cast<MD4_CTX *>(ctx->md_data)));
}
static void md4_update(EVP_MD_CTX *ctx, const void *data, size_t count) {
- BSSL_CHECK(MD4_Update(ctx->md_data, data, count));
+ BSSL_CHECK(
+ MD4_Update(reinterpret_cast<MD4_CTX *>(ctx->md_data), data, count));
}
static void md4_final(EVP_MD_CTX *ctx, uint8_t *out) {
- BSSL_CHECK(MD4_Final(out, ctx->md_data));
+ BSSL_CHECK(MD4_Final(out, reinterpret_cast<MD4_CTX *>(ctx->md_data)));
}
static const EVP_MD evp_md_md4 = {
- NID_md4,
- MD4_DIGEST_LENGTH,
- 0,
- md4_init,
- md4_update,
- md4_final,
- 64,
- sizeof(MD4_CTX),
+ NID_md4, //
+ MD4_DIGEST_LENGTH, //
+ 0,
+ md4_init,
+ md4_update,
+ md4_final,
+ 64,
+ sizeof(MD4_CTX),
};
const EVP_MD *EVP_md4(void) { return &evp_md_md4; }
static void md5_init(EVP_MD_CTX *ctx) {
- BSSL_CHECK(MD5_Init(ctx->md_data));
+ BSSL_CHECK(MD5_Init(reinterpret_cast<MD5_CTX *>(ctx->md_data)));
}
static void md5_update(EVP_MD_CTX *ctx, const void *data, size_t count) {
- BSSL_CHECK(MD5_Update(ctx->md_data, data, count));
+ BSSL_CHECK(
+ MD5_Update(reinterpret_cast<MD5_CTX *>(ctx->md_data), data, count));
}
static void md5_final(EVP_MD_CTX *ctx, uint8_t *out) {
- BSSL_CHECK(MD5_Final(out, ctx->md_data));
+ BSSL_CHECK(MD5_Final(out, reinterpret_cast<MD5_CTX *>(ctx->md_data)));
}
static const EVP_MD evp_md_md5 = {
- NID_md5,
- MD5_DIGEST_LENGTH,
- 0,
- md5_init,
- md5_update,
- md5_final,
- 64,
- sizeof(MD5_CTX),
+ NID_md5, MD5_DIGEST_LENGTH, 0, md5_init,
+ md5_update, md5_final, 64, sizeof(MD5_CTX),
};
const EVP_MD *EVP_md5(void) { return &evp_md_md5; }
@@ -324,32 +317,32 @@
} MD5_SHA1_CTX;
static void md5_sha1_init(EVP_MD_CTX *md_ctx) {
- MD5_SHA1_CTX *ctx = md_ctx->md_data;
+ MD5_SHA1_CTX *ctx = reinterpret_cast<MD5_SHA1_CTX *>(md_ctx->md_data);
BSSL_CHECK(MD5_Init(&ctx->md5) && SHA1_Init(&ctx->sha1));
}
static void md5_sha1_update(EVP_MD_CTX *md_ctx, const void *data,
size_t count) {
- MD5_SHA1_CTX *ctx = md_ctx->md_data;
+ MD5_SHA1_CTX *ctx = reinterpret_cast<MD5_SHA1_CTX *>(md_ctx->md_data);
BSSL_CHECK(MD5_Update(&ctx->md5, data, count) &&
- SHA1_Update(&ctx->sha1, data, count));
+ SHA1_Update(&ctx->sha1, data, count));
}
static void md5_sha1_final(EVP_MD_CTX *md_ctx, uint8_t *out) {
- MD5_SHA1_CTX *ctx = md_ctx->md_data;
+ MD5_SHA1_CTX *ctx = reinterpret_cast<MD5_SHA1_CTX *>(md_ctx->md_data);
BSSL_CHECK(MD5_Final(out, &ctx->md5) &&
- SHA1_Final(out + MD5_DIGEST_LENGTH, &ctx->sha1));
+ SHA1_Final(out + MD5_DIGEST_LENGTH, &ctx->sha1));
}
const EVP_MD evp_md_md5_sha1 = {
- NID_md5_sha1,
- MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
- 0,
- md5_sha1_init,
- md5_sha1_update,
- md5_sha1_final,
- 64,
- sizeof(MD5_SHA1_CTX),
+ NID_md5_sha1,
+ MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
+ 0,
+ md5_sha1_init,
+ md5_sha1_update,
+ md5_sha1_final,
+ 64,
+ sizeof(MD5_SHA1_CTX),
};
const EVP_MD *EVP_md5_sha1(void) { return &evp_md_md5_sha1; }
diff --git a/crypto/dilithium/dilithium.c b/crypto/dilithium/dilithium.cc
similarity index 98%
rename from crypto/dilithium/dilithium.c
rename to crypto/dilithium/dilithium.cc
index 9630715..a94d6ef 100644
--- a/crypto/dilithium/dilithium.c
+++ b/crypto/dilithium/dilithium.cc
@@ -1165,9 +1165,10 @@
vectorl s1_ntt;
vectork t;
};
- struct values_st *values = OPENSSL_malloc(sizeof(*values));
+ struct values_st *values =
+ reinterpret_cast<values_st *>(OPENSSL_malloc(sizeof(*values)));
if (values == NULL) {
- goto err;
+ return 0;
}
struct private_key *priv = private_key_from_external(out_private_key);
@@ -1217,8 +1218,6 @@
int DILITHIUM_public_from_private(
struct DILITHIUM_public_key *out_public_key,
const struct DILITHIUM_private_key *private_key) {
- int ret = 0;
-
// Intermediate values, allocated on the heap to allow use when there is a
// limited amount of stack.
struct values_st {
@@ -1227,9 +1226,10 @@
vectork t;
vectork t0;
};
- struct values_st *values = OPENSSL_malloc(sizeof(*values));
+ struct values_st *values =
+ reinterpret_cast<values_st *>(OPENSSL_malloc(sizeof(*values)));
if (values == NULL) {
- goto err;
+ return 0;
}
const struct private_key *priv = private_key_from_external(private_key);
@@ -1250,10 +1250,8 @@
vectork_power2_round(&pub->t1, &values->t0, &values->t);
- ret = 1;
-err:
OPENSSL_free(values);
- return ret;
+ return 1;
}
// FIPS 204, Algorithm 2 (`ML-DSA.Sign`). Returns 1 on success and 0 on failure.
@@ -1299,7 +1297,8 @@
vectork r0;
vectork ct0;
};
- struct values_st *values = OPENSSL_malloc(sizeof(*values));
+ struct values_st *values =
+ reinterpret_cast<values_st *>(OPENSSL_malloc(sizeof(*values)));
if (values == NULL) {
goto err;
}
@@ -1428,8 +1427,6 @@
int DILITHIUM_verify(const struct DILITHIUM_public_key *public_key,
const uint8_t encoded_signature[DILITHIUM_SIGNATURE_BYTES],
const uint8_t *msg, size_t msg_len) {
- int ret = 0;
-
// Intermediate values, allocated on the heap to allow use when there is a
// limited amount of stack.
struct values_st {
@@ -1442,9 +1439,10 @@
vectork w_approx;
vectork w1;
};
- struct values_st *values = OPENSSL_malloc(sizeof(*values));
+ struct values_st *values =
+ reinterpret_cast<values_st *>(OPENSSL_malloc(sizeof(*values)));
if (values == NULL) {
- goto err;
+ return 0;
}
const struct public_key *pub = public_key_from_external(public_key);
@@ -1452,7 +1450,8 @@
CBS cbs;
CBS_init(&cbs, encoded_signature, DILITHIUM_SIGNATURE_BYTES);
if (!dilithium_parse_signature(&values->sign, &cbs)) {
- goto err;
+ OPENSSL_free(values);
+ return 0;
}
matrix_expand(&values->a_ntt, pub->rho);
@@ -1494,12 +1493,12 @@
uint32_t z_max = vectorl_max(&values->sign.z);
size_t h_ones = vectork_count_ones(&values->sign.h);
+ int ret = 0;
if (z_max < kGamma1 - BETA && h_ones <= OMEGA &&
OPENSSL_memcmp(c_tilde, values->sign.c_tilde, 2 * LAMBDA_BYTES) == 0) {
ret = 1;
}
-err:
OPENSSL_free(values);
return ret;
}
diff --git a/crypto/dsa/dsa.c b/crypto/dsa/dsa.cc
similarity index 79%
rename from crypto/dsa/dsa.c
rename to crypto/dsa/dsa.cc
index b2eda20..876ce41 100644
--- a/crypto/dsa/dsa.c
+++ b/crypto/dsa/dsa.cc
@@ -72,10 +72,10 @@
#include <openssl/sha.h>
#include <openssl/thread.h>
-#include "internal.h"
#include "../fipsmodule/bn/internal.h"
#include "../fipsmodule/dh/internal.h"
#include "../internal.h"
+#include "internal.h"
// Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of
@@ -88,7 +88,7 @@
static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT;
DSA *DSA_new(void) {
- DSA *dsa = OPENSSL_zalloc(sizeof(DSA));
+ DSA *dsa = reinterpret_cast<DSA *>(OPENSSL_zalloc(sizeof(DSA)));
if (dsa == NULL) {
return NULL;
}
@@ -179,8 +179,7 @@
}
int DSA_set0_pqg(DSA *dsa, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
- if ((dsa->p == NULL && p == NULL) ||
- (dsa->q == NULL && q == NULL) ||
+ if ((dsa->p == NULL && p == NULL) || (dsa->q == NULL && q == NULL) ||
(dsa->g == NULL && g == NULL)) {
return 0;
}
@@ -312,7 +311,8 @@
}
// step 4
- r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, use_random_seed, cb);
+ r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, use_random_seed,
+ cb);
if (r > 0) {
break;
}
@@ -356,25 +356,20 @@
}
// step 8
- if (!BN_bin2bn(md, qsize, r0) ||
- !BN_lshift(r0, r0, (qsize << 3) * k) ||
+ if (!BN_bin2bn(md, qsize, r0) || !BN_lshift(r0, r0, (qsize << 3) * k) ||
!BN_add(W, W, r0)) {
goto err;
}
}
// more of step 8
- if (!BN_mask_bits(W, bits - 1) ||
- !BN_copy(X, W) ||
- !BN_add(X, X, test)) {
+ if (!BN_mask_bits(W, bits - 1) || !BN_copy(X, W) || !BN_add(X, X, test)) {
goto err;
}
// step 9
- if (!BN_lshift1(r0, q) ||
- !BN_mod(c, X, r0, ctx) ||
- !BN_sub(r0, c, BN_value_one()) ||
- !BN_sub(p, X, r0)) {
+ if (!BN_lshift1(r0, q) || !BN_mod(c, X, r0, ctx) ||
+ !BN_sub(r0, c, BN_value_one()) || !BN_sub(p, X, r0)) {
goto err;
}
@@ -407,14 +402,12 @@
// We now need to generate g
// Set r0=(p-1)/q
- if (!BN_sub(test, p, BN_value_one()) ||
- !BN_div(r0, NULL, test, q, ctx)) {
+ if (!BN_sub(test, p, BN_value_one()) || !BN_div(r0, NULL, test, q, ctx)) {
goto err;
}
mont = BN_MONT_CTX_new_for_modulus(p, ctx);
- if (mont == NULL ||
- !BN_set_word(test, h)) {
+ if (mont == NULL || !BN_set_word(test, h)) {
goto err;
}
@@ -541,7 +534,9 @@
return ok;
}
-DSA_SIG *DSA_SIG_new(void) { return OPENSSL_zalloc(sizeof(DSA_SIG)); }
+DSA_SIG *DSA_SIG_new(void) {
+ return reinterpret_cast<DSA_SIG *>(OPENSSL_zalloc(sizeof(DSA_SIG)));
+}
void DSA_SIG_free(DSA_SIG *sig) {
if (!sig) {
@@ -583,8 +578,7 @@
BIGNUM *tmp = BN_CTX_get(ctx);
// |BN_mod_mul_montgomery| removes a factor of R, so we cancel it with a
// single |BN_to_montgomery| which adds one factor of R.
- int ok = tmp != NULL &&
- BN_to_montgomery(tmp, a, mont, ctx) &&
+ int ok = tmp != NULL && BN_to_montgomery(tmp, a, mont, ctx) &&
BN_mod_mul_montgomery(r, tmp, b, mont, ctx);
BN_CTX_end(ctx);
return ok;
@@ -609,79 +603,80 @@
BN_init(&m);
BN_init(&xr);
s = BN_new();
- if (s == NULL) {
- goto err;
- }
- ctx = BN_CTX_new();
- if (ctx == NULL) {
- goto err;
- }
-
- // Cap iterations so that invalid parameters do not infinite loop. This does
- // not impact valid parameters because the probability of requiring even one
- // retry is negligible, let alone 32. Unfortunately, DSA was mis-specified, so
- // invalid parameters are reachable from most callers handling untrusted
- // private keys. (The |dsa_check_key| call above is not sufficient. Checking
- // whether arbitrary paremeters form a valid DSA group is expensive.)
- static const int kMaxIterations = 32;
- int iters = 0;
-redo:
- if (!dsa_sign_setup(dsa, ctx, &kinv, &r)) {
- goto err;
- }
-
- if (digest_len > BN_num_bytes(dsa->q)) {
- // If the digest length is greater than the size of |dsa->q| use the
- // BN_num_bits(dsa->q) leftmost bits of the digest, see FIPS 186-3, 4.2.
- // Note the above check that |dsa->q| is a multiple of 8 bits.
- digest_len = BN_num_bytes(dsa->q);
- }
-
- if (BN_bin2bn(digest, digest_len, &m) == NULL) {
- goto err;
- }
-
- // |m| is bounded by 2^(num_bits(q)), which is slightly looser than q. This
- // violates |bn_mod_add_consttime| and |mod_mul_consttime|'s preconditions.
- // (The underlying algorithms could accept looser bounds, but we reduce for
- // simplicity.)
- size_t q_width = bn_minimal_width(dsa->q);
- if (!bn_resize_words(&m, q_width) ||
- !bn_resize_words(&xr, q_width)) {
- goto err;
- }
- bn_reduce_once_in_place(m.d, 0 /* no carry word */, dsa->q->d,
- xr.d /* scratch space */, q_width);
-
- // Compute s = inv(k) (m + xr) mod q. Note |dsa->method_mont_q| is
- // initialized by |dsa_sign_setup|.
- if (!mod_mul_consttime(&xr, dsa->priv_key, r, dsa->method_mont_q, ctx) ||
- !bn_mod_add_consttime(s, &xr, &m, dsa->q, ctx) ||
- !mod_mul_consttime(s, s, kinv, dsa->method_mont_q, ctx)) {
- goto err;
- }
-
- // The signature is computed from the private key, but is public.
- bn_declassify(r);
- bn_declassify(s);
-
- // Redo if r or s is zero as required by FIPS 186-3: this is
- // very unlikely.
- if (BN_is_zero(r) || BN_is_zero(s)) {
- iters++;
- if (iters > kMaxIterations) {
- OPENSSL_PUT_ERROR(DSA, DSA_R_TOO_MANY_ITERATIONS);
+ {
+ if (s == NULL) {
goto err;
}
- goto redo;
- }
+ ctx = BN_CTX_new();
+ if (ctx == NULL) {
+ goto err;
+ }
- ret = DSA_SIG_new();
- if (ret == NULL) {
- goto err;
+ // Cap iterations so that invalid parameters do not infinite loop. This does
+ // not impact valid parameters because the probability of requiring even one
+ // retry is negligible, let alone 32. Unfortunately, DSA was mis-specified,
+ // so invalid parameters are reachable from most callers handling untrusted
+ // private keys. (The |dsa_check_key| call above is not sufficient. Checking
+ // whether arbitrary paremeters form a valid DSA group is expensive.)
+ static const int kMaxIterations = 32;
+ int iters = 0;
+ redo:
+ if (!dsa_sign_setup(dsa, ctx, &kinv, &r)) {
+ goto err;
+ }
+
+ if (digest_len > BN_num_bytes(dsa->q)) {
+ // If the digest length is greater than the size of |dsa->q| use the
+ // BN_num_bits(dsa->q) leftmost bits of the digest, see FIPS 186-3, 4.2.
+ // Note the above check that |dsa->q| is a multiple of 8 bits.
+ digest_len = BN_num_bytes(dsa->q);
+ }
+
+ if (BN_bin2bn(digest, digest_len, &m) == NULL) {
+ goto err;
+ }
+
+ // |m| is bounded by 2^(num_bits(q)), which is slightly looser than q. This
+ // violates |bn_mod_add_consttime| and |mod_mul_consttime|'s preconditions.
+ // (The underlying algorithms could accept looser bounds, but we reduce for
+ // simplicity.)
+ size_t q_width = bn_minimal_width(dsa->q);
+ if (!bn_resize_words(&m, q_width) || !bn_resize_words(&xr, q_width)) {
+ goto err;
+ }
+ bn_reduce_once_in_place(m.d, 0 /* no carry word */, dsa->q->d,
+ xr.d /* scratch space */, q_width);
+
+ // Compute s = inv(k) (m + xr) mod q. Note |dsa->method_mont_q| is
+ // initialized by |dsa_sign_setup|.
+ if (!mod_mul_consttime(&xr, dsa->priv_key, r, dsa->method_mont_q, ctx) ||
+ !bn_mod_add_consttime(s, &xr, &m, dsa->q, ctx) ||
+ !mod_mul_consttime(s, s, kinv, dsa->method_mont_q, ctx)) {
+ goto err;
+ }
+
+ // The signature is computed from the private key, but is public.
+ bn_declassify(r);
+ bn_declassify(s);
+
+ // Redo if r or s is zero as required by FIPS 186-3: this is
+ // very unlikely.
+ if (BN_is_zero(r) || BN_is_zero(s)) {
+ iters++;
+ if (iters > kMaxIterations) {
+ OPENSSL_PUT_ERROR(DSA, DSA_R_TOO_MANY_ITERATIONS);
+ goto err;
+ }
+ goto redo;
+ }
+
+ ret = DSA_SIG_new();
+ if (ret == NULL) {
+ goto err;
+ }
+ ret->r = r;
+ ret->s = s;
}
- ret->r = r;
- ret->s = s;
err:
if (ret == NULL) {
@@ -725,71 +720,73 @@
BN_init(&u2);
BN_init(&t1);
BN_CTX *ctx = BN_CTX_new();
- if (ctx == NULL) {
- goto err;
- }
+ {
+ if (ctx == NULL) {
+ goto err;
+ }
- if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
- BN_ucmp(sig->r, dsa->q) >= 0) {
+ if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
+ BN_ucmp(sig->r, dsa->q) >= 0) {
+ ret = 1;
+ goto err;
+ }
+ if (BN_is_zero(sig->s) || BN_is_negative(sig->s) ||
+ BN_ucmp(sig->s, dsa->q) >= 0) {
+ ret = 1;
+ goto err;
+ }
+
+ // Calculate W = inv(S) mod Q
+ // save W in u2
+ if (BN_mod_inverse(&u2, sig->s, dsa->q, ctx) == NULL) {
+ goto err;
+ }
+
+ // save M in u1
+ unsigned q_bits = BN_num_bits(dsa->q);
+ if (digest_len > (q_bits >> 3)) {
+ // if the digest length is greater than the size of q use the
+ // BN_num_bits(dsa->q) leftmost bits of the digest, see
+ // fips 186-3, 4.2
+ digest_len = (q_bits >> 3);
+ }
+
+ if (BN_bin2bn(digest, digest_len, &u1) == NULL) {
+ goto err;
+ }
+
+ // u1 = M * w mod q
+ if (!BN_mod_mul(&u1, &u1, &u2, dsa->q, ctx)) {
+ goto err;
+ }
+
+ // u2 = r * w mod q
+ if (!BN_mod_mul(&u2, sig->r, &u2, dsa->q, ctx)) {
+ goto err;
+ }
+
+ if (!BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p,
+ (CRYPTO_MUTEX *)&dsa->method_mont_lock, dsa->p,
+ ctx)) {
+ goto err;
+ }
+
+ if (!BN_mod_exp2_mont(&t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx,
+ dsa->method_mont_p)) {
+ goto err;
+ }
+
+ // BN_copy(&u1,&t1);
+ // let u1 = u1 mod q
+ if (!BN_mod(&u1, &t1, dsa->q, ctx)) {
+ goto err;
+ }
+
+ // V is now in u1. If the signature is correct, it will be
+ // equal to R.
+ *out_valid = BN_ucmp(&u1, sig->r) == 0;
ret = 1;
- goto err;
}
- if (BN_is_zero(sig->s) || BN_is_negative(sig->s) ||
- BN_ucmp(sig->s, dsa->q) >= 0) {
- ret = 1;
- goto err;
- }
-
- // Calculate W = inv(S) mod Q
- // save W in u2
- if (BN_mod_inverse(&u2, sig->s, dsa->q, ctx) == NULL) {
- goto err;
- }
-
- // save M in u1
- unsigned q_bits = BN_num_bits(dsa->q);
- if (digest_len > (q_bits >> 3)) {
- // if the digest length is greater than the size of q use the
- // BN_num_bits(dsa->q) leftmost bits of the digest, see
- // fips 186-3, 4.2
- digest_len = (q_bits >> 3);
- }
-
- if (BN_bin2bn(digest, digest_len, &u1) == NULL) {
- goto err;
- }
-
- // u1 = M * w mod q
- if (!BN_mod_mul(&u1, &u1, &u2, dsa->q, ctx)) {
- goto err;
- }
-
- // u2 = r * w mod q
- if (!BN_mod_mul(&u2, sig->r, &u2, dsa->q, ctx)) {
- goto err;
- }
-
- if (!BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p,
- (CRYPTO_MUTEX *)&dsa->method_mont_lock, dsa->p,
- ctx)) {
- goto err;
- }
-
- if (!BN_mod_exp2_mont(&t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx,
- dsa->method_mont_p)) {
- goto err;
- }
-
- // BN_copy(&u1,&t1);
- // let u1 = u1 mod q
- if (!BN_mod(&u1, &t1, dsa->q, ctx)) {
- goto err;
- }
-
- // V is now in u1. If the signature is correct, it will be
- // equal to R.
- *out_valid = BN_ucmp(&u1, sig->r) == 0;
- ret = 1;
err:
if (ret != 1) {
@@ -835,23 +832,25 @@
uint8_t *der = NULL;
s = DSA_SIG_new();
- if (s == NULL) {
- goto err;
- }
+ {
+ if (s == NULL) {
+ goto err;
+ }
- const uint8_t *sigp = sig;
- if (d2i_DSA_SIG(&s, &sigp, sig_len) == NULL || sigp != sig + sig_len) {
- goto err;
- }
+ const uint8_t *sigp = sig;
+ if (d2i_DSA_SIG(&s, &sigp, sig_len) == NULL || sigp != sig + sig_len) {
+ goto err;
+ }
- // Ensure that the signature uses DER and doesn't have trailing garbage.
- int der_len = i2d_DSA_SIG(s, &der);
- if (der_len < 0 || (size_t)der_len != sig_len ||
- OPENSSL_memcmp(sig, der, sig_len)) {
- goto err;
- }
+ // Ensure that the signature uses DER and doesn't have trailing garbage.
+ int der_len = i2d_DSA_SIG(s, &der);
+ if (der_len < 0 || (size_t)der_len != sig_len ||
+ OPENSSL_memcmp(sig, der, sig_len)) {
+ goto err;
+ }
- ret = DSA_do_check_signature(out_valid, digest, digest_len, s, dsa);
+ ret = DSA_do_check_signature(out_valid, digest, digest_len, s, dsa);
+ }
err:
OPENSSL_free(der);
diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.cc
similarity index 100%
rename from crypto/dsa/dsa_asn1.c
rename to crypto/dsa/dsa_asn1.cc
diff --git a/crypto/ec_extra/ec_asn1.c b/crypto/ec_extra/ec_asn1.cc
similarity index 100%
rename from crypto/ec_extra/ec_asn1.c
rename to crypto/ec_extra/ec_asn1.cc
diff --git a/crypto/ec_extra/ec_derive.c b/crypto/ec_extra/ec_derive.cc
similarity index 100%
rename from crypto/ec_extra/ec_derive.c
rename to crypto/ec_extra/ec_derive.cc
diff --git a/crypto/ec_extra/hash_to_curve.c b/crypto/ec_extra/hash_to_curve.cc
similarity index 87%
rename from crypto/ec_extra/hash_to_curve.c
rename to crypto/ec_extra/hash_to_curve.cc
index f29ef13..5af97e9 100644
--- a/crypto/ec_extra/hash_to_curve.c
+++ b/crypto/ec_extra/hash_to_curve.cc
@@ -20,10 +20,10 @@
#include <assert.h>
-#include "internal.h"
#include "../fipsmodule/bn/internal.h"
#include "../fipsmodule/ec/internal.h"
#include "../internal.h"
+#include "internal.h"
// This file implements hash-to-curve, as described in RFC 9380.
@@ -63,71 +63,74 @@
EVP_MD_CTX ctx;
EVP_MD_CTX_init(&ctx);
- // Long DSTs are hashed down to size. See section 5.3.3.
- static_assert(EVP_MAX_MD_SIZE < 256, "hashed DST still too large");
- uint8_t dst_buf[EVP_MAX_MD_SIZE];
- if (dst_len >= 256) {
- static const char kPrefix[] = "H2C-OVERSIZE-DST-";
- if (!EVP_DigestInit_ex(&ctx, md, NULL) ||
- !EVP_DigestUpdate(&ctx, kPrefix, sizeof(kPrefix) - 1) ||
- !EVP_DigestUpdate(&ctx, dst, dst_len) ||
- !EVP_DigestFinal_ex(&ctx, dst_buf, NULL)) {
- goto err;
- }
- dst = dst_buf;
- dst_len = md_size;
- }
- uint8_t dst_len_u8 = (uint8_t)dst_len;
-
- // Compute b_0.
- static const uint8_t kZeros[EVP_MAX_MD_BLOCK_SIZE] = {0};
- // If |out_len| exceeds 16 bits then |i| will wrap below causing an error to
- // be returned. This depends on the static assert above.
- uint8_t l_i_b_str_zero[3] = {out_len >> 8, out_len, 0};
- uint8_t b_0[EVP_MAX_MD_SIZE];
- if (!EVP_DigestInit_ex(&ctx, md, NULL) ||
- !EVP_DigestUpdate(&ctx, kZeros, block_size) ||
- !EVP_DigestUpdate(&ctx, msg, msg_len) ||
- !EVP_DigestUpdate(&ctx, l_i_b_str_zero, sizeof(l_i_b_str_zero)) ||
- !EVP_DigestUpdate(&ctx, dst, dst_len) ||
- !EVP_DigestUpdate(&ctx, &dst_len_u8, 1) ||
- !EVP_DigestFinal_ex(&ctx, b_0, NULL)) {
- goto err;
- }
-
- uint8_t b_i[EVP_MAX_MD_SIZE];
- uint8_t i = 1;
- while (out_len > 0) {
- if (i == 0) {
- // Input was too large.
- OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- if (i > 1) {
- for (size_t j = 0; j < md_size; j++) {
- b_i[j] ^= b_0[j];
+ {
+ // Long DSTs are hashed down to size. See section 5.3.3.
+ static_assert(EVP_MAX_MD_SIZE < 256, "hashed DST still too large");
+ uint8_t dst_buf[EVP_MAX_MD_SIZE];
+ if (dst_len >= 256) {
+ static const char kPrefix[] = "H2C-OVERSIZE-DST-";
+ if (!EVP_DigestInit_ex(&ctx, md, NULL) ||
+ !EVP_DigestUpdate(&ctx, kPrefix, sizeof(kPrefix) - 1) ||
+ !EVP_DigestUpdate(&ctx, dst, dst_len) ||
+ !EVP_DigestFinal_ex(&ctx, dst_buf, NULL)) {
+ goto err;
}
- } else {
- OPENSSL_memcpy(b_i, b_0, md_size);
+ dst = dst_buf;
+ dst_len = md_size;
}
+ uint8_t dst_len_u8 = (uint8_t)dst_len;
+ // Compute b_0.
+ static const uint8_t kZeros[EVP_MAX_MD_BLOCK_SIZE] = {0};
+ // If |out_len| exceeds 16 bits then |i| will wrap below causing an error to
+ // be returned. This depends on the static assert above.
+ uint8_t l_i_b_str_zero[3] = {static_cast<uint8_t>(out_len >> 8),
+ static_cast<uint8_t>(out_len), 0};
+ uint8_t b_0[EVP_MAX_MD_SIZE];
if (!EVP_DigestInit_ex(&ctx, md, NULL) ||
- !EVP_DigestUpdate(&ctx, b_i, md_size) ||
- !EVP_DigestUpdate(&ctx, &i, 1) ||
+ !EVP_DigestUpdate(&ctx, kZeros, block_size) ||
+ !EVP_DigestUpdate(&ctx, msg, msg_len) ||
+ !EVP_DigestUpdate(&ctx, l_i_b_str_zero, sizeof(l_i_b_str_zero)) ||
!EVP_DigestUpdate(&ctx, dst, dst_len) ||
!EVP_DigestUpdate(&ctx, &dst_len_u8, 1) ||
- !EVP_DigestFinal_ex(&ctx, b_i, NULL)) {
+ !EVP_DigestFinal_ex(&ctx, b_0, NULL)) {
goto err;
}
- size_t todo = out_len >= md_size ? md_size : out_len;
- OPENSSL_memcpy(out, b_i, todo);
- out += todo;
- out_len -= todo;
- i++;
- }
+ uint8_t b_i[EVP_MAX_MD_SIZE];
+ uint8_t i = 1;
+ while (out_len > 0) {
+ if (i == 0) {
+ // Input was too large.
+ OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ if (i > 1) {
+ for (size_t j = 0; j < md_size; j++) {
+ b_i[j] ^= b_0[j];
+ }
+ } else {
+ OPENSSL_memcpy(b_i, b_0, md_size);
+ }
- ret = 1;
+ if (!EVP_DigestInit_ex(&ctx, md, NULL) ||
+ !EVP_DigestUpdate(&ctx, b_i, md_size) ||
+ !EVP_DigestUpdate(&ctx, &i, 1) ||
+ !EVP_DigestUpdate(&ctx, dst, dst_len) ||
+ !EVP_DigestUpdate(&ctx, &dst_len_u8, 1) ||
+ !EVP_DigestFinal_ex(&ctx, b_i, NULL)) {
+ goto err;
+ }
+
+ size_t todo = out_len >= md_size ? md_size : out_len;
+ OPENSSL_memcpy(out, b_i, todo);
+ out += todo;
+ out_len -= todo;
+ i++;
+ }
+
+ ret = 1;
+ }
err:
EVP_MD_CTX_cleanup(&ctx);
@@ -144,8 +147,7 @@
// |felem_reduce| and |ec_scalar_reduce|. All defined hash-to-curve suites
// define |k| to be well under this bound. (|k| is usually around half of
// |p_bits|.)
- if (L * 8 >= 2 * bits - 2 ||
- L > 2 * EC_MAX_BYTES) {
+ if (L * 8 >= 2 * bits - 2 || L > 2 * EC_MAX_BYTES) {
assert(0);
OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR);
return 0;
@@ -462,9 +464,9 @@
msg, msg_len);
}
-int ec_hash_to_scalar_p384_xmd_sha384(
- const EC_GROUP *group, EC_SCALAR *out, const uint8_t *dst, size_t dst_len,
- const uint8_t *msg, size_t msg_len) {
+int ec_hash_to_scalar_p384_xmd_sha384(const EC_GROUP *group, EC_SCALAR *out,
+ const uint8_t *dst, size_t dst_len,
+ const uint8_t *msg, size_t msg_len) {
if (EC_GROUP_get_curve_name(group) != NID_secp384r1) {
OPENSSL_PUT_ERROR(EC, EC_R_GROUP_MISMATCH);
return 0;
@@ -475,8 +477,8 @@
}
int ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
- const EC_GROUP *group, EC_JACOBIAN *out, const uint8_t *dst,
- size_t dst_len, const uint8_t *msg, size_t msg_len) {
+ const EC_GROUP *group, EC_JACOBIAN *out, const uint8_t *dst, size_t dst_len,
+ const uint8_t *msg, size_t msg_len) {
// See section 8.3 of draft-irtf-cfrg-hash-to-curve-07.
if (EC_GROUP_get_curve_name(group) != NID_secp384r1) {
OPENSSL_PUT_ERROR(EC, EC_R_GROUP_MISMATCH);
diff --git a/crypto/ecdh_extra/ecdh_extra.c b/crypto/ecdh_extra/ecdh_extra.cc
similarity index 100%
rename from crypto/ecdh_extra/ecdh_extra.c
rename to crypto/ecdh_extra/ecdh_extra.cc
diff --git a/crypto/ecdsa_extra/ecdsa_asn1.c b/crypto/ecdsa_extra/ecdsa_asn1.cc
similarity index 92%
rename from crypto/ecdsa_extra/ecdsa_asn1.c
rename to crypto/ecdsa_extra/ecdsa_asn1.cc
index b2d4fc6..eeaffa7 100644
--- a/crypto/ecdsa_extra/ecdsa_asn1.c
+++ b/crypto/ecdsa_extra/ecdsa_asn1.cc
@@ -57,8 +57,8 @@
#include <openssl/bn.h>
#include <openssl/bytestring.h>
-#include <openssl/err.h>
#include <openssl/ec_key.h>
+#include <openssl/err.h>
#include <openssl/mem.h>
#include "../bytestring/internal.h"
@@ -79,8 +79,7 @@
return NULL;
}
ECDSA_SIG *ret = ECDSA_SIG_new();
- if (ret == NULL ||
- !BN_bin2bn(in, scalar_len, ret->r) ||
+ if (ret == NULL || !BN_bin2bn(in, scalar_len, ret->r) ||
!BN_bin2bn(in + scalar_len, scalar_len, ret->s)) {
ECDSA_SIG_free(ret);
return NULL;
@@ -100,8 +99,7 @@
OPENSSL_PUT_ERROR(EC, EC_R_BUFFER_TOO_SMALL);
return 0;
}
- if (BN_is_negative(sig->r) ||
- !BN_bn2bin_padded(out, scalar_len, sig->r) ||
+ if (BN_is_negative(sig->r) || !BN_bn2bin_padded(out, scalar_len, sig->r) ||
BN_is_negative(sig->s) ||
!BN_bn2bin_padded(out + scalar_len, scalar_len, sig->s)) {
OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_BAD_SIGNATURE);
@@ -115,7 +113,7 @@
unsigned int *out_sig_len, const EC_KEY *eckey) {
if (eckey->ecdsa_meth && eckey->ecdsa_meth->sign) {
return eckey->ecdsa_meth->sign(digest, digest_len, sig, out_sig_len,
- (EC_KEY*) eckey /* cast away const */);
+ (EC_KEY *)eckey /* cast away const */);
}
*out_sig_len = 0;
@@ -137,8 +135,7 @@
CBB cbb;
CBB_init_fixed(&cbb, sig, ECDSA_size(eckey));
size_t len;
- if (!ECDSA_SIG_marshal(&cbb, s) ||
- !CBB_finish(&cbb, NULL, &len)) {
+ if (!ECDSA_SIG_marshal(&cbb, s) || !CBB_finish(&cbb, NULL, &len)) {
OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_ENCODE_ERROR);
goto err;
}
@@ -165,8 +162,8 @@
// Defend against potential laxness in the DER parser.
size_t der_len;
- if (!ECDSA_SIG_to_bytes(&der, &der_len, s) ||
- der_len != sig_len || OPENSSL_memcmp(sig, der, sig_len) != 0) {
+ if (!ECDSA_SIG_to_bytes(&der, &der_len, s) || der_len != sig_len ||
+ OPENSSL_memcmp(sig, der, sig_len) != 0) {
// This should never happen. crypto/bytestring is strictly DER.
OPENSSL_PUT_ERROR(ECDSA, ERR_R_INTERNAL_ERROR);
goto err;
@@ -205,7 +202,8 @@
}
ECDSA_SIG *ECDSA_SIG_new(void) {
- ECDSA_SIG *sig = OPENSSL_malloc(sizeof(ECDSA_SIG));
+ ECDSA_SIG *sig =
+ reinterpret_cast<ECDSA_SIG *>(OPENSSL_malloc(sizeof(ECDSA_SIG)));
if (sig == NULL) {
return NULL;
}
@@ -228,13 +226,9 @@
OPENSSL_free(sig);
}
-const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig) {
- return sig->r;
-}
+const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig) { return sig->r; }
-const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig) {
- return sig->s;
-}
+const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig) { return sig->s; }
void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **out_r,
const BIGNUM **out_s) {
@@ -301,8 +295,7 @@
CBS child;
if (!CBS_get_asn1(cbs, &child, CBS_ASN1_SEQUENCE) ||
!BN_parse_asn1_unsigned(&child, ret->r) ||
- !BN_parse_asn1_unsigned(&child, ret->s) ||
- CBS_len(&child) != 0) {
+ !BN_parse_asn1_unsigned(&child, ret->s) || CBS_len(&child) != 0) {
OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_BAD_SIGNATURE);
ECDSA_SIG_free(ret);
return NULL;
@@ -325,8 +318,7 @@
int ECDSA_SIG_marshal(CBB *cbb, const ECDSA_SIG *sig) {
CBB child;
if (!CBB_add_asn1(cbb, &child, CBS_ASN1_SEQUENCE) ||
- !BN_marshal_asn1(&child, sig->r) ||
- !BN_marshal_asn1(&child, sig->s) ||
+ !BN_marshal_asn1(&child, sig->r) || !BN_marshal_asn1(&child, sig->s) ||
!CBB_flush(cbb)) {
OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_ENCODE_ERROR);
return 0;
@@ -338,8 +330,7 @@
const ECDSA_SIG *sig) {
CBB cbb;
CBB_zero(&cbb);
- if (!CBB_init(&cbb, 0) ||
- !ECDSA_SIG_marshal(&cbb, sig) ||
+ if (!CBB_init(&cbb, 0) || !ECDSA_SIG_marshal(&cbb, sig) ||
!CBB_finish(&cbb, out_bytes, out_len)) {
OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_ENCODE_ERROR);
CBB_cleanup(&cbb);
@@ -402,8 +393,7 @@
int i2d_ECDSA_SIG(const ECDSA_SIG *sig, uint8_t **outp) {
CBB cbb;
- if (!CBB_init(&cbb, 0) ||
- !ECDSA_SIG_marshal(&cbb, sig)) {
+ if (!CBB_init(&cbb, 0) || !ECDSA_SIG_marshal(&cbb, sig)) {
CBB_cleanup(&cbb);
return -1;
}
diff --git a/crypto/engine/engine.c b/crypto/engine/engine.cc
similarity index 84%
rename from crypto/engine/engine.c
rename to crypto/engine/engine.cc
index 831d468..2bc945e 100644
--- a/crypto/engine/engine.c
+++ b/crypto/engine/engine.cc
@@ -14,8 +14,8 @@
#include <openssl/engine.h>
-#include <string.h>
#include <assert.h>
+#include <string.h>
#include <openssl/ec_key.h>
#include <openssl/err.h>
@@ -31,7 +31,9 @@
ECDSA_METHOD *ecdsa_method;
};
-ENGINE *ENGINE_new(void) { return OPENSSL_zalloc(sizeof(ENGINE)); }
+ENGINE *ENGINE_new(void) {
+ return reinterpret_cast<ENGINE *>(OPENSSL_zalloc(sizeof(ENGINE)));
+}
int ENGINE_free(ENGINE *engine) {
// Methods are currently required to be static so are not unref'ed.
@@ -46,17 +48,18 @@
// static.
static int set_method(void **out_member, const void *method, size_t method_size,
size_t compiled_size) {
- const struct openssl_method_common_st *common = method;
+ const struct openssl_method_common_st *common =
+ reinterpret_cast<const openssl_method_common_st *>(method);
if (method_size != compiled_size || !common->is_static) {
return 0;
}
- *out_member = (void*) method;
+ *out_member = (void *)method;
return 1;
}
int ENGINE_set_RSA_method(ENGINE *engine, const RSA_METHOD *method,
- size_t method_size) {
+ size_t method_size) {
return set_method((void **)&engine->rsa_method, method, method_size,
sizeof(RSA_METHOD));
}
@@ -76,11 +79,12 @@
}
void METHOD_ref(void *method_in) {
- assert(((struct openssl_method_common_st*) method_in)->is_static);
+ assert(((struct openssl_method_common_st *)method_in)->is_static);
}
void METHOD_unref(void *method_in) {
- struct openssl_method_common_st *method = method_in;
+ struct openssl_method_common_st *method =
+ reinterpret_cast<openssl_method_common_st *>(method_in);
if (method == NULL) {
return;
diff --git a/crypto/err/err.c b/crypto/err/err.cc
similarity index 94%
rename from crypto/err/err.c
rename to crypto/err/err.cc
index 6f08e78..68f8439 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.cc
@@ -168,7 +168,7 @@
// |strdup| is not in C until C23, so MSVC triggers deprecation warnings, and
// glibc and musl gate it on a feature macro. Reimplementing it is easier.
size_t len = strlen(str);
- char *ret = malloc(len + 1);
+ char *ret = reinterpret_cast<char *>(malloc(len + 1));
if (ret != NULL) {
memcpy(ret, str, len + 1);
}
@@ -202,7 +202,7 @@
static CRYPTO_MUTEX global_next_library_mutex = CRYPTO_MUTEX_INIT;
static void err_state_free(void *statep) {
- ERR_STATE *state = statep;
+ ERR_STATE *state = reinterpret_cast<ERR_STATE *>(statep);
if (state == NULL) {
return;
@@ -217,9 +217,10 @@
// err_get_state gets the ERR_STATE object for the current thread.
static ERR_STATE *err_get_state(void) {
- ERR_STATE *state = CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_ERR);
+ ERR_STATE *state = reinterpret_cast<ERR_STATE *>(
+ CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_ERR));
if (state == NULL) {
- state = malloc(sizeof(ERR_STATE));
+ state = reinterpret_cast<ERR_STATE *>(malloc(sizeof(ERR_STATE)));
if (state == NULL) {
return NULL;
}
@@ -380,19 +381,15 @@
return ret;
}
-void ERR_remove_state(unsigned long pid) {
- ERR_clear_error();
-}
+void ERR_remove_state(unsigned long pid) { ERR_clear_error(); }
-void ERR_clear_system_error(void) {
- errno = 0;
-}
+void ERR_clear_system_error(void) { errno = 0; }
// err_string_cmp is a compare function for searching error values with
// |bsearch| in |err_string_lookup|.
static int err_string_cmp(const void *a, const void *b) {
- const uint32_t a_key = *((const uint32_t*) a) >> 15;
- const uint32_t b_key = *((const uint32_t*) b) >> 15;
+ const uint32_t a_key = *((const uint32_t *)a) >> 15;
+ const uint32_t b_key = *((const uint32_t *)b) >> 15;
if (a_key < b_key) {
return -1;
@@ -406,8 +403,7 @@
// err_string_lookup looks up the string associated with |lib| and |key| in
// |values| and |string_data|. It returns the string or NULL if not found.
static const char *err_string_lookup(uint32_t lib, uint32_t key,
- const uint32_t *values,
- size_t num_values,
+ const uint32_t *values, size_t num_values,
const char *string_data) {
// |values| points to data in err_data.h, which is generated by
// err_data_generate.go. It's an array of uint32_t values. Each value has the
@@ -426,8 +422,8 @@
return NULL;
}
uint32_t search_key = lib << 26 | key << 15;
- const uint32_t *result = bsearch(&search_key, values, num_values,
- sizeof(uint32_t), err_string_cmp);
+ const uint32_t *result = reinterpret_cast<const uint32_t *>(bsearch(
+ &search_key, values, num_values, sizeof(uint32_t), err_string_cmp));
if (result == NULL) {
return NULL;
}
@@ -632,7 +628,7 @@
// thread_hash is the least-significant bits of the |ERR_STATE| pointer value
// for this thread.
- const unsigned long thread_hash = (uintptr_t) err_get_state();
+ const unsigned long thread_hash = (uintptr_t)err_get_state();
for (;;) {
packed_error = ERR_get_error_line_data(&file, &line, &data, &flags);
@@ -649,9 +645,9 @@
}
}
-static int print_errors_to_file(const char* msg, size_t msg_len, void* ctx) {
+static int print_errors_to_file(const char *msg, size_t msg_len, void *ctx) {
assert(msg[msg_len] == '\0');
- FILE* fp = ctx;
+ FILE *fp = reinterpret_cast<FILE *>(ctx);
int res = fputs(msg, fp);
return res < 0 ? 0 : 1;
}
@@ -722,16 +718,16 @@
}
size_t substr_len = strlen(substr);
if (SIZE_MAX - total_size < substr_len) {
- return; // Would overflow.
+ return; // Would overflow.
}
total_size += substr_len;
}
va_end(args_copy);
if (total_size == SIZE_MAX) {
- return; // Would overflow.
+ return; // Would overflow.
}
- total_size += 1; // NUL terminator.
- if ((buf = malloc(total_size)) == NULL) {
+ total_size += 1; // NUL terminator.
+ if ((buf = reinterpret_cast<char *>(malloc(total_size))) == NULL) {
return;
}
buf[0] = '\0';
@@ -741,7 +737,7 @@
continue;
}
if (OPENSSL_strlcat(buf, substr, total_size) >= total_size) {
- assert(0); // should not be possible.
+ assert(0); // should not be possible.
}
}
va_end(args);
@@ -855,7 +851,8 @@
return NULL;
}
- ERR_SAVE_STATE *ret = malloc(sizeof(ERR_SAVE_STATE));
+ ERR_SAVE_STATE *ret =
+ reinterpret_cast<ERR_SAVE_STATE *>(malloc(sizeof(ERR_SAVE_STATE)));
if (ret == NULL) {
return NULL;
}
@@ -865,7 +862,8 @@
? state->top - state->bottom
: ERR_NUM_ERRORS + state->top - state->bottom;
assert(num_errors < ERR_NUM_ERRORS);
- ret->errors = malloc(num_errors * sizeof(struct err_error_st));
+ ret->errors = reinterpret_cast<err_error_st *>(
+ malloc(num_errors * sizeof(struct err_error_st)));
if (ret->errors == NULL) {
free(ret);
return NULL;
diff --git a/crypto/evp/evp.c b/crypto/evp/evp.cc
similarity index 96%
rename from crypto/evp/evp.c
rename to crypto/evp/evp.cc
index d81abe9..bd05974 100644
--- a/crypto/evp/evp.c
+++ b/crypto/evp/evp.cc
@@ -64,8 +64,8 @@
#include <openssl/nid.h>
#include <openssl/thread.h>
-#include "internal.h"
#include "../internal.h"
+#include "internal.h"
// Node depends on |EVP_R_NOT_XOF_OR_INVALID_LENGTH|.
@@ -78,7 +78,8 @@
OPENSSL_DECLARE_ERROR_REASON(EVP, EMPTY_PSK)
EVP_PKEY *EVP_PKEY_new(void) {
- EVP_PKEY *ret = OPENSSL_zalloc(sizeof(EVP_PKEY));
+ EVP_PKEY *ret =
+ reinterpret_cast<EVP_PKEY *>(OPENSSL_zalloc(sizeof(EVP_PKEY)));
if (ret == NULL) {
return NULL;
}
@@ -196,9 +197,7 @@
return 0;
}
-int EVP_PKEY_id(const EVP_PKEY *pkey) {
- return pkey->type;
-}
+int EVP_PKEY_id(const EVP_PKEY *pkey) { return pkey->type; }
// evp_pkey_asn1_find returns the ASN.1 method table for the given |nid|, which
// should be one of the |EVP_PKEY_*| values. It returns NULL if |nid| is
@@ -238,13 +237,13 @@
// public API.
switch (type) {
case EVP_PKEY_RSA:
- return EVP_PKEY_assign_RSA(pkey, key);
+ return EVP_PKEY_assign_RSA(pkey, reinterpret_cast<RSA *>(key));
case EVP_PKEY_DSA:
- return EVP_PKEY_assign_DSA(pkey, key);
+ return EVP_PKEY_assign_DSA(pkey, reinterpret_cast<DSA *>(key));
case EVP_PKEY_EC:
- return EVP_PKEY_assign_EC_KEY(pkey, key);
+ return EVP_PKEY_assign_EC_KEY(pkey, reinterpret_cast<EC_KEY *>(key));
case EVP_PKEY_DH:
- return EVP_PKEY_assign_DH(pkey, key);
+ return EVP_PKEY_assign_DH(pkey, reinterpret_cast<DH *>(key));
}
OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM);
diff --git a/crypto/evp/evp_asn1.c b/crypto/evp/evp_asn1.cc
similarity index 100%
rename from crypto/evp/evp_asn1.c
rename to crypto/evp/evp_asn1.cc
diff --git a/crypto/evp/evp_ctx.c b/crypto/evp/evp_ctx.cc
similarity index 96%
rename from crypto/evp/evp_ctx.c
rename to crypto/evp/evp_ctx.cc
index ea2781f..d5acb10 100644
--- a/crypto/evp/evp_ctx.c
+++ b/crypto/evp/evp_ctx.cc
@@ -67,15 +67,12 @@
static const EVP_PKEY_METHOD *const evp_methods[] = {
- &rsa_pkey_meth,
- &ec_pkey_meth,
- &ed25519_pkey_meth,
- &x25519_pkey_meth,
- &hkdf_pkey_meth,
+ &rsa_pkey_meth, &ec_pkey_meth, &ed25519_pkey_meth,
+ &x25519_pkey_meth, &hkdf_pkey_meth,
};
static const EVP_PKEY_METHOD *evp_pkey_meth_find(int type) {
- for (size_t i = 0; i < sizeof(evp_methods)/sizeof(EVP_PKEY_METHOD*); i++) {
+ for (size_t i = 0; i < sizeof(evp_methods) / sizeof(EVP_PKEY_METHOD *); i++) {
if (evp_methods[i]->pkey_id == type) {
return evp_methods[i];
}
@@ -86,7 +83,8 @@
static EVP_PKEY_CTX *evp_pkey_ctx_new(EVP_PKEY *pkey, ENGINE *e,
const EVP_PKEY_METHOD *pmeth) {
- EVP_PKEY_CTX *ret = OPENSSL_zalloc(sizeof(EVP_PKEY_CTX));
+ EVP_PKEY_CTX *ret =
+ reinterpret_cast<EVP_PKEY_CTX *>(OPENSSL_zalloc(sizeof(EVP_PKEY_CTX)));
if (!ret) {
return NULL;
}
@@ -155,7 +153,8 @@
return NULL;
}
- EVP_PKEY_CTX *ret = OPENSSL_zalloc(sizeof(EVP_PKEY_CTX));
+ EVP_PKEY_CTX *ret =
+ reinterpret_cast<EVP_PKEY_CTX *>(OPENSSL_zalloc(sizeof(EVP_PKEY_CTX)));
if (!ret) {
return NULL;
}
diff --git a/crypto/evp/p_dh.c b/crypto/evp/p_dh.cc
similarity index 74%
rename from crypto/evp/p_dh.c
rename to crypto/evp/p_dh.cc
index 9953f82..43a18b3 100644
--- a/crypto/evp/p_dh.c
+++ b/crypto/evp/p_dh.cc
@@ -23,7 +23,8 @@
} DH_PKEY_CTX;
static int pkey_dh_init(EVP_PKEY_CTX *ctx) {
- DH_PKEY_CTX *dctx = OPENSSL_zalloc(sizeof(DH_PKEY_CTX));
+ DH_PKEY_CTX *dctx =
+ reinterpret_cast<DH_PKEY_CTX *>(OPENSSL_zalloc(sizeof(DH_PKEY_CTX)));
if (dctx == NULL) {
return 0;
}
@@ -37,8 +38,8 @@
return 0;
}
- const DH_PKEY_CTX *sctx = src->data;
- DH_PKEY_CTX *dctx = dst->data;
+ const DH_PKEY_CTX *sctx = reinterpret_cast<DH_PKEY_CTX *>(src->data);
+ DH_PKEY_CTX *dctx = reinterpret_cast<DH_PKEY_CTX *>(dst->data);
dctx->pad = sctx->pad;
return 1;
}
@@ -63,14 +64,14 @@
}
static int pkey_dh_derive(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *out_len) {
- DH_PKEY_CTX *dctx = ctx->data;
+ DH_PKEY_CTX *dctx = reinterpret_cast<DH_PKEY_CTX *>(ctx->data);
if (ctx->pkey == NULL || ctx->peerkey == NULL) {
OPENSSL_PUT_ERROR(EVP, EVP_R_KEYS_NOT_SET);
return 0;
}
- DH *our_key = ctx->pkey->pkey;
- DH *peer_key = ctx->peerkey->pkey;
+ DH *our_key = reinterpret_cast<DH *>(ctx->pkey->pkey);
+ DH *peer_key = reinterpret_cast<DH *>(ctx->peerkey->pkey);
if (our_key == NULL || peer_key == NULL) {
OPENSSL_PUT_ERROR(EVP, EVP_R_KEYS_NOT_SET);
return 0;
@@ -104,7 +105,7 @@
}
static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) {
- DH_PKEY_CTX *dctx = ctx->data;
+ DH_PKEY_CTX *dctx = reinterpret_cast<DH_PKEY_CTX *>(ctx->data);
switch (type) {
case EVP_PKEY_CTRL_PEER_KEY:
// |EVP_PKEY_derive_set_peer| requires the key implement this command,
@@ -122,13 +123,21 @@
}
const EVP_PKEY_METHOD dh_pkey_meth = {
- .pkey_id = EVP_PKEY_DH,
- .init = pkey_dh_init,
- .copy = pkey_dh_copy,
- .cleanup = pkey_dh_cleanup,
- .keygen = pkey_dh_keygen,
- .derive = pkey_dh_derive,
- .ctrl = pkey_dh_ctrl,
+ /*pkey_id=*/EVP_PKEY_DH,
+ /*init=*/pkey_dh_init,
+ /*copy=*/pkey_dh_copy,
+ /*cleanup=*/pkey_dh_cleanup,
+ /*keygen=*/pkey_dh_keygen,
+ /*sign=*/nullptr,
+ /*sign_message=*/nullptr,
+ /*verify=*/nullptr,
+ /*verify_message=*/nullptr,
+ /*verify_recover=*/nullptr,
+ /*encrypt=*/nullptr,
+ /*decrypt=*/nullptr,
+ /*derive=*/pkey_dh_derive,
+ /*paramgen=*/nullptr,
+ /*ctrl=*/pkey_dh_ctrl,
};
int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad) {
diff --git a/crypto/evp/p_dh_asn1.c b/crypto/evp/p_dh_asn1.cc
similarity index 63%
rename from crypto/evp/p_dh_asn1.c
rename to crypto/evp/p_dh_asn1.cc
index b1038d1..877b49c 100644
--- a/crypto/evp/p_dh_asn1.c
+++ b/crypto/evp/p_dh_asn1.cc
@@ -13,21 +13,25 @@
#include <openssl/dh.h>
#include <openssl/err.h>
-#include "internal.h"
#include "../internal.h"
+#include "internal.h"
static void dh_free(EVP_PKEY *pkey) {
- DH_free(pkey->pkey);
+ DH_free(reinterpret_cast<DH *>(pkey->pkey));
pkey->pkey = NULL;
}
-static int dh_size(const EVP_PKEY *pkey) { return DH_size(pkey->pkey); }
+static int dh_size(const EVP_PKEY *pkey) {
+ return DH_size(reinterpret_cast<const DH *>(pkey->pkey));
+}
-static int dh_bits(const EVP_PKEY *pkey) { return DH_bits(pkey->pkey); }
+static int dh_bits(const EVP_PKEY *pkey) {
+ return DH_bits(reinterpret_cast<const DH *>(pkey->pkey));
+}
static int dh_param_missing(const EVP_PKEY *pkey) {
- const DH *dh = pkey->pkey;
+ const DH *dh = reinterpret_cast<const DH *>(pkey->pkey);
return dh == NULL || DH_get0_p(dh) == NULL || DH_get0_g(dh) == NULL;
}
@@ -37,13 +41,13 @@
return 0;
}
- const DH *dh = from->pkey;
+ const DH *dh = reinterpret_cast<DH *>(from->pkey);
const BIGNUM *q_old = DH_get0_q(dh);
BIGNUM *p = BN_dup(DH_get0_p(dh));
BIGNUM *q = q_old == NULL ? NULL : BN_dup(q_old);
BIGNUM *g = BN_dup(DH_get0_g(dh));
if (p == NULL || (q_old != NULL && q == NULL) || g == NULL ||
- !DH_set0_pqg(to->pkey, p, q, g)) {
+ !DH_set0_pqg(reinterpret_cast<DH *>(to->pkey), p, q, g)) {
BN_free(p);
BN_free(q);
BN_free(g);
@@ -61,8 +65,8 @@
// Matching OpenSSL, only compare p and g for PKCS#3-style Diffie-Hellman.
// OpenSSL only checks q in X9.42-style Diffie-Hellman ("DHX").
- const DH *a_dh = a->pkey;
- const DH *b_dh = b->pkey;
+ const DH *a_dh = reinterpret_cast<const DH *>(a->pkey);
+ const DH *b_dh = reinterpret_cast<const DH *>(b->pkey);
return BN_cmp(DH_get0_p(a_dh), DH_get0_p(b_dh)) == 0 &&
BN_cmp(DH_get0_g(a_dh), DH_get0_g(b_dh)) == 0;
}
@@ -72,21 +76,34 @@
return 0;
}
- const DH *a_dh = a->pkey;
- const DH *b_dh = b->pkey;
+ const DH *a_dh = reinterpret_cast<const DH *>(a->pkey);
+ const DH *b_dh = reinterpret_cast<const DH *>(b->pkey);
return BN_cmp(DH_get0_pub_key(a_dh), DH_get0_pub_key(b_dh)) == 0;
}
const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
- .pkey_id = EVP_PKEY_DH,
- .pkey_method = &dh_pkey_meth,
- .pub_cmp = dh_pub_cmp,
- .pkey_size = dh_size,
- .pkey_bits = dh_bits,
- .param_missing = dh_param_missing,
- .param_copy = dh_param_copy,
- .param_cmp = dh_param_cmp,
- .pkey_free = dh_free,
+ /*pkey_id=*/EVP_PKEY_DH,
+ /*oid=*/{0},
+ /*oid_len=*/0,
+ /*pkey_method=*/&dh_pkey_meth,
+ /*pub_decode=*/nullptr,
+ /*pub_encode=*/nullptr,
+ /*pub_cmp=*/dh_pub_cmp,
+ /*priv_decode=*/nullptr,
+ /*priv_encode=*/nullptr,
+ /*set_priv_raw=*/nullptr,
+ /*set_pub_raw=*/nullptr,
+ /*get_priv_raw=*/nullptr,
+ /*get_pub_raw=*/nullptr,
+ /*set1_tls_encodedpoint=*/nullptr,
+ /*get1_tls_encodedpoint=*/nullptr,
+ /*pkey_opaque=*/nullptr,
+ /*pkey_size=*/dh_size,
+ /*pkey_bits=*/dh_bits,
+ /*param_missing=*/dh_param_missing,
+ /*param_copy=*/dh_param_copy,
+ /*param_cmp=*/dh_param_cmp,
+ /*pkey_free=*/dh_free,
};
int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) {
@@ -108,7 +125,7 @@
OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_A_DH_KEY);
return NULL;
}
- return pkey->pkey;
+ return reinterpret_cast<DH *>(const_cast<EVP_PKEY *>(pkey)->pkey);
}
DH *EVP_PKEY_get1_DH(const EVP_PKEY *pkey) {
diff --git a/crypto/evp/p_dsa_asn1.c b/crypto/evp/p_dsa_asn1.cc
similarity index 88%
rename from crypto/evp/p_dsa_asn1.c
rename to crypto/evp/p_dsa_asn1.cc
index 9874747..7f2c90f 100644
--- a/crypto/evp/p_dsa_asn1.c
+++ b/crypto/evp/p_dsa_asn1.cc
@@ -55,9 +55,9 @@
#include <openssl/evp.h>
-#include <openssl/digest.h>
#include <openssl/bn.h>
#include <openssl/bytestring.h>
+#include <openssl/digest.h>
#include <openssl/dsa.h>
#include <openssl/err.h>
@@ -88,8 +88,7 @@
goto err;
}
- if (!BN_parse_asn1_unsigned(key, dsa->pub_key) ||
- CBS_len(key) != 0) {
+ if (!BN_parse_asn1_unsigned(key, dsa->pub_key) || CBS_len(key) != 0) {
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
goto err;
}
@@ -103,7 +102,7 @@
}
static int dsa_pub_encode(CBB *out, const EVP_PKEY *key) {
- const DSA *dsa = key->pkey;
+ const DSA *dsa = reinterpret_cast<const DSA *>(key->pkey);
const int has_params = dsa->p != NULL && dsa->q != NULL && dsa->g != NULL;
// See RFC 5480, section 2.
@@ -112,12 +111,10 @@
!CBB_add_asn1(&spki, &algorithm, CBS_ASN1_SEQUENCE) ||
!CBB_add_asn1(&algorithm, &oid, CBS_ASN1_OBJECT) ||
!CBB_add_bytes(&oid, dsa_asn1_meth.oid, dsa_asn1_meth.oid_len) ||
- (has_params &&
- !DSA_marshal_parameters(&algorithm, dsa)) ||
+ (has_params && !DSA_marshal_parameters(&algorithm, dsa)) ||
!CBB_add_asn1(&spki, &key_bitstring, CBS_ASN1_BITSTRING) ||
!CBB_add_u8(&key_bitstring, 0 /* padding */) ||
- !BN_marshal_asn1(&key_bitstring, dsa->pub_key) ||
- !CBB_flush(out)) {
+ !BN_marshal_asn1(&key_bitstring, dsa->pub_key) || !CBB_flush(out)) {
OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);
return 0;
}
@@ -140,8 +137,7 @@
if (dsa->priv_key == NULL) {
goto err;
}
- if (!BN_parse_asn1_unsigned(key, dsa->priv_key) ||
- CBS_len(key) != 0) {
+ if (!BN_parse_asn1_unsigned(key, dsa->priv_key) || CBS_len(key) != 0) {
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
goto err;
}
@@ -174,7 +170,7 @@
}
static int dsa_priv_encode(CBB *out, const EVP_PKEY *key) {
- const DSA *dsa = key->pkey;
+ const DSA *dsa = reinterpret_cast<const DSA *>(key->pkey);
if (dsa == NULL || dsa->priv_key == NULL) {
OPENSSL_PUT_ERROR(EVP, EVP_R_MISSING_PARAMETERS);
return 0;
@@ -189,8 +185,7 @@
!CBB_add_bytes(&oid, dsa_asn1_meth.oid, dsa_asn1_meth.oid_len) ||
!DSA_marshal_parameters(&algorithm, dsa) ||
!CBB_add_asn1(&pkcs8, &private_key, CBS_ASN1_OCTETSTRING) ||
- !BN_marshal_asn1(&private_key, dsa->priv_key) ||
- !CBB_flush(out)) {
+ !BN_marshal_asn1(&private_key, dsa->priv_key) || !CBB_flush(out)) {
OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);
return 0;
}
@@ -199,17 +194,17 @@
}
static int int_dsa_size(const EVP_PKEY *pkey) {
- const DSA *dsa = pkey->pkey;
+ const DSA *dsa = reinterpret_cast<const DSA *>(pkey->pkey);
return DSA_size(dsa);
}
static int dsa_bits(const EVP_PKEY *pkey) {
- const DSA *dsa = pkey->pkey;
+ const DSA *dsa = reinterpret_cast<const DSA *>(pkey->pkey);
return BN_num_bits(DSA_get0_p(dsa));
}
static int dsa_missing_parameters(const EVP_PKEY *pkey) {
- const DSA *dsa = pkey->pkey;
+ const DSA *dsa = reinterpret_cast<const DSA *>(pkey->pkey);
if (DSA_get0_p(dsa) == NULL || DSA_get0_q(dsa) == NULL ||
DSA_get0_g(dsa) == NULL) {
return 1;
@@ -231,8 +226,8 @@
}
static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) {
- DSA *to_dsa = to->pkey;
- const DSA *from_dsa = from->pkey;
+ DSA *to_dsa = reinterpret_cast<DSA *>(to->pkey);
+ const DSA *from_dsa = reinterpret_cast<const DSA *>(from->pkey);
if (!dup_bn_into(&to_dsa->p, from_dsa->p) ||
!dup_bn_into(&to_dsa->q, from_dsa->q) ||
!dup_bn_into(&to_dsa->g, from_dsa->g)) {
@@ -243,21 +238,21 @@
}
static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) {
- const DSA *a_dsa = a->pkey;
- const DSA *b_dsa = b->pkey;
+ const DSA *a_dsa = reinterpret_cast<const DSA *>(a->pkey);
+ const DSA *b_dsa = reinterpret_cast<const DSA *>(b->pkey);
return BN_cmp(DSA_get0_p(a_dsa), DSA_get0_p(b_dsa)) == 0 &&
BN_cmp(DSA_get0_q(a_dsa), DSA_get0_q(b_dsa)) == 0 &&
BN_cmp(DSA_get0_g(a_dsa), DSA_get0_g(b_dsa)) == 0;
}
static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) {
- const DSA *a_dsa = a->pkey;
- const DSA *b_dsa = b->pkey;
+ const DSA *a_dsa = reinterpret_cast<const DSA *>(a->pkey);
+ const DSA *b_dsa = reinterpret_cast<const DSA *>(b->pkey);
return BN_cmp(DSA_get0_pub_key(b_dsa), DSA_get0_pub_key(a_dsa)) == 0;
}
static void int_dsa_free(EVP_PKEY *pkey) {
- DSA_free(pkey->pkey);
+ DSA_free(reinterpret_cast<DSA *>(pkey->pkey));
pkey->pkey = NULL;
}
@@ -326,7 +321,7 @@
OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_A_DSA_KEY);
return NULL;
}
- return pkey->pkey;
+ return reinterpret_cast<DSA *>(pkey->pkey);
}
DSA *EVP_PKEY_get1_DSA(const EVP_PKEY *pkey) {
diff --git a/crypto/evp/p_ec.c b/crypto/evp/p_ec.cc
similarity index 86%
rename from crypto/evp/p_ec.c
rename to crypto/evp/p_ec.cc
index 7e1594e..f2c140f 100644
--- a/crypto/evp/p_ec.c
+++ b/crypto/evp/p_ec.cc
@@ -67,9 +67,9 @@
#include <openssl/mem.h>
#include <openssl/nid.h>
-#include "internal.h"
#include "../fipsmodule/ec/internal.h"
#include "../internal.h"
+#include "internal.h"
typedef struct {
@@ -80,7 +80,8 @@
static int pkey_ec_init(EVP_PKEY_CTX *ctx) {
- EC_PKEY_CTX *dctx = OPENSSL_zalloc(sizeof(EC_PKEY_CTX));
+ EC_PKEY_CTX *dctx =
+ reinterpret_cast<EC_PKEY_CTX *>(OPENSSL_zalloc(sizeof(EC_PKEY_CTX)));
if (!dctx) {
return 0;
}
@@ -94,15 +95,15 @@
return 0;
}
- const EC_PKEY_CTX *sctx = src->data;
- EC_PKEY_CTX *dctx = dst->data;
+ const EC_PKEY_CTX *sctx = reinterpret_cast<EC_PKEY_CTX *>(src->data);
+ EC_PKEY_CTX *dctx = reinterpret_cast<EC_PKEY_CTX *>(dst->data);
dctx->md = sctx->md;
dctx->gen_group = sctx->gen_group;
return 1;
}
static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx) {
- EC_PKEY_CTX *dctx = ctx->data;
+ EC_PKEY_CTX *dctx = reinterpret_cast<EC_PKEY_CTX *>(ctx->data);
if (!dctx) {
return;
}
@@ -112,7 +113,7 @@
static int pkey_ec_sign(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *siglen,
const uint8_t *tbs, size_t tbslen) {
- const EC_KEY *ec = ctx->pkey->pkey;
+ const EC_KEY *ec = reinterpret_cast<EC_KEY *>(ctx->pkey->pkey);
if (!sig) {
*siglen = ECDSA_size(ec);
return 1;
@@ -131,18 +132,17 @@
static int pkey_ec_verify(EVP_PKEY_CTX *ctx, const uint8_t *sig, size_t siglen,
const uint8_t *tbs, size_t tbslen) {
- const EC_KEY *ec_key = ctx->pkey->pkey;
+ const EC_KEY *ec_key = reinterpret_cast<EC_KEY *>(ctx->pkey->pkey);
return ECDSA_verify(0, tbs, tbslen, sig, siglen, ec_key);
}
-static int pkey_ec_derive(EVP_PKEY_CTX *ctx, uint8_t *key,
- size_t *keylen) {
+static int pkey_ec_derive(EVP_PKEY_CTX *ctx, uint8_t *key, size_t *keylen) {
if (!ctx->pkey || !ctx->peerkey) {
OPENSSL_PUT_ERROR(EVP, EVP_R_KEYS_NOT_SET);
return 0;
}
- const EC_KEY *eckey = ctx->pkey->pkey;
+ const EC_KEY *eckey = reinterpret_cast<EC_KEY *>(ctx->pkey->pkey);
if (!key) {
const EC_GROUP *group;
group = EC_KEY_get0_group(eckey);
@@ -150,7 +150,7 @@
return 1;
}
- const EC_KEY *eckey_peer = ctx->peerkey->pkey;
+ const EC_KEY *eckey_peer = reinterpret_cast<EC_KEY *>(ctx->peerkey->pkey);
const EC_POINT *pubkey = EC_KEY_get0_public_key(eckey_peer);
// NB: unlike PKCS#3 DH, if *outlen is less than maximum size this is
@@ -165,11 +165,11 @@
}
static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) {
- EC_PKEY_CTX *dctx = ctx->data;
+ EC_PKEY_CTX *dctx = reinterpret_cast<EC_PKEY_CTX *>(ctx->data);
switch (type) {
case EVP_PKEY_CTRL_MD: {
- const EVP_MD *md = p2;
+ const EVP_MD *md = reinterpret_cast<const EVP_MD *>(p2);
int md_type = EVP_MD_type(md);
if (md_type != NID_sha1 && md_type != NID_sha224 &&
md_type != NID_sha256 && md_type != NID_sha384 &&
@@ -205,19 +205,17 @@
}
static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) {
- EC_PKEY_CTX *dctx = ctx->data;
+ EC_PKEY_CTX *dctx = reinterpret_cast<EC_PKEY_CTX *>(ctx->data);
const EC_GROUP *group = dctx->gen_group;
if (group == NULL) {
if (ctx->pkey == NULL) {
OPENSSL_PUT_ERROR(EVP, EVP_R_NO_PARAMETERS_SET);
return 0;
}
- group = EC_KEY_get0_group(ctx->pkey->pkey);
+ group = EC_KEY_get0_group(reinterpret_cast<EC_KEY *>(ctx->pkey->pkey));
}
EC_KEY *ec = EC_KEY_new();
- if (ec == NULL ||
- !EC_KEY_set_group(ec, group) ||
- !EC_KEY_generate_key(ec)) {
+ if (ec == NULL || !EC_KEY_set_group(ec, group) || !EC_KEY_generate_key(ec)) {
EC_KEY_free(ec);
return 0;
}
@@ -226,14 +224,13 @@
}
static int pkey_ec_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) {
- EC_PKEY_CTX *dctx = ctx->data;
+ EC_PKEY_CTX *dctx = reinterpret_cast<EC_PKEY_CTX *>(ctx->data);
if (dctx->gen_group == NULL) {
OPENSSL_PUT_ERROR(EVP, EVP_R_NO_PARAMETERS_SET);
return 0;
}
EC_KEY *ec = EC_KEY_new();
- if (ec == NULL ||
- !EC_KEY_set_group(ec, dctx->gen_group)) {
+ if (ec == NULL || !EC_KEY_set_group(ec, dctx->gen_group)) {
EC_KEY_free(ec);
return 0;
}
diff --git a/crypto/evp/p_ec_asn1.c b/crypto/evp/p_ec_asn1.cc
similarity index 89%
rename from crypto/evp/p_ec_asn1.c
rename to crypto/evp/p_ec_asn1.cc
index 54d02c3..fcaf63c 100644
--- a/crypto/evp/p_ec_asn1.c
+++ b/crypto/evp/p_ec_asn1.cc
@@ -9,7 +9,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -66,7 +66,7 @@
static int eckey_pub_encode(CBB *out, const EVP_PKEY *key) {
- const EC_KEY *ec_key = key->pkey;
+ const EC_KEY *ec_key = reinterpret_cast<const EC_KEY *>(key->pkey);
const EC_GROUP *group = EC_KEY_get0_group(ec_key);
const EC_POINT *public_key = EC_KEY_get0_public_key(ec_key);
@@ -101,7 +101,7 @@
}
eckey = EC_KEY_new();
- if (eckey == NULL || //
+ if (eckey == NULL || //
!EC_KEY_set_group(eckey, group) ||
!EC_KEY_oct2key(eckey, CBS_data(key), CBS_len(key), NULL)) {
goto err;
@@ -116,8 +116,8 @@
}
static int eckey_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) {
- const EC_KEY *a_ec = a->pkey;
- const EC_KEY *b_ec = b->pkey;
+ const EC_KEY *a_ec = reinterpret_cast<const EC_KEY *>(a->pkey);
+ const EC_KEY *b_ec = reinterpret_cast<const EC_KEY *>(b->pkey);
const EC_GROUP *group = EC_KEY_get0_group(b_ec);
const EC_POINT *pa = EC_KEY_get0_public_key(a_ec),
*pb = EC_KEY_get0_public_key(b_ec);
@@ -151,7 +151,7 @@
}
static int eckey_priv_encode(CBB *out, const EVP_PKEY *key) {
- const EC_KEY *ec_key = key->pkey;
+ const EC_KEY *ec_key = reinterpret_cast<const EC_KEY *>(key->pkey);
// Omit the redundant copy of the curve name. This contradicts RFC 5915 but
// aligns with PKCS #11. SEC 1 only says they may be omitted if known by other
@@ -179,7 +179,7 @@
static int eckey_set1_tls_encodedpoint(EVP_PKEY *pkey, const uint8_t *in,
size_t len) {
- EC_KEY *ec_key = pkey->pkey;
+ EC_KEY *ec_key = reinterpret_cast<EC_KEY *>(pkey->pkey);
if (ec_key == NULL) {
OPENSSL_PUT_ERROR(EVP, EVP_R_NO_KEY_SET);
return 0;
@@ -190,7 +190,7 @@
static size_t eckey_get1_tls_encodedpoint(const EVP_PKEY *pkey,
uint8_t **out_ptr) {
- const EC_KEY *ec_key = pkey->pkey;
+ const EC_KEY *ec_key = reinterpret_cast<const EC_KEY *>(pkey->pkey);
if (ec_key == NULL) {
OPENSSL_PUT_ERROR(EVP, EVP_R_NO_KEY_SET);
return 0;
@@ -200,12 +200,12 @@
}
static int int_ec_size(const EVP_PKEY *pkey) {
- const EC_KEY *ec_key = pkey->pkey;
+ const EC_KEY *ec_key = reinterpret_cast<const EC_KEY *>(pkey->pkey);
return ECDSA_size(ec_key);
}
static int ec_bits(const EVP_PKEY *pkey) {
- const EC_KEY *ec_key = pkey->pkey;
+ const EC_KEY *ec_key = reinterpret_cast<const EC_KEY *>(pkey->pkey);
const EC_GROUP *group = EC_KEY_get0_group(ec_key);
if (group == NULL) {
ERR_clear_error();
@@ -215,12 +215,12 @@
}
static int ec_missing_parameters(const EVP_PKEY *pkey) {
- const EC_KEY *ec_key = pkey->pkey;
+ const EC_KEY *ec_key = reinterpret_cast<const EC_KEY *>(pkey->pkey);
return ec_key == NULL || EC_KEY_get0_group(ec_key) == NULL;
}
static int ec_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) {
- const EC_KEY *from_key = from->pkey;
+ const EC_KEY *from_key = reinterpret_cast<const EC_KEY *>(from->pkey);
if (from_key == NULL) {
OPENSSL_PUT_ERROR(EVP, EVP_R_NO_KEY_SET);
return 0;
@@ -236,12 +236,12 @@
return 0;
}
}
- return EC_KEY_set_group(to->pkey, group);
+ return EC_KEY_set_group(reinterpret_cast<EC_KEY *>(to->pkey), group);
}
static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) {
- const EC_KEY *a_ec = a->pkey;
- const EC_KEY *b_ec = b->pkey;
+ const EC_KEY *a_ec = reinterpret_cast<const EC_KEY *>(a->pkey);
+ const EC_KEY *b_ec = reinterpret_cast<const EC_KEY *>(b->pkey);
if (a_ec == NULL || b_ec == NULL) {
return -2;
}
@@ -258,12 +258,12 @@
}
static void int_ec_free(EVP_PKEY *pkey) {
- EC_KEY_free(pkey->pkey);
+ EC_KEY_free(reinterpret_cast<EC_KEY *>(pkey->pkey));
pkey->pkey = NULL;
}
static int eckey_opaque(const EVP_PKEY *pkey) {
- const EC_KEY *ec_key = pkey->pkey;
+ const EC_KEY *ec_key = reinterpret_cast<const EC_KEY *>(pkey->pkey);
return EC_KEY_is_opaque(ec_key);
}
@@ -320,7 +320,7 @@
OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_AN_EC_KEY_KEY);
return NULL;
}
- return pkey->pkey;
+ return reinterpret_cast<EC_KEY *>(pkey->pkey);
}
EC_KEY *EVP_PKEY_get1_EC_KEY(const EVP_PKEY *pkey) {
diff --git a/crypto/evp/p_ed25519.c b/crypto/evp/p_ed25519.cc
similarity index 76%
rename from crypto/evp/p_ed25519.c
rename to crypto/evp/p_ed25519.cc
index 66e7197..e8007c5 100644
--- a/crypto/evp/p_ed25519.c
+++ b/crypto/evp/p_ed25519.cc
@@ -25,7 +25,8 @@
static int pkey_ed25519_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) { return 1; }
static int pkey_ed25519_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) {
- ED25519_KEY *key = OPENSSL_malloc(sizeof(ED25519_KEY));
+ ED25519_KEY *key =
+ reinterpret_cast<ED25519_KEY *>(OPENSSL_malloc(sizeof(ED25519_KEY)));
if (key == NULL) {
return 0;
}
@@ -44,7 +45,8 @@
static int pkey_ed25519_sign_message(EVP_PKEY_CTX *ctx, uint8_t *sig,
size_t *siglen, const uint8_t *tbs,
size_t tbslen) {
- const ED25519_KEY *key = ctx->pkey->pkey;
+ const ED25519_KEY *key =
+ reinterpret_cast<const ED25519_KEY *>(ctx->pkey->pkey);
if (!key->has_private) {
OPENSSL_PUT_ERROR(EVP, EVP_R_NOT_A_PRIVATE_KEY);
return 0;
@@ -71,7 +73,8 @@
static int pkey_ed25519_verify_message(EVP_PKEY_CTX *ctx, const uint8_t *sig,
size_t siglen, const uint8_t *tbs,
size_t tbslen) {
- const ED25519_KEY *key = ctx->pkey->pkey;
+ const ED25519_KEY *key =
+ reinterpret_cast<const ED25519_KEY *>(ctx->pkey->pkey);
if (siglen != 64 ||
!ED25519_verify(tbs, tbslen, sig, key->key + ED25519_PUBLIC_KEY_OFFSET)) {
OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_SIGNATURE);
@@ -82,19 +85,19 @@
}
const EVP_PKEY_METHOD ed25519_pkey_meth = {
- EVP_PKEY_ED25519,
- NULL /* init */,
- pkey_ed25519_copy,
- NULL /* cleanup */,
- pkey_ed25519_keygen,
- NULL /* sign */,
- pkey_ed25519_sign_message,
- NULL /* verify */,
- pkey_ed25519_verify_message,
- NULL /* verify_recover */,
- NULL /* encrypt */,
- NULL /* decrypt */,
- NULL /* derive */,
- NULL /* paramgen */,
- NULL /* ctrl */,
+ /*pkey_id=*/EVP_PKEY_ED25519,
+ /*init=*/nullptr,
+ /*copy=*/pkey_ed25519_copy,
+ /*cleanup=*/nullptr,
+ /*keygen=*/pkey_ed25519_keygen,
+ /*sign=*/nullptr,
+ /*sign_message=*/pkey_ed25519_sign_message,
+ /*verify=*/nullptr,
+ /*verify_message=*/pkey_ed25519_verify_message,
+ /*verify_recover=*/nullptr,
+ /*encrypt=*/nullptr,
+ /*decrypt=*/nullptr,
+ /*derive=*/nullptr,
+ /*paramgen=*/nullptr,
+ /*ctrl=*/nullptr,
};
diff --git a/crypto/evp/p_ed25519_asn1.c b/crypto/evp/p_ed25519_asn1.cc
similarity index 88%
rename from crypto/evp/p_ed25519_asn1.c
rename to crypto/evp/p_ed25519_asn1.cc
index 3b8f27f..50d7b88 100644
--- a/crypto/evp/p_ed25519_asn1.c
+++ b/crypto/evp/p_ed25519_asn1.cc
@@ -19,8 +19,8 @@
#include <openssl/err.h>
#include <openssl/mem.h>
-#include "internal.h"
#include "../internal.h"
+#include "internal.h"
static void ed25519_free(EVP_PKEY *pkey) {
@@ -34,7 +34,8 @@
return 0;
}
- ED25519_KEY *key = OPENSSL_malloc(sizeof(ED25519_KEY));
+ ED25519_KEY *key =
+ reinterpret_cast<ED25519_KEY *>(OPENSSL_malloc(sizeof(ED25519_KEY)));
if (key == NULL) {
return 0;
}
@@ -56,7 +57,8 @@
return 0;
}
- ED25519_KEY *key = OPENSSL_malloc(sizeof(ED25519_KEY));
+ ED25519_KEY *key =
+ reinterpret_cast<ED25519_KEY *>(OPENSSL_malloc(sizeof(ED25519_KEY)));
if (key == NULL) {
return 0;
}
@@ -71,7 +73,7 @@
static int ed25519_get_priv_raw(const EVP_PKEY *pkey, uint8_t *out,
size_t *out_len) {
- const ED25519_KEY *key = pkey->pkey;
+ const ED25519_KEY *key = reinterpret_cast<const ED25519_KEY *>(pkey->pkey);
if (!key->has_private) {
OPENSSL_PUT_ERROR(EVP, EVP_R_NOT_A_PRIVATE_KEY);
return 0;
@@ -95,7 +97,7 @@
static int ed25519_get_pub_raw(const EVP_PKEY *pkey, uint8_t *out,
size_t *out_len) {
- const ED25519_KEY *key = pkey->pkey;
+ const ED25519_KEY *key = reinterpret_cast<const ED25519_KEY *>(pkey->pkey);
if (out == NULL) {
*out_len = 32;
return 1;
@@ -124,7 +126,7 @@
}
static int ed25519_pub_encode(CBB *out, const EVP_PKEY *pkey) {
- const ED25519_KEY *key = pkey->pkey;
+ const ED25519_KEY *key = reinterpret_cast<const ED25519_KEY *>(pkey->pkey);
// See RFC 8410, section 4.
CBB spki, algorithm, oid, key_bitstring;
@@ -145,8 +147,8 @@
}
static int ed25519_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) {
- const ED25519_KEY *a_key = a->pkey;
- const ED25519_KEY *b_key = b->pkey;
+ const ED25519_KEY *a_key = reinterpret_cast<const ED25519_KEY *>(a->pkey);
+ const ED25519_KEY *b_key = reinterpret_cast<const ED25519_KEY *>(b->pkey);
return OPENSSL_memcmp(a_key->key + ED25519_PUBLIC_KEY_OFFSET,
b_key->key + ED25519_PUBLIC_KEY_OFFSET, 32) == 0;
}
@@ -158,8 +160,7 @@
// OCTET STRING layer.
CBS inner;
if (CBS_len(params) != 0 ||
- !CBS_get_asn1(key, &inner, CBS_ASN1_OCTETSTRING) ||
- CBS_len(key) != 0) {
+ !CBS_get_asn1(key, &inner, CBS_ASN1_OCTETSTRING) || CBS_len(key) != 0) {
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
return 0;
}
@@ -168,7 +169,7 @@
}
static int ed25519_priv_encode(CBB *out, const EVP_PKEY *pkey) {
- const ED25519_KEY *key = pkey->pkey;
+ const ED25519_KEY *key = reinterpret_cast<const ED25519_KEY *>(pkey->pkey);
if (!key->has_private) {
OPENSSL_PUT_ERROR(EVP, EVP_R_NOT_A_PRIVATE_KEY);
return 0;
@@ -185,7 +186,7 @@
!CBB_add_asn1(&private_key, &inner, CBS_ASN1_OCTETSTRING) ||
// The PKCS#8 encoding stores only the 32-byte seed which is the first 32
// bytes of the private key.
- !CBB_add_bytes(&inner, key->key, 32) ||
+ !CBB_add_bytes(&inner, key->key, 32) || //
!CBB_flush(out)) {
OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);
return 0;
diff --git a/crypto/evp/p_hkdf.c b/crypto/evp/p_hkdf.cc
similarity index 86%
rename from crypto/evp/p_hkdf.c
rename to crypto/evp/p_hkdf.cc
index d9cbfc7..bf0e5e2 100644
--- a/crypto/evp/p_hkdf.c
+++ b/crypto/evp/p_hkdf.cc
@@ -35,7 +35,8 @@
} HKDF_PKEY_CTX;
static int pkey_hkdf_init(EVP_PKEY_CTX *ctx) {
- HKDF_PKEY_CTX *hctx = OPENSSL_zalloc(sizeof(HKDF_PKEY_CTX));
+ HKDF_PKEY_CTX *hctx =
+ reinterpret_cast<HKDF_PKEY_CTX *>(OPENSSL_zalloc(sizeof(HKDF_PKEY_CTX)));
if (hctx == NULL) {
return 0;
}
@@ -54,13 +55,15 @@
return 0;
}
- HKDF_PKEY_CTX *hctx_dst = dst->data;
- const HKDF_PKEY_CTX *hctx_src = src->data;
+ HKDF_PKEY_CTX *hctx_dst = reinterpret_cast<HKDF_PKEY_CTX *>(dst->data);
+ const HKDF_PKEY_CTX *hctx_src =
+ reinterpret_cast<const HKDF_PKEY_CTX *>(src->data);
hctx_dst->mode = hctx_src->mode;
hctx_dst->md = hctx_src->md;
if (hctx_src->key_len != 0) {
- hctx_dst->key = OPENSSL_memdup(hctx_src->key, hctx_src->key_len);
+ hctx_dst->key = reinterpret_cast<uint8_t *>(
+ OPENSSL_memdup(hctx_src->key, hctx_src->key_len));
if (hctx_dst->key == NULL) {
return 0;
}
@@ -68,7 +71,8 @@
}
if (hctx_src->salt_len != 0) {
- hctx_dst->salt = OPENSSL_memdup(hctx_src->salt, hctx_src->salt_len);
+ hctx_dst->salt = reinterpret_cast<uint8_t *>(
+ OPENSSL_memdup(hctx_src->salt, hctx_src->salt_len));
if (hctx_dst->salt == NULL) {
return 0;
}
@@ -84,7 +88,7 @@
}
static void pkey_hkdf_cleanup(EVP_PKEY_CTX *ctx) {
- HKDF_PKEY_CTX *hctx = ctx->data;
+ HKDF_PKEY_CTX *hctx = reinterpret_cast<HKDF_PKEY_CTX *>(ctx->data);
if (hctx != NULL) {
OPENSSL_free(hctx->key);
OPENSSL_free(hctx->salt);
@@ -95,7 +99,7 @@
}
static int pkey_hkdf_derive(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *out_len) {
- HKDF_PKEY_CTX *hctx = ctx->data;
+ HKDF_PKEY_CTX *hctx = reinterpret_cast<HKDF_PKEY_CTX *>(ctx->data);
if (hctx->md == NULL) {
OPENSSL_PUT_ERROR(EVP, EVP_R_MISSING_PARAMETERS);
return 0;
@@ -136,7 +140,7 @@
}
static int pkey_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) {
- HKDF_PKEY_CTX *hctx = ctx->data;
+ HKDF_PKEY_CTX *hctx = reinterpret_cast<HKDF_PKEY_CTX *>(ctx->data);
switch (type) {
case EVP_PKEY_CTRL_HKDF_MODE:
if (p1 != EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND &&
@@ -148,24 +152,24 @@
hctx->mode = p1;
return 1;
case EVP_PKEY_CTRL_HKDF_MD:
- hctx->md = p2;
+ hctx->md = reinterpret_cast<const EVP_MD *>(p2);
return 1;
case EVP_PKEY_CTRL_HKDF_KEY: {
- const CBS *key = p2;
+ const CBS *key = reinterpret_cast<const CBS *>(p2);
if (!CBS_stow(key, &hctx->key, &hctx->key_len)) {
return 0;
}
return 1;
}
case EVP_PKEY_CTRL_HKDF_SALT: {
- const CBS *salt = p2;
+ const CBS *salt = reinterpret_cast<const CBS *>(p2);
if (!CBS_stow(salt, &hctx->salt, &hctx->salt_len)) {
return 0;
}
return 1;
}
case EVP_PKEY_CTRL_HKDF_INFO: {
- const CBS *info = p2;
+ const CBS *info = reinterpret_cast<const CBS *>(p2);
// |EVP_PKEY_CTX_add1_hkdf_info| appends to the info string, rather than
// replacing it.
if (!CBB_add_bytes(&hctx->info, CBS_data(info), CBS_len(info))) {
@@ -180,7 +184,7 @@
}
const EVP_PKEY_METHOD hkdf_pkey_meth = {
- EVP_PKEY_HKDF,
+ /*pkey_id=*/EVP_PKEY_HKDF,
pkey_hkdf_init,
pkey_hkdf_copy,
pkey_hkdf_cleanup,
diff --git a/crypto/evp/p_rsa.c b/crypto/evp/p_rsa.cc
similarity index 89%
rename from crypto/evp/p_rsa.c
rename to crypto/evp/p_rsa.cc
index 3bdd85d..809dfca 100644
--- a/crypto/evp/p_rsa.c
+++ b/crypto/evp/p_rsa.cc
@@ -97,7 +97,8 @@
} RSA_OAEP_LABEL_PARAMS;
static int pkey_rsa_init(EVP_PKEY_CTX *ctx) {
- RSA_PKEY_CTX *rctx = OPENSSL_zalloc(sizeof(RSA_PKEY_CTX));
+ RSA_PKEY_CTX *rctx =
+ reinterpret_cast<RSA_PKEY_CTX *>(OPENSSL_zalloc(sizeof(RSA_PKEY_CTX)));
if (!rctx) {
return 0;
}
@@ -116,8 +117,8 @@
if (!pkey_rsa_init(dst)) {
return 0;
}
- sctx = src->data;
- dctx = dst->data;
+ sctx = reinterpret_cast<RSA_PKEY_CTX *>(src->data);
+ dctx = reinterpret_cast<RSA_PKEY_CTX *>(dst->data);
dctx->nbits = sctx->nbits;
if (sctx->pub_exp) {
dctx->pub_exp = BN_dup(sctx->pub_exp);
@@ -132,7 +133,8 @@
dctx->saltlen = sctx->saltlen;
if (sctx->oaep_label) {
OPENSSL_free(dctx->oaep_label);
- dctx->oaep_label = OPENSSL_memdup(sctx->oaep_label, sctx->oaep_labellen);
+ dctx->oaep_label = reinterpret_cast<uint8_t *>(
+ OPENSSL_memdup(sctx->oaep_label, sctx->oaep_labellen));
if (!dctx->oaep_label) {
return 0;
}
@@ -143,7 +145,7 @@
}
static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx) {
- RSA_PKEY_CTX *rctx = ctx->data;
+ RSA_PKEY_CTX *rctx = reinterpret_cast<RSA_PKEY_CTX *>(ctx->data);
if (rctx == NULL) {
return;
@@ -159,7 +161,8 @@
if (ctx->tbuf) {
return 1;
}
- ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey));
+ ctx->tbuf =
+ reinterpret_cast<uint8_t *>(OPENSSL_malloc(EVP_PKEY_size(pk->pkey)));
if (!ctx->tbuf) {
return 0;
}
@@ -168,8 +171,8 @@
static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *siglen,
const uint8_t *tbs, size_t tbslen) {
- RSA_PKEY_CTX *rctx = ctx->data;
- RSA *rsa = ctx->pkey->pkey;
+ RSA_PKEY_CTX *rctx = reinterpret_cast<RSA_PKEY_CTX *>(ctx->data);
+ RSA *rsa = reinterpret_cast<RSA *>(ctx->pkey->pkey);
const size_t key_len = EVP_PKEY_size(ctx->pkey);
if (!sig) {
@@ -204,11 +207,10 @@
return RSA_sign_raw(rsa, siglen, sig, *siglen, tbs, tbslen, rctx->pad_mode);
}
-static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, const uint8_t *sig,
- size_t siglen, const uint8_t *tbs,
- size_t tbslen) {
- RSA_PKEY_CTX *rctx = ctx->data;
- RSA *rsa = ctx->pkey->pkey;
+static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, const uint8_t *sig, size_t siglen,
+ const uint8_t *tbs, size_t tbslen) {
+ RSA_PKEY_CTX *rctx = reinterpret_cast<RSA_PKEY_CTX *>(ctx->data);
+ RSA *rsa = reinterpret_cast<RSA *>(ctx->pkey->pkey);
if (rctx->md) {
switch (rctx->pad_mode) {
@@ -229,8 +231,7 @@
if (!setup_tbuf(rctx, ctx) ||
!RSA_verify_raw(rsa, &rslen, rctx->tbuf, key_len, sig, siglen,
rctx->pad_mode) ||
- rslen != tbslen ||
- CRYPTO_memcmp(tbs, rctx->tbuf, rslen) != 0) {
+ rslen != tbslen || CRYPTO_memcmp(tbs, rctx->tbuf, rslen) != 0) {
return 0;
}
@@ -240,8 +241,8 @@
static int pkey_rsa_verify_recover(EVP_PKEY_CTX *ctx, uint8_t *out,
size_t *out_len, const uint8_t *sig,
size_t sig_len) {
- RSA_PKEY_CTX *rctx = ctx->data;
- RSA *rsa = ctx->pkey->pkey;
+ RSA_PKEY_CTX *rctx = reinterpret_cast<RSA_PKEY_CTX *>(ctx->data);
+ RSA *rsa = reinterpret_cast<RSA *>(ctx->pkey->pkey);
const size_t key_len = EVP_PKEY_size(ctx->pkey);
if (out == NULL) {
@@ -304,8 +305,8 @@
static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen,
const uint8_t *in, size_t inlen) {
- RSA_PKEY_CTX *rctx = ctx->data;
- RSA *rsa = ctx->pkey->pkey;
+ RSA_PKEY_CTX *rctx = reinterpret_cast<RSA_PKEY_CTX *>(ctx->data);
+ RSA *rsa = reinterpret_cast<RSA *>(ctx->pkey->pkey);
const size_t key_len = EVP_PKEY_size(ctx->pkey);
if (!out) {
@@ -333,11 +334,10 @@
return RSA_encrypt(rsa, outlen, out, *outlen, in, inlen, rctx->pad_mode);
}
-static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, uint8_t *out,
- size_t *outlen, const uint8_t *in,
- size_t inlen) {
- RSA_PKEY_CTX *rctx = ctx->data;
- RSA *rsa = ctx->pkey->pkey;
+static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen,
+ const uint8_t *in, size_t inlen) {
+ RSA_PKEY_CTX *rctx = reinterpret_cast<RSA_PKEY_CTX *>(ctx->data);
+ RSA *rsa = reinterpret_cast<RSA *>(ctx->pkey->pkey);
const size_t key_len = EVP_PKEY_size(ctx->pkey);
if (!out) {
@@ -392,7 +392,7 @@
}
static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) {
- RSA_PKEY_CTX *rctx = ctx->data;
+ RSA_PKEY_CTX *rctx = reinterpret_cast<RSA_PKEY_CTX *>(ctx->data);
switch (type) {
case EVP_PKEY_CTRL_RSA_PADDING:
if (!is_known_padding(p1) || !check_padding_md(rctx->md, p1) ||
@@ -443,7 +443,7 @@
return 0;
}
BN_free(rctx->pub_exp);
- rctx->pub_exp = p2;
+ rctx->pub_exp = reinterpret_cast<BIGNUM *>(p2);
return 1;
case EVP_PKEY_CTRL_RSA_OAEP_MD:
@@ -455,15 +455,15 @@
if (type == EVP_PKEY_CTRL_GET_RSA_OAEP_MD) {
*(const EVP_MD **)p2 = rctx->md;
} else {
- rctx->md = p2;
+ rctx->md = reinterpret_cast<EVP_MD *>(p2);
}
return 1;
case EVP_PKEY_CTRL_MD:
- if (!check_padding_md(p2, rctx->pad_mode)) {
+ if (!check_padding_md(reinterpret_cast<EVP_MD *>(p2), rctx->pad_mode)) {
return 0;
}
- rctx->md = p2;
+ rctx->md = reinterpret_cast<EVP_MD *>(p2);
return 1;
case EVP_PKEY_CTRL_GET_MD:
@@ -484,7 +484,7 @@
*(const EVP_MD **)p2 = rctx->md;
}
} else {
- rctx->mgf1md = p2;
+ rctx->mgf1md = reinterpret_cast<EVP_MD *>(p2);
}
return 1;
@@ -494,7 +494,8 @@
return 0;
}
OPENSSL_free(rctx->oaep_label);
- RSA_OAEP_LABEL_PARAMS *params = p2;
+ RSA_OAEP_LABEL_PARAMS *params =
+ reinterpret_cast<RSA_OAEP_LABEL_PARAMS *>(p2);
rctx->oaep_label = params->data;
rctx->oaep_labellen = params->len;
return 1;
@@ -516,7 +517,7 @@
static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) {
RSA *rsa = NULL;
- RSA_PKEY_CTX *rctx = ctx->data;
+ RSA_PKEY_CTX *rctx = reinterpret_cast<RSA_PKEY_CTX *>(ctx->data);
if (!rctx->pub_exp) {
rctx->pub_exp = BN_new();
@@ -608,19 +609,19 @@
int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **out_md) {
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,
- EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void*) out_md);
+ EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)out_md);
}
int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) {
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA,
EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT,
- EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void*) md);
+ EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)md);
}
int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **out_md) {
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA,
EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT,
- EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void*) out_md);
+ EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)out_md);
}
int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, uint8_t *label,
diff --git a/crypto/evp/p_rsa_asn1.c b/crypto/evp/p_rsa_asn1.cc
similarity index 89%
rename from crypto/evp/p_rsa_asn1.c
rename to crypto/evp/p_rsa_asn1.cc
index 24b8e17..41a7b95 100644
--- a/crypto/evp/p_rsa_asn1.c
+++ b/crypto/evp/p_rsa_asn1.cc
@@ -9,7 +9,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -68,7 +68,7 @@
static int rsa_pub_encode(CBB *out, const EVP_PKEY *key) {
// See RFC 3279, section 2.3.1.
- const RSA *rsa = key->pkey;
+ const RSA *rsa = reinterpret_cast<const RSA *>(key->pkey);
CBB spki, algorithm, oid, null, key_bitstring;
if (!CBB_add_asn1(out, &spki, CBS_ASN1_SEQUENCE) ||
!CBB_add_asn1(&spki, &algorithm, CBS_ASN1_SEQUENCE) ||
@@ -77,7 +77,7 @@
!CBB_add_asn1(&algorithm, &null, CBS_ASN1_NULL) ||
!CBB_add_asn1(&spki, &key_bitstring, CBS_ASN1_BITSTRING) ||
!CBB_add_u8(&key_bitstring, 0 /* padding */) ||
- !RSA_marshal_public_key(&key_bitstring, rsa) ||
+ !RSA_marshal_public_key(&key_bitstring, rsa) || //
!CBB_flush(out)) {
OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);
return 0;
@@ -91,8 +91,7 @@
// The parameters must be NULL.
CBS null;
- if (!CBS_get_asn1(params, &null, CBS_ASN1_NULL) ||
- CBS_len(&null) != 0 ||
+ if (!CBS_get_asn1(params, &null, CBS_ASN1_NULL) || CBS_len(&null) != 0 ||
CBS_len(params) != 0) {
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
return 0;
@@ -110,14 +109,14 @@
}
static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) {
- const RSA *a_rsa = a->pkey;
- const RSA *b_rsa = b->pkey;
+ const RSA *a_rsa = reinterpret_cast<const RSA *>(a->pkey);
+ const RSA *b_rsa = reinterpret_cast<const RSA *>(b->pkey);
return BN_cmp(RSA_get0_n(b_rsa), RSA_get0_n(a_rsa)) == 0 &&
BN_cmp(RSA_get0_e(b_rsa), RSA_get0_e(a_rsa)) == 0;
}
static int rsa_priv_encode(CBB *out, const EVP_PKEY *key) {
- const RSA *rsa = key->pkey;
+ const RSA *rsa = reinterpret_cast<const RSA *>(key->pkey);
CBB pkcs8, algorithm, oid, null, private_key;
if (!CBB_add_asn1(out, &pkcs8, CBS_ASN1_SEQUENCE) ||
!CBB_add_asn1_uint64(&pkcs8, 0 /* version */) ||
@@ -126,7 +125,7 @@
!CBB_add_bytes(&oid, rsa_asn1_meth.oid, rsa_asn1_meth.oid_len) ||
!CBB_add_asn1(&algorithm, &null, CBS_ASN1_NULL) ||
!CBB_add_asn1(&pkcs8, &private_key, CBS_ASN1_OCTETSTRING) ||
- !RSA_marshal_private_key(&private_key, rsa) ||
+ !RSA_marshal_private_key(&private_key, rsa) || //
!CBB_flush(out)) {
OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);
return 0;
@@ -138,8 +137,7 @@
static int rsa_priv_decode(EVP_PKEY *out, CBS *params, CBS *key) {
// Per RFC 3447, A.1, the parameters have type NULL.
CBS null;
- if (!CBS_get_asn1(params, &null, CBS_ASN1_NULL) ||
- CBS_len(&null) != 0 ||
+ if (!CBS_get_asn1(params, &null, CBS_ASN1_NULL) || CBS_len(&null) != 0 ||
CBS_len(params) != 0) {
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
return 0;
@@ -157,22 +155,22 @@
}
static int rsa_opaque(const EVP_PKEY *pkey) {
- const RSA *rsa = pkey->pkey;
+ const RSA *rsa = reinterpret_cast<const RSA *>(pkey->pkey);
return RSA_is_opaque(rsa);
}
static int int_rsa_size(const EVP_PKEY *pkey) {
- const RSA *rsa = pkey->pkey;
+ const RSA *rsa = reinterpret_cast<const RSA *>(pkey->pkey);
return RSA_size(rsa);
}
static int rsa_bits(const EVP_PKEY *pkey) {
- const RSA *rsa = pkey->pkey;
+ const RSA *rsa = reinterpret_cast<const RSA *>(pkey->pkey);
return RSA_bits(rsa);
}
static void int_rsa_free(EVP_PKEY *pkey) {
- RSA_free(pkey->pkey);
+ RSA_free(reinterpret_cast<RSA *>(pkey->pkey));
pkey->pkey = NULL;
}
@@ -229,7 +227,7 @@
OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_AN_RSA_KEY);
return NULL;
}
- return pkey->pkey;
+ return reinterpret_cast<RSA *>(pkey->pkey);
}
RSA *EVP_PKEY_get1_RSA(const EVP_PKEY *pkey) {
diff --git a/crypto/evp/p_x25519.c b/crypto/evp/p_x25519.cc
similarity index 77%
rename from crypto/evp/p_x25519.c
rename to crypto/evp/p_x25519.cc
index a4c9136..2688527 100644
--- a/crypto/evp/p_x25519.c
+++ b/crypto/evp/p_x25519.cc
@@ -25,7 +25,8 @@
static int pkey_x25519_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) { return 1; }
static int pkey_x25519_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) {
- X25519_KEY *key = OPENSSL_malloc(sizeof(X25519_KEY));
+ X25519_KEY *key =
+ reinterpret_cast<X25519_KEY *>(OPENSSL_malloc(sizeof(X25519_KEY)));
if (key == NULL) {
return 0;
}
@@ -47,8 +48,10 @@
return 0;
}
- const X25519_KEY *our_key = ctx->pkey->pkey;
- const X25519_KEY *peer_key = ctx->peerkey->pkey;
+ const X25519_KEY *our_key =
+ reinterpret_cast<const X25519_KEY *>(ctx->pkey->pkey);
+ const X25519_KEY *peer_key =
+ reinterpret_cast<const X25519_KEY *>(ctx->peerkey->pkey);
if (our_key == NULL || peer_key == NULL) {
OPENSSL_PUT_ERROR(EVP, EVP_R_KEYS_NOT_SET);
return 0;
@@ -88,19 +91,19 @@
}
const EVP_PKEY_METHOD x25519_pkey_meth = {
- EVP_PKEY_X25519,
- NULL /* init */,
- pkey_x25519_copy,
- NULL /* cleanup */,
- pkey_x25519_keygen,
- NULL /* sign */,
- NULL /* sign_message */,
- NULL /* verify */,
- NULL /* verify_message */,
- NULL /* verify_recover */,
- NULL /* encrypt */,
- NULL /* decrypt */,
- pkey_x25519_derive,
- NULL /* paramgen */,
- pkey_x25519_ctrl,
+ /*pkey_id=*/EVP_PKEY_X25519,
+ /*init=*/NULL,
+ /*copy=*/pkey_x25519_copy,
+ /*cleanup=*/NULL,
+ /*keygen=*/pkey_x25519_keygen,
+ /*sign=*/NULL,
+ /*sign_message=*/NULL,
+ /*verify=*/NULL,
+ /*verify_message=*/NULL,
+ /*verify_recover=*/NULL,
+ /*encrypt=*/NULL,
+ /*decrypt=*/NULL,
+ /*derive=*/pkey_x25519_derive,
+ /*paramgen=*/NULL,
+ /*ctrl=*/pkey_x25519_ctrl,
};
diff --git a/crypto/evp/p_x25519_asn1.c b/crypto/evp/p_x25519_asn1.cc
similarity index 85%
rename from crypto/evp/p_x25519_asn1.c
rename to crypto/evp/p_x25519_asn1.cc
index bf98427..ccc399c 100644
--- a/crypto/evp/p_x25519_asn1.c
+++ b/crypto/evp/p_x25519_asn1.cc
@@ -19,8 +19,8 @@
#include <openssl/err.h>
#include <openssl/mem.h>
-#include "internal.h"
#include "../internal.h"
+#include "internal.h"
static void x25519_free(EVP_PKEY *pkey) {
@@ -34,7 +34,8 @@
return 0;
}
- X25519_KEY *key = OPENSSL_malloc(sizeof(X25519_KEY));
+ X25519_KEY *key =
+ reinterpret_cast<X25519_KEY *>(OPENSSL_malloc(sizeof(X25519_KEY)));
if (key == NULL) {
return 0;
}
@@ -54,7 +55,8 @@
return 0;
}
- X25519_KEY *key = OPENSSL_malloc(sizeof(X25519_KEY));
+ X25519_KEY *key =
+ reinterpret_cast<X25519_KEY *>(OPENSSL_malloc(sizeof(X25519_KEY)));
if (key == NULL) {
return 0;
}
@@ -69,7 +71,7 @@
static int x25519_get_priv_raw(const EVP_PKEY *pkey, uint8_t *out,
size_t *out_len) {
- const X25519_KEY *key = pkey->pkey;
+ const X25519_KEY *key = reinterpret_cast<X25519_KEY *>(pkey->pkey);
if (!key->has_private) {
OPENSSL_PUT_ERROR(EVP, EVP_R_NOT_A_PRIVATE_KEY);
return 0;
@@ -91,8 +93,8 @@
}
static int x25519_get_pub_raw(const EVP_PKEY *pkey, uint8_t *out,
- size_t *out_len) {
- const X25519_KEY *key = pkey->pkey;
+ size_t *out_len) {
+ const X25519_KEY *key = reinterpret_cast<X25519_KEY *>(pkey->pkey);
if (out == NULL) {
*out_len = 32;
return 1;
@@ -115,13 +117,13 @@
static size_t x25519_get1_tls_encodedpoint(const EVP_PKEY *pkey,
uint8_t **out_ptr) {
- const X25519_KEY *key = pkey->pkey;
+ const X25519_KEY *key = reinterpret_cast<X25519_KEY *>(pkey->pkey);
if (key == NULL) {
OPENSSL_PUT_ERROR(EVP, EVP_R_NO_KEY_SET);
return 0;
}
- *out_ptr = OPENSSL_memdup(key->pub, 32);
+ *out_ptr = reinterpret_cast<uint8_t *>(OPENSSL_memdup(key->pub, 32));
return *out_ptr == NULL ? 0 : 32;
}
@@ -138,7 +140,7 @@
}
static int x25519_pub_encode(CBB *out, const EVP_PKEY *pkey) {
- const X25519_KEY *key = pkey->pkey;
+ const X25519_KEY *key = reinterpret_cast<X25519_KEY *>(pkey->pkey);
// See RFC 8410, section 4.
CBB spki, algorithm, oid, key_bitstring;
@@ -148,7 +150,7 @@
!CBB_add_bytes(&oid, x25519_asn1_meth.oid, x25519_asn1_meth.oid_len) ||
!CBB_add_asn1(&spki, &key_bitstring, CBS_ASN1_BITSTRING) ||
!CBB_add_u8(&key_bitstring, 0 /* padding */) ||
- !CBB_add_bytes(&key_bitstring, key->pub, 32) ||
+ !CBB_add_bytes(&key_bitstring, key->pub, 32) || //
!CBB_flush(out)) {
OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);
return 0;
@@ -158,8 +160,8 @@
}
static int x25519_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) {
- const X25519_KEY *a_key = a->pkey;
- const X25519_KEY *b_key = b->pkey;
+ const X25519_KEY *a_key = reinterpret_cast<const X25519_KEY *>(a->pkey);
+ const X25519_KEY *b_key = reinterpret_cast<const X25519_KEY *>(b->pkey);
return OPENSSL_memcmp(a_key->pub, b_key->pub, 32) == 0;
}
@@ -170,8 +172,7 @@
// OCTET STRING layer.
CBS inner;
if (CBS_len(params) != 0 ||
- !CBS_get_asn1(key, &inner, CBS_ASN1_OCTETSTRING) ||
- CBS_len(key) != 0) {
+ !CBS_get_asn1(key, &inner, CBS_ASN1_OCTETSTRING) || CBS_len(key) != 0) {
OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
return 0;
}
@@ -180,7 +181,7 @@
}
static int x25519_priv_encode(CBB *out, const EVP_PKEY *pkey) {
- const X25519_KEY *key = pkey->pkey;
+ const X25519_KEY *key = reinterpret_cast<const X25519_KEY *>(pkey->pkey);
if (!key->has_private) {
OPENSSL_PUT_ERROR(EVP, EVP_R_NOT_A_PRIVATE_KEY);
return 0;
@@ -197,7 +198,7 @@
!CBB_add_asn1(&private_key, &inner, CBS_ASN1_OCTETSTRING) ||
// The PKCS#8 encoding stores only the 32-byte seed which is the first 32
// bytes of the private key.
- !CBB_add_bytes(&inner, key->priv, 32) ||
+ !CBB_add_bytes(&inner, key->priv, 32) || //
!CBB_flush(out)) {
OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);
return 0;
diff --git a/crypto/evp/pbkdf.c b/crypto/evp/pbkdf.cc
similarity index 100%
rename from crypto/evp/pbkdf.c
rename to crypto/evp/pbkdf.cc
diff --git a/crypto/evp/print.c b/crypto/evp/print.cc
similarity index 97%
rename from crypto/evp/print.c
rename to crypto/evp/print.cc
index 05383b7..2e7d329 100644
--- a/crypto/evp/print.c
+++ b/crypto/evp/print.cc
@@ -60,8 +60,8 @@
#include <openssl/mem.h>
#include <openssl/rsa.h>
-#include "../internal.h"
#include "../fipsmodule/rsa/internal.h"
+#include "../internal.h"
static int print_hex(BIO *bp, const uint8_t *data, size_t len, int off) {
@@ -105,7 +105,7 @@
}
if (BIO_printf(bp, "%s%s", name,
- (BN_is_negative(num)) ? " (Negative)" : "") <= 0) {
+ (BN_is_negative(num)) ? " (Negative)" : "") <= 0) {
return 0;
}
@@ -115,7 +115,7 @@
// TODO(davidben): Do we need to do this? We already print "(Negative)" above
// and negative values are never valid in keys anyway.
size_t len = BN_num_bytes(num);
- uint8_t *buf = OPENSSL_malloc(len + 1);
+ uint8_t *buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(len + 1));
if (buf == NULL) {
return 0;
}
@@ -161,8 +161,7 @@
str = "Modulus:";
s = "Exponent:";
}
- if (!bn_print(out, str, rsa->n, off) ||
- !bn_print(out, s, rsa->e, off)) {
+ if (!bn_print(out, str, rsa->n, off) || !bn_print(out, s, rsa->e, off)) {
return 0;
}
diff --git a/crypto/evp/scrypt.c b/crypto/evp/scrypt.cc
similarity index 96%
rename from crypto/evp/scrypt.c
rename to crypto/evp/scrypt.cc
index 2830267..e11cce5 100644
--- a/crypto/evp/scrypt.c
+++ b/crypto/evp/scrypt.cc
@@ -27,7 +27,9 @@
// scrypt blocks, respectively.
// A block_t is a Salsa20 block.
-typedef struct { uint32_t words[16]; } block_t;
+typedef struct {
+ uint32_t words[16];
+} block_t;
static_assert(sizeof(block_t) == 64, "block_t has padding");
@@ -162,8 +164,7 @@
}
size_t max_scrypt_blocks = max_mem / (2 * r * sizeof(block_t));
- if (max_scrypt_blocks < p + 1 ||
- max_scrypt_blocks - p - 1 < N) {
+ if (max_scrypt_blocks < p + 1 || max_scrypt_blocks - p - 1 < N) {
OPENSSL_PUT_ERROR(EVP, EVP_R_MEMORY_LIMIT_EXCEEDED);
return 0;
}
@@ -175,7 +176,8 @@
size_t B_bytes = B_blocks * sizeof(block_t);
size_t T_blocks = 2 * r;
size_t V_blocks = N * 2 * r;
- block_t *B = OPENSSL_calloc(B_blocks + T_blocks + V_blocks, sizeof(block_t));
+ block_t *B = reinterpret_cast<block_t *>(
+ OPENSSL_calloc(B_blocks + T_blocks + V_blocks, sizeof(block_t)));
if (B == NULL) {
return 0;
}
diff --git a/crypto/evp/sign.c b/crypto/evp/sign.cc
similarity index 100%
rename from crypto/evp/sign.c
rename to crypto/evp/sign.cc
diff --git a/crypto/ex_data.c b/crypto/ex_data.cc
similarity index 97%
rename from crypto/ex_data.c
rename to crypto/ex_data.cc
index 17de45e..893515d 100644
--- a/crypto/ex_data.c
+++ b/crypto/ex_data.cc
@@ -134,7 +134,8 @@
int CRYPTO_get_ex_new_index_ex(CRYPTO_EX_DATA_CLASS *ex_data_class, long argl,
void *argp, CRYPTO_EX_free *free_func) {
- CRYPTO_EX_DATA_FUNCS *funcs = OPENSSL_malloc(sizeof(CRYPTO_EX_DATA_FUNCS));
+ CRYPTO_EX_DATA_FUNCS *funcs = reinterpret_cast<CRYPTO_EX_DATA_FUNCS *>(
+ OPENSSL_malloc(sizeof(CRYPTO_EX_DATA_FUNCS)));
if (funcs == NULL) {
return -1;
}
@@ -202,9 +203,7 @@
return sk_void_value(ad->sk, idx);
}
-void CRYPTO_new_ex_data(CRYPTO_EX_DATA *ad) {
- ad->sk = NULL;
-}
+void CRYPTO_new_ex_data(CRYPTO_EX_DATA *ad) { ad->sk = NULL; }
void CRYPTO_free_ex_data(CRYPTO_EX_DATA_CLASS *ex_data_class, void *obj,
CRYPTO_EX_DATA *ad) {
diff --git a/crypto/fipsmodule/aes/aes.c.inc b/crypto/fipsmodule/aes/aes.cc.inc
similarity index 100%
rename from crypto/fipsmodule/aes/aes.c.inc
rename to crypto/fipsmodule/aes/aes.cc.inc
diff --git a/crypto/fipsmodule/aes/aes_nohw.c.inc b/crypto/fipsmodule/aes/aes_nohw.cc.inc
similarity index 100%
rename from crypto/fipsmodule/aes/aes_nohw.c.inc
rename to crypto/fipsmodule/aes/aes_nohw.cc.inc
diff --git a/crypto/fipsmodule/aes/internal.h b/crypto/fipsmodule/aes/internal.h
index a89da46..bc61a50 100644
--- a/crypto/fipsmodule/aes/internal.h
+++ b/crypto/fipsmodule/aes/internal.h
@@ -21,9 +21,7 @@
#include "../../internal.h"
-#if defined(__cplusplus)
extern "C" {
-#endif
#if !defined(OPENSSL_NO_ASM)
@@ -247,8 +245,6 @@
const AES_KEY *key, uint8_t *ivec, int enc);
-#if defined(__cplusplus)
} // extern C
-#endif
#endif // OPENSSL_HEADER_AES_INTERNAL_H
diff --git a/crypto/fipsmodule/aes/key_wrap.c.inc b/crypto/fipsmodule/aes/key_wrap.cc.inc
similarity index 98%
rename from crypto/fipsmodule/aes/key_wrap.c.inc
rename to crypto/fipsmodule/aes/key_wrap.cc.inc
index 95b12d2..67ef3f9 100644
--- a/crypto/fipsmodule/aes/key_wrap.c.inc
+++ b/crypto/fipsmodule/aes/key_wrap.cc.inc
@@ -184,7 +184,7 @@
return 1;
}
- uint8_t *padded_in = OPENSSL_malloc(padded_len);
+ uint8_t *padded_in = reinterpret_cast<uint8_t *>(OPENSSL_malloc(padded_len));
if (padded_in == NULL) {
return 0;
}
diff --git a/crypto/fipsmodule/aes/mode_wrappers.c.inc b/crypto/fipsmodule/aes/mode_wrappers.cc.inc
similarity index 100%
rename from crypto/fipsmodule/aes/mode_wrappers.c.inc
rename to crypto/fipsmodule/aes/mode_wrappers.cc.inc
diff --git a/crypto/fipsmodule/bcm.c b/crypto/fipsmodule/bcm.cc
similarity index 62%
rename from crypto/fipsmodule/bcm.c
rename to crypto/fipsmodule/bcm.cc
index 0d55c08..fc0e2da 100644
--- a/crypto/fipsmodule/bcm.c
+++ b/crypto/fipsmodule/bcm.cc
@@ -28,84 +28,84 @@
#include <openssl/hmac.h>
#include <openssl/sha.h>
-#include "bcm_interface.h"
#include "../bcm_support.h"
#include "../internal.h"
+#include "bcm_interface.h"
// TODO(crbug.com/362530616): When delocate is removed, build these files as
// separate compilation units again.
-#include "aes/aes.c.inc"
-#include "aes/aes_nohw.c.inc"
-#include "aes/key_wrap.c.inc"
-#include "aes/mode_wrappers.c.inc"
-#include "bn/add.c.inc"
-#include "bn/asm/x86_64-gcc.c.inc"
-#include "bn/bn.c.inc"
-#include "bn/bytes.c.inc"
-#include "bn/cmp.c.inc"
-#include "bn/ctx.c.inc"
-#include "bn/div.c.inc"
-#include "bn/div_extra.c.inc"
-#include "bn/exponentiation.c.inc"
-#include "bn/gcd.c.inc"
-#include "bn/gcd_extra.c.inc"
-#include "bn/generic.c.inc"
-#include "bn/jacobi.c.inc"
-#include "bn/montgomery.c.inc"
-#include "bn/montgomery_inv.c.inc"
-#include "bn/mul.c.inc"
-#include "bn/prime.c.inc"
-#include "bn/random.c.inc"
-#include "bn/rsaz_exp.c.inc"
-#include "bn/shift.c.inc"
-#include "bn/sqrt.c.inc"
-#include "cipher/aead.c.inc"
-#include "cipher/cipher.c.inc"
-#include "cipher/e_aes.c.inc"
-#include "cipher/e_aesccm.c.inc"
-#include "cmac/cmac.c.inc"
-#include "dh/check.c.inc"
-#include "dh/dh.c.inc"
-#include "digest/digest.c.inc"
-#include "digest/digests.c.inc"
-#include "digestsign/digestsign.c.inc"
-#include "ecdh/ecdh.c.inc"
-#include "ecdsa/ecdsa.c.inc"
-#include "ec/ec.c.inc"
-#include "ec/ec_key.c.inc"
-#include "ec/ec_montgomery.c.inc"
-#include "ec/felem.c.inc"
-#include "ec/oct.c.inc"
-#include "ec/p224-64.c.inc"
-#include "ec/p256.c.inc"
-#include "ec/p256-nistz.c.inc"
-#include "ec/scalar.c.inc"
-#include "ec/simple.c.inc"
-#include "ec/simple_mul.c.inc"
-#include "ec/util.c.inc"
-#include "ec/wnaf.c.inc"
-#include "hkdf/hkdf.c.inc"
-#include "hmac/hmac.c.inc"
-#include "modes/cbc.c.inc"
-#include "modes/cfb.c.inc"
-#include "modes/ctr.c.inc"
-#include "modes/gcm.c.inc"
-#include "modes/gcm_nohw.c.inc"
-#include "modes/ofb.c.inc"
-#include "modes/polyval.c.inc"
-#include "rand/ctrdrbg.c.inc"
-#include "rand/rand.c.inc"
-#include "rsa/blinding.c.inc"
-#include "rsa/padding.c.inc"
-#include "rsa/rsa.c.inc"
-#include "rsa/rsa_impl.c.inc"
-#include "self_check/fips.c.inc"
-#include "self_check/self_check.c.inc"
-#include "service_indicator/service_indicator.c.inc"
-#include "sha/sha1.c.inc"
-#include "sha/sha256.c.inc"
-#include "sha/sha512.c.inc"
-#include "tls/kdf.c.inc"
+#include "aes/aes.cc.inc"
+#include "aes/aes_nohw.cc.inc"
+#include "aes/key_wrap.cc.inc"
+#include "aes/mode_wrappers.cc.inc"
+#include "bn/add.cc.inc"
+#include "bn/asm/x86_64-gcc.cc.inc"
+#include "bn/bn.cc.inc"
+#include "bn/bytes.cc.inc"
+#include "bn/cmp.cc.inc"
+#include "bn/ctx.cc.inc"
+#include "bn/div.cc.inc"
+#include "bn/div_extra.cc.inc"
+#include "bn/exponentiation.cc.inc"
+#include "bn/gcd.cc.inc"
+#include "bn/gcd_extra.cc.inc"
+#include "bn/generic.cc.inc"
+#include "bn/jacobi.cc.inc"
+#include "bn/montgomery.cc.inc"
+#include "bn/montgomery_inv.cc.inc"
+#include "bn/mul.cc.inc"
+#include "bn/prime.cc.inc"
+#include "bn/random.cc.inc"
+#include "bn/rsaz_exp.cc.inc"
+#include "bn/shift.cc.inc"
+#include "bn/sqrt.cc.inc"
+#include "cipher/aead.cc.inc"
+#include "cipher/cipher.cc.inc"
+#include "cipher/e_aes.cc.inc"
+#include "cipher/e_aesccm.cc.inc"
+#include "cmac/cmac.cc.inc"
+#include "dh/check.cc.inc"
+#include "dh/dh.cc.inc"
+#include "digest/digest.cc.inc"
+#include "digest/digests.cc.inc"
+#include "digestsign/digestsign.cc.inc"
+#include "ec/ec.cc.inc"
+#include "ec/ec_key.cc.inc"
+#include "ec/ec_montgomery.cc.inc"
+#include "ec/felem.cc.inc"
+#include "ec/oct.cc.inc"
+#include "ec/p224-64.cc.inc"
+#include "ec/p256-nistz.cc.inc"
+#include "ec/p256.cc.inc"
+#include "ec/scalar.cc.inc"
+#include "ec/simple.cc.inc"
+#include "ec/simple_mul.cc.inc"
+#include "ec/util.cc.inc"
+#include "ec/wnaf.cc.inc"
+#include "ecdh/ecdh.cc.inc"
+#include "ecdsa/ecdsa.cc.inc"
+#include "hkdf/hkdf.cc.inc"
+#include "hmac/hmac.cc.inc"
+#include "modes/cbc.cc.inc"
+#include "modes/cfb.cc.inc"
+#include "modes/ctr.cc.inc"
+#include "modes/gcm.cc.inc"
+#include "modes/gcm_nohw.cc.inc"
+#include "modes/ofb.cc.inc"
+#include "modes/polyval.cc.inc"
+#include "rand/ctrdrbg.cc.inc"
+#include "rand/rand.cc.inc"
+#include "rsa/blinding.cc.inc"
+#include "rsa/padding.cc.inc"
+#include "rsa/rsa.cc.inc"
+#include "rsa/rsa_impl.cc.inc"
+#include "self_check/fips.cc.inc"
+#include "self_check/self_check.cc.inc"
+#include "service_indicator/service_indicator.cc.inc"
+#include "sha/sha1.cc.inc"
+#include "sha/sha256.cc.inc"
+#include "sha/sha512.cc.inc"
+#include "tls/kdf.cc.inc"
#if defined(BORINGSSL_FIPS)
@@ -128,18 +128,17 @@
// aborts otherwise.
static void assert_within(const void *start, const void *symbol,
const void *end) {
- const uintptr_t start_val = (uintptr_t) start;
- const uintptr_t symbol_val = (uintptr_t) symbol;
- const uintptr_t end_val = (uintptr_t) end;
+ const uintptr_t start_val = (uintptr_t)start;
+ const uintptr_t symbol_val = (uintptr_t)symbol;
+ const uintptr_t end_val = (uintptr_t)end;
if (start_val <= symbol_val && symbol_val < end_val) {
return;
}
- fprintf(
- CRYPTO_get_stderr(),
- "FIPS module doesn't span expected symbol. Expected %p <= %p < %p\n",
- start, symbol, end);
+ fprintf(CRYPTO_get_stderr(),
+ "FIPS module doesn't span expected symbol. Expected %p <= %p < %p\n",
+ start, symbol, end);
BORINGSSL_FIPS_abort();
}
@@ -191,13 +190,13 @@
const uint8_t *const start = BORINGSSL_bcm_text_start;
const uint8_t *const end = BORINGSSL_bcm_text_end;
- assert_within(start, AES_encrypt, end);
- assert_within(start, RSA_sign, end);
- assert_within(start, BCM_rand_bytes, end);
- assert_within(start, EC_GROUP_cmp, end);
- assert_within(start, BCM_sha256_update, end);
- assert_within(start, ecdsa_verify_fixed, end);
- assert_within(start, EVP_AEAD_CTX_seal, end);
+ assert_within(start, reinterpret_cast<const void *>(AES_encrypt), end);
+ assert_within(start, reinterpret_cast<const void *>(RSA_sign), end);
+ assert_within(start, reinterpret_cast<const void *>(BCM_rand_bytes), end);
+ assert_within(start, reinterpret_cast<const void *>(EC_GROUP_cmp), end);
+ assert_within(start, reinterpret_cast<const void *>(BCM_sha256_update), end);
+ assert_within(start, reinterpret_cast<const void *>(ecdsa_verify_fixed), end);
+ assert_within(start, reinterpret_cast<const void *>(EVP_AEAD_CTX_seal), end);
#if defined(BORINGSSL_SHARED_LIBRARY)
const uint8_t *const rodata_start = BORINGSSL_bcm_rodata_start;
@@ -214,8 +213,7 @@
uint8_t result[SHA256_DIGEST_LENGTH];
const EVP_MD *const kHashFunction = EVP_sha256();
- if (!boringssl_self_test_sha256() ||
- !boringssl_self_test_hmac_sha256()) {
+ if (!boringssl_self_test_sha256() || !boringssl_self_test_hmac_sha256()) {
return 0;
}
@@ -232,11 +230,11 @@
BORINGSSL_maybe_set_module_text_permissions(PROT_READ | PROT_EXEC);
#if defined(BORINGSSL_SHARED_LIBRARY)
uint64_t length = end - start;
- HMAC_Update(&hmac_ctx, (const uint8_t *) &length, sizeof(length));
+ HMAC_Update(&hmac_ctx, (const uint8_t *)&length, sizeof(length));
HMAC_Update(&hmac_ctx, start, length);
length = rodata_end - rodata_start;
- HMAC_Update(&hmac_ctx, (const uint8_t *) &length, sizeof(length));
+ HMAC_Update(&hmac_ctx, (const uint8_t *)&length, sizeof(length));
HMAC_Update(&hmac_ctx, rodata_start, length);
#else
HMAC_Update(&hmac_ctx, start, end - start);
@@ -248,7 +246,7 @@
fprintf(CRYPTO_get_stderr(), "HMAC failed.\n");
return 0;
}
- HMAC_CTX_cleanse(&hmac_ctx); // FIPS 140-3, AS05.10.
+ HMAC_CTX_cleanse(&hmac_ctx); // FIPS 140-3, AS05.10.
const uint8_t *expected = BORINGSSL_bcm_text_hash;
@@ -258,13 +256,11 @@
#endif
}
- OPENSSL_cleanse(result, sizeof(result)); // FIPS 140-3, AS05.10.
+ OPENSSL_cleanse(result, sizeof(result)); // FIPS 140-3, AS05.10.
return 1;
}
-const uint8_t* FIPS_module_hash(void) {
- return BORINGSSL_bcm_text_hash;
-}
+const uint8_t *FIPS_module_hash(void) { return BORINGSSL_bcm_text_hash; }
#endif // OPENSSL_ASAN
diff --git a/crypto/fipsmodule/bn/add.c.inc b/crypto/fipsmodule/bn/add.cc.inc
similarity index 99%
rename from crypto/fipsmodule/bn/add.c.inc
rename to crypto/fipsmodule/bn/add.cc.inc
index 1a8785e..1487ac9 100644
--- a/crypto/fipsmodule/bn/add.c.inc
+++ b/crypto/fipsmodule/bn/add.cc.inc
@@ -61,6 +61,7 @@
#include <openssl/err.h>
#include <openssl/mem.h>
+#include "../../internal.h"
#include "internal.h"
diff --git a/crypto/fipsmodule/bn/asm/x86_64-gcc.c.inc b/crypto/fipsmodule/bn/asm/x86_64-gcc.cc.inc
similarity index 98%
rename from crypto/fipsmodule/bn/asm/x86_64-gcc.c.inc
rename to crypto/fipsmodule/bn/asm/x86_64-gcc.cc.inc
index 30fff21..4f6bcae 100644
--- a/crypto/fipsmodule/bn/asm/x86_64-gcc.c.inc
+++ b/crypto/fipsmodule/bn/asm/x86_64-gcc.cc.inc
@@ -67,7 +67,7 @@
// want to keep the value of zero;
#define mul_add(r, a, word, carry) \
do { \
- register BN_ULONG high, low; \
+ BN_ULONG high, low; \
__asm__("mulq %3" : "=a"(low), "=d"(high) : "a"(word), "m"(a) : "cc"); \
__asm__("addq %2,%0; adcq %3,%1" \
: "+r"(carry), "+d"(high) \
@@ -82,7 +82,7 @@
#define mul(r, a, word, carry) \
do { \
- register BN_ULONG high, low; \
+ BN_ULONG high, low; \
__asm__("mulq %3" : "=a"(low), "=d"(high) : "a"(word), "g"(a) : "cc"); \
__asm__("addq %2,%0; adcq %3,%1" \
: "+r"(carry), "+d"(high) \
@@ -194,7 +194,7 @@
return 0;
}
- __asm__ volatile (
+ __asm__ volatile(
" subq %0,%0 \n" // clear carry
" jmp 1f \n"
".p2align 4 \n"
@@ -222,7 +222,7 @@
return 0;
}
- __asm__ volatile (
+ __asm__ volatile(
" subq %0,%0 \n" // clear borrow
" jmp 1f \n"
".p2align 4 \n"
diff --git a/crypto/fipsmodule/bn/bn.c.inc b/crypto/fipsmodule/bn/bn.cc.inc
similarity index 93%
rename from crypto/fipsmodule/bn/bn.c.inc
rename to crypto/fipsmodule/bn/bn.cc.inc
index ecebcca..a3b8f08 100644
--- a/crypto/fipsmodule/bn/bn.c.inc
+++ b/crypto/fipsmodule/bn/bn.cc.inc
@@ -63,8 +63,8 @@
#include <openssl/err.h>
#include <openssl/mem.h>
-#include "internal.h"
#include "../delocate.h"
+#include "internal.h"
// BN_MAX_WORDS is the maximum number of words allowed in a |BIGNUM|. It is
@@ -73,7 +73,7 @@
#define BN_MAX_WORDS (INT_MAX / (4 * BN_BITS2))
BIGNUM *BN_new(void) {
- BIGNUM *bn = OPENSSL_malloc(sizeof(BIGNUM));
+ BIGNUM *bn = reinterpret_cast<BIGNUM *>(OPENSSL_malloc(sizeof(BIGNUM)));
if (bn == NULL) {
return NULL;
@@ -87,9 +87,7 @@
BIGNUM *BN_secure_new(void) { return BN_new(); }
-void BN_init(BIGNUM *bn) {
- OPENSSL_memset(bn, 0, sizeof(BIGNUM));
-}
+void BN_init(BIGNUM *bn) { OPENSSL_memset(bn, 0, sizeof(BIGNUM)); }
void BN_free(BIGNUM *bn) {
if (bn == NULL) {
@@ -107,9 +105,7 @@
}
}
-void BN_clear_free(BIGNUM *bn) {
- BN_free(bn);
-}
+void BN_clear_free(BIGNUM *bn) { BN_free(bn); }
BIGNUM *BN_dup(const BIGNUM *src) {
BIGNUM *copy;
@@ -157,8 +153,8 @@
}
DEFINE_METHOD_FUNCTION(BIGNUM, BN_value_one) {
- static const BN_ULONG kOneLimbs[1] = { 1 };
- out->d = (BN_ULONG*) kOneLimbs;
+ static const BN_ULONG kOneLimbs[1] = {1};
+ out->d = (BN_ULONG *)kOneLimbs;
out->width = 1;
out->dmax = 1;
out->neg = 0;
@@ -229,17 +225,11 @@
return (width - 1) * BN_BITS2 + BN_num_bits_word(bn->d[width - 1]);
}
-unsigned BN_num_bytes(const BIGNUM *bn) {
- return (BN_num_bits(bn) + 7) / 8;
-}
+unsigned BN_num_bytes(const BIGNUM *bn) { return (BN_num_bits(bn) + 7) / 8; }
-void BN_zero(BIGNUM *bn) {
- bn->width = bn->neg = 0;
-}
+void BN_zero(BIGNUM *bn) { bn->width = bn->neg = 0; }
-int BN_one(BIGNUM *bn) {
- return BN_set_word(bn, 1);
-}
+int BN_one(BIGNUM *bn) { return BN_set_word(bn, 1); }
int BN_set_word(BIGNUM *bn, BN_ULONG value) {
if (value == 0) {
@@ -332,9 +322,7 @@
return 1;
}
-int BN_is_negative(const BIGNUM *bn) {
- return bn->neg != 0;
-}
+int BN_is_negative(const BIGNUM *bn) { return bn->neg != 0; }
void BN_set_negative(BIGNUM *bn, int sign) {
if (sign && !BN_is_zero(bn)) {
@@ -361,7 +349,7 @@
return 0;
}
- a = OPENSSL_calloc(words, sizeof(BN_ULONG));
+ a = reinterpret_cast<BN_ULONG *>(OPENSSL_calloc(words, sizeof(BN_ULONG)));
if (a == NULL) {
return 0;
}
@@ -380,7 +368,7 @@
OPENSSL_PUT_ERROR(BN, BN_R_BIGNUM_TOO_LONG);
return 0;
}
- return bn_wexpand(bn, (bits+BN_BITS2-1)/BN_BITS2);
+ return bn_wexpand(bn, (bits + BN_BITS2 - 1) / BN_BITS2);
}
int bn_resize_words(BIGNUM *bn, size_t words) {
diff --git a/crypto/fipsmodule/bn/bytes.c.inc b/crypto/fipsmodule/bn/bytes.cc.inc
similarity index 100%
rename from crypto/fipsmodule/bn/bytes.c.inc
rename to crypto/fipsmodule/bn/bytes.cc.inc
diff --git a/crypto/fipsmodule/bn/cmp.c.inc b/crypto/fipsmodule/bn/cmp.cc.inc
similarity index 100%
rename from crypto/fipsmodule/bn/cmp.c.inc
rename to crypto/fipsmodule/bn/cmp.cc.inc
diff --git a/crypto/fipsmodule/bn/ctx.c.inc b/crypto/fipsmodule/bn/ctx.cc.inc
similarity index 96%
rename from crypto/fipsmodule/bn/ctx.c.inc
rename to crypto/fipsmodule/bn/ctx.cc.inc
index 740fb78..bd54181 100644
--- a/crypto/fipsmodule/bn/ctx.c.inc
+++ b/crypto/fipsmodule/bn/ctx.cc.inc
@@ -7,7 +7,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -106,7 +106,7 @@
};
BN_CTX *BN_CTX_new(void) {
- BN_CTX *ret = OPENSSL_malloc(sizeof(BN_CTX));
+ BN_CTX *ret = reinterpret_cast<BN_CTX *>(OPENSSL_malloc(sizeof(BN_CTX)));
if (!ret) {
return NULL;
}
@@ -201,9 +201,7 @@
st->depth = st->size = 0;
}
-static void BN_STACK_cleanup(BN_STACK *st) {
- OPENSSL_free(st->indexes);
-}
+static void BN_STACK_cleanup(BN_STACK *st) { OPENSSL_free(st->indexes); }
static int BN_STACK_push(BN_STACK *st, size_t idx) {
if (st->depth == st->size) {
@@ -213,8 +211,8 @@
if (new_size <= st->size || new_size > SIZE_MAX / sizeof(size_t)) {
return 0;
}
- size_t *new_indexes =
- OPENSSL_realloc(st->indexes, new_size * sizeof(size_t));
+ size_t *new_indexes = reinterpret_cast<size_t *>(
+ OPENSSL_realloc(st->indexes, new_size * sizeof(size_t)));
if (new_indexes == NULL) {
return 0;
}
diff --git a/crypto/fipsmodule/bn/div.c.inc b/crypto/fipsmodule/bn/div.cc.inc
similarity index 94%
rename from crypto/fipsmodule/bn/div.c.inc
rename to crypto/fipsmodule/bn/div.cc.inc
index 06c4db5..eae9dc5 100644
--- a/crypto/fipsmodule/bn/div.c.inc
+++ b/crypto/fipsmodule/bn/div.cc.inc
@@ -66,8 +66,7 @@
// bn_div_words divides a double-width |h|,|l| by |d| and returns the result,
// which must fit in a |BN_ULONG|.
-OPENSSL_UNUSED static BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l,
- BN_ULONG d) {
+static inline BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) {
BN_ULONG dh, dl, q, ret = 0, th, tl, t;
int i, count = 2;
@@ -195,6 +194,8 @@
BIGNUM *snum = BN_CTX_get(ctx);
BIGNUM *sdiv = BN_CTX_get(ctx);
BIGNUM *res = quotient == NULL ? BN_CTX_get(ctx) : quotient;
+ int norm_shift, num_n, loop, div_n;
+ BN_ULONG d0, d1;
if (tmp == NULL || snum == NULL || sdiv == NULL || res == NULL) {
goto err;
}
@@ -202,7 +203,7 @@
// Knuth step D1: Normalise the numbers such that the divisor's MSB is set.
// This ensures, in Knuth's terminology, that v1 >= b/2, needed for the
// quotient estimation step.
- int norm_shift = BN_BITS2 - (BN_num_bits(divisor) % BN_BITS2);
+ norm_shift = BN_BITS2 - (BN_num_bits(divisor) % BN_BITS2);
if (!BN_lshift(sdiv, divisor, norm_shift) ||
!BN_lshift(snum, numerator, norm_shift)) {
goto err;
@@ -213,9 +214,9 @@
// avoid looping on leading zeros, as we're not trying to be leak-free.
bn_set_minimal_width(sdiv);
bn_set_minimal_width(snum);
- int div_n = sdiv->width;
- const BN_ULONG d0 = sdiv->d[div_n - 1];
- const BN_ULONG d1 = (div_n == 1) ? 0 : sdiv->d[div_n - 2];
+ div_n = sdiv->width;
+ d0 = sdiv->d[div_n - 1];
+ d1 = (div_n == 1) ? 0 : sdiv->d[div_n - 2];
assert(d0 & (((BN_ULONG)1) << (BN_BITS2 - 1)));
// Extend |snum| with zeros to satisfy the long division invariants:
@@ -223,14 +224,14 @@
// - |snum|'s most significant word must be zero to guarantee the first loop
// iteration works with a prefix greater than |sdiv|. (This is the extra u0
// digit in Knuth step D1.)
- int num_n = snum->width <= div_n ? div_n + 1 : snum->width + 1;
+ num_n = snum->width <= div_n ? div_n + 1 : snum->width + 1;
if (!bn_resize_words(snum, num_n)) {
goto err;
}
// Knuth step D2: The quotient's width is the difference between numerator and
// denominator. Also set up its sign and size a temporary for the loop.
- int loop = num_n - div_n;
+ loop = num_n - div_n;
res->neg = snum->neg ^ sdiv->neg;
if (!bn_wexpand(res, loop) || //
!bn_wexpand(tmp, div_n + 1)) {
@@ -447,9 +448,9 @@
r = BN_CTX_get(ctx);
}
BIGNUM *tmp = BN_CTX_get(ctx);
+ int initial_words;
if (q == NULL || r == NULL || tmp == NULL ||
- !bn_wexpand(q, numerator->width) ||
- !bn_wexpand(r, divisor->width) ||
+ !bn_wexpand(q, numerator->width) || !bn_wexpand(r, divisor->width) ||
!bn_wexpand(tmp, divisor->width)) {
goto err;
}
@@ -472,7 +473,7 @@
// without reductions. This significantly speeds up |RSA_check_key|. For
// simplicity, we round down to a whole number of words.
declassify_assert(divisor_min_bits <= BN_num_bits(divisor));
- int initial_words = 0;
+ initial_words = 0;
if (divisor_min_bits > 0) {
initial_words = (divisor_min_bits - 1) / BN_BITS2;
if (initial_words > numerator->width) {
@@ -514,8 +515,7 @@
static BIGNUM *bn_scratch_space_from_ctx(size_t width, BN_CTX *ctx) {
BIGNUM *ret = BN_CTX_get(ctx);
- if (ret == NULL ||
- !bn_wexpand(ret, width)) {
+ if (ret == NULL || !bn_wexpand(ret, width)) {
return NULL;
}
ret->neg = 0;
@@ -536,9 +536,7 @@
return bn;
}
BIGNUM *ret = bn_scratch_space_from_ctx(width, ctx);
- if (ret == NULL ||
- !BN_copy(ret, bn) ||
- !bn_resize_words(ret, width)) {
+ if (ret == NULL || !BN_copy(ret, bn) || !bn_resize_words(ret, width)) {
return NULL;
}
return ret;
@@ -555,8 +553,7 @@
int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
const BIGNUM *m) {
BN_CTX *ctx = BN_CTX_new();
- int ok = ctx != NULL &&
- bn_mod_add_consttime(r, a, b, m, ctx);
+ int ok = ctx != NULL && bn_mod_add_consttime(r, a, b, m, ctx);
BN_CTX_free(ctx);
return ok;
}
@@ -567,8 +564,7 @@
a = bn_resized_from_ctx(a, m->width, ctx);
b = bn_resized_from_ctx(b, m->width, ctx);
BIGNUM *tmp = bn_scratch_space_from_ctx(m->width, ctx);
- int ok = a != NULL && b != NULL && tmp != NULL &&
- bn_wexpand(r, m->width);
+ int ok = a != NULL && b != NULL && tmp != NULL && bn_wexpand(r, m->width);
if (ok) {
bn_mod_add_words(r->d, a->d, b->d, m->d, tmp->d, m->width);
r->width = m->width;
@@ -592,8 +588,7 @@
a = bn_resized_from_ctx(a, m->width, ctx);
b = bn_resized_from_ctx(b, m->width, ctx);
BIGNUM *tmp = bn_scratch_space_from_ctx(m->width, ctx);
- int ok = a != NULL && b != NULL && tmp != NULL &&
- bn_wexpand(r, m->width);
+ int ok = a != NULL && b != NULL && tmp != NULL && bn_wexpand(r, m->width);
if (ok) {
bn_mod_sub_words(r->d, a->d, b->d, m->d, tmp->d, m->width);
r->width = m->width;
@@ -606,8 +601,7 @@
int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
const BIGNUM *m) {
BN_CTX *ctx = BN_CTX_new();
- int ok = ctx != NULL &&
- bn_mod_sub_consttime(r, a, b, m, ctx);
+ int ok = ctx != NULL && bn_mod_sub_consttime(r, a, b, m, ctx);
BN_CTX_free(ctx);
return ok;
}
@@ -678,8 +672,7 @@
int bn_mod_lshift_consttime(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m,
BN_CTX *ctx) {
- if (!BN_copy(r, a) ||
- !bn_resize_words(r, m->width)) {
+ if (!BN_copy(r, a) || !bn_resize_words(r, m->width)) {
return 0;
}
@@ -698,8 +691,7 @@
int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m) {
BN_CTX *ctx = BN_CTX_new();
- int ok = ctx != NULL &&
- bn_mod_lshift_consttime(r, a, n, m, ctx);
+ int ok = ctx != NULL && bn_mod_lshift_consttime(r, a, n, m, ctx);
BN_CTX_free(ctx);
return ok;
}
@@ -719,8 +711,7 @@
int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m) {
BN_CTX *ctx = BN_CTX_new();
- int ok = ctx != NULL &&
- bn_mod_lshift1_consttime(r, a, m, ctx);
+ int ok = ctx != NULL && bn_mod_lshift1_consttime(r, a, m, ctx);
BN_CTX_free(ctx);
return ok;
}
@@ -731,7 +722,7 @@
if (!w) {
// actually this an error (division by zero)
- return (BN_ULONG) - 1;
+ return (BN_ULONG)-1;
}
if (a->width == 0) {
@@ -742,7 +733,7 @@
j = BN_BITS2 - BN_num_bits_word(w);
w <<= j;
if (!BN_lshift(a, a, j)) {
- return (BN_ULONG) - 1;
+ return (BN_ULONG)-1;
}
for (i = a->width - 1; i >= 0; i--) {
@@ -768,7 +759,7 @@
int i;
if (w == 0) {
- return (BN_ULONG) -1;
+ return (BN_ULONG)-1;
}
#ifndef BN_CAN_DIVIDE_ULLONG
@@ -805,7 +796,7 @@
size_t num_words = 1 + ((e - 1) / BN_BITS2);
// If |a| definitely has less than |e| bits, just BN_copy.
- if ((size_t) a->width < num_words) {
+ if ((size_t)a->width < num_words) {
return BN_copy(r, a) != NULL;
}
@@ -821,12 +812,12 @@
// If |e| isn't word-aligned, we have to mask off some of our bits.
size_t top_word_exponent = e % (sizeof(BN_ULONG) * 8);
if (top_word_exponent != 0) {
- r->d[num_words - 1] &= (((BN_ULONG) 1) << top_word_exponent) - 1;
+ r->d[num_words - 1] &= (((BN_ULONG)1) << top_word_exponent) - 1;
}
// Fill in the remaining fields of |r|.
r->neg = a->neg;
- r->width = (int) num_words;
+ r->width = (int)num_words;
bn_set_minimal_width(r);
return 1;
}
@@ -853,7 +844,7 @@
// Set parameters of |r|.
r->neg = 0;
- r->width = (int) num_words;
+ r->width = (int)num_words;
// Now, invert every word. The idea here is that we want to compute 2^e-|x|,
// which is actually equivalent to the twos-complement representation of |x|
@@ -865,7 +856,7 @@
// If our exponent doesn't span the top word, we have to mask the rest.
size_t top_word_exponent = e % BN_BITS2;
if (top_word_exponent != 0) {
- r->d[r->width - 1] &= (((BN_ULONG) 1) << top_word_exponent) - 1;
+ r->d[r->width - 1] &= (((BN_ULONG)1) << top_word_exponent) - 1;
}
// Keep the minimal-width invariant for |BIGNUM|.
diff --git a/crypto/fipsmodule/bn/div_extra.c.inc b/crypto/fipsmodule/bn/div_extra.cc.inc
similarity index 100%
rename from crypto/fipsmodule/bn/div_extra.c.inc
rename to crypto/fipsmodule/bn/div_extra.cc.inc
diff --git a/crypto/fipsmodule/bn/exponentiation.c.inc b/crypto/fipsmodule/bn/exponentiation.cc.inc
similarity index 96%
rename from crypto/fipsmodule/bn/exponentiation.c.inc
rename to crypto/fipsmodule/bn/exponentiation.cc.inc
index 9030aa8..13a8605 100644
--- a/crypto/fipsmodule/bn/exponentiation.c.inc
+++ b/crypto/fipsmodule/bn/exponentiation.cc.inc
@@ -130,9 +130,9 @@
// WARNING: This function implements Almost Montgomery Multiplication from
// https://eprint.iacr.org/2011/239. The inputs do not need to be fully reduced.
// However, even if they are fully reduced, the output may not be.
-static void bn_mul_mont_gather5(
- BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *table, const BN_ULONG *np,
- const BN_ULONG *n0, int num, int power) {
+static void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap,
+ const BN_ULONG *table, const BN_ULONG *np,
+ const BN_ULONG *n0, int num, int power) {
if (bn_mulx4x_mont_gather5_capable(num)) {
bn_mulx4x_mont_gather5(rp, ap, table, np, n0, num, power);
} else if (bn_mul4x_mont_gather5_capable(num)) {
@@ -162,7 +162,7 @@
}
}
-#endif // defined(OPENSSL_BN_ASM_MONT5)
+#endif // defined(OPENSSL_BN_ASM_MONT5)
int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) {
int i, bits, ret = 0;
@@ -534,9 +534,9 @@
}
}
- start = 1; // This is used to avoid multiplication etc
- // when there is only the value '1' in the
- // buffer.
+ start = 1; // This is used to avoid multiplication etc
+ // when there is only the value '1' in the
+ // buffer.
wstart = bits - 1; // The top bit of the window
if (!BN_one(r)) {
@@ -545,7 +545,7 @@
for (;;) {
int wvalue; // The 'value' of the window
- int wend; // The bottom bit of the window
+ int wend; // The bottom bit of the window
if (!BN_is_bit_set(p, wstart)) {
if (!start) {
@@ -661,6 +661,7 @@
BN_CTX_start(ctx);
BIGNUM *r = BN_CTX_get(ctx);
val[0] = BN_CTX_get(ctx);
+ int window, r_is_one, wstart;
if (r == NULL || val[0] == NULL) {
goto err;
}
@@ -678,14 +679,13 @@
// precomputing powers of |a|. Windows may be shifted so they always end on a
// set bit, so only precompute odd powers. We compute val[i] = a^(2*i + 1)
// for i = 0 to 2^(window-1), all in Montgomery form.
- int window = BN_window_bits_for_exponent_size(bits);
+ window = BN_window_bits_for_exponent_size(bits);
if (!BN_to_montgomery(val[0], a, mont, ctx)) {
goto err;
}
if (window > 1) {
BIGNUM *d = BN_CTX_get(ctx);
- if (d == NULL ||
- !BN_mod_mul_montgomery(d, val[0], val[0], mont, ctx)) {
+ if (d == NULL || !BN_mod_mul_montgomery(d, val[0], val[0], mont, ctx)) {
goto err;
}
for (int i = 1; i < 1 << (window - 1); i++) {
@@ -699,8 +699,8 @@
// |p| is non-zero, so at least one window is non-zero. To save some
// multiplications, defer initializing |r| until then.
- int r_is_one = 1;
- int wstart = bits - 1; // The top bit of the window.
+ r_is_one = 1;
+ wstart = bits - 1; // The top bit of the window.
for (;;) {
if (!BN_is_bit_set(p, wstart)) {
if (!r_is_one && !BN_mod_mul_montgomery(r, r, r, mont, ctx)) {
@@ -930,7 +930,7 @@
int i, ret = 0, wvalue;
BN_MONT_CTX *new_mont = NULL;
- unsigned char *powerbuf_free = NULL;
+ void *powerbuf_free = NULL;
size_t powerbuf_len = 0;
BN_ULONG *powerbuf = NULL;
@@ -963,6 +963,7 @@
}
// Allocate a montgomery context if it was not supplied by the caller.
+ int top, num_powers, window;
if (mont == NULL) {
new_mont = BN_MONT_CTX_new_consttime(m, ctx);
if (new_mont == NULL) {
@@ -973,7 +974,7 @@
// Use the width in |mont->N|, rather than the copy in |m|. The assembly
// implementation assumes it can use |top| to size R.
- int top = mont->N.width;
+ top = mont->N.width;
#if defined(OPENSSL_BN_ASM_MONT5) || defined(RSAZ_ENABLED)
// Share one large stack-allocated buffer between the RSAZ and non-RSAZ code
@@ -1001,7 +1002,7 @@
#endif
// Get the window size to use with size of p.
- int window = BN_window_bits_for_ctime_exponent_size(bits);
+ window = BN_window_bits_for_ctime_exponent_size(bits);
assert(window <= BN_MAX_MOD_EXP_CTIME_WINDOW);
// Calculating |powerbuf_len| below cannot overflow because of the bound on
@@ -1022,7 +1023,7 @@
// Allocate a buffer large enough to hold all of the pre-computed
// powers of |am|, |am| itself, and |tmp|.
- int num_powers = 1 << window;
+ num_powers = 1 << window;
powerbuf_len += sizeof(m->d[0]) * top * (num_powers + 2);
#if defined(OPENSSL_BN_ASM_MONT5)
@@ -1037,7 +1038,8 @@
if (powerbuf_free == NULL) {
goto err;
}
- powerbuf = align_pointer(powerbuf_free, MOD_EXP_CTIME_ALIGN);
+ powerbuf = reinterpret_cast<BN_ULONG *>(
+ align_pointer(powerbuf_free, MOD_EXP_CTIME_ALIGN));
}
OPENSSL_memset(powerbuf, 0, powerbuf_len);
@@ -1050,16 +1052,14 @@
tmp.neg = am.neg = 0;
tmp.flags = am.flags = BN_FLG_STATIC_DATA;
- if (!bn_one_to_montgomery(&tmp, mont, ctx) ||
- !bn_resize_words(&tmp, top)) {
+ if (!bn_one_to_montgomery(&tmp, mont, ctx) || !bn_resize_words(&tmp, top)) {
goto err;
}
// Prepare a^1 in the Montgomery domain.
assert(!a->neg);
declassify_assert(BN_ucmp(a, m) < 0);
- if (!BN_to_montgomery(&am, a, mont, ctx) ||
- !bn_resize_words(&am, top)) {
+ if (!BN_to_montgomery(&am, a, mont, ctx) || !bn_resize_words(&am, top)) {
goto err;
}
diff --git a/crypto/fipsmodule/bn/gcd.c.inc b/crypto/fipsmodule/bn/gcd.cc.inc
similarity index 98%
rename from crypto/fipsmodule/bn/gcd.c.inc
rename to crypto/fipsmodule/bn/gcd.cc.inc
index 7aa0043..ecf8244 100644
--- a/crypto/fipsmodule/bn/gcd.c.inc
+++ b/crypto/fipsmodule/bn/gcd.cc.inc
@@ -136,12 +136,11 @@
B = BN_CTX_get(ctx);
X = BN_CTX_get(ctx);
Y = BN_CTX_get(ctx);
+ BIGNUM *R = out;
if (Y == NULL) {
goto err;
}
- BIGNUM *R = out;
-
BN_zero(Y);
if (!BN_one(X) || BN_copy(B, a) == NULL || BN_copy(A, n) == NULL) {
goto err;
@@ -376,8 +375,7 @@
BN_CTX *ctx, const BN_MONT_CTX *mont_p) {
BN_CTX_start(ctx);
BIGNUM *p_minus_2 = BN_CTX_get(ctx);
- int ok = p_minus_2 != NULL &&
- BN_copy(p_minus_2, p) &&
+ int ok = p_minus_2 != NULL && BN_copy(p_minus_2, p) &&
BN_sub_word(p_minus_2, 2) &&
BN_mod_exp_mont(out, a, p_minus_2, p, ctx, mont_p);
BN_CTX_end(ctx);
@@ -388,8 +386,7 @@
BN_CTX *ctx, const BN_MONT_CTX *mont_p) {
BN_CTX_start(ctx);
BIGNUM *p_minus_2 = BN_CTX_get(ctx);
- int ok = p_minus_2 != NULL &&
- BN_copy(p_minus_2, p) &&
+ int ok = p_minus_2 != NULL && BN_copy(p_minus_2, p) &&
BN_sub_word(p_minus_2, 2) &&
BN_mod_exp_mont_consttime(out, a, p_minus_2, p, ctx, mont_p);
BN_CTX_end(ctx);
diff --git a/crypto/fipsmodule/bn/gcd_extra.c.inc b/crypto/fipsmodule/bn/gcd_extra.cc.inc
similarity index 89%
rename from crypto/fipsmodule/bn/gcd_extra.c.inc
rename to crypto/fipsmodule/bn/gcd_extra.cc.inc
index 531ff59..0830bdf 100644
--- a/crypto/fipsmodule/bn/gcd_extra.c.inc
+++ b/crypto/fipsmodule/bn/gcd_extra.cc.inc
@@ -35,7 +35,7 @@
maybe_rshift1_words(a, mask, tmp, num);
if (num != 0) {
carry &= mask;
- a[num - 1] |= carry << (BN_BITS2-1);
+ a[num - 1] |= carry << (BN_BITS2 - 1);
}
}
@@ -61,25 +61,27 @@
BIGNUM *u = BN_CTX_get(ctx);
BIGNUM *v = BN_CTX_get(ctx);
BIGNUM *tmp = BN_CTX_get(ctx);
- if (u == NULL || v == NULL || tmp == NULL ||
- !BN_copy(u, x) ||
- !BN_copy(v, y) ||
- !bn_resize_words(u, width) ||
- !bn_resize_words(v, width) ||
+ unsigned x_bits, y_bits, num_iters, shift;
+ if (u == NULL || v == NULL || tmp == NULL || //
+ !BN_copy(u, x) || //
+ !BN_copy(v, y) || //
+ !bn_resize_words(u, width) || //
+ !bn_resize_words(v, width) || //
!bn_resize_words(tmp, width)) {
goto err;
}
// Each loop iteration halves at least one of |u| and |v|. Thus we need at
// most the combined bit width of inputs for at least one value to be zero.
- unsigned x_bits = x->width * BN_BITS2, y_bits = y->width * BN_BITS2;
- unsigned num_iters = x_bits + y_bits;
+ x_bits = x->width * BN_BITS2;
+ y_bits = y->width * BN_BITS2;
+ num_iters = x_bits + y_bits;
if (num_iters < x_bits) {
OPENSSL_PUT_ERROR(BN, BN_R_BIGNUM_TOO_LONG);
goto err;
}
- unsigned shift = 0;
+ shift = 0;
for (unsigned i = 0; i < num_iters; i++) {
BN_ULONG both_odd = word_is_odd_mask(u->d[0]) & word_is_odd_mask(v->d[0]);
@@ -121,8 +123,7 @@
int BN_gcd(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) {
unsigned shift;
- return bn_gcd_consttime(r, &shift, x, y, ctx) &&
- BN_lshift(r, r, shift);
+ return bn_gcd_consttime(r, &shift, x, y, ctx) && BN_lshift(r, r, shift);
}
int bn_is_relatively_prime(int *out_relatively_prime, const BIGNUM *x,
@@ -131,8 +132,7 @@
BN_CTX_start(ctx);
unsigned shift;
BIGNUM *gcd = BN_CTX_get(ctx);
- if (gcd == NULL ||
- !bn_gcd_consttime(gcd, &shift, x, y, ctx)) {
+ if (gcd == NULL || !bn_gcd_consttime(gcd, &shift, x, y, ctx)) {
goto err;
}
@@ -217,23 +217,30 @@
BIGNUM *D = BN_CTX_get(ctx);
BIGNUM *tmp = BN_CTX_get(ctx);
BIGNUM *tmp2 = BN_CTX_get(ctx);
- if (u == NULL || v == NULL || A == NULL || B == NULL || C == NULL ||
- D == NULL || tmp == NULL || tmp2 == NULL ||
- !BN_copy(u, a) ||
- !BN_copy(v, n) ||
- !BN_one(A) ||
+ size_t a_bits, num_iters, n_bits;
+ if (u == NULL || //
+ v == NULL || //
+ A == NULL || //
+ B == NULL || //
+ C == NULL || //
+ D == NULL || //
+ tmp == NULL || //
+ tmp2 == NULL || //
+ !BN_copy(u, a) || //
+ !BN_copy(v, n) || //
+ !BN_one(A) || //
!BN_one(D) ||
// For convenience, size |u| and |v| equivalently.
- !bn_resize_words(u, n_width) ||
+ !bn_resize_words(u, n_width) || //
!bn_resize_words(v, n_width) ||
// |A| and |C| are bounded by |m|.
- !bn_resize_words(A, n_width) ||
+ !bn_resize_words(A, n_width) || //
!bn_resize_words(C, n_width) ||
// |B| and |D| are bounded by |a|.
- !bn_resize_words(B, a_width) ||
+ !bn_resize_words(B, a_width) || //
!bn_resize_words(D, a_width) ||
// |tmp| and |tmp2| may be used at either size.
- !bn_resize_words(tmp, n_width) ||
+ !bn_resize_words(tmp, n_width) || //
!bn_resize_words(tmp2, n_width)) {
goto err;
}
@@ -242,8 +249,9 @@
// most the combined bit width of inputs for at least one value to be zero.
// |a_bits| and |n_bits| cannot overflow because |bn_wexpand| ensures bit
// counts fit in even |int|.
- size_t a_bits = a_width * BN_BITS2, n_bits = n_width * BN_BITS2;
- size_t num_iters = a_bits + n_bits;
+ a_bits = a_width * BN_BITS2;
+ n_bits = n_width * BN_BITS2;
+ num_iters = a_bits + n_bits;
if (num_iters < a_bits) {
OPENSSL_PUT_ERROR(BN, BN_R_BIGNUM_TOO_LONG);
goto err;
diff --git a/crypto/fipsmodule/bn/generic.c.inc b/crypto/fipsmodule/bn/generic.cc.inc
similarity index 100%
rename from crypto/fipsmodule/bn/generic.c.inc
rename to crypto/fipsmodule/bn/generic.cc.inc
diff --git a/crypto/fipsmodule/bn/jacobi.c.inc b/crypto/fipsmodule/bn/jacobi.cc.inc
similarity index 100%
rename from crypto/fipsmodule/bn/jacobi.c.inc
rename to crypto/fipsmodule/bn/jacobi.cc.inc
diff --git a/crypto/fipsmodule/bn/montgomery.c.inc b/crypto/fipsmodule/bn/montgomery.cc.inc
similarity index 96%
rename from crypto/fipsmodule/bn/montgomery.c.inc
rename to crypto/fipsmodule/bn/montgomery.cc.inc
index cf483b0..eda57f3 100644
--- a/crypto/fipsmodule/bn/montgomery.c.inc
+++ b/crypto/fipsmodule/bn/montgomery.cc.inc
@@ -117,8 +117,8 @@
#include <openssl/mem.h>
#include <openssl/thread.h>
-#include "internal.h"
#include "../../internal.h"
+#include "internal.h"
void bn_mont_ctx_init(BN_MONT_CTX *mont) {
@@ -133,7 +133,8 @@
}
BN_MONT_CTX *BN_MONT_CTX_new(void) {
- BN_MONT_CTX *ret = OPENSSL_malloc(sizeof(BN_MONT_CTX));
+ BN_MONT_CTX *ret =
+ reinterpret_cast<BN_MONT_CTX *>(OPENSSL_malloc(sizeof(BN_MONT_CTX)));
if (ret == NULL) {
return NULL;
}
@@ -156,8 +157,7 @@
return to;
}
- if (!BN_copy(&to->RR, &from->RR) ||
- !BN_copy(&to->N, &from->N)) {
+ if (!BN_copy(&to->RR, &from->RR) || !BN_copy(&to->N, &from->N)) {
return NULL;
}
to->n0[0] = from->n0[0];
@@ -243,8 +243,7 @@
BN_MONT_CTX *BN_MONT_CTX_new_for_modulus(const BIGNUM *mod, BN_CTX *ctx) {
BN_MONT_CTX *mont = BN_MONT_CTX_new();
- if (mont == NULL ||
- !BN_MONT_CTX_set(mont, mod, ctx)) {
+ if (mont == NULL || !BN_MONT_CTX_set(mont, mod, ctx)) {
BN_MONT_CTX_free(mont);
return NULL;
}
@@ -253,8 +252,7 @@
BN_MONT_CTX *BN_MONT_CTX_new_consttime(const BIGNUM *mod, BN_CTX *ctx) {
BN_MONT_CTX *mont = BN_MONT_CTX_new();
- if (mont == NULL ||
- !bn_mont_ctx_set_N_and_n0(mont, mod) ||
+ if (mont == NULL || !bn_mont_ctx_set_N_and_n0(mont, mod) ||
!bn_mont_ctx_set_RR_consttime(mont, ctx)) {
BN_MONT_CTX_free(mont);
return NULL;
@@ -331,8 +329,7 @@
}
int max = 2 * n->width; // carry is stored separately
- if (!bn_resize_words(r, max) ||
- !bn_wexpand(ret, n->width)) {
+ if (!bn_resize_words(r, max) || !bn_wexpand(ret, n->width)) {
return 0;
}
@@ -348,8 +345,7 @@
BN_CTX_start(ctx);
t = BN_CTX_get(ctx);
- if (t == NULL ||
- !BN_copy(t, a)) {
+ if (t == NULL || !BN_copy(t, a)) {
goto err;
}
@@ -425,9 +421,7 @@
#if defined(OPENSSL_BN_ASM_MONT)
// |bn_mul_mont| requires at least 128 bits of limbs, at least for x86.
int num = mont->N.width;
- if (num >= (128 / BN_BITS2) &&
- a->width == num &&
- b->width == num) {
+ if (num >= (128 / BN_BITS2) && a->width == num && b->width == num) {
if (!bn_wexpand(r, num)) {
return 0;
}
@@ -450,8 +444,7 @@
}
int bn_less_than_montgomery_R(const BIGNUM *bn, const BN_MONT_CTX *mont) {
- return !BN_is_negative(bn) &&
- bn_fits_in_words(bn, mont->N.width);
+ return !BN_is_negative(bn) && bn_fits_in_words(bn, mont->N.width);
}
void bn_to_montgomery_small(BN_ULONG *r, const BN_ULONG *a, size_t num,
diff --git a/crypto/fipsmodule/bn/montgomery_inv.c.inc b/crypto/fipsmodule/bn/montgomery_inv.cc.inc
similarity index 100%
rename from crypto/fipsmodule/bn/montgomery_inv.c.inc
rename to crypto/fipsmodule/bn/montgomery_inv.cc.inc
diff --git a/crypto/fipsmodule/bn/mul.c.inc b/crypto/fipsmodule/bn/mul.cc.inc
similarity index 97%
rename from crypto/fipsmodule/bn/mul.c.inc
rename to crypto/fipsmodule/bn/mul.cc.inc
index 07612c5..6e1a0fe 100644
--- a/crypto/fipsmodule/bn/mul.c.inc
+++ b/crypto/fipsmodule/bn/mul.cc.inc
@@ -63,8 +63,8 @@
#include <openssl/err.h>
#include <openssl/mem.h>
-#include "internal.h"
#include "../../internal.h"
+#include "internal.h"
#define BN_MUL_RECURSIVE_SIZE_NORMAL 16
@@ -181,9 +181,7 @@
int r_len = a->width < b->width ? b->width : a->width;
BN_CTX_start(ctx);
BIGNUM *tmp = BN_CTX_get(ctx);
- int ok = tmp != NULL &&
- bn_wexpand(r, r_len) &&
- bn_wexpand(tmp, r_len);
+ int ok = tmp != NULL && bn_wexpand(r, r_len) && bn_wexpand(tmp, r_len);
if (ok) {
bn_abs_sub_part_words(r->d, a->d, b->d, cl, dl, tmp->d);
r->width = r_len;
@@ -208,8 +206,8 @@
// |n2| is a power of two.
assert(n2 != 0 && (n2 & (n2 - 1)) == 0);
// Check |dna| and |dnb| are in range.
- assert(-BN_MUL_RECURSIVE_SIZE_NORMAL/2 <= dna && dna <= 0);
- assert(-BN_MUL_RECURSIVE_SIZE_NORMAL/2 <= dnb && dnb <= 0);
+ assert(-BN_MUL_RECURSIVE_SIZE_NORMAL / 2 <= dna && dna <= 0);
+ assert(-BN_MUL_RECURSIVE_SIZE_NORMAL / 2 <= dnb && dnb <= 0);
// Only call bn_mul_comba 8 if n2 == 8 and the
// two arrays are complete [steve]
@@ -421,7 +419,7 @@
return 1;
}
- int ret = 0;
+ int ret = 0, i, top;
BIGNUM *rr;
BN_CTX_start(ctx);
if (r == a || r == b) {
@@ -434,7 +432,7 @@
}
rr->neg = a->neg ^ b->neg;
- int i = al - bl;
+ i = al - bl;
if (i == 0) {
if (al == 8) {
if (!bn_wexpand(rr, 16)) {
@@ -446,7 +444,7 @@
}
}
- int top = al + bl;
+ top = al + bl;
static const int kMulNormalSize = 16;
if (al >= kMulNormalSize && bl >= kMulNormalSize) {
if (-1 <= i && i <= 1) {
@@ -471,8 +469,7 @@
// algorithms. Is this optimization necessary? See notes in
// https://boringssl-review.googlesource.com/q/I0bd604e2cd6a75c266f64476c23a730ca1721ea6
assert(al >= j && bl >= j);
- if (!bn_wexpand(t, j * 8) ||
- !bn_wexpand(rr, j * 4)) {
+ if (!bn_wexpand(t, j * 8) || !bn_wexpand(rr, j * 4)) {
goto err;
}
bn_mul_part_recursive(rr->d, a->d, b->d, j, al - j, bl - j, t->d);
@@ -480,8 +477,7 @@
// al <= j && bl <= j. Additionally, we know j <= al or j <= bl, so one
// of al - j or bl - j is zero. The other, by the bound on |i| above, is
// zero or -1. Thus, we can use |bn_mul_recursive|.
- if (!bn_wexpand(t, j * 4) ||
- !bn_wexpand(rr, j * 2)) {
+ if (!bn_wexpand(t, j * 4) || !bn_wexpand(rr, j * 2)) {
goto err;
}
bn_mul_recursive(rr->d, a->d, b->d, j, al - j, bl - j, t->d);
@@ -669,7 +665,7 @@
return 1;
}
- int ret = 0;
+ int ret = 0, max;
BN_CTX_start(ctx);
BIGNUM *rr = (a != r) ? r : BN_CTX_get(ctx);
BIGNUM *tmp = BN_CTX_get(ctx);
@@ -677,7 +673,7 @@
goto err;
}
- int max = 2 * al; // Non-zero (from above)
+ max = 2 * al; // Non-zero (from above)
if (!bn_wexpand(rr, max)) {
goto err;
}
diff --git a/crypto/fipsmodule/bn/prime.c.inc b/crypto/fipsmodule/bn/prime.cc.inc
similarity index 97%
rename from crypto/fipsmodule/bn/prime.c.inc
rename to crypto/fipsmodule/bn/prime.cc.inc
index 4722f80..ae4b004 100644
--- a/crypto/fipsmodule/bn/prime.c.inc
+++ b/crypto/fipsmodule/bn/prime.cc.inc
@@ -111,8 +111,8 @@
#include <openssl/err.h>
#include <openssl/mem.h>
-#include "internal.h"
#include "../../internal.h"
+#include "internal.h"
// kPrimes contains the first 1024 primes.
@@ -359,13 +359,14 @@
static int probable_prime_dh_safe(BIGNUM *rnd, int bits, const BIGNUM *add,
const BIGNUM *rem, BN_CTX *ctx);
-BN_GENCB *BN_GENCB_new(void) { return OPENSSL_zalloc(sizeof(BN_GENCB)); }
+BN_GENCB *BN_GENCB_new(void) {
+ return reinterpret_cast<BN_GENCB *>(OPENSSL_zalloc(sizeof(BN_GENCB)));
+}
void BN_GENCB_free(BN_GENCB *callback) { OPENSSL_free(callback); }
void BN_GENCB_set(BN_GENCB *callback,
- int (*f)(int event, int n, struct bn_gencb_st *),
- void *arg) {
+ int (*f)(int event, int n, struct bn_gencb_st *), void *arg) {
callback->callback = f;
callback->arg = arg;
}
@@ -513,9 +514,9 @@
miller_rabin->m = BN_CTX_get(ctx);
miller_rabin->one_mont = BN_CTX_get(ctx);
miller_rabin->w1_mont = BN_CTX_get(ctx);
- if (miller_rabin->w1 == NULL ||
- miller_rabin->m == NULL ||
- miller_rabin->one_mont == NULL ||
+ if (miller_rabin->w1 == NULL || //
+ miller_rabin->m == NULL || //
+ miller_rabin->one_mont == NULL || //
miller_rabin->w1_mont == NULL) {
return 0;
}
@@ -553,6 +554,7 @@
// timing leaks.
const BIGNUM *w = &mont->N;
BIGNUM *z = BN_CTX_get(ctx);
+ crypto_word_t is_possibly_prime;
if (z == NULL ||
!BN_mod_exp_mont_consttime(z, b, miller_rabin->m, w, ctx, mont) ||
!BN_to_montgomery(z, z, mont, ctx)) {
@@ -563,7 +565,7 @@
// witness for |w|. This is equivalent to going to step 4.7 in the original
// algorithm. To avoid timing leaks, we run the algorithm to the end for prime
// inputs.
- crypto_word_t is_possibly_prime = 0;
+ is_possibly_prime = 0;
// Step 4.4. If z = 1 or z = w-1, b is not a composite witness and w is still
// possibly prime.
@@ -705,6 +707,7 @@
BIGNUM *b = BN_CTX_get(ctx);
BN_MONT_CTX *mont = BN_MONT_CTX_new_consttime(w, ctx);
BN_MILLER_RABIN miller_rabin;
+ crypto_word_t uniform_iterations = 0;
if (b == NULL || mont == NULL ||
// Steps 1-3.
!bn_miller_rabin_init(&miller_rabin, mont, ctx)) {
@@ -739,7 +742,6 @@
// Note this blinding does not impact most calls when picking primes because
// composites are rejected early. Only the two secret primes see extra work.
- crypto_word_t uniform_iterations = 0;
// Using |constant_time_lt_w| seems to prevent the compiler from optimizing
// this into two jumps.
for (int i = 1; constant_time_declassify_w(
@@ -749,7 +751,7 @@
// Step 4.1-4.2
int is_uniform;
if (!bn_rand_secret_range(b, &is_uniform, 2, miller_rabin.w1)) {
- goto err;
+ goto err;
}
uniform_iterations += is_uniform;
@@ -818,33 +820,28 @@
BN_CTX_start(ctx);
BIGNUM *w1 = BN_CTX_get(ctx);
- if (w1 == NULL ||
- !BN_copy(w1, w) ||
- !BN_sub_word(w1, 1)) {
+ BIGNUM *b, *g, *z, *x, *x1, *m;
+ int a;
+ if (w1 == NULL || !BN_copy(w1, w) || !BN_sub_word(w1, 1)) {
goto err;
}
// Write w1 as m*2^a (Steps 1 and 2).
- int a = 0;
+ a = 0;
while (!BN_is_bit_set(w1, a)) {
a++;
}
- BIGNUM *m = BN_CTX_get(ctx);
- if (m == NULL ||
- !BN_rshift(m, w1, a)) {
+ m = BN_CTX_get(ctx);
+ if (m == NULL || !BN_rshift(m, w1, a)) {
goto err;
}
- BIGNUM *b = BN_CTX_get(ctx);
- BIGNUM *g = BN_CTX_get(ctx);
- BIGNUM *z = BN_CTX_get(ctx);
- BIGNUM *x = BN_CTX_get(ctx);
- BIGNUM *x1 = BN_CTX_get(ctx);
- if (b == NULL ||
- g == NULL ||
- z == NULL ||
- x == NULL ||
- x1 == NULL) {
+ b = BN_CTX_get(ctx);
+ g = BN_CTX_get(ctx);
+ z = BN_CTX_get(ctx);
+ x = BN_CTX_get(ctx);
+ x1 = BN_CTX_get(ctx);
+ if (b == NULL || g == NULL || z == NULL || x == NULL || x1 == NULL) {
goto err;
}
@@ -905,11 +902,9 @@
goto err;
}
- composite:
+ composite:
// Step 4.12-4.14
- if (!BN_copy(x1, x) ||
- !BN_sub_word(x1, 1) ||
- !BN_gcd(g, x1, w, ctx)) {
+ if (!BN_copy(x1, x) || !BN_sub_word(x1, 1) || !BN_gcd(g, x1, w, ctx)) {
goto err;
}
if (BN_cmp_word(g, 1) > 0) {
@@ -921,7 +916,7 @@
ret = 1;
goto err;
- loop:
+ loop:
// Step 4.15
if (!BN_GENCB_call(cb, BN_GENCB_PRIME_TEST, i - 1)) {
goto err;
@@ -953,6 +948,7 @@
BIGNUM *t1;
BN_CTX_start(ctx);
+ size_t num_primes;
if ((t1 = BN_CTX_get(ctx)) == NULL) {
goto err;
}
@@ -980,7 +976,7 @@
}
// we now have a random number 'rand' to test.
- const size_t num_primes = num_trial_division_primes(rnd);
+ num_primes = num_trial_division_primes(rnd);
loop:
for (size_t i = 1; i < num_primes; i++) {
// check that rnd is a prime
@@ -1009,6 +1005,7 @@
t1 = BN_CTX_get(ctx);
q = BN_CTX_get(ctx);
qadd = BN_CTX_get(ctx);
+ size_t num_primes;
if (qadd == NULL) {
goto err;
}
@@ -1051,7 +1048,7 @@
goto err;
}
- const size_t num_primes = num_trial_division_primes(p);
+ num_primes = num_trial_division_primes(p);
loop:
for (size_t i = 1; i < num_primes; i++) {
// check that p and q are prime
diff --git a/crypto/fipsmodule/bn/random.c.inc b/crypto/fipsmodule/bn/random.cc.inc
similarity index 100%
rename from crypto/fipsmodule/bn/random.c.inc
rename to crypto/fipsmodule/bn/random.cc.inc
diff --git a/crypto/fipsmodule/bn/rsaz_exp.c.inc b/crypto/fipsmodule/bn/rsaz_exp.cc.inc
similarity index 100%
rename from crypto/fipsmodule/bn/rsaz_exp.c.inc
rename to crypto/fipsmodule/bn/rsaz_exp.cc.inc
diff --git a/crypto/fipsmodule/bn/shift.c.inc b/crypto/fipsmodule/bn/shift.cc.inc
similarity index 98%
rename from crypto/fipsmodule/bn/shift.c.inc
rename to crypto/fipsmodule/bn/shift.cc.inc
index 6960e57..fe277d9 100644
--- a/crypto/fipsmodule/bn/shift.c.inc
+++ b/crypto/fipsmodule/bn/shift.cc.inc
@@ -174,14 +174,13 @@
int ret = 0;
BN_CTX_start(ctx);
BIGNUM *tmp = BN_CTX_get(ctx);
- if (tmp == NULL ||
- !BN_copy(r, a) ||
- !bn_wexpand(tmp, r->width)) {
+ unsigned max_bits;
+ if (tmp == NULL || !BN_copy(r, a) || !bn_wexpand(tmp, r->width)) {
goto err;
}
// Shift conditionally by powers of two.
- unsigned max_bits = BN_BITS2 * r->width;
+ max_bits = BN_BITS2 * r->width;
for (unsigned i = 0; (max_bits >> i) != 0; i++) {
BN_ULONG mask = (n >> i) & 1;
mask = 0 - mask;
diff --git a/crypto/fipsmodule/bn/sqrt.c.inc b/crypto/fipsmodule/bn/sqrt.cc.inc
similarity index 100%
rename from crypto/fipsmodule/bn/sqrt.c.inc
rename to crypto/fipsmodule/bn/sqrt.cc.inc
diff --git a/crypto/fipsmodule/cipher/aead.c.inc b/crypto/fipsmodule/cipher/aead.cc.inc
similarity index 92%
rename from crypto/fipsmodule/cipher/aead.c.inc
rename to crypto/fipsmodule/cipher/aead.cc.inc
index 4a578d3..bbe3e48 100644
--- a/crypto/fipsmodule/cipher/aead.c.inc
+++ b/crypto/fipsmodule/cipher/aead.cc.inc
@@ -21,8 +21,8 @@
#include <openssl/err.h>
#include <openssl/mem.h>
-#include "internal.h"
#include "../../internal.h"
+#include "internal.h"
size_t EVP_AEAD_key_length(const EVP_AEAD *aead) { return aead->key_len; }
@@ -39,7 +39,11 @@
EVP_AEAD_CTX *EVP_AEAD_CTX_new(const EVP_AEAD *aead, const uint8_t *key,
size_t key_len, size_t tag_len) {
- EVP_AEAD_CTX *ctx = OPENSSL_malloc(sizeof(EVP_AEAD_CTX));
+ EVP_AEAD_CTX *ctx =
+ reinterpret_cast<EVP_AEAD_CTX *>(OPENSSL_malloc(sizeof(EVP_AEAD_CTX)));
+ if (!ctx) {
+ return NULL;
+ }
EVP_AEAD_CTX_zero(ctx);
if (EVP_AEAD_CTX_init(ctx, aead, key, key_len, tag_len, NULL)) {
@@ -150,11 +154,13 @@
return 0;
}
-int EVP_AEAD_CTX_seal_scatter(
- const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag, size_t
- *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce, size_t
- nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in,
- size_t extra_in_len, const uint8_t *ad, size_t ad_len) {
+int EVP_AEAD_CTX_seal_scatter(const EVP_AEAD_CTX *ctx, uint8_t *out,
+ uint8_t *out_tag, size_t *out_tag_len,
+ size_t max_out_tag_len, const uint8_t *nonce,
+ size_t nonce_len, const uint8_t *in,
+ size_t in_len, const uint8_t *extra_in,
+ size_t extra_in_len, const uint8_t *ad,
+ size_t ad_len) {
// |in| and |out| may alias exactly, |out_tag| may not alias.
if (!check_alias(in, in_len, out, in_len) ||
buffers_alias(out, in_len, out_tag, max_out_tag_len) ||
@@ -187,6 +193,7 @@
size_t max_out_len, const uint8_t *nonce,
size_t nonce_len, const uint8_t *in, size_t in_len,
const uint8_t *ad, size_t ad_len) {
+ size_t plaintext_len;
if (!check_alias(in, in_len, out, max_out_len)) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_OUTPUT_ALIASES_INPUT);
goto error;
@@ -194,7 +201,7 @@
if (ctx->aead->open) {
if (!ctx->aead->open(ctx, out, out_len, max_out_len, nonce, nonce_len, in,
- in_len, ad, ad_len)) {
+ in_len, ad, ad_len)) {
goto error;
}
return 1;
@@ -209,7 +216,7 @@
goto error;
}
- size_t plaintext_len = in_len - ctx->tag_len;
+ plaintext_len = in_len - ctx->tag_len;
if (max_out_len < plaintext_len) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL);
goto error;
diff --git a/crypto/fipsmodule/cipher/cipher.c.inc b/crypto/fipsmodule/cipher/cipher.cc.inc
similarity index 98%
rename from crypto/fipsmodule/cipher/cipher.c.inc
rename to crypto/fipsmodule/cipher/cipher.cc.inc
index 7ce3c20..c43d920 100644
--- a/crypto/fipsmodule/cipher/cipher.c.inc
+++ b/crypto/fipsmodule/cipher/cipher.cc.inc
@@ -64,9 +64,9 @@
#include <openssl/mem.h>
#include <openssl/nid.h>
-#include "internal.h"
-#include "../service_indicator/internal.h"
#include "../../internal.h"
+#include "../service_indicator/internal.h"
+#include "internal.h"
void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) {
@@ -74,7 +74,8 @@
}
EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) {
- EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof(EVP_CIPHER_CTX));
+ EVP_CIPHER_CTX *ctx = reinterpret_cast<EVP_CIPHER_CTX *>(
+ OPENSSL_malloc(sizeof(EVP_CIPHER_CTX)));
if (ctx) {
EVP_CIPHER_CTX_init(ctx);
}
@@ -568,9 +569,7 @@
return ctx->cipher;
}
-int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) {
- return ctx->cipher->nid;
-}
+int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) { return ctx->cipher->nid; }
int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx) {
return ctx->encrypt;
@@ -710,8 +709,6 @@
return EVP_DecryptFinal_ex(ctx, out, out_len);
}
-int EVP_add_cipher_alias(const char *a, const char *b) {
- return 1;
-}
+int EVP_add_cipher_alias(const char *a, const char *b) { return 1; }
void EVP_CIPHER_CTX_set_flags(const EVP_CIPHER_CTX *ctx, uint32_t flags) {}
diff --git a/crypto/fipsmodule/cipher/e_aes.c.inc b/crypto/fipsmodule/cipher/e_aes.cc.inc
similarity index 93%
rename from crypto/fipsmodule/cipher/e_aes.c.inc
rename to crypto/fipsmodule/cipher/e_aes.cc.inc
index ab05e43..9774268 100644
--- a/crypto/fipsmodule/cipher/e_aes.c.inc
+++ b/crypto/fipsmodule/cipher/e_aes.cc.inc
@@ -57,17 +57,17 @@
#include <openssl/mem.h>
#include <openssl/nid.h>
-#include "internal.h"
#include "../../internal.h"
#include "../aes/internal.h"
#include "../bcm_interface.h"
+#include "../delocate.h"
#include "../modes/internal.h"
#include "../service_indicator/internal.h"
-#include "../delocate.h"
+#include "internal.h"
OPENSSL_MSVC_PRAGMA(warning(push))
-OPENSSL_MSVC_PRAGMA(warning(disable: 4702)) // Unreachable code.
+OPENSSL_MSVC_PRAGMA(warning(disable : 4702)) // Unreachable code.
#define AES_GCM_NONCE_LENGTH 12
@@ -131,9 +131,9 @@
int key_set; // Set if key initialised
int iv_set; // Set if an iv is set
uint8_t *iv; // Temporary IV store
- int ivlen; // IV length
+ int ivlen; // IV length
int taglen;
- int iv_gen; // It is OK to generate IVs
+ int iv_gen; // It is OK to generate IVs
ctr128_f ctr;
} EVP_AES_GCM_CTX;
@@ -332,7 +332,7 @@
}
#if defined(OPENSSL_32_BIT)
-#define EVP_AES_GCM_CTX_PADDING (4+8)
+#define EVP_AES_GCM_CTX_PADDING (4 + 8)
#else
#define EVP_AES_GCM_CTX_PADDING 8
#endif
@@ -347,7 +347,7 @@
assert(ctx->cipher->ctx_size ==
sizeof(EVP_AES_GCM_CTX) + EVP_AES_GCM_CTX_PADDING);
- char *ptr = ctx->cipher_data;
+ char *ptr = reinterpret_cast<char *>(ctx->cipher_data);
#if defined(OPENSSL_32_BIT)
assert((uintptr_t)ptr % 4 == 0);
ptr += (uintptr_t)ptr & 4;
@@ -430,7 +430,7 @@
if (gctx->iv != c->iv) {
OPENSSL_free(gctx->iv);
}
- gctx->iv = OPENSSL_malloc(arg);
+ gctx->iv = reinterpret_cast<uint8_t *>(OPENSSL_malloc(arg));
if (!gctx->iv) {
return 0;
}
@@ -508,7 +508,7 @@
return 1;
case EVP_CTRL_COPY: {
- EVP_CIPHER_CTX *out = ptr;
+ EVP_CIPHER_CTX *out = reinterpret_cast<EVP_CIPHER_CTX *>(ptr);
EVP_AES_GCM_CTX *gctx_out = aes_gcm_from_cipher_ctx(out);
// |EVP_CIPHER_CTX_copy| copies this generically, but we must redo it in
// case |out->cipher_data| and |in->cipher_data| are differently aligned.
@@ -516,7 +516,8 @@
if (gctx->iv == c->iv) {
gctx_out->iv = out->iv;
} else {
- gctx_out->iv = OPENSSL_memdup(gctx->iv, gctx->ivlen);
+ gctx_out->iv =
+ reinterpret_cast<uint8_t *>(OPENSSL_memdup(gctx->iv, gctx->ivlen));
if (!gctx_out->iv) {
return 0;
}
@@ -809,7 +810,9 @@
return 1;
}
- aes_hw_ecb_encrypt(in, out, len, ctx->cipher_data, ctx->encrypt);
+ aes_hw_ecb_encrypt(in, out, len,
+ reinterpret_cast<const AES_KEY *>(ctx->cipher_data),
+ ctx->encrypt);
return 1;
}
@@ -927,7 +930,7 @@
static int aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
size_t key_len, size_t requested_tag_len) {
- struct aead_aes_gcm_ctx *gcm_ctx = (struct aead_aes_gcm_ctx *) &ctx->state;
+ struct aead_aes_gcm_ctx *gcm_ctx = (struct aead_aes_gcm_ctx *)&ctx->state;
size_t actual_tag_len;
if (!aead_aes_gcm_init_impl(gcm_ctx, &actual_tag_len, key, key_len,
@@ -942,13 +945,10 @@
static void aead_aes_gcm_cleanup(EVP_AEAD_CTX *ctx) {}
static int aead_aes_gcm_seal_scatter_impl(
- const struct aead_aes_gcm_ctx *gcm_ctx,
- uint8_t *out, uint8_t *out_tag, size_t *out_tag_len, size_t max_out_tag_len,
- const uint8_t *nonce, size_t nonce_len,
- const uint8_t *in, size_t in_len,
- const uint8_t *extra_in, size_t extra_in_len,
- const uint8_t *ad, size_t ad_len,
- size_t tag_len) {
+ const struct aead_aes_gcm_ctx *gcm_ctx, uint8_t *out, uint8_t *out_tag,
+ size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce,
+ size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in,
+ size_t extra_in_len, const uint8_t *ad, size_t ad_len, size_t tag_len) {
if (extra_in_len + tag_len < tag_len) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE);
return 0;
@@ -1003,14 +1003,11 @@
return 1;
}
-static int aead_aes_gcm_seal_scatter(const EVP_AEAD_CTX *ctx, uint8_t *out,
- uint8_t *out_tag, size_t *out_tag_len,
- size_t max_out_tag_len,
- const uint8_t *nonce, size_t nonce_len,
- const uint8_t *in, size_t in_len,
- const uint8_t *extra_in,
- size_t extra_in_len,
- const uint8_t *ad, size_t ad_len) {
+static int aead_aes_gcm_seal_scatter(
+ const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag,
+ size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce,
+ size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in,
+ size_t extra_in_len, const uint8_t *ad, size_t ad_len) {
const struct aead_aes_gcm_ctx *gcm_ctx =
(const struct aead_aes_gcm_ctx *)&ctx->state;
return aead_aes_gcm_seal_scatter_impl(
@@ -1019,13 +1016,11 @@
}
static int aead_aes_gcm_open_gather_impl(const struct aead_aes_gcm_ctx *gcm_ctx,
- uint8_t *out,
- const uint8_t *nonce, size_t nonce_len,
- const uint8_t *in, size_t in_len,
- const uint8_t *in_tag,
- size_t in_tag_len,
- const uint8_t *ad, size_t ad_len,
- size_t tag_len) {
+ uint8_t *out, const uint8_t *nonce,
+ size_t nonce_len, const uint8_t *in,
+ size_t in_len, const uint8_t *in_tag,
+ size_t in_tag_len, const uint8_t *ad,
+ size_t ad_len, size_t tag_len) {
uint8_t tag[EVP_AEAD_AES_GCM_TAG_LEN];
if (nonce_len == 0) {
@@ -1150,12 +1145,11 @@
}
static int aead_aes_gcm_seal_scatter_randnonce(
- const EVP_AEAD_CTX *ctx,
- uint8_t *out, uint8_t *out_tag, size_t *out_tag_len, size_t max_out_tag_len,
- const uint8_t *external_nonce, size_t external_nonce_len,
- const uint8_t *in, size_t in_len,
- const uint8_t *extra_in, size_t extra_in_len,
- const uint8_t *ad, size_t ad_len) {
+ const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag,
+ size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *external_nonce,
+ size_t external_nonce_len, const uint8_t *in, size_t in_len,
+ const uint8_t *extra_in, size_t extra_in_len, const uint8_t *ad,
+ size_t ad_len) {
if (external_nonce_len != 0) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_NONCE_SIZE);
return 0;
@@ -1193,11 +1187,10 @@
}
static int aead_aes_gcm_open_gather_randnonce(
- const EVP_AEAD_CTX *ctx, uint8_t *out,
- const uint8_t *external_nonce, size_t external_nonce_len,
- const uint8_t *in, size_t in_len,
- const uint8_t *in_tag, size_t in_tag_len,
- const uint8_t *ad, size_t ad_len) {
+ const EVP_AEAD_CTX *ctx, uint8_t *out, const uint8_t *external_nonce,
+ size_t external_nonce_len, const uint8_t *in, size_t in_len,
+ const uint8_t *in_tag, size_t in_tag_len, const uint8_t *ad,
+ size_t ad_len) {
if (external_nonce_len != 0) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_NONCE_SIZE);
return 0;
@@ -1212,9 +1205,9 @@
const struct aead_aes_gcm_ctx *gcm_ctx =
(const struct aead_aes_gcm_ctx *)&ctx->state;
if (!aead_aes_gcm_open_gather_impl(
- gcm_ctx, out, nonce, AES_GCM_NONCE_LENGTH, in, in_len, in_tag,
- in_tag_len - AES_GCM_NONCE_LENGTH, ad, ad_len,
- ctx->tag_len - AES_GCM_NONCE_LENGTH)) {
+ gcm_ctx, out, nonce, AES_GCM_NONCE_LENGTH, in, in_len, in_tag,
+ in_tag_len - AES_GCM_NONCE_LENGTH, ad, ad_len,
+ ctx->tag_len - AES_GCM_NONCE_LENGTH)) {
return 0;
}
@@ -1267,7 +1260,7 @@
static int aead_aes_gcm_tls12_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
size_t key_len, size_t requested_tag_len) {
struct aead_aes_gcm_tls12_ctx *gcm_ctx =
- (struct aead_aes_gcm_tls12_ctx *) &ctx->state;
+ (struct aead_aes_gcm_tls12_ctx *)&ctx->state;
gcm_ctx->min_next_nonce = 0;
@@ -1287,7 +1280,7 @@
size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in,
size_t extra_in_len, const uint8_t *ad, size_t ad_len) {
struct aead_aes_gcm_tls12_ctx *gcm_ctx =
- (struct aead_aes_gcm_tls12_ctx *) &ctx->state;
+ (struct aead_aes_gcm_tls12_ctx *)&ctx->state;
if (nonce_len != AES_GCM_NONCE_LENGTH) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
@@ -1361,7 +1354,7 @@
static int aead_aes_gcm_tls13_init(EVP_AEAD_CTX *ctx, const uint8_t *key,
size_t key_len, size_t requested_tag_len) {
struct aead_aes_gcm_tls13_ctx *gcm_ctx =
- (struct aead_aes_gcm_tls13_ctx *) &ctx->state;
+ (struct aead_aes_gcm_tls13_ctx *)&ctx->state;
gcm_ctx->min_next_nonce = 0;
gcm_ctx->first = 1;
@@ -1382,7 +1375,7 @@
size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in,
size_t extra_in_len, const uint8_t *ad, size_t ad_len) {
struct aead_aes_gcm_tls13_ctx *gcm_ctx =
- (struct aead_aes_gcm_tls13_ctx *) &ctx->state;
+ (struct aead_aes_gcm_tls13_ctx *)&ctx->state;
if (nonce_len != AES_GCM_NONCE_LENGTH) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE);
@@ -1403,8 +1396,7 @@
}
given_counter ^= gcm_ctx->mask;
- if (given_counter == UINT64_MAX ||
- given_counter < gcm_ctx->min_next_nonce) {
+ if (given_counter == UINT64_MAX || given_counter < gcm_ctx->min_next_nonce) {
OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_NONCE);
return 0;
}
diff --git a/crypto/fipsmodule/cipher/e_aesccm.c.inc b/crypto/fipsmodule/cipher/e_aesccm.cc.inc
similarity index 100%
rename from crypto/fipsmodule/cipher/e_aesccm.c.inc
rename to crypto/fipsmodule/cipher/e_aesccm.cc.inc
diff --git a/crypto/fipsmodule/cmac/cmac.c.inc b/crypto/fipsmodule/cmac/cmac.cc.inc
similarity index 96%
rename from crypto/fipsmodule/cmac/cmac.c.inc
rename to crypto/fipsmodule/cmac/cmac.cc.inc
index efffe5f..94931b5 100644
--- a/crypto/fipsmodule/cmac/cmac.c.inc
+++ b/crypto/fipsmodule/cmac/cmac.cc.inc
@@ -119,7 +119,7 @@
}
CMAC_CTX *CMAC_CTX_new(void) {
- CMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
+ CMAC_CTX *ctx = reinterpret_cast<CMAC_CTX *>(OPENSSL_malloc(sizeof(*ctx)));
if (ctx != NULL) {
CMAC_CTX_init(ctx);
}
@@ -155,7 +155,7 @@
// Shift |in| to left, including carry.
for (i = 0; i < 15; i++) {
- out[i] = (in[i] << 1) | (in[i+1] >> 7);
+ out[i] = (in[i] << 1) | (in[i + 1] >> 7);
}
// If MSB set fixup with R.
@@ -172,7 +172,7 @@
// Shift |in| to left, including carry.
for (i = 0; i < 7; i++) {
- out[i] = (in[i] << 1) | (in[i+1] >> 7);
+ out[i] = (in[i] << 1) | (in[i + 1] >> 7);
}
// If MSB set fixup with R.
@@ -194,7 +194,8 @@
size_t block_size = EVP_CIPHER_block_size(cipher);
if ((block_size != AES_BLOCK_SIZE && block_size != 8 /* 3-DES */) ||
EVP_CIPHER_key_length(cipher) != key_len ||
- !EVP_EncryptInit_ex(&ctx->cipher_ctx, cipher, NULL, key, kZeroIV) ||
+ !EVP_EncryptInit_ex(&ctx->cipher_ctx, cipher, NULL,
+ reinterpret_cast<const uint8_t *>(key), kZeroIV) ||
!EVP_Cipher(&ctx->cipher_ctx, scratch, kZeroIV, block_size) ||
// Reset context again ready for first data.
!EVP_EncryptInit_ex(&ctx->cipher_ctx, NULL, NULL, NULL, kZeroIV)) {
@@ -291,13 +292,12 @@
FIPS_service_indicator_lock_state();
*out_len = block_size;
+ const uint8_t *mask = ctx->k1;
if (out == NULL) {
ret = 1;
goto out;
}
- const uint8_t *mask = ctx->k1;
-
if (ctx->block_used != block_size) {
// If the last block is incomplete, terminate it with a single 'one' bit
// followed by zeros.
diff --git a/crypto/fipsmodule/delocate.h b/crypto/fipsmodule/delocate.h
index 5890ea8..cf063a8 100644
--- a/crypto/fipsmodule/delocate.h
+++ b/crypto/fipsmodule/delocate.h
@@ -22,19 +22,23 @@
#if !defined(BORINGSSL_SHARED_LIBRARY) && defined(BORINGSSL_FIPS) && \
!defined(OPENSSL_ASAN) && !defined(OPENSSL_MSAN)
-#define DEFINE_BSS_GET(type, name) \
- static type name __attribute__((used)); \
- type *name##_bss_get(void) __attribute__((const));
+#define DEFINE_BSS_GET(type, name, init_value) \
+ static type name __attribute__((used)) = init_value; \
+ extern "C" { \
+ type *name##_bss_get(void) __attribute__((const)); \
+ }
// For FIPS builds we require that CRYPTO_ONCE_INIT be zero.
-#define DEFINE_STATIC_ONCE(name) DEFINE_BSS_GET(CRYPTO_once_t, name)
+#define DEFINE_STATIC_ONCE(name) \
+ DEFINE_BSS_GET(CRYPTO_once_t, name, CRYPTO_ONCE_INIT)
// For FIPS builds we require that CRYPTO_MUTEX_INIT be zero.
-#define DEFINE_STATIC_MUTEX(name) DEFINE_BSS_GET(CRYPTO_MUTEX, name)
+#define DEFINE_STATIC_MUTEX(name) \
+ DEFINE_BSS_GET(CRYPTO_MUTEX, name, CRYPTO_MUTEX_INIT)
// For FIPS builds we require that CRYPTO_EX_DATA_CLASS_INIT be zero.
#define DEFINE_STATIC_EX_DATA_CLASS(name) \
- DEFINE_BSS_GET(CRYPTO_EX_DATA_CLASS, name)
+ DEFINE_BSS_GET(CRYPTO_EX_DATA_CLASS, name, CRYPTO_EX_DATA_CLASS_INIT)
#else
-#define DEFINE_BSS_GET(type, name) \
- static type name; \
+#define DEFINE_BSS_GET(type, name, init_value) \
+ static type name = init_value; \
static type *name##_bss_get(void) { return &name; }
#define DEFINE_STATIC_ONCE(name) \
static CRYPTO_once_t name = CRYPTO_ONCE_INIT; \
@@ -48,7 +52,7 @@
#endif
#define DEFINE_DATA(type, name, accessor_decorations) \
- DEFINE_BSS_GET(type, name##_storage) \
+ DEFINE_BSS_GET(type, name##_storage, {}) \
DEFINE_STATIC_ONCE(name##_once) \
static void name##_do_init(type *out); \
static void name##_init(void) { name##_do_init(name##_storage_bss_get()); } \
diff --git a/crypto/fipsmodule/dh/check.c.inc b/crypto/fipsmodule/dh/check.cc.inc
similarity index 100%
rename from crypto/fipsmodule/dh/check.c.inc
rename to crypto/fipsmodule/dh/check.cc.inc
diff --git a/crypto/fipsmodule/dh/dh.c.inc b/crypto/fipsmodule/dh/dh.cc.inc
similarity index 95%
rename from crypto/fipsmodule/dh/dh.c.inc
rename to crypto/fipsmodule/dh/dh.cc.inc
index 39c6b8e..e32c4af 100644
--- a/crypto/fipsmodule/dh/dh.c.inc
+++ b/crypto/fipsmodule/dh/dh.cc.inc
@@ -59,8 +59,8 @@
#include <string.h>
#include <openssl/bn.h>
-#include <openssl/err.h>
#include <openssl/digest.h>
+#include <openssl/err.h>
#include <openssl/mem.h>
#include <openssl/thread.h>
@@ -71,7 +71,7 @@
DH *DH_new(void) {
- DH *dh = OPENSSL_zalloc(sizeof(DH));
+ DH *dh = reinterpret_cast<DH *>(OPENSSL_zalloc(sizeof(DH)));
if (dh == NULL) {
return NULL;
}
@@ -151,8 +151,7 @@
}
int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
- if ((dh->p == NULL && p == NULL) ||
- (dh->g == NULL && g == NULL)) {
+ if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL)) {
return 0;
}
@@ -322,8 +321,7 @@
if (!BN_mod_exp_mont_consttime(out_shared_key, peers_key, dh->priv_key, dh->p,
ctx, dh->method_mont_p) ||
- !BN_copy(p_minus_1, dh->p) ||
- !BN_sub_word(p_minus_1, 1)) {
+ !BN_copy(p_minus_1, dh->p) || !BN_sub_word(p_minus_1, 1)) {
OPENSSL_PUT_ERROR(DH, ERR_R_BN_LIB);
goto err;
}
@@ -337,7 +335,7 @@
ret = 1;
- err:
+err:
BN_CTX_end(ctx);
return ret;
}
@@ -353,8 +351,7 @@
int dh_size = DH_size(dh);
int ret = -1;
BIGNUM *shared_key = BN_CTX_get(ctx);
- if (shared_key &&
- dh_compute_key(dh, shared_key, peers_key, ctx) &&
+ if (shared_key && dh_compute_key(dh, shared_key, peers_key, ctx) &&
BN_bn2bin_padded(out, dh_size, shared_key)) {
ret = dh_size;
}
@@ -405,7 +402,7 @@
int ret = 0;
const size_t dh_len = DH_size(dh);
- uint8_t *shared_bytes = OPENSSL_malloc(dh_len);
+ uint8_t *shared_bytes = reinterpret_cast<uint8_t *>(OPENSSL_malloc(dh_len));
unsigned out_len_unsigned;
if (!shared_bytes ||
// SP 800-56A is ambiguous about whether the output should be padded prior
@@ -423,7 +420,7 @@
*out_len = digest_len;
ret = 1;
- err:
+err:
FIPS_service_indicator_unlock_state();
OPENSSL_free(shared_bytes);
return ret;
@@ -472,18 +469,17 @@
bn_set_static_words(ffdhe2048_p, kFFDHE2048Data,
OPENSSL_ARRAY_SIZE(kFFDHE2048Data));
- if (!BN_rshift1(ffdhe2048_q, ffdhe2048_p) ||
- !BN_set_word(ffdhe2048_g, 2) ||
+ if (!BN_rshift1(ffdhe2048_q, ffdhe2048_p) || !BN_set_word(ffdhe2048_g, 2) ||
!DH_set0_pqg(dh, ffdhe2048_p, ffdhe2048_q, ffdhe2048_g)) {
goto err;
}
return dh;
- err:
- BN_free(ffdhe2048_p);
- BN_free(ffdhe2048_q);
- BN_free(ffdhe2048_g);
- DH_free(dh);
- return NULL;
+err:
+ BN_free(ffdhe2048_p);
+ BN_free(ffdhe2048_q);
+ BN_free(ffdhe2048_g);
+ DH_free(dh);
+ return NULL;
}
diff --git a/crypto/fipsmodule/digest/digest.c.inc b/crypto/fipsmodule/digest/digest.cc.inc
similarity index 95%
rename from crypto/fipsmodule/digest/digest.c.inc
rename to crypto/fipsmodule/digest/digest.cc.inc
index 52197c1..0f7cb9e 100644
--- a/crypto/fipsmodule/digest/digest.c.inc
+++ b/crypto/fipsmodule/digest/digest.cc.inc
@@ -62,8 +62,8 @@
#include <openssl/err.h>
#include <openssl/mem.h>
-#include "internal.h"
#include "../../internal.h"
+#include "internal.h"
int EVP_MD_type(const EVP_MD *md) { return md->type; }
@@ -82,7 +82,8 @@
}
EVP_MD_CTX *EVP_MD_CTX_new(void) {
- EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof(EVP_MD_CTX));
+ EVP_MD_CTX *ctx =
+ reinterpret_cast<EVP_MD_CTX *>(OPENSSL_malloc(sizeof(EVP_MD_CTX)));
if (ctx) {
EVP_MD_CTX_init(ctx);
@@ -152,7 +153,8 @@
if (in->digest != NULL) {
if (out->digest != in->digest) {
assert(in->digest->ctx_size != 0);
- tmp_buf = OPENSSL_malloc(in->digest->ctx_size);
+ tmp_buf =
+ reinterpret_cast<uint8_t *>(OPENSSL_malloc(in->digest->ctx_size));
if (tmp_buf == NULL) {
if (pctx) {
in->pctx_ops->free(pctx);
@@ -163,7 +165,7 @@
// |md_data| will be the correct size in this case. It's removed from
// |out| so that |EVP_MD_CTX_cleanup| doesn't free it, and then it's
// reused.
- tmp_buf = out->md_data;
+ tmp_buf = reinterpret_cast<uint8_t *>(out->md_data);
out->md_data = NULL;
}
}
@@ -207,7 +209,8 @@
int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *engine) {
if (ctx->digest != type) {
assert(type->ctx_size != 0);
- uint8_t *md_data = OPENSSL_malloc(type->ctx_size);
+ uint8_t *md_data =
+ reinterpret_cast<uint8_t *>(OPENSSL_malloc(type->ctx_size));
if (md_data == NULL) {
return 0;
}
@@ -283,6 +286,4 @@
return EVP_MD_type(EVP_MD_CTX_md(ctx));
}
-int EVP_add_digest(const EVP_MD *digest) {
- return 1;
-}
+int EVP_add_digest(const EVP_MD *digest) { return 1; }
diff --git a/crypto/fipsmodule/digest/digests.c.inc b/crypto/fipsmodule/digest/digests.cc.inc
similarity index 81%
rename from crypto/fipsmodule/digest/digests.c.inc
rename to crypto/fipsmodule/digest/digests.cc.inc
index 9ead2c6..e1b08fa 100644
--- a/crypto/fipsmodule/digest/digests.c.inc
+++ b/crypto/fipsmodule/digest/digests.cc.inc
@@ -61,27 +61,28 @@
#include <openssl/nid.h>
-#include "internal.h"
-#include "../delocate.h"
#include "../../internal.h"
+#include "../bcm_interface.h"
+#include "../delocate.h"
+#include "internal.h"
#if defined(NDEBUG)
-#define CHECK(x) (void) (x)
+#define CHECK(x) (void)(x)
#else
#define CHECK(x) assert(x)
#endif
static void sha1_init(EVP_MD_CTX *ctx) {
- BCM_sha1_init(ctx->md_data);
+ BCM_sha1_init(reinterpret_cast<SHA_CTX *>(ctx->md_data));
}
static void sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count) {
- BCM_sha1_update(ctx->md_data, data, count);
+ BCM_sha1_update(reinterpret_cast<SHA_CTX *>(ctx->md_data), data, count);
}
static void sha1_final(EVP_MD_CTX *ctx, uint8_t *md) {
- BCM_sha1_final(md, ctx->md_data);
+ BCM_sha1_final(md, reinterpret_cast<SHA_CTX *>(ctx->md_data));
}
DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha1) {
@@ -97,15 +98,15 @@
static void sha224_init(EVP_MD_CTX *ctx) {
- BCM_sha224_init(ctx->md_data);
+ BCM_sha224_init(reinterpret_cast<SHA256_CTX *>(ctx->md_data));
}
static void sha224_update(EVP_MD_CTX *ctx, const void *data, size_t count) {
- BCM_sha224_update(ctx->md_data, data, count);
+ BCM_sha224_update(reinterpret_cast<SHA256_CTX *>(ctx->md_data), data, count);
}
static void sha224_final(EVP_MD_CTX *ctx, uint8_t *md) {
- BCM_sha224_final(md, ctx->md_data);
+ BCM_sha224_final(md, reinterpret_cast<SHA256_CTX *>(ctx->md_data));
}
DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha224) {
@@ -121,15 +122,15 @@
static void sha256_init(EVP_MD_CTX *ctx) {
- BCM_sha256_init(ctx->md_data);
+ BCM_sha256_init(reinterpret_cast<SHA256_CTX *>(ctx->md_data));
}
static void sha256_update(EVP_MD_CTX *ctx, const void *data, size_t count) {
- BCM_sha256_update(ctx->md_data, data, count);
+ BCM_sha256_update(reinterpret_cast<SHA256_CTX *>(ctx->md_data), data, count);
}
static void sha256_final(EVP_MD_CTX *ctx, uint8_t *md) {
- BCM_sha256_final(md, ctx->md_data);
+ BCM_sha256_final(md, reinterpret_cast<SHA256_CTX *>(ctx->md_data));
}
DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha256) {
@@ -145,15 +146,15 @@
static void sha384_init(EVP_MD_CTX *ctx) {
- BCM_sha384_init(ctx->md_data);
+ BCM_sha384_init(reinterpret_cast<SHA512_CTX *>(ctx->md_data));
}
static void sha384_update(EVP_MD_CTX *ctx, const void *data, size_t count) {
- BCM_sha384_update(ctx->md_data, data, count);
+ BCM_sha384_update(reinterpret_cast<SHA512_CTX *>(ctx->md_data), data, count);
}
static void sha384_final(EVP_MD_CTX *ctx, uint8_t *md) {
- BCM_sha384_final(md, ctx->md_data);
+ BCM_sha384_final(md, reinterpret_cast<SHA512_CTX *>(ctx->md_data));
}
DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha384) {
@@ -169,15 +170,15 @@
static void sha512_init(EVP_MD_CTX *ctx) {
- BCM_sha512_init(ctx->md_data);
+ BCM_sha512_init(reinterpret_cast<SHA512_CTX *>(ctx->md_data));
}
static void sha512_update(EVP_MD_CTX *ctx, const void *data, size_t count) {
- BCM_sha512_update(ctx->md_data, data, count);
+ BCM_sha512_update(reinterpret_cast<SHA512_CTX *>(ctx->md_data), data, count);
}
static void sha512_final(EVP_MD_CTX *ctx, uint8_t *md) {
- BCM_sha512_final(md, ctx->md_data);
+ BCM_sha512_final(md, reinterpret_cast<SHA512_CTX *>(ctx->md_data));
}
DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha512) {
@@ -193,15 +194,16 @@
static void sha512_256_init(EVP_MD_CTX *ctx) {
- BCM_sha512_256_init(ctx->md_data);
+ BCM_sha512_256_init(reinterpret_cast<SHA512_CTX *>(ctx->md_data));
}
static void sha512_256_update(EVP_MD_CTX *ctx, const void *data, size_t count) {
- BCM_sha512_256_update(ctx->md_data, data, count);
+ BCM_sha512_256_update(reinterpret_cast<SHA512_CTX *>(ctx->md_data), data,
+ count);
}
static void sha512_256_final(EVP_MD_CTX *ctx, uint8_t *md) {
- BCM_sha512_256_final(md, ctx->md_data);
+ BCM_sha512_256_final(md, reinterpret_cast<SHA512_CTX *>(ctx->md_data));
}
DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha512_256) {
diff --git a/crypto/fipsmodule/digestsign/digestsign.c.inc b/crypto/fipsmodule/digestsign/digestsign.cc.inc
similarity index 100%
rename from crypto/fipsmodule/digestsign/digestsign.c.inc
rename to crypto/fipsmodule/digestsign/digestsign.cc.inc
diff --git a/crypto/fipsmodule/ec/ec.c.inc b/crypto/fipsmodule/ec/ec.cc.inc
similarity index 98%
rename from crypto/fipsmodule/ec/ec.c.inc
rename to crypto/fipsmodule/ec/ec.cc.inc
index 0ae566a..1240eed 100644
--- a/crypto/fipsmodule/ec/ec.c.inc
+++ b/crypto/fipsmodule/ec/ec.cc.inc
@@ -75,10 +75,10 @@
#include <openssl/mem.h>
#include <openssl/nid.h>
-#include "internal.h"
#include "../../internal.h"
#include "../bn/internal.h"
#include "../delocate.h"
+#include "internal.h"
#include "builtin_curves.h"
@@ -245,12 +245,11 @@
BIGNUM *a_reduced = BN_CTX_get(ctx);
BIGNUM *b_reduced = BN_CTX_get(ctx);
if (a_reduced == NULL || b_reduced == NULL ||
- !BN_nnmod(a_reduced, a, p, ctx) ||
- !BN_nnmod(b_reduced, b, p, ctx)) {
+ !BN_nnmod(a_reduced, a, p, ctx) || !BN_nnmod(b_reduced, b, p, ctx)) {
goto err;
}
- ret = OPENSSL_zalloc(sizeof(EC_GROUP));
+ ret = reinterpret_cast<EC_GROUP *>(OPENSSL_zalloc(sizeof(EC_GROUP)));
if (ret == NULL) {
return NULL;
}
@@ -301,8 +300,7 @@
// the ECDSA implementation.
int ret = 0;
BIGNUM *tmp = BN_new();
- if (tmp == NULL ||
- !BN_lshift1(tmp, order)) {
+ if (tmp == NULL || !BN_lshift1(tmp, order)) {
goto err;
}
if (BN_cmp(tmp, &group->field.N) <= 0) {
@@ -470,7 +468,7 @@
return NULL;
}
- EC_POINT *ret = OPENSSL_malloc(sizeof *ret);
+ EC_POINT *ret = reinterpret_cast<EC_POINT *>(OPENSSL_malloc(sizeof *ret));
if (ret == NULL) {
return NULL;
}
@@ -514,8 +512,7 @@
}
EC_POINT *ret = EC_POINT_new(group);
- if (ret == NULL ||
- !EC_POINT_copy(ret, a)) {
+ if (ret == NULL || !EC_POINT_copy(ret, a)) {
EC_POINT_free(ret);
return NULL;
}
@@ -720,8 +717,7 @@
// This is an unusual input, so we do not guarantee constant-time processing.
BN_CTX_start(ctx);
BIGNUM *tmp = BN_CTX_get(ctx);
- int ok = tmp != NULL &&
- BN_nnmod(tmp, in, EC_GROUP_get0_order(group), ctx) &&
+ int ok = tmp != NULL && BN_nnmod(tmp, in, EC_GROUP_get0_order(group), ctx) &&
ec_bignum_to_scalar(group, out, tmp);
BN_CTX_end(ctx);
return ok;
@@ -734,7 +730,7 @@
// nothing to multiply. But, nobody should be calling this function with
// nothing to multiply in the first place.
if ((g_scalar == NULL && p_scalar == NULL) ||
- (p == NULL) != (p_scalar == NULL)) {
+ (p == NULL) != (p_scalar == NULL)) {
OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
@@ -874,8 +870,7 @@
int ec_point_mul_scalar_batch(const EC_GROUP *group, EC_JACOBIAN *r,
const EC_JACOBIAN *p0, const EC_SCALAR *scalar0,
const EC_JACOBIAN *p1, const EC_SCALAR *scalar1,
- const EC_JACOBIAN *p2,
- const EC_SCALAR *scalar2) {
+ const EC_JACOBIAN *p2, const EC_SCALAR *scalar2) {
if (group->meth->mul_batch == NULL) {
OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
return 0;
@@ -926,7 +921,7 @@
}
void ec_point_select(const EC_GROUP *group, EC_JACOBIAN *out, BN_ULONG mask,
- const EC_JACOBIAN *a, const EC_JACOBIAN *b) {
+ const EC_JACOBIAN *a, const EC_JACOBIAN *b) {
ec_felem_select(group, &out->X, mask, &a->X, &b->X);
ec_felem_select(group, &out->Y, mask, &a->Y, &b->Y);
ec_felem_select(group, &out->Z, mask, &a->Z, &b->Z);
diff --git a/crypto/fipsmodule/ec/ec_key.c.inc b/crypto/fipsmodule/ec/ec_key.cc.inc
similarity index 96%
rename from crypto/fipsmodule/ec/ec_key.c.inc
rename to crypto/fipsmodule/ec/ec_key.cc.inc
index 376fa65..c5417a6 100644
--- a/crypto/fipsmodule/ec/ec_key.c.inc
+++ b/crypto/fipsmodule/ec/ec_key.cc.inc
@@ -77,17 +77,19 @@
#include <openssl/mem.h>
#include <openssl/thread.h>
-#include "internal.h"
+#include "../../internal.h"
+#include "../bcm_interface.h"
#include "../delocate.h"
#include "../ecdsa/internal.h"
#include "../service_indicator/internal.h"
-#include "../../internal.h"
+#include "internal.h"
DEFINE_STATIC_EX_DATA_CLASS(g_ec_ex_data_class)
static EC_WRAPPED_SCALAR *ec_wrapped_scalar_new(const EC_GROUP *group) {
- EC_WRAPPED_SCALAR *wrapped = OPENSSL_zalloc(sizeof(EC_WRAPPED_SCALAR));
+ EC_WRAPPED_SCALAR *wrapped = reinterpret_cast<EC_WRAPPED_SCALAR *>(
+ OPENSSL_zalloc(sizeof(EC_WRAPPED_SCALAR)));
if (wrapped == NULL) {
return NULL;
}
@@ -106,7 +108,7 @@
EC_KEY *EC_KEY_new(void) { return EC_KEY_new_method(NULL); }
EC_KEY *EC_KEY_new_method(const ENGINE *engine) {
- EC_KEY *ret = OPENSSL_zalloc(sizeof(EC_KEY));
+ EC_KEY *ret = reinterpret_cast<EC_KEY *>(OPENSSL_zalloc(sizeof(EC_KEY)));
if (ret == NULL) {
return NULL;
}
@@ -184,10 +186,8 @@
return NULL;
}
- if ((src->group != NULL &&
- !EC_KEY_set_group(ret, src->group)) ||
- (src->pub_key != NULL &&
- !EC_KEY_set_public_key(ret, src->pub_key)) ||
+ if ((src->group != NULL && !EC_KEY_set_group(ret, src->group)) ||
+ (src->pub_key != NULL && !EC_KEY_set_public_key(ret, src->pub_key)) ||
(src->priv_key != NULL &&
!EC_KEY_set_private_key(ret, EC_KEY_get0_private_key(src)))) {
EC_KEY_free(ret);
@@ -385,8 +385,7 @@
point = EC_POINT_new(key->group);
if (point == NULL ||
!EC_POINT_set_affine_coordinates_GFp(key->group, point, x, y, NULL) ||
- !EC_KEY_set_public_key(key, point) ||
- !EC_KEY_check_key(key)) {
+ !EC_KEY_set_public_key(key, point) || !EC_KEY_check_key(key)) {
goto err;
}
@@ -468,7 +467,7 @@
return 0;
}
- uint8_t *buf = OPENSSL_malloc(len);
+ uint8_t *buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(len));
if (buf == NULL) {
return 0;
}
@@ -546,7 +545,7 @@
CRYPTO_EX_dup *dup_unused,
CRYPTO_EX_free *free_func) {
return CRYPTO_get_ex_new_index_ex(g_ec_ex_data_class_bss_get(), argl, argp,
- free_func);
+ free_func);
}
int EC_KEY_set_ex_data(EC_KEY *d, int idx, void *arg) {
diff --git a/crypto/fipsmodule/ec/ec_montgomery.c.inc b/crypto/fipsmodule/ec/ec_montgomery.cc.inc
similarity index 100%
rename from crypto/fipsmodule/ec/ec_montgomery.c.inc
rename to crypto/fipsmodule/ec/ec_montgomery.cc.inc
diff --git a/crypto/fipsmodule/ec/felem.c.inc b/crypto/fipsmodule/ec/felem.cc.inc
similarity index 100%
rename from crypto/fipsmodule/ec/felem.c.inc
rename to crypto/fipsmodule/ec/felem.cc.inc
diff --git a/crypto/fipsmodule/ec/oct.c.inc b/crypto/fipsmodule/ec/oct.cc.inc
similarity index 97%
rename from crypto/fipsmodule/ec/oct.c.inc
rename to crypto/fipsmodule/ec/oct.cc.inc
index 6cb84f5..b598036 100644
--- a/crypto/fipsmodule/ec/oct.c.inc
+++ b/crypto/fipsmodule/ec/oct.cc.inc
@@ -141,8 +141,8 @@
return 0;
}
- point_conversion_form_t form = buf[0];
- if (form == POINT_CONVERSION_UNCOMPRESSED) {
+ uint8_t form = buf[0];
+ if (form == static_cast<uint8_t>(POINT_CONVERSION_UNCOMPRESSED)) {
EC_AFFINE affine;
if (!ec_point_from_uncompressed(group, &affine, buf, len)) {
// In the event of an error, defend against the caller not checking the
@@ -157,7 +157,7 @@
const int y_bit = form & 1;
const size_t field_len = BN_num_bytes(&group->field.N);
form = form & ~1u;
- if (form != POINT_CONVERSION_COMPRESSED ||
+ if (form != static_cast<uint8_t>(POINT_CONVERSION_COMPRESSED) ||
len != 1 /* type byte */ + field_len) {
OPENSSL_PUT_ERROR(EC, EC_R_INVALID_ENCODING);
return 0;
@@ -239,7 +239,7 @@
if (len == 0) {
return 0;
}
- uint8_t *buf = OPENSSL_malloc(len);
+ uint8_t *buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(len));
if (buf == NULL) {
return 0;
}
@@ -286,8 +286,7 @@
BIGNUM *a = BN_CTX_get(ctx);
BIGNUM *b = BN_CTX_get(ctx);
BIGNUM *y = BN_CTX_get(ctx);
- if (y == NULL ||
- !EC_GROUP_get_curve_GFp(group, NULL, a, b, ctx)) {
+ if (y == NULL || !EC_GROUP_get_curve_GFp(group, NULL, a, b, ctx)) {
goto err;
}
diff --git a/crypto/fipsmodule/ec/p224-64.c.inc b/crypto/fipsmodule/ec/p224-64.cc.inc
similarity index 100%
rename from crypto/fipsmodule/ec/p224-64.c.inc
rename to crypto/fipsmodule/ec/p224-64.cc.inc
diff --git a/crypto/fipsmodule/ec/p256-nistz-table.h b/crypto/fipsmodule/ec/p256-nistz-table.h
index b81480b..f2c8a48 100644
--- a/crypto/fipsmodule/ec/p256-nistz-table.h
+++ b/crypto/fipsmodule/ec/p256-nistz-table.h
@@ -22,7 +22,7 @@
// This file is generated by make_tables.go.
-static const alignas(4096) PRECOMP256_ROW ecp_nistz256_precomputed[37] = {
+static const PRECOMP256_ROW ecp_nistz256_precomputed alignas(4096)[37] = {
{{{TOBN(0x79e730d4, 0x18a9143c), TOBN(0x75ba95fc, 0x5fedb601),
TOBN(0x79fb732b, 0x77622510), TOBN(0x18905f76, 0xa53755c6)},
{TOBN(0xddf25357, 0xce95560a), TOBN(0x8b4ab8e4, 0xba19e45c),
diff --git a/crypto/fipsmodule/ec/p256-nistz.c.inc b/crypto/fipsmodule/ec/p256-nistz.cc.inc
similarity index 97%
rename from crypto/fipsmodule/ec/p256-nistz.c.inc
rename to crypto/fipsmodule/ec/p256-nistz.cc.inc
index 6d667fc..b6a3f9a 100644
--- a/crypto/fipsmodule/ec/p256-nistz.c.inc
+++ b/crypto/fipsmodule/ec/p256-nistz.cc.inc
@@ -26,22 +26,24 @@
#include <openssl/crypto.h>
#include <openssl/err.h>
+#include "../../internal.h"
#include "../bn/internal.h"
#include "../delocate.h"
-#include "../../internal.h"
#include "internal.h"
#include "p256-nistz.h"
-#if !defined(OPENSSL_NO_ASM) && \
- (defined(OPENSSL_X86_64) || defined(OPENSSL_AARCH64)) && \
+#if !defined(OPENSSL_NO_ASM) && \
+ (defined(OPENSSL_X86_64) || defined(OPENSSL_AARCH64)) && \
!defined(OPENSSL_SMALL)
typedef P256_POINT_AFFINE PRECOMP256_ROW[64];
// One converted into the Montgomery domain
static const BN_ULONG ONE_MONT[P256_LIMBS] = {
- TOBN(0x00000000, 0x00000001), TOBN(0xffffffff, 0x00000000),
- TOBN(0xffffffff, 0xffffffff), TOBN(0x00000000, 0xfffffffe),
+ TOBN(0x00000000, 0x00000001),
+ TOBN(0xffffffff, 0x00000000),
+ TOBN(0xffffffff, 0xffffffff),
+ TOBN(0x00000000, 0xfffffffe),
};
// Precomputed tables for the default generator
@@ -104,11 +106,11 @@
//
// (declare-fun x () (_ BitVec 64))
//
-// (assert (and (= x #x0000000000000000) (= (is_not_zero x) #x0000000000000001)))
-// (check-sat)
+// (assert (and (= x #x0000000000000000) (= (is_not_zero x)
+// #x0000000000000001))) (check-sat)
//
-// (assert (and (not (= x #x0000000000000000)) (= (is_not_zero x) #x0000000000000000)))
-// (check-sat)
+// (assert (and (not (= x #x0000000000000000)) (= (is_not_zero x)
+// #x0000000000000000))) (check-sat)
//
static BN_ULONG is_not_zero(BN_ULONG in) {
in |= (0 - in);
@@ -651,8 +653,8 @@
}
static int ecp_nistz256_scalar_to_montgomery_inv_vartime(const EC_GROUP *group,
- EC_SCALAR *out,
- const EC_SCALAR *in) {
+ EC_SCALAR *out,
+ const EC_SCALAR *in) {
#if defined(OPENSSL_X86_64)
if (!CRYPTO_is_AVX_capable()) {
// No AVX support; fallback to generic code.
@@ -729,6 +731,6 @@
out->cmp_x_coordinate = ecp_nistz256_cmp_x_coordinate;
}
-#endif /* !defined(OPENSSL_NO_ASM) && \
- (defined(OPENSSL_X86_64) || defined(OPENSSL_AARCH64)) && \
+#endif /* !defined(OPENSSL_NO_ASM) && \
+ (defined(OPENSSL_X86_64) || defined(OPENSSL_AARCH64)) && \
!defined(OPENSSL_SMALL) */
diff --git a/crypto/fipsmodule/ec/p256.c.inc b/crypto/fipsmodule/ec/p256.cc.inc
similarity index 100%
rename from crypto/fipsmodule/ec/p256.c.inc
rename to crypto/fipsmodule/ec/p256.cc.inc
diff --git a/crypto/fipsmodule/ec/scalar.c.inc b/crypto/fipsmodule/ec/scalar.cc.inc
similarity index 100%
rename from crypto/fipsmodule/ec/scalar.c.inc
rename to crypto/fipsmodule/ec/scalar.cc.inc
diff --git a/crypto/fipsmodule/ec/simple.c.inc b/crypto/fipsmodule/ec/simple.cc.inc
similarity index 100%
rename from crypto/fipsmodule/ec/simple.c.inc
rename to crypto/fipsmodule/ec/simple.cc.inc
diff --git a/crypto/fipsmodule/ec/simple_mul.c.inc b/crypto/fipsmodule/ec/simple_mul.cc.inc
similarity index 100%
rename from crypto/fipsmodule/ec/simple_mul.c.inc
rename to crypto/fipsmodule/ec/simple_mul.cc.inc
diff --git a/crypto/fipsmodule/ec/util.c.inc b/crypto/fipsmodule/ec/util.cc.inc
similarity index 100%
rename from crypto/fipsmodule/ec/util.c.inc
rename to crypto/fipsmodule/ec/util.cc.inc
diff --git a/crypto/fipsmodule/ec/wnaf.c.inc b/crypto/fipsmodule/ec/wnaf.cc.inc
similarity index 91%
rename from crypto/fipsmodule/ec/wnaf.c.inc
rename to crypto/fipsmodule/ec/wnaf.cc.inc
index 225cdfe..8e997f8 100644
--- a/crypto/fipsmodule/ec/wnaf.c.inc
+++ b/crypto/fipsmodule/ec/wnaf.cc.inc
@@ -75,9 +75,9 @@
#include <openssl/mem.h>
#include <openssl/thread.h>
-#include "internal.h"
-#include "../bn/internal.h"
#include "../../internal.h"
+#include "../bn/internal.h"
+#include "internal.h"
// This file implements the wNAF-based interleaving multi-exponentiation method
@@ -186,22 +186,34 @@
size_t bits = EC_GROUP_order_bits(group);
size_t wNAF_len = bits + 1;
- int ret = 0;
+ // Stack-allocated space, which will be used if the task is small enough.
int8_t wNAF_stack[EC_WNAF_STACK][EC_MAX_BYTES * 8 + 1];
- int8_t (*wNAF_alloc)[EC_MAX_BYTES * 8 + 1] = NULL;
- int8_t (*wNAF)[EC_MAX_BYTES * 8 + 1];
EC_JACOBIAN precomp_stack[EC_WNAF_STACK][EC_WNAF_TABLE_SIZE];
- EC_JACOBIAN (*precomp_alloc)[EC_WNAF_TABLE_SIZE] = NULL;
- EC_JACOBIAN (*precomp)[EC_WNAF_TABLE_SIZE];
+
+ // Allocated pointers, which will remain NULL unless needed.
+ EC_JACOBIAN(*precomp_alloc)[EC_WNAF_TABLE_SIZE] = NULL;
+ int8_t(*wNAF_alloc)[EC_MAX_BYTES * 8 + 1] = NULL;
+
+ // These fields point either to the stack or heap buffers of the same name.
+ int8_t(*wNAF)[EC_MAX_BYTES * 8 + 1];
+ EC_JACOBIAN(*precomp)[EC_WNAF_TABLE_SIZE];
+
if (num <= EC_WNAF_STACK) {
wNAF = wNAF_stack;
precomp = precomp_stack;
} else {
- wNAF_alloc = OPENSSL_calloc(num, sizeof(wNAF_alloc[0]));
- precomp_alloc = OPENSSL_calloc(num, sizeof(precomp_alloc[0]));
- if (wNAF_alloc == NULL || precomp_alloc == NULL) {
- goto err;
+ wNAF_alloc = reinterpret_cast<decltype(wNAF_alloc)>(
+ OPENSSL_calloc(num, sizeof(wNAF_alloc[0])));
+ if (wNAF_alloc == NULL) {
+ return 0;
}
+ precomp_alloc = reinterpret_cast<decltype(precomp_alloc)>(
+ OPENSSL_calloc(num, sizeof(precomp_alloc[0])));
+ if (precomp_alloc == NULL) {
+ OPENSSL_free(wNAF_alloc);
+ return 0;
+ }
+
wNAF = wNAF_alloc;
precomp = precomp_alloc;
}
@@ -255,10 +267,7 @@
ec_GFp_simple_point_set_to_infinity(group, r);
}
- ret = 1;
-
-err:
OPENSSL_free(wNAF_alloc);
OPENSSL_free(precomp_alloc);
- return ret;
+ return 1;
}
diff --git a/crypto/fipsmodule/ecdh/ecdh.c.inc b/crypto/fipsmodule/ecdh/ecdh.cc.inc
similarity index 100%
rename from crypto/fipsmodule/ecdh/ecdh.c.inc
rename to crypto/fipsmodule/ecdh/ecdh.cc.inc
diff --git a/crypto/fipsmodule/ecdsa/ecdsa.c.inc b/crypto/fipsmodule/ecdsa/ecdsa.cc.inc
similarity index 100%
rename from crypto/fipsmodule/ecdsa/ecdsa.c.inc
rename to crypto/fipsmodule/ecdsa/ecdsa.cc.inc
diff --git a/crypto/fipsmodule/fips_shared.lds b/crypto/fipsmodule/fips_shared.lds
index ebd3c89..1f20b96 100644
--- a/crypto/fipsmodule/fips_shared.lds
+++ b/crypto/fipsmodule/fips_shared.lds
@@ -4,6 +4,10 @@
BORINGSSL_bcm_text_start = .;
*(.text)
*(.text.unlikely.*)
+ /* These sections shouldn't exist. But C++ `inline` symbols seem to be
+ * placed in function sections on Android even with
+ * -fno-function-sections. */
+ *(text.*)
BORINGSSL_bcm_text_end = .;
}
.rodata : {
@@ -19,7 +23,6 @@
*(.rela.dyn)
*(.data)
*(.rel.ro)
- *(*.text.*)
*(*.data.*)
}
}
diff --git a/crypto/fipsmodule/fips_shared_support.c b/crypto/fipsmodule/fips_shared_support.cc
similarity index 93%
rename from crypto/fipsmodule/fips_shared_support.c
rename to crypto/fipsmodule/fips_shared_support.cc
index 74b35f0..01de6a1 100644
--- a/crypto/fipsmodule/fips_shared_support.c
+++ b/crypto/fipsmodule/fips_shared_support.cc
@@ -20,8 +20,7 @@
// that must be replaced with the real value during the build process. This
// value need only be distinct, i.e. so that we can safely search-and-replace it
// in an object file.
-const uint8_t BORINGSSL_bcm_text_hash[32];
-const uint8_t BORINGSSL_bcm_text_hash[32] = {
+extern const uint8_t BORINGSSL_bcm_text_hash[32] = {
0xae, 0x2c, 0xea, 0x2a, 0xbd, 0xa6, 0xf3, 0xec, 0x97, 0x7f, 0x9b,
0xf6, 0x94, 0x9a, 0xfc, 0x83, 0x68, 0x27, 0xcb, 0xa0, 0xa0, 0x9f,
0x6b, 0x6f, 0xde, 0x52, 0xcd, 0xe2, 0xcd, 0xff, 0x31, 0x80,
diff --git a/crypto/fipsmodule/hkdf/hkdf.c.inc b/crypto/fipsmodule/hkdf/hkdf.cc.inc
similarity index 100%
rename from crypto/fipsmodule/hkdf/hkdf.c.inc
rename to crypto/fipsmodule/hkdf/hkdf.cc.inc
diff --git a/crypto/fipsmodule/hmac/hmac.c.inc b/crypto/fipsmodule/hmac/hmac.cc.inc
similarity index 98%
rename from crypto/fipsmodule/hmac/hmac.c.inc
rename to crypto/fipsmodule/hmac/hmac.cc.inc
index c6f12e2..4faa4e2 100644
--- a/crypto/fipsmodule/hmac/hmac.c.inc
+++ b/crypto/fipsmodule/hmac/hmac.cc.inc
@@ -98,7 +98,8 @@
}
HMAC_CTX *HMAC_CTX_new(void) {
- HMAC_CTX *ctx = OPENSSL_malloc(sizeof(HMAC_CTX));
+ HMAC_CTX *ctx =
+ reinterpret_cast<HMAC_CTX *>(OPENSSL_malloc(sizeof(HMAC_CTX)));
if (ctx != NULL) {
HMAC_CTX_init(ctx);
}
@@ -215,7 +216,7 @@
ret = 1;
- out:
+out:
FIPS_service_indicator_unlock_state();
if (ret) {
HMAC_verify_service_indicator(ctx->md);
diff --git a/crypto/fipsmodule/modes/cbc.c.inc b/crypto/fipsmodule/modes/cbc.cc.inc
similarity index 100%
rename from crypto/fipsmodule/modes/cbc.c.inc
rename to crypto/fipsmodule/modes/cbc.cc.inc
diff --git a/crypto/fipsmodule/modes/cfb.c.inc b/crypto/fipsmodule/modes/cfb.cc.inc
similarity index 100%
rename from crypto/fipsmodule/modes/cfb.c.inc
rename to crypto/fipsmodule/modes/cfb.cc.inc
diff --git a/crypto/fipsmodule/modes/ctr.c.inc b/crypto/fipsmodule/modes/ctr.cc.inc
similarity index 100%
rename from crypto/fipsmodule/modes/ctr.c.inc
rename to crypto/fipsmodule/modes/ctr.cc.inc
diff --git a/crypto/fipsmodule/modes/gcm.c.inc b/crypto/fipsmodule/modes/gcm.cc.inc
similarity index 100%
rename from crypto/fipsmodule/modes/gcm.c.inc
rename to crypto/fipsmodule/modes/gcm.cc.inc
diff --git a/crypto/fipsmodule/modes/gcm_nohw.c.inc b/crypto/fipsmodule/modes/gcm_nohw.cc.inc
similarity index 100%
rename from crypto/fipsmodule/modes/gcm_nohw.c.inc
rename to crypto/fipsmodule/modes/gcm_nohw.cc.inc
diff --git a/crypto/fipsmodule/modes/ofb.c.inc b/crypto/fipsmodule/modes/ofb.cc.inc
similarity index 100%
rename from crypto/fipsmodule/modes/ofb.c.inc
rename to crypto/fipsmodule/modes/ofb.cc.inc
diff --git a/crypto/fipsmodule/modes/polyval.c.inc b/crypto/fipsmodule/modes/polyval.cc.inc
similarity index 100%
rename from crypto/fipsmodule/modes/polyval.c.inc
rename to crypto/fipsmodule/modes/polyval.cc.inc
diff --git a/crypto/fipsmodule/rand/ctrdrbg.c.inc b/crypto/fipsmodule/rand/ctrdrbg.cc.inc
similarity index 97%
rename from crypto/fipsmodule/rand/ctrdrbg.c.inc
rename to crypto/fipsmodule/rand/ctrdrbg.cc.inc
index 805372f..41ad032 100644
--- a/crypto/fipsmodule/rand/ctrdrbg.c.inc
+++ b/crypto/fipsmodule/rand/ctrdrbg.cc.inc
@@ -18,9 +18,9 @@
#include <openssl/mem.h>
-#include "internal.h"
#include "../cipher/internal.h"
#include "../service_indicator/internal.h"
+#include "internal.h"
// Section references in this file refer to SP 800-90Ar1:
@@ -32,7 +32,8 @@
CTR_DRBG_STATE *CTR_DRBG_new(const uint8_t entropy[CTR_DRBG_ENTROPY_LEN],
const uint8_t *personalization,
size_t personalization_len) {
- CTR_DRBG_STATE *drbg = OPENSSL_malloc(sizeof(CTR_DRBG_STATE));
+ CTR_DRBG_STATE *drbg = reinterpret_cast<CTR_DRBG_STATE *>(
+ OPENSSL_malloc(sizeof(CTR_DRBG_STATE)));
if (drbg == NULL ||
!CTR_DRBG_init(drbg, entropy, personalization, personalization_len)) {
CTR_DRBG_free(drbg);
@@ -177,7 +178,7 @@
todo = out_len;
}
- todo &= ~(AES_BLOCK_SIZE-1);
+ todo &= ~(AES_BLOCK_SIZE - 1);
const size_t num_blocks = todo / AES_BLOCK_SIZE;
if (drbg->ctr) {
diff --git a/crypto/fipsmodule/rand/rand.c.inc b/crypto/fipsmodule/rand/rand.cc.inc
similarity index 97%
rename from crypto/fipsmodule/rand/rand.c.inc
rename to crypto/fipsmodule/rand/rand.cc.inc
index 8ba8514..60b5e6d 100644
--- a/crypto/fipsmodule/rand/rand.c.inc
+++ b/crypto/fipsmodule/rand/rand.cc.inc
@@ -85,7 +85,7 @@
// objects in the process, one per thread. This is needed because FIPS requires
// that they be zeroed on process exit, but thread-local destructors aren't
// called when the whole process is exiting.
-DEFINE_BSS_GET(struct rand_thread_state *, thread_states_list)
+DEFINE_BSS_GET(struct rand_thread_state *, thread_states_list, nullptr)
DEFINE_STATIC_MUTEX(thread_states_list_lock)
static void rand_thread_state_clear_all(void) __attribute__((destructor));
@@ -106,7 +106,8 @@
// rand_thread_state_free frees a |rand_thread_state|. This is called when a
// thread exits.
static void rand_thread_state_free(void *state_in) {
- struct rand_thread_state *state = state_in;
+ struct rand_thread_state *state =
+ reinterpret_cast<rand_thread_state *>(state_in);
if (state_in == NULL) {
return;
@@ -195,7 +196,7 @@
int want_additional_input;
};
-DEFINE_BSS_GET(struct entropy_buffer, entropy_buffer)
+DEFINE_BSS_GET(struct entropy_buffer, entropy_buffer, {})
DEFINE_STATIC_MUTEX(entropy_buffer_lock)
bcm_infallible BCM_rand_load_entropy(const uint8_t *entropy, size_t entropy_len,
@@ -366,11 +367,12 @@
}
struct rand_thread_state stack_state;
- struct rand_thread_state *state =
- CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_RAND);
+ struct rand_thread_state *state = reinterpret_cast<rand_thread_state *>(
+ CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_RAND));
if (state == NULL) {
- state = OPENSSL_zalloc(sizeof(struct rand_thread_state));
+ state = reinterpret_cast<rand_thread_state *>(
+ OPENSSL_zalloc(sizeof(struct rand_thread_state)));
if (state == NULL ||
!CRYPTO_set_thread_local(OPENSSL_THREAD_LOCAL_RAND, state,
rand_thread_state_free)) {
diff --git a/crypto/fipsmodule/rsa/blinding.c.inc b/crypto/fipsmodule/rsa/blinding.cc.inc
similarity index 98%
rename from crypto/fipsmodule/rsa/blinding.c.inc
rename to crypto/fipsmodule/rsa/blinding.cc.inc
index 8838ad8..97f679e 100644
--- a/crypto/fipsmodule/rsa/blinding.c.inc
+++ b/crypto/fipsmodule/rsa/blinding.cc.inc
@@ -111,17 +111,17 @@
#include <string.h>
#include <openssl/bn.h>
-#include <openssl/mem.h>
#include <openssl/err.h>
+#include <openssl/mem.h>
-#include "internal.h"
#include "../../internal.h"
+#include "internal.h"
#define BN_BLINDING_COUNTER 32
struct bn_blinding_st {
- BIGNUM *A; // The base blinding factor, Montgomery-encoded.
+ BIGNUM *A; // The base blinding factor, Montgomery-encoded.
BIGNUM *Ai; // The inverse of the blinding factor, Montgomery-encoded.
unsigned counter;
};
@@ -130,7 +130,8 @@
const BN_MONT_CTX *mont, BN_CTX *ctx);
BN_BLINDING *BN_BLINDING_new(void) {
- BN_BLINDING *ret = OPENSSL_zalloc(sizeof(BN_BLINDING));
+ BN_BLINDING *ret =
+ reinterpret_cast<BN_BLINDING *>(OPENSSL_zalloc(sizeof(BN_BLINDING)));
if (ret == NULL) {
return NULL;
}
diff --git a/crypto/fipsmodule/rsa/padding.c.inc b/crypto/fipsmodule/rsa/padding.cc.inc
similarity index 93%
rename from crypto/fipsmodule/rsa/padding.c.inc
rename to crypto/fipsmodule/rsa/padding.cc.inc
index 2deceb3..e3b06f3 100644
--- a/crypto/fipsmodule/rsa/padding.c.inc
+++ b/crypto/fipsmodule/rsa/padding.cc.inc
@@ -64,10 +64,10 @@
#include <openssl/err.h>
#include <openssl/mem.h>
-#include "internal.h"
-#include "../service_indicator/internal.h"
-#include "../bcm_interface.h"
#include "../../internal.h"
+#include "../bcm_interface.h"
+#include "../service_indicator/internal.h"
+#include "internal.h"
int RSA_padding_add_PKCS1_type_1(uint8_t *to, size_t to_len,
@@ -215,8 +215,11 @@
int ret = 0;
uint8_t *DB = NULL;
+ const uint8_t *H;
EVP_MD_CTX ctx;
EVP_MD_CTX_init(&ctx);
+ unsigned MSBits;
+ size_t emLen, maskedDBLen, salt_start;
FIPS_service_indicator_lock_state();
// Negative sLen has special meanings:
@@ -233,8 +236,8 @@
goto err;
}
- unsigned MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
- size_t emLen = RSA_size(rsa);
+ MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
+ emLen = RSA_size(rsa);
if (EM[0] & (0xFF << MSBits)) {
OPENSSL_PUT_ERROR(RSA, RSA_R_FIRST_OCTET_INVALID);
goto err;
@@ -244,8 +247,7 @@
emLen--;
}
// |sLen| may be -2 for the non-standard salt length recovery mode.
- if (emLen < hLen + 2 ||
- (sLen >= 0 && emLen < hLen + (size_t)sLen + 2)) {
+ if (emLen < hLen + 2 || (sLen >= 0 && emLen < hLen + (size_t)sLen + 2)) {
OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE);
goto err;
}
@@ -253,9 +255,9 @@
OPENSSL_PUT_ERROR(RSA, RSA_R_LAST_OCTET_INVALID);
goto err;
}
- size_t maskedDBLen = emLen - hLen - 1;
- const uint8_t *H = EM + maskedDBLen;
- DB = OPENSSL_malloc(maskedDBLen);
+ maskedDBLen = emLen - hLen - 1;
+ H = EM + maskedDBLen;
+ DB = reinterpret_cast<uint8_t *>(OPENSSL_malloc(maskedDBLen));
if (!DB) {
goto err;
}
@@ -271,7 +273,6 @@
// This step differs slightly from EMSA-PSS-VERIFY (RFC 8017) step 10 because
// it accepts a non-standard salt recovery flow. DB should be some number of
// zeros, a one, then the salt.
- size_t salt_start;
for (salt_start = 0; DB[salt_start] == 0 && salt_start < maskedDBLen - 1;
salt_start++) {
;
@@ -312,7 +313,7 @@
const unsigned char *mHash,
const EVP_MD *Hash, const EVP_MD *mgf1Hash,
int sLenRequested) {
- int ret = 0;
+ int ret = 0, digest_ok;
size_t maskedDBLen, MSBits, emLen;
size_t hLen;
unsigned char *H, *salt = NULL, *p;
@@ -364,7 +365,7 @@
}
if (sLen > 0) {
- salt = OPENSSL_malloc(sLen);
+ salt = reinterpret_cast<uint8_t *>(OPENSSL_malloc(sLen));
if (!salt) {
goto err;
}
@@ -375,11 +376,11 @@
EVP_MD_CTX ctx;
EVP_MD_CTX_init(&ctx);
- int digest_ok = EVP_DigestInit_ex(&ctx, Hash, NULL) &&
- EVP_DigestUpdate(&ctx, kPSSZeroes, sizeof(kPSSZeroes)) &&
- EVP_DigestUpdate(&ctx, mHash, hLen) &&
- EVP_DigestUpdate(&ctx, salt, sLen) &&
- EVP_DigestFinal_ex(&ctx, H, NULL);
+ digest_ok = EVP_DigestInit_ex(&ctx, Hash, NULL) &&
+ EVP_DigestUpdate(&ctx, kPSSZeroes, sizeof(kPSSZeroes)) &&
+ EVP_DigestUpdate(&ctx, mHash, hLen) &&
+ EVP_DigestUpdate(&ctx, salt, sLen) &&
+ EVP_DigestFinal_ex(&ctx, H, NULL);
EVP_MD_CTX_cleanup(&ctx);
if (!digest_ok) {
goto err;
diff --git a/crypto/fipsmodule/rsa/rsa.c.inc b/crypto/fipsmodule/rsa/rsa.cc.inc
similarity index 88%
rename from crypto/fipsmodule/rsa/rsa.c.inc
rename to crypto/fipsmodule/rsa/rsa.cc.inc
index 5f38005..83d8f39 100644
--- a/crypto/fipsmodule/rsa/rsa.c.inc
+++ b/crypto/fipsmodule/rsa/rsa.cc.inc
@@ -70,9 +70,10 @@
#include <openssl/nid.h>
#include <openssl/thread.h>
+#include "../../internal.h"
+#include "../bcm_interface.h"
#include "../bn/internal.h"
#include "../delocate.h"
-#include "../../internal.h"
#include "internal.h"
@@ -205,7 +206,7 @@
RSA *RSA_new(void) { return RSA_new_method(NULL); }
RSA *RSA_new_method(const ENGINE *engine) {
- RSA *rsa = OPENSSL_zalloc(sizeof(RSA));
+ RSA *rsa = reinterpret_cast<RSA *>(OPENSSL_zalloc(sizeof(RSA)));
if (rsa == NULL) {
return NULL;
}
@@ -215,7 +216,7 @@
}
if (rsa->meth == NULL) {
- rsa->meth = (RSA_METHOD *) RSA_default_method();
+ rsa->meth = (RSA_METHOD *)RSA_default_method();
}
METHOD_ref(rsa->meth);
@@ -237,8 +238,7 @@
RSA *RSA_new_method_no_e(const ENGINE *engine, const BIGNUM *n) {
RSA *rsa = RSA_new_method(engine);
- if (rsa == NULL ||
- !bn_dup_into(&rsa->n, n)) {
+ if (rsa == NULL || !bn_dup_into(&rsa->n, n)) {
RSA_free(rsa);
return NULL;
}
@@ -341,8 +341,7 @@
}
int RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
- if ((rsa->n == NULL && n == NULL) ||
- (rsa->e == NULL && e == NULL)) {
+ if ((rsa->n == NULL && n == NULL) || (rsa->e == NULL && e == NULL)) {
return 0;
}
@@ -364,8 +363,7 @@
}
int RSA_set0_factors(RSA *rsa, BIGNUM *p, BIGNUM *q) {
- if ((rsa->p == NULL && p == NULL) ||
- (rsa->q == NULL && q == NULL)) {
+ if ((rsa->p == NULL && p == NULL) || (rsa->q == NULL && q == NULL)) {
return 0;
}
@@ -439,7 +437,7 @@
int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused,
CRYPTO_EX_dup *dup_unused, CRYPTO_EX_free *free_func) {
return CRYPTO_get_ex_new_index_ex(g_rsa_ex_data_class_bss_get(), argl, argp,
- free_func);
+ free_func);
}
int RSA_set_ex_data(RSA *rsa, int idx, void *arg) {
@@ -471,49 +469,52 @@
// different hash functions.
static const struct pkcs1_sig_prefix kPKCS1SigPrefixes[] = {
{
- NID_md5,
- MD5_DIGEST_LENGTH,
- 18,
- {0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
- 0x02, 0x05, 0x05, 0x00, 0x04, 0x10},
+ NID_md5,
+ MD5_DIGEST_LENGTH,
+ 18,
+ {0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
+ 0x02, 0x05, 0x05, 0x00, 0x04, 0x10},
},
{
- NID_sha1,
- BCM_SHA_DIGEST_LENGTH,
- 15,
- {0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
- 0x00, 0x04, 0x14},
+ NID_sha1,
+ BCM_SHA_DIGEST_LENGTH,
+ 15,
+ {0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
+ 0x00, 0x04, 0x14},
},
{
- NID_sha224,
- BCM_SHA224_DIGEST_LENGTH,
- 19,
- {0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
- 0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1c},
+ NID_sha224,
+ BCM_SHA224_DIGEST_LENGTH,
+ 19,
+ {0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+ 0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1c},
},
{
- NID_sha256,
- BCM_SHA256_DIGEST_LENGTH,
- 19,
- {0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
- 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20},
+ NID_sha256,
+ BCM_SHA256_DIGEST_LENGTH,
+ 19,
+ {0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+ 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20},
},
{
- NID_sha384,
- BCM_SHA384_DIGEST_LENGTH,
- 19,
- {0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
- 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30},
+ NID_sha384,
+ BCM_SHA384_DIGEST_LENGTH,
+ 19,
+ {0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+ 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30},
},
{
- NID_sha512,
- BCM_SHA512_DIGEST_LENGTH,
- 19,
- {0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
- 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40},
+ NID_sha512,
+ BCM_SHA512_DIGEST_LENGTH,
+ 19,
+ {0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+ 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40},
},
{
- NID_undef, 0, 0, {0},
+ NID_undef,
+ 0,
+ 0,
+ {0},
},
};
@@ -539,7 +540,6 @@
OPENSSL_PUT_ERROR(RSA, RSA_R_UNKNOWN_ALGORITHM_TYPE);
return 0;
-
}
int RSA_add_pkcs1_prefix(uint8_t **out_msg, size_t *out_msg_len,
@@ -566,7 +566,7 @@
// The length should already have been checked.
assert(digest_len == sig_prefix->hash_len);
- const uint8_t* prefix = sig_prefix->bytes;
+ const uint8_t *prefix = sig_prefix->bytes;
size_t prefix_len = sig_prefix->len;
size_t signed_msg_len = prefix_len + digest_len;
if (signed_msg_len < prefix_len) {
@@ -574,7 +574,8 @@
return 0;
}
- uint8_t *signed_msg = OPENSSL_malloc(signed_msg_len);
+ uint8_t *signed_msg =
+ reinterpret_cast<uint8_t *>(OPENSSL_malloc(signed_msg_len));
if (!signed_msg) {
return 0;
}
@@ -653,7 +654,7 @@
}
size_t padded_len = RSA_size(rsa);
- uint8_t *padded = OPENSSL_malloc(padded_len);
+ uint8_t *padded = reinterpret_cast<uint8_t *>(OPENSSL_malloc(padded_len));
if (padded == NULL) {
return 0;
}
@@ -686,7 +687,7 @@
return 0;
}
- buf = OPENSSL_malloc(rsa_size);
+ buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(rsa_size));
if (!buf) {
return 0;
}
@@ -732,7 +733,7 @@
}
size_t em_len = RSA_size(rsa);
- uint8_t *em = OPENSSL_malloc(em_len);
+ uint8_t *em = reinterpret_cast<uint8_t *>(OPENSSL_malloc(em_len));
if (em == NULL) {
return 0;
}
@@ -768,8 +769,7 @@
// were checked by the caller.
BN_CTX_start(ctx);
BIGNUM *tmp = BN_CTX_get(ctx);
- int ret = tmp != NULL &&
- bn_mul_consttime(tmp, a, ainv, ctx) &&
+ int ret = tmp != NULL && bn_mul_consttime(tmp, a, ainv, ctx) &&
bn_div_consttime(NULL, tmp, tmp, m, m_min_bits, ctx);
if (ret) {
*out_ok = constant_time_declassify_int(BN_is_one(tmp));
@@ -819,7 +819,8 @@
}
BIGNUM tmp, de, pm1, qm1, dmp1, dmq1;
- int ok = 0;
+ int ok = 0, has_crt_values;
+ unsigned pm1_bits, qm1_bits;
BN_init(&tmp);
BN_init(&de);
BN_init(&pm1);
@@ -856,8 +857,8 @@
OPENSSL_PUT_ERROR(RSA, ERR_LIB_BN);
goto out;
}
- const unsigned pm1_bits = BN_num_bits(&pm1);
- const unsigned qm1_bits = BN_num_bits(&qm1);
+ pm1_bits = BN_num_bits(&pm1);
+ qm1_bits = BN_num_bits(&qm1);
if (!bn_mul_consttime(&de, key->d, key->e, ctx) ||
!bn_div_consttime(NULL, &tmp, &de, &pm1, pm1_bits, ctx) ||
!bn_div_consttime(NULL, &de, &de, &qm1, qm1_bits, ctx)) {
@@ -871,7 +872,7 @@
goto out;
}
- int has_crt_values = key->dmp1 != NULL;
+ has_crt_values = key->dmp1 != NULL;
if (has_crt_values != (key->dmq1 != NULL) ||
has_crt_values != (key->iqmp != NULL)) {
OPENSSL_PUT_ERROR(RSA, RSA_R_INCONSISTENT_SET_OF_CRT_VALUES);
@@ -912,20 +913,26 @@
// This is the product of the 132 smallest odd primes, from 3 to 751.
-static const BN_ULONG kSmallFactorsLimbs[] = {
- TOBN(0xc4309333, 0x3ef4e3e1), TOBN(0x71161eb6, 0xcd2d655f),
- TOBN(0x95e2238c, 0x0bf94862), TOBN(0x3eb233d3, 0x24f7912b),
- TOBN(0x6b55514b, 0xbf26c483), TOBN(0x0a84d817, 0x5a144871),
- TOBN(0x77d12fee, 0x9b82210a), TOBN(0xdb5b93c2, 0x97f050b3),
- TOBN(0x4acad6b9, 0x4d6c026b), TOBN(0xeb7751f3, 0x54aec893),
- TOBN(0xdba53368, 0x36bc85c4), TOBN(0xd85a1b28, 0x7f5ec78e),
- TOBN(0x2eb072d8, 0x6b322244), TOBN(0xbba51112, 0x5e2b3aea),
- TOBN(0x36ed1a6c, 0x0e2486bf), TOBN(0x5f270460, 0xec0c5727),
- 0x000017b1
-};
+static const BN_ULONG kSmallFactorsLimbs[] = {TOBN(0xc4309333, 0x3ef4e3e1),
+ TOBN(0x71161eb6, 0xcd2d655f),
+ TOBN(0x95e2238c, 0x0bf94862),
+ TOBN(0x3eb233d3, 0x24f7912b),
+ TOBN(0x6b55514b, 0xbf26c483),
+ TOBN(0x0a84d817, 0x5a144871),
+ TOBN(0x77d12fee, 0x9b82210a),
+ TOBN(0xdb5b93c2, 0x97f050b3),
+ TOBN(0x4acad6b9, 0x4d6c026b),
+ TOBN(0xeb7751f3, 0x54aec893),
+ TOBN(0xdba53368, 0x36bc85c4),
+ TOBN(0xd85a1b28, 0x7f5ec78e),
+ TOBN(0x2eb072d8, 0x6b322244),
+ TOBN(0xbba51112, 0x5e2b3aea),
+ TOBN(0x36ed1a6c, 0x0e2486bf),
+ TOBN(0x5f270460, 0xec0c5727),
+ 0x000017b1};
DEFINE_LOCAL_DATA(BIGNUM, g_small_factors) {
- out->d = (BN_ULONG *) kSmallFactorsLimbs;
+ out->d = (BN_ULONG *)kSmallFactorsLimbs;
out->width = OPENSSL_ARRAY_SIZE(kSmallFactorsLimbs);
out->dmax = out->width;
out->neg = 0;
@@ -960,9 +967,9 @@
// composite, so too few iterations will cause us to reject the key, not use
// an implausible one.
enum bn_primality_result_t primality_result;
- if (BN_num_bits(key->e) <= 16 ||
- BN_num_bits(key->e) > 256 ||
- !BN_is_odd(key->n) ||
+ if (BN_num_bits(key->e) <= 16 || //
+ BN_num_bits(key->e) > 256 || //
+ !BN_is_odd(key->n) || //
!BN_is_odd(key->e) ||
!BN_gcd(&small_gcd, key->n, g_small_factors(), ctx) ||
!BN_is_one(&small_gcd) ||
@@ -989,7 +996,7 @@
// perform a signing test.
uint8_t data[32] = {0};
unsigned sig_len = RSA_size(key);
- uint8_t *sig = OPENSSL_malloc(sig_len);
+ uint8_t *sig = reinterpret_cast<uint8_t *>(OPENSSL_malloc(sig_len));
if (sig == NULL) {
return 0;
}
@@ -1032,6 +1039,4 @@
int RSA_test_flags(const RSA *rsa, int flags) { return rsa->flags & flags; }
-int RSA_blinding_on(RSA *rsa, BN_CTX *ctx) {
- return 1;
-}
+int RSA_blinding_on(RSA *rsa, BN_CTX *ctx) { return 1; }
diff --git a/crypto/fipsmodule/rsa/rsa_impl.c.inc b/crypto/fipsmodule/rsa/rsa_impl.cc.inc
similarity index 95%
rename from crypto/fipsmodule/rsa/rsa_impl.c.inc
rename to crypto/fipsmodule/rsa/rsa_impl.cc.inc
index c7af4fc..dc32d3a 100644
--- a/crypto/fipsmodule/rsa/rsa_impl.c.inc
+++ b/crypto/fipsmodule/rsa/rsa_impl.cc.inc
@@ -147,8 +147,7 @@
return 1;
}
BIGNUM *copy = BN_dup(in);
- if (copy == NULL ||
- !bn_resize_words(copy, width)) {
+ if (copy == NULL || !bn_resize_words(copy, width)) {
BN_free(copy);
return 0;
}
@@ -171,6 +170,7 @@
}
int ret = 0;
+ const BIGNUM *n_fixed;
CRYPTO_MUTEX_lock_write(&rsa->lock);
if (rsa->private_key_frozen) {
ret = 1;
@@ -194,7 +194,7 @@
goto err;
}
}
- const BIGNUM *n_fixed = &rsa->mont_n->N;
+ n_fixed = &rsa->mont_n->N;
// The only public upper-bound of |rsa->d| is the bit length of |rsa->n|. The
// ASN.1 serialization of RSA private keys unfortunately leaks the byte length
@@ -231,9 +231,8 @@
// Key generation relies on this function to compute |iqmp|.
if (rsa->iqmp == NULL) {
BIGNUM *iqmp = BN_new();
- if (iqmp == NULL ||
- !bn_mod_inverse_secret_prime(iqmp, rsa->q, rsa->p, ctx,
- rsa->mont_p)) {
+ if (iqmp == NULL || !bn_mod_inverse_secret_prime(iqmp, rsa->q, rsa->p,
+ ctx, rsa->mont_p)) {
BN_free(iqmp);
goto err;
}
@@ -300,9 +299,7 @@
rsa->blinding_fork_generation = 0;
}
-size_t rsa_default_size(const RSA *rsa) {
- return BN_num_bytes(rsa->n);
-}
+size_t rsa_default_size(const RSA *rsa) { return BN_num_bytes(rsa->n); }
// MAX_BLINDINGS_PER_RSA defines the maximum number of cached BN_BLINDINGs per
// RSA*. Then this limit is exceeded, BN_BLINDING objects will be created and
@@ -342,8 +339,11 @@
rsa->blinding_fork_generation = fork_generation;
}
- uint8_t *const free_inuse_flag =
- OPENSSL_memchr(rsa->blindings_inuse, 0, rsa->num_blindings);
+ uint8_t *const free_inuse_flag = reinterpret_cast<uint8_t *>(
+ OPENSSL_memchr(rsa->blindings_inuse, 0, rsa->num_blindings));
+ size_t new_num_blindings;
+ BN_BLINDING **new_blindings;
+ uint8_t *new_blindings_inuse;
if (free_inuse_flag != NULL) {
*free_inuse_flag = 1;
*index_used = free_inuse_flag - rsa->blindings_inuse;
@@ -363,7 +363,7 @@
// Double the length of the cache.
static_assert(MAX_BLINDINGS_PER_RSA < UINT_MAX / 2,
"MAX_BLINDINGS_PER_RSA too large");
- size_t new_num_blindings = rsa->num_blindings * 2;
+ new_num_blindings = rsa->num_blindings * 2;
if (new_num_blindings == 0) {
new_num_blindings = 1;
}
@@ -372,9 +372,10 @@
}
assert(new_num_blindings > rsa->num_blindings);
- BN_BLINDING **new_blindings =
- OPENSSL_calloc(new_num_blindings, sizeof(BN_BLINDING *));
- uint8_t *new_blindings_inuse = OPENSSL_malloc(new_num_blindings);
+ new_blindings = reinterpret_cast<BN_BLINDING **>(
+ OPENSSL_calloc(new_num_blindings, sizeof(BN_BLINDING *)));
+ new_blindings_inuse =
+ reinterpret_cast<uint8_t *>(OPENSSL_malloc(new_num_blindings));
if (new_blindings == NULL || new_blindings_inuse == NULL) {
goto err;
}
@@ -445,7 +446,7 @@
return 0;
}
- buf = OPENSSL_malloc(rsa_size);
+ buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(rsa_size));
if (buf == NULL) {
goto err;
}
@@ -527,7 +528,7 @@
buf = out;
} else {
// Allocate a temporary buffer to hold the padded plaintext.
- buf = OPENSSL_malloc(rsa_size);
+ buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(rsa_size));
if (buf == NULL) {
goto err;
}
@@ -580,9 +581,8 @@
return ret;
}
-int RSA_verify_raw(RSA *rsa, size_t *out_len, uint8_t *out,
- size_t max_out, const uint8_t *in,
- size_t in_len, int padding) {
+int RSA_verify_raw(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out,
+ const uint8_t *in, size_t in_len, int padding) {
boringssl_ensure_rsa_self_test();
return rsa_verify_raw_no_self_test(rsa, out_len, out, max_out, in, in_len,
padding);
@@ -599,7 +599,7 @@
BN_CTX *ctx = NULL;
size_t blinding_index = 0;
BN_BLINDING *blinding = NULL;
- int ret = 0;
+ int ret = 0, do_blinding;
ctx = BN_CTX_new();
if (ctx == NULL) {
@@ -632,7 +632,7 @@
goto err;
}
- const int do_blinding =
+ do_blinding =
(rsa->flags & (RSA_FLAG_NO_BLINDING | RSA_FLAG_NO_PUBLIC_EXPONENT)) == 0;
if (rsa->e == NULL && do_blinding) {
@@ -695,8 +695,7 @@
}
}
- if (do_blinding &&
- !BN_BLINDING_invert(result, blinding, rsa->mont_n, ctx)) {
+ if (do_blinding && !BN_BLINDING_invert(result, blinding, rsa->mont_n, ctx)) {
goto err;
}
@@ -739,7 +738,7 @@
return 0;
}
- if (// Reduce mod p with Montgomery reduction. This computes I * R^-1 mod p.
+ if ( // Reduce mod p with Montgomery reduction. This computes I * R^-1 mod p.
!BN_from_montgomery(r, I, mont_p, ctx) ||
// Multiply by R^2 and do another Montgomery reduction to compute
// I * R^-1 * R^2 * R^-1 = I mod p.
@@ -775,8 +774,8 @@
BN_CTX_start(ctx);
r1 = BN_CTX_get(ctx);
m1 = BN_CTX_get(ctx);
- if (r1 == NULL ||
- m1 == NULL) {
+ BIGNUM *n, *p, *q;
+ if (r1 == NULL || m1 == NULL) {
goto err;
}
@@ -787,15 +786,15 @@
// Use the minimal-width versions of |n|, |p|, and |q|. Either works, but if
// someone gives us non-minimal values, these will be slightly more efficient
// on the non-Montgomery operations.
- const BIGNUM *n = &rsa->mont_n->N;
- const BIGNUM *p = &rsa->mont_p->N;
- const BIGNUM *q = &rsa->mont_q->N;
+ n = &rsa->mont_n->N;
+ p = &rsa->mont_p->N;
+ q = &rsa->mont_q->N;
// This is a pre-condition for |mod_montgomery|. It was already checked by the
// caller.
declassify_assert(BN_ucmp(I, n) < 0);
- if (// |m1| is the result modulo |q|.
+ if ( // |m1| is the result modulo |q|.
!mod_montgomery(r1, I, q, rsa->mont_q, p, ctx) ||
!BN_mod_exp_mont_consttime(m1, r1, rsa->dmq1_fixed, q, ctx,
rsa->mont_q) ||
@@ -881,10 +880,12 @@
// then []
// else let (high, low) = divrem 64 x in low : bnWords high
//
-// showWord x = let (high, low) = divrem 32 x in printf "TOBN(0x%08x, 0x%08x)" high low
+// showWord x = let (high, low) = divrem 32 x in printf "TOBN(0x%08x, 0x%08x)"
+// high low
//
// output :: String
-// output = intercalate ", " $ map showWord $ bnWords $ converge (2 ^ (pow2 `div` 2))
+// output = intercalate ", " $ map showWord $ bnWords $ converge (2 ^ (pow2
+// `div` 2))
//
// To verify this number, check that n² < 2⁴⁰⁹⁵ < (n+1)², where n is value
// represented here. Note the components are listed in little-endian order. Here
@@ -962,7 +963,7 @@
// 22.21518251065506
// >>> f(2048, 3, 8*2048)
// 22.211701985875937
- if (bits >= INT_MAX/32) {
+ if (bits >= INT_MAX / 32) {
OPENSSL_PUT_ERROR(RSA, RSA_R_MODULUS_TOO_LARGE);
return 0;
}
@@ -1086,16 +1087,18 @@
int ret = 0;
int prime_bits = bits / 2;
BN_CTX *ctx = BN_CTX_new();
+ BIGNUM *totient, *pm1, *qm1, *sqrt2, *pow2_prime_bits_100, *pow2_prime_bits;
+ int sqrt2_bits;
if (ctx == NULL) {
goto bn_err;
}
BN_CTX_start(ctx);
- BIGNUM *totient = BN_CTX_get(ctx);
- BIGNUM *pm1 = BN_CTX_get(ctx);
- BIGNUM *qm1 = BN_CTX_get(ctx);
- BIGNUM *sqrt2 = BN_CTX_get(ctx);
- BIGNUM *pow2_prime_bits_100 = BN_CTX_get(ctx);
- BIGNUM *pow2_prime_bits = BN_CTX_get(ctx);
+ totient = BN_CTX_get(ctx);
+ pm1 = BN_CTX_get(ctx);
+ qm1 = BN_CTX_get(ctx);
+ sqrt2 = BN_CTX_get(ctx);
+ pow2_prime_bits_100 = BN_CTX_get(ctx);
+ pow2_prime_bits = BN_CTX_get(ctx);
if (totient == NULL || pm1 == NULL || qm1 == NULL || sqrt2 == NULL ||
pow2_prime_bits_100 == NULL || pow2_prime_bits == NULL ||
!BN_set_bit(pow2_prime_bits_100, prime_bits - 100) ||
@@ -1104,12 +1107,9 @@
}
// We need the RSA components non-NULL.
- if (!ensure_bignum(&rsa->n) ||
- !ensure_bignum(&rsa->d) ||
- !ensure_bignum(&rsa->e) ||
- !ensure_bignum(&rsa->p) ||
- !ensure_bignum(&rsa->q) ||
- !ensure_bignum(&rsa->dmp1) ||
+ if (!ensure_bignum(&rsa->n) || !ensure_bignum(&rsa->d) ||
+ !ensure_bignum(&rsa->e) || !ensure_bignum(&rsa->p) ||
+ !ensure_bignum(&rsa->q) || !ensure_bignum(&rsa->dmp1) ||
!ensure_bignum(&rsa->dmq1)) {
goto bn_err;
}
@@ -1122,7 +1122,7 @@
if (!bn_set_words(sqrt2, kBoringSSLRSASqrtTwo, kBoringSSLRSASqrtTwoLen)) {
goto bn_err;
}
- int sqrt2_bits = kBoringSSLRSASqrtTwoLen * BN_BITS2;
+ sqrt2_bits = kBoringSSLRSASqrtTwoLen * BN_BITS2;
assert(sqrt2_bits == (int)BN_num_bits(sqrt2));
if (sqrt2_bits > prime_bits) {
// For key sizes up to 4096 (prime_bits = 2048), this is exactly
@@ -1183,7 +1183,7 @@
assert(BN_num_bits(pm1) == (unsigned)prime_bits);
assert(BN_num_bits(qm1) == (unsigned)prime_bits);
- if (// Calculate n.
+ if ( // Calculate n.
!bn_mul_consttime(rsa->n, rsa->p, rsa->q, ctx) ||
// Calculate d mod (p-1).
!bn_div_consttime(NULL, rsa->dmp1, rsa->d, pm1, prime_bits, ctx) ||
@@ -1329,8 +1329,7 @@
}
BIGNUM *e = BN_new();
- int ret = e != NULL &&
- BN_set_word(e, RSA_F4) &&
+ int ret = e != NULL && BN_set_word(e, RSA_F4) &&
RSA_generate_key_ex_maybe_fips(rsa, bits, e, cb, /*check_fips=*/1);
BN_free(e);
diff --git a/crypto/fipsmodule/self_check/fips.c.inc b/crypto/fipsmodule/self_check/fips.cc.inc
similarity index 94%
rename from crypto/fipsmodule/self_check/fips.c.inc
rename to crypto/fipsmodule/self_check/fips.cc.inc
index 920a6cb..8dca715 100644
--- a/crypto/fipsmodule/self_check/fips.c.inc
+++ b/crypto/fipsmodule/self_check/fips.cc.inc
@@ -85,8 +85,8 @@
abort();
}
- const size_t *array =
- CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_FIPS_COUNTERS);
+ const size_t *array = reinterpret_cast<const size_t *>(
+ CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_FIPS_COUNTERS));
if (!array) {
return 0;
}
@@ -100,11 +100,11 @@
abort();
}
- size_t *array =
- CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_FIPS_COUNTERS);
+ size_t *array = reinterpret_cast<size_t *>(
+ CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_FIPS_COUNTERS));
if (!array) {
const size_t num_bytes = sizeof(size_t) * (fips_counter_max + 1);
- array = OPENSSL_zalloc(num_bytes);
+ array = reinterpret_cast<size_t *>(OPENSSL_zalloc(num_bytes));
if (!array) {
return;
}
diff --git a/crypto/fipsmodule/self_check/self_check.c.inc b/crypto/fipsmodule/self_check/self_check.cc.inc
similarity index 97%
rename from crypto/fipsmodule/self_check/self_check.c.inc
rename to crypto/fipsmodule/self_check/self_check.cc.inc
index 9c90e0a..71d5ca8 100644
--- a/crypto/fipsmodule/self_check/self_check.c.inc
+++ b/crypto/fipsmodule/self_check/self_check.cc.inc
@@ -24,8 +24,8 @@
#include <openssl/dh.h>
#include <openssl/digest.h>
#include <openssl/ec.h>
-#include <openssl/ecdsa.h>
#include <openssl/ec_key.h>
+#include <openssl/ecdsa.h>
#include <openssl/hkdf.h>
#include <openssl/hmac.h>
#include <openssl/nid.h>
@@ -48,15 +48,14 @@
// compile the real logic.
#if defined(_MSC_VER)
-int BORINGSSL_self_test(void) {
- return 0;
-}
+int BORINGSSL_self_test(void) { return 0; }
#else
-static void hexdump(FILE *out, const uint8_t *in, size_t len) {
+static void hexdump(FILE *out, const void *in, size_t len) {
+ const uint8_t *in8 = reinterpret_cast<const uint8_t *>(in);
for (size_t i = 0; i < len; i++) {
- fprintf(out, "%02x", in[i]);
+ fprintf(out, "%02x", in8[i]);
}
}
@@ -197,7 +196,7 @@
};
RSA *rsa = RSA_new();
- if (rsa == NULL ||
+ if (rsa == NULL || //
!set_bignum(&rsa->n, kN, sizeof(kN)) ||
!set_bignum(&rsa->e, kE, sizeof(kE)) ||
!set_bignum(&rsa->d, kD, sizeof(kD)) ||
@@ -396,6 +395,11 @@
EC_POINT *ec_point_in = NULL;
EC_POINT *ec_point_out = NULL;
BIGNUM *ec_scalar = NULL;
+ const EC_GROUP *ec_group = NULL;
+
+ // The 'k' value for ECDSA is fixed to avoid an entropy draw.
+ uint8_t ecdsa_k[32] = {0};
+ ecdsa_k[31] = 42;
ec_key = self_test_ecdsa_key();
if (ec_key == NULL) {
@@ -419,10 +423,6 @@
0x70, 0xb5, 0xbb, 0x0d, 0xfd, 0x8e, 0x0c, 0x02, 0x3f,
};
- // The 'k' value for ECDSA is fixed to avoid an entropy draw.
- uint8_t ecdsa_k[32] = {0};
- ecdsa_k[31] = 42;
-
uint8_t ecdsa_sign_output[64];
size_t ecdsa_sign_output_len;
if (!ecdsa_sign_fixed_with_nonce_for_known_answer_test(
@@ -483,7 +483,7 @@
0x7c, 0x41, 0x8f, 0xaf, 0x9c, 0x40, 0xaf, 0x2e, 0x4a, 0x0c,
};
- const EC_GROUP *ec_group = EC_group_p256();
+ ec_group = EC_group_p256();
ec_point_in = EC_POINT_new(ec_group);
ec_point_out = EC_POINT_new(ec_group);
ec_scalar = BN_new();
@@ -701,7 +701,10 @@
}
static int boringssl_self_test_fast(void) {
- static const uint8_t kAESKey[16] = "BoringCrypto Key";
+ static const uint8_t kAESKey[16] = {
+ 'B', 'o', 'r', 'i', 'n', 'g', 'C', 'r',
+ 'y', 'p', 't', 'o', ' ', 'K', 'e', 'y',
+ };
static const uint8_t kAESIV[16] = {0};
EVP_AEAD_CTX aead_ctx;
@@ -823,13 +826,11 @@
0x09, 0x11, 0x6d, 0x1a, 0xfd, 0x0f, 0x1e, 0x11, 0xe3, 0xcb,
};
SHA1(kSHA1Input, sizeof(kSHA1Input), output);
- if (!check_test(kSHA1Digest, output, sizeof(kSHA1Digest),
- "SHA-1 KAT")) {
+ if (!check_test(kSHA1Digest, output, sizeof(kSHA1Digest), "SHA-1 KAT")) {
goto err;
}
- if (!boringssl_self_test_sha256() ||
- !boringssl_self_test_sha512() ||
+ if (!boringssl_self_test_sha256() || !boringssl_self_test_sha512() ||
!boringssl_self_test_hmac_sha256()) {
goto err;
}
@@ -841,8 +842,11 @@
0x3f, 0x17, 0x4c, 0xf4, 0x78, 0x7a, 0x4f, 0x1a, 0x40, 0xc2, 0xb5, 0x0b,
0xab, 0xe1, 0x4a, 0xae, 0x53, 0x0b, 0xe5, 0x88, 0x6d, 0x91, 0x0a, 0x27,
};
- static const uint8_t kDRBGPersonalization[18] = "BCMPersonalization";
- static const uint8_t kDRBGAD[16] = "BCM DRBG KAT AD ";
+ static const uint8_t kDRBGPersonalization[18] = {
+ 'B', 'C', 'M', 'P', 'e', 'r', 's', 'o', 'n',
+ 'a', 'l', 'i', 'z', 'a', 't', 'i', 'o', 'n'};
+ static const uint8_t kDRBGAD[16] = {'B', 'C', 'M', ' ', 'D', 'R', 'B', 'G',
+ ' ', 'K', 'A', 'T', ' ', 'A', 'D', ' '};
static const uint8_t kDRBGOutput[64] = {
0x19, 0x1f, 0x2b, 0x49, 0x76, 0x85, 0xfd, 0x51, 0xb6, 0x56, 0xbc,
0x1c, 0x7d, 0xd5, 0xdd, 0x44, 0x76, 0xa3, 0x5e, 0x17, 0x9b, 0x8e,
@@ -1022,8 +1026,8 @@
int BORINGSSL_self_test(void) {
if (!boringssl_self_test_fast() ||
// When requested to run self tests, also run the lazy tests.
- !boringssl_self_test_rsa() ||
- !boringssl_self_test_ecc() ||
+ !boringssl_self_test_rsa() || //
+ !boringssl_self_test_ecc() || //
!boringssl_self_test_ffdh()) {
return 0;
}
@@ -1032,9 +1036,7 @@
}
#if defined(BORINGSSL_FIPS)
-int boringssl_self_test_startup(void) {
- return boringssl_self_test_fast();
-}
+int boringssl_self_test_startup(void) { return boringssl_self_test_fast(); }
#endif
#endif // !_MSC_VER
diff --git a/crypto/fipsmodule/service_indicator/service_indicator.c.inc b/crypto/fipsmodule/service_indicator/service_indicator.cc.inc
similarity index 96%
rename from crypto/fipsmodule/service_indicator/service_indicator.c.inc
rename to crypto/fipsmodule/service_indicator/service_indicator.cc.inc
index 80ab82e..a6cecf3 100644
--- a/crypto/fipsmodule/service_indicator/service_indicator.c.inc
+++ b/crypto/fipsmodule/service_indicator/service_indicator.cc.inc
@@ -45,11 +45,13 @@
// for approved services irrespective of whether the user queries it or not.
// Hence, it is lazily initialized in any call to an approved service.
static struct fips_service_indicator_state *service_indicator_get(void) {
- struct fips_service_indicator_state *indicator = CRYPTO_get_thread_local(
- OPENSSL_THREAD_LOCAL_FIPS_SERVICE_INDICATOR_STATE);
+ struct fips_service_indicator_state *indicator =
+ reinterpret_cast<fips_service_indicator_state *>(CRYPTO_get_thread_local(
+ OPENSSL_THREAD_LOCAL_FIPS_SERVICE_INDICATOR_STATE));
if (indicator == NULL) {
- indicator = OPENSSL_malloc(sizeof(struct fips_service_indicator_state));
+ indicator = reinterpret_cast<fips_service_indicator_state *>(
+ OPENSSL_malloc(sizeof(struct fips_service_indicator_state)));
if (indicator == NULL) {
return NULL;
}
@@ -186,7 +188,7 @@
int (*md_ok)(int md_type)) {
if (EVP_MD_CTX_md(ctx) == NULL) {
// Signature schemes without a prehash are currently never FIPS approved.
- goto err;
+ return;
}
EVP_PKEY_CTX *const pctx = ctx->pctx;
@@ -242,7 +244,7 @@
}
}
- err:
+err:
// Ensure that junk errors aren't left on the queue.
ERR_clear_error();
}
diff --git a/crypto/fipsmodule/sha/sha1.c.inc b/crypto/fipsmodule/sha/sha1.cc.inc
similarity index 96%
rename from crypto/fipsmodule/sha/sha1.c.inc
rename to crypto/fipsmodule/sha/sha1.cc.inc
index 53117a5..8cabfaf 100644
--- a/crypto/fipsmodule/sha/sha1.c.inc
+++ b/crypto/fipsmodule/sha/sha1.cc.inc
@@ -58,8 +58,8 @@
#include <openssl/mem.h>
-#include "../bcm_interface.h"
#include "../../internal.h"
+#include "../bcm_interface.h"
#include "../digest/md32_common.h"
#include "../service_indicator/internal.h"
#include "internal.h"
@@ -87,7 +87,8 @@
bcm_infallible BCM_sha1_update(SHA_CTX *c, const void *data, size_t len) {
crypto_md32_update(&sha1_block_data_order, c->h, c->data, SHA_CBLOCK, &c->num,
- &c->Nh, &c->Nl, data, len);
+ &c->Nh, &c->Nl, reinterpret_cast<const uint8_t *>(data),
+ len);
return bcm_infallible_approved;
}
@@ -110,7 +111,7 @@
}
bcm_infallible BCM_fips_186_2_prf(uint8_t *out, size_t out_len,
- const uint8_t xkey[SHA_DIGEST_LENGTH]) {
+ const uint8_t xkey[SHA_DIGEST_LENGTH]) {
// XKEY and XVAL are 160-bit values, but are internally right-padded up to
// block size. See FIPS 186-2, Appendix 3.3. This buffer maintains both the
// current value of XKEY and the padding.
@@ -215,22 +216,22 @@
#endif
/* Originally X was an array. As it's automatic it's natural
-* to expect RISC compiler to accomodate at least part of it in
-* the register bank, isn't it? Unfortunately not all compilers
-* "find" this expectation reasonable:-( On order to make such
-* compilers generate better code I replace X[] with a bunch of
-* X0, X1, etc. See the function body below...
-* <appro@fy.chalmers.se> */
-#define X(i) XX##i
+ * to expect RISC compiler to accomodate at least part of it in
+ * the register bank, isn't it? Unfortunately not all compilers
+ * "find" this expectation reasonable:-( On order to make such
+ * compilers generate better code I replace X[] with a bunch of
+ * X0, X1, etc. See the function body below...
+ * <appro@fy.chalmers.se> */
+#define X(i) XX##i
#if !defined(SHA1_ASM)
#if !defined(SHA1_ASM_NOHW)
static void sha1_block_data_order_nohw(uint32_t state[5], const uint8_t *data,
size_t num) {
- register uint32_t A, B, C, D, E, T;
- uint32_t XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10,
- XX11, XX12, XX13, XX14, XX15;
+ uint32_t A, B, C, D, E, T;
+ uint32_t XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10, XX11, XX12,
+ XX13, XX14, XX15;
A = state[0];
B = state[1];
diff --git a/crypto/fipsmodule/sha/sha256.c.inc b/crypto/fipsmodule/sha/sha256.cc.inc
similarity index 98%
rename from crypto/fipsmodule/sha/sha256.c.inc
rename to crypto/fipsmodule/sha/sha256.cc.inc
index 91188ab..1daee88 100644
--- a/crypto/fipsmodule/sha/sha256.c.inc
+++ b/crypto/fipsmodule/sha/sha256.cc.inc
@@ -106,7 +106,8 @@
bcm_infallible BCM_sha256_update(SHA256_CTX *c, const void *data, size_t len) {
crypto_md32_update(&sha256_block_data_order, c->h, c->data, BCM_SHA256_CBLOCK,
- &c->num, &c->Nh, &c->Nl, data, len);
+ &c->num, &c->Nh, &c->Nl,
+ reinterpret_cast<const uint8_t *>(data), len);
return bcm_infallible_approved;
}
diff --git a/crypto/fipsmodule/sha/sha512.c.inc b/crypto/fipsmodule/sha/sha512.cc.inc
similarity index 99%
rename from crypto/fipsmodule/sha/sha512.c.inc
rename to crypto/fipsmodule/sha/sha512.cc.inc
index 65a5265..c3d86a3 100644
--- a/crypto/fipsmodule/sha/sha512.c.inc
+++ b/crypto/fipsmodule/sha/sha512.cc.inc
@@ -168,7 +168,7 @@
size_t len) {
uint64_t l;
uint8_t *p = c->p;
- const uint8_t *data = in_data;
+ const uint8_t *data = reinterpret_cast<const uint8_t *>(in_data);
if (len == 0) {
return bcm_infallible_approved;
@@ -189,7 +189,7 @@
if (len < n) {
OPENSSL_memcpy(p + c->num, data, len);
c->num += (unsigned int)len;
- return 1;
+ return bcm_infallible_approved;
} else {
OPENSSL_memcpy(p + c->num, data, n), c->num = 0;
len -= n;
diff --git a/crypto/fipsmodule/tls/kdf.c.inc b/crypto/fipsmodule/tls/kdf.cc.inc
similarity index 100%
rename from crypto/fipsmodule/tls/kdf.c.inc
rename to crypto/fipsmodule/tls/kdf.cc.inc
diff --git a/crypto/hpke/hpke.c b/crypto/hpke/hpke.cc
similarity index 98%
rename from crypto/hpke/hpke.c
rename to crypto/hpke/hpke.cc
index 4aa74d4..35b9c08 100644
--- a/crypto/hpke/hpke.c
+++ b/crypto/hpke/hpke.cc
@@ -137,7 +137,8 @@
const uint8_t *kem_context,
size_t kem_context_len) {
// concat("KEM", I2OSP(kem_id, 2))
- uint8_t suite_id[5] = {'K', 'E', 'M', kem_id >> 8, kem_id & 0xff};
+ uint8_t suite_id[5] = {'K', 'E', 'M', static_cast<uint8_t>(kem_id >> 8),
+ static_cast<uint8_t>(kem_id & 0xff)};
uint8_t prk[EVP_MAX_MD_SIZE];
size_t prk_len;
return hpke_labeled_extract(hkdf_md, prk, &prk_len, NULL, 0, suite_id,
@@ -622,7 +623,8 @@
}
EVP_HPKE_KEY *EVP_HPKE_KEY_new(void) {
- EVP_HPKE_KEY *key = OPENSSL_malloc(sizeof(EVP_HPKE_KEY));
+ EVP_HPKE_KEY *key =
+ reinterpret_cast<EVP_HPKE_KEY *>(OPENSSL_malloc(sizeof(EVP_HPKE_KEY)));
if (key == NULL) {
return NULL;
}
@@ -847,7 +849,8 @@
}
EVP_HPKE_CTX *EVP_HPKE_CTX_new(void) {
- EVP_HPKE_CTX *ctx = OPENSSL_malloc(sizeof(EVP_HPKE_CTX));
+ EVP_HPKE_CTX *ctx =
+ reinterpret_cast<EVP_HPKE_CTX *>(OPENSSL_malloc(sizeof(EVP_HPKE_CTX)));
if (ctx == NULL) {
return NULL;
}
diff --git a/crypto/hrss/hrss.c b/crypto/hrss/hrss.cc
similarity index 94%
rename from crypto/hrss/hrss.c
rename to crypto/hrss/hrss.cc
index 572e981..55a21f0 100644
--- a/crypto/hrss/hrss.c
+++ b/crypto/hrss/hrss.cc
@@ -17,6 +17,7 @@
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
+#include <type_traits>
#include <openssl/bn.h>
#include <openssl/hmac.h>
@@ -24,12 +25,6 @@
#include <openssl/rand.h>
#include <openssl/sha.h>
-#if defined(_MSC_VER)
-#define RESTRICT
-#else
-#define RESTRICT restrict
-#endif
-
#include "../internal.h"
#include "internal.h"
@@ -226,9 +221,7 @@
return vextq_u16(left, right, 5);
}
-static inline uint16_t vec_get_word(vec_t v, unsigned i) {
- return v[i];
-}
+static inline uint16_t vec_get_word(vec_t v, unsigned i) { return v[i]; }
#if !defined(OPENSSL_AARCH64)
@@ -298,14 +291,6 @@
// crypto_word_t v[WORDS_PER_POLY];
// };
-OPENSSL_UNUSED static void hexdump(const void *void_in, size_t len) {
- const uint8_t *in = (const uint8_t *)void_in;
- for (size_t i = 0; i < len; i++) {
- printf("%02x", in[i]);
- }
- printf("\n");
-}
-
static void poly2_zero(struct poly2 *p) {
OPENSSL_memset(&p->v[0], 0, sizeof(crypto_word_t) * WORDS_PER_POLY);
}
@@ -314,20 +299,13 @@
static crypto_word_t word_reverse(crypto_word_t in) {
#if defined(OPENSSL_64_BIT)
static const crypto_word_t kMasks[6] = {
- UINT64_C(0x5555555555555555),
- UINT64_C(0x3333333333333333),
- UINT64_C(0x0f0f0f0f0f0f0f0f),
- UINT64_C(0x00ff00ff00ff00ff),
- UINT64_C(0x0000ffff0000ffff),
- UINT64_C(0x00000000ffffffff),
+ UINT64_C(0x5555555555555555), UINT64_C(0x3333333333333333),
+ UINT64_C(0x0f0f0f0f0f0f0f0f), UINT64_C(0x00ff00ff00ff00ff),
+ UINT64_C(0x0000ffff0000ffff), UINT64_C(0x00000000ffffffff),
};
#else
static const crypto_word_t kMasks[5] = {
- 0x55555555,
- 0x33333333,
- 0x0f0f0f0f,
- 0x00ff00ff,
- 0x0000ffff,
+ 0x55555555, 0x33333333, 0x0f0f0f0f, 0x00ff00ff, 0x0000ffff,
};
#endif
@@ -362,12 +340,12 @@
t.v[i] = word_reverse(in->v[i]);
}
- static const size_t shift = BITS_PER_WORD - ((N-1) % BITS_PER_WORD);
- for (size_t i = 0; i < WORDS_PER_POLY-1; i++) {
- out->v[i] = t.v[WORDS_PER_POLY-1-i] >> shift;
- out->v[i] |= t.v[WORDS_PER_POLY-2-i] << (BITS_PER_WORD - shift);
+ static const size_t shift = BITS_PER_WORD - ((N - 1) % BITS_PER_WORD);
+ for (size_t i = 0; i < WORDS_PER_POLY - 1; i++) {
+ out->v[i] = t.v[WORDS_PER_POLY - 1 - i] >> shift;
+ out->v[i] |= t.v[WORDS_PER_POLY - 2 - i] << (BITS_PER_WORD - shift);
}
- out->v[WORDS_PER_POLY-1] = t.v[0] >> shift;
+ out->v[WORDS_PER_POLY - 1] = t.v[0] >> shift;
}
// poly2_cswap exchanges the values of |a| and |b| if |swap| is all ones.
@@ -416,13 +394,6 @@
p->v[WORDS_PER_POLY - 1] &= (UINT64_C(1) << BITS_IN_LAST_WORD) - 1;
}
-// poly2_top_bits_are_clear returns one iff the extra bits in the final words of
-// |p| are zero.
-static int poly2_top_bits_are_clear(const struct poly2 *p) {
- return (p->v[WORDS_PER_POLY - 1] &
- ~((UINT64_C(1) << BITS_IN_LAST_WORD) - 1)) == 0;
-}
-
// Ternary polynomials.
// poly3 represents a degree-N polynomial over GF(3). Each coefficient is
@@ -460,29 +431,6 @@
// struct poly2 s, a;
// };
-OPENSSL_UNUSED static void poly3_print(const struct poly3 *in) {
- struct poly3 p;
- OPENSSL_memcpy(&p, in, sizeof(p));
- p.s.v[WORDS_PER_POLY - 1] &= ((crypto_word_t)1 << BITS_IN_LAST_WORD) - 1;
- p.a.v[WORDS_PER_POLY - 1] &= ((crypto_word_t)1 << BITS_IN_LAST_WORD) - 1;
-
- printf("{[");
- for (unsigned i = 0; i < WORDS_PER_POLY; i++) {
- if (i) {
- printf(" ");
- }
- printf(BN_HEX_FMT2, p.s.v[i]);
- }
- printf("] [");
- for (unsigned i = 0; i < WORDS_PER_POLY; i++) {
- if (i) {
- printf(" ");
- }
- printf(BN_HEX_FMT2, p.a.v[i]);
- }
- printf("]}\n");
-}
-
static void poly3_zero(struct poly3 *p) {
poly2_zero(&p->s);
poly2_zero(&p->a);
@@ -533,9 +481,8 @@
}
// poly3_fmadd sets |out| to |out| - |in|×m, where m is (ms, ma).
-static void poly3_fmsub(struct poly3 *RESTRICT out,
- const struct poly3 *RESTRICT in, crypto_word_t ms,
- crypto_word_t ma) {
+static void poly3_fmsub(struct poly3 *out, const struct poly3 *in,
+ crypto_word_t ms, crypto_word_t ma) {
crypto_word_t product_s, product_a;
for (size_t i = 0; i < WORDS_PER_POLY; i++) {
poly3_word_mul(&product_s, &product_a, in->s.v[i], in->a.v[i], ms, ma);
@@ -550,12 +497,6 @@
return lsb_to_all(v >> (BITS_IN_LAST_WORD - 1));
}
-// poly3_top_bits_are_clear returns one iff the extra bits in the final words of
-// |p| are zero.
-OPENSSL_UNUSED static int poly3_top_bits_are_clear(const struct poly3 *p) {
- return poly2_top_bits_are_clear(&p->s) && poly2_top_bits_are_clear(&p->a);
-}
-
// poly3_mod_phiN reduces |p| by Φ(N).
static void poly3_mod_phiN(struct poly3 *p) {
// In order to reduce by Φ(N) we subtract by the value of the greatest
@@ -802,15 +743,16 @@
int delta = 1;
- for (size_t i = 0; i < (2*(N-1)) - 1; i++) {
+ for (size_t i = 0; i < (2 * (N - 1)) - 1; i++) {
poly3_vec_lshift1(v_s, v_a);
const crypto_word_t delta_sign_bit = (delta >> (sizeof(delta) * 8 - 1)) & 1;
const crypto_word_t delta_is_non_negative = delta_sign_bit - 1;
const crypto_word_t delta_is_non_zero = ~constant_time_is_zero_w(delta);
const vec_t g_has_constant_term = vec_broadcast_bit(g_a[0]);
- const vec_t mask_w =
- {delta_is_non_negative & delta_is_non_zero};
+ const vec_t mask_w = {
+ static_cast<std::remove_reference<decltype(mask_w[0])>::type>(
+ delta_is_non_negative & delta_is_non_zero)};
const vec_t mask = vec_broadcast_bit(mask_w) & g_has_constant_term;
const vec_t c_a = vec_broadcast_bit(f_a[0] & g_a[0]);
@@ -863,7 +805,7 @@
poly3_reverse_700(&g, in);
int delta = 1;
- for (size_t i = 0; i < (2*(N-1)) - 1; i++) {
+ for (size_t i = 0; i < (2 * (N - 1)) - 1; i++) {
poly3_lshift1(&v);
const crypto_word_t delta_sign_bit = (delta >> (sizeof(delta) * 8 - 1)) & 1;
@@ -940,17 +882,6 @@
assert(x->v[N + 2] == 0);
}
-OPENSSL_UNUSED static void poly_print(const struct poly *p) {
- printf("[");
- for (unsigned i = 0; i < N; i++) {
- if (i) {
- printf(" ");
- }
- printf("%d", p->v[i]);
- }
- printf("]\n");
-}
-
// POLY_MUL_SCRATCH contains space for the working variables needed by
// |poly_mul|. The contents afterwards may be discarded, but the object may also
// be reused with future |poly_mul| calls to save heap allocations.
@@ -986,9 +917,8 @@
// of |scratch| and the function recurses, except if |n| < 3, when |scratch|
// isn't used and the recursion stops. If |n| == |VECS_PER_POLY| then |scratch|
// needs 172 elements.
-static void poly_mul_vec_aux(vec_t *restrict out, vec_t *restrict scratch,
- const vec_t *restrict a, const vec_t *restrict b,
- const size_t n) {
+static void poly_mul_vec_aux(vec_t *out, vec_t *scratch, const vec_t *a,
+ const vec_t *b, const size_t n) {
// In [HRSS], the technique they used for polynomial multiplication is
// described: they start with Toom-4 at the top level and then two layers of
// Karatsuba. Karatsuba is a specific instance of the general Toom–Cook
@@ -1245,8 +1175,8 @@
for (size_t i = 0; i < VECS_PER_POLY; i++) {
const vec_t prev = prod[VECS_PER_POLY - 1 + i];
- const vec_t this = prod[VECS_PER_POLY + i];
- out_vecs[i] = vec_add(prod[i], vec_merge_3_5(prev, this));
+ const vec_t this_vec = prod[VECS_PER_POLY + i];
+ out_vecs[i] = vec_add(prod[i], vec_merge_3_5(prev, this_vec));
}
OPENSSL_memset(&out->v[N], 0, 3 * sizeof(uint16_t));
@@ -1266,7 +1196,7 @@
OPENSSL_memset(out, 0, sizeof(uint16_t) * n * 2);
for (size_t i = 0; i < n; i++) {
for (size_t j = 0; j < n; j++) {
- out[i + j] += (unsigned) a[i] * b[j];
+ out[i + j] += (unsigned)a[i] * b[j];
}
}
@@ -1334,7 +1264,7 @@
#endif
#if defined(HRSS_HAVE_VECTOR_UNIT)
- if (vec_capable()) {
+ if (vec_capable()) {
poly_mul_vec(scratch, r, a, b);
} else
#endif
@@ -1563,7 +1493,7 @@
poly2_reverse_700(&g, &g);
int delta = 1;
- for (size_t i = 0; i < (2*(N-1)) - 1; i++) {
+ for (size_t i = 0; i < (2 * (N - 1)) - 1; i++) {
poly2_lshift1(&v);
const crypto_word_t delta_sign_bit = (delta >> (sizeof(delta) * 8 - 1)) & 1;
@@ -1728,7 +1658,7 @@
const uint16_t *coeffs = in->v;
// Only 700 coefficients are marshaled because in[700] must be zero.
- assert(coeffs[N-1] == 0);
+ assert(coeffs[N - 1] == 0);
for (size_t i = 0; i < HRSS_POLY3_BYTES; i++) {
const uint16_t coeffs0 = mod3_from_modQ(coeffs[0]);
@@ -1772,15 +1702,15 @@
// because |sum| is bound by +/- (N-2), and N < 2^15 so it works out.
uint16_t sum = 0;
for (unsigned i = 0; i < N - 2; i++) {
- sum += (unsigned) out->v[i] * out->v[i + 1];
+ sum += (unsigned)out->v[i] * out->v[i + 1];
}
// If the sum is negative, flip the sign of even-positioned coefficients. (See
// page 8 of [HRSS].)
- sum = ((int16_t) sum) >> 15;
+ sum = ((int16_t)sum) >> 15;
const uint16_t scale = sum | (~sum & 1);
for (unsigned i = 0; i < N; i += 2) {
- out->v[i] = (unsigned) out->v[i] * scale;
+ out->v[i] = (unsigned)out->v[i] * scale;
}
poly_assert_normalized(out);
}
@@ -1877,7 +1807,7 @@
// Note that s0 + s1 + s2 = 0.
out->v[0] += s0;
- out->v[1] -= (s0 + s2); // = s1
+ out->v[1] -= (s0 + s2); // = s1
out->v[2] += s2;
// Calculate the remaining inner products by taking advantage of the
@@ -1924,7 +1854,7 @@
sizeof(struct HRSS_public_key) >= sizeof(struct public_key) + 15,
"HRSS public key too small");
- return align_pointer(ext->opaque, 16);
+ return reinterpret_cast<public_key *>(align_pointer(ext->opaque, 16));
}
// private_key_from_external does the same thing as |public_key_from_external|,
@@ -1936,7 +1866,7 @@
sizeof(struct HRSS_private_key) >= sizeof(struct private_key) + 15,
"HRSS private key too small");
- return align_pointer(ext->opaque, 16);
+ return reinterpret_cast<private_key *>(align_pointer(ext->opaque, 16));
}
// malloc_align32 returns a pointer to |size| bytes of 32-byte-aligned heap and
@@ -1968,13 +1898,14 @@
};
void *malloc_ptr;
- struct vars *const vars = malloc_align32(&malloc_ptr, sizeof(struct vars));
+ struct vars *const vars = reinterpret_cast<struct vars *>(
+ malloc_align32(&malloc_ptr, sizeof(struct vars)));
if (!vars) {
// If the caller ignores the return value the output will still be safe.
// The private key output is randomised in case it's later passed to
// |HRSS_encap|.
memset(out_pub, 0, sizeof(struct HRSS_public_key));
- RAND_bytes((uint8_t*) out_priv, sizeof(struct HRSS_private_key));
+ RAND_bytes((uint8_t *)out_priv, sizeof(struct HRSS_private_key));
return 0;
}
@@ -2031,7 +1962,8 @@
};
void *malloc_ptr;
- struct vars *const vars = malloc_align32(&malloc_ptr, sizeof(struct vars));
+ struct vars *const vars = reinterpret_cast<struct vars *>(
+ malloc_align32(&malloc_ptr, sizeof(struct vars)));
if (!vars) {
// If the caller ignores the return value the output will still be safe.
// The private key output is randomised in case it's used to encrypt and
@@ -2071,11 +2003,17 @@
}
int HRSS_decap(uint8_t out_shared_key[HRSS_KEY_BYTES],
- const struct HRSS_private_key *in_priv,
- const uint8_t *ciphertext, size_t ciphertext_len) {
+ const struct HRSS_private_key *in_priv,
+ const uint8_t *ciphertext, size_t ciphertext_len) {
const struct private_key *priv =
private_key_from_external((struct HRSS_private_key *)in_priv);
+#if defined(_MSC_VER)
+ // MSVC will produce this useless warning:
+ // warning C4324: structure was padded due to alignment specifier
+#pragma warning(push)
+#pragma warning(disable : 4324)
+#endif
struct vars {
struct POLY_MUL_SCRATCH scratch;
uint8_t masked_key[SHA256_CBLOCK];
@@ -2091,9 +2029,13 @@
uint8_t r_bytes[HRSS_POLY3_BYTES];
uint8_t shared_key[32];
};
+#if defined(_MSC_VER)
+#pragma warning(pop)
+#endif
void *malloc_ptr;
- struct vars *const vars = malloc_align32(&malloc_ptr, sizeof(struct vars));
+ struct vars *const vars = reinterpret_cast<struct vars *>(
+ malloc_align32(&malloc_ptr, sizeof(struct vars)));
if (!vars) {
// If the caller ignores the return value the output will still be safe.
// The private key output is randomised in case it's used to encrypt and
@@ -2139,6 +2081,7 @@
// If the ciphertext is publicly invalid then a random shared key is still
// returned to simply the logic of the caller, but this path is not constant
// time.
+ crypto_word_t ok = 0;
if (ciphertext_len != HRSS_CIPHERTEXT_BYTES ||
!poly_unmarshal(&vars->c, ciphertext)) {
goto out;
@@ -2161,7 +2104,7 @@
poly_mod_phiN(&vars->r);
poly_clamp(&vars->r);
- crypto_word_t ok = poly3_from_poly_checked(&vars->r3, &vars->r);
+ ok = poly3_from_poly_checked(&vars->r3, &vars->r);
// [NTRUCOMP] section 5.1 includes ReEnc2 and a proof that it's valid. Rather
// than do an expensive |poly_mul|, it rebuilds |c'| from |c - lift(m)|
diff --git a/crypto/internal.h b/crypto/internal.h
index ca37027..6821618 100644
--- a/crypto/internal.h
+++ b/crypto/internal.h
@@ -126,16 +126,6 @@
#include <stdlib.h>
#endif
-#if !defined(__cplusplus)
-#if !defined(__STDC_VERSION__) || __STDC_VERSION__ < 201112L
-// BoringSSL requires C11 to build the library. The most likely cause of
-// pre-C11 modes is stale -std=c99 or -std=gnu99 flags in build configuration.
-// Such flags can be removed. If building with MSVC, build with /std:c11.
-#error "BoringSSL must be built in C11 mode or higher."
-#endif
-#include <stdalign.h>
-#endif
-
#if defined(OPENSSL_THREADS) && \
(!defined(OPENSSL_WINDOWS) || defined(__MINGW32__))
#include <pthread.h>
@@ -147,29 +137,11 @@
#define OPENSSL_WINDOWS_THREADS
#endif
-// Determine the atomics implementation to use with C.
-#if !defined(__cplusplus)
-#if !defined(OPENSSL_C11_ATOMIC) && defined(OPENSSL_THREADS) && \
- !defined(__STDC_NO_ATOMICS__)
-#define OPENSSL_C11_ATOMIC
+#if defined(OPENSSL_THREADS)
+#include <atomic>
#endif
-#if defined(OPENSSL_C11_ATOMIC)
-#include <stdatomic.h>
-#endif
-
-// Older MSVC does not support C11 atomics, so we fallback to the Windows APIs.
-// When both are available (e.g. clang-cl), we prefer the C11 ones. The Windows
-// APIs don't allow some operations to be implemented as efficiently. This can
-// be removed once we can rely on
-// https://devblogs.microsoft.com/cppblog/c11-atomics-in-visual-studio-2022-version-17-5-preview-2/
-#if !defined(OPENSSL_C11_ATOMIC) && defined(OPENSSL_THREADS) && \
- defined(OPENSSL_WINDOWS)
-#define OPENSSL_WINDOWS_ATOMIC
-#endif
-#endif // !__cplusplus
-
-#if defined(OPENSSL_WINDOWS_THREADS) || defined(OPENSSL_WINDOWS_ATOMIC)
+#if defined(OPENSSL_WINDOWS_THREADS)
OPENSSL_MSVC_PRAGMA(warning(push, 3))
#include <windows.h>
OPENSSL_MSVC_PRAGMA(warning(pop))
@@ -219,33 +191,35 @@
// These may be bugs in the toolchain definition, but just disable it for now.
// EDK2's toolchain is missing __udivti3 (b/339380897) so cannot support
// 128-bit division currently.
-#if !defined(_MSC_VER) && !defined(OPENSSL_NANOLIBC) && !defined(__EDK2_BORINGSSL__)
+#if !defined(_MSC_VER) && !defined(OPENSSL_NANOLIBC) && \
+ !defined(__EDK2_BORINGSSL__)
#define BORINGSSL_CAN_DIVIDE_UINT128
#endif
#endif
#define OPENSSL_ARRAY_SIZE(array) (sizeof(array) / sizeof((array)[0]))
+#if defined(__clang__) && __clang_major__ >= 5
+#if __has_attribute(fallthrough)
+#define OPENSSL_CAN_USE_ATTR_FALLTHROUGH
+#endif
+#endif
+
// Have a generic fall-through for different versions of C/C++.
#if defined(__cplusplus) && __cplusplus >= 201703L
#define OPENSSL_FALLTHROUGH [[fallthrough]]
#elif defined(__cplusplus) && __cplusplus >= 201103L && defined(__clang__)
#define OPENSSL_FALLTHROUGH [[clang::fallthrough]]
-#elif defined(__cplusplus) && __cplusplus >= 201103L && defined(__GNUC__) && \
- __GNUC__ >= 7
+#elif defined(__cplusplus) && __cplusplus >= 201103L && defined(__GNUC__)
#define OPENSSL_FALLTHROUGH [[gnu::fallthrough]]
-#elif defined(__GNUC__) && __GNUC__ >= 7 // gcc 7
-#define OPENSSL_FALLTHROUGH __attribute__ ((fallthrough))
-#elif defined(__clang__)
-#if __has_attribute(fallthrough) && __clang_major__ >= 5
+#elif defined(__GNUC__)
+#define OPENSSL_FALLTHROUGH __attribute__((fallthrough))
+#elif defined(OPENSSL_CAN_USE_ATTR_FALLTHROUGH)
// Clang 3.5, at least, complains about "error: declaration does not declare
// anything", possibily because we put a semicolon after this macro in
// practice. Thus limit it to >= Clang 5, which does work.
-#define OPENSSL_FALLTHROUGH __attribute__ ((fallthrough))
-#else // clang versions that do not support fallthrough.
-#define OPENSSL_FALLTHROUGH
-#endif
-#else // C++11 on gcc 6, and all other cases
+#define OPENSSL_FALLTHROUGH __attribute__((fallthrough))
+#else // all other cases
#define OPENSSL_FALLTHROUGH
#endif
@@ -311,8 +285,8 @@
// Pointer utility functions.
// buffers_alias returns one if |a| and |b| alias and zero otherwise.
-static inline int buffers_alias(const void *a, size_t a_bytes,
- const void *b, size_t b_bytes) {
+static inline int buffers_alias(const void *a, size_t a_bytes, const void *b,
+ size_t b_bytes) {
// Cast |a| and |b| to integers. In C, pointer comparisons between unrelated
// objects are undefined whereas pointer to integer conversions are merely
// implementation-defined. We assume the implementation defined it in a sane
@@ -448,7 +422,7 @@
// (assert (not (= (= #x00000001 (bvlshr (lt a b) #x0000001f)) (bvult a b))))
// (check-sat)
// (get-model)
- return constant_time_msb_w(a^((a^b)|((a-b)^a)));
+ return constant_time_msb_w(a ^ ((a ^ b) | ((a - b) ^ a)));
}
// constant_time_lt_8 acts like |constant_time_lt_w| but returns an 8-bit
@@ -479,9 +453,8 @@
//
// (declare-fun a () (_ BitVec 32))
//
- // (assert (not (= (= #x00000001 (bvlshr (is_zero a) #x0000001f)) (= a #x00000000))))
- // (check-sat)
- // (get-model)
+ // (assert (not (= (= #x00000001 (bvlshr (is_zero a) #x0000001f)) (= a
+ // #x00000000)))) (check-sat) (get-model)
return constant_time_msb_w(~a & (a - 1));
}
@@ -577,10 +550,10 @@
#if defined(__GNUC__) && !defined(__clang__)
// gcc 13.2.0 doesn't automatically vectorize this loop regardless of barrier
typedef uint8_t v32u8 __attribute__((vector_size(32), aligned(1), may_alias));
- size_t n_vec = n&~(size_t)31;
- v32u8 masks = ((uint8_t)mask-(v32u8){}); // broadcast
+ size_t n_vec = n & ~(size_t)31;
+ v32u8 masks = ((uint8_t)mask - (v32u8){}); // broadcast
for (size_t i = 0; i < n_vec; i += 32) {
- *(v32u8*)&out[i] ^= masks & *(v32u8*)&in[i];
+ *(v32u8 *)&out[i] ^= masks & *(v32u8 *)&in[i];
}
out += n_vec;
n -= n_vec;
@@ -671,73 +644,28 @@
// The following functions provide an API analogous to <stdatomic.h> from C11
// and abstract between a few variations on atomics we need to support.
-#if defined(__cplusplus)
+#if defined(OPENSSL_THREADS)
-// In C++, we can't easily detect whether C will use |OPENSSL_C11_ATOMIC| or
-// |OPENSSL_WINDOWS_ATOMIC|. Instead, we define a layout-compatible type without
-// the corresponding functions. When we can rely on C11 atomics in MSVC, that
-// will no longer be a concern.
-typedef uint32_t CRYPTO_atomic_u32;
+using CRYPTO_atomic_u32 = std::atomic<uint32_t>;
-#elif defined(OPENSSL_C11_ATOMIC)
+static_assert(sizeof(CRYPTO_atomic_u32) == sizeof(uint32_t), "");
-typedef _Atomic uint32_t CRYPTO_atomic_u32;
-
-// This should be const, but the |OPENSSL_WINDOWS_ATOMIC| implementation is not
-// const due to Windows limitations. When we can rely on C11 atomics, make this
-// const-correct.
-OPENSSL_INLINE uint32_t CRYPTO_atomic_load_u32(CRYPTO_atomic_u32 *val) {
- return atomic_load(val);
+inline uint32_t CRYPTO_atomic_load_u32(const CRYPTO_atomic_u32 *val) {
+ return val->load(std::memory_order_seq_cst);
}
-OPENSSL_INLINE int CRYPTO_atomic_compare_exchange_weak_u32(
- CRYPTO_atomic_u32 *val, uint32_t *expected, uint32_t desired) {
- return atomic_compare_exchange_weak(val, expected, desired);
+inline bool CRYPTO_atomic_compare_exchange_weak_u32(CRYPTO_atomic_u32 *val,
+ uint32_t *expected,
+ uint32_t desired) {
+ return val->compare_exchange_weak(
+ *expected, desired, std::memory_order_seq_cst, std::memory_order_seq_cst);
}
-OPENSSL_INLINE void CRYPTO_atomic_store_u32(CRYPTO_atomic_u32 *val,
- uint32_t desired) {
- atomic_store(val, desired);
+inline void CRYPTO_atomic_store_u32(CRYPTO_atomic_u32 *val, uint32_t desired) {
+ val->store(desired, std::memory_order_seq_cst);
}
-#elif defined(OPENSSL_WINDOWS_ATOMIC)
-
-typedef LONG CRYPTO_atomic_u32;
-
-OPENSSL_INLINE uint32_t CRYPTO_atomic_load_u32(volatile CRYPTO_atomic_u32 *val) {
- // This is not ideal because it still writes to a cacheline. MSVC is not able
- // to optimize this to a true atomic read, and Windows does not provide an
- // InterlockedLoad function.
- //
- // The Windows documentation [1] does say "Simple reads and writes to
- // properly-aligned 32-bit variables are atomic operations", but this is not
- // phrased in terms of the C11 and C++11 memory models, and indeed a read or
- // write seems to produce slightly different code on MSVC than a sequentially
- // consistent std::atomic::load in C++. Moreover, it is unclear if non-MSVC
- // compilers on Windows provide the same guarantees. Thus we avoid relying on
- // this and instead still use an interlocked function. This is still
- // preferable a global mutex, and eventually this code will be replaced by
- // [2]. Additionally, on clang-cl, we'll use the |OPENSSL_C11_ATOMIC| path.
- //
- // [1] https://learn.microsoft.com/en-us/windows/win32/sync/interlocked-variable-access
- // [2] https://devblogs.microsoft.com/cppblog/c11-atomics-in-visual-studio-2022-version-17-5-preview-2/
- return (uint32_t)InterlockedCompareExchange(val, 0, 0);
-}
-
-OPENSSL_INLINE int CRYPTO_atomic_compare_exchange_weak_u32(
- volatile CRYPTO_atomic_u32 *val, uint32_t *expected32, uint32_t desired) {
- LONG expected = (LONG)*expected32;
- LONG actual = InterlockedCompareExchange(val, (LONG)desired, expected);
- *expected32 = (uint32_t)actual;
- return actual == expected;
-}
-
-OPENSSL_INLINE void CRYPTO_atomic_store_u32(volatile CRYPTO_atomic_u32 *val,
- uint32_t desired) {
- InterlockedExchange(val, (LONG)desired);
-}
-
-#elif !defined(OPENSSL_THREADS)
+#else
typedef uint32_t CRYPTO_atomic_u32;
@@ -760,12 +688,6 @@
*val = desired;
}
-#else
-
-// Require some atomics implementation. Contact BoringSSL maintainers if you
-// have a platform with fails this check.
-#error "Thread-compatible configurations require atomics"
-
#endif
// See the comment in the |__cplusplus| section above.
@@ -803,7 +725,8 @@
typedef struct crypto_mutex_st {
char padding; // Empty structs have different sizes in C and C++.
} CRYPTO_MUTEX;
-#define CRYPTO_MUTEX_INIT { 0 }
+#define CRYPTO_MUTEX_INIT \
+ { 0 }
#elif defined(OPENSSL_WINDOWS_THREADS)
typedef SRWLOCK CRYPTO_MUTEX;
#define CRYPTO_MUTEX_INIT SRWLOCK_INIT
@@ -868,7 +791,7 @@
BSSL_NAMESPACE_END
-} // extern "C++"
+} // extern "C++"
#endif // defined(__cplusplus)
@@ -932,9 +855,10 @@
uint8_t num_reserved;
} CRYPTO_EX_DATA_CLASS;
-#define CRYPTO_EX_DATA_CLASS_INIT {CRYPTO_MUTEX_INIT, NULL, NULL, 0, 0}
+#define CRYPTO_EX_DATA_CLASS_INIT \
+ { CRYPTO_MUTEX_INIT, NULL, NULL, {}, 0 }
#define CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA \
- {CRYPTO_MUTEX_INIT, NULL, NULL, 0, 1}
+ { CRYPTO_MUTEX_INIT, NULL, NULL, {}, 1 }
// CRYPTO_get_ex_new_index_ex allocates a new index for |ex_data_class|. Each
// class of object should provide a wrapper function that uses the correct
@@ -980,21 +904,13 @@
#include <stdlib.h>
OPENSSL_MSVC_PRAGMA(warning(pop))
#pragma intrinsic(_byteswap_uint64, _byteswap_ulong, _byteswap_ushort)
-static inline uint16_t CRYPTO_bswap2(uint16_t x) {
- return _byteswap_ushort(x);
-}
+static inline uint16_t CRYPTO_bswap2(uint16_t x) { return _byteswap_ushort(x); }
-static inline uint32_t CRYPTO_bswap4(uint32_t x) {
- return _byteswap_ulong(x);
-}
+static inline uint32_t CRYPTO_bswap4(uint32_t x) { return _byteswap_ulong(x); }
-static inline uint64_t CRYPTO_bswap8(uint64_t x) {
- return _byteswap_uint64(x);
-}
+static inline uint64_t CRYPTO_bswap8(uint64_t x) { return _byteswap_uint64(x); }
#else
-static inline uint16_t CRYPTO_bswap2(uint16_t x) {
- return (x >> 8) | (x << 8);
-}
+static inline uint16_t CRYPTO_bswap2(uint16_t x) { return (x >> 8) | (x << 8); }
static inline uint32_t CRYPTO_bswap4(uint32_t x) {
x = (x >> 16) | (x << 16);
@@ -1041,7 +957,7 @@
return memchr(s, c, n);
}
-} // extern "C++"
+} // extern "C++"
#else // __cplusplus
static inline void *OPENSSL_memchr(const void *s, int c, size_t n) {
@@ -1208,117 +1124,6 @@
}
-// Arithmetic functions.
-
-// The most efficient versions of these functions on GCC and Clang depend on C11
-// |_Generic|. If we ever need to call these from C++, we'll need to add a
-// variant that uses C++ overloads instead.
-#if !defined(__cplusplus)
-
-// CRYPTO_addc_* returns |x + y + carry|, and sets |*out_carry| to the carry
-// bit. |carry| must be zero or one.
-#if OPENSSL_HAS_BUILTIN(__builtin_addc)
-
-#define CRYPTO_GENERIC_ADDC(x, y, carry, out_carry) \
- (_Generic((x), \
- unsigned: __builtin_addc, \
- unsigned long: __builtin_addcl, \
- unsigned long long: __builtin_addcll))((x), (y), (carry), (out_carry))
-
-static inline uint32_t CRYPTO_addc_u32(uint32_t x, uint32_t y, uint32_t carry,
- uint32_t *out_carry) {
- declassify_assert(carry <= 1);
- return CRYPTO_GENERIC_ADDC(x, y, carry, out_carry);
-}
-
-static inline uint64_t CRYPTO_addc_u64(uint64_t x, uint64_t y, uint64_t carry,
- uint64_t *out_carry) {
- declassify_assert(carry <= 1);
- return CRYPTO_GENERIC_ADDC(x, y, carry, out_carry);
-}
-
-#else
-
-static inline uint32_t CRYPTO_addc_u32(uint32_t x, uint32_t y, uint32_t carry,
- uint32_t *out_carry) {
- declassify_assert(carry <= 1);
- uint64_t ret = carry;
- ret += (uint64_t)x + y;
- *out_carry = (uint32_t)(ret >> 32);
- return (uint32_t)ret;
-}
-
-static inline uint64_t CRYPTO_addc_u64(uint64_t x, uint64_t y, uint64_t carry,
- uint64_t *out_carry) {
- declassify_assert(carry <= 1);
-#if defined(BORINGSSL_HAS_UINT128)
- uint128_t ret = carry;
- ret += (uint128_t)x + y;
- *out_carry = (uint64_t)(ret >> 64);
- return (uint64_t)ret;
-#else
- x += carry;
- carry = x < carry;
- uint64_t ret = x + y;
- carry += ret < x;
- *out_carry = carry;
- return ret;
-#endif
-}
-#endif
-
-// CRYPTO_subc_* returns |x - y - borrow|, and sets |*out_borrow| to the borrow
-// bit. |borrow| must be zero or one.
-#if OPENSSL_HAS_BUILTIN(__builtin_subc)
-
-#define CRYPTO_GENERIC_SUBC(x, y, borrow, out_borrow) \
- (_Generic((x), \
- unsigned: __builtin_subc, \
- unsigned long: __builtin_subcl, \
- unsigned long long: __builtin_subcll))((x), (y), (borrow), (out_borrow))
-
-static inline uint32_t CRYPTO_subc_u32(uint32_t x, uint32_t y, uint32_t borrow,
- uint32_t *out_borrow) {
- declassify_assert(borrow <= 1);
- return CRYPTO_GENERIC_SUBC(x, y, borrow, out_borrow);
-}
-
-static inline uint64_t CRYPTO_subc_u64(uint64_t x, uint64_t y, uint64_t borrow,
- uint64_t *out_borrow) {
- declassify_assert(borrow <= 1);
- return CRYPTO_GENERIC_SUBC(x, y, borrow, out_borrow);
-}
-
-#else
-
-static inline uint32_t CRYPTO_subc_u32(uint32_t x, uint32_t y, uint32_t borrow,
- uint32_t *out_borrow) {
- declassify_assert(borrow <= 1);
- uint32_t ret = x - y - borrow;
- *out_borrow = (x < y) | ((x == y) & borrow);
- return ret;
-}
-
-static inline uint64_t CRYPTO_subc_u64(uint64_t x, uint64_t y, uint64_t borrow,
- uint64_t *out_borrow) {
- declassify_assert(borrow <= 1);
- uint64_t ret = x - y - borrow;
- *out_borrow = (x < y) | ((x == y) & borrow);
- return ret;
-}
-#endif
-
-#if defined(OPENSSL_64_BIT)
-#define CRYPTO_addc_w CRYPTO_addc_u64
-#define CRYPTO_subc_w CRYPTO_subc_u64
-#else
-#define CRYPTO_addc_w CRYPTO_addc_u32
-#define CRYPTO_subc_w CRYPTO_subc_u32
-#endif
-
-#endif // !__cplusplus
-
-
// FIPS functions.
#if defined(BORINGSSL_FIPS)
@@ -1379,9 +1184,7 @@
return value != NULL && strcmp(value, test) == 0;
}
#else
-OPENSSL_INLINE int boringssl_fips_break_test(const char *test) {
- return 0;
-}
+OPENSSL_INLINE int boringssl_fips_break_test(const char *test) { return 0; }
#endif // BORINGSSL_FIPS_BREAK_TESTS
@@ -1749,4 +1552,163 @@
} // extern C
#endif
+// Arithmetic functions.
+
+// CRYPTO_addc_* returns |x + y + carry|, and sets |*out_carry| to the carry
+// bit. |carry| must be zero or one.
+#if OPENSSL_HAS_BUILTIN(__builtin_addc)
+
+template <typename T>
+struct CRYPTO_addc_impl {
+ static_assert(sizeof(T) == 0, "Unsupported type for addc operation");
+};
+
+template <>
+struct CRYPTO_addc_impl<unsigned int> {
+ static unsigned int add(unsigned int x, unsigned int y, unsigned int carry,
+ unsigned int *out_carry) {
+ return __builtin_addc(x, y, carry, out_carry);
+ }
+};
+
+template <>
+struct CRYPTO_addc_impl<unsigned long> {
+ static unsigned long add(unsigned long x, unsigned long y,
+ unsigned long carry, unsigned long *out_carry) {
+ return __builtin_addcl(x, y, carry, out_carry);
+ }
+};
+
+template <>
+struct CRYPTO_addc_impl<unsigned long long> {
+ static unsigned long long add(unsigned long long x, unsigned long long y,
+ unsigned long long carry,
+ unsigned long long *out_carry) {
+ return __builtin_addcll(x, y, carry, out_carry);
+ }
+};
+
+template <typename T>
+inline T CRYPTO_addc(T x, T y, T carry, T *out_carry) {
+ return CRYPTO_addc_impl<T>::add(x, y, carry, out_carry);
+}
+
+inline uint32_t CRYPTO_addc_u32(uint32_t x, uint32_t y, uint32_t carry,
+ uint32_t *out_carry) {
+ return CRYPTO_addc(x, y, carry, out_carry);
+}
+
+inline uint64_t CRYPTO_addc_u64(uint64_t x, uint64_t y, uint64_t carry,
+ uint64_t *out_carry) {
+ return CRYPTO_addc(x, y, carry, out_carry);
+}
+
+#else
+
+static inline uint32_t CRYPTO_addc_u32(uint32_t x, uint32_t y, uint32_t carry,
+ uint32_t *out_carry) {
+ declassify_assert(carry <= 1);
+ uint64_t ret = carry;
+ ret += (uint64_t)x + y;
+ *out_carry = (uint32_t)(ret >> 32);
+ return (uint32_t)ret;
+}
+
+static inline uint64_t CRYPTO_addc_u64(uint64_t x, uint64_t y, uint64_t carry,
+ uint64_t *out_carry) {
+ declassify_assert(carry <= 1);
+#if defined(BORINGSSL_HAS_UINT128)
+ uint128_t ret = carry;
+ ret += (uint128_t)x + y;
+ *out_carry = (uint64_t)(ret >> 64);
+ return (uint64_t)ret;
+#else
+ x += carry;
+ carry = x < carry;
+ uint64_t ret = x + y;
+ carry += ret < x;
+ *out_carry = carry;
+ return ret;
+#endif
+}
+#endif
+
+
+// CRYPTO_subc_* returns |x - y - borrow|, and sets |*out_borrow| to the borrow
+// bit. |borrow| must be zero or one.
+#if OPENSSL_HAS_BUILTIN(__builtin_subc)
+
+template <typename T>
+struct CRYPTO_subc_impl {
+ static_assert(sizeof(T) == 0, "Unsupported type for subc operation");
+};
+
+template <>
+struct CRYPTO_subc_impl<unsigned int> {
+ static unsigned int sub(unsigned int x, unsigned int y, unsigned int borrow,
+ unsigned int *out_borrow) {
+ return __builtin_subc(x, y, borrow, out_borrow);
+ }
+};
+
+template <>
+struct CRYPTO_subc_impl<unsigned long> {
+ static unsigned long sub(unsigned long x, unsigned long y,
+ unsigned long borrow, unsigned long *out_borrow) {
+ return __builtin_subcl(x, y, borrow, out_borrow);
+ }
+};
+
+template <>
+struct CRYPTO_subc_impl<unsigned long long> {
+ static unsigned long long sub(unsigned long long x, unsigned long long y,
+ unsigned long long borrow,
+ unsigned long long *out_borrow) {
+ return __builtin_subcll(x, y, borrow, out_borrow);
+ }
+};
+
+template <typename T>
+inline T CRYPTO_subc(T x, T y, T borrow, T *out_borrow) {
+ return CRYPTO_subc_impl<T>::sub(x, y, borrow, out_borrow);
+}
+
+inline uint32_t CRYPTO_subc_u32(uint32_t x, uint32_t y, uint32_t borrow,
+ uint32_t *out_borrow) {
+ return CRYPTO_subc(x, y, borrow, out_borrow);
+}
+
+inline uint64_t CRYPTO_subc_u64(uint64_t x, uint64_t y, uint64_t borrow,
+ uint64_t *out_borrow) {
+ return CRYPTO_subc(x, y, borrow, out_borrow);
+}
+
+#else
+
+static inline uint32_t CRYPTO_subc_u32(uint32_t x, uint32_t y, uint32_t borrow,
+ uint32_t *out_borrow) {
+ declassify_assert(borrow <= 1);
+ uint32_t ret = x - y - borrow;
+ *out_borrow = (x < y) | ((x == y) & borrow);
+ return ret;
+}
+
+static inline uint64_t CRYPTO_subc_u64(uint64_t x, uint64_t y, uint64_t borrow,
+ uint64_t *out_borrow) {
+ declassify_assert(borrow <= 1);
+ uint64_t ret = x - y - borrow;
+ *out_borrow = (x < y) | ((x == y) & borrow);
+ return ret;
+}
+#endif
+
+#if defined(OPENSSL_64_BIT)
+#define CRYPTO_addc_w CRYPTO_addc_u64
+#define CRYPTO_subc_w CRYPTO_subc_u64
+#else
+#define CRYPTO_addc_w CRYPTO_addc_u32
+#define CRYPTO_subc_w CRYPTO_subc_u32
+#endif
+
+
#endif // OPENSSL_HEADER_CRYPTO_INTERNAL_H
diff --git a/crypto/keccak/keccak.c b/crypto/keccak/keccak.cc
similarity index 100%
rename from crypto/keccak/keccak.c
rename to crypto/keccak/keccak.cc
diff --git a/crypto/kyber/kyber.c b/crypto/kyber/kyber.cc
similarity index 100%
rename from crypto/kyber/kyber.c
rename to crypto/kyber/kyber.cc
diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.cc
similarity index 95%
rename from crypto/lhash/lhash.c
rename to crypto/lhash/lhash.cc
index fbab430..7a607b6 100644
--- a/crypto/lhash/lhash.c
+++ b/crypto/lhash/lhash.cc
@@ -62,8 +62,8 @@
#include <openssl/mem.h>
-#include "internal.h"
#include "../internal.h"
+#include "internal.h"
// kMinNumBuckets is the minimum size of the buckets array in an |_LHASH|.
@@ -104,13 +104,14 @@
};
_LHASH *OPENSSL_lh_new(lhash_hash_func hash, lhash_cmp_func comp) {
- _LHASH *ret = OPENSSL_zalloc(sizeof(_LHASH));
+ _LHASH *ret = reinterpret_cast<_LHASH *>(OPENSSL_zalloc(sizeof(_LHASH)));
if (ret == NULL) {
return NULL;
}
ret->num_buckets = kMinNumBuckets;
- ret->buckets = OPENSSL_calloc(ret->num_buckets, sizeof(LHASH_ITEM *));
+ ret->buckets = reinterpret_cast<LHASH_ITEM **>(
+ OPENSSL_calloc(ret->num_buckets, sizeof(LHASH_ITEM *)));
if (ret->buckets == NULL) {
OPENSSL_free(ret);
return NULL;
@@ -208,11 +209,11 @@
size_t i, alloc_size;
alloc_size = sizeof(LHASH_ITEM *) * new_num_buckets;
- if (alloc_size / sizeof(LHASH_ITEM*) != new_num_buckets) {
+ if (alloc_size / sizeof(LHASH_ITEM *) != new_num_buckets) {
return;
}
- new_buckets = OPENSSL_zalloc(alloc_size);
+ new_buckets = reinterpret_cast<LHASH_ITEM **>(OPENSSL_zalloc(alloc_size));
if (new_buckets == NULL) {
return;
}
@@ -282,7 +283,7 @@
}
// An element equal to |data| doesn't exist in the hash table yet.
- item = OPENSSL_malloc(sizeof(LHASH_ITEM));
+ item = reinterpret_cast<LHASH_ITEM *>(OPENSSL_malloc(sizeof(LHASH_ITEM)));
if (item == NULL) {
return 0;
}
@@ -312,7 +313,7 @@
item = *next_ptr;
*next_ptr = item->next;
- ret = item->data;
+ ret = reinterpret_cast<LHASH_ITEM *>(item->data);
OPENSSL_free(item);
lh->num_items--;
diff --git a/crypto/md4/md4.c b/crypto/md4/md4.cc
similarity index 98%
rename from crypto/md4/md4.c
rename to crypto/md4/md4.cc
index 91ba0f6..8090021 100644
--- a/crypto/md4/md4.c
+++ b/crypto/md4/md4.cc
@@ -59,8 +59,8 @@
#include <stdlib.h>
#include <string.h>
-#include "../internal.h"
#include "../crypto/fipsmodule/digest/md32_common.h"
+#include "../internal.h"
uint8_t *MD4(const uint8_t *data, size_t len, uint8_t out[MD4_DIGEST_LENGTH]) {
@@ -91,7 +91,8 @@
int MD4_Update(MD4_CTX *c, const void *data, size_t len) {
crypto_md32_update(&md4_block_data_order, c->h, c->data, MD4_CBLOCK, &c->num,
- &c->Nh, &c->Nl, data, len);
+ &c->Nh, &c->Nl, reinterpret_cast<const uint8_t *>(data),
+ len);
return 1;
}
diff --git a/crypto/md5/md5.c b/crypto/md5/md5.cc
similarity index 98%
rename from crypto/md5/md5.c
rename to crypto/md5/md5.cc
index 7eca609..b961261 100644
--- a/crypto/md5/md5.c
+++ b/crypto/md5/md5.cc
@@ -60,8 +60,8 @@
#include <openssl/mem.h>
-#include "../internal.h"
#include "../fipsmodule/digest/md32_common.h"
+#include "../internal.h"
#include "internal.h"
@@ -96,7 +96,8 @@
int MD5_Update(MD5_CTX *c, const void *data, size_t len) {
crypto_md32_update(&md5_block_data_order, c->h, c->data, MD5_CBLOCK, &c->num,
- &c->Nh, &c->Nl, data, len);
+ &c->Nh, &c->Nl, reinterpret_cast<const uint8_t *>(data),
+ len);
return 1;
}
diff --git a/crypto/mem.c b/crypto/mem.cc
similarity index 93%
rename from crypto/mem.c
rename to crypto/mem.cc
index 3c29125..66bc915 100644
--- a/crypto/mem.c
+++ b/crypto/mem.cc
@@ -84,8 +84,10 @@
static_assert(OPENSSL_MALLOC_PREFIX >= sizeof(size_t), "size_t too large");
#if defined(OPENSSL_ASAN)
+extern "C" {
void __asan_poison_memory_region(const volatile void *addr, size_t size);
void __asan_unpoison_memory_region(const volatile void *addr, size_t size);
+}
#else
static void __asan_poison_memory_region(const void *addr, size_t size) {}
static void __asan_unpoison_memory_region(const void *addr, size_t size) {}
@@ -100,10 +102,12 @@
// weak symbols.
#if !defined(__EDK2_BORINGSSL__) && defined(__ELF__) && defined(__GNUC__)
#define WEAK_SYMBOL_FUNC(rettype, name, args) \
- rettype name args __attribute__((weak))
+ extern "C" { \
+ rettype name args __attribute__((weak)); \
+ }
#else
#define WEAK_SYMBOL_FUNC(rettype, name, args) \
- static rettype(*const name) args = NULL
+ static rettype(*const name) args = NULL;
#endif
#if defined(BORINGSSL_DETECT_SDALLOCX)
@@ -115,7 +119,7 @@
// defined, it is part of the same allocator as |malloc|. This is usually true
// but may break if |malloc| does not implement |sdallocx|, but some other
// allocator with |sdallocx| is imported which does.
-WEAK_SYMBOL_FUNC(void, sdallocx, (void *ptr, size_t size, int flags));
+WEAK_SYMBOL_FUNC(void, sdallocx, (void *ptr, size_t size, int flags))
#else
static void (*const sdallocx)(void *ptr, size_t size, int flags) = NULL;
#endif
@@ -138,9 +142,9 @@
// primitives used must tolerate every other synchronization primitive linked
// into the process, including pthreads locks. Failing to meet these constraints
// may result in deadlocks, crashes, or memory corruption.
-WEAK_SYMBOL_FUNC(void *, OPENSSL_memory_alloc, (size_t size));
-WEAK_SYMBOL_FUNC(void, OPENSSL_memory_free, (void *ptr));
-WEAK_SYMBOL_FUNC(size_t, OPENSSL_memory_get_size, (void *ptr));
+WEAK_SYMBOL_FUNC(void *, OPENSSL_memory_alloc, (size_t size))
+WEAK_SYMBOL_FUNC(void, OPENSSL_memory_free, (void *ptr))
+WEAK_SYMBOL_FUNC(size_t, OPENSSL_memory_get_size, (void *ptr))
#if defined(BORINGSSL_MALLOC_FAILURE_TESTING)
static CRYPTO_MUTEX malloc_failure_lock = CRYPTO_MUTEX_INIT;
@@ -223,6 +227,7 @@
#endif
void *OPENSSL_malloc(size_t size) {
+ void *ptr = nullptr;
if (should_fail_allocation()) {
goto err;
}
@@ -230,18 +235,18 @@
if (OPENSSL_memory_alloc != NULL) {
assert(OPENSSL_memory_free != NULL);
assert(OPENSSL_memory_get_size != NULL);
- void *ptr = OPENSSL_memory_alloc(size);
- if (ptr == NULL && size != 0) {
+ void *ptr2 = OPENSSL_memory_alloc(size);
+ if (ptr2 == NULL && size != 0) {
goto err;
}
- return ptr;
+ return ptr2;
}
if (size + OPENSSL_MALLOC_PREFIX < size) {
goto err;
}
- void *ptr = malloc(size + OPENSSL_MALLOC_PREFIX);
+ ptr = malloc(size + OPENSSL_MALLOC_PREFIX);
if (ptr == NULL) {
goto err;
}
@@ -364,8 +369,8 @@
}
int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) {
- const uint8_t *a = in_a;
- const uint8_t *b = in_b;
+ const uint8_t *a = reinterpret_cast<const uint8_t *>(in_a);
+ const uint8_t *b = reinterpret_cast<const uint8_t *>(in_b);
uint8_t x = 0;
for (size_t i = 0; i < len; i++) {
@@ -380,7 +385,7 @@
static const uint32_t kPrime = 16777619u;
static const uint32_t kOffsetBasis = 2166136261u;
- const uint8_t *in = ptr;
+ const uint8_t *in = reinterpret_cast<const uint8_t *>(ptr);
uint32_t h = kOffsetBasis;
for (size_t i = 0; i < len; i++) {
@@ -408,7 +413,7 @@
return NULL;
}
// Copy the NUL terminator.
- return OPENSSL_memdup(s, strlen(s) + 1);
+ return reinterpret_cast<char *>(OPENSSL_memdup(s, strlen(s) + 1));
}
int OPENSSL_isalpha(int c) {
@@ -503,13 +508,14 @@
system_malloc ? realloc : OPENSSL_realloc;
char *candidate = NULL;
size_t candidate_len = 64; // TODO(bbe) what's the best initial size?
+ int ret;
- if ((candidate = allocate(candidate_len)) == NULL) {
+ if ((candidate = reinterpret_cast<char *>(allocate(candidate_len))) == NULL) {
goto err;
}
va_list args_copy;
va_copy(args_copy, args);
- int ret = vsnprintf(candidate, candidate_len, format, args_copy);
+ ret = vsnprintf(candidate, candidate_len, format, args_copy);
va_end(args_copy);
if (ret < 0) {
goto err;
@@ -519,7 +525,8 @@
char *tmp;
candidate_len = (size_t)ret + 1;
- if ((tmp = reallocate(candidate, candidate_len)) == NULL) {
+ if ((tmp = reinterpret_cast<char *>(
+ reallocate(candidate, candidate_len))) == NULL) {
goto err;
}
candidate = tmp;
@@ -560,7 +567,7 @@
OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE);
return NULL;
}
- char *ret = OPENSSL_malloc(alloc_size);
+ char *ret = reinterpret_cast<char *>(OPENSSL_malloc(alloc_size));
if (ret == NULL) {
return NULL;
}
diff --git a/crypto/obj/obj.c b/crypto/obj/obj.cc
similarity index 91%
rename from crypto/obj/obj.c
rename to crypto/obj/obj.cc
index 4106424..7a5499c 100644
--- a/crypto/obj/obj.c
+++ b/crypto/obj/obj.cc
@@ -116,7 +116,7 @@
r->ln = r->sn = NULL;
// once data is attached to an object, it remains const
- r->data = OPENSSL_memdup(o->data, o->length);
+ r->data = reinterpret_cast<uint8_t *>(OPENSSL_memdup(o->data, o->length));
if (o->length != 0 && r->data == NULL) {
goto err;
}
@@ -191,7 +191,8 @@
// unsigned int in the array.
static int obj_cmp(const void *key, const void *element) {
uint16_t nid = *((const uint16_t *)element);
- return OBJ_cmp(key, get_builtin_object(nid));
+ return OBJ_cmp(reinterpret_cast<const ASN1_OBJECT *>(key),
+ get_builtin_object(nid));
}
int OBJ_obj2nid(const ASN1_OBJECT *obj) {
@@ -215,9 +216,9 @@
}
CRYPTO_MUTEX_unlock_read(&global_added_lock);
- const uint16_t *nid_ptr =
+ const uint16_t *nid_ptr = reinterpret_cast<const uint16_t *>(
bsearch(obj, kNIDsInOIDOrder, OPENSSL_ARRAY_SIZE(kNIDsInOIDOrder),
- sizeof(kNIDsInOIDOrder[0]), obj_cmp);
+ sizeof(kNIDsInOIDOrder[0]), obj_cmp));
if (nid_ptr == NULL) {
return NID_undef;
}
@@ -251,10 +252,10 @@
int OBJ_sn2nid(const char *short_name) {
CRYPTO_MUTEX_lock_read(&global_added_lock);
if (global_added_by_short_name != NULL) {
- ASN1_OBJECT *match, template;
+ ASN1_OBJECT *match, templ;
- template.sn = short_name;
- match = lh_ASN1_OBJECT_retrieve(global_added_by_short_name, &template);
+ templ.sn = short_name;
+ match = lh_ASN1_OBJECT_retrieve(global_added_by_short_name, &templ);
if (match != NULL) {
CRYPTO_MUTEX_unlock_read(&global_added_lock);
return match->nid;
@@ -262,10 +263,10 @@
}
CRYPTO_MUTEX_unlock_read(&global_added_lock);
- const uint16_t *nid_ptr =
+ const uint16_t *nid_ptr = reinterpret_cast<const uint16_t *>(
bsearch(short_name, kNIDsInShortNameOrder,
OPENSSL_ARRAY_SIZE(kNIDsInShortNameOrder),
- sizeof(kNIDsInShortNameOrder[0]), short_name_cmp);
+ sizeof(kNIDsInShortNameOrder[0]), short_name_cmp));
if (nid_ptr == NULL) {
return NID_undef;
}
@@ -286,10 +287,10 @@
int OBJ_ln2nid(const char *long_name) {
CRYPTO_MUTEX_lock_read(&global_added_lock);
if (global_added_by_long_name != NULL) {
- ASN1_OBJECT *match, template;
+ ASN1_OBJECT *match, templ;
- template.ln = long_name;
- match = lh_ASN1_OBJECT_retrieve(global_added_by_long_name, &template);
+ templ.ln = long_name;
+ match = lh_ASN1_OBJECT_retrieve(global_added_by_long_name, &templ);
if (match != NULL) {
CRYPTO_MUTEX_unlock_read(&global_added_lock);
return match->nid;
@@ -297,9 +298,9 @@
}
CRYPTO_MUTEX_unlock_read(&global_added_lock);
- const uint16_t *nid_ptr = bsearch(
+ const uint16_t *nid_ptr = reinterpret_cast<const uint16_t *>(bsearch(
long_name, kNIDsInLongNameOrder, OPENSSL_ARRAY_SIZE(kNIDsInLongNameOrder),
- sizeof(kNIDsInLongNameOrder[0]), long_name_cmp);
+ sizeof(kNIDsInLongNameOrder[0]), long_name_cmp));
if (nid_ptr == NULL) {
return NID_undef;
}
@@ -321,10 +322,8 @@
const ASN1_OBJECT *obj = OBJ_nid2obj(nid);
CBB oid;
- if (obj == NULL ||
- !CBB_add_asn1(out, &oid, CBS_ASN1_OBJECT) ||
- !CBB_add_bytes(&oid, obj->data, obj->length) ||
- !CBB_flush(out)) {
+ if (obj == NULL || !CBB_add_asn1(out, &oid, CBS_ASN1_OBJECT) ||
+ !CBB_add_bytes(&oid, obj->data, obj->length) || !CBB_flush(out)) {
return 0;
}
@@ -358,10 +357,10 @@
CRYPTO_MUTEX_lock_read(&global_added_lock);
if (global_added_by_nid != NULL) {
- ASN1_OBJECT *match, template;
+ ASN1_OBJECT *match, templ;
- template.nid = nid;
- match = lh_ASN1_OBJECT_retrieve(global_added_by_nid, &template);
+ templ.nid = nid;
+ match = lh_ASN1_OBJECT_retrieve(global_added_by_nid, &templ);
if (match != NULL) {
CRYPTO_MUTEX_unlock_read(&global_added_lock);
return match;
@@ -473,9 +472,7 @@
return ret;
}
-static uint32_t hash_nid(const ASN1_OBJECT *obj) {
- return obj->nid;
-}
+static uint32_t hash_nid(const ASN1_OBJECT *obj) { return obj->nid; }
static int cmp_nid(const ASN1_OBJECT *a, const ASN1_OBJECT *b) {
return a->nid - b->nid;
@@ -519,13 +516,14 @@
lh_ASN1_OBJECT_new(hash_short_name, cmp_short_name);
}
if (global_added_by_long_name == NULL) {
- global_added_by_long_name = lh_ASN1_OBJECT_new(hash_long_name, cmp_long_name);
+ global_added_by_long_name =
+ lh_ASN1_OBJECT_new(hash_long_name, cmp_long_name);
}
int ok = 0;
- if (global_added_by_nid == NULL ||
- global_added_by_data == NULL ||
- global_added_by_short_name == NULL ||
+ if (global_added_by_nid == NULL || //
+ global_added_by_data == NULL || //
+ global_added_by_short_name == NULL || //
global_added_by_long_name == NULL) {
goto err;
}
@@ -554,8 +552,7 @@
int OBJ_create(const char *oid, const char *short_name, const char *long_name) {
ASN1_OBJECT *op =
create_object_with_text_oid(obj_next_nid, oid, short_name, long_name);
- if (op == NULL ||
- !obj_add_object(op)) {
+ if (op == NULL || !obj_add_object(op)) {
return NID_undef;
}
return op->nid;
diff --git a/crypto/obj/obj_xref.c b/crypto/obj/obj_xref.cc
similarity index 100%
rename from crypto/obj/obj_xref.c
rename to crypto/obj/obj_xref.cc
diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.cc
similarity index 100%
rename from crypto/pem/pem_all.c
rename to crypto/pem/pem_all.cc
diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.cc
similarity index 97%
rename from crypto/pem/pem_info.c
rename to crypto/pem/pem_info.cc
index db8275b..ea96a60 100644
--- a/crypto/pem/pem_info.c
+++ b/crypto/pem/pem_info.cc
@@ -71,7 +71,7 @@
static X509_PKEY *X509_PKEY_new(void) {
- return OPENSSL_zalloc(sizeof(X509_PKEY));
+ return reinterpret_cast<X509_PKEY *>(OPENSSL_zalloc(sizeof(X509_PKEY)));
}
static void X509_PKEY_free(X509_PKEY *x) {
@@ -84,7 +84,7 @@
}
static X509_INFO *X509_INFO_new(void) {
- return OPENSSL_zalloc(sizeof(X509_INFO));
+ return reinterpret_cast<X509_INFO *>(OPENSSL_zalloc(sizeof(X509_INFO)));
}
void X509_INFO_free(X509_INFO *x) {
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.cc
similarity index 98%
rename from crypto/pem/pem_lib.c
rename to crypto/pem/pem_lib.cc
index 6b272cc..9c6789a 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.cc
@@ -467,8 +467,7 @@
p = header;
for (;;) {
c = *header;
- if (!((c >= 'A' && c <= 'Z') || c == '-' ||
- OPENSSL_isdigit(c))) {
+ if (!((c >= 'A' && c <= 'Z') || c == '-' || OPENSSL_isdigit(c))) {
break;
}
header++;
@@ -553,7 +552,7 @@
}
}
- buf = OPENSSL_malloc(PEM_BUFSIZE * 8);
+ buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(PEM_BUFSIZE * 8));
if (buf == NULL) {
goto err;
}
@@ -784,6 +783,6 @@
if (len >= (size_t)size) {
return -1;
}
- OPENSSL_strlcpy(buf, userdata, (size_t)size);
+ OPENSSL_strlcpy(buf, reinterpret_cast<char *>(userdata), (size_t)size);
return (int)len;
}
diff --git a/crypto/pem/pem_oth.c b/crypto/pem/pem_oth.cc
similarity index 98%
rename from crypto/pem/pem_oth.c
rename to crypto/pem/pem_oth.cc
index a94fed9..822092c 100644
--- a/crypto/pem/pem_oth.c
+++ b/crypto/pem/pem_oth.cc
@@ -78,7 +78,7 @@
return NULL;
}
p = data;
- ret = d2i(x, &p, len);
+ ret = reinterpret_cast<char *>(d2i(x, &p, len));
if (ret == NULL) {
OPENSSL_PUT_ERROR(PEM, ERR_R_ASN1_LIB);
}
diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.cc
similarity index 100%
rename from crypto/pem/pem_pk8.c
rename to crypto/pem/pem_pk8.cc
diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.cc
similarity index 100%
rename from crypto/pem/pem_pkey.c
rename to crypto/pem/pem_pkey.cc
diff --git a/crypto/pem/pem_x509.c b/crypto/pem/pem_x509.cc
similarity index 100%
rename from crypto/pem/pem_x509.c
rename to crypto/pem/pem_x509.cc
diff --git a/crypto/pem/pem_xaux.c b/crypto/pem/pem_xaux.cc
similarity index 100%
rename from crypto/pem/pem_xaux.c
rename to crypto/pem/pem_xaux.cc
diff --git a/crypto/pkcs7/pkcs7.c b/crypto/pkcs7/pkcs7.cc
similarity index 97%
rename from crypto/pkcs7/pkcs7.c
rename to crypto/pkcs7/pkcs7.cc
index 8232af6..7cfa017 100644
--- a/crypto/pkcs7/pkcs7.c
+++ b/crypto/pkcs7/pkcs7.cc
@@ -20,8 +20,8 @@
#include <openssl/pool.h>
#include <openssl/stack.h>
-#include "internal.h"
#include "../bytestring/internal.h"
+#include "internal.h"
// 1.2.840.113549.1.7.1
@@ -109,8 +109,7 @@
}
CRYPTO_BUFFER *buf = CRYPTO_BUFFER_new_from_CBS(&cert, pool);
- if (buf == NULL ||
- !sk_CRYPTO_BUFFER_push(out_certs, buf)) {
+ if (buf == NULL || !sk_CRYPTO_BUFFER_push(out_certs, buf)) {
CRYPTO_BUFFER_free(buf);
goto err;
}
@@ -132,7 +131,8 @@
}
static int pkcs7_bundle_raw_certificates_cb(CBB *out, const void *arg) {
- const STACK_OF(CRYPTO_BUFFER) *certs = arg;
+ const STACK_OF(CRYPTO_BUFFER) *certs =
+ reinterpret_cast<const STACK_OF(CRYPTO_BUFFER) *>(arg);
CBB certificates;
// See https://tools.ietf.org/html/rfc2315#section-9.1
diff --git a/crypto/pkcs7/pkcs7_x509.c b/crypto/pkcs7/pkcs7_x509.cc
similarity index 91%
rename from crypto/pkcs7/pkcs7_x509.c
rename to crypto/pkcs7/pkcs7_x509.cc
index 7b10f6f..95fb87e 100644
--- a/crypto/pkcs7/pkcs7_x509.c
+++ b/crypto/pkcs7/pkcs7_x509.cc
@@ -26,24 +26,22 @@
#include <openssl/stack.h>
#include <openssl/x509.h>
-#include "internal.h"
#include "../internal.h"
+#include "internal.h"
int PKCS7_get_certificates(STACK_OF(X509) *out_certs, CBS *cbs) {
int ret = 0;
const size_t initial_certs_len = sk_X509_num(out_certs);
STACK_OF(CRYPTO_BUFFER) *raw = sk_CRYPTO_BUFFER_new_null();
- if (raw == NULL ||
- !PKCS7_get_raw_certificates(raw, cbs, NULL)) {
+ if (raw == NULL || !PKCS7_get_raw_certificates(raw, cbs, NULL)) {
goto err;
}
for (size_t i = 0; i < sk_CRYPTO_BUFFER_num(raw); i++) {
CRYPTO_BUFFER *buf = sk_CRYPTO_BUFFER_value(raw, i);
X509 *x509 = X509_parse_from_buffer(buf);
- if (x509 == NULL ||
- !sk_X509_push(out_certs, x509)) {
+ if (x509 == NULL || !sk_X509_push(out_certs, x509)) {
X509_free(x509);
goto err;
}
@@ -171,7 +169,7 @@
}
static int pkcs7_bundle_certificates_cb(CBB *out, const void *arg) {
- const STACK_OF(X509) *certs = arg;
+ const STACK_OF(X509) *certs = reinterpret_cast<const STACK_OF(X509) *>(arg);
size_t i;
CBB certificates;
@@ -186,8 +184,7 @@
uint8_t *buf;
int len = i2d_X509(x509, NULL);
- if (len < 0 ||
- !CBB_add_space(&certificates, &buf, len) ||
+ if (len < 0 || !CBB_add_space(&certificates, &buf, len) ||
i2d_X509(x509, &buf) < 0) {
return 0;
}
@@ -204,7 +201,8 @@
}
static int pkcs7_bundle_crls_cb(CBB *out, const void *arg) {
- const STACK_OF(X509_CRL) *crls = arg;
+ const STACK_OF(X509_CRL) *crls =
+ reinterpret_cast<const STACK_OF(X509_CRL) *>(arg);
size_t i;
CBB crl_data;
@@ -219,8 +217,7 @@
uint8_t *buf;
int len = i2d_X509_CRL(crl, NULL);
- if (len < 0 ||
- !CBB_add_space(&crl_data, &buf, len) ||
+ if (len < 0 || !CBB_add_space(&crl_data, &buf, len) ||
i2d_X509_CRL(crl, &buf) < 0) {
return 0;
}
@@ -237,18 +234,19 @@
}
static PKCS7 *pkcs7_new(CBS *cbs) {
- PKCS7 *ret = OPENSSL_zalloc(sizeof(PKCS7));
+ CBS copy = *cbs, copy2 = *cbs;
+ PKCS7 *ret = reinterpret_cast<PKCS7 *>(OPENSSL_zalloc(sizeof(PKCS7)));
if (ret == NULL) {
return NULL;
}
ret->type = OBJ_nid2obj(NID_pkcs7_signed);
- ret->d.sign = OPENSSL_malloc(sizeof(PKCS7_SIGNED));
+ ret->d.sign =
+ reinterpret_cast<PKCS7_SIGNED *>(OPENSSL_malloc(sizeof(PKCS7_SIGNED)));
if (ret->d.sign == NULL) {
goto err;
}
ret->d.sign->cert = sk_X509_new_null();
ret->d.sign->crl = sk_X509_CRL_new_null();
- CBS copy = *cbs, copy2 = *cbs;
if (ret->d.sign->cert == NULL || ret->d.sign->crl == NULL ||
!PKCS7_get_certificates(ret->d.sign->cert, ©) ||
!PKCS7_get_CRLs(ret->d.sign->crl, cbs)) {
@@ -266,7 +264,8 @@
}
ret->ber_len = CBS_len(©2) - CBS_len(cbs);
- ret->ber_bytes = OPENSSL_memdup(CBS_data(©2), ret->ber_len);
+ ret->ber_bytes = reinterpret_cast<uint8_t *>(
+ OPENSSL_memdup(CBS_data(©2), ret->ber_len));
if (ret->ber_bytes == NULL) {
goto err;
}
@@ -278,8 +277,7 @@
return NULL;
}
-PKCS7 *d2i_PKCS7(PKCS7 **out, const uint8_t **inp,
- size_t len) {
+PKCS7 *d2i_PKCS7(PKCS7 **out, const uint8_t **inp, size_t len) {
CBS cbs;
CBS_init(&cbs, *inp, len);
PKCS7 *ret = pkcs7_new(&cbs);
@@ -325,7 +323,8 @@
}
if (*out == NULL) {
- *out = OPENSSL_memdup(p7->ber_bytes, p7->ber_len);
+ *out =
+ reinterpret_cast<uint8_t *>(OPENSSL_memdup(p7->ber_bytes, p7->ber_len));
if (*out == NULL) {
return -1;
}
@@ -382,7 +381,7 @@
static int sign_sha256(uint8_t *out_sig, size_t *out_sig_len,
size_t max_out_sig, EVP_PKEY *pkey, BIO *data) {
static const size_t kBufSize = 4096;
- uint8_t *buffer = OPENSSL_malloc(kBufSize);
+ uint8_t *buffer = reinterpret_cast<uint8_t *>(OPENSSL_malloc(kBufSize));
if (!buffer) {
return 0;
}
@@ -427,7 +426,8 @@
// https://datatracker.ietf.org/doc/html/rfc2315#section-9.2 to |out|. It
// returns one on success or zero on error.
static int write_signer_info(CBB *out, const void *arg) {
- const struct signer_info_data *const si_data = arg;
+ const struct signer_info_data *const si_data =
+ reinterpret_cast<const struct signer_info_data *>(arg);
int ret = 0;
uint8_t *subject_bytes = NULL;
@@ -440,8 +440,7 @@
&serial_bytes);
CBB seq, issuer_and_serial, signing_algo, null, signature;
- if (subject_len < 0 ||
- serial_len < 0 ||
+ if (subject_len < 0 || serial_len < 0 ||
!CBB_add_asn1(out, &seq, CBS_ASN1_SEQUENCE) ||
// version
!CBB_add_asn1_uint64(&seq, 1) ||
@@ -490,8 +489,10 @@
// sign-file.c from the Linux kernel.
const size_t signature_max_len = EVP_PKEY_size(pkey);
struct signer_info_data si_data = {
- .sign_cert = sign_cert,
- .signature = OPENSSL_malloc(signature_max_len),
+ /*sign_cert=*/sign_cert,
+ /*signature=*/
+ reinterpret_cast<uint8_t *>(OPENSSL_malloc(signature_max_len)),
+ /*signature_len=*/0,
};
if (!si_data.signature ||
diff --git a/crypto/pkcs8/p5_pbev2.c b/crypto/pkcs8/p5_pbev2.cc
similarity index 100%
rename from crypto/pkcs8/p5_pbev2.c
rename to crypto/pkcs8/p5_pbev2.cc
diff --git a/crypto/pkcs8/pkcs8.c b/crypto/pkcs8/pkcs8.cc
similarity index 66%
rename from crypto/pkcs8/pkcs8.c
rename to crypto/pkcs8/pkcs8.cc
index 07d5de8..9c755f5 100644
--- a/crypto/pkcs8/pkcs8.c
+++ b/crypto/pkcs8/pkcs8.cc
@@ -67,9 +67,9 @@
#include <openssl/nid.h>
#include <openssl/rand.h>
-#include "internal.h"
#include "../bytestring/internal.h"
#include "../internal.h"
+#include "internal.h"
static int pkcs12_encode_password(const char *in, size_t in_len, uint8_t **out,
@@ -85,16 +85,14 @@
CBS_init(&cbs, (const uint8_t *)in, in_len);
while (CBS_len(&cbs) != 0) {
uint32_t c;
- if (!CBS_get_utf8(&cbs, &c) ||
- !CBB_add_ucs2_be(&cbb, c)) {
+ if (!CBS_get_utf8(&cbs, &c) || !CBB_add_ucs2_be(&cbb, c)) {
OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_INVALID_CHARACTERS);
goto err;
}
}
// Terminate the result with a UCS-2 NUL.
- if (!CBB_add_ucs2_be(&cbb, 0) ||
- !CBB_finish(&cbb, out, out_len)) {
+ if (!CBB_add_ucs2_be(&cbb, 0) || !CBB_finish(&cbb, out, out_len)) {
goto err;
}
@@ -121,105 +119,108 @@
EVP_MD_CTX_init(&ctx);
uint8_t *pass_raw = NULL, *I = NULL;
size_t pass_raw_len = 0, I_len = 0;
- // If |pass| is NULL, we use the empty string rather than {0, 0} as the raw
- // password.
- if (pass != NULL &&
- !pkcs12_encode_password(pass, pass_len, &pass_raw, &pass_raw_len)) {
- goto err;
- }
- // In the spec, |block_size| is called "v", but measured in bits.
- size_t block_size = EVP_MD_block_size(md);
-
- // 1. Construct a string, D (the "diversifier"), by concatenating v/8 copies
- // of ID.
- uint8_t D[EVP_MAX_MD_BLOCK_SIZE];
- OPENSSL_memset(D, id, block_size);
-
- // 2. Concatenate copies of the salt together to create a string S of length
- // v(ceiling(s/v)) bits (the final copy of the salt may be truncated to
- // create S). Note that if the salt is the empty string, then so is S.
- //
- // 3. Concatenate copies of the password together to create a string P of
- // length v(ceiling(p/v)) bits (the final copy of the password may be
- // truncated to create P). Note that if the password is the empty string,
- // then so is P.
- //
- // 4. Set I=S||P to be the concatenation of S and P.
- if (salt_len + block_size - 1 < salt_len ||
- pass_raw_len + block_size - 1 < pass_raw_len) {
- OPENSSL_PUT_ERROR(PKCS8, ERR_R_OVERFLOW);
- goto err;
- }
- size_t S_len = block_size * ((salt_len + block_size - 1) / block_size);
- size_t P_len = block_size * ((pass_raw_len + block_size - 1) / block_size);
- I_len = S_len + P_len;
- if (I_len < S_len) {
- OPENSSL_PUT_ERROR(PKCS8, ERR_R_OVERFLOW);
- goto err;
- }
-
- I = OPENSSL_malloc(I_len);
- if (I_len != 0 && I == NULL) {
- goto err;
- }
-
- for (size_t i = 0; i < S_len; i++) {
- I[i] = salt[i % salt_len];
- }
- for (size_t i = 0; i < P_len; i++) {
- I[i + S_len] = pass_raw[i % pass_raw_len];
- }
-
- while (out_len != 0) {
- // A. Set A_i=H^r(D||I). (i.e., the r-th hash of D||I,
- // H(H(H(... H(D||I))))
- uint8_t A[EVP_MAX_MD_SIZE];
- unsigned A_len;
- if (!EVP_DigestInit_ex(&ctx, md, NULL) ||
- !EVP_DigestUpdate(&ctx, D, block_size) ||
- !EVP_DigestUpdate(&ctx, I, I_len) ||
- !EVP_DigestFinal_ex(&ctx, A, &A_len)) {
+ {
+ // If |pass| is NULL, we use the empty string rather than {0, 0} as the raw
+ // password.
+ if (pass != NULL &&
+ !pkcs12_encode_password(pass, pass_len, &pass_raw, &pass_raw_len)) {
goto err;
}
- for (uint32_t iter = 1; iter < iterations; iter++) {
+
+ // In the spec, |block_size| is called "v", but measured in bits.
+ size_t block_size = EVP_MD_block_size(md);
+
+ // 1. Construct a string, D (the "diversifier"), by concatenating v/8 copies
+ // of ID.
+ uint8_t D[EVP_MAX_MD_BLOCK_SIZE];
+ OPENSSL_memset(D, id, block_size);
+
+ // 2. Concatenate copies of the salt together to create a string S of length
+ // v(ceiling(s/v)) bits (the final copy of the salt may be truncated to
+ // create S). Note that if the salt is the empty string, then so is S.
+ //
+ // 3. Concatenate copies of the password together to create a string P of
+ // length v(ceiling(p/v)) bits (the final copy of the password may be
+ // truncated to create P). Note that if the password is the empty string,
+ // then so is P.
+ //
+ // 4. Set I=S||P to be the concatenation of S and P.
+ if (salt_len + block_size - 1 < salt_len ||
+ pass_raw_len + block_size - 1 < pass_raw_len) {
+ OPENSSL_PUT_ERROR(PKCS8, ERR_R_OVERFLOW);
+ goto err;
+ }
+ size_t S_len = block_size * ((salt_len + block_size - 1) / block_size);
+ size_t P_len = block_size * ((pass_raw_len + block_size - 1) / block_size);
+ I_len = S_len + P_len;
+ if (I_len < S_len) {
+ OPENSSL_PUT_ERROR(PKCS8, ERR_R_OVERFLOW);
+ goto err;
+ }
+
+ I = reinterpret_cast<uint8_t *>(OPENSSL_malloc(I_len));
+ if (I_len != 0 && I == NULL) {
+ goto err;
+ }
+
+ for (size_t i = 0; i < S_len; i++) {
+ I[i] = salt[i % salt_len];
+ }
+ for (size_t i = 0; i < P_len; i++) {
+ I[i + S_len] = pass_raw[i % pass_raw_len];
+ }
+
+ while (out_len != 0) {
+ // A. Set A_i=H^r(D||I). (i.e., the r-th hash of D||I,
+ // H(H(H(... H(D||I))))
+ uint8_t A[EVP_MAX_MD_SIZE];
+ unsigned A_len;
if (!EVP_DigestInit_ex(&ctx, md, NULL) ||
- !EVP_DigestUpdate(&ctx, A, A_len) ||
+ !EVP_DigestUpdate(&ctx, D, block_size) ||
+ !EVP_DigestUpdate(&ctx, I, I_len) ||
!EVP_DigestFinal_ex(&ctx, A, &A_len)) {
goto err;
}
- }
+ for (uint32_t iter = 1; iter < iterations; iter++) {
+ if (!EVP_DigestInit_ex(&ctx, md, NULL) ||
+ !EVP_DigestUpdate(&ctx, A, A_len) ||
+ !EVP_DigestFinal_ex(&ctx, A, &A_len)) {
+ goto err;
+ }
+ }
- size_t todo = out_len < A_len ? out_len : A_len;
- OPENSSL_memcpy(out, A, todo);
- out += todo;
- out_len -= todo;
- if (out_len == 0) {
- break;
- }
+ size_t todo = out_len < A_len ? out_len : A_len;
+ OPENSSL_memcpy(out, A, todo);
+ out += todo;
+ out_len -= todo;
+ if (out_len == 0) {
+ break;
+ }
- // B. Concatenate copies of A_i to create a string B of length v bits (the
- // final copy of A_i may be truncated to create B).
- uint8_t B[EVP_MAX_MD_BLOCK_SIZE];
- for (size_t i = 0; i < block_size; i++) {
- B[i] = A[i % A_len];
- }
+ // B. Concatenate copies of A_i to create a string B of length v bits (the
+ // final copy of A_i may be truncated to create B).
+ uint8_t B[EVP_MAX_MD_BLOCK_SIZE];
+ for (size_t i = 0; i < block_size; i++) {
+ B[i] = A[i % A_len];
+ }
- // C. Treating I as a concatenation I_0, I_1, ..., I_(k-1) of v-bit blocks,
- // where k=ceiling(s/v)+ceiling(p/v), modify I by setting I_j=(I_j+B+1) mod
- // 2^v for each j.
- assert(I_len % block_size == 0);
- for (size_t i = 0; i < I_len; i += block_size) {
- unsigned carry = 1;
- for (size_t j = block_size - 1; j < block_size; j--) {
- carry += I[i + j] + B[j];
- I[i + j] = (uint8_t)carry;
- carry >>= 8;
+ // C. Treating I as a concatenation I_0, I_1, ..., I_(k-1) of v-bit
+ // blocks, where k=ceiling(s/v)+ceiling(p/v), modify I by setting
+ // I_j=(I_j+B+1) mod 2^v for each j.
+ assert(I_len % block_size == 0);
+ for (size_t i = 0; i < I_len; i += block_size) {
+ unsigned carry = 1;
+ for (size_t j = block_size - 1; j < block_size; j--) {
+ carry += I[i + j] + B[j];
+ I[i + j] = (uint8_t)carry;
+ carry >>= 8;
+ }
}
}
- }
- ret = 1;
+ ret = 1;
+ }
err:
OPENSSL_free(I);
@@ -260,8 +261,7 @@
if (!CBS_get_asn1(param, &pbe_param, CBS_ASN1_SEQUENCE) ||
!CBS_get_asn1(&pbe_param, &salt, CBS_ASN1_OCTETSTRING) ||
!CBS_get_asn1_uint64(&pbe_param, &iterations) ||
- CBS_len(&pbe_param) != 0 ||
- CBS_len(param) != 0) {
+ CBS_len(&pbe_param) != 0 || CBS_len(param) != 0) {
OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_DECODE_ERROR);
return 0;
}
@@ -319,8 +319,7 @@
for (unsigned i = 0; i < OPENSSL_ARRAY_SIZE(kBuiltinPBE); i++) {
if (kBuiltinPBE[i].pbe_nid == pbe_nid &&
// If |cipher_func| or |md_func| are missing, this is a PBES2 scheme.
- kBuiltinPBE[i].cipher_func != NULL &&
- kBuiltinPBE[i].md_func != NULL) {
+ kBuiltinPBE[i].cipher_func != NULL && kBuiltinPBE[i].md_func != NULL) {
return &kBuiltinPBE[i];
}
}
@@ -346,8 +345,7 @@
!CBB_add_asn1(&algorithm, ¶m, CBS_ASN1_SEQUENCE) ||
!CBB_add_asn1(¶m, &salt_cbb, CBS_ASN1_OCTETSTRING) ||
!CBB_add_bytes(&salt_cbb, salt, salt_len) ||
- !CBB_add_asn1_uint64(¶m, iterations) ||
- !CBB_flush(out)) {
+ !CBB_add_asn1_uint64(¶m, iterations) || !CBB_flush(out)) {
return 0;
}
@@ -359,17 +357,18 @@
const char *pass, size_t pass_len, const uint8_t *in,
size_t in_len) {
int ret = 0;
- uint8_t *buf = NULL;;
+ uint8_t *buf = NULL;
+ ;
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
CBS obj;
+ const struct pbe_suite *suite = NULL;
if (!CBS_get_asn1(algorithm, &obj, CBS_ASN1_OBJECT)) {
OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_DECODE_ERROR);
goto err;
}
- const struct pbe_suite *suite = NULL;
for (unsigned i = 0; i < OPENSSL_ARRAY_SIZE(kBuiltinPBE); i++) {
if (CBS_mem_equal(&obj, kBuiltinPBE[i].oid, kBuiltinPBE[i].oid_len)) {
suite = &kBuiltinPBE[i];
@@ -386,7 +385,7 @@
goto err;
}
- buf = OPENSSL_malloc(in_len);
+ buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(in_len));
if (buf == NULL) {
goto err;
}
@@ -450,74 +449,76 @@
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
- // Generate a random salt if necessary.
- if (salt == NULL) {
- if (salt_len == 0) {
- salt_len = PKCS5_SALT_LEN;
+ {
+ // Generate a random salt if necessary.
+ if (salt == NULL) {
+ if (salt_len == 0) {
+ salt_len = PKCS5_SALT_LEN;
+ }
+
+ salt_buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(salt_len));
+ if (salt_buf == NULL || !RAND_bytes(salt_buf, salt_len)) {
+ goto err;
+ }
+
+ salt = salt_buf;
}
- salt_buf = OPENSSL_malloc(salt_len);
- if (salt_buf == NULL ||
- !RAND_bytes(salt_buf, salt_len)) {
+ if (iterations <= 0) {
+ iterations = PKCS12_DEFAULT_ITER;
+ }
+
+ // Serialize the input key.
+ CBB plaintext_cbb;
+ if (!CBB_init(&plaintext_cbb, 128) ||
+ !EVP_marshal_private_key(&plaintext_cbb, pkey) ||
+ !CBB_finish(&plaintext_cbb, &plaintext, &plaintext_len)) {
+ CBB_cleanup(&plaintext_cbb);
goto err;
}
- salt = salt_buf;
- }
+ CBB epki;
+ if (!CBB_add_asn1(out, &epki, CBS_ASN1_SEQUENCE)) {
+ goto err;
+ }
- if (iterations <= 0) {
- iterations = PKCS12_DEFAULT_ITER;
- }
+ // TODO(davidben): OpenSSL has since extended |pbe_nid| to control either
+ // the PBES1 scheme or the PBES2 PRF. E.g. passing |NID_hmacWithSHA256| will
+ // select PBES2 with HMAC-SHA256 as the PRF. Implement this if anything uses
+ // it. See 5693a30813a031d3921a016a870420e7eb93ec90 in OpenSSL.
+ int alg_ok;
+ if (pbe_nid == -1) {
+ alg_ok =
+ PKCS5_pbe2_encrypt_init(&epki, &ctx, cipher, (uint32_t)iterations,
+ pass, pass_len, salt, salt_len);
+ } else {
+ alg_ok =
+ pkcs12_pbe_encrypt_init(&epki, &ctx, pbe_nid, (uint32_t)iterations,
+ pass, pass_len, salt, salt_len);
+ }
+ if (!alg_ok) {
+ goto err;
+ }
- // Serialize the input key.
- CBB plaintext_cbb;
- if (!CBB_init(&plaintext_cbb, 128) ||
- !EVP_marshal_private_key(&plaintext_cbb, pkey) ||
- !CBB_finish(&plaintext_cbb, &plaintext, &plaintext_len)) {
- CBB_cleanup(&plaintext_cbb);
- goto err;
- }
+ size_t max_out = plaintext_len + EVP_CIPHER_CTX_block_size(&ctx);
+ if (max_out < plaintext_len) {
+ OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_TOO_LONG);
+ goto err;
+ }
- CBB epki;
- if (!CBB_add_asn1(out, &epki, CBS_ASN1_SEQUENCE)) {
- goto err;
- }
+ CBB ciphertext;
+ uint8_t *ptr;
+ int n1, n2;
+ if (!CBB_add_asn1(&epki, &ciphertext, CBS_ASN1_OCTETSTRING) ||
+ !CBB_reserve(&ciphertext, &ptr, max_out) ||
+ !EVP_CipherUpdate(&ctx, ptr, &n1, plaintext, plaintext_len) ||
+ !EVP_CipherFinal_ex(&ctx, ptr + n1, &n2) ||
+ !CBB_did_write(&ciphertext, n1 + n2) || !CBB_flush(out)) {
+ goto err;
+ }
- // TODO(davidben): OpenSSL has since extended |pbe_nid| to control either the
- // PBES1 scheme or the PBES2 PRF. E.g. passing |NID_hmacWithSHA256| will
- // select PBES2 with HMAC-SHA256 as the PRF. Implement this if anything uses
- // it. See 5693a30813a031d3921a016a870420e7eb93ec90 in OpenSSL.
- int alg_ok;
- if (pbe_nid == -1) {
- alg_ok = PKCS5_pbe2_encrypt_init(&epki, &ctx, cipher, (uint32_t)iterations,
- pass, pass_len, salt, salt_len);
- } else {
- alg_ok = pkcs12_pbe_encrypt_init(&epki, &ctx, pbe_nid, (uint32_t)iterations,
- pass, pass_len, salt, salt_len);
+ ret = 1;
}
- if (!alg_ok) {
- goto err;
- }
-
- size_t max_out = plaintext_len + EVP_CIPHER_CTX_block_size(&ctx);
- if (max_out < plaintext_len) {
- OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_TOO_LONG);
- goto err;
- }
-
- CBB ciphertext;
- uint8_t *ptr;
- int n1, n2;
- if (!CBB_add_asn1(&epki, &ciphertext, CBS_ASN1_OCTETSTRING) ||
- !CBB_reserve(&ciphertext, &ptr, max_out) ||
- !EVP_CipherUpdate(&ctx, ptr, &n1, plaintext, plaintext_len) ||
- !EVP_CipherFinal_ex(&ctx, ptr + n1, &n2) ||
- !CBB_did_write(&ciphertext, n1 + n2) ||
- !CBB_flush(out)) {
- goto err;
- }
-
- ret = 1;
err:
OPENSSL_free(plaintext);
diff --git a/crypto/pkcs8/pkcs8_x509.c b/crypto/pkcs8/pkcs8_x509.cc
similarity index 90%
rename from crypto/pkcs8/pkcs8_x509.c
rename to crypto/pkcs8/pkcs8_x509.cc
index f17ee1f..21b710c 100644
--- a/crypto/pkcs8/pkcs8_x509.c
+++ b/crypto/pkcs8/pkcs8_x509.cc
@@ -57,14 +57,14 @@
#include <limits.h>
-#include <openssl/asn1t.h>
#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
#include <openssl/bio.h>
#include <openssl/buf.h>
#include <openssl/bytestring.h>
+#include <openssl/digest.h>
#include <openssl/err.h>
#include <openssl/evp.h>
-#include <openssl/digest.h>
#include <openssl/hmac.h>
#include <openssl/mem.h>
#include <openssl/rand.h>
@@ -126,13 +126,12 @@
CBB cbb;
uint8_t *der = NULL;
size_t der_len;
- if (!CBB_init(&cbb, 0) ||
- !EVP_marshal_private_key(&cbb, pkey) ||
- !CBB_finish(&cbb, &der, &der_len) ||
- der_len > LONG_MAX) {
+ if (!CBB_init(&cbb, 0) || !EVP_marshal_private_key(&cbb, pkey) ||
+ !CBB_finish(&cbb, &der, &der_len) || der_len > LONG_MAX) {
CBB_cleanup(&cbb);
OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_ENCODE_ERROR);
- goto err;
+ OPENSSL_free(der);
+ return NULL;
}
const uint8_t *p = der;
@@ -203,6 +202,7 @@
X509_SIG *ret = NULL;
uint8_t *der = NULL;
+ const uint8_t *ptr;
size_t der_len;
CBB cbb;
if (!CBB_init(&cbb, 128) ||
@@ -215,7 +215,7 @@
}
// Convert back to legacy ASN.1 objects.
- const uint8_t *ptr = der;
+ ptr = der;
ret = d2i_X509_SIG(NULL, &ptr, der_len);
if (ret == NULL || ptr != der + der_len) {
OPENSSL_PUT_ERROR(PKCS8, ERR_R_INTERNAL_ERROR);
@@ -255,8 +255,7 @@
}
CBS child;
- if (!CBS_get_asn1(&in, &child, CBS_ASN1_SEQUENCE) ||
- CBS_len(&in) != 0) {
+ if (!CBS_get_asn1(&in, &child, CBS_ASN1_SEQUENCE) || CBS_len(&in) != 0) {
OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA);
goto err;
}
@@ -318,8 +317,7 @@
CBS attr, oid, values;
if (!CBS_get_asn1(attrs, &attr, CBS_ASN1_SEQUENCE) ||
!CBS_get_asn1(&attr, &oid, CBS_ASN1_OBJECT) ||
- !CBS_get_asn1(&attr, &values, CBS_ASN1_SET) ||
- CBS_len(&attr) != 0) {
+ !CBS_get_asn1(&attr, &values, CBS_ASN1_SET) || CBS_len(&attr) != 0) {
OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA);
goto err;
}
@@ -328,8 +326,7 @@
CBS value;
if (*out_friendly_name != NULL ||
!CBS_get_asn1(&values, &value, CBS_ASN1_BMPSTRING) ||
- CBS_len(&values) != 0 ||
- CBS_len(&value) == 0) {
+ CBS_len(&values) != 0 || CBS_len(&value) == 0) {
OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA);
goto err;
}
@@ -340,8 +337,7 @@
}
while (CBS_len(&value) != 0) {
uint32_t c;
- if (!CBS_get_ucs2_be(&value, &c) ||
- !CBB_add_utf8(&cbb, c)) {
+ if (!CBS_get_ucs2_be(&value, &c) || !CBB_add_utf8(&cbb, c)) {
OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_INVALID_CHARACTERS);
CBB_cleanup(&cbb);
goto err;
@@ -454,8 +450,7 @@
int ok = friendly_name_len == 0 ||
X509_alias_set1(x509, friendly_name, friendly_name_len);
OPENSSL_free(friendly_name);
- if (!ok ||
- 0 == sk_X509_push(ctx->out_certs, x509)) {
+ if (!ok || 0 == sk_X509_push(ctx->out_certs, x509)) {
X509_free(x509);
return 0;
}
@@ -485,7 +480,7 @@
if (!CBS_get_asn1(content_info, &content_type, CBS_ASN1_OBJECT) ||
!CBS_get_asn1(content_info, &wrapped_contents,
- CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0) ||
+ CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0) ||
CBS_len(content_info) != 0) {
OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA);
goto err;
@@ -511,9 +506,9 @@
// AlgorithmIdentifier, see
// https://tools.ietf.org/html/rfc5280#section-4.1.1.2
!CBS_get_asn1(&eci, &ai, CBS_ASN1_SEQUENCE) ||
- !CBS_get_asn1_implicit_string(
- &eci, &encrypted_contents, &storage,
- CBS_ASN1_CONTEXT_SPECIFIC | 0, CBS_ASN1_OCTETSTRING)) {
+ !CBS_get_asn1_implicit_string(&eci, &encrypted_contents, &storage,
+ CBS_ASN1_CONTEXT_SPECIFIC | 0,
+ CBS_ASN1_OCTETSTRING)) {
OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA);
goto err;
}
@@ -605,8 +600,7 @@
// See ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf, section
// four.
- if (!CBS_get_asn1(&in, &pfx, CBS_ASN1_SEQUENCE) ||
- CBS_len(&in) != 0 ||
+ if (!CBS_get_asn1(&in, &pfx, CBS_ASN1_SEQUENCE) || CBS_len(&in) != 0 ||
!CBS_get_asn1_uint64(&pfx, &version)) {
OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA);
goto err;
@@ -636,7 +630,7 @@
// https://tools.ietf.org/html/rfc2315#section-7.
if (!CBS_get_asn1(&authsafe, &content_type, CBS_ASN1_OBJECT) ||
!CBS_get_asn1(&authsafe, &wrapped_authsafes,
- CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0)) {
+ CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0)) {
OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA);
goto err;
}
@@ -742,12 +736,13 @@
PKCS12 *d2i_PKCS12(PKCS12 **out_p12, const uint8_t **ber_bytes,
size_t ber_len) {
- PKCS12 *p12 = OPENSSL_malloc(sizeof(PKCS12));
+ PKCS12 *p12 = reinterpret_cast<PKCS12 *>(OPENSSL_malloc(sizeof(PKCS12)));
if (!p12) {
return NULL;
}
- p12->ber_bytes = OPENSSL_memdup(*ber_bytes, ber_len);
+ p12->ber_bytes =
+ reinterpret_cast<uint8_t *>(OPENSSL_memdup(*ber_bytes, ber_len));
if (!p12->ber_bytes) {
OPENSSL_free(p12);
return NULL;
@@ -764,7 +759,7 @@
return p12;
}
-PKCS12* d2i_PKCS12_bio(BIO *bio, PKCS12 **out_p12) {
+PKCS12 *d2i_PKCS12_bio(BIO *bio, PKCS12 **out_p12) {
size_t used = 0;
BUF_MEM *buf;
const uint8_t *dummy;
@@ -801,13 +796,12 @@
continue;
}
- if (buf->length > kMaxSize ||
- BUF_MEM_grow(buf, buf->length * 2) == 0) {
+ if (buf->length > kMaxSize || BUF_MEM_grow(buf, buf->length * 2) == 0) {
goto out;
}
}
- dummy = (uint8_t*) buf->data;
+ dummy = (uint8_t *)buf->data;
ret = d2i_PKCS12(out_p12, &dummy, used);
out:
@@ -815,7 +809,7 @@
return ret;
}
-PKCS12* d2i_PKCS12_fp(FILE *fp, PKCS12 **out_p12) {
+PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **out_p12) {
BIO *bio;
PKCS12 *ret;
@@ -840,7 +834,8 @@
}
if (*out == NULL) {
- *out = OPENSSL_memdup(p12->ber_bytes, p12->ber_len);
+ *out = reinterpret_cast<uint8_t *>(
+ OPENSSL_memdup(p12->ber_bytes, p12->ber_len));
if (*out == NULL) {
return -1;
}
@@ -968,8 +963,7 @@
CBS_init(&name_cbs, (const uint8_t *)name, name_len);
while (CBS_len(&name_cbs) != 0) {
uint32_t c;
- if (!CBS_get_utf8(&name_cbs, &c) ||
- !CBB_add_ucs2_be(&value, c)) {
+ if (!CBS_get_utf8(&name_cbs, &c) || !CBB_add_ucs2_be(&value, c)) {
OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_INVALID_CHARACTERS);
return 0;
}
@@ -986,14 +980,13 @@
return 0;
}
}
- return CBB_flush_asn1_set_of(&attrs) &&
- CBB_flush(bag);
+ return CBB_flush_asn1_set_of(&attrs) && CBB_flush(bag);
}
static int add_cert_bag(CBB *cbb, X509 *cert, const char *name,
const uint8_t *key_id, size_t key_id_len) {
CBB bag, bag_oid, bag_contents, cert_bag, cert_type, wrapped_cert, cert_value;
- if (// See https://tools.ietf.org/html/rfc7292#section-4.2.
+ if ( // See https://tools.ietf.org/html/rfc7292#section-4.2.
!CBB_add_asn1(cbb, &bag, CBS_ASN1_SEQUENCE) ||
!CBB_add_asn1(&bag, &bag_oid, CBS_ASN1_OBJECT) ||
!CBB_add_bytes(&bag_oid, kCertBag, sizeof(kCertBag)) ||
@@ -1024,8 +1017,7 @@
name = cert_name;
}
- if (len < 0 ||
- !CBB_add_space(&cert_value, &buf, (size_t)len) ||
+ if (len < 0 || !CBB_add_space(&cert_value, &buf, (size_t)len) ||
i2d_X509(cert, &buf) < 0 ||
!add_bag_attributes(&bag, name, name_len, key_id, key_id_len) ||
!CBB_flush(cbb)) {
@@ -1067,7 +1059,7 @@
EVP_CIPHER_CTX_init(&ctx);
CBB content_info, type, wrapper, encrypted_data, encrypted_content_info,
inner_type, encrypted_content;
- if (// Add the ContentInfo wrapping.
+ if ( // Add the ContentInfo wrapping.
!CBB_add_asn1(out, &content_info, CBS_ASN1_SEQUENCE) ||
!CBB_add_asn1(&content_info, &type, CBS_ASN1_OBJECT) ||
!CBB_add_bytes(&type, kPKCS7EncryptedData, sizeof(kPKCS7EncryptedData)) ||
@@ -1092,20 +1084,21 @@
goto err;
}
- size_t max_out = in_len + EVP_CIPHER_CTX_block_size(&ctx);
- if (max_out < in_len) {
- OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_TOO_LONG);
- goto err;
- }
+ {
+ size_t max_out = in_len + EVP_CIPHER_CTX_block_size(&ctx);
+ if (max_out < in_len) {
+ OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_TOO_LONG);
+ goto err;
+ }
- uint8_t *ptr;
- int n1, n2;
- if (!CBB_reserve(&encrypted_content, &ptr, max_out) ||
- !EVP_CipherUpdate(&ctx, ptr, &n1, in, in_len) ||
- !EVP_CipherFinal_ex(&ctx, ptr + n1, &n2) ||
- !CBB_did_write(&encrypted_content, n1 + n2) ||
- !CBB_flush(out)) {
- goto err;
+ uint8_t *ptr;
+ int n1, n2;
+ if (!CBB_reserve(&encrypted_content, &ptr, max_out) ||
+ !EVP_CipherUpdate(&ctx, ptr, &n1, in, in_len) ||
+ !EVP_CipherFinal_ex(&ctx, ptr + n1, &n2) ||
+ !CBB_did_write(&encrypted_content, n1 + n2) || !CBB_flush(out)) {
+ goto err;
+ }
}
ret = 1;
@@ -1117,7 +1110,7 @@
PKCS12 *PKCS12_create(const char *password, const char *name,
const EVP_PKEY *pkey, X509 *cert,
- const STACK_OF(X509)* chain, int key_nid, int cert_nid,
+ const STACK_OF(X509) *chain, int key_nid, int cert_nid,
int iterations, int mac_iterations, int key_type) {
if (key_nid == 0) {
key_nid = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
@@ -1131,8 +1124,8 @@
if (mac_iterations == 0) {
mac_iterations = 1;
}
- if (// In OpenSSL, this specifies a non-standard Microsoft key usage extension
- // which we do not currently support.
+ if ( // In OpenSSL, this specifies a non-standard Microsoft key usage
+ // extension which we do not currently support.
key_type != 0 ||
// In OpenSSL, -1 here means to omit the MAC, which we do not
// currently support. Omitting it is also invalid for a password-based
@@ -1196,8 +1189,7 @@
CBB cbb, pfx, auth_safe, auth_safe_oid, auth_safe_wrapper, auth_safe_data,
content_infos;
uint8_t mac_key[EVP_MAX_MD_SIZE];
- if (!CBB_init(&cbb, 0) ||
- !CBB_add_asn1(&cbb, &pfx, CBS_ASN1_SEQUENCE) ||
+ if (!CBB_init(&cbb, 0) || !CBB_add_asn1(&cbb, &pfx, CBS_ASN1_SEQUENCE) ||
!CBB_add_asn1_uint64(&pfx, 3) ||
// auth_safe is a data ContentInfo.
!CBB_add_asn1(&pfx, &auth_safe, CBS_ASN1_SEQUENCE) ||
@@ -1256,7 +1248,7 @@
if (pkey != NULL) {
CBB content_info, oid, wrapper, data, safe_contents, bag, bag_oid,
bag_contents;
- if (// Add another data ContentInfo.
+ if ( // Add another data ContentInfo.
!CBB_add_asn1(&content_infos, &content_info, CBS_ASN1_SEQUENCE) ||
!CBB_add_asn1(&content_info, &oid, CBS_ASN1_OBJECT) ||
!CBB_add_bytes(&oid, kPKCS7Data, sizeof(kPKCS7Data)) ||
@@ -1298,43 +1290,44 @@
}
}
- // Compute the MAC. Match OpenSSL in using SHA-1 as the hash function. The MAC
- // covers |auth_safe_data|.
- const EVP_MD *mac_md = EVP_sha1();
- uint8_t mac_salt[PKCS5_SALT_LEN];
- uint8_t mac[EVP_MAX_MD_SIZE];
- unsigned mac_len;
- if (!CBB_flush(&auth_safe_data) ||
- !RAND_bytes(mac_salt, sizeof(mac_salt)) ||
- !pkcs12_key_gen(password, password_len, mac_salt, sizeof(mac_salt),
- PKCS12_MAC_ID, mac_iterations, EVP_MD_size(mac_md),
- mac_key, mac_md) ||
- !HMAC(mac_md, mac_key, EVP_MD_size(mac_md), CBB_data(&auth_safe_data),
- CBB_len(&auth_safe_data), mac, &mac_len)) {
- goto err;
- }
+ {
+ // Compute the MAC. Match OpenSSL in using SHA-1 as the hash function. The
+ // MAC covers |auth_safe_data|.
+ const EVP_MD *mac_md = EVP_sha1();
+ uint8_t mac_salt[PKCS5_SALT_LEN];
+ uint8_t mac[EVP_MAX_MD_SIZE];
+ unsigned mac_len;
+ if (!CBB_flush(&auth_safe_data) ||
+ !RAND_bytes(mac_salt, sizeof(mac_salt)) ||
+ !pkcs12_key_gen(password, password_len, mac_salt, sizeof(mac_salt),
+ PKCS12_MAC_ID, mac_iterations, EVP_MD_size(mac_md),
+ mac_key, mac_md) ||
+ !HMAC(mac_md, mac_key, EVP_MD_size(mac_md), CBB_data(&auth_safe_data),
+ CBB_len(&auth_safe_data), mac, &mac_len)) {
+ goto err;
+ }
- CBB mac_data, digest_info, mac_cbb, mac_salt_cbb;
- if (!CBB_add_asn1(&pfx, &mac_data, CBS_ASN1_SEQUENCE) ||
- !CBB_add_asn1(&mac_data, &digest_info, CBS_ASN1_SEQUENCE) ||
- !EVP_marshal_digest_algorithm(&digest_info, mac_md) ||
- !CBB_add_asn1(&digest_info, &mac_cbb, CBS_ASN1_OCTETSTRING) ||
- !CBB_add_bytes(&mac_cbb, mac, mac_len) ||
- !CBB_add_asn1(&mac_data, &mac_salt_cbb, CBS_ASN1_OCTETSTRING) ||
- !CBB_add_bytes(&mac_salt_cbb, mac_salt, sizeof(mac_salt)) ||
- // The iteration count has a DEFAULT of 1, but RFC 7292 says "The default
- // is for historical reasons and its use is deprecated." Thus we
- // explicitly encode the iteration count, though it is not valid DER.
- !CBB_add_asn1_uint64(&mac_data, mac_iterations)) {
- goto err;
- }
+ CBB mac_data, digest_info, mac_cbb, mac_salt_cbb;
+ if (!CBB_add_asn1(&pfx, &mac_data, CBS_ASN1_SEQUENCE) ||
+ !CBB_add_asn1(&mac_data, &digest_info, CBS_ASN1_SEQUENCE) ||
+ !EVP_marshal_digest_algorithm(&digest_info, mac_md) ||
+ !CBB_add_asn1(&digest_info, &mac_cbb, CBS_ASN1_OCTETSTRING) ||
+ !CBB_add_bytes(&mac_cbb, mac, mac_len) ||
+ !CBB_add_asn1(&mac_data, &mac_salt_cbb, CBS_ASN1_OCTETSTRING) ||
+ !CBB_add_bytes(&mac_salt_cbb, mac_salt, sizeof(mac_salt)) ||
+ // The iteration count has a DEFAULT of 1, but RFC 7292 says "The
+ // default is for historical reasons and its use is deprecated." Thus we
+ // explicitly encode the iteration count, though it is not valid DER.
+ !CBB_add_asn1_uint64(&mac_data, mac_iterations)) {
+ goto err;
+ }
- ret = OPENSSL_malloc(sizeof(PKCS12));
- if (ret == NULL ||
- !CBB_finish(&cbb, &ret->ber_bytes, &ret->ber_len)) {
- OPENSSL_free(ret);
- ret = NULL;
- goto err;
+ ret = reinterpret_cast<PKCS12 *>(OPENSSL_malloc(sizeof(PKCS12)));
+ if (ret == NULL || !CBB_finish(&cbb, &ret->ber_bytes, &ret->ber_len)) {
+ OPENSSL_free(ret);
+ ret = NULL;
+ goto err;
+ }
}
err:
diff --git a/crypto/poly1305/poly1305.c b/crypto/poly1305/poly1305.cc
similarity index 98%
rename from crypto/poly1305/poly1305.c
rename to crypto/poly1305/poly1305.cc
index 12f49bb..9f2a9b9 100644
--- a/crypto/poly1305/poly1305.c
+++ b/crypto/poly1305/poly1305.cc
@@ -21,8 +21,8 @@
#include <assert.h>
#include <string.h>
-#include "internal.h"
#include "../internal.h"
+#include "internal.h"
#if !defined(BORINGSSL_HAS_UINT128) || !defined(OPENSSL_X86_64)
@@ -44,7 +44,7 @@
static inline struct poly1305_state_st *poly1305_aligned_state(
poly1305_state *state) {
- return align_pointer(state, 64);
+ return reinterpret_cast<poly1305_state_st *>(align_pointer(state, 64));
}
// poly1305_blocks updates |state| given some amount of input data. This
diff --git a/crypto/poly1305/poly1305_arm.c b/crypto/poly1305/poly1305_arm.cc
similarity index 98%
rename from crypto/poly1305/poly1305_arm.c
rename to crypto/poly1305/poly1305_arm.cc
index d01e0b7..7ec44aa 100644
--- a/crypto/poly1305/poly1305_arm.c
+++ b/crypto/poly1305/poly1305_arm.cc
@@ -33,11 +33,13 @@
#define addmulmod openssl_poly1305_neon2_addmulmod
#define blocks openssl_poly1305_neon2_blocks
+extern "C" {
extern void addmulmod(fe1305x2 *r, const fe1305x2 *x, const fe1305x2 *y,
const fe1305x2 *c);
extern int blocks(fe1305x2 *h, const fe1305x2 *precomp, const uint8_t *in,
size_t inlen);
+}
static void freeze(fe1305x2 *r) {
int i;
@@ -175,7 +177,7 @@
}
}
-static const alignas(16) fe1305x2 zero;
+static const fe1305x2 zero alignas(16) = {0};
struct poly1305_state_st {
uint8_t data[sizeof(fe1305x2[5]) + 128];
diff --git a/crypto/poly1305/poly1305_vec.c b/crypto/poly1305/poly1305_vec.cc
similarity index 100%
rename from crypto/poly1305/poly1305_vec.c
rename to crypto/poly1305/poly1305_vec.cc
diff --git a/crypto/pool/pool.c b/crypto/pool/pool.cc
similarity index 91%
rename from crypto/pool/pool.c
rename to crypto/pool/pool.cc
index fc04840..14f35fb 100644
--- a/crypto/pool/pool.c
+++ b/crypto/pool/pool.cc
@@ -41,8 +41,9 @@
return OPENSSL_memcmp(a->data, b->data, a->len);
}
-CRYPTO_BUFFER_POOL* CRYPTO_BUFFER_POOL_new(void) {
- CRYPTO_BUFFER_POOL *pool = OPENSSL_zalloc(sizeof(CRYPTO_BUFFER_POOL));
+CRYPTO_BUFFER_POOL *CRYPTO_BUFFER_POOL_new(void) {
+ CRYPTO_BUFFER_POOL *pool = reinterpret_cast<CRYPTO_BUFFER_POOL *>(
+ OPENSSL_zalloc(sizeof(CRYPTO_BUFFER_POOL)));
if (pool == NULL) {
return NULL;
}
@@ -87,7 +88,7 @@
CRYPTO_BUFFER_POOL *pool) {
if (pool != NULL) {
CRYPTO_BUFFER tmp;
- tmp.data = (uint8_t *) data;
+ tmp.data = (uint8_t *)data;
tmp.len = len;
tmp.pool = pool;
@@ -108,7 +109,8 @@
}
}
- CRYPTO_BUFFER *const buf = OPENSSL_zalloc(sizeof(CRYPTO_BUFFER));
+ CRYPTO_BUFFER *const buf =
+ reinterpret_cast<CRYPTO_BUFFER *>(OPENSSL_zalloc(sizeof(CRYPTO_BUFFER)));
if (buf == NULL) {
return NULL;
}
@@ -117,7 +119,7 @@
buf->data = (uint8_t *)data;
buf->data_is_static = 1;
} else {
- buf->data = OPENSSL_memdup(data, len);
+ buf->data = reinterpret_cast<uint8_t *>(OPENSSL_memdup(data, len));
if (len != 0 && buf->data == NULL) {
OPENSSL_free(buf);
return NULL;
@@ -168,12 +170,13 @@
}
CRYPTO_BUFFER *CRYPTO_BUFFER_alloc(uint8_t **out_data, size_t len) {
- CRYPTO_BUFFER *const buf = OPENSSL_zalloc(sizeof(CRYPTO_BUFFER));
+ CRYPTO_BUFFER *const buf =
+ reinterpret_cast<CRYPTO_BUFFER *>(OPENSSL_zalloc(sizeof(CRYPTO_BUFFER)));
if (buf == NULL) {
return NULL;
}
- buf->data = OPENSSL_malloc(len);
+ buf->data = reinterpret_cast<uint8_t *>(OPENSSL_malloc(len));
if (len != 0 && buf->data == NULL) {
OPENSSL_free(buf);
return NULL;
@@ -252,9 +255,7 @@
return buf->data;
}
-size_t CRYPTO_BUFFER_len(const CRYPTO_BUFFER *buf) {
- return buf->len;
-}
+size_t CRYPTO_BUFFER_len(const CRYPTO_BUFFER *buf) { return buf->len; }
void CRYPTO_BUFFER_init_CBS(const CRYPTO_BUFFER *buf, CBS *out) {
CBS_init(out, buf->data, buf->len);
diff --git a/crypto/rand_extra/deterministic.c b/crypto/rand_extra/deterministic.cc
similarity index 97%
rename from crypto/rand_extra/deterministic.c
rename to crypto/rand_extra/deterministic.cc
index d31d52b..c6baffc 100644
--- a/crypto/rand_extra/deterministic.c
+++ b/crypto/rand_extra/deterministic.cc
@@ -39,7 +39,7 @@
void CRYPTO_init_sysrand(void) {}
void CRYPTO_sysrand(uint8_t *out, size_t requested) {
- static const uint8_t kZeroKey[32];
+ static const uint8_t kZeroKey[32] = {0};
CRYPTO_MUTEX_lock_write(&g_num_calls_lock);
uint64_t num_calls = g_num_calls++;
diff --git a/crypto/rand_extra/fork_detect.c b/crypto/rand_extra/fork_detect.cc
similarity index 95%
rename from crypto/rand_extra/fork_detect.c
rename to crypto/rand_extra/fork_detect.cc
index 99be497..af1e607 100644
--- a/crypto/rand_extra/fork_detect.c
+++ b/crypto/rand_extra/fork_detect.cc
@@ -19,20 +19,20 @@
#include "../bcm_support.h"
#if defined(OPENSSL_FORK_DETECTION_MADVISE)
-#include <unistd.h>
-#include <stdlib.h>
#include <assert.h>
+#include <stdlib.h>
#include <sys/mman.h>
+#include <unistd.h>
#if defined(MADV_WIPEONFORK)
static_assert(MADV_WIPEONFORK == 18, "MADV_WIPEONFORK is not 18");
#else
#define MADV_WIPEONFORK 18
#endif
#elif defined(OPENSSL_FORK_DETECTION_PTHREAD_ATFORK)
-#include <unistd.h>
-#include <stdlib.h>
#include <pthread.h>
-#endif // OPENSSL_FORK_DETECTION_MADVISE
+#include <stdlib.h>
+#include <unistd.h>
+#endif // OPENSSL_FORK_DETECTION_PTHREAD_ATFORK
#include "../internal.h"
@@ -41,7 +41,7 @@
static int g_force_madv_wipeonfork_enabled;
static CRYPTO_once_t g_fork_detect_once = CRYPTO_ONCE_INIT;
static CRYPTO_MUTEX g_fork_detect_lock = CRYPTO_MUTEX_INIT;
-static CRYPTO_atomic_u32 * g_fork_detect_addr;
+static CRYPTO_atomic_u32 *g_fork_detect_addr;
static uint64_t g_fork_generation;
static void init_fork_detect(void) {
@@ -71,10 +71,10 @@
return;
}
- CRYPTO_atomic_store_u32(addr, 1);
- g_fork_detect_addr = addr;
+ CRYPTO_atomic_u32 *const atomic = reinterpret_cast<CRYPTO_atomic_u32 *>(addr);
+ CRYPTO_atomic_store_u32(atomic, 1);
+ g_fork_detect_addr = atomic;
g_fork_generation = 1;
-
}
uint64_t CRYPTO_get_fork_generation(void) {
@@ -95,8 +95,7 @@
if (flag_ptr == NULL) {
// Our kernel is too old to support |MADV_WIPEONFORK| or
// |g_force_madv_wipeonfork| is set.
- if (g_force_madv_wipeonfork &&
- g_force_madv_wipeonfork_enabled) {
+ if (g_force_madv_wipeonfork && g_force_madv_wipeonfork_enabled) {
// A constant generation number to simulate support, even if the kernel
// doesn't support it.
return 42;
diff --git a/crypto/rand_extra/forkunsafe.c b/crypto/rand_extra/forkunsafe.cc
similarity index 96%
rename from crypto/rand_extra/forkunsafe.c
rename to crypto/rand_extra/forkunsafe.cc
index 5bdcad3..7161bb9 100644
--- a/crypto/rand_extra/forkunsafe.c
+++ b/crypto/rand_extra/forkunsafe.cc
@@ -22,7 +22,7 @@
// g_buffering_enabled is one if fork-unsafe buffering has been enabled and zero
// otherwise.
-static CRYPTO_atomic_u32 g_buffering_enabled = 0;
+static CRYPTO_atomic_u32 g_buffering_enabled;
#if !defined(OPENSSL_WINDOWS)
void RAND_enable_fork_unsafe_buffering(int fd) {
diff --git a/crypto/rand_extra/getentropy.c b/crypto/rand_extra/getentropy.cc
similarity index 100%
rename from crypto/rand_extra/getentropy.c
rename to crypto/rand_extra/getentropy.cc
diff --git a/crypto/rand_extra/ios.c b/crypto/rand_extra/ios.cc
similarity index 100%
rename from crypto/rand_extra/ios.c
rename to crypto/rand_extra/ios.cc
diff --git a/crypto/rand_extra/passive.c b/crypto/rand_extra/passive.cc
similarity index 86%
rename from crypto/rand_extra/passive.c
rename to crypto/rand_extra/passive.cc
index 08e0ad2..ba4aaaf 100644
--- a/crypto/rand_extra/passive.c
+++ b/crypto/rand_extra/passive.cc
@@ -14,12 +14,14 @@
#include <openssl/ctrdrbg.h>
-#include "../fipsmodule/bcm_interface.h"
#include "../bcm_support.h"
+#include "../fipsmodule/bcm_interface.h"
#include "../internal.h"
#if defined(BORINGSSL_FIPS)
+#include <atomic>
+
// passive_get_seed_entropy writes |out_entropy_len| bytes of entropy, suitable
// for seeding a DRBG, to |out_entropy|. It sets |*out_used_cpu| to one if the
// entropy came directly from the CPU and zero if it came from the OS. It
@@ -41,7 +43,6 @@
#if defined(OPENSSL_ANDROID)
#include <errno.h>
-#include <stdatomic.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <sys/un.h>
@@ -52,7 +53,7 @@
// sticky so if the first attempt to read from the daemon fails it's assumed
// that the daemon is not present and no more attempts will be made. If the
// first attempt is successful then attempts will be made forever more.
-enum socket_history_t {
+enum class socket_history_t {
// initial value, no connections to the entropy daemon have been made yet.
socket_not_yet_attempted = 0,
// reading from the entropy daemon was successful
@@ -61,8 +62,8 @@
socket_failed,
};
-static _Atomic enum socket_history_t g_socket_history =
- socket_not_yet_attempted;
+static std::atomic<socket_history_t> g_socket_history{
+ socket_history_t::socket_not_yet_attempted};
// DAEMON_RESPONSE_LEN is the number of bytes that the entropy daemon replies
// with.
@@ -78,31 +79,31 @@
abort();
}
- const enum socket_history_t socket_history = atomic_load(&g_socket_history);
- if (socket_history == socket_failed) {
+ const socket_history_t socket_history =
+ g_socket_history.load(std::memory_order_acquire);
+ if (socket_history == socket_history_t::socket_failed) {
return 0;
}
int ret = 0;
+ static const char kSocketPath[] = "/dev/socket/prng_seeder";
+ struct sockaddr_un sun;
+ uint8_t buffer[DAEMON_RESPONSE_LEN];
+ size_t done = 0;
const int sock = socket(AF_UNIX, SOCK_STREAM, 0);
if (sock < 0) {
goto out;
}
- struct sockaddr_un sun;
memset(&sun, 0, sizeof(sun));
sun.sun_family = AF_UNIX;
- static const char kSocketPath[] = "/dev/socket/prng_seeder";
- static_assert(sizeof(kSocketPath) <= UNIX_PATH_MAX,
- "kSocketPath too long");
+ static_assert(sizeof(kSocketPath) <= UNIX_PATH_MAX, "kSocketPath too long");
OPENSSL_memcpy(sun.sun_path, kSocketPath, sizeof(kSocketPath));
if (connect(sock, (struct sockaddr *)&sun, sizeof(sun))) {
goto out;
}
- uint8_t buffer[DAEMON_RESPONSE_LEN];
- size_t done = 0;
while (done < sizeof(buffer)) {
ssize_t n;
do {
@@ -126,12 +127,15 @@
ret = 1;
out:
- if (socket_history == socket_not_yet_attempted) {
- enum socket_history_t expected = socket_history;
+ if (socket_history == socket_history_t::socket_not_yet_attempted) {
+ socket_history_t expected = socket_history_t::socket_not_yet_attempted;
// If another thread has already updated |g_socket_history| then we defer
// to their value.
- atomic_compare_exchange_strong(&g_socket_history, &expected,
- (ret == 0) ? socket_failed : socket_success);
+ g_socket_history.compare_exchange_strong(
+ expected,
+ (ret == 0) ? socket_history_t::socket_failed
+ : socket_history_t::socket_success,
+ std::memory_order_release, std::memory_order_relaxed);
}
close(sock);
diff --git a/crypto/rand_extra/rand_extra.c b/crypto/rand_extra/rand_extra.cc
similarity index 100%
rename from crypto/rand_extra/rand_extra.c
rename to crypto/rand_extra/rand_extra.cc
diff --git a/crypto/rand_extra/trusty.c b/crypto/rand_extra/trusty.cc
similarity index 100%
rename from crypto/rand_extra/trusty.c
rename to crypto/rand_extra/trusty.cc
diff --git a/crypto/rand_extra/urandom.c b/crypto/rand_extra/urandom.cc
similarity index 98%
rename from crypto/rand_extra/urandom.c
rename to crypto/rand_extra/urandom.cc
index 8ad0e96..059f9ae 100644
--- a/crypto/rand_extra/urandom.c
+++ b/crypto/rand_extra/urandom.cc
@@ -59,17 +59,19 @@
#endif
#endif // OPENSSL_LINUX
-#include <openssl/thread.h>
#include <openssl/mem.h>
+#include <openssl/thread.h>
-#include "getrandom_fillin.h"
#include "../internal.h"
+#include "getrandom_fillin.h"
#if defined(USE_NR_getrandom)
#if defined(OPENSSL_MSAN)
+extern "C" {
void __msan_unpoison(void *, size_t);
+}
#endif
static ssize_t boringssl_getrandom(void *buf, size_t buf_len, unsigned flags) {
@@ -254,7 +256,7 @@
}
#endif
-#if defined (USE_NR_getrandom)
+#if defined(USE_NR_getrandom)
if (seed) {
getrandom_flags |= extra_getrandom_flags_for_seed;
}
@@ -294,9 +296,7 @@
return 1;
}
-void CRYPTO_init_sysrand(void) {
- CRYPTO_once(&rand_once, init_once);
-}
+void CRYPTO_init_sysrand(void) { CRYPTO_once(&rand_once, init_once); }
// CRYPTO_sysrand puts |requested| random bytes into |out|.
void CRYPTO_sysrand(uint8_t *out, size_t requested) {
diff --git a/crypto/rand_extra/windows.c b/crypto/rand_extra/windows.cc
similarity index 100%
rename from crypto/rand_extra/windows.c
rename to crypto/rand_extra/windows.cc
diff --git a/crypto/rc4/rc4.c b/crypto/rc4/rc4.cc
similarity index 100%
rename from crypto/rc4/rc4.c
rename to crypto/rc4/rc4.cc
diff --git a/crypto/refcount.c b/crypto/refcount.cc
similarity index 100%
rename from crypto/refcount.c
rename to crypto/refcount.cc
diff --git a/crypto/rsa_extra/rsa_asn1.c b/crypto/rsa_extra/rsa_asn1.cc
similarity index 100%
rename from crypto/rsa_extra/rsa_asn1.c
rename to crypto/rsa_extra/rsa_asn1.cc
diff --git a/crypto/rsa_extra/rsa_crypt.c b/crypto/rsa_extra/rsa_crypt.cc
similarity index 83%
rename from crypto/rsa_extra/rsa_crypt.c
rename to crypto/rsa_extra/rsa_crypt.cc
index 742284d..68fcf6e 100644
--- a/crypto/rsa_extra/rsa_crypt.c
+++ b/crypto/rsa_extra/rsa_crypt.cc
@@ -58,12 +58,12 @@
#include <limits.h>
-#include <openssl/err.h>
-#include <openssl/rsa.h>
#include <openssl/bn.h>
-#include <openssl/rand.h>
-#include <openssl/mem.h>
+#include <openssl/err.h>
#include <openssl/evp.h>
+#include <openssl/mem.h>
+#include <openssl/rand.h>
+#include <openssl/rsa.h>
#include "../fipsmodule/bn/internal.h"
#include "../fipsmodule/rsa/internal.h"
@@ -128,7 +128,7 @@
goto out;
}
- dbmask = OPENSSL_malloc(emlen - mdlen);
+ dbmask = reinterpret_cast<uint8_t *>(OPENSSL_malloc(emlen - mdlen));
if (dbmask == NULL) {
goto out;
}
@@ -161,91 +161,94 @@
const EVP_MD *mgf1md) {
uint8_t *db = NULL;
- if (md == NULL) {
- md = EVP_sha1();
+ {
+ if (md == NULL) {
+ md = EVP_sha1();
+ }
+ if (mgf1md == NULL) {
+ mgf1md = md;
+ }
+
+ size_t mdlen = EVP_MD_size(md);
+
+ // The encoded message is one byte smaller than the modulus to ensure that
+ // it doesn't end up greater than the modulus. Thus there's an extra "+1"
+ // here compared to https://tools.ietf.org/html/rfc2437#section-9.1.1.2.
+ if (from_len < 1 + 2 * mdlen + 1) {
+ // 'from_len' is the length of the modulus, i.e. does not depend on the
+ // particular ciphertext.
+ goto decoding_err;
+ }
+
+ size_t dblen = from_len - mdlen - 1;
+ db = reinterpret_cast<uint8_t *>(OPENSSL_malloc(dblen));
+ if (db == NULL) {
+ goto err;
+ }
+
+ const uint8_t *maskedseed = from + 1;
+ const uint8_t *maskeddb = from + 1 + mdlen;
+
+ uint8_t seed[EVP_MAX_MD_SIZE];
+ if (!PKCS1_MGF1(seed, mdlen, maskeddb, dblen, mgf1md)) {
+ goto err;
+ }
+ for (size_t i = 0; i < mdlen; i++) {
+ seed[i] ^= maskedseed[i];
+ }
+
+ if (!PKCS1_MGF1(db, dblen, seed, mdlen, mgf1md)) {
+ goto err;
+ }
+ for (size_t i = 0; i < dblen; i++) {
+ db[i] ^= maskeddb[i];
+ }
+
+ uint8_t phash[EVP_MAX_MD_SIZE];
+ if (!EVP_Digest(param, param_len, phash, NULL, md, NULL)) {
+ goto err;
+ }
+
+ crypto_word_t bad =
+ ~constant_time_is_zero_w(CRYPTO_memcmp(db, phash, mdlen));
+ bad |= ~constant_time_is_zero_w(from[0]);
+
+ crypto_word_t looking_for_one_byte = CONSTTIME_TRUE_W;
+ size_t one_index = 0;
+ for (size_t i = mdlen; i < dblen; i++) {
+ crypto_word_t equals1 = constant_time_eq_w(db[i], 1);
+ crypto_word_t equals0 = constant_time_eq_w(db[i], 0);
+ one_index =
+ constant_time_select_w(looking_for_one_byte & equals1, i, one_index);
+ looking_for_one_byte =
+ constant_time_select_w(equals1, 0, looking_for_one_byte);
+ bad |= looking_for_one_byte & ~equals0;
+ }
+
+ bad |= looking_for_one_byte;
+
+ // Whether the overall padding was valid or not in OAEP is public.
+ if (constant_time_declassify_w(bad)) {
+ goto decoding_err;
+ }
+
+ // Once the padding is known to be valid, the output length is also public.
+ static_assert(sizeof(size_t) <= sizeof(crypto_word_t),
+ "size_t does not fit in crypto_word_t");
+ one_index = constant_time_declassify_w(one_index);
+
+ one_index++;
+ size_t mlen = dblen - one_index;
+ if (max_out < mlen) {
+ OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE);
+ goto err;
+ }
+
+ OPENSSL_memcpy(out, db + one_index, mlen);
+ *out_len = mlen;
+ OPENSSL_free(db);
+ return 1;
}
- if (mgf1md == NULL) {
- mgf1md = md;
- }
-
- size_t mdlen = EVP_MD_size(md);
-
- // The encoded message is one byte smaller than the modulus to ensure that it
- // doesn't end up greater than the modulus. Thus there's an extra "+1" here
- // compared to https://tools.ietf.org/html/rfc2437#section-9.1.1.2.
- if (from_len < 1 + 2 * mdlen + 1) {
- // 'from_len' is the length of the modulus, i.e. does not depend on the
- // particular ciphertext.
- goto decoding_err;
- }
-
- size_t dblen = from_len - mdlen - 1;
- db = OPENSSL_malloc(dblen);
- if (db == NULL) {
- goto err;
- }
-
- const uint8_t *maskedseed = from + 1;
- const uint8_t *maskeddb = from + 1 + mdlen;
-
- uint8_t seed[EVP_MAX_MD_SIZE];
- if (!PKCS1_MGF1(seed, mdlen, maskeddb, dblen, mgf1md)) {
- goto err;
- }
- for (size_t i = 0; i < mdlen; i++) {
- seed[i] ^= maskedseed[i];
- }
-
- if (!PKCS1_MGF1(db, dblen, seed, mdlen, mgf1md)) {
- goto err;
- }
- for (size_t i = 0; i < dblen; i++) {
- db[i] ^= maskeddb[i];
- }
-
- uint8_t phash[EVP_MAX_MD_SIZE];
- if (!EVP_Digest(param, param_len, phash, NULL, md, NULL)) {
- goto err;
- }
-
- crypto_word_t bad = ~constant_time_is_zero_w(CRYPTO_memcmp(db, phash, mdlen));
- bad |= ~constant_time_is_zero_w(from[0]);
-
- crypto_word_t looking_for_one_byte = CONSTTIME_TRUE_W;
- size_t one_index = 0;
- for (size_t i = mdlen; i < dblen; i++) {
- crypto_word_t equals1 = constant_time_eq_w(db[i], 1);
- crypto_word_t equals0 = constant_time_eq_w(db[i], 0);
- one_index =
- constant_time_select_w(looking_for_one_byte & equals1, i, one_index);
- looking_for_one_byte =
- constant_time_select_w(equals1, 0, looking_for_one_byte);
- bad |= looking_for_one_byte & ~equals0;
- }
-
- bad |= looking_for_one_byte;
-
- // Whether the overall padding was valid or not in OAEP is public.
- if (constant_time_declassify_w(bad)) {
- goto decoding_err;
- }
-
- // Once the padding is known to be valid, the output length is also public.
- static_assert(sizeof(size_t) <= sizeof(crypto_word_t),
- "size_t does not fit in crypto_word_t");
- one_index = constant_time_declassify_w(one_index);
-
- one_index++;
- size_t mlen = dblen - one_index;
- if (max_out < mlen) {
- OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE);
- goto err;
- }
-
- OPENSSL_memcpy(out, db + one_index, mlen);
- *out_len = mlen;
- OPENSSL_free(db);
- return 1;
decoding_err:
// To avoid chosen ciphertext attacks, the error message should not reveal
@@ -406,7 +409,7 @@
BN_CTX_start(ctx);
f = BN_CTX_get(ctx);
result = BN_CTX_get(ctx);
- buf = OPENSSL_malloc(rsa_size);
+ buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(rsa_size));
if (!f || !result || !buf) {
goto err;
}
@@ -483,7 +486,7 @@
buf = out;
} else {
// Allocate a temporary buffer to hold the padded plaintext.
- buf = OPENSSL_malloc(rsa_size);
+ buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(rsa_size));
if (buf == NULL) {
goto err;
}
diff --git a/crypto/rsa_extra/rsa_extra.c b/crypto/rsa_extra/rsa_extra.cc
similarity index 100%
rename from crypto/rsa_extra/rsa_extra.c
rename to crypto/rsa_extra/rsa_extra.cc
diff --git a/crypto/rsa_extra/rsa_print.c b/crypto/rsa_extra/rsa_print.cc
similarity index 100%
rename from crypto/rsa_extra/rsa_print.c
rename to crypto/rsa_extra/rsa_print.cc
diff --git a/crypto/sha/sha1.c b/crypto/sha/sha1.cc
similarity index 100%
rename from crypto/sha/sha1.c
rename to crypto/sha/sha1.cc
diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.cc
similarity index 100%
rename from crypto/sha/sha256.c
rename to crypto/sha/sha256.cc
diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.cc
similarity index 100%
rename from crypto/sha/sha512.c
rename to crypto/sha/sha512.cc
diff --git a/crypto/siphash/siphash.c b/crypto/siphash/siphash.cc
similarity index 100%
rename from crypto/siphash/siphash.c
rename to crypto/siphash/siphash.cc
diff --git a/crypto/slhdsa/fors.c b/crypto/slhdsa/fors.cc
similarity index 100%
rename from crypto/slhdsa/fors.c
rename to crypto/slhdsa/fors.cc
diff --git a/crypto/slhdsa/merkle.c b/crypto/slhdsa/merkle.cc
similarity index 100%
rename from crypto/slhdsa/merkle.c
rename to crypto/slhdsa/merkle.cc
diff --git a/crypto/slhdsa/slhdsa.c b/crypto/slhdsa/slhdsa.cc
similarity index 100%
rename from crypto/slhdsa/slhdsa.c
rename to crypto/slhdsa/slhdsa.cc
diff --git a/crypto/slhdsa/thash.c b/crypto/slhdsa/thash.cc
similarity index 100%
rename from crypto/slhdsa/thash.c
rename to crypto/slhdsa/thash.cc
diff --git a/crypto/slhdsa/wots.c b/crypto/slhdsa/wots.cc
similarity index 100%
rename from crypto/slhdsa/wots.c
rename to crypto/slhdsa/wots.cc
diff --git a/crypto/spx/spx.c b/crypto/spx/spx.cc
similarity index 100%
rename from crypto/spx/spx.c
rename to crypto/spx/spx.cc
diff --git a/crypto/spx/spx_address.c b/crypto/spx/spx_address.cc
similarity index 100%
rename from crypto/spx/spx_address.c
rename to crypto/spx/spx_address.cc
diff --git a/crypto/spx/spx_fors.c b/crypto/spx/spx_fors.cc
similarity index 100%
rename from crypto/spx/spx_fors.c
rename to crypto/spx/spx_fors.cc
diff --git a/crypto/spx/spx_merkle.c b/crypto/spx/spx_merkle.cc
similarity index 100%
rename from crypto/spx/spx_merkle.c
rename to crypto/spx/spx_merkle.cc
diff --git a/crypto/spx/spx_thash.c b/crypto/spx/spx_thash.cc
similarity index 100%
rename from crypto/spx/spx_thash.c
rename to crypto/spx/spx_thash.cc
diff --git a/crypto/spx/spx_util.c b/crypto/spx/spx_util.cc
similarity index 100%
rename from crypto/spx/spx_util.c
rename to crypto/spx/spx_util.cc
diff --git a/crypto/spx/spx_wots.c b/crypto/spx/spx_wots.cc
similarity index 100%
rename from crypto/spx/spx_wots.c
rename to crypto/spx/spx_wots.cc
diff --git a/crypto/stack/stack.c b/crypto/stack/stack.cc
similarity index 96%
rename from crypto/stack/stack.c
rename to crypto/stack/stack.cc
index 97fae1b..fbf5ea7 100644
--- a/crypto/stack/stack.c
+++ b/crypto/stack/stack.cc
@@ -84,12 +84,14 @@
static const size_t kMinSize = 4;
OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_cmp_func comp) {
- OPENSSL_STACK *ret = OPENSSL_zalloc(sizeof(OPENSSL_STACK));
+ OPENSSL_STACK *ret =
+ reinterpret_cast<OPENSSL_STACK *>(OPENSSL_zalloc(sizeof(OPENSSL_STACK)));
if (ret == NULL) {
return NULL;
}
- ret->data = OPENSSL_calloc(kMinSize, sizeof(void *));
+ ret->data =
+ reinterpret_cast<void **>(OPENSSL_calloc(kMinSize, sizeof(void *)));
if (ret->data == NULL) {
goto err;
}
@@ -117,7 +119,7 @@
if (sk == NULL || sk->num == 0) {
return;
}
- OPENSSL_memset(sk->data, 0, sizeof(void*) * sk->num);
+ OPENSSL_memset(sk->data, 0, sizeof(void *) * sk->num);
sk->num = 0;
sk->sorted = 0;
}
@@ -197,7 +199,7 @@
return 0;
}
- data = OPENSSL_realloc(sk->data, alloc_size);
+ data = reinterpret_cast<void **>(OPENSSL_realloc(sk->data, alloc_size));
if (data == NULL) {
return 0;
}
@@ -367,12 +369,14 @@
return NULL;
}
- OPENSSL_STACK *ret = OPENSSL_zalloc(sizeof(OPENSSL_STACK));
+ OPENSSL_STACK *ret =
+ reinterpret_cast<OPENSSL_STACK *>(OPENSSL_zalloc(sizeof(OPENSSL_STACK)));
if (ret == NULL) {
return NULL;
}
- ret->data = OPENSSL_memdup(sk->data, sizeof(void *) * sk->num_alloc);
+ ret->data = reinterpret_cast<void **>(
+ OPENSSL_memdup(sk->data, sizeof(void *) * sk->num_alloc));
if (ret->data == NULL) {
goto err;
}
diff --git a/crypto/thread.c b/crypto/thread.cc
similarity index 100%
rename from crypto/thread.c
rename to crypto/thread.cc
diff --git a/crypto/thread_none.c b/crypto/thread_none.cc
similarity index 100%
rename from crypto/thread_none.c
rename to crypto/thread_none.cc
diff --git a/crypto/thread_pthread.c b/crypto/thread_pthread.cc
similarity index 89%
rename from crypto/thread_pthread.c
rename to crypto/thread_pthread.cc
index a40fbc0..e4c8883 100644
--- a/crypto/thread_pthread.c
+++ b/crypto/thread_pthread.cc
@@ -53,9 +53,7 @@
}
}
-void CRYPTO_MUTEX_cleanup(CRYPTO_MUTEX *lock) {
- pthread_rwlock_destroy(lock);
-}
+void CRYPTO_MUTEX_cleanup(CRYPTO_MUTEX *lock) { pthread_rwlock_destroy(lock); }
void CRYPTO_once(CRYPTO_once_t *once, void (*init)(void)) {
if (pthread_once(once, init) != 0) {
@@ -81,7 +79,7 @@
pthread_mutex_unlock(&g_destructors_lock);
unsigned i;
- void **pointers = arg;
+ void **pointers = reinterpret_cast<void **>(arg);
for (i = 0; i < NUM_OPENSSL_THREAD_LOCALS; i++) {
if (destructors[i] != NULL) {
destructors[i](pointers[i]);
@@ -106,7 +104,8 @@
return NULL;
}
- void **pointers = pthread_getspecific(g_thread_local_key);
+ void **pointers =
+ reinterpret_cast<void **>(pthread_getspecific(g_thread_local_key));
if (pointers == NULL) {
return NULL;
}
@@ -121,9 +120,11 @@
return 0;
}
- void **pointers = pthread_getspecific(g_thread_local_key);
+ void **pointers =
+ reinterpret_cast<void **>(pthread_getspecific(g_thread_local_key));
if (pointers == NULL) {
- pointers = malloc(sizeof(void *) * NUM_OPENSSL_THREAD_LOCALS);
+ pointers = reinterpret_cast<void **>(
+ malloc(sizeof(void *) * NUM_OPENSSL_THREAD_LOCALS));
if (pointers == NULL) {
destructor(value);
return 0;
diff --git a/crypto/thread_win.c b/crypto/thread_win.cc
similarity index 88%
rename from crypto/thread_win.c
rename to crypto/thread_win.cc
index 6daa814..c0d794f 100644
--- a/crypto/thread_win.c
+++ b/crypto/thread_win.cc
@@ -38,13 +38,9 @@
}
}
-void CRYPTO_MUTEX_init(CRYPTO_MUTEX *lock) {
- InitializeSRWLock(lock);
-}
+void CRYPTO_MUTEX_init(CRYPTO_MUTEX *lock) { InitializeSRWLock(lock); }
-void CRYPTO_MUTEX_lock_read(CRYPTO_MUTEX *lock) {
- AcquireSRWLockShared(lock);
-}
+void CRYPTO_MUTEX_lock_read(CRYPTO_MUTEX *lock) { AcquireSRWLockShared(lock); }
void CRYPTO_MUTEX_lock_write(CRYPTO_MUTEX *lock) {
AcquireSRWLockExclusive(lock);
@@ -90,7 +86,7 @@
return;
}
- void **pointers = (void**) TlsGetValue(g_thread_local_key);
+ void **pointers = (void **)TlsGetValue(g_thread_local_key);
if (pointers == NULL) {
return;
}
@@ -126,12 +122,10 @@
#define STRINGIFY(x) #x
#define EXPAND_AND_STRINGIFY(x) STRINGIFY(x)
#ifdef _WIN64
-__pragma(comment(linker, "/INCLUDE:_tls_used"))
-__pragma(comment(
+__pragma(comment(linker, "/INCLUDE:_tls_used")) __pragma(comment(
linker, "/INCLUDE:" EXPAND_AND_STRINGIFY(p_thread_callback_boringssl)))
#else
-__pragma(comment(linker, "/INCLUDE:__tls_used"))
-__pragma(comment(
+__pragma(comment(linker, "/INCLUDE:__tls_used")) __pragma(comment(
linker, "/INCLUDE:_" EXPAND_AND_STRINGIFY(p_thread_callback_boringssl)))
#endif
@@ -155,9 +149,13 @@
// .CRT section is merged with .rdata on x64 so it must be constant data.
#pragma const_seg(".CRT$XLC")
-// When defining a const variable, it must have external linkage to be sure the
-// linker doesn't discard it.
-extern const PIMAGE_TLS_CALLBACK p_thread_callback_boringssl;
+ // clang-format off
+ // When defining a const variable, it must have external linkage to be sure
+ // the linker doesn't discard it.
+extern "C" {
+ extern const PIMAGE_TLS_CALLBACK p_thread_callback_boringssl;
+}
+// clang-format on
const PIMAGE_TLS_CALLBACK p_thread_callback_boringssl = thread_local_destructor;
// Reset the default section.
#pragma const_seg()
@@ -165,6 +163,11 @@
#else
#pragma data_seg(".CRT$XLC")
+ // clang-format off
+extern "C" {
+ extern PIMAGE_TLS_CALLBACK p_thread_callback_boringssl;
+}
+// clang-format on
PIMAGE_TLS_CALLBACK p_thread_callback_boringssl = thread_local_destructor;
// Reset the default section.
#pragma data_seg()
@@ -184,7 +187,7 @@
//
// https://msdn.microsoft.com/en-us/library/windows/desktop/ms686812(v=vs.85).aspx
DWORD last_error = GetLastError();
- void **ret = TlsGetValue(g_thread_local_key);
+ void **ret = reinterpret_cast<void **>(TlsGetValue(g_thread_local_key));
SetLastError(last_error);
return ret;
}
@@ -212,7 +215,8 @@
void **pointers = get_thread_locals();
if (pointers == NULL) {
- pointers = malloc(sizeof(void *) * NUM_OPENSSL_THREAD_LOCALS);
+ pointers = reinterpret_cast<void **>(
+ malloc(sizeof(void *) * NUM_OPENSSL_THREAD_LOCALS));
if (pointers == NULL) {
destructor(value);
return 0;
diff --git a/crypto/trust_token/pmbtoken.c b/crypto/trust_token/pmbtoken.cc
similarity index 87%
rename from crypto/trust_token/pmbtoken.c
rename to crypto/trust_token/pmbtoken.cc
index 0aa4d09..8381dce 100644
--- a/crypto/trust_token/pmbtoken.c
+++ b/crypto/trust_token/pmbtoken.cc
@@ -134,13 +134,11 @@
if (prefix_point) {
CBB child;
if (!CBB_add_u16_length_prefixed(out, &child) ||
- !point_to_cbb(&child, group, point) ||
- !CBB_flush(out)) {
+ !point_to_cbb(&child, group, point) || !CBB_flush(out)) {
return 0;
}
} else {
- if (!point_to_cbb(out, group, point) ||
- !CBB_flush(out)) {
+ if (!point_to_cbb(out, group, point) || !CBB_flush(out)) {
return 0;
}
}
@@ -186,10 +184,10 @@
const EC_SCALAR *xs, const EC_SCALAR *ys) {
const EC_GROUP *group = method->group;
EC_JACOBIAN pub[3];
- if (!ec_point_mul_scalar_precomp(group, &pub[0], &method->g_precomp,
- x0, &method->h_precomp, y0, NULL, NULL) ||
- !ec_point_mul_scalar_precomp(group, &pub[1], &method->g_precomp,
- x1, &method->h_precomp, y1, NULL, NULL) ||
+ if (!ec_point_mul_scalar_precomp(group, &pub[0], &method->g_precomp, x0,
+ &method->h_precomp, y0, NULL, NULL) ||
+ !ec_point_mul_scalar_precomp(group, &pub[1], &method->g_precomp, x1,
+ &method->h_precomp, y1, NULL, NULL) ||
!ec_point_mul_scalar_precomp(method->group, &pub[2], &method->g_precomp,
xs, &method->h_precomp, ys, NULL, NULL)) {
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_KEYGEN_FAILURE);
@@ -326,14 +324,16 @@
SHA512_CTX hash_ctx;
const EC_GROUP *group = method->group;
- STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens = sk_TRUST_TOKEN_PRETOKEN_new_null();
+ STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens =
+ sk_TRUST_TOKEN_PRETOKEN_new_null();
if (pretokens == NULL) {
goto err;
}
for (size_t i = 0; i < count; i++) {
// Insert |pretoken| into |pretokens| early to simplify error-handling.
- TRUST_TOKEN_PRETOKEN *pretoken = OPENSSL_malloc(sizeof(TRUST_TOKEN_PRETOKEN));
+ TRUST_TOKEN_PRETOKEN *pretoken = reinterpret_cast<TRUST_TOKEN_PRETOKEN *>(
+ OPENSSL_malloc(sizeof(TRUST_TOKEN_PRETOKEN)));
if (pretoken == NULL ||
!sk_TRUST_TOKEN_PRETOKEN_push(pretokens, pretoken)) {
TRUST_TOKEN_PRETOKEN_free(pretoken);
@@ -424,8 +424,7 @@
!point_to_cbb(&cbb, method->group, S) ||
!point_to_cbb(&cbb, method->group, W) ||
!point_to_cbb(&cbb, method->group, K0) ||
- !point_to_cbb(&cbb, method->group, K1) ||
- !CBB_finish(&cbb, &buf, &len) ||
+ !point_to_cbb(&cbb, method->group, K1) || !CBB_finish(&cbb, &buf, &len) ||
!method->hash_c(method->group, out, buf, len)) {
goto err;
}
@@ -492,8 +491,7 @@
if (!CBB_init(&cbb, 0) ||
!CBB_add_bytes(&cbb, kDLEQBatchLabel, sizeof(kDLEQBatchLabel)) ||
!CBB_add_bytes(&cbb, CBB_data(points), CBB_len(points)) ||
- !CBB_add_u16(&cbb, (uint16_t)index) ||
- !CBB_finish(&cbb, &buf, &len) ||
+ !CBB_add_u16(&cbb, (uint16_t)index) || !CBB_finish(&cbb, &buf, &len) ||
!method->hash_c(method->group, out, buf, len)) {
goto err;
}
@@ -537,7 +535,7 @@
// Setup the DLEQ proof.
EC_SCALAR ks0, ks1;
- if (// ks0, ks1 <- Zp
+ if ( // ks0, ks1 <- Zp
!ec_random_nonzero_scalar(group, &ks0, kDefaultAdditionalData) ||
!ec_random_nonzero_scalar(group, &ks1, kDefaultAdditionalData) ||
// Ks = ks0*(G;T) + ks1*(H;S)
@@ -561,7 +559,7 @@
&priv->pub1_precomp);
EC_SCALAR k0, k1, minus_co, uo, vo;
- if (// k0, k1 <- Zp
+ if ( // k0, k1 <- Zp
!ec_random_nonzero_scalar(group, &k0, kDefaultAdditionalData) ||
!ec_random_nonzero_scalar(group, &k1, kDefaultAdditionalData) ||
// Kb = k0*(G;T) + k1*(H;S)
@@ -626,8 +624,7 @@
ec_scalar_add(group, &vs, &ks1, &vs);
// Store DLEQ2 proof in transcript.
- if (!scalar_to_cbb(cbb, group, &cs) ||
- !scalar_to_cbb(cbb, group, &us) ||
+ if (!scalar_to_cbb(cbb, group, &cs) || !scalar_to_cbb(cbb, group, &us) ||
!scalar_to_cbb(cbb, group, &vs)) {
return 0;
}
@@ -658,12 +655,9 @@
ec_scalar_select(group, &v1, mask, &vb, &vo);
// Store DLEQOR2 proof in transcript.
- if (!scalar_to_cbb(cbb, group, &c0) ||
- !scalar_to_cbb(cbb, group, &c1) ||
- !scalar_to_cbb(cbb, group, &u0) ||
- !scalar_to_cbb(cbb, group, &u1) ||
- !scalar_to_cbb(cbb, group, &v0) ||
- !scalar_to_cbb(cbb, group, &v1)) {
+ if (!scalar_to_cbb(cbb, group, &c0) || !scalar_to_cbb(cbb, group, &c1) ||
+ !scalar_to_cbb(cbb, group, &u0) || !scalar_to_cbb(cbb, group, &u1) ||
+ !scalar_to_cbb(cbb, group, &v0) || !scalar_to_cbb(cbb, group, &v1)) {
return 0;
}
@@ -699,8 +693,7 @@
// Decode the DLEQ proof.
EC_SCALAR cs, us, vs;
- if (!scalar_from_cbs(cbs, group, &cs) ||
- !scalar_from_cbs(cbs, group, &us) ||
+ if (!scalar_from_cbs(cbs, group, &cs) || !scalar_from_cbs(cbs, group, &us) ||
!scalar_from_cbs(cbs, group, &vs)) {
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
return 0;
@@ -720,12 +713,9 @@
// Decode the DLEQOR proof.
EC_SCALAR c0, c1, u0, u1, v0, v1;
- if (!scalar_from_cbs(cbs, group, &c0) ||
- !scalar_from_cbs(cbs, group, &c1) ||
- !scalar_from_cbs(cbs, group, &u0) ||
- !scalar_from_cbs(cbs, group, &u1) ||
- !scalar_from_cbs(cbs, group, &v0) ||
- !scalar_from_cbs(cbs, group, &v1)) {
+ if (!scalar_from_cbs(cbs, group, &c0) || !scalar_from_cbs(cbs, group, &c1) ||
+ !scalar_from_cbs(cbs, group, &u0) || !scalar_from_cbs(cbs, group, &u1) ||
+ !scalar_from_cbs(cbs, group, &v0) || !scalar_from_cbs(cbs, group, &v1)) {
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
return 0;
}
@@ -736,7 +726,7 @@
EC_SCALAR minus_c0, minus_c1;
ec_scalar_neg(group, &minus_c0, &c0);
ec_scalar_neg(group, &minus_c1, &c1);
- if (// K0 = u0*(G;T) + v0*(H;S) - c0*(pub0;W)
+ if ( // K0 = u0*(G;T) + v0*(H;S) - c0*(pub0;W)
!mul_public_3(group, &jacobians[idx_K00], g, &u0, &method->h, &v0, &pub0,
&minus_c0) ||
!mul_public_3(group, &jacobians[idx_K01], T, &u0, S, &v0, W, &minus_c0) ||
@@ -800,120 +790,124 @@
}
int ret = 0;
- EC_JACOBIAN *Tps = OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN));
- EC_JACOBIAN *Sps = OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN));
- EC_JACOBIAN *Wps = OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN));
- EC_JACOBIAN *Wsps = OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN));
- EC_SCALAR *es = OPENSSL_calloc(num_to_issue, sizeof(EC_SCALAR));
+ EC_JACOBIAN *Tps = reinterpret_cast<EC_JACOBIAN *>(
+ OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN)));
+ EC_JACOBIAN *Sps = reinterpret_cast<EC_JACOBIAN *>(
+ OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN)));
+ EC_JACOBIAN *Wps = reinterpret_cast<EC_JACOBIAN *>(
+ OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN)));
+ EC_JACOBIAN *Wsps = reinterpret_cast<EC_JACOBIAN *>(
+ OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN)));
+ EC_SCALAR *es = reinterpret_cast<EC_SCALAR *>(
+ OPENSSL_calloc(num_to_issue, sizeof(EC_SCALAR)));
CBB batch_cbb;
CBB_zero(&batch_cbb);
- if (!Tps ||
- !Sps ||
- !Wps ||
- !Wsps ||
- !es ||
- !CBB_init(&batch_cbb, 0) ||
- !point_to_cbb(&batch_cbb, method->group, &key->pubs) ||
- !point_to_cbb(&batch_cbb, method->group, &key->pub0) ||
- !point_to_cbb(&batch_cbb, method->group, &key->pub1)) {
- goto err;
- }
- for (size_t i = 0; i < num_to_issue; i++) {
- EC_AFFINE Tp_affine;
- EC_JACOBIAN Tp;
- if (!cbs_get_prefixed_point(cbs, group, &Tp_affine, method->prefix_point)) {
+ {
+ if (!Tps || !Sps || !Wps || !Wsps || !es || !CBB_init(&batch_cbb, 0) ||
+ !point_to_cbb(&batch_cbb, method->group, &key->pubs) ||
+ !point_to_cbb(&batch_cbb, method->group, &key->pub0) ||
+ !point_to_cbb(&batch_cbb, method->group, &key->pub1)) {
+ goto err;
+ }
+
+ for (size_t i = 0; i < num_to_issue; i++) {
+ EC_AFFINE Tp_affine;
+ EC_JACOBIAN Tp;
+ if (!cbs_get_prefixed_point(cbs, group, &Tp_affine,
+ method->prefix_point)) {
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
+ goto err;
+ }
+ ec_affine_to_jacobian(group, &Tp, &Tp_affine);
+
+ EC_SCALAR xb, yb;
+ BN_ULONG mask = ((BN_ULONG)0) - (private_metadata & 1);
+ ec_scalar_select(group, &xb, mask, &key->x1, &key->x0);
+ ec_scalar_select(group, &yb, mask, &key->y1, &key->y0);
+
+ uint8_t s[TRUST_TOKEN_NONCE_SIZE];
+ RAND_bytes(s, TRUST_TOKEN_NONCE_SIZE);
+ // The |jacobians| and |affines| contain Sp, Wp, and Wsp.
+ EC_JACOBIAN jacobians[3];
+ EC_AFFINE affines[3];
+ if (!method->hash_s(group, &jacobians[0], &Tp_affine, s) ||
+ !ec_point_mul_scalar_batch(group, &jacobians[1], &Tp, &xb,
+ &jacobians[0], &yb, NULL, NULL) ||
+ !ec_point_mul_scalar_batch(group, &jacobians[2], &Tp, &key->xs,
+ &jacobians[0], &key->ys, NULL, NULL) ||
+ !ec_jacobian_to_affine_batch(group, affines, jacobians, 3) ||
+ !CBB_add_bytes(cbb, s, TRUST_TOKEN_NONCE_SIZE) ||
+ !cbb_add_prefixed_point(cbb, group, &affines[1],
+ method->prefix_point) ||
+ !cbb_add_prefixed_point(cbb, group, &affines[2],
+ method->prefix_point)) {
+ goto err;
+ }
+
+ if (!point_to_cbb(&batch_cbb, group, &Tp_affine) ||
+ !point_to_cbb(&batch_cbb, group, &affines[0]) ||
+ !point_to_cbb(&batch_cbb, group, &affines[1]) ||
+ !point_to_cbb(&batch_cbb, group, &affines[2])) {
+ goto err;
+ }
+ Tps[i] = Tp;
+ Sps[i] = jacobians[0];
+ Wps[i] = jacobians[1];
+ Wsps[i] = jacobians[2];
+
+ if (!CBB_flush(cbb)) {
+ goto err;
+ }
+ }
+
+ // The DLEQ batching construction is described in appendix B of
+ // https://eprint.iacr.org/2020/072/20200324:214215. Note the additional
+ // computations all act on public inputs.
+ for (size_t i = 0; i < num_to_issue; i++) {
+ if (!hash_c_batch(method, &es[i], &batch_cbb, i)) {
+ goto err;
+ }
+ }
+
+ EC_JACOBIAN Tp_batch, Sp_batch, Wp_batch, Wsp_batch;
+ if (!ec_point_mul_scalar_public_batch(group, &Tp_batch,
+ /*g_scalar=*/NULL, Tps, es,
+ num_to_issue) ||
+ !ec_point_mul_scalar_public_batch(group, &Sp_batch,
+ /*g_scalar=*/NULL, Sps, es,
+ num_to_issue) ||
+ !ec_point_mul_scalar_public_batch(group, &Wp_batch,
+ /*g_scalar=*/NULL, Wps, es,
+ num_to_issue) ||
+ !ec_point_mul_scalar_public_batch(group, &Wsp_batch,
+ /*g_scalar=*/NULL, Wsps, es,
+ num_to_issue)) {
+ goto err;
+ }
+
+ CBB proof;
+ if (!CBB_add_u16_length_prefixed(cbb, &proof) ||
+ !dleq_generate(method, &proof, key, &Tp_batch, &Sp_batch, &Wp_batch,
+ &Wsp_batch, private_metadata) ||
+ !CBB_flush(cbb)) {
+ goto err;
+ }
+
+ // Skip over any unused requests.
+ size_t point_len = ec_point_byte_len(group, POINT_CONVERSION_UNCOMPRESSED);
+ size_t token_len = point_len;
+ if (method->prefix_point) {
+ token_len += 2;
+ }
+ if (!CBS_skip(cbs, token_len * (num_requested - num_to_issue))) {
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
goto err;
}
- ec_affine_to_jacobian(group, &Tp, &Tp_affine);
- EC_SCALAR xb, yb;
- BN_ULONG mask = ((BN_ULONG)0) - (private_metadata & 1);
- ec_scalar_select(group, &xb, mask, &key->x1, &key->x0);
- ec_scalar_select(group, &yb, mask, &key->y1, &key->y0);
-
- uint8_t s[TRUST_TOKEN_NONCE_SIZE];
- RAND_bytes(s, TRUST_TOKEN_NONCE_SIZE);
- // The |jacobians| and |affines| contain Sp, Wp, and Wsp.
- EC_JACOBIAN jacobians[3];
- EC_AFFINE affines[3];
- if (!method->hash_s(group, &jacobians[0], &Tp_affine, s) ||
- !ec_point_mul_scalar_batch(group, &jacobians[1], &Tp, &xb,
- &jacobians[0], &yb, NULL, NULL) ||
- !ec_point_mul_scalar_batch(group, &jacobians[2], &Tp, &key->xs,
- &jacobians[0], &key->ys, NULL, NULL) ||
- !ec_jacobian_to_affine_batch(group, affines, jacobians, 3) ||
- !CBB_add_bytes(cbb, s, TRUST_TOKEN_NONCE_SIZE) ||
- !cbb_add_prefixed_point(cbb, group, &affines[1],
- method->prefix_point) ||
- !cbb_add_prefixed_point(cbb, group, &affines[2],
- method->prefix_point)) {
- goto err;
- }
-
- if (!point_to_cbb(&batch_cbb, group, &Tp_affine) ||
- !point_to_cbb(&batch_cbb, group, &affines[0]) ||
- !point_to_cbb(&batch_cbb, group, &affines[1]) ||
- !point_to_cbb(&batch_cbb, group, &affines[2])) {
- goto err;
- }
- Tps[i] = Tp;
- Sps[i] = jacobians[0];
- Wps[i] = jacobians[1];
- Wsps[i] = jacobians[2];
-
- if (!CBB_flush(cbb)) {
- goto err;
- }
+ ret = 1;
}
- // The DLEQ batching construction is described in appendix B of
- // https://eprint.iacr.org/2020/072/20200324:214215. Note the additional
- // computations all act on public inputs.
- for (size_t i = 0; i < num_to_issue; i++) {
- if (!hash_c_batch(method, &es[i], &batch_cbb, i)) {
- goto err;
- }
- }
-
- EC_JACOBIAN Tp_batch, Sp_batch, Wp_batch, Wsp_batch;
- if (!ec_point_mul_scalar_public_batch(group, &Tp_batch,
- /*g_scalar=*/NULL, Tps, es,
- num_to_issue) ||
- !ec_point_mul_scalar_public_batch(group, &Sp_batch,
- /*g_scalar=*/NULL, Sps, es,
- num_to_issue) ||
- !ec_point_mul_scalar_public_batch(group, &Wp_batch,
- /*g_scalar=*/NULL, Wps, es,
- num_to_issue) ||
- !ec_point_mul_scalar_public_batch(group, &Wsp_batch,
- /*g_scalar=*/NULL, Wsps, es,
- num_to_issue)) {
- goto err;
- }
-
- CBB proof;
- if (!CBB_add_u16_length_prefixed(cbb, &proof) ||
- !dleq_generate(method, &proof, key, &Tp_batch, &Sp_batch, &Wp_batch,
- &Wsp_batch, private_metadata) ||
- !CBB_flush(cbb)) {
- goto err;
- }
-
- // Skip over any unused requests.
- size_t point_len = ec_point_byte_len(group, POINT_CONVERSION_UNCOMPRESSED);
- size_t token_len = point_len;
- if (method->prefix_point) {
- token_len += 2;
- }
- if (!CBS_skip(cbs, token_len * (num_requested - num_to_issue))) {
- OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
- goto err;
- }
-
- ret = 1;
-
err:
OPENSSL_free(Tps);
OPENSSL_free(Sps);
@@ -936,20 +930,20 @@
int ok = 0;
STACK_OF(TRUST_TOKEN) *ret = sk_TRUST_TOKEN_new_null();
- EC_JACOBIAN *Tps = OPENSSL_calloc(count, sizeof(EC_JACOBIAN));
- EC_JACOBIAN *Sps = OPENSSL_calloc(count, sizeof(EC_JACOBIAN));
- EC_JACOBIAN *Wps = OPENSSL_calloc(count, sizeof(EC_JACOBIAN));
- EC_JACOBIAN *Wsps = OPENSSL_calloc(count, sizeof(EC_JACOBIAN));
- EC_SCALAR *es = OPENSSL_calloc(count, sizeof(EC_SCALAR));
+ EC_JACOBIAN *Tps = reinterpret_cast<EC_JACOBIAN *>(
+ OPENSSL_calloc(count, sizeof(EC_JACOBIAN)));
+ EC_JACOBIAN *Sps = reinterpret_cast<EC_JACOBIAN *>(
+ OPENSSL_calloc(count, sizeof(EC_JACOBIAN)));
+ EC_JACOBIAN *Wps = reinterpret_cast<EC_JACOBIAN *>(
+ OPENSSL_calloc(count, sizeof(EC_JACOBIAN)));
+ EC_JACOBIAN *Wsps = reinterpret_cast<EC_JACOBIAN *>(
+ OPENSSL_calloc(count, sizeof(EC_JACOBIAN)));
+ EC_SCALAR *es =
+ reinterpret_cast<EC_SCALAR *>(OPENSSL_calloc(count, sizeof(EC_SCALAR)));
CBB batch_cbb;
CBB_zero(&batch_cbb);
- if (ret == NULL ||
- Tps == NULL ||
- Sps == NULL ||
- Wps == NULL ||
- Wsps == NULL ||
- es == NULL ||
- !CBB_init(&batch_cbb, 0) ||
+ if (ret == NULL || Tps == NULL || Sps == NULL || Wps == NULL ||
+ Wsps == NULL || es == NULL || !CBB_init(&batch_cbb, 0) ||
!point_to_cbb(&batch_cbb, method->group, &key->pubs) ||
!point_to_cbb(&batch_cbb, method->group, &key->pub0) ||
!point_to_cbb(&batch_cbb, method->group, &key->pub1)) {
@@ -1018,8 +1012,7 @@
TRUST_TOKEN *token =
TRUST_TOKEN_new(CBB_data(&token_cbb), CBB_len(&token_cbb));
CBB_cleanup(&token_cbb);
- if (token == NULL ||
- !sk_TRUST_TOKEN_push(ret, token)) {
+ if (token == NULL || !sk_TRUST_TOKEN_push(ret, token)) {
TRUST_TOKEN_free(token);
goto err;
}
@@ -1163,8 +1156,7 @@
CBB cbb;
uint8_t *buf = NULL;
size_t len;
- if (!CBB_init(&cbb, 0) ||
- !point_to_cbb(&cbb, group, t) ||
+ if (!CBB_init(&cbb, 0) || !point_to_cbb(&cbb, group, t) ||
!CBB_add_bytes(&cbb, s, TRUST_TOKEN_NONCE_SIZE) ||
!CBB_finish(&cbb, &buf, &len) ||
!ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
@@ -1336,8 +1328,7 @@
CBB cbb;
uint8_t *buf = NULL;
size_t len;
- if (!CBB_init(&cbb, 0) ||
- !point_to_cbb(&cbb, group, t) ||
+ if (!CBB_init(&cbb, 0) || !point_to_cbb(&cbb, group, t) ||
!CBB_add_bytes(&cbb, s, TRUST_TOKEN_NONCE_SIZE) ||
!CBB_finish(&cbb, &buf, &len) ||
!ec_hash_to_curve_p384_xmd_sha512_sswu_draft07(
@@ -1383,8 +1374,7 @@
0x1c, 0x2c, 0x72, 0x25, 0xf0, 0x4a, 0x45, 0x23, 0x2d, 0x57, 0x93,
0x0e, 0xb2, 0x55, 0xb8, 0x57, 0x25, 0x4c, 0x1e, 0xdb, 0xfd, 0x58,
0x70, 0x17, 0x9a, 0xbb, 0x9e, 0x5e, 0x93, 0x9e, 0x92, 0xd3, 0xe8,
- 0x25, 0x62, 0xbf, 0x59, 0xb2, 0xd2, 0x3d, 0x71, 0xff
- };
+ 0x25, 0x62, 0xbf, 0x59, 0xb2, 0xd2, 0x3d, 0x71, 0xff};
pmbtoken_exp2_ok = pmbtoken_init_method(
&pmbtoken_exp2_method, EC_group_p384(), kH, sizeof(kH),
@@ -1510,12 +1500,11 @@
CBB cbb;
uint8_t *buf = NULL;
size_t len;
- if (!CBB_init(&cbb, 0) ||
- !point_to_cbb(&cbb, group, t) ||
+ if (!CBB_init(&cbb, 0) || !point_to_cbb(&cbb, group, t) ||
!CBB_add_bytes(&cbb, s, TRUST_TOKEN_NONCE_SIZE) ||
!CBB_finish(&cbb, &buf, &len) ||
- !ec_hash_to_curve_p384_xmd_sha384_sswu(
- group, out, kHashSLabel, sizeof(kHashSLabel), buf, len)) {
+ !ec_hash_to_curve_p384_xmd_sha384_sswu(group, out, kHashSLabel,
+ sizeof(kHashSLabel), buf, len)) {
goto err;
}
@@ -1530,15 +1519,15 @@
static int pmbtoken_pst1_hash_c(const EC_GROUP *group, EC_SCALAR *out,
uint8_t *buf, size_t len) {
const uint8_t kHashCLabel[] = "PMBTokens PST V1 HashC";
- return ec_hash_to_scalar_p384_xmd_sha384(
- group, out, kHashCLabel, sizeof(kHashCLabel), buf, len);
+ return ec_hash_to_scalar_p384_xmd_sha384(group, out, kHashCLabel,
+ sizeof(kHashCLabel), buf, len);
}
static int pmbtoken_pst1_hash_to_scalar(const EC_GROUP *group, EC_SCALAR *out,
uint8_t *buf, size_t len) {
const uint8_t kHashLabel[] = "PMBTokens PST V1 HashToScalar";
- return ec_hash_to_scalar_p384_xmd_sha384(
- group, out, kHashLabel, sizeof(kHashLabel), buf, len);
+ return ec_hash_to_scalar_p384_xmd_sha384(group, out, kHashLabel,
+ sizeof(kHashLabel), buf, len);
}
static int pmbtoken_pst1_ok = 0;
@@ -1557,8 +1546,7 @@
0xa2, 0x32, 0xf4, 0x22, 0x40, 0x07, 0x2d, 0x9b, 0x6f, 0xab, 0xff,
0x2a, 0x92, 0x03, 0xb1, 0x73, 0x09, 0x1a, 0x6a, 0x4a, 0xc2, 0x4c,
0xac, 0x13, 0x59, 0xf4, 0x28, 0x0e, 0x78, 0x69, 0xa5, 0xdf, 0x0d,
- 0x74, 0xeb, 0x14, 0xca, 0x8a, 0x32, 0xbb, 0xd3, 0x91
- };
+ 0x74, 0xeb, 0x14, 0xca, 0x8a, 0x32, 0xbb, 0xd3, 0x91};
pmbtoken_pst1_ok = pmbtoken_init_method(
&pmbtoken_pst1_method, EC_group_p384(), kH, sizeof(kH),
diff --git a/crypto/trust_token/trust_token.c b/crypto/trust_token/trust_token.cc
similarity index 94%
rename from crypto/trust_token/trust_token.c
rename to crypto/trust_token/trust_token.cc
index 521e7ad..7426f5c 100644
--- a/crypto/trust_token/trust_token.c
+++ b/crypto/trust_token/trust_token.cc
@@ -118,11 +118,12 @@
}
TRUST_TOKEN *TRUST_TOKEN_new(const uint8_t *data, size_t len) {
- TRUST_TOKEN *ret = OPENSSL_zalloc(sizeof(TRUST_TOKEN));
+ TRUST_TOKEN *ret =
+ reinterpret_cast<TRUST_TOKEN *>(OPENSSL_zalloc(sizeof(TRUST_TOKEN)));
if (ret == NULL) {
return NULL;
}
- ret->data = OPENSSL_memdup(data, len);
+ ret->data = reinterpret_cast<uint8_t *>(OPENSSL_memdup(data, len));
if (len != 0 && ret->data == NULL) {
OPENSSL_free(ret);
return NULL;
@@ -183,7 +184,7 @@
}
if (!method->derive_key_from_secret(&priv_cbb, &pub_cbb, secret,
- secret_len)) {
+ secret_len)) {
return 0;
}
@@ -204,7 +205,8 @@
return NULL;
}
- TRUST_TOKEN_CLIENT *ret = OPENSSL_zalloc(sizeof(TRUST_TOKEN_CLIENT));
+ TRUST_TOKEN_CLIENT *ret = reinterpret_cast<TRUST_TOKEN_CLIENT *>(
+ OPENSSL_zalloc(sizeof(TRUST_TOKEN_CLIENT)));
if (ret == NULL) {
return NULL;
}
@@ -266,8 +268,7 @@
int ret = 0;
CBB request;
STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens = NULL;
- if (!CBB_init(&request, 0) ||
- !CBB_add_u16(&request, count)) {
+ if (!CBB_init(&request, 0) || !CBB_add_u16(&request, count)) {
goto err;
}
@@ -306,17 +307,14 @@
}
-STACK_OF(TRUST_TOKEN) *
- TRUST_TOKEN_CLIENT_finish_issuance(TRUST_TOKEN_CLIENT *ctx,
- size_t *out_key_index,
- const uint8_t *response,
- size_t response_len) {
+STACK_OF(TRUST_TOKEN) *TRUST_TOKEN_CLIENT_finish_issuance(
+ TRUST_TOKEN_CLIENT *ctx, size_t *out_key_index, const uint8_t *response,
+ size_t response_len) {
CBS in;
CBS_init(&in, response, response_len);
uint16_t count;
uint32_t key_id;
- if (!CBS_get_u16(&in, &count) ||
- !CBS_get_u32(&in, &key_id)) {
+ if (!CBS_get_u16(&in, &count) || !CBS_get_u32(&in, &key_id)) {
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
return NULL;
}
@@ -397,8 +395,7 @@
}
if (!CBS_get_u16_length_prefixed(&in, &srr) ||
- !CBS_get_u16_length_prefixed(&in, &sig) ||
- CBS_len(&in) != 0) {
+ !CBS_get_u16_length_prefixed(&in, &sig) || CBS_len(&in) != 0) {
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_ERROR);
return 0;
}
@@ -444,7 +441,8 @@
return NULL;
}
- TRUST_TOKEN_ISSUER *ret = OPENSSL_zalloc(sizeof(TRUST_TOKEN_ISSUER));
+ TRUST_TOKEN_ISSUER *ret = reinterpret_cast<TRUST_TOKEN_ISSUER *>(
+ OPENSSL_zalloc(sizeof(TRUST_TOKEN_ISSUER)));
if (ret == NULL) {
return NULL;
}
@@ -500,7 +498,7 @@
}
OPENSSL_free(ctx->metadata_key);
ctx->metadata_key_len = 0;
- ctx->metadata_key = OPENSSL_memdup(key, len);
+ ctx->metadata_key = reinterpret_cast<uint8_t *>(OPENSSL_memdup(key, len));
if (ctx->metadata_key == NULL) {
return 0;
}
@@ -550,8 +548,7 @@
int ret = 0;
CBB response;
- if (!CBB_init(&response, 0) ||
- !CBB_add_u16(&response, num_to_issue) ||
+ if (!CBB_init(&response, 0) || !CBB_add_u16(&response, num_to_issue) ||
!CBB_add_u32(&response, public_metadata)) {
goto err;
}
@@ -620,11 +617,12 @@
uint8_t *client_data_buf = NULL;
size_t client_data_len = 0;
+ TRUST_TOKEN *token;
if (!CBS_stow(&client_data, &client_data_buf, &client_data_len)) {
goto err;
}
- TRUST_TOKEN *token = TRUST_TOKEN_new(nonce, TRUST_TOKEN_NONCE_SIZE);
+ token = TRUST_TOKEN_new(nonce, TRUST_TOKEN_NONCE_SIZE);
if (token == NULL) {
goto err;
}
diff --git a/crypto/trust_token/voprf.c b/crypto/trust_token/voprf.cc
similarity index 82%
rename from crypto/trust_token/voprf.c
rename to crypto/trust_token/voprf.cc
index 504deee..7ee70b7 100644
--- a/crypto/trust_token/voprf.c
+++ b/crypto/trust_token/voprf.cc
@@ -209,8 +209,8 @@
for (size_t i = 0; i < count; i++) {
// Insert |pretoken| into |pretokens| early to simplify error-handling.
- TRUST_TOKEN_PRETOKEN *pretoken =
- OPENSSL_malloc(sizeof(TRUST_TOKEN_PRETOKEN));
+ TRUST_TOKEN_PRETOKEN *pretoken = reinterpret_cast<TRUST_TOKEN_PRETOKEN *>(
+ OPENSSL_malloc(sizeof(TRUST_TOKEN_PRETOKEN)));
if (pretoken == NULL ||
!sk_TRUST_TOKEN_PRETOKEN_push(pretokens, pretoken)) {
TRUST_TOKEN_PRETOKEN_free(pretoken);
@@ -230,8 +230,7 @@
// We sample r in Montgomery form to simplify inverting.
EC_SCALAR r;
- if (!ec_random_nonzero_scalar(group, &r,
- kDefaultAdditionalData)) {
+ if (!ec_random_nonzero_scalar(group, &r, kDefaultAdditionalData)) {
goto err;
}
@@ -275,12 +274,9 @@
size_t len;
if (!CBB_init(&cbb, 0) ||
!CBB_add_bytes(&cbb, kDLEQLabel, sizeof(kDLEQLabel)) ||
- !cbb_add_point(&cbb, group, X) ||
- !cbb_add_point(&cbb, group, T) ||
- !cbb_add_point(&cbb, group, W) ||
- !cbb_add_point(&cbb, group, K0) ||
- !cbb_add_point(&cbb, group, K1) ||
- !CBB_finish(&cbb, &buf, &len) ||
+ !cbb_add_point(&cbb, group, X) || !cbb_add_point(&cbb, group, T) ||
+ !cbb_add_point(&cbb, group, W) || !cbb_add_point(&cbb, group, K0) ||
+ !cbb_add_point(&cbb, group, K1) || !CBB_finish(&cbb, &buf, &len) ||
!method->hash_to_scalar(group, out, buf, len)) {
goto err;
}
@@ -335,8 +331,7 @@
if (!CBB_init(&cbb, 0) ||
!CBB_add_bytes(&cbb, kDLEQBatchLabel, sizeof(kDLEQBatchLabel)) ||
!CBB_add_bytes(&cbb, CBB_data(points), CBB_len(points)) ||
- !CBB_add_u16(&cbb, (uint16_t)index) ||
- !CBB_finish(&cbb, &buf, &len) ||
+ !CBB_add_u16(&cbb, (uint16_t)index) || !CBB_finish(&cbb, &buf, &len) ||
!method->hash_to_scalar(method->group_func(), out, buf, len)) {
goto err;
}
@@ -365,11 +360,11 @@
// Setup the DLEQ proof.
EC_SCALAR r;
- if (// r <- Zp
+ if ( // r <- Zp
!ec_random_nonzero_scalar(group, &r, kDefaultAdditionalData) ||
// k0;k1 = r*(G;T)
!ec_point_mul_scalar_base(group, &jacobians[idx_k0], &r) ||
- !ec_point_mul_scalar(group, &jacobians[idx_k1], T, &r)) {
+ !ec_point_mul_scalar(group, &jacobians[idx_k1], T, &r)) {
return 0;
}
@@ -398,8 +393,7 @@
ec_scalar_add(group, &u, &r, &u);
// Store DLEQ proof in transcript.
- if (!scalar_to_cbb(cbb, group, &c) ||
- !scalar_to_cbb(cbb, group, &u)) {
+ if (!scalar_to_cbb(cbb, group, &c) || !scalar_to_cbb(cbb, group, &u)) {
return 0;
}
@@ -432,8 +426,7 @@
// Decode the DLEQ proof.
EC_SCALAR c, u;
- if (!scalar_from_cbs(cbs, group, &c) ||
- !scalar_from_cbs(cbs, group, &u)) {
+ if (!scalar_from_cbs(cbs, group, &c) || !scalar_from_cbs(cbs, group, &u)) {
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
return 0;
}
@@ -484,80 +477,83 @@
}
int ret = 0;
- EC_JACOBIAN *BTs = OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN));
- EC_JACOBIAN *Zs = OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN));
- EC_SCALAR *es = OPENSSL_calloc(num_to_issue, sizeof(EC_SCALAR));
+ EC_JACOBIAN *BTs = reinterpret_cast<EC_JACOBIAN *>(
+ OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN)));
+ EC_JACOBIAN *Zs = reinterpret_cast<EC_JACOBIAN *>(
+ OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN)));
+ EC_SCALAR *es = reinterpret_cast<EC_SCALAR *>(
+ OPENSSL_calloc(num_to_issue, sizeof(EC_SCALAR)));
CBB batch_cbb;
CBB_zero(&batch_cbb);
- if (!BTs ||
- !Zs ||
- !es ||
- !CBB_init(&batch_cbb, 0) ||
- !cbb_add_point(&batch_cbb, group, &key->pubs)) {
- goto err;
- }
- for (size_t i = 0; i < num_to_issue; i++) {
- EC_AFFINE BT_affine, Z_affine;
- EC_JACOBIAN BT, Z;
- if (!cbs_get_point(cbs, group, &BT_affine)) {
+ {
+ if (!BTs || !Zs || !es || !CBB_init(&batch_cbb, 0) ||
+ !cbb_add_point(&batch_cbb, group, &key->pubs)) {
+ goto err;
+ }
+
+ for (size_t i = 0; i < num_to_issue; i++) {
+ EC_AFFINE BT_affine, Z_affine;
+ EC_JACOBIAN BT, Z;
+ if (!cbs_get_point(cbs, group, &BT_affine)) {
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
+ goto err;
+ }
+ ec_affine_to_jacobian(group, &BT, &BT_affine);
+ if (!ec_point_mul_scalar(group, &Z, &BT, &key->xs) ||
+ !ec_jacobian_to_affine(group, &Z_affine, &Z) ||
+ !cbb_add_point(cbb, group, &Z_affine)) {
+ goto err;
+ }
+
+ if (!cbb_add_point(&batch_cbb, group, &BT_affine) ||
+ !cbb_add_point(&batch_cbb, group, &Z_affine)) {
+ goto err;
+ }
+ BTs[i] = BT;
+ Zs[i] = Z;
+
+ if (!CBB_flush(cbb)) {
+ goto err;
+ }
+ }
+
+ // The DLEQ batching construction is described in appendix B of
+ // https://eprint.iacr.org/2020/072/20200324:214215. Note the additional
+ // computations all act on public inputs.
+ for (size_t i = 0; i < num_to_issue; i++) {
+ if (!hash_to_scalar_batch(method, &es[i], &batch_cbb, i)) {
+ goto err;
+ }
+ }
+
+ EC_JACOBIAN BT_batch, Z_batch;
+ if (!ec_point_mul_scalar_public_batch(group, &BT_batch,
+ /*g_scalar=*/NULL, BTs, es,
+ num_to_issue) ||
+ !ec_point_mul_scalar_public_batch(group, &Z_batch,
+ /*g_scalar=*/NULL, Zs, es,
+ num_to_issue)) {
+ goto err;
+ }
+
+ CBB proof;
+ if (!CBB_add_u16_length_prefixed(cbb, &proof) ||
+ !dleq_generate(method, &proof, key, &BT_batch, &Z_batch) ||
+ !CBB_flush(cbb)) {
+ goto err;
+ }
+
+ // Skip over any unused requests.
+ size_t point_len = ec_point_byte_len(group, POINT_CONVERSION_UNCOMPRESSED);
+ if (!CBS_skip(cbs, point_len * (num_requested - num_to_issue))) {
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
goto err;
}
- ec_affine_to_jacobian(group, &BT, &BT_affine);
- if (!ec_point_mul_scalar(group, &Z, &BT, &key->xs) ||
- !ec_jacobian_to_affine(group, &Z_affine, &Z) ||
- !cbb_add_point(cbb, group, &Z_affine)) {
- goto err;
- }
- if (!cbb_add_point(&batch_cbb, group, &BT_affine) ||
- !cbb_add_point(&batch_cbb, group, &Z_affine)) {
- goto err;
- }
- BTs[i] = BT;
- Zs[i] = Z;
-
- if (!CBB_flush(cbb)) {
- goto err;
- }
+ ret = 1;
}
- // The DLEQ batching construction is described in appendix B of
- // https://eprint.iacr.org/2020/072/20200324:214215. Note the additional
- // computations all act on public inputs.
- for (size_t i = 0; i < num_to_issue; i++) {
- if (!hash_to_scalar_batch(method, &es[i], &batch_cbb, i)) {
- goto err;
- }
- }
-
- EC_JACOBIAN BT_batch, Z_batch;
- if (!ec_point_mul_scalar_public_batch(group, &BT_batch,
- /*g_scalar=*/NULL, BTs, es,
- num_to_issue) ||
- !ec_point_mul_scalar_public_batch(group, &Z_batch,
- /*g_scalar=*/NULL, Zs, es,
- num_to_issue)) {
- goto err;
- }
-
- CBB proof;
- if (!CBB_add_u16_length_prefixed(cbb, &proof) ||
- !dleq_generate(method, &proof, key, &BT_batch, &Z_batch) ||
- !CBB_flush(cbb)) {
- goto err;
- }
-
- // Skip over any unused requests.
- size_t point_len = ec_point_byte_len(group, POINT_CONVERSION_UNCOMPRESSED);
- if (!CBS_skip(cbs, point_len * (num_requested - num_to_issue))) {
- OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
- goto err;
- }
-
- ret = 1;
-
err:
OPENSSL_free(BTs);
OPENSSL_free(Zs);
@@ -578,15 +574,15 @@
int ok = 0;
STACK_OF(TRUST_TOKEN) *ret = sk_TRUST_TOKEN_new_null();
- EC_JACOBIAN *BTs = OPENSSL_calloc(count, sizeof(EC_JACOBIAN));
- EC_JACOBIAN *Zs = OPENSSL_calloc(count, sizeof(EC_JACOBIAN));
- EC_SCALAR *es = OPENSSL_calloc(count, sizeof(EC_SCALAR));
+ EC_JACOBIAN *BTs = reinterpret_cast<EC_JACOBIAN *>(
+ OPENSSL_calloc(count, sizeof(EC_JACOBIAN)));
+ EC_JACOBIAN *Zs = reinterpret_cast<EC_JACOBIAN *>(
+ OPENSSL_calloc(count, sizeof(EC_JACOBIAN)));
+ EC_SCALAR *es =
+ reinterpret_cast<EC_SCALAR *>(OPENSSL_calloc(count, sizeof(EC_SCALAR)));
CBB batch_cbb;
CBB_zero(&batch_cbb);
- if (ret == NULL ||
- BTs == NULL ||
- Zs == NULL ||
- es == NULL ||
+ if (ret == NULL || BTs == NULL || Zs == NULL || es == NULL ||
!CBB_init(&batch_cbb, 0) ||
!cbb_add_point(&batch_cbb, group, &key->pubs)) {
goto err;
@@ -635,8 +631,7 @@
TRUST_TOKEN *token =
TRUST_TOKEN_new(CBB_data(&token_cbb), CBB_len(&token_cbb));
CBB_cleanup(&token_cbb);
- if (token == NULL ||
- !sk_TRUST_TOKEN_push(ret, token)) {
+ if (token == NULL || !sk_TRUST_TOKEN_push(ret, token)) {
TRUST_TOKEN_free(token);
goto err;
}
@@ -681,15 +676,17 @@
}
static void sha384_update_u16(SHA512_CTX *ctx, uint16_t v) {
- uint8_t buf[2] = {v >> 8, v & 0xff};
+ uint8_t buf[2] = {static_cast<uint8_t>(v >> 8),
+ static_cast<uint8_t>(v & 0xff)};
SHA384_Update(ctx, buf, 2);
}
-static void sha384_update_point_with_length(
- SHA512_CTX *ctx, const EC_GROUP *group, const EC_AFFINE *point) {
+static void sha384_update_point_with_length(SHA512_CTX *ctx,
+ const EC_GROUP *group,
+ const EC_AFFINE *point) {
uint8_t buf[EC_MAX_COMPRESSED];
- size_t len = ec_point_to_bytes(group, point, POINT_CONVERSION_COMPRESSED,
- buf, sizeof(buf));
+ size_t len = ec_point_to_bytes(group, point, POINT_CONVERSION_COMPRESSED, buf,
+ sizeof(buf));
assert(len > 0);
sha384_update_u16(ctx, (uint16_t)len);
SHA384_Update(ctx, buf, len);
@@ -729,11 +726,9 @@
if (!CBB_init_fixed(&cbb, transcript, sizeof(transcript)) ||
!CBB_add_u16(&cbb, SHA384_DIGEST_LENGTH) ||
!CBB_add_bytes(&cbb, seed, SHA384_DIGEST_LENGTH) ||
- !CBB_add_u16(&cbb, index) ||
- !cbb_serialize_point(&cbb, group, C) ||
+ !CBB_add_u16(&cbb, index) || !cbb_serialize_point(&cbb, group, C) ||
!cbb_serialize_point(&cbb, group, D) ||
- !CBB_add_bytes(&cbb, kCompositeLabel,
- sizeof(kCompositeLabel) - 1) ||
+ !CBB_add_bytes(&cbb, kCompositeLabel, sizeof(kCompositeLabel) - 1) ||
!CBB_finish(&cbb, NULL, &len) ||
!method->hash_to_scalar(group, di, transcript, len)) {
return 0;
@@ -786,8 +781,7 @@
ec_scalar_sub(group, &s, r, &s);
// Store DLEQ proof in transcript.
- if (!scalar_to_cbb(cbb, group, &c) ||
- !scalar_to_cbb(cbb, group, &s)) {
+ if (!scalar_to_cbb(cbb, group, &c) || !scalar_to_cbb(cbb, group, &s)) {
return 0;
}
@@ -795,8 +789,8 @@
}
static int verify_proof(const VOPRF_METHOD *method, CBS *cbs,
- const TRUST_TOKEN_CLIENT_KEY *pub,
- const EC_JACOBIAN *M, const EC_JACOBIAN *Z) {
+ const TRUST_TOKEN_CLIENT_KEY *pub, const EC_JACOBIAN *M,
+ const EC_JACOBIAN *Z) {
const EC_GROUP *group = method->group_func();
enum {
@@ -809,16 +803,14 @@
EC_JACOBIAN jacobians[num_idx];
EC_SCALAR c, s;
- if (!scalar_from_cbs(cbs, group, &c) ||
- !scalar_from_cbs(cbs, group, &s)) {
+ if (!scalar_from_cbs(cbs, group, &c) || !scalar_from_cbs(cbs, group, &s)) {
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
return 0;
}
EC_JACOBIAN pubs;
ec_affine_to_jacobian(group, &pubs, &pub->pubs);
- if (!ec_point_mul_scalar_public(group, &jacobians[idx_t2], &s, &pubs,
- &c) ||
+ if (!ec_point_mul_scalar_public(group, &jacobians[idx_t2], &s, &pubs, &c) ||
!mul_public_2(group, &jacobians[idx_t3], M, &s, Z, &c)) {
return 0;
}
@@ -857,72 +849,78 @@
}
int ret = 0;
- EC_JACOBIAN *BTs = OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN));
- EC_JACOBIAN *Zs = OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN));
- EC_SCALAR *dis = OPENSSL_calloc(num_to_issue, sizeof(EC_SCALAR));
- if (!BTs || !Zs || !dis) {
- goto err;
- }
+ EC_JACOBIAN *BTs = reinterpret_cast<EC_JACOBIAN *>(
+ OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN)));
+ EC_JACOBIAN *Zs = reinterpret_cast<EC_JACOBIAN *>(
+ OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN)));
+ EC_SCALAR *dis = reinterpret_cast<EC_SCALAR *>(
+ OPENSSL_calloc(num_to_issue, sizeof(EC_SCALAR)));
- uint8_t seed[SHA384_DIGEST_LENGTH];
- if (!compute_composite_seed(method, seed, &key->pubs)) {
- goto err;
- }
+ {
+ if (!BTs || !Zs || !dis) {
+ goto err;
+ }
- // This implements the BlindEvaluateBatch as defined in section 4 of
- // draft-robert-privacypass-batched-tokens-01, based on the constructions
- // in draft-irtf-cfrg-voprf-21. To optimize the computation of the proof,
- // the computation of di is done during the token signing and passed into
- // the proof generation.
- for (size_t i = 0; i < num_to_issue; i++) {
- EC_AFFINE BT_affine, Z_affine;
- EC_JACOBIAN BT, Z;
- if (!cbs_get_point(cbs, group, &BT_affine)) {
+ uint8_t seed[SHA384_DIGEST_LENGTH];
+ if (!compute_composite_seed(method, seed, &key->pubs)) {
+ goto err;
+ }
+
+ // This implements the BlindEvaluateBatch as defined in section 4 of
+ // draft-robert-privacypass-batched-tokens-01, based on the constructions
+ // in draft-irtf-cfrg-voprf-21. To optimize the computation of the proof,
+ // the computation of di is done during the token signing and passed into
+ // the proof generation.
+ for (size_t i = 0; i < num_to_issue; i++) {
+ EC_AFFINE BT_affine, Z_affine;
+ EC_JACOBIAN BT, Z;
+ if (!cbs_get_point(cbs, group, &BT_affine)) {
+ OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
+ goto err;
+ }
+ ec_affine_to_jacobian(group, &BT, &BT_affine);
+ if (!ec_point_mul_scalar(group, &Z, &BT, &key->xs) ||
+ !ec_jacobian_to_affine(group, &Z_affine, &Z) ||
+ !cbb_add_point(cbb, group, &Z_affine)) {
+ goto err;
+ }
+ BTs[i] = BT;
+ Zs[i] = Z;
+ if (!compute_composite_element(method, seed, &dis[i], i, &BT_affine,
+ &Z_affine)) {
+ goto err;
+ }
+
+ if (!CBB_flush(cbb)) {
+ goto err;
+ }
+ }
+
+ EC_JACOBIAN M, Z;
+ if (!ec_point_mul_scalar_public_batch(group, &M,
+ /*g_scalar=*/NULL, BTs, dis,
+ num_to_issue) ||
+ !ec_point_mul_scalar(group, &Z, &M, &key->xs)) {
+ goto err;
+ }
+
+ CBB proof;
+ if (!CBB_add_u16_length_prefixed(cbb, &proof) ||
+ !generate_proof(method, &proof, key, proof_scalar, &M, &Z) ||
+ !CBB_flush(cbb)) {
+ goto err;
+ }
+
+ // Skip over any unused requests.
+ size_t point_len = ec_point_byte_len(group, POINT_CONVERSION_UNCOMPRESSED);
+ if (!CBS_skip(cbs, point_len * (num_requested - num_to_issue))) {
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
goto err;
}
- ec_affine_to_jacobian(group, &BT, &BT_affine);
- if (!ec_point_mul_scalar(group, &Z, &BT, &key->xs) ||
- !ec_jacobian_to_affine(group, &Z_affine, &Z) ||
- !cbb_add_point(cbb, group, &Z_affine)) {
- goto err;
- }
- BTs[i] = BT;
- Zs[i] = Z;
- if (!compute_composite_element(method, seed, &dis[i], i, &BT_affine,
- &Z_affine)) {
- goto err;
- }
- if (!CBB_flush(cbb)) {
- goto err;
- }
+ ret = 1;
}
- EC_JACOBIAN M, Z;
- if (!ec_point_mul_scalar_public_batch(group, &M,
- /*g_scalar=*/NULL, BTs, dis,
- num_to_issue) ||
- !ec_point_mul_scalar(group, &Z, &M, &key->xs)) {
- goto err;
- }
-
- CBB proof;
- if (!CBB_add_u16_length_prefixed(cbb, &proof) ||
- !generate_proof(method, &proof, key, proof_scalar, &M, &Z) ||
- !CBB_flush(cbb)) {
- goto err;
- }
-
- // Skip over any unused requests.
- size_t point_len = ec_point_byte_len(group, POINT_CONVERSION_UNCOMPRESSED);
- if (!CBS_skip(cbs, point_len * (num_requested - num_to_issue))) {
- OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE);
- goto err;
- }
-
- ret = 1;
-
err:
OPENSSL_free(BTs);
OPENSSL_free(Zs);
@@ -968,9 +966,12 @@
int ok = 0;
STACK_OF(TRUST_TOKEN) *ret = sk_TRUST_TOKEN_new_null();
- EC_JACOBIAN *BTs = OPENSSL_calloc(count, sizeof(EC_JACOBIAN));
- EC_JACOBIAN *Zs = OPENSSL_calloc(count, sizeof(EC_JACOBIAN));
- EC_SCALAR *dis = OPENSSL_calloc(count, sizeof(EC_SCALAR));
+ EC_JACOBIAN *BTs = reinterpret_cast<EC_JACOBIAN *>(
+ OPENSSL_calloc(count, sizeof(EC_JACOBIAN)));
+ EC_JACOBIAN *Zs = reinterpret_cast<EC_JACOBIAN *>(
+ OPENSSL_calloc(count, sizeof(EC_JACOBIAN)));
+ EC_SCALAR *dis =
+ reinterpret_cast<EC_SCALAR *>(OPENSSL_calloc(count, sizeof(EC_SCALAR)));
if (ret == NULL || !BTs || !Zs || !dis) {
goto err;
}
@@ -1022,8 +1023,7 @@
TRUST_TOKEN *token =
TRUST_TOKEN_new(CBB_data(&token_cbb), CBB_len(&token_cbb));
CBB_cleanup(&token_cbb);
- if (token == NULL ||
- !sk_TRUST_TOKEN_push(ret, token)) {
+ if (token == NULL || !sk_TRUST_TOKEN_push(ret, token)) {
TRUST_TOKEN_free(token);
goto err;
}
@@ -1031,18 +1031,15 @@
EC_JACOBIAN M, Z;
if (!ec_point_mul_scalar_public_batch(group, &M,
- /*g_scalar=*/NULL, BTs, dis,
- count) ||
+ /*g_scalar=*/NULL, BTs, dis, count) ||
!ec_point_mul_scalar_public_batch(group, &Z,
- /*g_scalar=*/NULL, Zs, dis,
- count)) {
+ /*g_scalar=*/NULL, Zs, dis, count)) {
goto err;
}
CBS proof;
if (!CBS_get_u16_length_prefixed(cbs, &proof) ||
- !verify_proof(method, &proof, key, &M, &Z) ||
- CBS_len(&proof) != 0) {
+ !verify_proof(method, &proof, key, &M, &Z) || CBS_len(&proof) != 0) {
goto err;
}
@@ -1069,8 +1066,7 @@
CBS_init(&cbs, token, token_len);
EC_AFFINE Ws;
if (!CBS_get_bytes(&cbs, &salt, TRUST_TOKEN_NONCE_SIZE) ||
- !cbs_get_point(&cbs, group, &Ws) ||
- CBS_len(&cbs) != 0) {
+ !cbs_get_point(&cbs, group, &Ws) || CBS_len(&cbs) != 0) {
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_INVALID_TOKEN);
return 0;
}
@@ -1113,7 +1109,7 @@
}
static int voprf_exp2_hash_to_scalar(const EC_GROUP *group, EC_SCALAR *out,
- uint8_t *buf, size_t len) {
+ uint8_t *buf, size_t len) {
const uint8_t kHashCLabel[] = "TrustToken VOPRF Experiment V2 HashToScalar";
return ec_hash_to_scalar_p384_xmd_sha512_draft07(
group, out, kHashCLabel, sizeof(kHashCLabel), buf, len);
@@ -1189,7 +1185,7 @@
}
static int voprf_pst1_hash_to_scalar(const EC_GROUP *group, EC_SCALAR *out,
- uint8_t *buf, size_t len) {
+ uint8_t *buf, size_t len) {
const uint8_t kHashCLabel[] = "HashToScalar-OPRFV1-\x01-P384-SHA384";
return ec_hash_to_scalar_p384_xmd_sha384(group, out, kHashCLabel,
sizeof(kHashCLabel) - 1, buf, len);
diff --git a/crypto/x509/a_digest.c b/crypto/x509/a_digest.cc
similarity index 97%
rename from crypto/x509/a_digest.c
rename to crypto/x509/a_digest.cc
index 4686993..cec7da8 100644
--- a/crypto/x509/a_digest.c
+++ b/crypto/x509/a_digest.cc
@@ -83,7 +83,7 @@
int i, ret;
unsigned char *str = NULL;
- i = ASN1_item_i2d(asn, &str, it);
+ i = ASN1_item_i2d(reinterpret_cast<ASN1_VALUE *>(asn), &str, it);
if (!str) {
return 0;
}
diff --git a/crypto/x509/a_sign.c b/crypto/x509/a_sign.cc
similarity index 78%
rename from crypto/x509/a_sign.c
rename to crypto/x509/a_sign.cc
index 7f80e5b..55753b8 100644
--- a/crypto/x509/a_sign.c
+++ b/crypto/x509/a_sign.cc
@@ -87,46 +87,49 @@
void *asn, EVP_MD_CTX *ctx) {
int ret = 0;
uint8_t *in = NULL, *out = NULL;
- if (signature->type != V_ASN1_BIT_STRING) {
- OPENSSL_PUT_ERROR(ASN1, ASN1_R_WRONG_TYPE);
- goto err;
- }
- // Write out the requested copies of the AlgorithmIdentifier.
- if (algor1 && !x509_digest_sign_algorithm(ctx, algor1)) {
- goto err;
- }
- if (algor2 && !x509_digest_sign_algorithm(ctx, algor2)) {
- goto err;
- }
+ {
+ if (signature->type != V_ASN1_BIT_STRING) {
+ OPENSSL_PUT_ERROR(ASN1, ASN1_R_WRONG_TYPE);
+ goto err;
+ }
- int in_len = ASN1_item_i2d(asn, &in, it);
- if (in_len < 0) {
- goto err;
- }
+ // Write out the requested copies of the AlgorithmIdentifier.
+ if (algor1 && !x509_digest_sign_algorithm(ctx, algor1)) {
+ goto err;
+ }
+ if (algor2 && !x509_digest_sign_algorithm(ctx, algor2)) {
+ goto err;
+ }
- EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx);
- size_t out_len = EVP_PKEY_size(pkey);
- if (out_len > INT_MAX) {
- OPENSSL_PUT_ERROR(X509, ERR_R_OVERFLOW);
- goto err;
- }
+ int in_len = ASN1_item_i2d(reinterpret_cast<ASN1_VALUE *>(asn), &in, it);
+ if (in_len < 0) {
+ goto err;
+ }
- out = OPENSSL_malloc(out_len);
- if (out == NULL) {
- goto err;
- }
+ EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx);
+ size_t out_len = EVP_PKEY_size(pkey);
+ if (out_len > INT_MAX) {
+ OPENSSL_PUT_ERROR(X509, ERR_R_OVERFLOW);
+ goto err;
+ }
- if (!EVP_DigestSign(ctx, out, &out_len, in, in_len)) {
- OPENSSL_PUT_ERROR(X509, ERR_R_EVP_LIB);
- goto err;
- }
+ out = reinterpret_cast<uint8_t *>(OPENSSL_malloc(out_len));
+ if (out == NULL) {
+ goto err;
+ }
- ASN1_STRING_set0(signature, out, (int)out_len);
- out = NULL;
- signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
- signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
- ret = (int)out_len;
+ if (!EVP_DigestSign(ctx, out, &out_len, in, in_len)) {
+ OPENSSL_PUT_ERROR(X509, ERR_R_EVP_LIB);
+ goto err;
+ }
+
+ ASN1_STRING_set0(signature, out, (int)out_len);
+ out = NULL;
+ signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+ signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+ ret = (int)out_len;
+ }
err:
EVP_MD_CTX_cleanup(ctx);
diff --git a/crypto/x509/a_verify.c b/crypto/x509/a_verify.cc
similarity index 97%
rename from crypto/x509/a_verify.c
rename to crypto/x509/a_verify.cc
index a70769f..52716717 100644
--- a/crypto/x509/a_verify.c
+++ b/crypto/x509/a_verify.cc
@@ -95,7 +95,7 @@
goto err;
}
- inl = ASN1_item_i2d(asn, &buf_in, it);
+ inl = ASN1_item_i2d(reinterpret_cast<ASN1_VALUE *>(asn), &buf_in, it);
if (buf_in == NULL) {
goto err;
diff --git a/crypto/x509/algorithm.c b/crypto/x509/algorithm.cc
similarity index 100%
rename from crypto/x509/algorithm.c
rename to crypto/x509/algorithm.cc
diff --git a/crypto/x509/asn1_gen.c b/crypto/x509/asn1_gen.cc
similarity index 97%
rename from crypto/x509/asn1_gen.c
rename to crypto/x509/asn1_gen.cc
index 73a5cc3..897d383 100644
--- a/crypto/x509/asn1_gen.c
+++ b/crypto/x509/asn1_gen.cc
@@ -133,8 +133,7 @@
static CBS_ASN1_TAG parse_tag(const CBS *cbs) {
CBS copy = *cbs;
uint64_t num;
- if (!CBS_get_u64_decimal(©, &num) ||
- num > CBS_ASN1_TAG_NUMBER_MASK) {
+ if (!CBS_get_u64_decimal(©, &num) || num > CBS_ASN1_TAG_NUMBER_MASK) {
OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_NUMBER);
return 0;
}
@@ -400,8 +399,7 @@
uint8_t *out;
int ok = len > 0 && //
CBB_add_space(&child, &out, len) &&
- i2c_ASN1_INTEGER(obj, &out) == len &&
- CBB_flush(cbb);
+ i2c_ASN1_INTEGER(obj, &out) == len && CBB_flush(cbb);
ASN1_INTEGER_free(obj);
return ok;
}
@@ -428,7 +426,7 @@
return 0;
}
CBS value_cbs;
- CBS_init(&value_cbs, (const uint8_t*)value, strlen(value));
+ CBS_init(&value_cbs, (const uint8_t *)value, strlen(value));
int ok = type == CBS_ASN1_UTCTIME
? CBS_parse_utc_time(&value_cbs, NULL,
/*allow_timezone_offset=*/0)
@@ -578,7 +576,8 @@
OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_NUMBER);
return 0;
}
- if (!ASN1_BIT_STRING_set_bit(bitstr, (int)bitnum, 1)) {
+ if (!ASN1_BIT_STRING_set_bit(reinterpret_cast<ASN1_BIT_STRING *>(bitstr),
+ (int)bitnum, 1)) {
return 0;
}
return 1;
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.cc
similarity index 96%
rename from crypto/x509/by_dir.c
rename to crypto/x509/by_dir.cc
index 5829de4..a1719b6 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.cc
@@ -108,7 +108,7 @@
int ret = 0;
char *dir = NULL;
- BY_DIR *ld = ctx->method_data;
+ BY_DIR *ld = reinterpret_cast<BY_DIR *>(ctx->method_data);
switch (cmd) {
case X509_L_ADD_DIR:
@@ -165,7 +165,7 @@
}
static void free_dir(X509_LOOKUP *lu) {
- BY_DIR *a = lu->method_data;
+ BY_DIR *a = reinterpret_cast<BY_DIR *>(lu->method_data);
if (a != NULL) {
sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free);
OPENSSL_free(a);
@@ -213,7 +213,8 @@
return 0;
}
}
- ent = OPENSSL_malloc(sizeof(BY_DIR_ENTRY));
+ ent = reinterpret_cast<BY_DIR_ENTRY *>(
+ OPENSSL_malloc(sizeof(BY_DIR_ENTRY)));
if (!ent) {
return 0;
}
@@ -258,6 +259,7 @@
}
stmp.type = type;
+ BY_DIR *ctx = reinterpret_cast<BY_DIR *>(xl->method_data);
if (type == X509_LU_X509) {
data.x509.st_x509.cert_info = &data.x509.st_x509_cinf;
data.x509.st_x509_cinf.subject = name;
@@ -278,8 +280,6 @@
goto finish;
}
- BY_DIR *ctx = xl->method_data;
-
hash_array[0] = X509_NAME_hash(name);
hash_array[1] = X509_NAME_hash_old(name);
for (hash_index = 0; hash_index < 2; ++hash_index) {
@@ -353,7 +353,8 @@
}
}
if (!hent) {
- hent = OPENSSL_malloc(sizeof(BY_DIR_HASH));
+ hent = reinterpret_cast<BY_DIR_HASH *>(
+ OPENSSL_malloc(sizeof(BY_DIR_HASH)));
if (hent == NULL) {
CRYPTO_MUTEX_unlock_write(&ent->lock);
ok = 0;
diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.cc
similarity index 100%
rename from crypto/x509/by_file.c
rename to crypto/x509/by_file.cc
diff --git a/crypto/x509/i2d_pr.c b/crypto/x509/i2d_pr.cc
similarity index 100%
rename from crypto/x509/i2d_pr.c
rename to crypto/x509/i2d_pr.cc
diff --git a/crypto/x509/name_print.c b/crypto/x509/name_print.cc
similarity index 100%
rename from crypto/x509/name_print.c
rename to crypto/x509/name_print.cc
diff --git a/crypto/x509/policy.c b/crypto/x509/policy.cc
similarity index 75%
rename from crypto/x509/policy.c
rename to crypto/x509/policy.cc
index 066e8cc..71d036f 100644
--- a/crypto/x509/policy.c
+++ b/crypto/x509/policy.cc
@@ -105,7 +105,8 @@
static X509_POLICY_NODE *x509_policy_node_new(const ASN1_OBJECT *policy) {
assert(!is_any_policy(policy));
- X509_POLICY_NODE *node = OPENSSL_zalloc(sizeof(X509_POLICY_NODE));
+ X509_POLICY_NODE *node = reinterpret_cast<X509_POLICY_NODE *>(
+ OPENSSL_zalloc(sizeof(X509_POLICY_NODE)));
if (node == NULL) {
return NULL;
}
@@ -131,7 +132,8 @@
}
static X509_POLICY_LEVEL *x509_policy_level_new(void) {
- X509_POLICY_LEVEL *level = OPENSSL_zalloc(sizeof(X509_POLICY_LEVEL));
+ X509_POLICY_LEVEL *level = reinterpret_cast<X509_POLICY_LEVEL *>(
+ OPENSSL_zalloc(sizeof(X509_POLICY_LEVEL)));
if (level == NULL) {
return NULL;
}
@@ -203,7 +205,8 @@
}
static int delete_if_not_in_policies(X509_POLICY_NODE *node, void *data) {
- const CERTIFICATEPOLICIES *policies = data;
+ const CERTIFICATEPOLICIES *policies =
+ reinterpret_cast<CERTIFICATEPOLICIES *>(data);
assert(sk_POLICYINFO_is_sorted(policies));
POLICYINFO info;
info.policyid = node->policy;
@@ -227,81 +230,86 @@
int ret = 0;
int critical;
STACK_OF(X509_POLICY_NODE) *new_nodes = NULL;
- CERTIFICATEPOLICIES *policies =
- X509_get_ext_d2i(x509, NID_certificate_policies, &critical, NULL);
- if (policies == NULL) {
- if (critical != -1) {
- return 0; // Syntax error in the extension.
+ CERTIFICATEPOLICIES *policies = reinterpret_cast<CERTIFICATEPOLICIES *>(
+ X509_get_ext_d2i(x509, NID_certificate_policies, &critical, NULL));
+
+ {
+ if (policies == NULL) {
+ if (critical != -1) {
+ return 0; // Syntax error in the extension.
+ }
+
+ // RFC 5280, section 6.1.3, step (e).
+ x509_policy_level_clear(level);
+ return 1;
}
- // RFC 5280, section 6.1.3, step (e).
- x509_policy_level_clear(level);
- return 1;
- }
-
- // certificatePolicies may not be empty. See RFC 5280, section 4.2.1.4.
- // TODO(https://crbug.com/boringssl/443): Move this check into the parser.
- if (sk_POLICYINFO_num(policies) == 0) {
- OPENSSL_PUT_ERROR(X509, X509_R_INVALID_POLICY_EXTENSION);
- goto err;
- }
-
- sk_POLICYINFO_set_cmp_func(policies, policyinfo_cmp);
- sk_POLICYINFO_sort(policies);
- int cert_has_any_policy = 0;
- for (size_t i = 0; i < sk_POLICYINFO_num(policies); i++) {
- const POLICYINFO *policy = sk_POLICYINFO_value(policies, i);
- if (is_any_policy(policy->policyid)) {
- cert_has_any_policy = 1;
- }
- if (i > 0 && OBJ_cmp(sk_POLICYINFO_value(policies, i - 1)->policyid,
- policy->policyid) == 0) {
- // Per RFC 5280, section 4.2.1.4, |policies| may not have duplicates.
+ // certificatePolicies may not be empty. See RFC 5280, section 4.2.1.4.
+ // TODO(https://crbug.com/boringssl/443): Move this check into the parser.
+ if (sk_POLICYINFO_num(policies) == 0) {
OPENSSL_PUT_ERROR(X509, X509_R_INVALID_POLICY_EXTENSION);
goto err;
}
- }
- // This does the same thing as RFC 5280, section 6.1.3, step (d), though in
- // a slighty different order. |level| currently contains "expected_policy_set"
- // values of the previous level. See |process_policy_mappings| for details.
- const int previous_level_has_any_policy = level->has_any_policy;
-
- // First, we handle steps (d.1.i) and (d.2). The net effect of these two steps
- // is to intersect |level| with |policies|, ignoring anyPolicy if it is
- // inhibited.
- if (!cert_has_any_policy || !any_policy_allowed) {
- sk_X509_POLICY_NODE_delete_if(level->nodes, delete_if_not_in_policies,
- policies);
- level->has_any_policy = 0;
- }
-
- // Step (d.1.ii) may attach new nodes to the previous level's anyPolicy node.
- if (previous_level_has_any_policy) {
- new_nodes = sk_X509_POLICY_NODE_new_null();
- if (new_nodes == NULL) {
- goto err;
- }
+ sk_POLICYINFO_set_cmp_func(policies, policyinfo_cmp);
+ sk_POLICYINFO_sort(policies);
+ int cert_has_any_policy = 0;
for (size_t i = 0; i < sk_POLICYINFO_num(policies); i++) {
const POLICYINFO *policy = sk_POLICYINFO_value(policies, i);
- // Though we've reordered the steps slightly, |policy| is in |level| if
- // and only if it would have been a match in step (d.1.ii).
- if (!is_any_policy(policy->policyid) &&
- x509_policy_level_find(level, policy->policyid) == NULL) {
- X509_POLICY_NODE *node = x509_policy_node_new(policy->policyid);
- if (node == NULL || //
- !sk_X509_POLICY_NODE_push(new_nodes, node)) {
- x509_policy_node_free(node);
- goto err;
- }
+ if (is_any_policy(policy->policyid)) {
+ cert_has_any_policy = 1;
+ }
+ if (i > 0 && OBJ_cmp(sk_POLICYINFO_value(policies, i - 1)->policyid,
+ policy->policyid) == 0) {
+ // Per RFC 5280, section 4.2.1.4, |policies| may not have duplicates.
+ OPENSSL_PUT_ERROR(X509, X509_R_INVALID_POLICY_EXTENSION);
+ goto err;
}
}
- if (!x509_policy_level_add_nodes(level, new_nodes)) {
- goto err;
- }
- }
- ret = 1;
+ // This does the same thing as RFC 5280, section 6.1.3, step (d), though in
+ // a slighty different order. |level| currently contains
+ // "expected_policy_set" values of the previous level. See
+ // |process_policy_mappings| for details.
+ const int previous_level_has_any_policy = level->has_any_policy;
+
+ // First, we handle steps (d.1.i) and (d.2). The net effect of these two
+ // steps is to intersect |level| with |policies|, ignoring anyPolicy if it
+ // is inhibited.
+ if (!cert_has_any_policy || !any_policy_allowed) {
+ sk_X509_POLICY_NODE_delete_if(level->nodes, delete_if_not_in_policies,
+ policies);
+ level->has_any_policy = 0;
+ }
+
+ // Step (d.1.ii) may attach new nodes to the previous level's anyPolicy
+ // node.
+ if (previous_level_has_any_policy) {
+ new_nodes = sk_X509_POLICY_NODE_new_null();
+ if (new_nodes == NULL) {
+ goto err;
+ }
+ for (size_t i = 0; i < sk_POLICYINFO_num(policies); i++) {
+ const POLICYINFO *policy = sk_POLICYINFO_value(policies, i);
+ // Though we've reordered the steps slightly, |policy| is in |level| if
+ // and only if it would have been a match in step (d.1.ii).
+ if (!is_any_policy(policy->policyid) &&
+ x509_policy_level_find(level, policy->policyid) == NULL) {
+ X509_POLICY_NODE *node = x509_policy_node_new(policy->policyid);
+ if (node == NULL || //
+ !sk_X509_POLICY_NODE_push(new_nodes, node)) {
+ x509_policy_node_free(node);
+ goto err;
+ }
+ }
+ }
+ if (!x509_policy_level_add_nodes(level, new_nodes)) {
+ goto err;
+ }
+ }
+
+ ret = 1;
+ }
err:
sk_X509_POLICY_NODE_pop_free(new_nodes, x509_policy_node_free);
@@ -320,7 +328,7 @@
}
static int delete_if_mapped(X509_POLICY_NODE *node, void *data) {
- const POLICY_MAPPINGS *mappings = data;
+ const POLICY_MAPPINGS *mappings = reinterpret_cast<POLICY_MAPPINGS *>(data);
// |mappings| must have been sorted by |compare_issuer_policy|.
assert(sk_POLICY_MAPPING_is_sorted(mappings));
POLICY_MAPPING mapping;
@@ -355,144 +363,147 @@
STACK_OF(X509_POLICY_NODE) *new_nodes = NULL;
X509_POLICY_LEVEL *next = NULL;
int critical;
- POLICY_MAPPINGS *mappings =
- X509_get_ext_d2i(cert, NID_policy_mappings, &critical, NULL);
- if (mappings == NULL && critical != -1) {
- // Syntax error in the policy mappings extension.
- goto err;
- }
+ POLICY_MAPPINGS *mappings = reinterpret_cast<POLICY_MAPPINGS *>(
+ X509_get_ext_d2i(cert, NID_policy_mappings, &critical, NULL));
- if (mappings != NULL) {
- // PolicyMappings may not be empty. See RFC 5280, section 4.2.1.5.
- // TODO(https://crbug.com/boringssl/443): Move this check into the parser.
- if (sk_POLICY_MAPPING_num(mappings) == 0) {
- OPENSSL_PUT_ERROR(X509, X509_R_INVALID_POLICY_EXTENSION);
+ {
+ if (mappings == NULL && critical != -1) {
+ // Syntax error in the policy mappings extension.
goto err;
}
- // RFC 5280, section 6.1.4, step (a).
- for (size_t i = 0; i < sk_POLICY_MAPPING_num(mappings); i++) {
- POLICY_MAPPING *mapping = sk_POLICY_MAPPING_value(mappings, i);
- if (is_any_policy(mapping->issuerDomainPolicy) ||
- is_any_policy(mapping->subjectDomainPolicy)) {
+ if (mappings != NULL) {
+ // PolicyMappings may not be empty. See RFC 5280, section 4.2.1.5.
+ // TODO(https://crbug.com/boringssl/443): Move this check into the parser.
+ if (sk_POLICY_MAPPING_num(mappings) == 0) {
+ OPENSSL_PUT_ERROR(X509, X509_R_INVALID_POLICY_EXTENSION);
goto err;
}
- }
- // Sort to group by issuerDomainPolicy.
- sk_POLICY_MAPPING_set_cmp_func(mappings, compare_issuer_policy);
- sk_POLICY_MAPPING_sort(mappings);
-
- if (mapping_allowed) {
- // Mark nodes as mapped, and add any nodes to |level| which may be needed
- // as part of RFC 5280, section 6.1.4, step (b.1).
- new_nodes = sk_X509_POLICY_NODE_new_null();
- if (new_nodes == NULL) {
- goto err;
- }
- const ASN1_OBJECT *last_policy = NULL;
+ // RFC 5280, section 6.1.4, step (a).
for (size_t i = 0; i < sk_POLICY_MAPPING_num(mappings); i++) {
- const POLICY_MAPPING *mapping = sk_POLICY_MAPPING_value(mappings, i);
- // There may be multiple mappings with the same |issuerDomainPolicy|.
- if (last_policy != NULL &&
- OBJ_cmp(mapping->issuerDomainPolicy, last_policy) == 0) {
- continue;
+ POLICY_MAPPING *mapping = sk_POLICY_MAPPING_value(mappings, i);
+ if (is_any_policy(mapping->issuerDomainPolicy) ||
+ is_any_policy(mapping->subjectDomainPolicy)) {
+ goto err;
}
- last_policy = mapping->issuerDomainPolicy;
+ }
- X509_POLICY_NODE *node =
- x509_policy_level_find(level, mapping->issuerDomainPolicy);
- if (node == NULL) {
- if (!level->has_any_policy) {
+ // Sort to group by issuerDomainPolicy.
+ sk_POLICY_MAPPING_set_cmp_func(mappings, compare_issuer_policy);
+ sk_POLICY_MAPPING_sort(mappings);
+
+ if (mapping_allowed) {
+ // Mark nodes as mapped, and add any nodes to |level| which may be
+ // needed as part of RFC 5280, section 6.1.4, step (b.1).
+ new_nodes = sk_X509_POLICY_NODE_new_null();
+ if (new_nodes == NULL) {
+ goto err;
+ }
+ const ASN1_OBJECT *last_policy = NULL;
+ for (size_t i = 0; i < sk_POLICY_MAPPING_num(mappings); i++) {
+ const POLICY_MAPPING *mapping = sk_POLICY_MAPPING_value(mappings, i);
+ // There may be multiple mappings with the same |issuerDomainPolicy|.
+ if (last_policy != NULL &&
+ OBJ_cmp(mapping->issuerDomainPolicy, last_policy) == 0) {
continue;
}
- node = x509_policy_node_new(mapping->issuerDomainPolicy);
- if (node == NULL || //
- !sk_X509_POLICY_NODE_push(new_nodes, node)) {
- x509_policy_node_free(node);
- goto err;
+ last_policy = mapping->issuerDomainPolicy;
+
+ X509_POLICY_NODE *node =
+ x509_policy_level_find(level, mapping->issuerDomainPolicy);
+ if (node == NULL) {
+ if (!level->has_any_policy) {
+ continue;
+ }
+ node = x509_policy_node_new(mapping->issuerDomainPolicy);
+ if (node == NULL || //
+ !sk_X509_POLICY_NODE_push(new_nodes, node)) {
+ x509_policy_node_free(node);
+ goto err;
+ }
}
+ node->mapped = 1;
}
- node->mapped = 1;
+ if (!x509_policy_level_add_nodes(level, new_nodes)) {
+ goto err;
+ }
+ } else {
+ // RFC 5280, section 6.1.4, step (b.2). If mapping is inhibited, delete
+ // all mapped nodes.
+ sk_X509_POLICY_NODE_delete_if(level->nodes, delete_if_mapped, mappings);
+ sk_POLICY_MAPPING_pop_free(mappings, POLICY_MAPPING_free);
+ mappings = NULL;
}
- if (!x509_policy_level_add_nodes(level, new_nodes)) {
- goto err;
- }
- } else {
- // RFC 5280, section 6.1.4, step (b.2). If mapping is inhibited, delete
- // all mapped nodes.
- sk_X509_POLICY_NODE_delete_if(level->nodes, delete_if_mapped, mappings);
- sk_POLICY_MAPPING_pop_free(mappings, POLICY_MAPPING_free);
- mappings = NULL;
}
- }
- // If a node was not mapped, it retains the original "explicit_policy_set"
- // value, itself. Add those to |mappings|.
- if (mappings == NULL) {
- mappings = sk_POLICY_MAPPING_new_null();
+ // If a node was not mapped, it retains the original "explicit_policy_set"
+ // value, itself. Add those to |mappings|.
if (mappings == NULL) {
+ mappings = sk_POLICY_MAPPING_new_null();
+ if (mappings == NULL) {
+ goto err;
+ }
+ }
+ for (size_t i = 0; i < sk_X509_POLICY_NODE_num(level->nodes); i++) {
+ X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(level->nodes, i);
+ if (!node->mapped) {
+ POLICY_MAPPING *mapping = POLICY_MAPPING_new();
+ if (mapping == NULL) {
+ goto err;
+ }
+ mapping->issuerDomainPolicy = OBJ_dup(node->policy);
+ mapping->subjectDomainPolicy = OBJ_dup(node->policy);
+ if (mapping->issuerDomainPolicy == NULL ||
+ mapping->subjectDomainPolicy == NULL ||
+ !sk_POLICY_MAPPING_push(mappings, mapping)) {
+ POLICY_MAPPING_free(mapping);
+ goto err;
+ }
+ }
+ }
+
+ // Sort to group by subjectDomainPolicy.
+ sk_POLICY_MAPPING_set_cmp_func(mappings, compare_subject_policy);
+ sk_POLICY_MAPPING_sort(mappings);
+
+ // Convert |mappings| to our "expected_policy_set" representation.
+ next = x509_policy_level_new();
+ if (next == NULL) {
goto err;
}
- }
- for (size_t i = 0; i < sk_X509_POLICY_NODE_num(level->nodes); i++) {
- X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(level->nodes, i);
- if (!node->mapped) {
- POLICY_MAPPING *mapping = POLICY_MAPPING_new();
- if (mapping == NULL) {
- goto err;
+ next->has_any_policy = level->has_any_policy;
+
+ X509_POLICY_NODE *last_node = NULL;
+ for (size_t i = 0; i < sk_POLICY_MAPPING_num(mappings); i++) {
+ POLICY_MAPPING *mapping = sk_POLICY_MAPPING_value(mappings, i);
+ // Skip mappings where |issuerDomainPolicy| does not appear in the graph.
+ if (!level->has_any_policy &&
+ x509_policy_level_find(level, mapping->issuerDomainPolicy) == NULL) {
+ continue;
}
- mapping->issuerDomainPolicy = OBJ_dup(node->policy);
- mapping->subjectDomainPolicy = OBJ_dup(node->policy);
- if (mapping->issuerDomainPolicy == NULL ||
- mapping->subjectDomainPolicy == NULL ||
- !sk_POLICY_MAPPING_push(mappings, mapping)) {
- POLICY_MAPPING_free(mapping);
- goto err;
- }
- }
- }
- // Sort to group by subjectDomainPolicy.
- sk_POLICY_MAPPING_set_cmp_func(mappings, compare_subject_policy);
- sk_POLICY_MAPPING_sort(mappings);
-
- // Convert |mappings| to our "expected_policy_set" representation.
- next = x509_policy_level_new();
- if (next == NULL) {
- goto err;
- }
- next->has_any_policy = level->has_any_policy;
-
- X509_POLICY_NODE *last_node = NULL;
- for (size_t i = 0; i < sk_POLICY_MAPPING_num(mappings); i++) {
- POLICY_MAPPING *mapping = sk_POLICY_MAPPING_value(mappings, i);
- // Skip mappings where |issuerDomainPolicy| does not appear in the graph.
- if (!level->has_any_policy &&
- x509_policy_level_find(level, mapping->issuerDomainPolicy) == NULL) {
- continue;
- }
-
- if (last_node == NULL ||
- OBJ_cmp(last_node->policy, mapping->subjectDomainPolicy) != 0) {
- last_node = x509_policy_node_new(mapping->subjectDomainPolicy);
if (last_node == NULL ||
- !sk_X509_POLICY_NODE_push(next->nodes, last_node)) {
- x509_policy_node_free(last_node);
+ OBJ_cmp(last_node->policy, mapping->subjectDomainPolicy) != 0) {
+ last_node = x509_policy_node_new(mapping->subjectDomainPolicy);
+ if (last_node == NULL ||
+ !sk_X509_POLICY_NODE_push(next->nodes, last_node)) {
+ x509_policy_node_free(last_node);
+ goto err;
+ }
+ }
+
+ if (!sk_ASN1_OBJECT_push(last_node->parent_policies,
+ mapping->issuerDomainPolicy)) {
goto err;
}
+ mapping->issuerDomainPolicy = NULL;
}
- if (!sk_ASN1_OBJECT_push(last_node->parent_policies,
- mapping->issuerDomainPolicy)) {
- goto err;
- }
- mapping->issuerDomainPolicy = NULL;
+ sk_X509_POLICY_NODE_sort(next->nodes);
+ ok = 1;
}
- sk_X509_POLICY_NODE_sort(next->nodes);
- ok = 1;
-
err:
if (!ok) {
x509_policy_level_free(next);
@@ -535,8 +546,8 @@
size_t *policy_mapping,
size_t *inhibit_any_policy) {
int critical;
- POLICY_CONSTRAINTS *constraints =
- X509_get_ext_d2i(x509, NID_policy_constraints, &critical, NULL);
+ POLICY_CONSTRAINTS *constraints = reinterpret_cast<POLICY_CONSTRAINTS *>(
+ X509_get_ext_d2i(x509, NID_policy_constraints, &critical, NULL));
if (constraints == NULL && critical != -1) {
return 0;
}
@@ -558,8 +569,8 @@
}
}
- ASN1_INTEGER *inhibit_any_policy_ext =
- X509_get_ext_d2i(x509, NID_inhibit_any_policy, &critical, NULL);
+ ASN1_INTEGER *inhibit_any_policy_ext = reinterpret_cast<ASN1_INTEGER *>(
+ X509_get_ext_d2i(x509, NID_inhibit_any_policy, &critical, NULL));
if (inhibit_any_policy_ext == NULL && critical != -1) {
return 0;
}
@@ -673,8 +684,7 @@
(flags & X509_V_FLAG_EXPLICIT_POLICY) ? 0 : num_certs + 1;
size_t inhibit_any_policy =
(flags & X509_V_FLAG_INHIBIT_ANY) ? 0 : num_certs + 1;
- size_t policy_mapping =
- (flags & X509_V_FLAG_INHIBIT_MAP) ? 0 : num_certs + 1;
+ size_t policy_mapping = (flags & X509_V_FLAG_INHIBIT_MAP) ? 0 : num_certs + 1;
levels = sk_X509_POLICY_LEVEL_new_null();
if (levels == NULL) {
diff --git a/crypto/x509/rsa_pss.c b/crypto/x509/rsa_pss.cc
similarity index 85%
rename from crypto/x509/rsa_pss.c
rename to crypto/x509/rsa_pss.cc
index 8e19b8c..8824a6e 100644
--- a/crypto/x509/rsa_pss.c
+++ b/crypto/x509/rsa_pss.cc
@@ -89,8 +89,7 @@
// Given an MGF1 Algorithm ID decode to an Algorithm Identifier
static X509_ALGOR *rsa_mgf1_decode(const X509_ALGOR *alg) {
- if (OBJ_obj2nid(alg->algorithm) != NID_mgf1 ||
- alg->parameter == NULL ||
+ if (OBJ_obj2nid(alg->algorithm) != NID_mgf1 || alg->parameter == NULL ||
alg->parameter->type != V_ASN1_SEQUENCE) {
return NULL;
}
@@ -241,7 +240,8 @@
goto err;
}
- if (!X509_ALGOR_set0(algor, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os)) {
+ if (!X509_ALGOR_set0(algor, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE,
+ os)) {
goto err;
}
os = NULL;
@@ -260,51 +260,55 @@
// Decode PSS parameters
int ret = 0;
RSA_PSS_PARAMS *pss = rsa_pss_decode(sigalg);
- if (pss == NULL) {
- OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS);
- goto err;
- }
- const EVP_MD *mgf1md = rsa_mgf1_to_md(pss->maskGenAlgorithm);
- const EVP_MD *md = rsa_algor_to_md(pss->hashAlgorithm);
- if (mgf1md == NULL || md == NULL) {
- goto err;
- }
+ {
+ if (pss == NULL) {
+ OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS);
+ goto err;
+ }
- // We require the MGF-1 and signing hashes to match.
- if (mgf1md != md) {
- OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS);
- goto err;
- }
+ const EVP_MD *mgf1md = rsa_mgf1_to_md(pss->maskGenAlgorithm);
+ const EVP_MD *md = rsa_algor_to_md(pss->hashAlgorithm);
+ if (mgf1md == NULL || md == NULL) {
+ goto err;
+ }
- // We require the salt length be the hash length. The DEFAULT value is 20, but
- // this does not match any supported salt length.
- uint64_t salt_len = 0;
- if (pss->saltLength == NULL ||
- !ASN1_INTEGER_get_uint64(&salt_len, pss->saltLength) ||
- salt_len != EVP_MD_size(md)) {
- OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS);
- goto err;
- }
- assert(salt_len <= INT_MAX);
+ // We require the MGF-1 and signing hashes to match.
+ if (mgf1md != md) {
+ OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS);
+ goto err;
+ }
- // The trailer field must be 1 (0xbc). This value is DEFAULT, so the structure
- // is required to omit it in DER. Although a syntax error, we also tolerate an
- // explicitly-encoded value. See the certificates in cl/362617931.
- if (pss->trailerField != NULL && ASN1_INTEGER_get(pss->trailerField) != 1) {
- OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS);
- goto err;
- }
+ // We require the salt length be the hash length. The DEFAULT value is 20,
+ // but this does not match any supported salt length.
+ uint64_t salt_len = 0;
+ if (pss->saltLength == NULL ||
+ !ASN1_INTEGER_get_uint64(&salt_len, pss->saltLength) ||
+ salt_len != EVP_MD_size(md)) {
+ OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS);
+ goto err;
+ }
+ assert(salt_len <= INT_MAX);
- EVP_PKEY_CTX *pctx;
- if (!EVP_DigestVerifyInit(ctx, &pctx, md, NULL, pkey) ||
- !EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) ||
- !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, (int)salt_len) ||
- !EVP_PKEY_CTX_set_rsa_mgf1_md(pctx, mgf1md)) {
- goto err;
- }
+ // The trailer field must be 1 (0xbc). This value is DEFAULT, so the
+ // structure is required to omit it in DER. Although a syntax error, we also
+ // tolerate an explicitly-encoded value. See the certificates in
+ // cl/362617931.
+ if (pss->trailerField != NULL && ASN1_INTEGER_get(pss->trailerField) != 1) {
+ OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS);
+ goto err;
+ }
- ret = 1;
+ EVP_PKEY_CTX *pctx;
+ if (!EVP_DigestVerifyInit(ctx, &pctx, md, NULL, pkey) ||
+ !EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) ||
+ !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, (int)salt_len) ||
+ !EVP_PKEY_CTX_set_rsa_mgf1_md(pctx, mgf1md)) {
+ goto err;
+ }
+
+ ret = 1;
+ }
err:
RSA_PSS_PARAMS_free(pss);
diff --git a/crypto/x509/t_crl.c b/crypto/x509/t_crl.cc
similarity index 100%
rename from crypto/x509/t_crl.c
rename to crypto/x509/t_crl.cc
diff --git a/crypto/x509/t_req.c b/crypto/x509/t_req.cc
similarity index 100%
rename from crypto/x509/t_req.c
rename to crypto/x509/t_req.cc
diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.cc
similarity index 100%
rename from crypto/x509/t_x509.c
rename to crypto/x509/t_x509.cc
diff --git a/crypto/x509/t_x509a.c b/crypto/x509/t_x509a.cc
similarity index 100%
rename from crypto/x509/t_x509a.c
rename to crypto/x509/t_x509a.cc
diff --git a/crypto/x509/v3_akey.c b/crypto/x509/v3_akey.cc
similarity index 97%
rename from crypto/x509/v3_akey.c
rename to crypto/x509/v3_akey.cc
index 740058d..cfd5d75 100644
--- a/crypto/x509/v3_akey.c
+++ b/crypto/x509/v3_akey.cc
@@ -65,6 +65,7 @@
#include <openssl/obj.h>
#include <openssl/x509.h>
+#include "ext_dat.h"
#include "internal.h"
@@ -93,7 +94,8 @@
static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(
const X509V3_EXT_METHOD *method, void *ext, STACK_OF(CONF_VALUE) *extlist) {
- const AUTHORITY_KEYID *akeyid = ext;
+ const AUTHORITY_KEYID *akeyid =
+ reinterpret_cast<const AUTHORITY_KEYID *>(ext);
int extlist_was_null = extlist == NULL;
if (akeyid->keyid) {
char *tmp = x509v3_bytes_to_hex(akeyid->keyid->data, akeyid->keyid->length);
@@ -177,7 +179,7 @@
j = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
const X509_EXTENSION *ext;
if ((j >= 0) && (ext = X509_get_ext(cert, j))) {
- ikeyid = X509V3_EXT_d2i(ext);
+ ikeyid = reinterpret_cast<ASN1_OCTET_STRING *>(X509V3_EXT_d2i(ext));
}
if (keyid == 2 && !ikeyid) {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
diff --git a/crypto/x509/v3_akeya.c b/crypto/x509/v3_akeya.cc
similarity index 100%
rename from crypto/x509/v3_akeya.c
rename to crypto/x509/v3_akeya.cc
diff --git a/crypto/x509/v3_alt.c b/crypto/x509/v3_alt.cc
similarity index 98%
rename from crypto/x509/v3_alt.c
rename to crypto/x509/v3_alt.cc
index 61ea4a9..c330369 100644
--- a/crypto/x509/v3_alt.c
+++ b/crypto/x509/v3_alt.cc
@@ -63,6 +63,7 @@
#include <openssl/obj.h>
#include <openssl/x509.h>
+#include "ext_dat.h"
#include "internal.h"
@@ -81,7 +82,7 @@
static STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES_cb(
const X509V3_EXT_METHOD *method, void *ext, STACK_OF(CONF_VALUE) *ret) {
- return i2v_GENERAL_NAMES(method, ext, ret);
+ return i2v_GENERAL_NAMES(method, reinterpret_cast<GENERAL_NAMES *>(ext), ret);
}
const X509V3_EXT_METHOD v3_alt[] = {
@@ -314,7 +315,7 @@
GENERAL_NAMES *ialt = NULL;
X509_EXTENSION *ext;
if (!(ext = X509_get_ext(ctx->issuer_cert, i)) ||
- !(ialt = X509V3_EXT_d2i(ext))) {
+ !(ialt = reinterpret_cast<GENERAL_NAMES *>(X509V3_EXT_d2i(ext)))) {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_ISSUER_DECODE_ERROR);
goto err;
}
@@ -608,11 +609,11 @@
static int do_dirname(GENERAL_NAME *gen, const char *value,
const X509V3_CTX *ctx) {
int ret = 0;
+ const STACK_OF(CONF_VALUE) *sk = X509V3_get_section(ctx, value);
X509_NAME *nm = X509_NAME_new();
if (nm == NULL) {
goto err;
}
- const STACK_OF(CONF_VALUE) *sk = X509V3_get_section(ctx, value);
if (sk == NULL) {
OPENSSL_PUT_ERROR(X509V3, X509V3_R_SECTION_NOT_FOUND);
ERR_add_error_data(2, "section=", value);
diff --git a/crypto/x509/v3_bcons.c b/crypto/x509/v3_bcons.cc
similarity index 97%
rename from crypto/x509/v3_bcons.c
rename to crypto/x509/v3_bcons.cc
index 0808012..b942752 100644
--- a/crypto/x509/v3_bcons.c
+++ b/crypto/x509/v3_bcons.cc
@@ -64,6 +64,7 @@
#include <openssl/obj.h>
#include <openssl/x509.h>
+#include "ext_dat.h"
#include "internal.h"
@@ -99,7 +100,8 @@
static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(
const X509V3_EXT_METHOD *method, void *ext, STACK_OF(CONF_VALUE) *extlist) {
- const BASIC_CONSTRAINTS *bcons = ext;
+ const BASIC_CONSTRAINTS *bcons =
+ reinterpret_cast<const BASIC_CONSTRAINTS *>(ext);
X509V3_add_value_bool("CA", bcons->ca, &extlist);
X509V3_add_value_int("pathlen", bcons->pathlen, &extlist);
return extlist;
diff --git a/crypto/x509/v3_bitst.c b/crypto/x509/v3_bitst.cc
similarity index 94%
rename from crypto/x509/v3_bitst.c
rename to crypto/x509/v3_bitst.cc
index 0124502..8c0bd60 100644
--- a/crypto/x509/v3_bitst.c
+++ b/crypto/x509/v3_bitst.cc
@@ -62,6 +62,7 @@
#include <openssl/obj.h>
#include <openssl/x509.h>
+#include "ext_dat.h"
#include "internal.h"
@@ -90,9 +91,10 @@
static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(
const X509V3_EXT_METHOD *method, void *ext, STACK_OF(CONF_VALUE) *ret) {
- const ASN1_BIT_STRING *bits = ext;
+ const ASN1_BIT_STRING *bits = reinterpret_cast<ASN1_BIT_STRING *>(ext);
const BIT_STRING_BITNAME *bnam;
- for (bnam = method->usr_data; bnam->lname; bnam++) {
+ for (bnam = reinterpret_cast<const BIT_STRING_BITNAME *>(method->usr_data);
+ bnam->lname; bnam++) {
if (ASN1_BIT_STRING_get_bit(bits, bnam->bitnum)) {
X509V3_add_value(bnam->lname, NULL, &ret);
}
@@ -110,7 +112,8 @@
for (size_t i = 0; i < sk_CONF_VALUE_num(nval); i++) {
const CONF_VALUE *val = sk_CONF_VALUE_value(nval, i);
const BIT_STRING_BITNAME *bnam;
- for (bnam = method->usr_data; bnam->lname; bnam++) {
+ for (bnam = reinterpret_cast<const BIT_STRING_BITNAME *>(method->usr_data);
+ bnam->lname; bnam++) {
if (!strcmp(bnam->sname, val->name) || !strcmp(bnam->lname, val->name)) {
if (!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) {
ASN1_BIT_STRING_free(bs);
diff --git a/crypto/x509/v3_conf.c b/crypto/x509/v3_conf.cc
similarity index 97%
rename from crypto/x509/v3_conf.c
rename to crypto/x509/v3_conf.cc
index 998ec18..bd80b69 100644
--- a/crypto/x509/v3_conf.c
+++ b/crypto/x509/v3_conf.cc
@@ -190,7 +190,8 @@
}
ext = do_ext_i2d(method, ext_nid, crit, ext_struc);
- ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
+ ASN1_item_free(reinterpret_cast<ASN1_VALUE *>(ext_struc),
+ ASN1_ITEM_ptr(method->it));
return ext;
}
@@ -198,7 +199,8 @@
int crit, void *ext_struc) {
// Convert the extension's internal representation to DER.
unsigned char *ext_der = NULL;
- int ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));
+ int ext_len = ASN1_item_i2d(reinterpret_cast<ASN1_VALUE *>(ext_struc),
+ &ext_der, ASN1_ITEM_ptr(method->it));
if (ext_len < 0) {
return NULL;
}
@@ -401,9 +403,7 @@
return NCONF_get_section(ctx->db, section);
}
-void X509V3_set_nconf(X509V3_CTX *ctx, const CONF *conf) {
- ctx->db = conf;
-}
+void X509V3_set_nconf(X509V3_CTX *ctx, const CONF *conf) { ctx->db = conf; }
void X509V3_set_ctx(X509V3_CTX *ctx, const X509 *issuer, const X509 *subj,
const X509_REQ *req, const X509_CRL *crl, int flags) {
diff --git a/crypto/x509/v3_cpols.c b/crypto/x509/v3_cpols.cc
similarity index 90%
rename from crypto/x509/v3_cpols.c
rename to crypto/x509/v3_cpols.cc
index 3459fcb..95f55b5 100644
--- a/crypto/x509/v3_cpols.c
+++ b/crypto/x509/v3_cpols.cc
@@ -68,6 +68,7 @@
#include <openssl/stack.h>
#include <openssl/x509.h>
+#include "ext_dat.h"
#include "internal.h"
// Certificate policies extension support: this one is a bit complex...
@@ -161,56 +162,60 @@
return NULL;
}
STACK_OF(CONF_VALUE) *vals = X509V3_parse_list(value);
- if (vals == NULL) {
- OPENSSL_PUT_ERROR(X509V3, ERR_R_X509V3_LIB);
- goto err;
- }
- int ia5org = 0;
- for (size_t i = 0; i < sk_CONF_VALUE_num(vals); i++) {
- const CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i);
- if (cnf->value || !cnf->name) {
- OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_POLICY_IDENTIFIER);
- X509V3_conf_err(cnf);
- goto err;
- }
- POLICYINFO *pol;
- const char *pstr = cnf->name;
- if (!strcmp(pstr, "ia5org")) {
- ia5org = 1;
- continue;
- } else if (*pstr == '@') {
- const STACK_OF(CONF_VALUE) *polsect = X509V3_get_section(ctx, pstr + 1);
- if (!polsect) {
- OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_SECTION);
- X509V3_conf_err(cnf);
- goto err;
- }
- pol = policy_section(ctx, polsect, ia5org);
- if (!pol) {
- goto err;
- }
- } else {
- ASN1_OBJECT *pobj = OBJ_txt2obj(cnf->name, 0);
- if (pobj == NULL) {
- OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_OBJECT_IDENTIFIER);
- X509V3_conf_err(cnf);
- goto err;
- }
- pol = POLICYINFO_new();
- if (pol == NULL) {
- ASN1_OBJECT_free(pobj);
- goto err;
- }
- pol->policyid = pobj;
- }
- if (!sk_POLICYINFO_push(pols, pol)) {
- POLICYINFO_free(pol);
+ {
+ if (vals == NULL) {
+ OPENSSL_PUT_ERROR(X509V3, ERR_R_X509V3_LIB);
goto err;
}
+ int ia5org = 0;
+ for (size_t i = 0; i < sk_CONF_VALUE_num(vals); i++) {
+ const CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i);
+ if (cnf->value || !cnf->name) {
+ OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_POLICY_IDENTIFIER);
+ X509V3_conf_err(cnf);
+ goto err;
+ }
+ POLICYINFO *pol;
+ const char *pstr = cnf->name;
+ if (!strcmp(pstr, "ia5org")) {
+ ia5org = 1;
+ continue;
+ } else if (*pstr == '@') {
+ const STACK_OF(CONF_VALUE) *polsect = X509V3_get_section(ctx, pstr + 1);
+ if (!polsect) {
+ OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_SECTION);
+
+ X509V3_conf_err(cnf);
+ goto err;
+ }
+ pol = policy_section(ctx, polsect, ia5org);
+ if (!pol) {
+ goto err;
+ }
+ } else {
+ ASN1_OBJECT *pobj = OBJ_txt2obj(cnf->name, 0);
+ if (pobj == NULL) {
+ OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_OBJECT_IDENTIFIER);
+ X509V3_conf_err(cnf);
+ goto err;
+ }
+ pol = POLICYINFO_new();
+ if (pol == NULL) {
+ ASN1_OBJECT_free(pobj);
+ goto err;
+ }
+ pol->policyid = pobj;
+ }
+ if (!sk_POLICYINFO_push(pols, pol)) {
+ POLICYINFO_free(pol);
+ goto err;
+ }
+ }
+ sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+ return pols;
}
- sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
- return pols;
+
err:
sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
@@ -408,7 +413,8 @@
static int i2r_certpol(const X509V3_EXT_METHOD *method, void *ext, BIO *out,
int indent) {
- const STACK_OF(POLICYINFO) *pol = ext;
+ const STACK_OF(POLICYINFO) *pol =
+ reinterpret_cast<const STACK_OF(POLICYINFO) *>(ext);
// First print out the policy OIDs
for (size_t i = 0; i < sk_POLICYINFO_num(pol); i++) {
const POLICYINFO *pinfo = sk_POLICYINFO_value(pol, i);
diff --git a/crypto/x509/v3_crld.c b/crypto/x509/v3_crld.cc
similarity index 98%
rename from crypto/x509/v3_crld.c
rename to crypto/x509/v3_crld.cc
index 27e8125..4275af6 100644
--- a/crypto/x509/v3_crld.c
+++ b/crypto/x509/v3_crld.cc
@@ -65,6 +65,7 @@
#include <openssl/obj.h>
#include <openssl/x509.h>
+#include "ext_dat.h"
#include "internal.h"
@@ -518,7 +519,7 @@
static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
int indent) {
- ISSUING_DIST_POINT *idp = pidp;
+ ISSUING_DIST_POINT *idp = reinterpret_cast<ISSUING_DIST_POINT *>(pidp);
if (idp->distpoint) {
print_distpoint(out, idp->distpoint, indent);
}
@@ -548,7 +549,7 @@
static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
int indent) {
- STACK_OF(DIST_POINT) *crld = pcrldp;
+ STACK_OF(DIST_POINT) *crld = reinterpret_cast<STACK_OF(DIST_POINT) *>(pcrldp);
DIST_POINT *point;
size_t i;
for (i = 0; i < sk_DIST_POINT_num(crld); i++) {
diff --git a/crypto/x509/v3_enum.c b/crypto/x509/v3_enum.cc
similarity index 94%
rename from crypto/x509/v3_enum.c
rename to crypto/x509/v3_enum.cc
index e24fc6b..f359802 100644
--- a/crypto/x509/v3_enum.c
+++ b/crypto/x509/v3_enum.cc
@@ -61,6 +61,7 @@
#include <openssl/x509.h>
#include <openssl/x509v3.h>
+#include "ext_dat.h"
#include "internal.h"
@@ -84,9 +85,11 @@
static char *i2s_ASN1_ENUMERATED_TABLE(const X509V3_EXT_METHOD *method,
void *ext) {
- const ASN1_ENUMERATED *e = ext;
+ const ASN1_ENUMERATED *e = reinterpret_cast<const ASN1_ENUMERATED *>(ext);
long strval = ASN1_ENUMERATED_get(e);
- for (const ENUMERATED_NAMES *enam = method->usr_data; enam->lname; enam++) {
+ for (const ENUMERATED_NAMES *enam =
+ reinterpret_cast<const ENUMERATED_NAMES *>(method->usr_data);
+ enam->lname; enam++) {
if (strval == enam->bitnum) {
return OPENSSL_strdup(enam->lname);
}
diff --git a/crypto/x509/v3_extku.c b/crypto/x509/v3_extku.cc
similarity index 97%
rename from crypto/x509/v3_extku.c
rename to crypto/x509/v3_extku.cc
index d2a438d..33abe8a 100644
--- a/crypto/x509/v3_extku.c
+++ b/crypto/x509/v3_extku.cc
@@ -62,6 +62,7 @@
#include <openssl/obj.h>
#include <openssl/x509.h>
+#include "ext_dat.h"
#include "internal.h"
@@ -114,7 +115,8 @@
static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(
const X509V3_EXT_METHOD *method, void *a, STACK_OF(CONF_VALUE) *ext_list) {
- const EXTENDED_KEY_USAGE *eku = a;
+ const EXTENDED_KEY_USAGE *eku =
+ reinterpret_cast<const EXTENDED_KEY_USAGE *>(a);
for (size_t i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
const ASN1_OBJECT *obj = sk_ASN1_OBJECT_value(eku, i);
char obj_tmp[80];
diff --git a/crypto/x509/v3_genn.c b/crypto/x509/v3_genn.cc
similarity index 94%
rename from crypto/x509/v3_genn.c
rename to crypto/x509/v3_genn.cc
index ec3a282..6c9fbb8 100644
--- a/crypto/x509/v3_genn.c
+++ b/crypto/x509/v3_genn.cc
@@ -176,33 +176,33 @@
void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value) {
switch (type) {
case GEN_X400:
- a->d.x400Address = value;
+ a->d.x400Address = reinterpret_cast<ASN1_STRING *>(value);
break;
case GEN_EDIPARTY:
- a->d.ediPartyName = value;
+ a->d.ediPartyName = reinterpret_cast<EDIPARTYNAME *>(value);
break;
case GEN_OTHERNAME:
- a->d.otherName = value;
+ a->d.otherName = reinterpret_cast<OTHERNAME *>(value);
break;
case GEN_EMAIL:
case GEN_DNS:
case GEN_URI:
- a->d.ia5 = value;
+ a->d.ia5 = reinterpret_cast<ASN1_STRING *>(value);
break;
case GEN_DIRNAME:
- a->d.dirn = value;
+ a->d.dirn = reinterpret_cast<X509_NAME *>(value);
break;
case GEN_IPADD:
- a->d.ip = value;
+ a->d.ip = reinterpret_cast<ASN1_STRING *>(value);
break;
case GEN_RID:
- a->d.rid = value;
+ a->d.rid = reinterpret_cast<ASN1_OBJECT *>(value);
break;
}
a->type = type;
diff --git a/crypto/x509/v3_ia5.c b/crypto/x509/v3_ia5.cc
similarity index 95%
rename from crypto/x509/v3_ia5.c
rename to crypto/x509/v3_ia5.cc
index d28b85a..f0e716c 100644
--- a/crypto/x509/v3_ia5.c
+++ b/crypto/x509/v3_ia5.cc
@@ -67,15 +67,16 @@
#include <openssl/x509.h>
#include "../internal.h"
+#include "ext_dat.h"
static char *i2s_ASN1_IA5STRING(const X509V3_EXT_METHOD *method, void *ext) {
- const ASN1_IA5STRING *ia5 = ext;
+ const ASN1_IA5STRING *ia5 = reinterpret_cast<const ASN1_IA5STRING *>(ext);
char *tmp;
if (!ia5 || !ia5->length) {
return NULL;
}
- if (!(tmp = OPENSSL_malloc(ia5->length + 1))) {
+ if (!(tmp = reinterpret_cast<char *>(OPENSSL_malloc(ia5->length + 1)))) {
return NULL;
}
OPENSSL_memcpy(tmp, ia5->data, ia5->length);
diff --git a/crypto/x509/v3_info.c b/crypto/x509/v3_info.cc
similarity index 96%
rename from crypto/x509/v3_info.c
rename to crypto/x509/v3_info.cc
index c3a93ff..4d7ae26 100644
--- a/crypto/x509/v3_info.c
+++ b/crypto/x509/v3_info.cc
@@ -67,6 +67,7 @@
#include <openssl/obj.h>
#include <openssl/x509.h>
+#include "ext_dat.h"
#include "internal.h"
@@ -125,7 +126,8 @@
static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(
const X509V3_EXT_METHOD *method, void *ext, STACK_OF(CONF_VALUE) *ret) {
- const AUTHORITY_INFO_ACCESS *ainfo = ext;
+ const AUTHORITY_INFO_ACCESS *ainfo =
+ reinterpret_cast<const AUTHORITY_INFO_ACCESS *>(ext);
ACCESS_DESCRIPTION *desc;
int nlen;
char objtmp[80], *ntmp;
@@ -144,7 +146,7 @@
vtmp = sk_CONF_VALUE_value(tret, i);
i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method);
nlen = strlen(objtmp) + strlen(vtmp->name) + 5;
- ntmp = OPENSSL_malloc(nlen);
+ ntmp = reinterpret_cast<char *>(OPENSSL_malloc(nlen));
if (ntmp == NULL) {
goto err;
}
diff --git a/crypto/x509/v3_int.c b/crypto/x509/v3_int.cc
similarity index 97%
rename from crypto/x509/v3_int.c
rename to crypto/x509/v3_int.cc
index 4f1b343..0e45199 100644
--- a/crypto/x509/v3_int.c
+++ b/crypto/x509/v3_int.cc
@@ -59,9 +59,11 @@
#include <openssl/obj.h>
#include <openssl/x509.h>
+#include "ext_dat.h"
+
static char *i2s_ASN1_INTEGER_cb(const X509V3_EXT_METHOD *method, void *ext) {
- return i2s_ASN1_INTEGER(method, ext);
+ return i2s_ASN1_INTEGER(method, reinterpret_cast<ASN1_INTEGER *>(ext));
}
static void *s2i_asn1_int(const X509V3_EXT_METHOD *meth, const X509V3_CTX *ctx,
diff --git a/crypto/x509/v3_lib.c b/crypto/x509/v3_lib.cc
similarity index 95%
rename from crypto/x509/v3_lib.c
rename to crypto/x509/v3_lib.cc
index 32bcb7f..7f6578f 100644
--- a/crypto/x509/v3_lib.c
+++ b/crypto/x509/v3_lib.cc
@@ -109,8 +109,9 @@
return NULL;
}
tmp.ext_nid = nid;
- ret = bsearch(&t, standard_exts, STANDARD_EXTENSION_COUNT,
- sizeof(X509V3_EXT_METHOD *), ext_cmp);
+ ret = reinterpret_cast<X509V3_EXT_METHOD **>(
+ bsearch(&t, standard_exts, STANDARD_EXTENSION_COUNT,
+ sizeof(X509V3_EXT_METHOD *), ext_cmp));
if (ret) {
return *ret;
}
@@ -139,12 +140,13 @@
return 0;
}
- ASN1_item_free(ext_data, ASN1_ITEM_ptr(ext_method->it));
+ ASN1_item_free(reinterpret_cast<ASN1_VALUE *>(ext_data),
+ ASN1_ITEM_ptr(ext_method->it));
return 1;
}
int X509V3_EXT_add_alias(int nid_to, int nid_from) {
-OPENSSL_BEGIN_ALLOW_DEPRECATED
+ OPENSSL_BEGIN_ALLOW_DEPRECATED
const X509V3_EXT_METHOD *ext;
X509V3_EXT_METHOD *tmpext;
@@ -163,7 +165,7 @@
return 0;
}
return 1;
-OPENSSL_END_ALLOW_DEPRECATED
+ OPENSSL_END_ALLOW_DEPRECATED
}
// Legacy function: we don't need to add standard extensions any more because
@@ -188,7 +190,8 @@
}
// Check for trailing data.
if (p != ext->value->data + ext->value->length) {
- ASN1_item_free(ret, ASN1_ITEM_ptr(method->it));
+ ASN1_item_free(reinterpret_cast<ASN1_VALUE *>(ret),
+ ASN1_ITEM_ptr(method->it));
OPENSSL_PUT_ERROR(X509V3, X509V3_R_TRAILING_DATA_IN_EXTENSION);
return NULL;
}
diff --git a/crypto/x509/v3_ncons.c b/crypto/x509/v3_ncons.cc
similarity index 99%
rename from crypto/x509/v3_ncons.c
rename to crypto/x509/v3_ncons.cc
index 31ef58d..05e90b4 100644
--- a/crypto/x509/v3_ncons.c
+++ b/crypto/x509/v3_ncons.cc
@@ -65,6 +65,7 @@
#include <openssl/x509.h>
#include "../internal.h"
+#include "ext_dat.h"
#include "internal.h"
@@ -166,7 +167,7 @@
static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a,
BIO *bp, int ind) {
- NAME_CONSTRAINTS *ncons = a;
+ NAME_CONSTRAINTS *ncons = reinterpret_cast<NAME_CONSTRAINTS *>(a);
do_i2r_name_constraints(method, ncons->permittedSubtrees, bp, ind,
"Permitted");
do_i2r_name_constraints(method, ncons->excludedSubtrees, bp, ind, "Excluded");
diff --git a/crypto/x509/v3_ocsp.c b/crypto/x509/v3_ocsp.cc
similarity index 93%
rename from crypto/x509/v3_ocsp.c
rename to crypto/x509/v3_ocsp.cc
index abb7c03..506d949 100644
--- a/crypto/x509/v3_ocsp.c
+++ b/crypto/x509/v3_ocsp.cc
@@ -13,6 +13,8 @@
#include <openssl/bio.h>
#include <openssl/nid.h>
+#include "ext_dat.h"
+
// OCSP extensions and a couple of CRL entry extensions
static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce,
@@ -62,7 +64,8 @@
if (BIO_printf(bp, "%*s", ind, "") <= 0) {
return 0;
}
- if (!ASN1_GENERALIZEDTIME_print(bp, cutoff)) {
+ if (!ASN1_GENERALIZEDTIME_print(
+ bp, reinterpret_cast<ASN1_GENERALIZEDTIME *>(cutoff))) {
return 0;
}
return 1;
diff --git a/crypto/x509/v3_pcons.c b/crypto/x509/v3_pcons.cc
similarity index 97%
rename from crypto/x509/v3_pcons.c
rename to crypto/x509/v3_pcons.cc
index 0ab5bad..68953e1 100644
--- a/crypto/x509/v3_pcons.c
+++ b/crypto/x509/v3_pcons.cc
@@ -64,6 +64,7 @@
#include <openssl/obj.h>
#include <openssl/x509.h>
+#include "ext_dat.h"
#include "internal.h"
@@ -99,7 +100,7 @@
static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(
const X509V3_EXT_METHOD *method, void *a, STACK_OF(CONF_VALUE) *extlist) {
- const POLICY_CONSTRAINTS *pcons = a;
+ const POLICY_CONSTRAINTS *pcons = reinterpret_cast<POLICY_CONSTRAINTS *>(a);
X509V3_add_value_int("Require Explicit Policy", pcons->requireExplicitPolicy,
&extlist);
X509V3_add_value_int("Inhibit Policy Mapping", pcons->inhibitPolicyMapping,
diff --git a/crypto/x509/v3_pmaps.c b/crypto/x509/v3_pmaps.cc
similarity index 97%
rename from crypto/x509/v3_pmaps.c
rename to crypto/x509/v3_pmaps.cc
index 25be453..a69d8ca 100644
--- a/crypto/x509/v3_pmaps.c
+++ b/crypto/x509/v3_pmaps.cc
@@ -62,6 +62,7 @@
#include <openssl/obj.h>
#include <openssl/x509.h>
+#include "ext_dat.h"
#include "internal.h"
@@ -101,7 +102,7 @@
static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(
const X509V3_EXT_METHOD *method, void *a, STACK_OF(CONF_VALUE) *ext_list) {
- const POLICY_MAPPINGS *pmaps = a;
+ const POLICY_MAPPINGS *pmaps = reinterpret_cast<POLICY_MAPPINGS *>(a);
for (size_t i = 0; i < sk_POLICY_MAPPING_num(pmaps); i++) {
const POLICY_MAPPING *pmap = sk_POLICY_MAPPING_value(pmaps, i);
char obj_tmp1[80], obj_tmp2[80];
diff --git a/crypto/x509/v3_prn.c b/crypto/x509/v3_prn.cc
similarity index 98%
rename from crypto/x509/v3_prn.c
rename to crypto/x509/v3_prn.cc
index 0210fea..8532820 100644
--- a/crypto/x509/v3_prn.c
+++ b/crypto/x509/v3_prn.cc
@@ -144,7 +144,8 @@
err:
sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
OPENSSL_free(value);
- ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it));
+ ASN1_item_free(reinterpret_cast<ASN1_VALUE *>(ext_str),
+ ASN1_ITEM_ptr(method->it));
return ok;
}
diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.cc
similarity index 95%
rename from crypto/x509/v3_purp.c
rename to crypto/x509/v3_purp.cc
index 78681c5..7010716 100644
--- a/crypto/x509/v3_purp.c
+++ b/crypto/x509/v3_purp.cc
@@ -203,7 +203,8 @@
static int setup_crldp(X509 *x) {
int j;
- x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, &j, NULL);
+ x->crldp = reinterpret_cast<STACK_OF(DIST_POINT) *>(
+ X509_get_ext_d2i(x, NID_crl_distribution_points, &j, NULL));
if (x->crldp == NULL && j != -1) {
return 0;
}
@@ -244,7 +245,8 @@
x->ex_flags |= EXFLAG_V1;
}
// Handle basic constraints
- if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, &j, NULL))) {
+ if ((bs = reinterpret_cast<BASIC_CONSTRAINTS *>(
+ X509_get_ext_d2i(x, NID_basic_constraints, &j, NULL)))) {
if (bs->ca) {
x->ex_flags |= EXFLAG_CA;
}
@@ -269,7 +271,8 @@
x->ex_flags |= EXFLAG_INVALID;
}
// Handle key usage
- if ((usage = X509_get_ext_d2i(x, NID_key_usage, &j, NULL))) {
+ if ((usage = reinterpret_cast<ASN1_BIT_STRING *>(
+ X509_get_ext_d2i(x, NID_key_usage, &j, NULL)))) {
if (usage->length > 0) {
x->ex_kusage = usage->data[0];
if (usage->length > 1) {
@@ -284,7 +287,8 @@
x->ex_flags |= EXFLAG_INVALID;
}
x->ex_xkusage = 0;
- if ((extusage = X509_get_ext_d2i(x, NID_ext_key_usage, &j, NULL))) {
+ if ((extusage = reinterpret_cast<EXTENDED_KEY_USAGE *>(
+ X509_get_ext_d2i(x, NID_ext_key_usage, &j, NULL)))) {
x->ex_flags |= EXFLAG_XKUSAGE;
for (i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {
switch (OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage, i))) {
@@ -331,11 +335,13 @@
x->ex_flags |= EXFLAG_INVALID;
}
- x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, &j, NULL);
+ x->skid = reinterpret_cast<ASN1_OCTET_STRING *>(
+ X509_get_ext_d2i(x, NID_subject_key_identifier, &j, NULL));
if (x->skid == NULL && j != -1) {
x->ex_flags |= EXFLAG_INVALID;
}
- x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, &j, NULL);
+ x->akid = reinterpret_cast<AUTHORITY_KEYID *>(
+ X509_get_ext_d2i(x, NID_authority_key_identifier, &j, NULL));
if (x->akid == NULL && j != -1) {
x->ex_flags |= EXFLAG_INVALID;
}
@@ -348,11 +354,13 @@
x->ex_flags |= EXFLAG_SS;
}
}
- x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, &j, NULL);
+ x->altname = reinterpret_cast<STACK_OF(GENERAL_NAME) *>(
+ X509_get_ext_d2i(x, NID_subject_alt_name, &j, NULL));
if (x->altname == NULL && j != -1) {
x->ex_flags |= EXFLAG_INVALID;
}
- x->nc = X509_get_ext_d2i(x, NID_name_constraints, &j, NULL);
+ x->nc = reinterpret_cast<NAME_CONSTRAINTS *>(
+ X509_get_ext_d2i(x, NID_name_constraints, &j, NULL));
if (x->nc == NULL && j != -1) {
x->ex_flags |= EXFLAG_INVALID;
}
diff --git a/crypto/x509/v3_skey.c b/crypto/x509/v3_skey.cc
similarity index 95%
rename from crypto/x509/v3_skey.c
rename to crypto/x509/v3_skey.cc
index 3d181ce..d60b2bc 100644
--- a/crypto/x509/v3_skey.c
+++ b/crypto/x509/v3_skey.cc
@@ -60,10 +60,11 @@
#include <openssl/digest.h>
#include <openssl/err.h>
-#include <openssl/obj.h>
#include <openssl/mem.h>
+#include <openssl/obj.h>
#include <openssl/x509.h>
+#include "ext_dat.h"
#include "internal.h"
@@ -77,6 +78,7 @@
const char *str) {
size_t len;
uint8_t *data = x509v3_hex_to_bytes(str, &len);
+ ASN1_OCTET_STRING *oct;
if (data == NULL) {
return NULL;
}
@@ -85,7 +87,7 @@
goto err;
}
- ASN1_OCTET_STRING *oct = ASN1_OCTET_STRING_new();
+ oct = ASN1_OCTET_STRING_new();
if (oct == NULL) {
goto err;
}
@@ -99,7 +101,8 @@
static char *i2s_ASN1_OCTET_STRING_cb(const X509V3_EXT_METHOD *method,
void *ext) {
- return i2s_ASN1_OCTET_STRING(method, ext);
+ return i2s_ASN1_OCTET_STRING(method,
+ reinterpret_cast<ASN1_OCTET_STRING *>(ext));
}
static void *s2i_skey_id(const X509V3_EXT_METHOD *method, const X509V3_CTX *ctx,
diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.cc
similarity index 97%
rename from crypto/x509/v3_utl.c
rename to crypto/x509/v3_utl.cc
index 4426be5..5200142 100644
--- a/crypto/x509/v3_utl.c
+++ b/crypto/x509/v3_utl.cc
@@ -182,7 +182,7 @@
}
len = strlen(tmp) + 3;
- ret = OPENSSL_malloc(len);
+ ret = reinterpret_cast<char *>(OPENSSL_malloc(len));
if (ret == NULL) {
OPENSSL_free(tmp);
return NULL;
@@ -502,7 +502,8 @@
OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NULL_ARGUMENT);
return NULL;
}
- if (!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) {
+ if (!(hexbuf =
+ reinterpret_cast<uint8_t *>(OPENSSL_malloc(strlen(str) >> 1)))) {
goto err;
}
for (p = (unsigned char *)str, q = hexbuf; *p;) {
@@ -559,7 +560,8 @@
GENERAL_NAMES *gens;
STACK_OF(OPENSSL_STRING) *ret;
- gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
+ gens = reinterpret_cast<GENERAL_NAMES *>(
+ X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL));
ret = get_email(X509_get_subject_name(x), gens);
sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
return ret;
@@ -570,7 +572,8 @@
STACK_OF(OPENSSL_STRING) *ret = NULL;
size_t i;
- info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL);
+ info = reinterpret_cast<AUTHORITY_INFO_ACCESS *>(
+ X509_get_ext_d2i(x, NID_info_access, NULL, NULL));
if (!info) {
return NULL;
}
@@ -594,7 +597,8 @@
STACK_OF(OPENSSL_STRING) *ret;
exts = X509_REQ_get_extensions(x);
- gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);
+ gens = reinterpret_cast<GENERAL_NAMES *>(
+ X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL));
ret = get_email(X509_REQ_get_subject_name(x), gens);
sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
@@ -995,7 +999,8 @@
equal = equal_case;
}
- GENERAL_NAMES *gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
+ GENERAL_NAMES *gens = reinterpret_cast<GENERAL_NAMES *>(
+ X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL));
if (gens) {
for (size_t i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
const GENERAL_NAME *gen = sk_GENERAL_NAME_value(gens, i);
@@ -1112,7 +1117,8 @@
unsigned char ipout[32];
char *iptmp = NULL, *p;
int iplen1, iplen2;
- p = strchr(ipasc, '/');
+ // FIXME: yes, this function takes a const pointer and writes to it!
+ p = const_cast<char *>(strchr(ipasc, '/'));
if (!p) {
return NULL;
}
@@ -1293,7 +1299,7 @@
}
static int ipv6_cb(const char *elem, size_t len, void *usr) {
- IPV6_STAT *s = usr;
+ IPV6_STAT *s = reinterpret_cast<IPV6_STAT *>(usr);
// Error if 16 bytes written
if (s->total == 16) {
return 0;
diff --git a/crypto/x509/x509.c b/crypto/x509/x509.cc
similarity index 100%
rename from crypto/x509/x509.c
rename to crypto/x509/x509.cc
diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.cc
similarity index 97%
rename from crypto/x509/x509_att.c
rename to crypto/x509/x509_att.cc
index e3d0c6a..c92d722 100644
--- a/crypto/x509/x509_att.c
+++ b/crypto/x509/x509_att.cc
@@ -157,8 +157,9 @@
// |data| is an encoded string. We must decode and re-encode it to |attr|'s
// preferred ASN.1 type. Note |len| may be -1, in which case
// |ASN1_STRING_set_by_NID| calls |strlen| automatically.
- ASN1_STRING *str = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
- OBJ_obj2nid(attr->object));
+ ASN1_STRING *str =
+ ASN1_STRING_set_by_NID(NULL, reinterpret_cast<const uint8_t *>(data),
+ len, attrtype, OBJ_obj2nid(attr->object));
if (str == NULL) {
OPENSSL_PUT_ERROR(X509, ERR_R_ASN1_LIB);
goto err;
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.cc
similarity index 100%
rename from crypto/x509/x509_cmp.c
rename to crypto/x509/x509_cmp.cc
diff --git a/crypto/x509/x509_d2.c b/crypto/x509/x509_d2.cc
similarity index 100%
rename from crypto/x509/x509_d2.c
rename to crypto/x509/x509_d2.cc
diff --git a/crypto/x509/x509_def.c b/crypto/x509/x509_def.cc
similarity index 100%
rename from crypto/x509/x509_def.c
rename to crypto/x509/x509_def.cc
diff --git a/crypto/x509/x509_ext.c b/crypto/x509/x509_ext.cc
similarity index 100%
rename from crypto/x509/x509_ext.c
rename to crypto/x509/x509_ext.cc
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.cc
similarity index 97%
rename from crypto/x509/x509_lu.c
rename to crypto/x509/x509_lu.cc
index 7867a80..f2a4085 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.cc
@@ -80,7 +80,8 @@
static X509_LOOKUP *X509_LOOKUP_new(const X509_LOOKUP_METHOD *method,
X509_STORE *store) {
- X509_LOOKUP *ret = OPENSSL_zalloc(sizeof(X509_LOOKUP));
+ X509_LOOKUP *ret =
+ reinterpret_cast<X509_LOOKUP *>(OPENSSL_zalloc(sizeof(X509_LOOKUP)));
if (ret == NULL) {
return NULL;
}
@@ -150,7 +151,8 @@
}
X509_STORE *X509_STORE_new(void) {
- X509_STORE *ret = OPENSSL_zalloc(sizeof(X509_STORE));
+ X509_STORE *ret =
+ reinterpret_cast<X509_STORE *>(OPENSSL_zalloc(sizeof(X509_STORE)));
if (ret == NULL) {
return NULL;
}
@@ -160,8 +162,7 @@
ret->objs = sk_X509_OBJECT_new(x509_object_cmp_sk);
ret->get_cert_methods = sk_X509_LOOKUP_new_null();
ret->param = X509_VERIFY_PARAM_new();
- if (ret->objs == NULL ||
- ret->get_cert_methods == NULL ||
+ if (ret->objs == NULL || ret->get_cert_methods == NULL ||
ret->param == NULL) {
X509_STORE_free(ret);
return NULL;
@@ -284,7 +285,7 @@
}
X509_OBJECT *X509_OBJECT_new(void) {
- return OPENSSL_zalloc(sizeof(X509_OBJECT));
+ return reinterpret_cast<X509_OBJECT *>(OPENSSL_zalloc(sizeof(X509_OBJECT)));
}
void X509_OBJECT_free(X509_OBJECT *obj) {
diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.cc
similarity index 100%
rename from crypto/x509/x509_obj.c
rename to crypto/x509/x509_obj.cc
diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.cc
similarity index 100%
rename from crypto/x509/x509_req.c
rename to crypto/x509/x509_req.cc
diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.cc
similarity index 100%
rename from crypto/x509/x509_set.c
rename to crypto/x509/x509_set.cc
diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.cc
similarity index 100%
rename from crypto/x509/x509_trs.c
rename to crypto/x509/x509_trs.cc
diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.cc
similarity index 100%
rename from crypto/x509/x509_txt.c
rename to crypto/x509/x509_txt.cc
diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.cc
similarity index 98%
rename from crypto/x509/x509_v3.c
rename to crypto/x509/x509_v3.cc
index 5001a00..d20f925 100644
--- a/crypto/x509/x509_v3.c
+++ b/crypto/x509/x509_v3.cc
@@ -143,7 +143,7 @@
const X509_EXTENSION *ex, int loc) {
X509_EXTENSION *new_ex = NULL;
STACK_OF(X509_EXTENSION) *sk = NULL;
- int free_sk = 0;
+ int free_sk = 0, n;
if (x == NULL) {
OPENSSL_PUT_ERROR(X509, ERR_R_PASSED_NULL_PARAMETER);
@@ -159,7 +159,7 @@
sk = *x;
}
- int n = (int)sk_X509_EXTENSION_num(sk);
+ n = (int)sk_X509_EXTENSION_num(sk);
if (loc > n) {
loc = n;
} else if (loc < 0) {
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.cc
similarity index 83%
rename from crypto/x509/x509_vfy.c
rename to crypto/x509/x509_vfy.cc
index 9d1406f..9e26d09 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.cc
@@ -180,261 +180,265 @@
int j, retry, trust;
STACK_OF(X509) *sktmp = NULL;
- if (ctx->cert == NULL) {
- OPENSSL_PUT_ERROR(X509, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
- ctx->error = X509_V_ERR_INVALID_CALL;
- return 0;
- }
-
- if (ctx->chain != NULL) {
- // This X509_STORE_CTX has already been used to verify a cert. We
- // cannot do another one.
- OPENSSL_PUT_ERROR(X509, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- ctx->error = X509_V_ERR_INVALID_CALL;
- return 0;
- }
-
- if (ctx->param->flags &
- (X509_V_FLAG_EXTENDED_CRL_SUPPORT | X509_V_FLAG_USE_DELTAS)) {
- // We do not support indirect or delta CRLs. The flags still exist for
- // compatibility with bindings libraries, but to ensure we do not
- // inadvertently skip a CRL check that the caller expects, fail closed.
- OPENSSL_PUT_ERROR(X509, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- ctx->error = X509_V_ERR_INVALID_CALL;
- return 0;
- }
-
- // first we make sure the chain we are going to build is present and that
- // the first entry is in place
- ctx->chain = sk_X509_new_null();
- if (ctx->chain == NULL || !sk_X509_push(ctx->chain, ctx->cert)) {
- ctx->error = X509_V_ERR_OUT_OF_MEM;
- goto end;
- }
- X509_up_ref(ctx->cert);
- ctx->last_untrusted = 1;
-
- // We use a temporary STACK so we can chop and hack at it.
- if (ctx->untrusted != NULL && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
- ctx->error = X509_V_ERR_OUT_OF_MEM;
- goto end;
- }
-
- int num = (int)sk_X509_num(ctx->chain);
- X509 *x = sk_X509_value(ctx->chain, num - 1);
- // |param->depth| does not include the leaf certificate or the trust anchor,
- // so the maximum size is 2 more.
- int max_chain = param->depth >= INT_MAX - 2 ? INT_MAX : param->depth + 2;
-
- for (;;) {
- if (num >= max_chain) {
- // FIXME: If this happens, we should take note of it and, if appropriate,
- // use the X509_V_ERR_CERT_CHAIN_TOO_LONG error code later.
- break;
+ {
+ if (ctx->cert == NULL) {
+ OPENSSL_PUT_ERROR(X509, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
+ ctx->error = X509_V_ERR_INVALID_CALL;
+ return 0;
}
- int is_self_signed;
- if (!cert_self_signed(x, &is_self_signed)) {
- ctx->error = X509_V_ERR_INVALID_EXTENSION;
+ if (ctx->chain != NULL) {
+ // This X509_STORE_CTX has already been used to verify a cert. We
+ // cannot do another one.
+ OPENSSL_PUT_ERROR(X509, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ ctx->error = X509_V_ERR_INVALID_CALL;
+ return 0;
+ }
+
+ if (ctx->param->flags &
+ (X509_V_FLAG_EXTENDED_CRL_SUPPORT | X509_V_FLAG_USE_DELTAS)) {
+ // We do not support indirect or delta CRLs. The flags still exist for
+ // compatibility with bindings libraries, but to ensure we do not
+ // inadvertently skip a CRL check that the caller expects, fail closed.
+ OPENSSL_PUT_ERROR(X509, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ ctx->error = X509_V_ERR_INVALID_CALL;
+ return 0;
+ }
+
+ // first we make sure the chain we are going to build is present and that
+ // the first entry is in place
+ ctx->chain = sk_X509_new_null();
+ if (ctx->chain == NULL || !sk_X509_push(ctx->chain, ctx->cert)) {
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
+ goto end;
+ }
+ X509_up_ref(ctx->cert);
+ ctx->last_untrusted = 1;
+
+ // We use a temporary STACK so we can chop and hack at it.
+ if (ctx->untrusted != NULL &&
+ (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
goto end;
}
- // If we are self signed, we break
- if (is_self_signed) {
- break;
- }
- // If asked see if we can find issuer in trusted store first
- if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) {
- X509 *issuer = get_trusted_issuer(ctx, x);
- if (issuer != NULL) {
- // Free the certificate. It will be picked up again later.
- X509_free(issuer);
- break;
- }
- }
+ int num = (int)sk_X509_num(ctx->chain);
+ X509 *x = sk_X509_value(ctx->chain, num - 1);
+ // |param->depth| does not include the leaf certificate or the trust anchor,
+ // so the maximum size is 2 more.
+ int max_chain = param->depth >= INT_MAX - 2 ? INT_MAX : param->depth + 2;
- // If we were passed a cert chain, use it first
- if (sktmp != NULL) {
- X509 *issuer = find_issuer(ctx, sktmp, x);
- if (issuer != NULL) {
- if (!sk_X509_push(ctx->chain, issuer)) {
- ctx->error = X509_V_ERR_OUT_OF_MEM;
- goto end;
- }
- X509_up_ref(issuer);
- (void)sk_X509_delete_ptr(sktmp, issuer);
- ctx->last_untrusted++;
- x = issuer;
- num++;
- // reparse the full chain for the next one
- continue;
- }
- }
- break;
- }
-
- // Remember how many untrusted certs we have
- j = num;
- // at this point, chain should contain a list of untrusted certificates.
- // We now need to add at least one trusted one, if possible, otherwise we
- // complain.
-
- do {
- // Examine last certificate in chain and see if it is self signed.
- i = (int)sk_X509_num(ctx->chain);
- x = sk_X509_value(ctx->chain, i - 1);
-
- int is_self_signed;
- if (!cert_self_signed(x, &is_self_signed)) {
- ctx->error = X509_V_ERR_INVALID_EXTENSION;
- goto end;
- }
-
- if (is_self_signed) {
- // we have a self signed certificate
- if (sk_X509_num(ctx->chain) == 1) {
- // We have a single self signed certificate: see if we can
- // find it in the store. We must have an exact match to avoid
- // possible impersonation.
- X509 *issuer = get_trusted_issuer(ctx, x);
- if (issuer == NULL || X509_cmp(x, issuer) != 0) {
- X509_free(issuer);
- ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
- ctx->current_cert = x;
- ctx->error_depth = i - 1;
- bad_chain = 1;
- if (!call_verify_cb(0, ctx)) {
- goto end;
- }
- } else {
- // We have a match: replace certificate with store
- // version so we get any trust settings.
- X509_free(x);
- x = issuer;
- (void)sk_X509_set(ctx->chain, i - 1, x);
- ctx->last_untrusted = 0;
- }
- } else {
- // extract and save self signed certificate for later use
- chain_ss = sk_X509_pop(ctx->chain);
- ctx->last_untrusted--;
- num--;
- j--;
- x = sk_X509_value(ctx->chain, num - 1);
- }
- }
- // We now lookup certs from the certificate store
for (;;) {
if (num >= max_chain) {
// FIXME: If this happens, we should take note of it and, if
// appropriate, use the X509_V_ERR_CERT_CHAIN_TOO_LONG error code later.
break;
}
+
+ int is_self_signed;
if (!cert_self_signed(x, &is_self_signed)) {
ctx->error = X509_V_ERR_INVALID_EXTENSION;
goto end;
}
+
// If we are self signed, we break
if (is_self_signed) {
break;
}
- X509 *issuer = get_trusted_issuer(ctx, x);
- if (issuer == NULL) {
- break;
- }
- x = issuer;
- if (!sk_X509_push(ctx->chain, x)) {
- X509_free(issuer);
- ctx->error = X509_V_ERR_OUT_OF_MEM;
- goto end;
- }
- num++;
- }
-
- // we now have our chain, lets check it...
- trust = check_trust(ctx);
-
- // If explicitly rejected error
- if (trust == X509_TRUST_REJECTED) {
- goto end;
- }
- // If it's not explicitly trusted then check if there is an alternative
- // chain that could be used. We only do this if we haven't already
- // checked via TRUSTED_FIRST and the user hasn't switched off alternate
- // chain checking
- retry = 0;
- if (trust != X509_TRUST_TRUSTED &&
- !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) &&
- !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {
- while (j-- > 1) {
- X509 *issuer =
- get_trusted_issuer(ctx, sk_X509_value(ctx->chain, j - 1));
- // Check if we found an alternate chain
+ // If asked see if we can find issuer in trusted store first
+ if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) {
+ X509 *issuer = get_trusted_issuer(ctx, x);
if (issuer != NULL) {
- // Free up the found cert we'll add it again later
+ // Free the certificate. It will be picked up again later.
X509_free(issuer);
-
- // Dump all the certs above this point - we've found an
- // alternate chain
- while (num > j) {
- X509_free(sk_X509_pop(ctx->chain));
- num--;
- }
- ctx->last_untrusted = (int)sk_X509_num(ctx->chain);
- retry = 1;
break;
}
}
- }
- } while (retry);
- // If not explicitly trusted then indicate error unless it's a single
- // self signed certificate in which case we've indicated an error already
- // and set bad_chain == 1
- if (trust != X509_TRUST_TRUSTED && !bad_chain) {
- if (chain_ss == NULL ||
- !x509_check_issued_with_callback(ctx, x, chain_ss)) {
- if (ctx->last_untrusted >= num) {
- ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
- } else {
- ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
+ // If we were passed a cert chain, use it first
+ if (sktmp != NULL) {
+ X509 *issuer = find_issuer(ctx, sktmp, x);
+ if (issuer != NULL) {
+ if (!sk_X509_push(ctx->chain, issuer)) {
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
+ goto end;
+ }
+ X509_up_ref(issuer);
+ (void)sk_X509_delete_ptr(sktmp, issuer);
+ ctx->last_untrusted++;
+ x = issuer;
+ num++;
+ // reparse the full chain for the next one
+ continue;
+ }
}
- ctx->current_cert = x;
- } else {
- if (!sk_X509_push(ctx->chain, chain_ss)) {
- ctx->error = X509_V_ERR_OUT_OF_MEM;
+ break;
+ }
+
+ // Remember how many untrusted certs we have
+ j = num;
+ // at this point, chain should contain a list of untrusted certificates.
+ // We now need to add at least one trusted one, if possible, otherwise we
+ // complain.
+
+ do {
+ // Examine last certificate in chain and see if it is self signed.
+ i = (int)sk_X509_num(ctx->chain);
+ x = sk_X509_value(ctx->chain, i - 1);
+
+ int is_self_signed;
+ if (!cert_self_signed(x, &is_self_signed)) {
+ ctx->error = X509_V_ERR_INVALID_EXTENSION;
goto end;
}
- num++;
- ctx->last_untrusted = num;
- ctx->current_cert = chain_ss;
- ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
- chain_ss = NULL;
+
+ if (is_self_signed) {
+ // we have a self signed certificate
+ if (sk_X509_num(ctx->chain) == 1) {
+ // We have a single self signed certificate: see if we can
+ // find it in the store. We must have an exact match to avoid
+ // possible impersonation.
+ X509 *issuer = get_trusted_issuer(ctx, x);
+ if (issuer == NULL || X509_cmp(x, issuer) != 0) {
+ X509_free(issuer);
+ ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
+ ctx->current_cert = x;
+ ctx->error_depth = i - 1;
+ bad_chain = 1;
+ if (!call_verify_cb(0, ctx)) {
+ goto end;
+ }
+ } else {
+ // We have a match: replace certificate with store
+ // version so we get any trust settings.
+ X509_free(x);
+ x = issuer;
+ (void)sk_X509_set(ctx->chain, i - 1, x);
+ ctx->last_untrusted = 0;
+ }
+ } else {
+ // extract and save self signed certificate for later use
+ chain_ss = sk_X509_pop(ctx->chain);
+ ctx->last_untrusted--;
+ num--;
+ j--;
+ x = sk_X509_value(ctx->chain, num - 1);
+ }
+ }
+ // We now lookup certs from the certificate store
+ for (;;) {
+ if (num >= max_chain) {
+ // FIXME: If this happens, we should take note of it and, if
+ // appropriate, use the X509_V_ERR_CERT_CHAIN_TOO_LONG error code
+ // later.
+ break;
+ }
+ if (!cert_self_signed(x, &is_self_signed)) {
+ ctx->error = X509_V_ERR_INVALID_EXTENSION;
+ goto end;
+ }
+ // If we are self signed, we break
+ if (is_self_signed) {
+ break;
+ }
+ X509 *issuer = get_trusted_issuer(ctx, x);
+ if (issuer == NULL) {
+ break;
+ }
+ x = issuer;
+ if (!sk_X509_push(ctx->chain, x)) {
+ X509_free(issuer);
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
+ goto end;
+ }
+ num++;
+ }
+
+ // we now have our chain, lets check it...
+ trust = check_trust(ctx);
+
+ // If explicitly rejected error
+ if (trust == X509_TRUST_REJECTED) {
+ goto end;
+ }
+ // If it's not explicitly trusted then check if there is an alternative
+ // chain that could be used. We only do this if we haven't already
+ // checked via TRUSTED_FIRST and the user hasn't switched off alternate
+ // chain checking
+ retry = 0;
+ if (trust != X509_TRUST_TRUSTED &&
+ !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) &&
+ !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {
+ while (j-- > 1) {
+ X509 *issuer =
+ get_trusted_issuer(ctx, sk_X509_value(ctx->chain, j - 1));
+ // Check if we found an alternate chain
+ if (issuer != NULL) {
+ // Free up the found cert we'll add it again later
+ X509_free(issuer);
+
+ // Dump all the certs above this point - we've found an
+ // alternate chain
+ while (num > j) {
+ X509_free(sk_X509_pop(ctx->chain));
+ num--;
+ }
+ ctx->last_untrusted = (int)sk_X509_num(ctx->chain);
+ retry = 1;
+ break;
+ }
+ }
+ }
+ } while (retry);
+
+ // If not explicitly trusted then indicate error unless it's a single
+ // self signed certificate in which case we've indicated an error already
+ // and set bad_chain == 1
+ if (trust != X509_TRUST_TRUSTED && !bad_chain) {
+ if (chain_ss == NULL ||
+ !x509_check_issued_with_callback(ctx, x, chain_ss)) {
+ if (ctx->last_untrusted >= num) {
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
+ } else {
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
+ }
+ ctx->current_cert = x;
+ } else {
+ if (!sk_X509_push(ctx->chain, chain_ss)) {
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
+ goto end;
+ }
+ num++;
+ ctx->last_untrusted = num;
+ ctx->current_cert = chain_ss;
+ ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
+ chain_ss = NULL;
+ }
+
+ ctx->error_depth = num - 1;
+ bad_chain = 1;
+ if (!call_verify_cb(0, ctx)) {
+ goto end;
+ }
}
- ctx->error_depth = num - 1;
- bad_chain = 1;
- if (!call_verify_cb(0, ctx)) {
+ // We have the chain complete: now we need to check its purpose
+ if (!check_chain_extensions(ctx) || //
+ !check_id(ctx) ||
+ // We check revocation status after copying parameters because they may
+ // be needed for CRL signature verification.
+ !check_revocation(ctx) || //
+ !internal_verify(ctx) || //
+ !check_name_constraints(ctx) ||
+ // TODO(davidben): Does |check_policy| still need to be conditioned on
+ // |!bad_chain|? DoS concerns have been resolved.
+ (!bad_chain && !check_policy(ctx))) {
goto end;
}
- }
- // We have the chain complete: now we need to check its purpose
- if (!check_chain_extensions(ctx) || //
- !check_id(ctx) ||
- // We check revocation status after copying parameters because they may be
- // needed for CRL signature verification.
- !check_revocation(ctx) || //
- !internal_verify(ctx) || //
- !check_name_constraints(ctx) ||
- // TODO(davidben): Does |check_policy| still need to be conditioned on
- // |!bad_chain|? DoS concerns have been resolved.
- (!bad_chain && !check_policy(ctx))) {
- goto end;
+ ok = 1;
}
- ok = 1;
-
end:
sk_X509_free(sktmp);
X509_free(chain_ss);
@@ -1099,13 +1103,13 @@
X509 *issuer = NULL;
int crl_score = 0;
X509_CRL *crl = NULL;
+ STACK_OF(X509_CRL) *skcrl = NULL;
if (get_crl_sk(ctx, &crl, &issuer, &crl_score, ctx->crls)) {
goto done;
}
// Lookup CRLs from store
- STACK_OF(X509_CRL) *skcrl =
- X509_STORE_CTX_get1_crls(ctx, X509_get_issuer_name(x));
+ skcrl = X509_STORE_CTX_get1_crls(ctx, X509_get_issuer_name(x));
// If no CRLs found and a near match from get_crl_sk use that
if (!skcrl && crl) {
@@ -1117,7 +1121,6 @@
sk_X509_CRL_pop_free(skcrl, X509_CRL_free);
done:
-
// If we got any kind of CRL use it and return success
if (crl) {
ctx->current_crl_issuer = issuer;
@@ -1515,7 +1518,8 @@
}
X509_STORE_CTX *X509_STORE_CTX_new(void) {
- return OPENSSL_zalloc(sizeof(X509_STORE_CTX));
+ return reinterpret_cast<X509_STORE_CTX *>(
+ OPENSSL_zalloc(sizeof(X509_STORE_CTX)));
}
void X509_STORE_CTX_free(X509_STORE_CTX *ctx) {
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.cc
similarity index 89%
rename from crypto/x509/x509_vpm.c
rename to crypto/x509/x509_vpm.cc
index 0640fd0..78f1946 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.cc
@@ -116,7 +116,8 @@
}
X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) {
- X509_VERIFY_PARAM *param = OPENSSL_zalloc(sizeof(X509_VERIFY_PARAM));
+ X509_VERIFY_PARAM *param = reinterpret_cast<X509_VERIFY_PARAM *>(
+ OPENSSL_zalloc(sizeof(X509_VERIFY_PARAM)));
if (!param) {
return NULL;
}
@@ -246,7 +247,7 @@
if (*pdest) {
OPENSSL_free(*pdest);
}
- *pdest = tmp;
+ *pdest = reinterpret_cast<char *>(tmp);
if (pdestlen) {
*pdestlen = srclen;
}
@@ -397,26 +398,67 @@
}
static const X509_VERIFY_PARAM kDefaultParam = {
- .flags = X509_V_FLAG_TRUSTED_FIRST,
- .depth = 100,
+ /*check_time=*/0,
+ /*flags=*/X509_V_FLAG_TRUSTED_FIRST,
+ /*purpose=*/0,
+ /*trust=*/0,
+ /*depth=*/100,
+ /*policies=*/nullptr,
+ /*hosts=*/nullptr,
+ /*hostflags=*/0,
+ /*email=*/nullptr,
+ /*emaillen=*/0,
+ /*ip=*/nullptr,
+ /*iplen=*/0,
+ /*poison=*/0,
};
static const X509_VERIFY_PARAM kSMIMESignParam = {
- .purpose = X509_PURPOSE_SMIME_SIGN,
- .trust = X509_TRUST_EMAIL,
- .depth = -1,
+ /*check_time=*/0,
+ /*flags=*/0,
+ /*purpose=*/X509_PURPOSE_SMIME_SIGN,
+ /*trust=*/X509_TRUST_EMAIL,
+ /*depth=*/-1,
+ /*policies=*/nullptr,
+ /*hosts=*/nullptr,
+ /*hostflags=*/0,
+ /*email=*/nullptr,
+ /*emaillen=*/0,
+ /*ip=*/nullptr,
+ /*iplen=*/0,
+ /*poison=*/0,
};
static const X509_VERIFY_PARAM kSSLClientParam = {
- .purpose = X509_PURPOSE_SSL_CLIENT,
- .trust = X509_TRUST_SSL_CLIENT,
- .depth = -1,
+ /*check_time=*/0,
+ /*flags=*/0,
+ /*purpose=*/X509_PURPOSE_SSL_CLIENT,
+ /*trust=*/X509_TRUST_SSL_CLIENT,
+ /*depth=*/-1,
+ /*policies=*/nullptr,
+ /*hosts=*/nullptr,
+ /*hostflags=*/0,
+ /*email=*/nullptr,
+ /*emaillen=*/0,
+ /*ip=*/nullptr,
+ /*iplen=*/0,
+ /*poison=*/0,
};
static const X509_VERIFY_PARAM kSSLServerParam = {
- .purpose = X509_PURPOSE_SSL_SERVER,
- .trust = X509_TRUST_SSL_SERVER,
- .depth = -1,
+ /*check_time=*/0,
+ /*flags=*/0,
+ /*purpose=*/X509_PURPOSE_SSL_SERVER,
+ /*trust=*/X509_TRUST_SSL_SERVER,
+ /*depth=*/-1,
+ /*policies=*/nullptr,
+ /*hosts=*/nullptr,
+ /*hostflags=*/0,
+ /*email=*/nullptr,
+ /*emaillen=*/0,
+ /*ip=*/nullptr,
+ /*iplen=*/0,
+ /*poison=*/0,
};
const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name) {
diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.cc
similarity index 100%
rename from crypto/x509/x509cset.c
rename to crypto/x509/x509cset.cc
diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.cc
similarity index 100%
rename from crypto/x509/x509name.c
rename to crypto/x509/x509name.cc
diff --git a/crypto/x509/x509rset.c b/crypto/x509/x509rset.cc
similarity index 100%
rename from crypto/x509/x509rset.c
rename to crypto/x509/x509rset.cc
diff --git a/crypto/x509/x509spki.c b/crypto/x509/x509spki.cc
similarity index 95%
rename from crypto/x509/x509spki.c
rename to crypto/x509/x509spki.cc
index 611a05f..7ca5a07 100644
--- a/crypto/x509/x509spki.c
+++ b/crypto/x509/x509spki.cc
@@ -89,7 +89,7 @@
OPENSSL_PUT_ERROR(X509, X509_R_BASE64_DECODE_ERROR);
return NULL;
}
- if (!(spki_der = OPENSSL_malloc(spki_len))) {
+ if (!(spki_der = reinterpret_cast<uint8_t *>(OPENSSL_malloc(spki_len)))) {
return NULL;
}
if (!EVP_DecodeBase64(spki_der, &spki_len, spki_len, (const uint8_t *)str,
@@ -116,11 +116,11 @@
OPENSSL_PUT_ERROR(X509, ERR_R_OVERFLOW);
return NULL;
}
- der_spki = OPENSSL_malloc(der_len);
+ der_spki = reinterpret_cast<uint8_t *>(OPENSSL_malloc(der_len));
if (der_spki == NULL) {
return NULL;
}
- b64_str = OPENSSL_malloc(b64_len);
+ b64_str = reinterpret_cast<char *>(OPENSSL_malloc(b64_len));
if (b64_str == NULL) {
OPENSSL_free(der_spki);
return NULL;
diff --git a/crypto/x509/x_algor.c b/crypto/x509/x_algor.cc
similarity index 100%
rename from crypto/x509/x_algor.c
rename to crypto/x509/x_algor.cc
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.cc
similarity index 96%
rename from crypto/x509/x_all.c
rename to crypto/x509/x_all.cc
index 5eda100..519ddcb 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.cc
@@ -131,7 +131,8 @@
}
X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl) {
- return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
+ return reinterpret_cast<X509_CRL *>(
+ ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl));
}
int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl) {
@@ -139,7 +140,8 @@
}
X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl) {
- return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
+ return reinterpret_cast<X509_CRL *>(
+ ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl));
}
int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl) {
@@ -147,7 +149,8 @@
}
X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req) {
- return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
+ return reinterpret_cast<X509_REQ *>(
+ ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req));
}
int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req) {
@@ -155,7 +158,8 @@
}
X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req) {
- return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
+ return reinterpret_cast<X509_REQ *>(
+ ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req));
}
int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req) {
diff --git a/crypto/x509/x_attrib.c b/crypto/x509/x_attrib.cc
similarity index 100%
rename from crypto/x509/x_attrib.c
rename to crypto/x509/x_attrib.cc
diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.cc
similarity index 98%
rename from crypto/x509/x_crl.c
rename to crypto/x509/x_crl.cc
index 758fccb..2fb9def 100644
--- a/crypto/x509/x_crl.c
+++ b/crypto/x509/x_crl.cc
@@ -121,8 +121,8 @@
X509_REVOKED *rev = sk_X509_REVOKED_value(revoked, i);
int crit;
- ASN1_ENUMERATED *reason =
- X509_REVOKED_get_ext_d2i(rev, NID_crl_reason, &crit, NULL);
+ ASN1_ENUMERATED *reason = reinterpret_cast<ASN1_ENUMERATED *>(
+ X509_REVOKED_get_ext_d2i(rev, NID_crl_reason, &crit, NULL));
if (!reason && crit != -1) {
crl->flags |= EXFLAG_INVALID;
return 1;
@@ -188,8 +188,8 @@
return 0;
}
- crl->idp =
- X509_CRL_get_ext_d2i(crl, NID_issuing_distribution_point, &i, NULL);
+ crl->idp = reinterpret_cast<ISSUING_DIST_POINT *>(
+ X509_CRL_get_ext_d2i(crl, NID_issuing_distribution_point, &i, NULL));
if (crl->idp != NULL) {
if (!setup_idp(crl, crl->idp)) {
return 0;
@@ -198,8 +198,8 @@
return 0;
}
- crl->akid =
- X509_CRL_get_ext_d2i(crl, NID_authority_key_identifier, &i, NULL);
+ crl->akid = reinterpret_cast<AUTHORITY_KEYID *>(
+ X509_CRL_get_ext_d2i(crl, NID_authority_key_identifier, &i, NULL));
if (crl->akid == NULL && i != -1) {
return 0;
}
diff --git a/crypto/x509/x_exten.c b/crypto/x509/x_exten.cc
similarity index 100%
rename from crypto/x509/x_exten.c
rename to crypto/x509/x_exten.cc
diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.cc
similarity index 91%
rename from crypto/x509/x_name.c
rename to crypto/x509/x_name.cc
index aad2388..1409bfe 100644
--- a/crypto/x509/x_name.c
+++ b/crypto/x509/x_name.cc
@@ -65,6 +65,7 @@
#include <openssl/obj.h>
#include <openssl/stack.h>
#include <openssl/x509.h>
+#include <cstdint>
#include "../asn1/internal.h"
#include "../internal.h"
@@ -134,7 +135,7 @@
static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it) {
X509_NAME *ret = NULL;
- ret = OPENSSL_malloc(sizeof(X509_NAME));
+ ret = reinterpret_cast<X509_NAME *>(OPENSSL_malloc(sizeof(X509_NAME)));
if (!ret) {
goto memerr;
}
@@ -276,43 +277,49 @@
size_t i;
STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname =
sk_STACK_OF_X509_NAME_ENTRY_new_null();
- if (!intname) {
- goto err;
- }
- for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
- entry = sk_X509_NAME_ENTRY_value(a->entries, i);
- if (entry->set != set) {
- entries = sk_X509_NAME_ENTRY_new_null();
- if (!entries) {
- goto err;
- }
- if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) {
- sk_X509_NAME_ENTRY_free(entries);
- goto err;
- }
- set = entry->set;
- }
- if (!sk_X509_NAME_ENTRY_push(entries, entry)) {
+
+ {
+ if (!intname) {
goto err;
}
- }
- ASN1_VALUE *intname_val = (ASN1_VALUE *)intname;
- len = ASN1_item_ex_i2d(&intname_val, NULL, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
+ for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+ entry = sk_X509_NAME_ENTRY_value(a->entries, i);
+ if (entry->set != set) {
+ entries = sk_X509_NAME_ENTRY_new_null();
+ if (!entries) {
+ goto err;
+ }
+ if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) {
+ sk_X509_NAME_ENTRY_free(entries);
+ goto err;
+ }
+ set = entry->set;
+ }
+ if (!sk_X509_NAME_ENTRY_push(entries, entry)) {
+ goto err;
+ }
+ }
+ ASN1_VALUE *intname_val = (ASN1_VALUE *)intname;
+ len =
+ ASN1_item_ex_i2d(&intname_val, NULL, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
/*tag=*/-1, /*aclass=*/0);
- if (len <= 0) {
- goto err;
+ if (len <= 0) {
+ goto err;
+ }
+ if (!BUF_MEM_grow(a->bytes, len)) {
+ goto err;
+ }
+ p = (unsigned char *)a->bytes->data;
+ if (ASN1_item_ex_i2d(&intname_val, &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
+ /*tag=*/-1, /*aclass=*/0) <= 0) {
+ goto err;
+ }
+ sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname,
+ local_sk_X509_NAME_ENTRY_free);
+ a->modified = 0;
+ return 1;
}
- if (!BUF_MEM_grow(a->bytes, len)) {
- goto err;
- }
- p = (unsigned char *)a->bytes->data;
- if (ASN1_item_ex_i2d(&intname_val, &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
- /*tag=*/-1, /*aclass=*/0) <= 0) {
- goto err;
- }
- sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname, local_sk_X509_NAME_ENTRY_free);
- a->modified = 0;
- return 1;
+
err:
sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname, local_sk_X509_NAME_ENTRY_free);
return 0;
@@ -383,7 +390,7 @@
}
a->canon_enclen = len;
- p = OPENSSL_malloc(a->canon_enclen);
+ p = reinterpret_cast<uint8_t *>(OPENSSL_malloc(a->canon_enclen));
if (!p) {
goto err;
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.cc
similarity index 98%
rename from crypto/x509/x_pubkey.c
rename to crypto/x509/x_pubkey.cc
index 1428e34..529030e 100644
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.cc
@@ -77,13 +77,14 @@
// Re-encode the |X509_PUBKEY| to DER and parse it with EVP's APIs.
uint8_t *spki = NULL;
int spki_len = i2d_X509_PUBKEY(pub, &spki);
+ EVP_PKEY *pkey;
if (spki_len < 0) {
goto err;
}
CBS cbs;
CBS_init(&cbs, spki, (size_t)spki_len);
- EVP_PKEY *pkey = EVP_parse_public_key(&cbs);
+ pkey = EVP_parse_public_key(&cbs);
if (pkey == NULL || CBS_len(&cbs) != 0) {
EVP_PKEY_free(pkey);
goto err;
@@ -126,6 +127,7 @@
}
CBB cbb;
+ const uint8_t *p;
if (!CBB_init(&cbb, 0) || //
!EVP_marshal_public_key(&cbb, pkey) ||
!CBB_finish(&cbb, &spki, &spki_len) || //
@@ -135,7 +137,7 @@
goto error;
}
- const uint8_t *p = spki;
+ p = spki;
pk = d2i_X509_PUBKEY(NULL, &p, (long)spki_len);
if (pk == NULL || p != spki + spki_len) {
OPENSSL_PUT_ERROR(X509, X509_R_PUBLIC_KEY_DECODE_ERROR);
diff --git a/crypto/x509/x_req.c b/crypto/x509/x_req.cc
similarity index 100%
rename from crypto/x509/x_req.c
rename to crypto/x509/x_req.cc
diff --git a/crypto/x509/x_sig.c b/crypto/x509/x_sig.cc
similarity index 100%
rename from crypto/x509/x_sig.c
rename to crypto/x509/x_sig.cc
diff --git a/crypto/x509/x_spki.c b/crypto/x509/x_spki.cc
similarity index 100%
rename from crypto/x509/x_spki.c
rename to crypto/x509/x_spki.cc
diff --git a/crypto/x509/x_val.c b/crypto/x509/x_val.cc
similarity index 100%
rename from crypto/x509/x_val.c
rename to crypto/x509/x_val.cc
diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.cc
similarity index 86%
rename from crypto/x509/x_x509.c
rename to crypto/x509/x_x509.cc
index 9f66ee2..c6d14f5 100644
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.cc
@@ -91,7 +91,7 @@
// x509_new_null returns a new |X509| object where the |cert_info|, |sig_alg|,
// and |signature| fields are not yet filled in.
static X509 *x509_new_null(void) {
- X509 *ret = OPENSSL_zalloc(sizeof(X509));
+ X509 *ret = reinterpret_cast<X509 *>(OPENSSL_zalloc(sizeof(X509)));
if (ret == NULL) {
return NULL;
}
@@ -177,55 +177,58 @@
return NULL;
}
- // TODO(crbug.com/boringssl/443): When the rest of the library is decoupled
- // from the tasn_*.c implementation, replace this with |CBS|-based functions.
- const uint8_t *inp = CBS_data(&tbs);
- if (ASN1_item_ex_d2i((ASN1_VALUE **)&ret->cert_info, &inp, CBS_len(&tbs),
- ASN1_ITEM_rptr(X509_CINF), /*tag=*/-1,
- /*aclass=*/0, /*opt=*/0, buf) <= 0 ||
- inp != CBS_data(&tbs) + CBS_len(&tbs)) {
- goto err;
- }
-
- inp = CBS_data(&sigalg);
- ret->sig_alg = d2i_X509_ALGOR(NULL, &inp, CBS_len(&sigalg));
- if (ret->sig_alg == NULL || inp != CBS_data(&sigalg) + CBS_len(&sigalg)) {
- goto err;
- }
-
- inp = CBS_data(&sig);
- ret->signature = c2i_ASN1_BIT_STRING(NULL, &inp, CBS_len(&sig));
- if (ret->signature == NULL || inp != CBS_data(&sig) + CBS_len(&sig)) {
- goto err;
- }
-
- // The version must be one of v1(0), v2(1), or v3(2).
- long version = X509_VERSION_1;
- if (ret->cert_info->version != NULL) {
- version = ASN1_INTEGER_get(ret->cert_info->version);
- // TODO(https://crbug.com/boringssl/364): |X509_VERSION_1| should
- // also be rejected here. This means an explicitly-encoded X.509v1
- // version. v1 is DEFAULT, so DER requires it be omitted.
- if (version < X509_VERSION_1 || version > X509_VERSION_3) {
- OPENSSL_PUT_ERROR(X509, X509_R_INVALID_VERSION);
+ {
+ // TODO(crbug.com/boringssl/443): When the rest of the library is decoupled
+ // from the tasn_*.c implementation, replace this with |CBS|-based
+ // functions.
+ const uint8_t *inp = CBS_data(&tbs);
+ if (ASN1_item_ex_d2i((ASN1_VALUE **)&ret->cert_info, &inp, CBS_len(&tbs),
+ ASN1_ITEM_rptr(X509_CINF), /*tag=*/-1,
+ /*aclass=*/0, /*opt=*/0, buf) <= 0 ||
+ inp != CBS_data(&tbs) + CBS_len(&tbs)) {
goto err;
}
- }
- // Per RFC 5280, section 4.1.2.8, these fields require v2 or v3.
- if (version == X509_VERSION_1 && (ret->cert_info->issuerUID != NULL ||
- ret->cert_info->subjectUID != NULL)) {
- OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_FOR_VERSION);
- goto err;
- }
+ inp = CBS_data(&sigalg);
+ ret->sig_alg = d2i_X509_ALGOR(NULL, &inp, CBS_len(&sigalg));
+ if (ret->sig_alg == NULL || inp != CBS_data(&sigalg) + CBS_len(&sigalg)) {
+ goto err;
+ }
- // Per RFC 5280, section 4.1.2.9, extensions require v3.
- if (version != X509_VERSION_3 && ret->cert_info->extensions != NULL) {
- OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_FOR_VERSION);
- goto err;
- }
+ inp = CBS_data(&sig);
+ ret->signature = c2i_ASN1_BIT_STRING(NULL, &inp, CBS_len(&sig));
+ if (ret->signature == NULL || inp != CBS_data(&sig) + CBS_len(&sig)) {
+ goto err;
+ }
- return ret;
+ // The version must be one of v1(0), v2(1), or v3(2).
+ long version = X509_VERSION_1;
+ if (ret->cert_info->version != NULL) {
+ version = ASN1_INTEGER_get(ret->cert_info->version);
+ // TODO(https://crbug.com/boringssl/364): |X509_VERSION_1| should
+ // also be rejected here. This means an explicitly-encoded X.509v1
+ // version. v1 is DEFAULT, so DER requires it be omitted.
+ if (version < X509_VERSION_1 || version > X509_VERSION_3) {
+ OPENSSL_PUT_ERROR(X509, X509_R_INVALID_VERSION);
+ goto err;
+ }
+ }
+
+ // Per RFC 5280, section 4.1.2.8, these fields require v2 or v3.
+ if (version == X509_VERSION_1 && (ret->cert_info->issuerUID != NULL ||
+ ret->cert_info->subjectUID != NULL)) {
+ OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_FOR_VERSION);
+ goto err;
+ }
+
+ // Per RFC 5280, section 4.1.2.9, extensions require v3.
+ if (version != X509_VERSION_3 && ret->cert_info->extensions != NULL) {
+ OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_FOR_VERSION);
+ goto err;
+ }
+
+ return ret;
+ }
err:
X509_free(ret);
@@ -263,6 +266,7 @@
}
CBB cbb, cert;
+ int len;
if (!CBB_init(&cbb, 64) || //
!CBB_add_asn1(&cbb, &cert, CBS_ASN1_SEQUENCE)) {
goto err;
@@ -271,7 +275,7 @@
// TODO(crbug.com/boringssl/443): When the rest of the library is decoupled
// from the tasn_*.c implementation, replace this with |CBS|-based functions.
uint8_t *out;
- int len = i2d_X509_CINF(x509->cert_info, NULL);
+ len = i2d_X509_CINF(x509->cert_info, NULL);
if (len < 0 || //
!CBB_add_space(&cert, &out, (size_t)len) ||
i2d_X509_CINF(x509->cert_info, &out) != len) {
@@ -481,7 +485,7 @@
}
// Allocate requisite combined storage
- *pp = tmp = OPENSSL_malloc(length);
+ *pp = tmp = reinterpret_cast<uint8_t *>(OPENSSL_malloc(length));
if (tmp == NULL) {
return -1; // Push error onto error stack?
}
diff --git a/crypto/x509/x_x509a.c b/crypto/x509/x_x509a.cc
similarity index 98%
rename from crypto/x509/x_x509a.c
rename to crypto/x509/x_x509a.cc
index d0fd3e3..af7d52f 100644
--- a/crypto/x509/x_x509a.c
+++ b/crypto/x509/x_x509a.cc
@@ -151,11 +151,12 @@
}
int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj) {
+ X509_CERT_AUX *aux;
ASN1_OBJECT *objtmp = OBJ_dup(obj);
if (objtmp == NULL) {
goto err;
}
- X509_CERT_AUX *aux = aux_get(x);
+ aux = aux_get(x);
if (aux->trust == NULL) {
aux->trust = sk_ASN1_OBJECT_new_null();
if (aux->trust == NULL) {
@@ -173,11 +174,12 @@
}
int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj) {
+ X509_CERT_AUX *aux;
ASN1_OBJECT *objtmp = OBJ_dup(obj);
if (objtmp == NULL) {
goto err;
}
- X509_CERT_AUX *aux = aux_get(x);
+ aux = aux_get(x);
if (aux->reject == NULL) {
aux->reject = sk_ASN1_OBJECT_new_null();
if (aux->reject == NULL) {
diff --git a/decrepit/bio/base64_bio.c b/decrepit/bio/base64_bio.cc
similarity index 96%
rename from decrepit/bio/base64_bio.c
rename to decrepit/bio/base64_bio.cc
index 3521897..239dcc7 100644
--- a/decrepit/bio/base64_bio.c
+++ b/decrepit/bio/base64_bio.cc
@@ -73,7 +73,7 @@
#define B64_NONE 0
#define B64_ENCODE 1
#define B64_DECODE 2
-#define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80)
+#define EVP_ENCODE_LENGTH(l) (((l + 2) / 3 * 4) + (l / 48 + 1) * 2 + 80)
typedef struct b64_struct {
int buf_len;
@@ -89,7 +89,8 @@
} BIO_B64_CTX;
static int b64_new(BIO *bio) {
- BIO_B64_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+ BIO_B64_CTX *ctx =
+ reinterpret_cast<BIO_B64_CTX *>(OPENSSL_zalloc(sizeof(*ctx)));
if (ctx == NULL) {
return 0;
}
@@ -121,7 +122,7 @@
if (out == NULL) {
return 0;
}
- ctx = (BIO_B64_CTX *) b->ptr;
+ ctx = (BIO_B64_CTX *)b->ptr;
if (ctx == NULL || b->next_bio == NULL) {
return 0;
@@ -281,8 +282,8 @@
}
i = z;
} else {
- i = EVP_DecodeUpdate(&(ctx->base64), (uint8_t *)ctx->buf,
- &ctx->buf_len, (uint8_t *)ctx->tmp, i);
+ i = EVP_DecodeUpdate(&(ctx->base64), (uint8_t *)ctx->buf, &ctx->buf_len,
+ (uint8_t *)ctx->tmp, i);
ctx->tmp_len = 0;
}
ctx->buf_off = 0;
@@ -450,7 +451,8 @@
case BIO_CTRL_WPENDING: // More to write in buffer
assert(ctx->buf_len >= ctx->buf_off);
ret = ctx->buf_len - ctx->buf_off;
- if ((ret == 0) && (ctx->encode != B64_NONE) && (ctx->base64.data_used != 0)) {
+ if ((ret == 0) && (ctx->encode != B64_NONE) &&
+ (ctx->base64.data_used != 0)) {
ret = 1;
} else if (ret <= 0) {
ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
diff --git a/decrepit/blowfish/blowfish.c b/decrepit/blowfish/blowfish.c
deleted file mode 100644
index 82acb5f..0000000
--- a/decrepit/blowfish/blowfish.c
+++ /dev/null
@@ -1,633 +0,0 @@
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.] */
-
-#include <openssl/blowfish.h>
-#include <openssl/cipher.h>
-#include <openssl/obj.h>
-
-#include <assert.h>
-#include <string.h>
-
-#include "../../crypto/fipsmodule/cipher/internal.h"
-#include "../../crypto/internal.h"
-#include "../macros.h"
-
-
-#define BF_ENC(LL, R, S, P) \
- (LL ^= P, \
- LL ^= \
- (((S[((int)(R >> 24) & 0xff)] + S[0x0100 + ((int)(R >> 16) & 0xff)]) ^ \
- S[0x0200 + ((int)(R >> 8) & 0xff)]) + \
- S[0x0300 + ((int)(R)&0xff)]) & \
- 0xffffffffL)
-
-void BF_encrypt(uint32_t *data, const BF_KEY *key) {
- uint32_t l, r;
- const uint32_t *p, *s;
-
- p = key->P;
- s = &(key->S[0]);
- l = data[0];
- r = data[1];
-
- l ^= p[0];
- BF_ENC(r, l, s, p[1]);
- BF_ENC(l, r, s, p[2]);
- BF_ENC(r, l, s, p[3]);
- BF_ENC(l, r, s, p[4]);
- BF_ENC(r, l, s, p[5]);
- BF_ENC(l, r, s, p[6]);
- BF_ENC(r, l, s, p[7]);
- BF_ENC(l, r, s, p[8]);
- BF_ENC(r, l, s, p[9]);
- BF_ENC(l, r, s, p[10]);
- BF_ENC(r, l, s, p[11]);
- BF_ENC(l, r, s, p[12]);
- BF_ENC(r, l, s, p[13]);
- BF_ENC(l, r, s, p[14]);
- BF_ENC(r, l, s, p[15]);
- BF_ENC(l, r, s, p[16]);
- r ^= p[BF_ROUNDS + 1];
-
- data[1] = l & 0xffffffffL;
- data[0] = r & 0xffffffffL;
-}
-
-void BF_decrypt(uint32_t *data, const BF_KEY *key) {
- uint32_t l, r;
- const uint32_t *p, *s;
-
- p = key->P;
- s = &(key->S[0]);
- l = data[0];
- r = data[1];
-
- l ^= p[BF_ROUNDS + 1];
- BF_ENC(r, l, s, p[16]);
- BF_ENC(l, r, s, p[15]);
- BF_ENC(r, l, s, p[14]);
- BF_ENC(l, r, s, p[13]);
- BF_ENC(r, l, s, p[12]);
- BF_ENC(l, r, s, p[11]);
- BF_ENC(r, l, s, p[10]);
- BF_ENC(l, r, s, p[9]);
- BF_ENC(r, l, s, p[8]);
- BF_ENC(l, r, s, p[7]);
- BF_ENC(r, l, s, p[6]);
- BF_ENC(l, r, s, p[5]);
- BF_ENC(r, l, s, p[4]);
- BF_ENC(l, r, s, p[3]);
- BF_ENC(r, l, s, p[2]);
- BF_ENC(l, r, s, p[1]);
- r ^= p[0];
-
- data[1] = l & 0xffffffffL;
- data[0] = r & 0xffffffffL;
-}
-
-void BF_ecb_encrypt(const uint8_t *in, uint8_t *out,
- const BF_KEY *key, int encrypt) {
- uint32_t d[2];
-
- n2l(in, d[0]);
- n2l(in, d[1]);
- if (encrypt) {
- BF_encrypt(d, key);
- } else {
- BF_decrypt(d, key);
- }
- l2n(d[0], out);
- l2n(d[1], out);
-}
-
-void BF_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length,
- const BF_KEY *schedule, uint8_t *ivec, int encrypt) {
- uint32_t tin0, tin1;
- uint32_t tout0, tout1, xor0, xor1;
- size_t l = length;
- uint32_t tin[2];
-
- if (encrypt) {
- n2l(ivec, tout0);
- n2l(ivec, tout1);
- ivec -= 8;
- while (l >= 8) {
- n2l(in, tin0);
- n2l(in, tin1);
- tin0 ^= tout0;
- tin1 ^= tout1;
- tin[0] = tin0;
- tin[1] = tin1;
- BF_encrypt(tin, schedule);
- tout0 = tin[0];
- tout1 = tin[1];
- l2n(tout0, out);
- l2n(tout1, out);
- l -= 8;
- }
- if (l != 0) {
- n2ln(in, tin0, tin1, l);
- tin0 ^= tout0;
- tin1 ^= tout1;
- tin[0] = tin0;
- tin[1] = tin1;
- BF_encrypt(tin, schedule);
- tout0 = tin[0];
- tout1 = tin[1];
- l2n(tout0, out);
- l2n(tout1, out);
- }
- l2n(tout0, ivec);
- l2n(tout1, ivec);
- } else {
- n2l(ivec, xor0);
- n2l(ivec, xor1);
- ivec -= 8;
- while (l >= 8) {
- n2l(in, tin0);
- n2l(in, tin1);
- tin[0] = tin0;
- tin[1] = tin1;
- BF_decrypt(tin, schedule);
- tout0 = tin[0] ^ xor0;
- tout1 = tin[1] ^ xor1;
- l2n(tout0, out);
- l2n(tout1, out);
- xor0 = tin0;
- xor1 = tin1;
- l -= 8;
- }
- if (l != 0) {
- n2l(in, tin0);
- n2l(in, tin1);
- tin[0] = tin0;
- tin[1] = tin1;
- BF_decrypt(tin, schedule);
- tout0 = tin[0] ^ xor0;
- tout1 = tin[1] ^ xor1;
- l2nn(tout0, tout1, out, l);
- xor0 = tin0;
- xor1 = tin1;
- }
- l2n(xor0, ivec);
- l2n(xor1, ivec);
- }
- tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
- tin[0] = tin[1] = 0;
-}
-
-static const BF_KEY bf_init = {
- {0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L, 0xa4093822L,
- 0x299f31d0L, 0x082efa98L, 0xec4e6c89L, 0x452821e6L, 0x38d01377L,
- 0xbe5466cfL, 0x34e90c6cL, 0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L,
- 0xb5470917L, 0x9216d5d9L, 0x8979fb1b},
- {
- 0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL, 0xd01adfb7L, 0xb8e1afedL,
- 0x6a267e96L, 0xba7c9045L, 0xf12c7f99L, 0x24a19947L, 0xb3916cf7L,
- 0x0801f2e2L, 0x858efc16L, 0x636920d8L, 0x71574e69L, 0xa458fea3L,
- 0xf4933d7eL, 0x0d95748fL, 0x728eb658L, 0x718bcd58L, 0x82154aeeL,
- 0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L, 0x2af26013L, 0xc5d1b023L,
- 0x286085f0L, 0xca417918L, 0xb8db38efL, 0x8e79dcb0L, 0x603a180eL,
- 0x6c9e0e8bL, 0xb01e8a3eL, 0xd71577c1L, 0xbd314b27L, 0x78af2fdaL,
- 0x55605c60L, 0xe65525f3L, 0xaa55ab94L, 0x57489862L, 0x63e81440L,
- 0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L, 0x1141e8ceL, 0xa15486afL,
- 0x7c72e993L, 0xb3ee1411L, 0x636fbc2aL, 0x2ba9c55dL, 0x741831f6L,
- 0xce5c3e16L, 0x9b87931eL, 0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L,
- 0x28958677L, 0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL, 0x66282193L,
- 0x61d809ccL, 0xfb21a991L, 0x487cac60L, 0x5dec8032L, 0xef845d5dL,
- 0xe98575b1L, 0xdc262302L, 0xeb651b88L, 0x23893e81L, 0xd396acc5L,
- 0x0f6d6ff3L, 0x83f44239L, 0x2e0b4482L, 0xa4842004L, 0x69c8f04aL,
- 0x9e1f9b5eL, 0x21c66842L, 0xf6e96c9aL, 0x670c9c61L, 0xabd388f0L,
- 0x6a51a0d2L, 0xd8542f68L, 0x960fa728L, 0xab5133a3L, 0x6eef0b6cL,
- 0x137a3be4L, 0xba3bf050L, 0x7efb2a98L, 0xa1f1651dL, 0x39af0176L,
- 0x66ca593eL, 0x82430e88L, 0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L,
- 0x3b8b5ebeL, 0xe06f75d8L, 0x85c12073L, 0x401a449fL, 0x56c16aa6L,
- 0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L, 0x429b023dL, 0x37d0d724L,
- 0xd00a1248L, 0xdb0fead3L, 0x49f1c09bL, 0x075372c9L, 0x80991b7bL,
- 0x25d479d8L, 0xf6e8def7L, 0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL,
- 0x04c006baL, 0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L, 0x196a2463L,
- 0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL, 0x3b52ec6fL, 0x6dfc511fL,
- 0x9b30952cL, 0xcc814544L, 0xaf5ebd09L, 0xbee3d004L, 0xde334afdL,
- 0x660f2807L, 0x192e4bb3L, 0xc0cba857L, 0x45c8740fL, 0xd20b5f39L,
- 0xb9d3fbdbL, 0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L, 0x402c7279L,
- 0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L, 0xdb3222f8L, 0x3c7516dfL,
- 0xfd616b15L, 0x2f501ec8L, 0xad0552abL, 0x323db5faL, 0xfd238760L,
- 0x53317b48L, 0x3e00df82L, 0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL,
- 0xdf1769dbL, 0xd542a8f6L, 0x287effc3L, 0xac6732c6L, 0x8c4f5573L,
- 0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL, 0xb8f011a0L, 0x10fa3d98L,
- 0xfd2183b8L, 0x4afcb56cL, 0x2dd1d35bL, 0x9a53e479L, 0xb6f84565L,
- 0xd28e49bcL, 0x4bfb9790L, 0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L,
- 0xcee4c6e8L, 0xef20cadaL, 0x36774c01L, 0xd07e9efeL, 0x2bf11fb4L,
- 0x95dbda4dL, 0xae909198L, 0xeaad8e71L, 0x6b93d5a0L, 0xd08ed1d0L,
- 0xafc725e0L, 0x8e3c5b2fL, 0x8e7594b7L, 0x8ff6e2fbL, 0xf2122b64L,
- 0x8888b812L, 0x900df01cL, 0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L,
- 0xb3a8c1adL, 0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL, 0x8b021fa1L,
- 0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L, 0xce89e299L, 0xb4a84fe0L,
- 0xfd13e0b7L, 0x7cc43b81L, 0xd2ada8d9L, 0x165fa266L, 0x80957705L,
- 0x93cc7314L, 0x211a1477L, 0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L,
- 0xfb9d35cfL, 0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L, 0xae1e7e49L,
- 0x00250e2dL, 0x2071b35eL, 0x226800bbL, 0x57b8e0afL, 0x2464369bL,
- 0xf009b91eL, 0x5563911dL, 0x59dfa6aaL, 0x78c14389L, 0xd95a537fL,
- 0x207d5ba2L, 0x02e5b9c5L, 0x83260376L, 0x6295cfa9L, 0x11c81968L,
- 0x4e734a41L, 0xb3472dcaL, 0x7b14a94aL, 0x1b510052L, 0x9a532915L,
- 0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L, 0x81e67400L, 0x08ba6fb5L,
- 0x571be91fL, 0xf296ec6bL, 0x2a0dd915L, 0xb6636521L, 0xe7b9f9b6L,
- 0xff34052eL, 0xc5855664L, 0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L,
- 0x6e85076aL, 0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL, 0xc4192623L,
- 0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L, 0x8fedb266L, 0xecaa8c71L,
- 0x699a17ffL, 0x5664526cL, 0xc2b19ee1L, 0x193602a5L, 0x75094c29L,
- 0xa0591340L, 0xe4183a3eL, 0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L,
- 0x99f73fd6L, 0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L, 0xf0255dc1L,
- 0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L, 0x021ecc5eL, 0x09686b3fL,
- 0x3ebaefc9L, 0x3c971814L, 0x6b6a70a1L, 0x687f3584L, 0x52a0e286L,
- 0xb79c5305L, 0xaa500737L, 0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL,
- 0x5716f2b8L, 0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L, 0x0200b3ffL,
- 0xae0cf51aL, 0x3cb574b2L, 0x25837a58L, 0xdc0921bdL, 0xd19113f9L,
- 0x7ca92ff6L, 0x94324773L, 0x22f54701L, 0x3ae5e581L, 0x37c2dadcL,
- 0xc8b57634L, 0x9af3dda7L, 0xa9446146L, 0x0fd0030eL, 0xecc8c73eL,
- 0xa4751e41L, 0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L, 0x183eb331L,
- 0x4e548b38L, 0x4f6db908L, 0x6f420d03L, 0xf60a04bfL, 0x2cb81290L,
- 0x24977c79L, 0x5679b072L, 0xbcaf89afL, 0xde9a771fL, 0xd9930810L,
- 0xb38bae12L, 0xdccf3f2eL, 0x5512721fL, 0x2e6b7124L, 0x501adde6L,
- 0x9f84cd87L, 0x7a584718L, 0x7408da17L, 0xbc9f9abcL, 0xe94b7d8cL,
- 0xec7aec3aL, 0xdb851dfaL, 0x63094366L, 0xc464c3d2L, 0xef1c1847L,
- 0x3215d908L, 0xdd433b37L, 0x24c2ba16L, 0x12a14d43L, 0x2a65c451L,
- 0x50940002L, 0x133ae4ddL, 0x71dff89eL, 0x10314e55L, 0x81ac77d6L,
- 0x5f11199bL, 0x043556f1L, 0xd7a3c76bL, 0x3c11183bL, 0x5924a509L,
- 0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL, 0x1e153c6eL, 0x86e34570L,
- 0xeae96fb1L, 0x860e5e0aL, 0x5a3e2ab3L, 0x771fe71cL, 0x4e3d06faL,
- 0x2965dcb9L, 0x99e71d0fL, 0x803e89d6L, 0x5266c825L, 0x2e4cc978L,
- 0x9c10b36aL, 0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L, 0x1e0a2df4L,
- 0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL, 0x19c27960L, 0x5223a708L,
- 0xf71312b6L, 0xebadfe6eL, 0xeac31f66L, 0xe3bc4595L, 0xa67bc883L,
- 0xb17f37d1L, 0x018cff28L, 0xc332ddefL, 0xbe6c5aa5L, 0x65582185L,
- 0x68ab9802L, 0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL, 0x5b6e2f84L,
- 0x1521b628L, 0x29076170L, 0xecdd4775L, 0x619f1510L, 0x13cca830L,
- 0xeb61bd96L, 0x0334fe1eL, 0xaa0363cfL, 0xb5735c90L, 0x4c70a239L,
- 0xd59e9e0bL, 0xcbaade14L, 0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL,
- 0xb2f3846eL, 0x648b1eafL, 0x19bdf0caL, 0xa02369b9L, 0x655abb50L,
- 0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L, 0xc021b8f7L, 0x9b540b19L,
- 0x875fa099L, 0x95f7997eL, 0x623d7da8L, 0xf837889aL, 0x97e32d77L,
- 0x11ed935fL, 0x16681281L, 0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L,
- 0x7858ba99L, 0x57f584a5L, 0x1b227263L, 0x9b83c3ffL, 0x1ac24696L,
- 0xcdb30aebL, 0x532e3054L, 0x8fd948e4L, 0x6dbc3128L, 0x58ebf2efL,
- 0x34c6ffeaL, 0xfe28ed61L, 0xee7c3c73L, 0x5d4a14d9L, 0xe864b7e3L,
- 0x42105d14L, 0x203e13e0L, 0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L,
- 0xfacb4fd0L, 0xc742f442L, 0xef6abbb5L, 0x654f3b1dL, 0x41cd2105L,
- 0xd81e799eL, 0x86854dc7L, 0xe44b476aL, 0x3d816250L, 0xcf62a1f2L,
- 0x5b8d2646L, 0xfc8883a0L, 0xc1c7b6a3L, 0x7f1524c3L, 0x69cb7492L,
- 0x47848a0bL, 0x5692b285L, 0x095bbf00L, 0xad19489dL, 0x1462b174L,
- 0x23820e00L, 0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL, 0x233f7061L,
- 0x3372f092L, 0x8d937e41L, 0xd65fecf1L, 0x6c223bdbL, 0x7cde3759L,
- 0xcbee7460L, 0x4085f2a7L, 0xce77326eL, 0xa6078084L, 0x19f8509eL,
- 0xe8efd855L, 0x61d99735L, 0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL,
- 0x800bcadcL, 0x9e447a2eL, 0xc3453484L, 0xfdd56705L, 0x0e1e9ec9L,
- 0xdb73dbd3L, 0x105588cdL, 0x675fda79L, 0xe3674340L, 0xc5c43465L,
- 0x713e38d8L, 0x3d28f89eL, 0xf16dff20L, 0x153e21e7L, 0x8fb03d4aL,
- 0xe6e39f2bL, 0xdb83adf7L, 0xe93d5a68L, 0x948140f7L, 0xf64c261cL,
- 0x94692934L, 0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL, 0xd4a20068L,
- 0xd4082471L, 0x3320f46aL, 0x43b7d4b7L, 0x500061afL, 0x1e39f62eL,
- 0x97244546L, 0x14214f74L, 0xbf8b8840L, 0x4d95fc1dL, 0x96b591afL,
- 0x70f4ddd3L, 0x66a02f45L, 0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L,
- 0x31cb8504L, 0x96eb27b3L, 0x55fd3941L, 0xda2547e6L, 0xabca0a9aL,
- 0x28507825L, 0x530429f4L, 0x0a2c86daL, 0xe9b66dfbL, 0x68dc1462L,
- 0xd7486900L, 0x680ec0a4L, 0x27a18deeL, 0x4f3ffea2L, 0xe887ad8cL,
- 0xb58ce006L, 0x7af4d6b6L, 0xaace1e7cL, 0xd3375fecL, 0xce78a399L,
- 0x406b2a42L, 0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL, 0x3b124e8bL,
- 0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L, 0xeae397b2L, 0x3a6efa74L,
- 0xdd5b4332L, 0x6841e7f7L, 0xca7820fbL, 0xfb0af54eL, 0xd8feb397L,
- 0x454056acL, 0xba489527L, 0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L,
- 0xd096954bL, 0x55a867bcL, 0xa1159a58L, 0xcca92963L, 0x99e1db33L,
- 0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL, 0x9029317cL, 0xfdf8e802L,
- 0x04272f70L, 0x80bb155cL, 0x05282ce3L, 0x95c11548L, 0xe4c66d22L,
- 0x48c1133fL, 0xc70f86dcL, 0x07f9c9eeL, 0x41041f0fL, 0x404779a4L,
- 0x5d886e17L, 0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL, 0x41113564L,
- 0x257b7834L, 0x602a9c60L, 0xdff8e8a3L, 0x1f636c1bL, 0x0e12b4c2L,
- 0x02e1329eL, 0xaf664fd1L, 0xcad18115L, 0x6b2395e0L, 0x333e92e1L,
- 0x3b240b62L, 0xeebeb922L, 0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL,
- 0x2da2f728L, 0xd0127845L, 0x95b794fdL, 0x647d0862L, 0xe7ccf5f0L,
- 0x5449a36fL, 0x877d48faL, 0xc39dfd27L, 0xf33e8d1eL, 0x0a476341L,
- 0x992eff74L, 0x3a6f6eabL, 0xf4f8fd37L, 0xa812dc60L, 0xa1ebddf8L,
- 0x991be14cL, 0xdb6e6b0dL, 0xc67b5510L, 0x6d672c37L, 0x2765d43bL,
- 0xdcd0e804L, 0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L, 0x690fed0bL,
- 0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL, 0xd9155ea3L, 0xbb132f88L,
- 0x515bad24L, 0x7b9479bfL, 0x763bd6ebL, 0x37392eb3L, 0xcc115979L,
- 0x8026e297L, 0xf42e312dL, 0x6842ada7L, 0xc66a2b3bL, 0x12754cccL,
- 0x782ef11cL, 0x6a124237L, 0xb79251e7L, 0x06a1bbe6L, 0x4bfb6350L,
- 0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L, 0xe2e1c3c9L, 0x44421659L,
- 0x0a121386L, 0xd90cec6eL, 0xd5abea2aL, 0x64af674eL, 0xda86a85fL,
- 0xbebfe988L, 0x64e4c3feL, 0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L,
- 0x6003604dL, 0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L, 0xd736fcccL,
- 0x83426b33L, 0xf01eab71L, 0xb0804187L, 0x3c005e5fL, 0x77a057beL,
- 0xbde8ae24L, 0x55464299L, 0xbf582e61L, 0x4e58f48fL, 0xf2ddfda2L,
- 0xf474ef38L, 0x8789bdc2L, 0x5366f9c3L, 0xc8b38e74L, 0xb475f255L,
- 0x46fcd9b9L, 0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L, 0x915f95e2L,
- 0x466e598eL, 0x20b45770L, 0x8cd55591L, 0xc902de4cL, 0xb90bace1L,
- 0xbb8205d0L, 0x11a86248L, 0x7574a99eL, 0xb77f19b6L, 0xe0a9dc09L,
- 0x662d09a1L, 0xc4324633L, 0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L,
- 0x1d6efe10L, 0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL, 0x2868f169L,
- 0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL, 0x4fcd7f52L, 0x50115e01L,
- 0xa70683faL, 0xa002b5c4L, 0x0de6d027L, 0x9af88c27L, 0x773f8641L,
- 0xc3604c06L, 0x61a806b5L, 0xf0177a28L, 0xc0f586e0L, 0x006058aaL,
- 0x30dc7d62L, 0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L, 0xc2c21634L,
- 0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L, 0xce591d76L, 0x6f05e409L,
- 0x4b7c0188L, 0x39720a3dL, 0x7c927c24L, 0x86e3725fL, 0x724d9db9L,
- 0x1ac15bb4L, 0xd39eb8fcL, 0xed545578L, 0x08fca5b5L, 0xd83d7cd3L,
- 0x4dad0fc4L, 0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L, 0x6c51133cL,
- 0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL, 0xddc6c837L, 0xd79a3234L,
- 0x92638212L, 0x670efa8eL, 0x406000e0L, 0x3a39ce37L, 0xd3faf5cfL,
- 0xabc27737L, 0x5ac52d1bL, 0x5cb0679eL, 0x4fa33742L, 0xd3822740L,
- 0x99bc9bbeL, 0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL, 0xc700c47bL,
- 0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL, 0x6a366eb4L, 0x5748ab2fL,
- 0xbc946e79L, 0xc6a376d2L, 0x6549c2c8L, 0x530ff8eeL, 0x468dde7dL,
- 0xd5730a1dL, 0x4cd04dc6L, 0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L,
- 0xbe5ee304L, 0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L, 0x9a86ee22L,
- 0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL, 0x9cf2d0a4L, 0x83c061baL,
- 0x9be96a4dL, 0x8fe51550L, 0xba645bd6L, 0x2826a2f9L, 0xa73a3ae1L,
- 0x4ba99586L, 0xef5562e9L, 0xc72fefd3L, 0xf752f7daL, 0x3f046f69L,
- 0x77fa0a59L, 0x80e4a915L, 0x87b08601L, 0x9b09e6adL, 0x3b3ee593L,
- 0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L, 0x022b8b51L, 0x96d5ac3aL,
- 0x017da67dL, 0xd1cf3ed6L, 0x7c7d2d28L, 0x1f9f25cfL, 0xadf2b89bL,
- 0x5ad6b472L, 0x5a88f54cL, 0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL,
- 0xed93fa9bL, 0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L, 0x79132e28L,
- 0x785f0191L, 0xed756055L, 0xf7960e44L, 0xe3d35e8cL, 0x15056dd4L,
- 0x88f46dbaL, 0x03a16125L, 0x0564f0bdL, 0xc3eb9e15L, 0x3c9057a2L,
- 0x97271aecL, 0xa93a072aL, 0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL,
- 0x26dcf319L, 0x7533d928L, 0xb155fdf5L, 0x03563482L, 0x8aba3cbbL,
- 0x28517711L, 0xc20ad9f8L, 0xabcc5167L, 0xccad925fL, 0x4de81751L,
- 0x3830dc8eL, 0x379d5862L, 0x9320f991L, 0xea7a90c2L, 0xfb3e7bceL,
- 0x5121ce64L, 0x774fbe32L, 0xa8b6e37eL, 0xc3293d46L, 0x48de5369L,
- 0x6413e680L, 0xa2ae0810L, 0xdd6db224L, 0x69852dfdL, 0x09072166L,
- 0xb39a460aL, 0x6445c0ddL, 0x586cdecfL, 0x1c20c8aeL, 0x5bbef7ddL,
- 0x1b588d40L, 0xccd2017fL, 0x6bb4e3bbL, 0xdda26a7eL, 0x3a59ff45L,
- 0x3e350a44L, 0xbcb4cdd5L, 0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL,
- 0xbf3c6f47L, 0xd29be463L, 0x542f5d9eL, 0xaec2771bL, 0xf64e6370L,
- 0x740e0d8dL, 0xe75b1357L, 0xf8721671L, 0xaf537d5dL, 0x4040cb08L,
- 0x4eb4e2ccL, 0x34d2466aL, 0x0115af84L, 0xe1b00428L, 0x95983a1dL,
- 0x06b89fb4L, 0xce6ea048L, 0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL,
- 0x277227f8L, 0x611560b1L, 0xe7933fdcL, 0xbb3a792bL, 0x344525bdL,
- 0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L, 0xa01fbac9L, 0xe01cc87eL,
- 0xbcc7d1f6L, 0xcf0111c3L, 0xa1e8aac7L, 0x1a908749L, 0xd44fbd9aL,
- 0xd0dadecbL, 0xd50ada38L, 0x0339c32aL, 0xc6913667L, 0x8df9317cL,
- 0xe0b12b4fL, 0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL, 0x27d9459cL,
- 0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L, 0x9b941525L, 0xfae59361L,
- 0xceb69cebL, 0xc2a86459L, 0x12baa8d1L, 0xb6c1075eL, 0xe3056a0cL,
- 0x10d25065L, 0xcb03a442L, 0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL,
- 0x3278e964L, 0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL, 0x8971f21eL,
- 0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L, 0xc37632d8L, 0xdf359f8dL,
- 0x9b992f2eL, 0xe60b6f47L, 0x0fe3f11dL, 0xe54cda54L, 0x1edad891L,
- 0xce6279cfL, 0xcd3e7e6fL, 0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L,
- 0xf6fb2299L, 0xf523f357L, 0xa6327623L, 0x93a83531L, 0x56cccd02L,
- 0xacf08162L, 0x5a75ebb5L, 0x6e163697L, 0x88d273ccL, 0xde966292L,
- 0x81b949d0L, 0x4c50901bL, 0x71c65614L, 0xe6c6c7bdL, 0x327a140aL,
- 0x45e1d006L, 0xc3f27b9aL, 0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L,
- 0x35bdd2f6L, 0x71126905L, 0xb2040222L, 0xb6cbcf7cL, 0xcd769c2bL,
- 0x53113ec0L, 0x1640e3d3L, 0x38abbd60L, 0x2547adf0L, 0xba38209cL,
- 0xf746ce76L, 0x77afa1c5L, 0x20756060L, 0x85cbfe4eL, 0x8ae88dd8L,
- 0x7aaaf9b0L, 0x4cf9aa7eL, 0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L,
- 0xd6ebe1f9L, 0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, 0xc208e69fL,
- 0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, 0x3ac372e6L,
- },
-};
-
-void BF_set_key(BF_KEY *key, size_t len, const uint8_t *data) {
- int i;
- uint32_t *p, ri, in[2];
- const uint8_t *d, *end;
-
- OPENSSL_memcpy(key, &bf_init, sizeof(BF_KEY));
- p = key->P;
-
- if (len > ((BF_ROUNDS + 2) * 4))
- len = (BF_ROUNDS + 2) * 4;
-
- d = data;
- end = &data[len];
- for (i = 0; i < BF_ROUNDS + 2; i++) {
- ri = *(d++);
- if (d >= end) {
- d = data;
- }
-
- ri <<= 8;
- ri |= *(d++);
- if (d >= end) {
- d = data;
- }
-
- ri <<= 8;
- ri |= *(d++);
- if (d >= end) {
- d = data;
- }
-
- ri <<= 8;
- ri |= *(d++);
- if (d >= end) {
- d = data;
- }
-
- p[i] ^= ri;
- }
-
- in[0] = 0L;
- in[1] = 0L;
- for (i = 0; i < BF_ROUNDS + 2; i += 2) {
- BF_encrypt(in, key);
- p[i] = in[0];
- p[i + 1] = in[1];
- }
-
- p = key->S;
- for (i = 0; i < 4 * 256; i += 2) {
- BF_encrypt(in, key);
- p[i] = in[0];
- p[i + 1] = in[1];
- }
-}
-
-static void BF_cfb64_encrypt(const uint8_t *in, uint8_t *out, size_t length,
- const BF_KEY *schedule, uint8_t *ivec, int *num,
- int encrypt) {
- uint32_t v0, v1, t;
- int n = *num;
- size_t l = length;
- uint32_t ti[2];
- uint8_t c, cc;
-
- uint8_t *iv = ivec;
- if (encrypt) {
- while (l--) {
- if (n == 0) {
- n2l(iv, v0);
- ti[0] = v0;
- n2l(iv, v1);
- ti[1] = v1;
- BF_encrypt(ti, schedule);
- iv = ivec;
- t = ti[0];
- l2n(t, iv);
- t = ti[1];
- l2n(t, iv);
- iv = ivec;
- }
- c = *(in++) ^ iv[n];
- *(out++) = c;
- iv[n] = c;
- n = (n + 1) & 0x07;
- }
- } else {
- while (l--) {
- if (n == 0) {
- n2l(iv, v0);
- ti[0] = v0;
- n2l(iv, v1);
- ti[1] = v1;
- BF_encrypt(ti, schedule);
- iv = ivec;
- t = ti[0];
- l2n(t, iv);
- t = ti[1];
- l2n(t, iv);
- iv = ivec;
- }
- cc = *(in++);
- c = iv[n];
- iv[n] = cc;
- *(out++) = c ^ cc;
- n = (n + 1) & 0x07;
- }
- }
-
- *num = n;
-}
-
-static int bf_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
- const uint8_t *iv, int enc) {
- BF_KEY *bf_key = ctx->cipher_data;
- BF_set_key(bf_key, ctx->key_len, key);
- return 1;
-}
-
-static int bf_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
- size_t len) {
- BF_KEY *bf_key = ctx->cipher_data;
-
- while (len >= BF_BLOCK) {
- BF_ecb_encrypt(in, out, bf_key, ctx->encrypt);
- in += BF_BLOCK;
- out += BF_BLOCK;
- len -= BF_BLOCK;
- }
- assert(len == 0);
-
- return 1;
-}
-
-static int bf_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
- size_t len) {
- BF_KEY *bf_key = ctx->cipher_data;
- BF_cbc_encrypt(in, out, len, bf_key, ctx->iv, ctx->encrypt);
- return 1;
-}
-
-static int bf_cfb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
- size_t len) {
- BF_KEY *bf_key = ctx->cipher_data;
- int num = ctx->num;
- BF_cfb64_encrypt(in, out, len, bf_key, ctx->iv, &num, ctx->encrypt);
- ctx->num = num;
- return 1;
-}
-
-static const EVP_CIPHER bf_ecb = {
- .nid = NID_bf_ecb,
- .block_size = BF_BLOCK,
- .key_len = 16,
- .iv_len = BF_BLOCK,
- .ctx_size = sizeof(BF_KEY),
- .flags = EVP_CIPH_ECB_MODE | EVP_CIPH_VARIABLE_LENGTH,
- .init = bf_init_key,
- .cipher = bf_ecb_cipher,
-};
-
-static const EVP_CIPHER bf_cbc = {
- .nid = NID_bf_cbc,
- .block_size = BF_BLOCK,
- .key_len = 16,
- .iv_len = BF_BLOCK,
- .ctx_size = sizeof(BF_KEY),
- .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH,
- .init = bf_init_key,
- .cipher = bf_cbc_cipher,
-};
-
-static const EVP_CIPHER bf_cfb = {
- .nid = NID_bf_cfb64,
- .block_size = 1,
- .key_len = 16,
- .iv_len = BF_BLOCK,
- .ctx_size = sizeof(BF_KEY),
- .flags = EVP_CIPH_CFB_MODE | EVP_CIPH_VARIABLE_LENGTH,
- .init = bf_init_key,
- .cipher = bf_cfb_cipher,
-};
-
-const EVP_CIPHER *EVP_bf_ecb(void) { return &bf_ecb; }
-
-const EVP_CIPHER *EVP_bf_cbc(void) { return &bf_cbc; }
-
-const EVP_CIPHER *EVP_bf_cfb(void) { return &bf_cfb; }
diff --git a/decrepit/blowfish/blowfish.cc b/decrepit/blowfish/blowfish.cc
new file mode 100644
index 0000000..11e5b5a
--- /dev/null
+++ b/decrepit/blowfish/blowfish.cc
@@ -0,0 +1,640 @@
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.] */
+
+#include <openssl/blowfish.h>
+#include <openssl/cipher.h>
+#include <openssl/obj.h>
+
+#include <assert.h>
+#include <string.h>
+
+#include "../../crypto/fipsmodule/cipher/internal.h"
+#include "../../crypto/internal.h"
+#include "../macros.h"
+
+
+#define BF_ENC(LL, R, S, P) \
+ (LL ^= P, \
+ LL ^= \
+ (((S[((int)(R >> 24) & 0xff)] + S[0x0100 + ((int)(R >> 16) & 0xff)]) ^ \
+ S[0x0200 + ((int)(R >> 8) & 0xff)]) + \
+ S[0x0300 + ((int)(R) & 0xff)]) & \
+ 0xffffffffL)
+
+void BF_encrypt(uint32_t *data, const BF_KEY *key) {
+ uint32_t l, r;
+ const uint32_t *p, *s;
+
+ p = key->P;
+ s = &(key->S[0]);
+ l = data[0];
+ r = data[1];
+
+ l ^= p[0];
+ BF_ENC(r, l, s, p[1]);
+ BF_ENC(l, r, s, p[2]);
+ BF_ENC(r, l, s, p[3]);
+ BF_ENC(l, r, s, p[4]);
+ BF_ENC(r, l, s, p[5]);
+ BF_ENC(l, r, s, p[6]);
+ BF_ENC(r, l, s, p[7]);
+ BF_ENC(l, r, s, p[8]);
+ BF_ENC(r, l, s, p[9]);
+ BF_ENC(l, r, s, p[10]);
+ BF_ENC(r, l, s, p[11]);
+ BF_ENC(l, r, s, p[12]);
+ BF_ENC(r, l, s, p[13]);
+ BF_ENC(l, r, s, p[14]);
+ BF_ENC(r, l, s, p[15]);
+ BF_ENC(l, r, s, p[16]);
+ r ^= p[BF_ROUNDS + 1];
+
+ data[1] = l & 0xffffffffL;
+ data[0] = r & 0xffffffffL;
+}
+
+void BF_decrypt(uint32_t *data, const BF_KEY *key) {
+ uint32_t l, r;
+ const uint32_t *p, *s;
+
+ p = key->P;
+ s = &(key->S[0]);
+ l = data[0];
+ r = data[1];
+
+ l ^= p[BF_ROUNDS + 1];
+ BF_ENC(r, l, s, p[16]);
+ BF_ENC(l, r, s, p[15]);
+ BF_ENC(r, l, s, p[14]);
+ BF_ENC(l, r, s, p[13]);
+ BF_ENC(r, l, s, p[12]);
+ BF_ENC(l, r, s, p[11]);
+ BF_ENC(r, l, s, p[10]);
+ BF_ENC(l, r, s, p[9]);
+ BF_ENC(r, l, s, p[8]);
+ BF_ENC(l, r, s, p[7]);
+ BF_ENC(r, l, s, p[6]);
+ BF_ENC(l, r, s, p[5]);
+ BF_ENC(r, l, s, p[4]);
+ BF_ENC(l, r, s, p[3]);
+ BF_ENC(r, l, s, p[2]);
+ BF_ENC(l, r, s, p[1]);
+ r ^= p[0];
+
+ data[1] = l & 0xffffffffL;
+ data[0] = r & 0xffffffffL;
+}
+
+void BF_ecb_encrypt(const uint8_t *in, uint8_t *out, const BF_KEY *key,
+ int encrypt) {
+ uint32_t d[2];
+
+ n2l(in, d[0]);
+ n2l(in, d[1]);
+ if (encrypt) {
+ BF_encrypt(d, key);
+ } else {
+ BF_decrypt(d, key);
+ }
+ l2n(d[0], out);
+ l2n(d[1], out);
+}
+
+void BF_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length,
+ const BF_KEY *schedule, uint8_t *ivec, int encrypt) {
+ uint32_t tin0, tin1;
+ uint32_t tout0, tout1, xor0, xor1;
+ size_t l = length;
+ uint32_t tin[2];
+
+ if (encrypt) {
+ n2l(ivec, tout0);
+ n2l(ivec, tout1);
+ ivec -= 8;
+ while (l >= 8) {
+ n2l(in, tin0);
+ n2l(in, tin1);
+ tin0 ^= tout0;
+ tin1 ^= tout1;
+ tin[0] = tin0;
+ tin[1] = tin1;
+ BF_encrypt(tin, schedule);
+ tout0 = tin[0];
+ tout1 = tin[1];
+ l2n(tout0, out);
+ l2n(tout1, out);
+ l -= 8;
+ }
+ if (l != 0) {
+ n2ln(in, tin0, tin1, l);
+ tin0 ^= tout0;
+ tin1 ^= tout1;
+ tin[0] = tin0;
+ tin[1] = tin1;
+ BF_encrypt(tin, schedule);
+ tout0 = tin[0];
+ tout1 = tin[1];
+ l2n(tout0, out);
+ l2n(tout1, out);
+ }
+ l2n(tout0, ivec);
+ l2n(tout1, ivec);
+ } else {
+ n2l(ivec, xor0);
+ n2l(ivec, xor1);
+ ivec -= 8;
+ while (l >= 8) {
+ n2l(in, tin0);
+ n2l(in, tin1);
+ tin[0] = tin0;
+ tin[1] = tin1;
+ BF_decrypt(tin, schedule);
+ tout0 = tin[0] ^ xor0;
+ tout1 = tin[1] ^ xor1;
+ l2n(tout0, out);
+ l2n(tout1, out);
+ xor0 = tin0;
+ xor1 = tin1;
+ l -= 8;
+ }
+ if (l != 0) {
+ n2l(in, tin0);
+ n2l(in, tin1);
+ tin[0] = tin0;
+ tin[1] = tin1;
+ BF_decrypt(tin, schedule);
+ tout0 = tin[0] ^ xor0;
+ tout1 = tin[1] ^ xor1;
+ l2nn(tout0, tout1, out, l);
+ xor0 = tin0;
+ xor1 = tin1;
+ }
+ l2n(xor0, ivec);
+ l2n(xor1, ivec);
+ }
+ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+ tin[0] = tin[1] = 0;
+}
+
+static const BF_KEY bf_init = {
+ {0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L, 0xa4093822L,
+ 0x299f31d0L, 0x082efa98L, 0xec4e6c89L, 0x452821e6L, 0x38d01377L,
+ 0xbe5466cfL, 0x34e90c6cL, 0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L,
+ 0xb5470917L, 0x9216d5d9L, 0x8979fb1b},
+ {
+ 0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL, 0xd01adfb7L, 0xb8e1afedL,
+ 0x6a267e96L, 0xba7c9045L, 0xf12c7f99L, 0x24a19947L, 0xb3916cf7L,
+ 0x0801f2e2L, 0x858efc16L, 0x636920d8L, 0x71574e69L, 0xa458fea3L,
+ 0xf4933d7eL, 0x0d95748fL, 0x728eb658L, 0x718bcd58L, 0x82154aeeL,
+ 0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L, 0x2af26013L, 0xc5d1b023L,
+ 0x286085f0L, 0xca417918L, 0xb8db38efL, 0x8e79dcb0L, 0x603a180eL,
+ 0x6c9e0e8bL, 0xb01e8a3eL, 0xd71577c1L, 0xbd314b27L, 0x78af2fdaL,
+ 0x55605c60L, 0xe65525f3L, 0xaa55ab94L, 0x57489862L, 0x63e81440L,
+ 0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L, 0x1141e8ceL, 0xa15486afL,
+ 0x7c72e993L, 0xb3ee1411L, 0x636fbc2aL, 0x2ba9c55dL, 0x741831f6L,
+ 0xce5c3e16L, 0x9b87931eL, 0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L,
+ 0x28958677L, 0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL, 0x66282193L,
+ 0x61d809ccL, 0xfb21a991L, 0x487cac60L, 0x5dec8032L, 0xef845d5dL,
+ 0xe98575b1L, 0xdc262302L, 0xeb651b88L, 0x23893e81L, 0xd396acc5L,
+ 0x0f6d6ff3L, 0x83f44239L, 0x2e0b4482L, 0xa4842004L, 0x69c8f04aL,
+ 0x9e1f9b5eL, 0x21c66842L, 0xf6e96c9aL, 0x670c9c61L, 0xabd388f0L,
+ 0x6a51a0d2L, 0xd8542f68L, 0x960fa728L, 0xab5133a3L, 0x6eef0b6cL,
+ 0x137a3be4L, 0xba3bf050L, 0x7efb2a98L, 0xa1f1651dL, 0x39af0176L,
+ 0x66ca593eL, 0x82430e88L, 0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L,
+ 0x3b8b5ebeL, 0xe06f75d8L, 0x85c12073L, 0x401a449fL, 0x56c16aa6L,
+ 0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L, 0x429b023dL, 0x37d0d724L,
+ 0xd00a1248L, 0xdb0fead3L, 0x49f1c09bL, 0x075372c9L, 0x80991b7bL,
+ 0x25d479d8L, 0xf6e8def7L, 0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL,
+ 0x04c006baL, 0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L, 0x196a2463L,
+ 0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL, 0x3b52ec6fL, 0x6dfc511fL,
+ 0x9b30952cL, 0xcc814544L, 0xaf5ebd09L, 0xbee3d004L, 0xde334afdL,
+ 0x660f2807L, 0x192e4bb3L, 0xc0cba857L, 0x45c8740fL, 0xd20b5f39L,
+ 0xb9d3fbdbL, 0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L, 0x402c7279L,
+ 0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L, 0xdb3222f8L, 0x3c7516dfL,
+ 0xfd616b15L, 0x2f501ec8L, 0xad0552abL, 0x323db5faL, 0xfd238760L,
+ 0x53317b48L, 0x3e00df82L, 0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL,
+ 0xdf1769dbL, 0xd542a8f6L, 0x287effc3L, 0xac6732c6L, 0x8c4f5573L,
+ 0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL, 0xb8f011a0L, 0x10fa3d98L,
+ 0xfd2183b8L, 0x4afcb56cL, 0x2dd1d35bL, 0x9a53e479L, 0xb6f84565L,
+ 0xd28e49bcL, 0x4bfb9790L, 0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L,
+ 0xcee4c6e8L, 0xef20cadaL, 0x36774c01L, 0xd07e9efeL, 0x2bf11fb4L,
+ 0x95dbda4dL, 0xae909198L, 0xeaad8e71L, 0x6b93d5a0L, 0xd08ed1d0L,
+ 0xafc725e0L, 0x8e3c5b2fL, 0x8e7594b7L, 0x8ff6e2fbL, 0xf2122b64L,
+ 0x8888b812L, 0x900df01cL, 0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L,
+ 0xb3a8c1adL, 0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL, 0x8b021fa1L,
+ 0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L, 0xce89e299L, 0xb4a84fe0L,
+ 0xfd13e0b7L, 0x7cc43b81L, 0xd2ada8d9L, 0x165fa266L, 0x80957705L,
+ 0x93cc7314L, 0x211a1477L, 0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L,
+ 0xfb9d35cfL, 0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L, 0xae1e7e49L,
+ 0x00250e2dL, 0x2071b35eL, 0x226800bbL, 0x57b8e0afL, 0x2464369bL,
+ 0xf009b91eL, 0x5563911dL, 0x59dfa6aaL, 0x78c14389L, 0xd95a537fL,
+ 0x207d5ba2L, 0x02e5b9c5L, 0x83260376L, 0x6295cfa9L, 0x11c81968L,
+ 0x4e734a41L, 0xb3472dcaL, 0x7b14a94aL, 0x1b510052L, 0x9a532915L,
+ 0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L, 0x81e67400L, 0x08ba6fb5L,
+ 0x571be91fL, 0xf296ec6bL, 0x2a0dd915L, 0xb6636521L, 0xe7b9f9b6L,
+ 0xff34052eL, 0xc5855664L, 0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L,
+ 0x6e85076aL, 0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL, 0xc4192623L,
+ 0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L, 0x8fedb266L, 0xecaa8c71L,
+ 0x699a17ffL, 0x5664526cL, 0xc2b19ee1L, 0x193602a5L, 0x75094c29L,
+ 0xa0591340L, 0xe4183a3eL, 0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L,
+ 0x99f73fd6L, 0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L, 0xf0255dc1L,
+ 0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L, 0x021ecc5eL, 0x09686b3fL,
+ 0x3ebaefc9L, 0x3c971814L, 0x6b6a70a1L, 0x687f3584L, 0x52a0e286L,
+ 0xb79c5305L, 0xaa500737L, 0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL,
+ 0x5716f2b8L, 0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L, 0x0200b3ffL,
+ 0xae0cf51aL, 0x3cb574b2L, 0x25837a58L, 0xdc0921bdL, 0xd19113f9L,
+ 0x7ca92ff6L, 0x94324773L, 0x22f54701L, 0x3ae5e581L, 0x37c2dadcL,
+ 0xc8b57634L, 0x9af3dda7L, 0xa9446146L, 0x0fd0030eL, 0xecc8c73eL,
+ 0xa4751e41L, 0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L, 0x183eb331L,
+ 0x4e548b38L, 0x4f6db908L, 0x6f420d03L, 0xf60a04bfL, 0x2cb81290L,
+ 0x24977c79L, 0x5679b072L, 0xbcaf89afL, 0xde9a771fL, 0xd9930810L,
+ 0xb38bae12L, 0xdccf3f2eL, 0x5512721fL, 0x2e6b7124L, 0x501adde6L,
+ 0x9f84cd87L, 0x7a584718L, 0x7408da17L, 0xbc9f9abcL, 0xe94b7d8cL,
+ 0xec7aec3aL, 0xdb851dfaL, 0x63094366L, 0xc464c3d2L, 0xef1c1847L,
+ 0x3215d908L, 0xdd433b37L, 0x24c2ba16L, 0x12a14d43L, 0x2a65c451L,
+ 0x50940002L, 0x133ae4ddL, 0x71dff89eL, 0x10314e55L, 0x81ac77d6L,
+ 0x5f11199bL, 0x043556f1L, 0xd7a3c76bL, 0x3c11183bL, 0x5924a509L,
+ 0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL, 0x1e153c6eL, 0x86e34570L,
+ 0xeae96fb1L, 0x860e5e0aL, 0x5a3e2ab3L, 0x771fe71cL, 0x4e3d06faL,
+ 0x2965dcb9L, 0x99e71d0fL, 0x803e89d6L, 0x5266c825L, 0x2e4cc978L,
+ 0x9c10b36aL, 0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L, 0x1e0a2df4L,
+ 0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL, 0x19c27960L, 0x5223a708L,
+ 0xf71312b6L, 0xebadfe6eL, 0xeac31f66L, 0xe3bc4595L, 0xa67bc883L,
+ 0xb17f37d1L, 0x018cff28L, 0xc332ddefL, 0xbe6c5aa5L, 0x65582185L,
+ 0x68ab9802L, 0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL, 0x5b6e2f84L,
+ 0x1521b628L, 0x29076170L, 0xecdd4775L, 0x619f1510L, 0x13cca830L,
+ 0xeb61bd96L, 0x0334fe1eL, 0xaa0363cfL, 0xb5735c90L, 0x4c70a239L,
+ 0xd59e9e0bL, 0xcbaade14L, 0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL,
+ 0xb2f3846eL, 0x648b1eafL, 0x19bdf0caL, 0xa02369b9L, 0x655abb50L,
+ 0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L, 0xc021b8f7L, 0x9b540b19L,
+ 0x875fa099L, 0x95f7997eL, 0x623d7da8L, 0xf837889aL, 0x97e32d77L,
+ 0x11ed935fL, 0x16681281L, 0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L,
+ 0x7858ba99L, 0x57f584a5L, 0x1b227263L, 0x9b83c3ffL, 0x1ac24696L,
+ 0xcdb30aebL, 0x532e3054L, 0x8fd948e4L, 0x6dbc3128L, 0x58ebf2efL,
+ 0x34c6ffeaL, 0xfe28ed61L, 0xee7c3c73L, 0x5d4a14d9L, 0xe864b7e3L,
+ 0x42105d14L, 0x203e13e0L, 0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L,
+ 0xfacb4fd0L, 0xc742f442L, 0xef6abbb5L, 0x654f3b1dL, 0x41cd2105L,
+ 0xd81e799eL, 0x86854dc7L, 0xe44b476aL, 0x3d816250L, 0xcf62a1f2L,
+ 0x5b8d2646L, 0xfc8883a0L, 0xc1c7b6a3L, 0x7f1524c3L, 0x69cb7492L,
+ 0x47848a0bL, 0x5692b285L, 0x095bbf00L, 0xad19489dL, 0x1462b174L,
+ 0x23820e00L, 0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL, 0x233f7061L,
+ 0x3372f092L, 0x8d937e41L, 0xd65fecf1L, 0x6c223bdbL, 0x7cde3759L,
+ 0xcbee7460L, 0x4085f2a7L, 0xce77326eL, 0xa6078084L, 0x19f8509eL,
+ 0xe8efd855L, 0x61d99735L, 0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL,
+ 0x800bcadcL, 0x9e447a2eL, 0xc3453484L, 0xfdd56705L, 0x0e1e9ec9L,
+ 0xdb73dbd3L, 0x105588cdL, 0x675fda79L, 0xe3674340L, 0xc5c43465L,
+ 0x713e38d8L, 0x3d28f89eL, 0xf16dff20L, 0x153e21e7L, 0x8fb03d4aL,
+ 0xe6e39f2bL, 0xdb83adf7L, 0xe93d5a68L, 0x948140f7L, 0xf64c261cL,
+ 0x94692934L, 0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL, 0xd4a20068L,
+ 0xd4082471L, 0x3320f46aL, 0x43b7d4b7L, 0x500061afL, 0x1e39f62eL,
+ 0x97244546L, 0x14214f74L, 0xbf8b8840L, 0x4d95fc1dL, 0x96b591afL,
+ 0x70f4ddd3L, 0x66a02f45L, 0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L,
+ 0x31cb8504L, 0x96eb27b3L, 0x55fd3941L, 0xda2547e6L, 0xabca0a9aL,
+ 0x28507825L, 0x530429f4L, 0x0a2c86daL, 0xe9b66dfbL, 0x68dc1462L,
+ 0xd7486900L, 0x680ec0a4L, 0x27a18deeL, 0x4f3ffea2L, 0xe887ad8cL,
+ 0xb58ce006L, 0x7af4d6b6L, 0xaace1e7cL, 0xd3375fecL, 0xce78a399L,
+ 0x406b2a42L, 0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL, 0x3b124e8bL,
+ 0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L, 0xeae397b2L, 0x3a6efa74L,
+ 0xdd5b4332L, 0x6841e7f7L, 0xca7820fbL, 0xfb0af54eL, 0xd8feb397L,
+ 0x454056acL, 0xba489527L, 0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L,
+ 0xd096954bL, 0x55a867bcL, 0xa1159a58L, 0xcca92963L, 0x99e1db33L,
+ 0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL, 0x9029317cL, 0xfdf8e802L,
+ 0x04272f70L, 0x80bb155cL, 0x05282ce3L, 0x95c11548L, 0xe4c66d22L,
+ 0x48c1133fL, 0xc70f86dcL, 0x07f9c9eeL, 0x41041f0fL, 0x404779a4L,
+ 0x5d886e17L, 0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL, 0x41113564L,
+ 0x257b7834L, 0x602a9c60L, 0xdff8e8a3L, 0x1f636c1bL, 0x0e12b4c2L,
+ 0x02e1329eL, 0xaf664fd1L, 0xcad18115L, 0x6b2395e0L, 0x333e92e1L,
+ 0x3b240b62L, 0xeebeb922L, 0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL,
+ 0x2da2f728L, 0xd0127845L, 0x95b794fdL, 0x647d0862L, 0xe7ccf5f0L,
+ 0x5449a36fL, 0x877d48faL, 0xc39dfd27L, 0xf33e8d1eL, 0x0a476341L,
+ 0x992eff74L, 0x3a6f6eabL, 0xf4f8fd37L, 0xa812dc60L, 0xa1ebddf8L,
+ 0x991be14cL, 0xdb6e6b0dL, 0xc67b5510L, 0x6d672c37L, 0x2765d43bL,
+ 0xdcd0e804L, 0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L, 0x690fed0bL,
+ 0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL, 0xd9155ea3L, 0xbb132f88L,
+ 0x515bad24L, 0x7b9479bfL, 0x763bd6ebL, 0x37392eb3L, 0xcc115979L,
+ 0x8026e297L, 0xf42e312dL, 0x6842ada7L, 0xc66a2b3bL, 0x12754cccL,
+ 0x782ef11cL, 0x6a124237L, 0xb79251e7L, 0x06a1bbe6L, 0x4bfb6350L,
+ 0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L, 0xe2e1c3c9L, 0x44421659L,
+ 0x0a121386L, 0xd90cec6eL, 0xd5abea2aL, 0x64af674eL, 0xda86a85fL,
+ 0xbebfe988L, 0x64e4c3feL, 0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L,
+ 0x6003604dL, 0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L, 0xd736fcccL,
+ 0x83426b33L, 0xf01eab71L, 0xb0804187L, 0x3c005e5fL, 0x77a057beL,
+ 0xbde8ae24L, 0x55464299L, 0xbf582e61L, 0x4e58f48fL, 0xf2ddfda2L,
+ 0xf474ef38L, 0x8789bdc2L, 0x5366f9c3L, 0xc8b38e74L, 0xb475f255L,
+ 0x46fcd9b9L, 0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L, 0x915f95e2L,
+ 0x466e598eL, 0x20b45770L, 0x8cd55591L, 0xc902de4cL, 0xb90bace1L,
+ 0xbb8205d0L, 0x11a86248L, 0x7574a99eL, 0xb77f19b6L, 0xe0a9dc09L,
+ 0x662d09a1L, 0xc4324633L, 0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L,
+ 0x1d6efe10L, 0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL, 0x2868f169L,
+ 0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL, 0x4fcd7f52L, 0x50115e01L,
+ 0xa70683faL, 0xa002b5c4L, 0x0de6d027L, 0x9af88c27L, 0x773f8641L,
+ 0xc3604c06L, 0x61a806b5L, 0xf0177a28L, 0xc0f586e0L, 0x006058aaL,
+ 0x30dc7d62L, 0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L, 0xc2c21634L,
+ 0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L, 0xce591d76L, 0x6f05e409L,
+ 0x4b7c0188L, 0x39720a3dL, 0x7c927c24L, 0x86e3725fL, 0x724d9db9L,
+ 0x1ac15bb4L, 0xd39eb8fcL, 0xed545578L, 0x08fca5b5L, 0xd83d7cd3L,
+ 0x4dad0fc4L, 0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L, 0x6c51133cL,
+ 0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL, 0xddc6c837L, 0xd79a3234L,
+ 0x92638212L, 0x670efa8eL, 0x406000e0L, 0x3a39ce37L, 0xd3faf5cfL,
+ 0xabc27737L, 0x5ac52d1bL, 0x5cb0679eL, 0x4fa33742L, 0xd3822740L,
+ 0x99bc9bbeL, 0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL, 0xc700c47bL,
+ 0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL, 0x6a366eb4L, 0x5748ab2fL,
+ 0xbc946e79L, 0xc6a376d2L, 0x6549c2c8L, 0x530ff8eeL, 0x468dde7dL,
+ 0xd5730a1dL, 0x4cd04dc6L, 0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L,
+ 0xbe5ee304L, 0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L, 0x9a86ee22L,
+ 0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL, 0x9cf2d0a4L, 0x83c061baL,
+ 0x9be96a4dL, 0x8fe51550L, 0xba645bd6L, 0x2826a2f9L, 0xa73a3ae1L,
+ 0x4ba99586L, 0xef5562e9L, 0xc72fefd3L, 0xf752f7daL, 0x3f046f69L,
+ 0x77fa0a59L, 0x80e4a915L, 0x87b08601L, 0x9b09e6adL, 0x3b3ee593L,
+ 0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L, 0x022b8b51L, 0x96d5ac3aL,
+ 0x017da67dL, 0xd1cf3ed6L, 0x7c7d2d28L, 0x1f9f25cfL, 0xadf2b89bL,
+ 0x5ad6b472L, 0x5a88f54cL, 0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL,
+ 0xed93fa9bL, 0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L, 0x79132e28L,
+ 0x785f0191L, 0xed756055L, 0xf7960e44L, 0xe3d35e8cL, 0x15056dd4L,
+ 0x88f46dbaL, 0x03a16125L, 0x0564f0bdL, 0xc3eb9e15L, 0x3c9057a2L,
+ 0x97271aecL, 0xa93a072aL, 0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL,
+ 0x26dcf319L, 0x7533d928L, 0xb155fdf5L, 0x03563482L, 0x8aba3cbbL,
+ 0x28517711L, 0xc20ad9f8L, 0xabcc5167L, 0xccad925fL, 0x4de81751L,
+ 0x3830dc8eL, 0x379d5862L, 0x9320f991L, 0xea7a90c2L, 0xfb3e7bceL,
+ 0x5121ce64L, 0x774fbe32L, 0xa8b6e37eL, 0xc3293d46L, 0x48de5369L,
+ 0x6413e680L, 0xa2ae0810L, 0xdd6db224L, 0x69852dfdL, 0x09072166L,
+ 0xb39a460aL, 0x6445c0ddL, 0x586cdecfL, 0x1c20c8aeL, 0x5bbef7ddL,
+ 0x1b588d40L, 0xccd2017fL, 0x6bb4e3bbL, 0xdda26a7eL, 0x3a59ff45L,
+ 0x3e350a44L, 0xbcb4cdd5L, 0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL,
+ 0xbf3c6f47L, 0xd29be463L, 0x542f5d9eL, 0xaec2771bL, 0xf64e6370L,
+ 0x740e0d8dL, 0xe75b1357L, 0xf8721671L, 0xaf537d5dL, 0x4040cb08L,
+ 0x4eb4e2ccL, 0x34d2466aL, 0x0115af84L, 0xe1b00428L, 0x95983a1dL,
+ 0x06b89fb4L, 0xce6ea048L, 0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL,
+ 0x277227f8L, 0x611560b1L, 0xe7933fdcL, 0xbb3a792bL, 0x344525bdL,
+ 0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L, 0xa01fbac9L, 0xe01cc87eL,
+ 0xbcc7d1f6L, 0xcf0111c3L, 0xa1e8aac7L, 0x1a908749L, 0xd44fbd9aL,
+ 0xd0dadecbL, 0xd50ada38L, 0x0339c32aL, 0xc6913667L, 0x8df9317cL,
+ 0xe0b12b4fL, 0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL, 0x27d9459cL,
+ 0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L, 0x9b941525L, 0xfae59361L,
+ 0xceb69cebL, 0xc2a86459L, 0x12baa8d1L, 0xb6c1075eL, 0xe3056a0cL,
+ 0x10d25065L, 0xcb03a442L, 0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL,
+ 0x3278e964L, 0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL, 0x8971f21eL,
+ 0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L, 0xc37632d8L, 0xdf359f8dL,
+ 0x9b992f2eL, 0xe60b6f47L, 0x0fe3f11dL, 0xe54cda54L, 0x1edad891L,
+ 0xce6279cfL, 0xcd3e7e6fL, 0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L,
+ 0xf6fb2299L, 0xf523f357L, 0xa6327623L, 0x93a83531L, 0x56cccd02L,
+ 0xacf08162L, 0x5a75ebb5L, 0x6e163697L, 0x88d273ccL, 0xde966292L,
+ 0x81b949d0L, 0x4c50901bL, 0x71c65614L, 0xe6c6c7bdL, 0x327a140aL,
+ 0x45e1d006L, 0xc3f27b9aL, 0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L,
+ 0x35bdd2f6L, 0x71126905L, 0xb2040222L, 0xb6cbcf7cL, 0xcd769c2bL,
+ 0x53113ec0L, 0x1640e3d3L, 0x38abbd60L, 0x2547adf0L, 0xba38209cL,
+ 0xf746ce76L, 0x77afa1c5L, 0x20756060L, 0x85cbfe4eL, 0x8ae88dd8L,
+ 0x7aaaf9b0L, 0x4cf9aa7eL, 0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L,
+ 0xd6ebe1f9L, 0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, 0xc208e69fL,
+ 0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, 0x3ac372e6L,
+ },
+};
+
+void BF_set_key(BF_KEY *key, size_t len, const uint8_t *data) {
+ int i;
+ uint32_t *p, ri, in[2];
+ const uint8_t *d, *end;
+
+ OPENSSL_memcpy(key, &bf_init, sizeof(BF_KEY));
+ p = key->P;
+
+ if (len > ((BF_ROUNDS + 2) * 4)) {
+ len = (BF_ROUNDS + 2) * 4;
+ }
+
+ d = data;
+ end = &data[len];
+ for (i = 0; i < BF_ROUNDS + 2; i++) {
+ ri = *(d++);
+ if (d >= end) {
+ d = data;
+ }
+
+ ri <<= 8;
+ ri |= *(d++);
+ if (d >= end) {
+ d = data;
+ }
+
+ ri <<= 8;
+ ri |= *(d++);
+ if (d >= end) {
+ d = data;
+ }
+
+ ri <<= 8;
+ ri |= *(d++);
+ if (d >= end) {
+ d = data;
+ }
+
+ p[i] ^= ri;
+ }
+
+ in[0] = 0L;
+ in[1] = 0L;
+ for (i = 0; i < BF_ROUNDS + 2; i += 2) {
+ BF_encrypt(in, key);
+ p[i] = in[0];
+ p[i + 1] = in[1];
+ }
+
+ p = key->S;
+ for (i = 0; i < 4 * 256; i += 2) {
+ BF_encrypt(in, key);
+ p[i] = in[0];
+ p[i + 1] = in[1];
+ }
+}
+
+static void BF_cfb64_encrypt(const uint8_t *in, uint8_t *out, size_t length,
+ const BF_KEY *schedule, uint8_t *ivec, int *num,
+ int encrypt) {
+ uint32_t v0, v1, t;
+ int n = *num;
+ size_t l = length;
+ uint32_t ti[2];
+ uint8_t c, cc;
+
+ uint8_t *iv = ivec;
+ if (encrypt) {
+ while (l--) {
+ if (n == 0) {
+ n2l(iv, v0);
+ ti[0] = v0;
+ n2l(iv, v1);
+ ti[1] = v1;
+ BF_encrypt(ti, schedule);
+ iv = ivec;
+ t = ti[0];
+ l2n(t, iv);
+ t = ti[1];
+ l2n(t, iv);
+ iv = ivec;
+ }
+ c = *(in++) ^ iv[n];
+ *(out++) = c;
+ iv[n] = c;
+ n = (n + 1) & 0x07;
+ }
+ } else {
+ while (l--) {
+ if (n == 0) {
+ n2l(iv, v0);
+ ti[0] = v0;
+ n2l(iv, v1);
+ ti[1] = v1;
+ BF_encrypt(ti, schedule);
+ iv = ivec;
+ t = ti[0];
+ l2n(t, iv);
+ t = ti[1];
+ l2n(t, iv);
+ iv = ivec;
+ }
+ cc = *(in++);
+ c = iv[n];
+ iv[n] = cc;
+ *(out++) = c ^ cc;
+ n = (n + 1) & 0x07;
+ }
+ }
+
+ *num = n;
+}
+
+static int bf_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
+ const uint8_t *iv, int enc) {
+ BF_KEY *bf_key = reinterpret_cast<BF_KEY *>(ctx->cipher_data);
+ BF_set_key(bf_key, ctx->key_len, key);
+ return 1;
+}
+
+static int bf_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
+ size_t len) {
+ BF_KEY *bf_key = reinterpret_cast<BF_KEY *>(ctx->cipher_data);
+
+ while (len >= BF_BLOCK) {
+ BF_ecb_encrypt(in, out, bf_key, ctx->encrypt);
+ in += BF_BLOCK;
+ out += BF_BLOCK;
+ len -= BF_BLOCK;
+ }
+ assert(len == 0);
+
+ return 1;
+}
+
+static int bf_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
+ size_t len) {
+ BF_KEY *bf_key = reinterpret_cast<BF_KEY *>(ctx->cipher_data);
+ BF_cbc_encrypt(in, out, len, bf_key, ctx->iv, ctx->encrypt);
+ return 1;
+}
+
+static int bf_cfb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
+ size_t len) {
+ BF_KEY *bf_key = reinterpret_cast<BF_KEY *>(ctx->cipher_data);
+ int num = ctx->num;
+ BF_cfb64_encrypt(in, out, len, bf_key, ctx->iv, &num, ctx->encrypt);
+ ctx->num = num;
+ return 1;
+}
+
+static const EVP_CIPHER bf_ecb = {
+ /* nid= */ NID_bf_ecb,
+ /* block_size= */ BF_BLOCK,
+ /* key_len= */ 16,
+ /* iv_len= */ BF_BLOCK,
+ /* ctx_size= */ sizeof(BF_KEY),
+ /* flags= */ EVP_CIPH_ECB_MODE | EVP_CIPH_VARIABLE_LENGTH,
+ /* init= */ bf_init_key,
+ /* cipher= */ bf_ecb_cipher,
+ /* cleanup= */ nullptr,
+ /* ctrl= */ nullptr,
+};
+
+static const EVP_CIPHER bf_cbc = {
+ /* nid= */ NID_bf_cbc,
+ /* block_size= */ BF_BLOCK,
+ /* key_len= */ 16,
+ /* iv_len= */ BF_BLOCK,
+ /* ctx_size= */ sizeof(BF_KEY),
+ /* flags= */ EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH,
+ /* init= */ bf_init_key,
+ /* cipher= */ bf_cbc_cipher,
+ /* cleanup= */ nullptr,
+ /* ctrl= */ nullptr,
+};
+
+static const EVP_CIPHER bf_cfb = {
+ /* nid= */ NID_bf_cfb64,
+ /* block_size= */ 1,
+ /* key_len= */ 16,
+ /* iv_len= */ BF_BLOCK,
+ /* ctx_size= */ sizeof(BF_KEY),
+ /* flags= */ EVP_CIPH_CFB_MODE | EVP_CIPH_VARIABLE_LENGTH,
+ /* init= */ bf_init_key,
+ /* cipher= */ bf_cfb_cipher,
+ /* cleanup= */ nullptr,
+ /* ctrl= */ nullptr,
+};
+
+const EVP_CIPHER *EVP_bf_ecb(void) { return &bf_ecb; }
+
+const EVP_CIPHER *EVP_bf_cbc(void) { return &bf_cbc; }
+
+const EVP_CIPHER *EVP_bf_cfb(void) { return &bf_cfb; }
diff --git a/decrepit/cast/cast.c b/decrepit/cast/cast.cc
similarity index 91%
rename from decrepit/cast/cast.c
rename to decrepit/cast/cast.cc
index f6f1963..15f776e 100644
--- a/decrepit/cast/cast.c
+++ b/decrepit/cast/cast.cc
@@ -66,8 +66,8 @@
#include "../../crypto/fipsmodule/cipher/internal.h"
#include "../../crypto/internal.h"
-#include "internal.h"
#include "../macros.h"
+#include "internal.h"
void CAST_ecb_encrypt(const uint8_t *in, uint8_t *out, const CAST_KEY *ks,
@@ -85,16 +85,17 @@
l2n(d[1], out);
}
-#define E_CAST(n, key, L, R, OP1, OP2, OP3) \
- { \
- uint32_t a, b, c, d; \
- t = (key[n * 2] OP1 R) & 0xffffffff; \
- t = CRYPTO_rotl_u32(t, (key[n * 2 + 1])); \
- a = CAST_S_table0[(t >> 8) & 0xff]; \
- b = CAST_S_table1[(t)&0xff]; \
- c = CAST_S_table2[(t >> 24) & 0xff]; \
- d = CAST_S_table3[(t >> 16) & 0xff]; \
- L ^= (((((a OP2 b)&0xffffffffL)OP3 c) & 0xffffffffL) OP1 d) & 0xffffffffL; \
+#define E_CAST(n, key, L, R, OP1, OP2, OP3) \
+ { \
+ uint32_t a, b, c, d; \
+ t = (key[n * 2] OP1 R) & 0xffffffff; \
+ t = CRYPTO_rotl_u32(t, (key[n * 2 + 1])); \
+ a = CAST_S_table0[(t >> 8) & 0xff]; \
+ b = CAST_S_table1[(t) & 0xff]; \
+ c = CAST_S_table2[(t >> 24) & 0xff]; \
+ d = CAST_S_table3[(t >> 16) & 0xff]; \
+ L ^= (((((a OP2 b) & 0xffffffffL) OP3 c) & 0xffffffffL) OP1 d) & \
+ 0xffffffffL; \
}
void CAST_encrypt(uint32_t *data, const CAST_KEY *key) {
@@ -239,7 +240,7 @@
#define CAST_exp(l, A, a, n) \
A[n / 4] = l; \
- a[n + 3] = (l)&0xff; \
+ a[n + 3] = (l) & 0xff; \
a[n + 2] = (l >> 8) & 0xff; \
a[n + 1] = (l >> 16) & 0xff; \
a[n + 0] = (l >> 24) & 0xff;
@@ -409,14 +410,14 @@
static int cast_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
const uint8_t *iv, int enc) {
- CAST_KEY *cast_key = ctx->cipher_data;
+ CAST_KEY *cast_key = reinterpret_cast<CAST_KEY *>(ctx->cipher_data);
CAST_set_key(cast_key, ctx->key_len, key);
return 1;
}
static int cast_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
size_t len) {
- CAST_KEY *cast_key = ctx->cipher_data;
+ CAST_KEY *cast_key = reinterpret_cast<CAST_KEY *>(ctx->cipher_data);
while (len >= CAST_BLOCK) {
CAST_ecb_encrypt(in, out, cast_key, ctx->encrypt);
@@ -431,31 +432,35 @@
static int cast_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
size_t len) {
- CAST_KEY *cast_key = ctx->cipher_data;
+ CAST_KEY *cast_key = reinterpret_cast<CAST_KEY *>(ctx->cipher_data);
CAST_cbc_encrypt(in, out, len, cast_key, ctx->iv, ctx->encrypt);
return 1;
}
static const EVP_CIPHER cast5_ecb = {
- .nid = NID_cast5_ecb,
- .block_size = CAST_BLOCK,
- .key_len = CAST_KEY_LENGTH,
- .iv_len = CAST_BLOCK,
- .ctx_size = sizeof(CAST_KEY),
- .flags = EVP_CIPH_ECB_MODE | EVP_CIPH_VARIABLE_LENGTH,
- .init = cast_init_key,
- .cipher = cast_ecb_cipher,
+ /* nid= */ NID_cast5_ecb,
+ /* block_size= */ CAST_BLOCK,
+ /* key_len= */ CAST_KEY_LENGTH,
+ /* iv_len= */ CAST_BLOCK,
+ /* ctx_size= */ sizeof(CAST_KEY),
+ /* flags= */ EVP_CIPH_ECB_MODE | EVP_CIPH_VARIABLE_LENGTH,
+ /* init= */ cast_init_key,
+ /* cipher= */ cast_ecb_cipher,
+ /* cleanup= */ nullptr,
+ /* ctrl= */ nullptr,
};
static const EVP_CIPHER cast5_cbc = {
- .nid = NID_cast5_cbc,
- .block_size = CAST_BLOCK,
- .key_len = CAST_KEY_LENGTH,
- .iv_len = CAST_BLOCK,
- .ctx_size = sizeof(CAST_KEY),
- .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH,
- .init = cast_init_key,
- .cipher = cast_cbc_cipher,
+ /* nid= */ NID_cast5_cbc,
+ /* block_size= */ CAST_BLOCK,
+ /* key_len= */ CAST_KEY_LENGTH,
+ /* iv_len= */ CAST_BLOCK,
+ /* ctx_size= */ sizeof(CAST_KEY),
+ /* flags= */ EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH,
+ /* init= */ cast_init_key,
+ /* cipher= */ cast_cbc_cipher,
+ /* cleanup= */ nullptr,
+ /* ctrl= */ nullptr,
};
const EVP_CIPHER *EVP_cast5_ecb(void) { return &cast5_ecb; }
diff --git a/decrepit/cast/cast_tables.c b/decrepit/cast/cast_tables.cc
similarity index 100%
rename from decrepit/cast/cast_tables.c
rename to decrepit/cast/cast_tables.cc
diff --git a/decrepit/cfb/cfb.c b/decrepit/cfb/cfb.cc
similarity index 66%
rename from decrepit/cfb/cfb.c
rename to decrepit/cfb/cfb.cc
index 0ac3228..89bceec 100644
--- a/decrepit/cfb/cfb.c
+++ b/decrepit/cfb/cfb.cc
@@ -29,7 +29,7 @@
static int aes_cfb_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
const uint8_t *iv, int enc) {
if (key) {
- EVP_CFB_CTX *cfb_ctx = ctx->cipher_data;
+ EVP_CFB_CTX *cfb_ctx = reinterpret_cast<EVP_CFB_CTX *>(ctx->cipher_data);
AES_set_encrypt_key(key, ctx->key_len * 8, &cfb_ctx->ks);
}
@@ -42,7 +42,7 @@
return 0;
}
- EVP_CFB_CTX *cfb_ctx = ctx->cipher_data;
+ EVP_CFB_CTX *cfb_ctx = reinterpret_cast<EVP_CFB_CTX *>(ctx->cipher_data);
int num = ctx->num;
AES_cfb128_encrypt(in, out, len, &cfb_ctx->ks, ctx->iv, &num,
ctx->encrypt ? AES_ENCRYPT : AES_DECRYPT);
@@ -52,36 +52,42 @@
}
static const EVP_CIPHER aes_128_cfb128 = {
- .nid = NID_aes_128_cfb128,
- .block_size = 1,
- .key_len = 16,
- .iv_len = 16,
- .ctx_size = sizeof(EVP_CFB_CTX),
- .flags = EVP_CIPH_CFB_MODE,
- .init = aes_cfb_init_key,
- .cipher = aes_cfb128_cipher,
+ /* nid= */ NID_aes_128_cfb128,
+ /* block_size= */ 1,
+ /* key_len= */ 16,
+ /* iv_len= */ 16,
+ /* ctx_size= */ sizeof(EVP_CFB_CTX),
+ /* flags= */ EVP_CIPH_CFB_MODE,
+ /* init= */ aes_cfb_init_key,
+ /* cipher= */ aes_cfb128_cipher,
+ /* cleanup= */ nullptr,
+ /* ctrl= */ nullptr,
};
static const EVP_CIPHER aes_192_cfb128 = {
- .nid = NID_aes_192_cfb128,
- .block_size = 1,
- .key_len = 24,
- .iv_len = 16,
- .ctx_size = sizeof(EVP_CFB_CTX),
- .flags = EVP_CIPH_CFB_MODE,
- .init = aes_cfb_init_key,
- .cipher = aes_cfb128_cipher,
+ /* nid= */ NID_aes_192_cfb128,
+ /* block_size= */ 1,
+ /* key_len= */ 24,
+ /* iv_len= */ 16,
+ /* ctx_size= */ sizeof(EVP_CFB_CTX),
+ /* flags= */ EVP_CIPH_CFB_MODE,
+ /* init= */ aes_cfb_init_key,
+ /* cipher= */ aes_cfb128_cipher,
+ /* cleanup= */ nullptr,
+ /* ctrl= */ nullptr,
};
static const EVP_CIPHER aes_256_cfb128 = {
- .nid = NID_aes_256_cfb128,
- .block_size = 1,
- .key_len = 32,
- .iv_len = 16,
- .ctx_size = sizeof(EVP_CFB_CTX),
- .flags = EVP_CIPH_CFB_MODE,
- .init = aes_cfb_init_key,
- .cipher = aes_cfb128_cipher,
+ /* nid= */ NID_aes_256_cfb128,
+ /* block_size= */ 1,
+ /* key_len= */ 32,
+ /* iv_len= */ 16,
+ /* ctx_size= */ sizeof(EVP_CFB_CTX),
+ /* flags= */ EVP_CIPH_CFB_MODE,
+ /* init= */ aes_cfb_init_key,
+ /* cipher= */ aes_cfb128_cipher,
+ /* cleanup= */ nullptr,
+ /* ctrl= */ nullptr,
};
const EVP_CIPHER *EVP_aes_128_cfb128(void) { return &aes_128_cfb128; }
diff --git a/decrepit/des/cfb64ede.c b/decrepit/des/cfb64ede.cc
similarity index 100%
rename from decrepit/des/cfb64ede.c
rename to decrepit/des/cfb64ede.cc
diff --git a/decrepit/dh/dh_decrepit.c b/decrepit/dh/dh_decrepit.cc
similarity index 100%
rename from decrepit/dh/dh_decrepit.c
rename to decrepit/dh/dh_decrepit.cc
diff --git a/decrepit/dsa/dsa_decrepit.c b/decrepit/dsa/dsa_decrepit.cc
similarity index 100%
rename from decrepit/dsa/dsa_decrepit.c
rename to decrepit/dsa/dsa_decrepit.cc
diff --git a/decrepit/evp/dss1.c b/decrepit/evp/dss1.cc
similarity index 100%
rename from decrepit/evp/dss1.c
rename to decrepit/evp/dss1.cc
diff --git a/decrepit/evp/evp_do_all.c b/decrepit/evp/evp_do_all.cc
similarity index 100%
rename from decrepit/evp/evp_do_all.c
rename to decrepit/evp/evp_do_all.cc
diff --git a/decrepit/obj/obj_decrepit.c b/decrepit/obj/obj_decrepit.cc
similarity index 100%
rename from decrepit/obj/obj_decrepit.c
rename to decrepit/obj/obj_decrepit.cc
diff --git a/decrepit/rc4/rc4_decrepit.c b/decrepit/rc4/rc4_decrepit.cc
similarity index 100%
rename from decrepit/rc4/rc4_decrepit.c
rename to decrepit/rc4/rc4_decrepit.cc
diff --git a/decrepit/ripemd/ripemd.c b/decrepit/ripemd/ripemd.cc
similarity index 84%
rename from decrepit/ripemd/ripemd.c
rename to decrepit/ripemd/ripemd.cc
index 3ae6904..91f488d 100644
--- a/decrepit/ripemd/ripemd.c
+++ b/decrepit/ripemd/ripemd.cc
@@ -58,8 +58,8 @@
#include <string.h>
-#include "../../crypto/internal.h"
#include "../../crypto/fipsmodule/digest/md32_common.h"
+#include "../../crypto/internal.h"
#define RIPEMD160_A 0x67452301L
@@ -88,7 +88,8 @@
int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len) {
crypto_md32_update(&ripemd160_block_data_order, c->h, c->data,
- RIPEMD160_CBLOCK, &c->num, &c->Nh, &c->Nl, data, len);
+ RIPEMD160_CBLOCK, &c->num, &c->Nh, &c->Nl,
+ reinterpret_cast<const uint8_t *>(data), len);
return 1;
}
@@ -159,332 +160,332 @@
#define KR3 0x7A6D76E9L
#define KR4 0x00000000L
-#define WL00 0
+#define WL00 0
#define SL00 11
-#define WL01 1
+#define WL01 1
#define SL01 14
-#define WL02 2
+#define WL02 2
#define SL02 15
-#define WL03 3
+#define WL03 3
#define SL03 12
-#define WL04 4
-#define SL04 5
-#define WL05 5
-#define SL05 8
-#define WL06 6
-#define SL06 7
-#define WL07 7
-#define SL07 9
-#define WL08 8
+#define WL04 4
+#define SL04 5
+#define WL05 5
+#define SL05 8
+#define WL06 6
+#define SL06 7
+#define WL07 7
+#define SL07 9
+#define WL08 8
#define SL08 11
-#define WL09 9
+#define WL09 9
#define SL09 13
#define WL10 10
#define SL10 14
#define WL11 11
#define SL11 15
#define WL12 12
-#define SL12 6
+#define SL12 6
#define WL13 13
-#define SL13 7
+#define SL13 7
#define WL14 14
-#define SL14 9
+#define SL14 9
#define WL15 15
-#define SL15 8
+#define SL15 8
-#define WL16 7
-#define SL16 7
-#define WL17 4
-#define SL17 6
+#define WL16 7
+#define SL16 7
+#define WL17 4
+#define SL17 6
#define WL18 13
-#define SL18 8
-#define WL19 1
+#define SL18 8
+#define WL19 1
#define SL19 13
#define WL20 10
#define SL20 11
-#define WL21 6
-#define SL21 9
+#define WL21 6
+#define SL21 9
#define WL22 15
-#define SL22 7
-#define WL23 3
+#define SL22 7
+#define WL23 3
#define SL23 15
#define WL24 12
-#define SL24 7
-#define WL25 0
+#define SL24 7
+#define WL25 0
#define SL25 12
-#define WL26 9
+#define WL26 9
#define SL26 15
-#define WL27 5
-#define SL27 9
-#define WL28 2
+#define WL27 5
+#define SL27 9
+#define WL28 2
#define SL28 11
#define WL29 14
-#define SL29 7
+#define SL29 7
#define WL30 11
#define SL30 13
-#define WL31 8
+#define WL31 8
#define SL31 12
-#define WL32 3
+#define WL32 3
#define SL32 11
#define WL33 10
#define SL33 13
#define WL34 14
-#define SL34 6
-#define WL35 4
-#define SL35 7
-#define WL36 9
+#define SL34 6
+#define WL35 4
+#define SL35 7
+#define WL36 9
#define SL36 14
#define WL37 15
-#define SL37 9
-#define WL38 8
+#define SL37 9
+#define WL38 8
#define SL38 13
-#define WL39 1
+#define WL39 1
#define SL39 15
-#define WL40 2
+#define WL40 2
#define SL40 14
-#define WL41 7
-#define SL41 8
-#define WL42 0
+#define WL41 7
+#define SL41 8
+#define WL42 0
#define SL42 13
-#define WL43 6
-#define SL43 6
+#define WL43 6
+#define SL43 6
#define WL44 13
-#define SL44 5
+#define SL44 5
#define WL45 11
#define SL45 12
-#define WL46 5
-#define SL46 7
+#define WL46 5
+#define SL46 7
#define WL47 12
-#define SL47 5
+#define SL47 5
-#define WL48 1
+#define WL48 1
#define SL48 11
-#define WL49 9
+#define WL49 9
#define SL49 12
#define WL50 11
#define SL50 14
#define WL51 10
#define SL51 15
-#define WL52 0
+#define WL52 0
#define SL52 14
-#define WL53 8
+#define WL53 8
#define SL53 15
#define WL54 12
-#define SL54 9
-#define WL55 4
-#define SL55 8
+#define SL54 9
+#define WL55 4
+#define SL55 8
#define WL56 13
-#define SL56 9
-#define WL57 3
+#define SL56 9
+#define WL57 3
#define SL57 14
-#define WL58 7
-#define SL58 5
+#define WL58 7
+#define SL58 5
#define WL59 15
-#define SL59 6
+#define SL59 6
#define WL60 14
-#define SL60 8
-#define WL61 5
-#define SL61 6
-#define WL62 6
-#define SL62 5
-#define WL63 2
+#define SL60 8
+#define WL61 5
+#define SL61 6
+#define WL62 6
+#define SL62 5
+#define WL63 2
#define SL63 12
-#define WL64 4
-#define SL64 9
-#define WL65 0
+#define WL64 4
+#define SL64 9
+#define WL65 0
#define SL65 15
-#define WL66 5
-#define SL66 5
-#define WL67 9
+#define WL66 5
+#define SL66 5
+#define WL67 9
#define SL67 11
-#define WL68 7
-#define SL68 6
+#define WL68 7
+#define SL68 6
#define WL69 12
-#define SL69 8
-#define WL70 2
+#define SL69 8
+#define WL70 2
#define SL70 13
#define WL71 10
#define SL71 12
#define WL72 14
-#define SL72 5
-#define WL73 1
+#define SL72 5
+#define WL73 1
#define SL73 12
-#define WL74 3
+#define WL74 3
#define SL74 13
-#define WL75 8
+#define WL75 8
#define SL75 14
#define WL76 11
#define SL76 11
-#define WL77 6
-#define SL77 8
+#define WL77 6
+#define SL77 8
#define WL78 15
-#define SL78 5
+#define SL78 5
#define WL79 13
-#define SL79 6
+#define SL79 6
-#define WR00 5
-#define SR00 8
+#define WR00 5
+#define SR00 8
#define WR01 14
-#define SR01 9
-#define WR02 7
-#define SR02 9
-#define WR03 0
+#define SR01 9
+#define WR02 7
+#define SR02 9
+#define WR03 0
#define SR03 11
-#define WR04 9
+#define WR04 9
#define SR04 13
-#define WR05 2
+#define WR05 2
#define SR05 15
#define WR06 11
#define SR06 15
-#define WR07 4
-#define SR07 5
+#define WR07 4
+#define SR07 5
#define WR08 13
-#define SR08 7
-#define WR09 6
-#define SR09 7
+#define SR08 7
+#define WR09 6
+#define SR09 7
#define WR10 15
-#define SR10 8
-#define WR11 8
+#define SR10 8
+#define WR11 8
#define SR11 11
-#define WR12 1
+#define WR12 1
#define SR12 14
#define WR13 10
#define SR13 14
-#define WR14 3
+#define WR14 3
#define SR14 12
#define WR15 12
-#define SR15 6
+#define SR15 6
-#define WR16 6
-#define SR16 9
+#define WR16 6
+#define SR16 9
#define WR17 11
#define SR17 13
-#define WR18 3
+#define WR18 3
#define SR18 15
-#define WR19 7
-#define SR19 7
-#define WR20 0
+#define WR19 7
+#define SR19 7
+#define WR20 0
#define SR20 12
#define WR21 13
-#define SR21 8
-#define WR22 5
-#define SR22 9
+#define SR21 8
+#define WR22 5
+#define SR22 9
#define WR23 10
#define SR23 11
#define WR24 14
-#define SR24 7
+#define SR24 7
#define WR25 15
-#define SR25 7
-#define WR26 8
+#define SR25 7
+#define WR26 8
#define SR26 12
#define WR27 12
-#define SR27 7
-#define WR28 4
-#define SR28 6
-#define WR29 9
+#define SR27 7
+#define WR28 4
+#define SR28 6
+#define WR29 9
#define SR29 15
-#define WR30 1
+#define WR30 1
#define SR30 13
-#define WR31 2
+#define WR31 2
#define SR31 11
#define WR32 15
-#define SR32 9
-#define WR33 5
-#define SR33 7
-#define WR34 1
+#define SR32 9
+#define WR33 5
+#define SR33 7
+#define WR34 1
#define SR34 15
-#define WR35 3
+#define WR35 3
#define SR35 11
-#define WR36 7
-#define SR36 8
+#define WR36 7
+#define SR36 8
#define WR37 14
-#define SR37 6
-#define WR38 6
-#define SR38 6
-#define WR39 9
+#define SR37 6
+#define WR38 6
+#define SR38 6
+#define WR39 9
#define SR39 14
#define WR40 11
#define SR40 12
-#define WR41 8
+#define WR41 8
#define SR41 13
#define WR42 12
-#define SR42 5
-#define WR43 2
+#define SR42 5
+#define WR43 2
#define SR43 14
#define WR44 10
#define SR44 13
-#define WR45 0
+#define WR45 0
#define SR45 13
-#define WR46 4
-#define SR46 7
+#define WR46 4
+#define SR46 7
#define WR47 13
-#define SR47 5
+#define SR47 5
-#define WR48 8
+#define WR48 8
#define SR48 15
-#define WR49 6
-#define SR49 5
-#define WR50 4
-#define SR50 8
-#define WR51 1
+#define WR49 6
+#define SR49 5
+#define WR50 4
+#define SR50 8
+#define WR51 1
#define SR51 11
-#define WR52 3
+#define WR52 3
#define SR52 14
#define WR53 11
#define SR53 14
#define WR54 15
-#define SR54 6
-#define WR55 0
+#define SR54 6
+#define WR55 0
#define SR55 14
-#define WR56 5
-#define SR56 6
+#define WR56 5
+#define SR56 6
#define WR57 12
-#define SR57 9
-#define WR58 2
+#define SR57 9
+#define WR58 2
#define SR58 12
#define WR59 13
-#define SR59 9
-#define WR60 9
+#define SR59 9
+#define WR60 9
#define SR60 12
-#define WR61 7
-#define SR61 5
+#define WR61 7
+#define SR61 5
#define WR62 10
#define SR62 15
#define WR63 14
-#define SR63 8
+#define SR63 8
#define WR64 12
-#define SR64 8
+#define SR64 8
#define WR65 15
-#define SR65 5
+#define SR65 5
#define WR66 10
#define SR66 12
-#define WR67 4
-#define SR67 9
-#define WR68 1
+#define WR67 4
+#define SR67 9
+#define WR68 1
#define SR68 12
-#define WR69 5
-#define SR69 5
-#define WR70 8
+#define WR69 5
+#define SR69 5
+#define WR70 8
#define SR70 14
-#define WR71 7
-#define SR71 6
-#define WR72 6
-#define SR72 8
-#define WR73 2
+#define WR71 7
+#define SR71 6
+#define WR72 6
+#define SR72 8
+#define WR73 2
#define SR73 13
#define WR74 13
-#define SR74 6
+#define SR74 6
#define WR75 14
-#define SR75 5
-#define WR76 0
+#define SR75 5
+#define WR76 0
#define SR76 15
-#define WR77 3
+#define WR77 3
#define SR77 13
-#define WR78 9
+#define WR78 9
#define SR78 11
#define WR79 11
#define SR79 11
diff --git a/decrepit/rsa/rsa_decrepit.c b/decrepit/rsa/rsa_decrepit.cc
similarity index 100%
rename from decrepit/rsa/rsa_decrepit.c
rename to decrepit/rsa/rsa_decrepit.cc
diff --git a/decrepit/ssl/ssl_decrepit.c b/decrepit/ssl/ssl_decrepit.cc
similarity index 100%
rename from decrepit/ssl/ssl_decrepit.c
rename to decrepit/ssl/ssl_decrepit.cc
diff --git a/decrepit/x509/x509_decrepit.c b/decrepit/x509/x509_decrepit.cc
similarity index 100%
rename from decrepit/x509/x509_decrepit.c
rename to decrepit/x509/x509_decrepit.cc
diff --git a/decrepit/xts/xts.c b/decrepit/xts/xts.cc
similarity index 84%
rename from decrepit/xts/xts.c
rename to decrepit/xts/xts.cc
index 47c7044..ce83829 100644
--- a/decrepit/xts/xts.c
+++ b/decrepit/xts/xts.cc
@@ -72,13 +72,17 @@
} tweak, scratch;
unsigned int i;
- if (len < 16) return 0;
+ if (len < 16) {
+ return 0;
+ }
OPENSSL_memcpy(tweak.c, iv, 16);
(*ctx->block2)(tweak.c, tweak.c, ctx->key2);
- if (!enc && (len % 16)) len -= 16;
+ if (!enc && (len % 16)) {
+ len -= 16;
+ }
while (len >= 16) {
OPENSSL_memcpy(scratch.c, inp, 16);
@@ -92,7 +96,9 @@
out += 16;
len -= 16;
- if (len == 0) return 1;
+ if (len == 0) {
+ return 1;
+ }
unsigned int carry, res;
@@ -158,7 +164,7 @@
static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
const uint8_t *iv, int enc) {
- EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
+ EVP_AES_XTS_CTX *xctx = reinterpret_cast<EVP_AES_XTS_CTX *>(ctx->cipher_data);
if (!iv && !key) {
return 1;
}
@@ -173,8 +179,8 @@
xctx->xts.block1 = AES_decrypt;
}
- AES_set_encrypt_key(key + ctx->key_len / 2,
- ctx->key_len * 4, &xctx->ks2.ks);
+ AES_set_encrypt_key(key + ctx->key_len / 2, ctx->key_len * 4,
+ &xctx->ks2.ks);
xctx->xts.block2 = AES_encrypt;
xctx->xts.key1 = &xctx->ks1.ks;
}
@@ -187,13 +193,10 @@
return 1;
}
-static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out,
- const uint8_t *in, size_t len) {
- EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
- if (!xctx->xts.key1 ||
- !xctx->xts.key2 ||
- !out ||
- !in ||
+static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
+ size_t len) {
+ EVP_AES_XTS_CTX *xctx = reinterpret_cast<EVP_AES_XTS_CTX *>(ctx->cipher_data);
+ if (!xctx->xts.key1 || !xctx->xts.key2 || !out || !in ||
len < AES_BLOCK_SIZE ||
!CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len, ctx->encrypt)) {
return 0;
@@ -202,10 +205,11 @@
}
static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) {
- EVP_AES_XTS_CTX *xctx = c->cipher_data;
+ EVP_AES_XTS_CTX *xctx = reinterpret_cast<EVP_AES_XTS_CTX *>(c->cipher_data);
if (type == EVP_CTRL_COPY) {
- EVP_CIPHER_CTX *out = ptr;
- EVP_AES_XTS_CTX *xctx_out = out->cipher_data;
+ EVP_CIPHER_CTX *out = reinterpret_cast<EVP_CIPHER_CTX *>(ptr);
+ EVP_AES_XTS_CTX *xctx_out =
+ reinterpret_cast<EVP_AES_XTS_CTX *>(out->cipher_data);
if (xctx->xts.key1) {
if (xctx->xts.key1 != &xctx->ks1.ks) {
return 0;
@@ -229,16 +233,18 @@
}
static const EVP_CIPHER aes_256_xts = {
- .nid = NID_aes_256_xts,
- .block_size = 1,
- .key_len = 64 /* 2 AES-256 keys */,
- .iv_len = 16,
- .ctx_size = sizeof(EVP_AES_XTS_CTX),
- .flags = EVP_CIPH_XTS_MODE | EVP_CIPH_CUSTOM_IV |
+ /* nid= */ NID_aes_256_xts,
+ /* block_size= */ 1,
+ /* key_len= */ 64 /* 2 AES-256 keys */,
+ /* iv_len= */ 16,
+ /* ctx_size= */ sizeof(EVP_AES_XTS_CTX),
+ /* flags= */ EVP_CIPH_XTS_MODE | EVP_CIPH_CUSTOM_IV |
EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT |
EVP_CIPH_CUSTOM_COPY,
- .init = aes_xts_init_key,
- .cipher = aes_xts_cipher,
- .ctrl = aes_xts_ctrl};
+ /* init= */ aes_xts_init_key,
+ /* cipher= */ aes_xts_cipher,
+ /* cleanup= */ nullptr,
+ /* ctrl= */ aes_xts_ctrl,
+};
const EVP_CIPHER *EVP_aes_256_xts(void) { return &aes_256_xts; }
diff --git a/gen/crypto/err_data.c b/gen/crypto/err_data.cc
similarity index 99%
rename from gen/crypto/err_data.c
rename to gen/crypto/err_data.cc
index ac2740a..796aa3d 100644
--- a/gen/crypto/err_data.c
+++ b/gen/crypto/err_data.cc
@@ -54,6 +54,7 @@
static_assert(ERR_LIB_USER == 33, "library value changed");
static_assert(ERR_NUM_LIBS == 34, "number of libraries changed");
+extern const uint32_t kOpenSSLReasonValues[];
const uint32_t kOpenSSLReasonValues[] = {
0xc320885,
0xc32889f,
@@ -813,8 +814,10 @@
0x8039325e,
};
+extern const size_t kOpenSSLReasonValuesLen;
const size_t kOpenSSLReasonValuesLen = sizeof(kOpenSSLReasonValues) / sizeof(kOpenSSLReasonValues[0]);
+extern const char kOpenSSLReasonStringData[];
const char kOpenSSLReasonStringData[] =
"ASN1_LENGTH_MISMATCH\0"
"AUX_ERROR\0"
diff --git a/gen/sources.bzl b/gen/sources.bzl
index ac4ef67..4024735 100644
--- a/gen/sources.bzl
+++ b/gen/sources.bzl
@@ -15,82 +15,82 @@
# Generated by go ./util/pregenerate. Do not edit manually.
bcm_sources = [
- "crypto/fipsmodule/bcm.c",
+ "crypto/fipsmodule/bcm.cc",
]
bcm_internal_headers = [
- "crypto/fipsmodule/aes/aes.c.inc",
- "crypto/fipsmodule/aes/aes_nohw.c.inc",
- "crypto/fipsmodule/aes/key_wrap.c.inc",
- "crypto/fipsmodule/aes/mode_wrappers.c.inc",
- "crypto/fipsmodule/bn/add.c.inc",
- "crypto/fipsmodule/bn/asm/x86_64-gcc.c.inc",
- "crypto/fipsmodule/bn/bn.c.inc",
- "crypto/fipsmodule/bn/bytes.c.inc",
- "crypto/fipsmodule/bn/cmp.c.inc",
- "crypto/fipsmodule/bn/ctx.c.inc",
- "crypto/fipsmodule/bn/div.c.inc",
- "crypto/fipsmodule/bn/div_extra.c.inc",
- "crypto/fipsmodule/bn/exponentiation.c.inc",
- "crypto/fipsmodule/bn/gcd.c.inc",
- "crypto/fipsmodule/bn/gcd_extra.c.inc",
- "crypto/fipsmodule/bn/generic.c.inc",
- "crypto/fipsmodule/bn/jacobi.c.inc",
- "crypto/fipsmodule/bn/montgomery.c.inc",
- "crypto/fipsmodule/bn/montgomery_inv.c.inc",
- "crypto/fipsmodule/bn/mul.c.inc",
- "crypto/fipsmodule/bn/prime.c.inc",
- "crypto/fipsmodule/bn/random.c.inc",
- "crypto/fipsmodule/bn/rsaz_exp.c.inc",
- "crypto/fipsmodule/bn/shift.c.inc",
- "crypto/fipsmodule/bn/sqrt.c.inc",
- "crypto/fipsmodule/cipher/aead.c.inc",
- "crypto/fipsmodule/cipher/cipher.c.inc",
- "crypto/fipsmodule/cipher/e_aes.c.inc",
- "crypto/fipsmodule/cipher/e_aesccm.c.inc",
- "crypto/fipsmodule/cmac/cmac.c.inc",
- "crypto/fipsmodule/dh/check.c.inc",
- "crypto/fipsmodule/dh/dh.c.inc",
- "crypto/fipsmodule/digest/digest.c.inc",
- "crypto/fipsmodule/digest/digests.c.inc",
- "crypto/fipsmodule/digestsign/digestsign.c.inc",
- "crypto/fipsmodule/ec/ec.c.inc",
- "crypto/fipsmodule/ec/ec_key.c.inc",
- "crypto/fipsmodule/ec/ec_montgomery.c.inc",
- "crypto/fipsmodule/ec/felem.c.inc",
- "crypto/fipsmodule/ec/oct.c.inc",
- "crypto/fipsmodule/ec/p224-64.c.inc",
- "crypto/fipsmodule/ec/p256-nistz.c.inc",
- "crypto/fipsmodule/ec/p256.c.inc",
- "crypto/fipsmodule/ec/scalar.c.inc",
- "crypto/fipsmodule/ec/simple.c.inc",
- "crypto/fipsmodule/ec/simple_mul.c.inc",
- "crypto/fipsmodule/ec/util.c.inc",
- "crypto/fipsmodule/ec/wnaf.c.inc",
- "crypto/fipsmodule/ecdh/ecdh.c.inc",
- "crypto/fipsmodule/ecdsa/ecdsa.c.inc",
- "crypto/fipsmodule/hkdf/hkdf.c.inc",
- "crypto/fipsmodule/hmac/hmac.c.inc",
- "crypto/fipsmodule/modes/cbc.c.inc",
- "crypto/fipsmodule/modes/cfb.c.inc",
- "crypto/fipsmodule/modes/ctr.c.inc",
- "crypto/fipsmodule/modes/gcm.c.inc",
- "crypto/fipsmodule/modes/gcm_nohw.c.inc",
- "crypto/fipsmodule/modes/ofb.c.inc",
- "crypto/fipsmodule/modes/polyval.c.inc",
- "crypto/fipsmodule/rand/ctrdrbg.c.inc",
- "crypto/fipsmodule/rand/rand.c.inc",
- "crypto/fipsmodule/rsa/blinding.c.inc",
- "crypto/fipsmodule/rsa/padding.c.inc",
- "crypto/fipsmodule/rsa/rsa.c.inc",
- "crypto/fipsmodule/rsa/rsa_impl.c.inc",
- "crypto/fipsmodule/self_check/fips.c.inc",
- "crypto/fipsmodule/self_check/self_check.c.inc",
- "crypto/fipsmodule/service_indicator/service_indicator.c.inc",
- "crypto/fipsmodule/sha/sha1.c.inc",
- "crypto/fipsmodule/sha/sha256.c.inc",
- "crypto/fipsmodule/sha/sha512.c.inc",
- "crypto/fipsmodule/tls/kdf.c.inc",
+ "crypto/fipsmodule/aes/aes.cc.inc",
+ "crypto/fipsmodule/aes/aes_nohw.cc.inc",
+ "crypto/fipsmodule/aes/key_wrap.cc.inc",
+ "crypto/fipsmodule/aes/mode_wrappers.cc.inc",
+ "crypto/fipsmodule/bn/add.cc.inc",
+ "crypto/fipsmodule/bn/asm/x86_64-gcc.cc.inc",
+ "crypto/fipsmodule/bn/bn.cc.inc",
+ "crypto/fipsmodule/bn/bytes.cc.inc",
+ "crypto/fipsmodule/bn/cmp.cc.inc",
+ "crypto/fipsmodule/bn/ctx.cc.inc",
+ "crypto/fipsmodule/bn/div.cc.inc",
+ "crypto/fipsmodule/bn/div_extra.cc.inc",
+ "crypto/fipsmodule/bn/exponentiation.cc.inc",
+ "crypto/fipsmodule/bn/gcd.cc.inc",
+ "crypto/fipsmodule/bn/gcd_extra.cc.inc",
+ "crypto/fipsmodule/bn/generic.cc.inc",
+ "crypto/fipsmodule/bn/jacobi.cc.inc",
+ "crypto/fipsmodule/bn/montgomery.cc.inc",
+ "crypto/fipsmodule/bn/montgomery_inv.cc.inc",
+ "crypto/fipsmodule/bn/mul.cc.inc",
+ "crypto/fipsmodule/bn/prime.cc.inc",
+ "crypto/fipsmodule/bn/random.cc.inc",
+ "crypto/fipsmodule/bn/rsaz_exp.cc.inc",
+ "crypto/fipsmodule/bn/shift.cc.inc",
+ "crypto/fipsmodule/bn/sqrt.cc.inc",
+ "crypto/fipsmodule/cipher/aead.cc.inc",
+ "crypto/fipsmodule/cipher/cipher.cc.inc",
+ "crypto/fipsmodule/cipher/e_aes.cc.inc",
+ "crypto/fipsmodule/cipher/e_aesccm.cc.inc",
+ "crypto/fipsmodule/cmac/cmac.cc.inc",
+ "crypto/fipsmodule/dh/check.cc.inc",
+ "crypto/fipsmodule/dh/dh.cc.inc",
+ "crypto/fipsmodule/digest/digest.cc.inc",
+ "crypto/fipsmodule/digest/digests.cc.inc",
+ "crypto/fipsmodule/digestsign/digestsign.cc.inc",
+ "crypto/fipsmodule/ec/ec.cc.inc",
+ "crypto/fipsmodule/ec/ec_key.cc.inc",
+ "crypto/fipsmodule/ec/ec_montgomery.cc.inc",
+ "crypto/fipsmodule/ec/felem.cc.inc",
+ "crypto/fipsmodule/ec/oct.cc.inc",
+ "crypto/fipsmodule/ec/p224-64.cc.inc",
+ "crypto/fipsmodule/ec/p256-nistz.cc.inc",
+ "crypto/fipsmodule/ec/p256.cc.inc",
+ "crypto/fipsmodule/ec/scalar.cc.inc",
+ "crypto/fipsmodule/ec/simple.cc.inc",
+ "crypto/fipsmodule/ec/simple_mul.cc.inc",
+ "crypto/fipsmodule/ec/util.cc.inc",
+ "crypto/fipsmodule/ec/wnaf.cc.inc",
+ "crypto/fipsmodule/ecdh/ecdh.cc.inc",
+ "crypto/fipsmodule/ecdsa/ecdsa.cc.inc",
+ "crypto/fipsmodule/hkdf/hkdf.cc.inc",
+ "crypto/fipsmodule/hmac/hmac.cc.inc",
+ "crypto/fipsmodule/modes/cbc.cc.inc",
+ "crypto/fipsmodule/modes/cfb.cc.inc",
+ "crypto/fipsmodule/modes/ctr.cc.inc",
+ "crypto/fipsmodule/modes/gcm.cc.inc",
+ "crypto/fipsmodule/modes/gcm_nohw.cc.inc",
+ "crypto/fipsmodule/modes/ofb.cc.inc",
+ "crypto/fipsmodule/modes/polyval.cc.inc",
+ "crypto/fipsmodule/rand/ctrdrbg.cc.inc",
+ "crypto/fipsmodule/rand/rand.cc.inc",
+ "crypto/fipsmodule/rsa/blinding.cc.inc",
+ "crypto/fipsmodule/rsa/padding.cc.inc",
+ "crypto/fipsmodule/rsa/rsa.cc.inc",
+ "crypto/fipsmodule/rsa/rsa_impl.cc.inc",
+ "crypto/fipsmodule/self_check/fips.cc.inc",
+ "crypto/fipsmodule/self_check/self_check.cc.inc",
+ "crypto/fipsmodule/service_indicator/service_indicator.cc.inc",
+ "crypto/fipsmodule/sha/sha1.cc.inc",
+ "crypto/fipsmodule/sha/sha256.cc.inc",
+ "crypto/fipsmodule/sha/sha512.cc.inc",
+ "crypto/fipsmodule/tls/kdf.cc.inc",
]
bcm_sources_asm = [
@@ -244,255 +244,255 @@
]
crypto_sources = [
- "crypto/asn1/a_bitstr.c",
- "crypto/asn1/a_bool.c",
- "crypto/asn1/a_d2i_fp.c",
- "crypto/asn1/a_dup.c",
- "crypto/asn1/a_gentm.c",
- "crypto/asn1/a_i2d_fp.c",
- "crypto/asn1/a_int.c",
- "crypto/asn1/a_mbstr.c",
- "crypto/asn1/a_object.c",
- "crypto/asn1/a_octet.c",
- "crypto/asn1/a_strex.c",
- "crypto/asn1/a_strnid.c",
- "crypto/asn1/a_time.c",
- "crypto/asn1/a_type.c",
- "crypto/asn1/a_utctm.c",
- "crypto/asn1/asn1_lib.c",
- "crypto/asn1/asn1_par.c",
- "crypto/asn1/asn_pack.c",
- "crypto/asn1/f_int.c",
- "crypto/asn1/f_string.c",
- "crypto/asn1/posix_time.c",
- "crypto/asn1/tasn_dec.c",
- "crypto/asn1/tasn_enc.c",
- "crypto/asn1/tasn_fre.c",
- "crypto/asn1/tasn_new.c",
- "crypto/asn1/tasn_typ.c",
- "crypto/asn1/tasn_utl.c",
- "crypto/base64/base64.c",
- "crypto/bio/bio.c",
- "crypto/bio/bio_mem.c",
- "crypto/bio/connect.c",
- "crypto/bio/errno.c",
- "crypto/bio/fd.c",
- "crypto/bio/file.c",
- "crypto/bio/hexdump.c",
- "crypto/bio/pair.c",
- "crypto/bio/printf.c",
- "crypto/bio/socket.c",
- "crypto/bio/socket_helper.c",
- "crypto/blake2/blake2.c",
- "crypto/bn_extra/bn_asn1.c",
- "crypto/bn_extra/convert.c",
- "crypto/buf/buf.c",
- "crypto/bytestring/asn1_compat.c",
- "crypto/bytestring/ber.c",
- "crypto/bytestring/cbb.c",
- "crypto/bytestring/cbs.c",
- "crypto/bytestring/unicode.c",
- "crypto/chacha/chacha.c",
- "crypto/cipher_extra/cipher_extra.c",
- "crypto/cipher_extra/derive_key.c",
- "crypto/cipher_extra/e_aesctrhmac.c",
- "crypto/cipher_extra/e_aesgcmsiv.c",
- "crypto/cipher_extra/e_chacha20poly1305.c",
- "crypto/cipher_extra/e_des.c",
- "crypto/cipher_extra/e_null.c",
- "crypto/cipher_extra/e_rc2.c",
- "crypto/cipher_extra/e_rc4.c",
- "crypto/cipher_extra/e_tls.c",
- "crypto/cipher_extra/tls_cbc.c",
- "crypto/conf/conf.c",
- "crypto/cpu_aarch64_apple.c",
- "crypto/cpu_aarch64_fuchsia.c",
- "crypto/cpu_aarch64_linux.c",
- "crypto/cpu_aarch64_openbsd.c",
- "crypto/cpu_aarch64_sysreg.c",
- "crypto/cpu_aarch64_win.c",
- "crypto/cpu_arm_freebsd.c",
- "crypto/cpu_arm_linux.c",
- "crypto/cpu_intel.c",
- "crypto/crypto.c",
- "crypto/curve25519/curve25519.c",
- "crypto/curve25519/curve25519_64_adx.c",
- "crypto/curve25519/spake25519.c",
- "crypto/des/des.c",
- "crypto/dh_extra/dh_asn1.c",
- "crypto/dh_extra/params.c",
- "crypto/digest_extra/digest_extra.c",
- "crypto/dilithium/dilithium.c",
- "crypto/dsa/dsa.c",
- "crypto/dsa/dsa_asn1.c",
- "crypto/ec_extra/ec_asn1.c",
- "crypto/ec_extra/ec_derive.c",
- "crypto/ec_extra/hash_to_curve.c",
- "crypto/ecdh_extra/ecdh_extra.c",
- "crypto/ecdsa_extra/ecdsa_asn1.c",
- "crypto/engine/engine.c",
- "crypto/err/err.c",
- "crypto/evp/evp.c",
- "crypto/evp/evp_asn1.c",
- "crypto/evp/evp_ctx.c",
- "crypto/evp/p_dh.c",
- "crypto/evp/p_dh_asn1.c",
- "crypto/evp/p_dsa_asn1.c",
- "crypto/evp/p_ec.c",
- "crypto/evp/p_ec_asn1.c",
- "crypto/evp/p_ed25519.c",
- "crypto/evp/p_ed25519_asn1.c",
- "crypto/evp/p_hkdf.c",
- "crypto/evp/p_rsa.c",
- "crypto/evp/p_rsa_asn1.c",
- "crypto/evp/p_x25519.c",
- "crypto/evp/p_x25519_asn1.c",
- "crypto/evp/pbkdf.c",
- "crypto/evp/print.c",
- "crypto/evp/scrypt.c",
- "crypto/evp/sign.c",
- "crypto/ex_data.c",
- "crypto/fipsmodule/fips_shared_support.c",
- "crypto/hpke/hpke.c",
- "crypto/hrss/hrss.c",
- "crypto/keccak/keccak.c",
- "crypto/kyber/kyber.c",
- "crypto/lhash/lhash.c",
- "crypto/md4/md4.c",
- "crypto/md5/md5.c",
- "crypto/mem.c",
+ "crypto/asn1/a_bitstr.cc",
+ "crypto/asn1/a_bool.cc",
+ "crypto/asn1/a_d2i_fp.cc",
+ "crypto/asn1/a_dup.cc",
+ "crypto/asn1/a_gentm.cc",
+ "crypto/asn1/a_i2d_fp.cc",
+ "crypto/asn1/a_int.cc",
+ "crypto/asn1/a_mbstr.cc",
+ "crypto/asn1/a_object.cc",
+ "crypto/asn1/a_octet.cc",
+ "crypto/asn1/a_strex.cc",
+ "crypto/asn1/a_strnid.cc",
+ "crypto/asn1/a_time.cc",
+ "crypto/asn1/a_type.cc",
+ "crypto/asn1/a_utctm.cc",
+ "crypto/asn1/asn1_lib.cc",
+ "crypto/asn1/asn1_par.cc",
+ "crypto/asn1/asn_pack.cc",
+ "crypto/asn1/f_int.cc",
+ "crypto/asn1/f_string.cc",
+ "crypto/asn1/posix_time.cc",
+ "crypto/asn1/tasn_dec.cc",
+ "crypto/asn1/tasn_enc.cc",
+ "crypto/asn1/tasn_fre.cc",
+ "crypto/asn1/tasn_new.cc",
+ "crypto/asn1/tasn_typ.cc",
+ "crypto/asn1/tasn_utl.cc",
+ "crypto/base64/base64.cc",
+ "crypto/bio/bio.cc",
+ "crypto/bio/bio_mem.cc",
+ "crypto/bio/connect.cc",
+ "crypto/bio/errno.cc",
+ "crypto/bio/fd.cc",
+ "crypto/bio/file.cc",
+ "crypto/bio/hexdump.cc",
+ "crypto/bio/pair.cc",
+ "crypto/bio/printf.cc",
+ "crypto/bio/socket.cc",
+ "crypto/bio/socket_helper.cc",
+ "crypto/blake2/blake2.cc",
+ "crypto/bn_extra/bn_asn1.cc",
+ "crypto/bn_extra/convert.cc",
+ "crypto/buf/buf.cc",
+ "crypto/bytestring/asn1_compat.cc",
+ "crypto/bytestring/ber.cc",
+ "crypto/bytestring/cbb.cc",
+ "crypto/bytestring/cbs.cc",
+ "crypto/bytestring/unicode.cc",
+ "crypto/chacha/chacha.cc",
+ "crypto/cipher_extra/cipher_extra.cc",
+ "crypto/cipher_extra/derive_key.cc",
+ "crypto/cipher_extra/e_aesctrhmac.cc",
+ "crypto/cipher_extra/e_aesgcmsiv.cc",
+ "crypto/cipher_extra/e_chacha20poly1305.cc",
+ "crypto/cipher_extra/e_des.cc",
+ "crypto/cipher_extra/e_null.cc",
+ "crypto/cipher_extra/e_rc2.cc",
+ "crypto/cipher_extra/e_rc4.cc",
+ "crypto/cipher_extra/e_tls.cc",
+ "crypto/cipher_extra/tls_cbc.cc",
+ "crypto/conf/conf.cc",
+ "crypto/cpu_aarch64_apple.cc",
+ "crypto/cpu_aarch64_fuchsia.cc",
+ "crypto/cpu_aarch64_linux.cc",
+ "crypto/cpu_aarch64_openbsd.cc",
+ "crypto/cpu_aarch64_sysreg.cc",
+ "crypto/cpu_aarch64_win.cc",
+ "crypto/cpu_arm_freebsd.cc",
+ "crypto/cpu_arm_linux.cc",
+ "crypto/cpu_intel.cc",
+ "crypto/crypto.cc",
+ "crypto/curve25519/curve25519.cc",
+ "crypto/curve25519/curve25519_64_adx.cc",
+ "crypto/curve25519/spake25519.cc",
+ "crypto/des/des.cc",
+ "crypto/dh_extra/dh_asn1.cc",
+ "crypto/dh_extra/params.cc",
+ "crypto/digest_extra/digest_extra.cc",
+ "crypto/dilithium/dilithium.cc",
+ "crypto/dsa/dsa.cc",
+ "crypto/dsa/dsa_asn1.cc",
+ "crypto/ec_extra/ec_asn1.cc",
+ "crypto/ec_extra/ec_derive.cc",
+ "crypto/ec_extra/hash_to_curve.cc",
+ "crypto/ecdh_extra/ecdh_extra.cc",
+ "crypto/ecdsa_extra/ecdsa_asn1.cc",
+ "crypto/engine/engine.cc",
+ "crypto/err/err.cc",
+ "crypto/evp/evp.cc",
+ "crypto/evp/evp_asn1.cc",
+ "crypto/evp/evp_ctx.cc",
+ "crypto/evp/p_dh.cc",
+ "crypto/evp/p_dh_asn1.cc",
+ "crypto/evp/p_dsa_asn1.cc",
+ "crypto/evp/p_ec.cc",
+ "crypto/evp/p_ec_asn1.cc",
+ "crypto/evp/p_ed25519.cc",
+ "crypto/evp/p_ed25519_asn1.cc",
+ "crypto/evp/p_hkdf.cc",
+ "crypto/evp/p_rsa.cc",
+ "crypto/evp/p_rsa_asn1.cc",
+ "crypto/evp/p_x25519.cc",
+ "crypto/evp/p_x25519_asn1.cc",
+ "crypto/evp/pbkdf.cc",
+ "crypto/evp/print.cc",
+ "crypto/evp/scrypt.cc",
+ "crypto/evp/sign.cc",
+ "crypto/ex_data.cc",
+ "crypto/fipsmodule/fips_shared_support.cc",
+ "crypto/hpke/hpke.cc",
+ "crypto/hrss/hrss.cc",
+ "crypto/keccak/keccak.cc",
+ "crypto/kyber/kyber.cc",
+ "crypto/lhash/lhash.cc",
+ "crypto/md4/md4.cc",
+ "crypto/md5/md5.cc",
+ "crypto/mem.cc",
"crypto/mldsa/mldsa.cc",
"crypto/mlkem/mlkem.cc",
- "crypto/obj/obj.c",
- "crypto/obj/obj_xref.c",
- "crypto/pem/pem_all.c",
- "crypto/pem/pem_info.c",
- "crypto/pem/pem_lib.c",
- "crypto/pem/pem_oth.c",
- "crypto/pem/pem_pk8.c",
- "crypto/pem/pem_pkey.c",
- "crypto/pem/pem_x509.c",
- "crypto/pem/pem_xaux.c",
- "crypto/pkcs7/pkcs7.c",
- "crypto/pkcs7/pkcs7_x509.c",
- "crypto/pkcs8/p5_pbev2.c",
- "crypto/pkcs8/pkcs8.c",
- "crypto/pkcs8/pkcs8_x509.c",
- "crypto/poly1305/poly1305.c",
- "crypto/poly1305/poly1305_arm.c",
- "crypto/poly1305/poly1305_vec.c",
- "crypto/pool/pool.c",
- "crypto/rand_extra/deterministic.c",
- "crypto/rand_extra/fork_detect.c",
- "crypto/rand_extra/forkunsafe.c",
- "crypto/rand_extra/getentropy.c",
- "crypto/rand_extra/ios.c",
- "crypto/rand_extra/passive.c",
- "crypto/rand_extra/rand_extra.c",
- "crypto/rand_extra/trusty.c",
- "crypto/rand_extra/urandom.c",
- "crypto/rand_extra/windows.c",
- "crypto/rc4/rc4.c",
- "crypto/refcount.c",
- "crypto/rsa_extra/rsa_asn1.c",
- "crypto/rsa_extra/rsa_crypt.c",
- "crypto/rsa_extra/rsa_extra.c",
- "crypto/rsa_extra/rsa_print.c",
- "crypto/sha/sha1.c",
- "crypto/sha/sha256.c",
- "crypto/sha/sha512.c",
- "crypto/siphash/siphash.c",
- "crypto/slhdsa/fors.c",
- "crypto/slhdsa/merkle.c",
- "crypto/slhdsa/slhdsa.c",
- "crypto/slhdsa/thash.c",
- "crypto/slhdsa/wots.c",
- "crypto/spx/spx.c",
- "crypto/spx/spx_address.c",
- "crypto/spx/spx_fors.c",
- "crypto/spx/spx_merkle.c",
- "crypto/spx/spx_thash.c",
- "crypto/spx/spx_util.c",
- "crypto/spx/spx_wots.c",
- "crypto/stack/stack.c",
- "crypto/thread.c",
- "crypto/thread_none.c",
- "crypto/thread_pthread.c",
- "crypto/thread_win.c",
- "crypto/trust_token/pmbtoken.c",
- "crypto/trust_token/trust_token.c",
- "crypto/trust_token/voprf.c",
- "crypto/x509/a_digest.c",
- "crypto/x509/a_sign.c",
- "crypto/x509/a_verify.c",
- "crypto/x509/algorithm.c",
- "crypto/x509/asn1_gen.c",
- "crypto/x509/by_dir.c",
- "crypto/x509/by_file.c",
- "crypto/x509/i2d_pr.c",
- "crypto/x509/name_print.c",
- "crypto/x509/policy.c",
- "crypto/x509/rsa_pss.c",
- "crypto/x509/t_crl.c",
- "crypto/x509/t_req.c",
- "crypto/x509/t_x509.c",
- "crypto/x509/t_x509a.c",
- "crypto/x509/v3_akey.c",
- "crypto/x509/v3_akeya.c",
- "crypto/x509/v3_alt.c",
- "crypto/x509/v3_bcons.c",
- "crypto/x509/v3_bitst.c",
- "crypto/x509/v3_conf.c",
- "crypto/x509/v3_cpols.c",
- "crypto/x509/v3_crld.c",
- "crypto/x509/v3_enum.c",
- "crypto/x509/v3_extku.c",
- "crypto/x509/v3_genn.c",
- "crypto/x509/v3_ia5.c",
- "crypto/x509/v3_info.c",
- "crypto/x509/v3_int.c",
- "crypto/x509/v3_lib.c",
- "crypto/x509/v3_ncons.c",
- "crypto/x509/v3_ocsp.c",
- "crypto/x509/v3_pcons.c",
- "crypto/x509/v3_pmaps.c",
- "crypto/x509/v3_prn.c",
- "crypto/x509/v3_purp.c",
- "crypto/x509/v3_skey.c",
- "crypto/x509/v3_utl.c",
- "crypto/x509/x509.c",
- "crypto/x509/x509_att.c",
- "crypto/x509/x509_cmp.c",
- "crypto/x509/x509_d2.c",
- "crypto/x509/x509_def.c",
- "crypto/x509/x509_ext.c",
- "crypto/x509/x509_lu.c",
- "crypto/x509/x509_obj.c",
- "crypto/x509/x509_req.c",
- "crypto/x509/x509_set.c",
- "crypto/x509/x509_trs.c",
- "crypto/x509/x509_txt.c",
- "crypto/x509/x509_v3.c",
- "crypto/x509/x509_vfy.c",
- "crypto/x509/x509_vpm.c",
- "crypto/x509/x509cset.c",
- "crypto/x509/x509name.c",
- "crypto/x509/x509rset.c",
- "crypto/x509/x509spki.c",
- "crypto/x509/x_algor.c",
- "crypto/x509/x_all.c",
- "crypto/x509/x_attrib.c",
- "crypto/x509/x_crl.c",
- "crypto/x509/x_exten.c",
- "crypto/x509/x_name.c",
- "crypto/x509/x_pubkey.c",
- "crypto/x509/x_req.c",
- "crypto/x509/x_sig.c",
- "crypto/x509/x_spki.c",
- "crypto/x509/x_val.c",
- "crypto/x509/x_x509.c",
- "crypto/x509/x_x509a.c",
- "gen/crypto/err_data.c",
+ "crypto/obj/obj.cc",
+ "crypto/obj/obj_xref.cc",
+ "crypto/pem/pem_all.cc",
+ "crypto/pem/pem_info.cc",
+ "crypto/pem/pem_lib.cc",
+ "crypto/pem/pem_oth.cc",
+ "crypto/pem/pem_pk8.cc",
+ "crypto/pem/pem_pkey.cc",
+ "crypto/pem/pem_x509.cc",
+ "crypto/pem/pem_xaux.cc",
+ "crypto/pkcs7/pkcs7.cc",
+ "crypto/pkcs7/pkcs7_x509.cc",
+ "crypto/pkcs8/p5_pbev2.cc",
+ "crypto/pkcs8/pkcs8.cc",
+ "crypto/pkcs8/pkcs8_x509.cc",
+ "crypto/poly1305/poly1305.cc",
+ "crypto/poly1305/poly1305_arm.cc",
+ "crypto/poly1305/poly1305_vec.cc",
+ "crypto/pool/pool.cc",
+ "crypto/rand_extra/deterministic.cc",
+ "crypto/rand_extra/fork_detect.cc",
+ "crypto/rand_extra/forkunsafe.cc",
+ "crypto/rand_extra/getentropy.cc",
+ "crypto/rand_extra/ios.cc",
+ "crypto/rand_extra/passive.cc",
+ "crypto/rand_extra/rand_extra.cc",
+ "crypto/rand_extra/trusty.cc",
+ "crypto/rand_extra/urandom.cc",
+ "crypto/rand_extra/windows.cc",
+ "crypto/rc4/rc4.cc",
+ "crypto/refcount.cc",
+ "crypto/rsa_extra/rsa_asn1.cc",
+ "crypto/rsa_extra/rsa_crypt.cc",
+ "crypto/rsa_extra/rsa_extra.cc",
+ "crypto/rsa_extra/rsa_print.cc",
+ "crypto/sha/sha1.cc",
+ "crypto/sha/sha256.cc",
+ "crypto/sha/sha512.cc",
+ "crypto/siphash/siphash.cc",
+ "crypto/slhdsa/fors.cc",
+ "crypto/slhdsa/merkle.cc",
+ "crypto/slhdsa/slhdsa.cc",
+ "crypto/slhdsa/thash.cc",
+ "crypto/slhdsa/wots.cc",
+ "crypto/spx/spx.cc",
+ "crypto/spx/spx_address.cc",
+ "crypto/spx/spx_fors.cc",
+ "crypto/spx/spx_merkle.cc",
+ "crypto/spx/spx_thash.cc",
+ "crypto/spx/spx_util.cc",
+ "crypto/spx/spx_wots.cc",
+ "crypto/stack/stack.cc",
+ "crypto/thread.cc",
+ "crypto/thread_none.cc",
+ "crypto/thread_pthread.cc",
+ "crypto/thread_win.cc",
+ "crypto/trust_token/pmbtoken.cc",
+ "crypto/trust_token/trust_token.cc",
+ "crypto/trust_token/voprf.cc",
+ "crypto/x509/a_digest.cc",
+ "crypto/x509/a_sign.cc",
+ "crypto/x509/a_verify.cc",
+ "crypto/x509/algorithm.cc",
+ "crypto/x509/asn1_gen.cc",
+ "crypto/x509/by_dir.cc",
+ "crypto/x509/by_file.cc",
+ "crypto/x509/i2d_pr.cc",
+ "crypto/x509/name_print.cc",
+ "crypto/x509/policy.cc",
+ "crypto/x509/rsa_pss.cc",
+ "crypto/x509/t_crl.cc",
+ "crypto/x509/t_req.cc",
+ "crypto/x509/t_x509.cc",
+ "crypto/x509/t_x509a.cc",
+ "crypto/x509/v3_akey.cc",
+ "crypto/x509/v3_akeya.cc",
+ "crypto/x509/v3_alt.cc",
+ "crypto/x509/v3_bcons.cc",
+ "crypto/x509/v3_bitst.cc",
+ "crypto/x509/v3_conf.cc",
+ "crypto/x509/v3_cpols.cc",
+ "crypto/x509/v3_crld.cc",
+ "crypto/x509/v3_enum.cc",
+ "crypto/x509/v3_extku.cc",
+ "crypto/x509/v3_genn.cc",
+ "crypto/x509/v3_ia5.cc",
+ "crypto/x509/v3_info.cc",
+ "crypto/x509/v3_int.cc",
+ "crypto/x509/v3_lib.cc",
+ "crypto/x509/v3_ncons.cc",
+ "crypto/x509/v3_ocsp.cc",
+ "crypto/x509/v3_pcons.cc",
+ "crypto/x509/v3_pmaps.cc",
+ "crypto/x509/v3_prn.cc",
+ "crypto/x509/v3_purp.cc",
+ "crypto/x509/v3_skey.cc",
+ "crypto/x509/v3_utl.cc",
+ "crypto/x509/x509.cc",
+ "crypto/x509/x509_att.cc",
+ "crypto/x509/x509_cmp.cc",
+ "crypto/x509/x509_d2.cc",
+ "crypto/x509/x509_def.cc",
+ "crypto/x509/x509_ext.cc",
+ "crypto/x509/x509_lu.cc",
+ "crypto/x509/x509_obj.cc",
+ "crypto/x509/x509_req.cc",
+ "crypto/x509/x509_set.cc",
+ "crypto/x509/x509_trs.cc",
+ "crypto/x509/x509_txt.cc",
+ "crypto/x509/x509_v3.cc",
+ "crypto/x509/x509_vfy.cc",
+ "crypto/x509/x509_vpm.cc",
+ "crypto/x509/x509cset.cc",
+ "crypto/x509/x509name.cc",
+ "crypto/x509/x509rset.cc",
+ "crypto/x509/x509spki.cc",
+ "crypto/x509/x_algor.cc",
+ "crypto/x509/x_all.cc",
+ "crypto/x509/x_attrib.cc",
+ "crypto/x509/x_crl.cc",
+ "crypto/x509/x_exten.cc",
+ "crypto/x509/x_name.cc",
+ "crypto/x509/x_pubkey.cc",
+ "crypto/x509/x_req.cc",
+ "crypto/x509/x_sig.cc",
+ "crypto/x509/x_spki.cc",
+ "crypto/x509/x_val.cc",
+ "crypto/x509/x_x509.cc",
+ "crypto/x509/x_x509a.cc",
+ "gen/crypto/err_data.cc",
]
crypto_headers = [
@@ -1042,23 +1042,23 @@
]
decrepit_sources = [
- "decrepit/bio/base64_bio.c",
- "decrepit/blowfish/blowfish.c",
- "decrepit/cast/cast.c",
- "decrepit/cast/cast_tables.c",
- "decrepit/cfb/cfb.c",
- "decrepit/des/cfb64ede.c",
- "decrepit/dh/dh_decrepit.c",
- "decrepit/dsa/dsa_decrepit.c",
- "decrepit/evp/dss1.c",
- "decrepit/evp/evp_do_all.c",
- "decrepit/obj/obj_decrepit.c",
- "decrepit/rc4/rc4_decrepit.c",
- "decrepit/ripemd/ripemd.c",
- "decrepit/rsa/rsa_decrepit.c",
- "decrepit/ssl/ssl_decrepit.c",
- "decrepit/x509/x509_decrepit.c",
- "decrepit/xts/xts.c",
+ "decrepit/bio/base64_bio.cc",
+ "decrepit/blowfish/blowfish.cc",
+ "decrepit/cast/cast.cc",
+ "decrepit/cast/cast_tables.cc",
+ "decrepit/cfb/cfb.cc",
+ "decrepit/des/cfb64ede.cc",
+ "decrepit/dh/dh_decrepit.cc",
+ "decrepit/dsa/dsa_decrepit.cc",
+ "decrepit/evp/dss1.cc",
+ "decrepit/evp/evp_do_all.cc",
+ "decrepit/obj/obj_decrepit.cc",
+ "decrepit/rc4/rc4_decrepit.cc",
+ "decrepit/ripemd/ripemd.cc",
+ "decrepit/rsa/rsa_decrepit.cc",
+ "decrepit/ssl/ssl_decrepit.cc",
+ "decrepit/x509/x509_decrepit.cc",
+ "decrepit/xts/xts.cc",
]
decrepit_internal_headers = [
diff --git a/gen/sources.cmake b/gen/sources.cmake
index 8c157e3..ea33e32 100644
--- a/gen/sources.cmake
+++ b/gen/sources.cmake
@@ -17,84 +17,84 @@
set(
BCM_SOURCES
- crypto/fipsmodule/bcm.c
+ crypto/fipsmodule/bcm.cc
)
set(
BCM_INTERNAL_HEADERS
- crypto/fipsmodule/aes/aes.c.inc
- crypto/fipsmodule/aes/aes_nohw.c.inc
- crypto/fipsmodule/aes/key_wrap.c.inc
- crypto/fipsmodule/aes/mode_wrappers.c.inc
- crypto/fipsmodule/bn/add.c.inc
- crypto/fipsmodule/bn/asm/x86_64-gcc.c.inc
- crypto/fipsmodule/bn/bn.c.inc
- crypto/fipsmodule/bn/bytes.c.inc
- crypto/fipsmodule/bn/cmp.c.inc
- crypto/fipsmodule/bn/ctx.c.inc
- crypto/fipsmodule/bn/div.c.inc
- crypto/fipsmodule/bn/div_extra.c.inc
- crypto/fipsmodule/bn/exponentiation.c.inc
- crypto/fipsmodule/bn/gcd.c.inc
- crypto/fipsmodule/bn/gcd_extra.c.inc
- crypto/fipsmodule/bn/generic.c.inc
- crypto/fipsmodule/bn/jacobi.c.inc
- crypto/fipsmodule/bn/montgomery.c.inc
- crypto/fipsmodule/bn/montgomery_inv.c.inc
- crypto/fipsmodule/bn/mul.c.inc
- crypto/fipsmodule/bn/prime.c.inc
- crypto/fipsmodule/bn/random.c.inc
- crypto/fipsmodule/bn/rsaz_exp.c.inc
- crypto/fipsmodule/bn/shift.c.inc
- crypto/fipsmodule/bn/sqrt.c.inc
- crypto/fipsmodule/cipher/aead.c.inc
- crypto/fipsmodule/cipher/cipher.c.inc
- crypto/fipsmodule/cipher/e_aes.c.inc
- crypto/fipsmodule/cipher/e_aesccm.c.inc
- crypto/fipsmodule/cmac/cmac.c.inc
- crypto/fipsmodule/dh/check.c.inc
- crypto/fipsmodule/dh/dh.c.inc
- crypto/fipsmodule/digest/digest.c.inc
- crypto/fipsmodule/digest/digests.c.inc
- crypto/fipsmodule/digestsign/digestsign.c.inc
- crypto/fipsmodule/ec/ec.c.inc
- crypto/fipsmodule/ec/ec_key.c.inc
- crypto/fipsmodule/ec/ec_montgomery.c.inc
- crypto/fipsmodule/ec/felem.c.inc
- crypto/fipsmodule/ec/oct.c.inc
- crypto/fipsmodule/ec/p224-64.c.inc
- crypto/fipsmodule/ec/p256-nistz.c.inc
- crypto/fipsmodule/ec/p256.c.inc
- crypto/fipsmodule/ec/scalar.c.inc
- crypto/fipsmodule/ec/simple.c.inc
- crypto/fipsmodule/ec/simple_mul.c.inc
- crypto/fipsmodule/ec/util.c.inc
- crypto/fipsmodule/ec/wnaf.c.inc
- crypto/fipsmodule/ecdh/ecdh.c.inc
- crypto/fipsmodule/ecdsa/ecdsa.c.inc
- crypto/fipsmodule/hkdf/hkdf.c.inc
- crypto/fipsmodule/hmac/hmac.c.inc
- crypto/fipsmodule/modes/cbc.c.inc
- crypto/fipsmodule/modes/cfb.c.inc
- crypto/fipsmodule/modes/ctr.c.inc
- crypto/fipsmodule/modes/gcm.c.inc
- crypto/fipsmodule/modes/gcm_nohw.c.inc
- crypto/fipsmodule/modes/ofb.c.inc
- crypto/fipsmodule/modes/polyval.c.inc
- crypto/fipsmodule/rand/ctrdrbg.c.inc
- crypto/fipsmodule/rand/rand.c.inc
- crypto/fipsmodule/rsa/blinding.c.inc
- crypto/fipsmodule/rsa/padding.c.inc
- crypto/fipsmodule/rsa/rsa.c.inc
- crypto/fipsmodule/rsa/rsa_impl.c.inc
- crypto/fipsmodule/self_check/fips.c.inc
- crypto/fipsmodule/self_check/self_check.c.inc
- crypto/fipsmodule/service_indicator/service_indicator.c.inc
- crypto/fipsmodule/sha/sha1.c.inc
- crypto/fipsmodule/sha/sha256.c.inc
- crypto/fipsmodule/sha/sha512.c.inc
- crypto/fipsmodule/tls/kdf.c.inc
+ crypto/fipsmodule/aes/aes.cc.inc
+ crypto/fipsmodule/aes/aes_nohw.cc.inc
+ crypto/fipsmodule/aes/key_wrap.cc.inc
+ crypto/fipsmodule/aes/mode_wrappers.cc.inc
+ crypto/fipsmodule/bn/add.cc.inc
+ crypto/fipsmodule/bn/asm/x86_64-gcc.cc.inc
+ crypto/fipsmodule/bn/bn.cc.inc
+ crypto/fipsmodule/bn/bytes.cc.inc
+ crypto/fipsmodule/bn/cmp.cc.inc
+ crypto/fipsmodule/bn/ctx.cc.inc
+ crypto/fipsmodule/bn/div.cc.inc
+ crypto/fipsmodule/bn/div_extra.cc.inc
+ crypto/fipsmodule/bn/exponentiation.cc.inc
+ crypto/fipsmodule/bn/gcd.cc.inc
+ crypto/fipsmodule/bn/gcd_extra.cc.inc
+ crypto/fipsmodule/bn/generic.cc.inc
+ crypto/fipsmodule/bn/jacobi.cc.inc
+ crypto/fipsmodule/bn/montgomery.cc.inc
+ crypto/fipsmodule/bn/montgomery_inv.cc.inc
+ crypto/fipsmodule/bn/mul.cc.inc
+ crypto/fipsmodule/bn/prime.cc.inc
+ crypto/fipsmodule/bn/random.cc.inc
+ crypto/fipsmodule/bn/rsaz_exp.cc.inc
+ crypto/fipsmodule/bn/shift.cc.inc
+ crypto/fipsmodule/bn/sqrt.cc.inc
+ crypto/fipsmodule/cipher/aead.cc.inc
+ crypto/fipsmodule/cipher/cipher.cc.inc
+ crypto/fipsmodule/cipher/e_aes.cc.inc
+ crypto/fipsmodule/cipher/e_aesccm.cc.inc
+ crypto/fipsmodule/cmac/cmac.cc.inc
+ crypto/fipsmodule/dh/check.cc.inc
+ crypto/fipsmodule/dh/dh.cc.inc
+ crypto/fipsmodule/digest/digest.cc.inc
+ crypto/fipsmodule/digest/digests.cc.inc
+ crypto/fipsmodule/digestsign/digestsign.cc.inc
+ crypto/fipsmodule/ec/ec.cc.inc
+ crypto/fipsmodule/ec/ec_key.cc.inc
+ crypto/fipsmodule/ec/ec_montgomery.cc.inc
+ crypto/fipsmodule/ec/felem.cc.inc
+ crypto/fipsmodule/ec/oct.cc.inc
+ crypto/fipsmodule/ec/p224-64.cc.inc
+ crypto/fipsmodule/ec/p256-nistz.cc.inc
+ crypto/fipsmodule/ec/p256.cc.inc
+ crypto/fipsmodule/ec/scalar.cc.inc
+ crypto/fipsmodule/ec/simple.cc.inc
+ crypto/fipsmodule/ec/simple_mul.cc.inc
+ crypto/fipsmodule/ec/util.cc.inc
+ crypto/fipsmodule/ec/wnaf.cc.inc
+ crypto/fipsmodule/ecdh/ecdh.cc.inc
+ crypto/fipsmodule/ecdsa/ecdsa.cc.inc
+ crypto/fipsmodule/hkdf/hkdf.cc.inc
+ crypto/fipsmodule/hmac/hmac.cc.inc
+ crypto/fipsmodule/modes/cbc.cc.inc
+ crypto/fipsmodule/modes/cfb.cc.inc
+ crypto/fipsmodule/modes/ctr.cc.inc
+ crypto/fipsmodule/modes/gcm.cc.inc
+ crypto/fipsmodule/modes/gcm_nohw.cc.inc
+ crypto/fipsmodule/modes/ofb.cc.inc
+ crypto/fipsmodule/modes/polyval.cc.inc
+ crypto/fipsmodule/rand/ctrdrbg.cc.inc
+ crypto/fipsmodule/rand/rand.cc.inc
+ crypto/fipsmodule/rsa/blinding.cc.inc
+ crypto/fipsmodule/rsa/padding.cc.inc
+ crypto/fipsmodule/rsa/rsa.cc.inc
+ crypto/fipsmodule/rsa/rsa_impl.cc.inc
+ crypto/fipsmodule/self_check/fips.cc.inc
+ crypto/fipsmodule/self_check/self_check.cc.inc
+ crypto/fipsmodule/service_indicator/service_indicator.cc.inc
+ crypto/fipsmodule/sha/sha1.cc.inc
+ crypto/fipsmodule/sha/sha256.cc.inc
+ crypto/fipsmodule/sha/sha512.cc.inc
+ crypto/fipsmodule/tls/kdf.cc.inc
)
set(
@@ -258,255 +258,255 @@
set(
CRYPTO_SOURCES
- crypto/asn1/a_bitstr.c
- crypto/asn1/a_bool.c
- crypto/asn1/a_d2i_fp.c
- crypto/asn1/a_dup.c
- crypto/asn1/a_gentm.c
- crypto/asn1/a_i2d_fp.c
- crypto/asn1/a_int.c
- crypto/asn1/a_mbstr.c
- crypto/asn1/a_object.c
- crypto/asn1/a_octet.c
- crypto/asn1/a_strex.c
- crypto/asn1/a_strnid.c
- crypto/asn1/a_time.c
- crypto/asn1/a_type.c
- crypto/asn1/a_utctm.c
- crypto/asn1/asn1_lib.c
- crypto/asn1/asn1_par.c
- crypto/asn1/asn_pack.c
- crypto/asn1/f_int.c
- crypto/asn1/f_string.c
- crypto/asn1/posix_time.c
- crypto/asn1/tasn_dec.c
- crypto/asn1/tasn_enc.c
- crypto/asn1/tasn_fre.c
- crypto/asn1/tasn_new.c
- crypto/asn1/tasn_typ.c
- crypto/asn1/tasn_utl.c
- crypto/base64/base64.c
- crypto/bio/bio.c
- crypto/bio/bio_mem.c
- crypto/bio/connect.c
- crypto/bio/errno.c
- crypto/bio/fd.c
- crypto/bio/file.c
- crypto/bio/hexdump.c
- crypto/bio/pair.c
- crypto/bio/printf.c
- crypto/bio/socket.c
- crypto/bio/socket_helper.c
- crypto/blake2/blake2.c
- crypto/bn_extra/bn_asn1.c
- crypto/bn_extra/convert.c
- crypto/buf/buf.c
- crypto/bytestring/asn1_compat.c
- crypto/bytestring/ber.c
- crypto/bytestring/cbb.c
- crypto/bytestring/cbs.c
- crypto/bytestring/unicode.c
- crypto/chacha/chacha.c
- crypto/cipher_extra/cipher_extra.c
- crypto/cipher_extra/derive_key.c
- crypto/cipher_extra/e_aesctrhmac.c
- crypto/cipher_extra/e_aesgcmsiv.c
- crypto/cipher_extra/e_chacha20poly1305.c
- crypto/cipher_extra/e_des.c
- crypto/cipher_extra/e_null.c
- crypto/cipher_extra/e_rc2.c
- crypto/cipher_extra/e_rc4.c
- crypto/cipher_extra/e_tls.c
- crypto/cipher_extra/tls_cbc.c
- crypto/conf/conf.c
- crypto/cpu_aarch64_apple.c
- crypto/cpu_aarch64_fuchsia.c
- crypto/cpu_aarch64_linux.c
- crypto/cpu_aarch64_openbsd.c
- crypto/cpu_aarch64_sysreg.c
- crypto/cpu_aarch64_win.c
- crypto/cpu_arm_freebsd.c
- crypto/cpu_arm_linux.c
- crypto/cpu_intel.c
- crypto/crypto.c
- crypto/curve25519/curve25519.c
- crypto/curve25519/curve25519_64_adx.c
- crypto/curve25519/spake25519.c
- crypto/des/des.c
- crypto/dh_extra/dh_asn1.c
- crypto/dh_extra/params.c
- crypto/digest_extra/digest_extra.c
- crypto/dilithium/dilithium.c
- crypto/dsa/dsa.c
- crypto/dsa/dsa_asn1.c
- crypto/ec_extra/ec_asn1.c
- crypto/ec_extra/ec_derive.c
- crypto/ec_extra/hash_to_curve.c
- crypto/ecdh_extra/ecdh_extra.c
- crypto/ecdsa_extra/ecdsa_asn1.c
- crypto/engine/engine.c
- crypto/err/err.c
- crypto/evp/evp.c
- crypto/evp/evp_asn1.c
- crypto/evp/evp_ctx.c
- crypto/evp/p_dh.c
- crypto/evp/p_dh_asn1.c
- crypto/evp/p_dsa_asn1.c
- crypto/evp/p_ec.c
- crypto/evp/p_ec_asn1.c
- crypto/evp/p_ed25519.c
- crypto/evp/p_ed25519_asn1.c
- crypto/evp/p_hkdf.c
- crypto/evp/p_rsa.c
- crypto/evp/p_rsa_asn1.c
- crypto/evp/p_x25519.c
- crypto/evp/p_x25519_asn1.c
- crypto/evp/pbkdf.c
- crypto/evp/print.c
- crypto/evp/scrypt.c
- crypto/evp/sign.c
- crypto/ex_data.c
- crypto/fipsmodule/fips_shared_support.c
- crypto/hpke/hpke.c
- crypto/hrss/hrss.c
- crypto/keccak/keccak.c
- crypto/kyber/kyber.c
- crypto/lhash/lhash.c
- crypto/md4/md4.c
- crypto/md5/md5.c
- crypto/mem.c
+ crypto/asn1/a_bitstr.cc
+ crypto/asn1/a_bool.cc
+ crypto/asn1/a_d2i_fp.cc
+ crypto/asn1/a_dup.cc
+ crypto/asn1/a_gentm.cc
+ crypto/asn1/a_i2d_fp.cc
+ crypto/asn1/a_int.cc
+ crypto/asn1/a_mbstr.cc
+ crypto/asn1/a_object.cc
+ crypto/asn1/a_octet.cc
+ crypto/asn1/a_strex.cc
+ crypto/asn1/a_strnid.cc
+ crypto/asn1/a_time.cc
+ crypto/asn1/a_type.cc
+ crypto/asn1/a_utctm.cc
+ crypto/asn1/asn1_lib.cc
+ crypto/asn1/asn1_par.cc
+ crypto/asn1/asn_pack.cc
+ crypto/asn1/f_int.cc
+ crypto/asn1/f_string.cc
+ crypto/asn1/posix_time.cc
+ crypto/asn1/tasn_dec.cc
+ crypto/asn1/tasn_enc.cc
+ crypto/asn1/tasn_fre.cc
+ crypto/asn1/tasn_new.cc
+ crypto/asn1/tasn_typ.cc
+ crypto/asn1/tasn_utl.cc
+ crypto/base64/base64.cc
+ crypto/bio/bio.cc
+ crypto/bio/bio_mem.cc
+ crypto/bio/connect.cc
+ crypto/bio/errno.cc
+ crypto/bio/fd.cc
+ crypto/bio/file.cc
+ crypto/bio/hexdump.cc
+ crypto/bio/pair.cc
+ crypto/bio/printf.cc
+ crypto/bio/socket.cc
+ crypto/bio/socket_helper.cc
+ crypto/blake2/blake2.cc
+ crypto/bn_extra/bn_asn1.cc
+ crypto/bn_extra/convert.cc
+ crypto/buf/buf.cc
+ crypto/bytestring/asn1_compat.cc
+ crypto/bytestring/ber.cc
+ crypto/bytestring/cbb.cc
+ crypto/bytestring/cbs.cc
+ crypto/bytestring/unicode.cc
+ crypto/chacha/chacha.cc
+ crypto/cipher_extra/cipher_extra.cc
+ crypto/cipher_extra/derive_key.cc
+ crypto/cipher_extra/e_aesctrhmac.cc
+ crypto/cipher_extra/e_aesgcmsiv.cc
+ crypto/cipher_extra/e_chacha20poly1305.cc
+ crypto/cipher_extra/e_des.cc
+ crypto/cipher_extra/e_null.cc
+ crypto/cipher_extra/e_rc2.cc
+ crypto/cipher_extra/e_rc4.cc
+ crypto/cipher_extra/e_tls.cc
+ crypto/cipher_extra/tls_cbc.cc
+ crypto/conf/conf.cc
+ crypto/cpu_aarch64_apple.cc
+ crypto/cpu_aarch64_fuchsia.cc
+ crypto/cpu_aarch64_linux.cc
+ crypto/cpu_aarch64_openbsd.cc
+ crypto/cpu_aarch64_sysreg.cc
+ crypto/cpu_aarch64_win.cc
+ crypto/cpu_arm_freebsd.cc
+ crypto/cpu_arm_linux.cc
+ crypto/cpu_intel.cc
+ crypto/crypto.cc
+ crypto/curve25519/curve25519.cc
+ crypto/curve25519/curve25519_64_adx.cc
+ crypto/curve25519/spake25519.cc
+ crypto/des/des.cc
+ crypto/dh_extra/dh_asn1.cc
+ crypto/dh_extra/params.cc
+ crypto/digest_extra/digest_extra.cc
+ crypto/dilithium/dilithium.cc
+ crypto/dsa/dsa.cc
+ crypto/dsa/dsa_asn1.cc
+ crypto/ec_extra/ec_asn1.cc
+ crypto/ec_extra/ec_derive.cc
+ crypto/ec_extra/hash_to_curve.cc
+ crypto/ecdh_extra/ecdh_extra.cc
+ crypto/ecdsa_extra/ecdsa_asn1.cc
+ crypto/engine/engine.cc
+ crypto/err/err.cc
+ crypto/evp/evp.cc
+ crypto/evp/evp_asn1.cc
+ crypto/evp/evp_ctx.cc
+ crypto/evp/p_dh.cc
+ crypto/evp/p_dh_asn1.cc
+ crypto/evp/p_dsa_asn1.cc
+ crypto/evp/p_ec.cc
+ crypto/evp/p_ec_asn1.cc
+ crypto/evp/p_ed25519.cc
+ crypto/evp/p_ed25519_asn1.cc
+ crypto/evp/p_hkdf.cc
+ crypto/evp/p_rsa.cc
+ crypto/evp/p_rsa_asn1.cc
+ crypto/evp/p_x25519.cc
+ crypto/evp/p_x25519_asn1.cc
+ crypto/evp/pbkdf.cc
+ crypto/evp/print.cc
+ crypto/evp/scrypt.cc
+ crypto/evp/sign.cc
+ crypto/ex_data.cc
+ crypto/fipsmodule/fips_shared_support.cc
+ crypto/hpke/hpke.cc
+ crypto/hrss/hrss.cc
+ crypto/keccak/keccak.cc
+ crypto/kyber/kyber.cc
+ crypto/lhash/lhash.cc
+ crypto/md4/md4.cc
+ crypto/md5/md5.cc
+ crypto/mem.cc
crypto/mldsa/mldsa.cc
crypto/mlkem/mlkem.cc
- crypto/obj/obj.c
- crypto/obj/obj_xref.c
- crypto/pem/pem_all.c
- crypto/pem/pem_info.c
- crypto/pem/pem_lib.c
- crypto/pem/pem_oth.c
- crypto/pem/pem_pk8.c
- crypto/pem/pem_pkey.c
- crypto/pem/pem_x509.c
- crypto/pem/pem_xaux.c
- crypto/pkcs7/pkcs7.c
- crypto/pkcs7/pkcs7_x509.c
- crypto/pkcs8/p5_pbev2.c
- crypto/pkcs8/pkcs8.c
- crypto/pkcs8/pkcs8_x509.c
- crypto/poly1305/poly1305.c
- crypto/poly1305/poly1305_arm.c
- crypto/poly1305/poly1305_vec.c
- crypto/pool/pool.c
- crypto/rand_extra/deterministic.c
- crypto/rand_extra/fork_detect.c
- crypto/rand_extra/forkunsafe.c
- crypto/rand_extra/getentropy.c
- crypto/rand_extra/ios.c
- crypto/rand_extra/passive.c
- crypto/rand_extra/rand_extra.c
- crypto/rand_extra/trusty.c
- crypto/rand_extra/urandom.c
- crypto/rand_extra/windows.c
- crypto/rc4/rc4.c
- crypto/refcount.c
- crypto/rsa_extra/rsa_asn1.c
- crypto/rsa_extra/rsa_crypt.c
- crypto/rsa_extra/rsa_extra.c
- crypto/rsa_extra/rsa_print.c
- crypto/sha/sha1.c
- crypto/sha/sha256.c
- crypto/sha/sha512.c
- crypto/siphash/siphash.c
- crypto/slhdsa/fors.c
- crypto/slhdsa/merkle.c
- crypto/slhdsa/slhdsa.c
- crypto/slhdsa/thash.c
- crypto/slhdsa/wots.c
- crypto/spx/spx.c
- crypto/spx/spx_address.c
- crypto/spx/spx_fors.c
- crypto/spx/spx_merkle.c
- crypto/spx/spx_thash.c
- crypto/spx/spx_util.c
- crypto/spx/spx_wots.c
- crypto/stack/stack.c
- crypto/thread.c
- crypto/thread_none.c
- crypto/thread_pthread.c
- crypto/thread_win.c
- crypto/trust_token/pmbtoken.c
- crypto/trust_token/trust_token.c
- crypto/trust_token/voprf.c
- crypto/x509/a_digest.c
- crypto/x509/a_sign.c
- crypto/x509/a_verify.c
- crypto/x509/algorithm.c
- crypto/x509/asn1_gen.c
- crypto/x509/by_dir.c
- crypto/x509/by_file.c
- crypto/x509/i2d_pr.c
- crypto/x509/name_print.c
- crypto/x509/policy.c
- crypto/x509/rsa_pss.c
- crypto/x509/t_crl.c
- crypto/x509/t_req.c
- crypto/x509/t_x509.c
- crypto/x509/t_x509a.c
- crypto/x509/v3_akey.c
- crypto/x509/v3_akeya.c
- crypto/x509/v3_alt.c
- crypto/x509/v3_bcons.c
- crypto/x509/v3_bitst.c
- crypto/x509/v3_conf.c
- crypto/x509/v3_cpols.c
- crypto/x509/v3_crld.c
- crypto/x509/v3_enum.c
- crypto/x509/v3_extku.c
- crypto/x509/v3_genn.c
- crypto/x509/v3_ia5.c
- crypto/x509/v3_info.c
- crypto/x509/v3_int.c
- crypto/x509/v3_lib.c
- crypto/x509/v3_ncons.c
- crypto/x509/v3_ocsp.c
- crypto/x509/v3_pcons.c
- crypto/x509/v3_pmaps.c
- crypto/x509/v3_prn.c
- crypto/x509/v3_purp.c
- crypto/x509/v3_skey.c
- crypto/x509/v3_utl.c
- crypto/x509/x509.c
- crypto/x509/x509_att.c
- crypto/x509/x509_cmp.c
- crypto/x509/x509_d2.c
- crypto/x509/x509_def.c
- crypto/x509/x509_ext.c
- crypto/x509/x509_lu.c
- crypto/x509/x509_obj.c
- crypto/x509/x509_req.c
- crypto/x509/x509_set.c
- crypto/x509/x509_trs.c
- crypto/x509/x509_txt.c
- crypto/x509/x509_v3.c
- crypto/x509/x509_vfy.c
- crypto/x509/x509_vpm.c
- crypto/x509/x509cset.c
- crypto/x509/x509name.c
- crypto/x509/x509rset.c
- crypto/x509/x509spki.c
- crypto/x509/x_algor.c
- crypto/x509/x_all.c
- crypto/x509/x_attrib.c
- crypto/x509/x_crl.c
- crypto/x509/x_exten.c
- crypto/x509/x_name.c
- crypto/x509/x_pubkey.c
- crypto/x509/x_req.c
- crypto/x509/x_sig.c
- crypto/x509/x_spki.c
- crypto/x509/x_val.c
- crypto/x509/x_x509.c
- crypto/x509/x_x509a.c
- gen/crypto/err_data.c
+ crypto/obj/obj.cc
+ crypto/obj/obj_xref.cc
+ crypto/pem/pem_all.cc
+ crypto/pem/pem_info.cc
+ crypto/pem/pem_lib.cc
+ crypto/pem/pem_oth.cc
+ crypto/pem/pem_pk8.cc
+ crypto/pem/pem_pkey.cc
+ crypto/pem/pem_x509.cc
+ crypto/pem/pem_xaux.cc
+ crypto/pkcs7/pkcs7.cc
+ crypto/pkcs7/pkcs7_x509.cc
+ crypto/pkcs8/p5_pbev2.cc
+ crypto/pkcs8/pkcs8.cc
+ crypto/pkcs8/pkcs8_x509.cc
+ crypto/poly1305/poly1305.cc
+ crypto/poly1305/poly1305_arm.cc
+ crypto/poly1305/poly1305_vec.cc
+ crypto/pool/pool.cc
+ crypto/rand_extra/deterministic.cc
+ crypto/rand_extra/fork_detect.cc
+ crypto/rand_extra/forkunsafe.cc
+ crypto/rand_extra/getentropy.cc
+ crypto/rand_extra/ios.cc
+ crypto/rand_extra/passive.cc
+ crypto/rand_extra/rand_extra.cc
+ crypto/rand_extra/trusty.cc
+ crypto/rand_extra/urandom.cc
+ crypto/rand_extra/windows.cc
+ crypto/rc4/rc4.cc
+ crypto/refcount.cc
+ crypto/rsa_extra/rsa_asn1.cc
+ crypto/rsa_extra/rsa_crypt.cc
+ crypto/rsa_extra/rsa_extra.cc
+ crypto/rsa_extra/rsa_print.cc
+ crypto/sha/sha1.cc
+ crypto/sha/sha256.cc
+ crypto/sha/sha512.cc
+ crypto/siphash/siphash.cc
+ crypto/slhdsa/fors.cc
+ crypto/slhdsa/merkle.cc
+ crypto/slhdsa/slhdsa.cc
+ crypto/slhdsa/thash.cc
+ crypto/slhdsa/wots.cc
+ crypto/spx/spx.cc
+ crypto/spx/spx_address.cc
+ crypto/spx/spx_fors.cc
+ crypto/spx/spx_merkle.cc
+ crypto/spx/spx_thash.cc
+ crypto/spx/spx_util.cc
+ crypto/spx/spx_wots.cc
+ crypto/stack/stack.cc
+ crypto/thread.cc
+ crypto/thread_none.cc
+ crypto/thread_pthread.cc
+ crypto/thread_win.cc
+ crypto/trust_token/pmbtoken.cc
+ crypto/trust_token/trust_token.cc
+ crypto/trust_token/voprf.cc
+ crypto/x509/a_digest.cc
+ crypto/x509/a_sign.cc
+ crypto/x509/a_verify.cc
+ crypto/x509/algorithm.cc
+ crypto/x509/asn1_gen.cc
+ crypto/x509/by_dir.cc
+ crypto/x509/by_file.cc
+ crypto/x509/i2d_pr.cc
+ crypto/x509/name_print.cc
+ crypto/x509/policy.cc
+ crypto/x509/rsa_pss.cc
+ crypto/x509/t_crl.cc
+ crypto/x509/t_req.cc
+ crypto/x509/t_x509.cc
+ crypto/x509/t_x509a.cc
+ crypto/x509/v3_akey.cc
+ crypto/x509/v3_akeya.cc
+ crypto/x509/v3_alt.cc
+ crypto/x509/v3_bcons.cc
+ crypto/x509/v3_bitst.cc
+ crypto/x509/v3_conf.cc
+ crypto/x509/v3_cpols.cc
+ crypto/x509/v3_crld.cc
+ crypto/x509/v3_enum.cc
+ crypto/x509/v3_extku.cc
+ crypto/x509/v3_genn.cc
+ crypto/x509/v3_ia5.cc
+ crypto/x509/v3_info.cc
+ crypto/x509/v3_int.cc
+ crypto/x509/v3_lib.cc
+ crypto/x509/v3_ncons.cc
+ crypto/x509/v3_ocsp.cc
+ crypto/x509/v3_pcons.cc
+ crypto/x509/v3_pmaps.cc
+ crypto/x509/v3_prn.cc
+ crypto/x509/v3_purp.cc
+ crypto/x509/v3_skey.cc
+ crypto/x509/v3_utl.cc
+ crypto/x509/x509.cc
+ crypto/x509/x509_att.cc
+ crypto/x509/x509_cmp.cc
+ crypto/x509/x509_d2.cc
+ crypto/x509/x509_def.cc
+ crypto/x509/x509_ext.cc
+ crypto/x509/x509_lu.cc
+ crypto/x509/x509_obj.cc
+ crypto/x509/x509_req.cc
+ crypto/x509/x509_set.cc
+ crypto/x509/x509_trs.cc
+ crypto/x509/x509_txt.cc
+ crypto/x509/x509_v3.cc
+ crypto/x509/x509_vfy.cc
+ crypto/x509/x509_vpm.cc
+ crypto/x509/x509cset.cc
+ crypto/x509/x509name.cc
+ crypto/x509/x509rset.cc
+ crypto/x509/x509spki.cc
+ crypto/x509/x_algor.cc
+ crypto/x509/x_all.cc
+ crypto/x509/x_attrib.cc
+ crypto/x509/x_crl.cc
+ crypto/x509/x_exten.cc
+ crypto/x509/x_name.cc
+ crypto/x509/x_pubkey.cc
+ crypto/x509/x_req.cc
+ crypto/x509/x_sig.cc
+ crypto/x509/x_spki.cc
+ crypto/x509/x_val.cc
+ crypto/x509/x_x509.cc
+ crypto/x509/x_x509a.cc
+ gen/crypto/err_data.cc
)
set(
@@ -1070,23 +1070,23 @@
set(
DECREPIT_SOURCES
- decrepit/bio/base64_bio.c
- decrepit/blowfish/blowfish.c
- decrepit/cast/cast.c
- decrepit/cast/cast_tables.c
- decrepit/cfb/cfb.c
- decrepit/des/cfb64ede.c
- decrepit/dh/dh_decrepit.c
- decrepit/dsa/dsa_decrepit.c
- decrepit/evp/dss1.c
- decrepit/evp/evp_do_all.c
- decrepit/obj/obj_decrepit.c
- decrepit/rc4/rc4_decrepit.c
- decrepit/ripemd/ripemd.c
- decrepit/rsa/rsa_decrepit.c
- decrepit/ssl/ssl_decrepit.c
- decrepit/x509/x509_decrepit.c
- decrepit/xts/xts.c
+ decrepit/bio/base64_bio.cc
+ decrepit/blowfish/blowfish.cc
+ decrepit/cast/cast.cc
+ decrepit/cast/cast_tables.cc
+ decrepit/cfb/cfb.cc
+ decrepit/des/cfb64ede.cc
+ decrepit/dh/dh_decrepit.cc
+ decrepit/dsa/dsa_decrepit.cc
+ decrepit/evp/dss1.cc
+ decrepit/evp/evp_do_all.cc
+ decrepit/obj/obj_decrepit.cc
+ decrepit/rc4/rc4_decrepit.cc
+ decrepit/ripemd/ripemd.cc
+ decrepit/rsa/rsa_decrepit.cc
+ decrepit/ssl/ssl_decrepit.cc
+ decrepit/x509/x509_decrepit.cc
+ decrepit/xts/xts.cc
)
set(
diff --git a/gen/sources.gni b/gen/sources.gni
index 2aacebb..6fb50e9 100644
--- a/gen/sources.gni
+++ b/gen/sources.gni
@@ -15,82 +15,82 @@
# Generated by go ./util/pregenerate. Do not edit manually.
bcm_sources = [
- "crypto/fipsmodule/bcm.c",
+ "crypto/fipsmodule/bcm.cc",
]
bcm_internal_headers = [
- "crypto/fipsmodule/aes/aes.c.inc",
- "crypto/fipsmodule/aes/aes_nohw.c.inc",
- "crypto/fipsmodule/aes/key_wrap.c.inc",
- "crypto/fipsmodule/aes/mode_wrappers.c.inc",
- "crypto/fipsmodule/bn/add.c.inc",
- "crypto/fipsmodule/bn/asm/x86_64-gcc.c.inc",
- "crypto/fipsmodule/bn/bn.c.inc",
- "crypto/fipsmodule/bn/bytes.c.inc",
- "crypto/fipsmodule/bn/cmp.c.inc",
- "crypto/fipsmodule/bn/ctx.c.inc",
- "crypto/fipsmodule/bn/div.c.inc",
- "crypto/fipsmodule/bn/div_extra.c.inc",
- "crypto/fipsmodule/bn/exponentiation.c.inc",
- "crypto/fipsmodule/bn/gcd.c.inc",
- "crypto/fipsmodule/bn/gcd_extra.c.inc",
- "crypto/fipsmodule/bn/generic.c.inc",
- "crypto/fipsmodule/bn/jacobi.c.inc",
- "crypto/fipsmodule/bn/montgomery.c.inc",
- "crypto/fipsmodule/bn/montgomery_inv.c.inc",
- "crypto/fipsmodule/bn/mul.c.inc",
- "crypto/fipsmodule/bn/prime.c.inc",
- "crypto/fipsmodule/bn/random.c.inc",
- "crypto/fipsmodule/bn/rsaz_exp.c.inc",
- "crypto/fipsmodule/bn/shift.c.inc",
- "crypto/fipsmodule/bn/sqrt.c.inc",
- "crypto/fipsmodule/cipher/aead.c.inc",
- "crypto/fipsmodule/cipher/cipher.c.inc",
- "crypto/fipsmodule/cipher/e_aes.c.inc",
- "crypto/fipsmodule/cipher/e_aesccm.c.inc",
- "crypto/fipsmodule/cmac/cmac.c.inc",
- "crypto/fipsmodule/dh/check.c.inc",
- "crypto/fipsmodule/dh/dh.c.inc",
- "crypto/fipsmodule/digest/digest.c.inc",
- "crypto/fipsmodule/digest/digests.c.inc",
- "crypto/fipsmodule/digestsign/digestsign.c.inc",
- "crypto/fipsmodule/ec/ec.c.inc",
- "crypto/fipsmodule/ec/ec_key.c.inc",
- "crypto/fipsmodule/ec/ec_montgomery.c.inc",
- "crypto/fipsmodule/ec/felem.c.inc",
- "crypto/fipsmodule/ec/oct.c.inc",
- "crypto/fipsmodule/ec/p224-64.c.inc",
- "crypto/fipsmodule/ec/p256-nistz.c.inc",
- "crypto/fipsmodule/ec/p256.c.inc",
- "crypto/fipsmodule/ec/scalar.c.inc",
- "crypto/fipsmodule/ec/simple.c.inc",
- "crypto/fipsmodule/ec/simple_mul.c.inc",
- "crypto/fipsmodule/ec/util.c.inc",
- "crypto/fipsmodule/ec/wnaf.c.inc",
- "crypto/fipsmodule/ecdh/ecdh.c.inc",
- "crypto/fipsmodule/ecdsa/ecdsa.c.inc",
- "crypto/fipsmodule/hkdf/hkdf.c.inc",
- "crypto/fipsmodule/hmac/hmac.c.inc",
- "crypto/fipsmodule/modes/cbc.c.inc",
- "crypto/fipsmodule/modes/cfb.c.inc",
- "crypto/fipsmodule/modes/ctr.c.inc",
- "crypto/fipsmodule/modes/gcm.c.inc",
- "crypto/fipsmodule/modes/gcm_nohw.c.inc",
- "crypto/fipsmodule/modes/ofb.c.inc",
- "crypto/fipsmodule/modes/polyval.c.inc",
- "crypto/fipsmodule/rand/ctrdrbg.c.inc",
- "crypto/fipsmodule/rand/rand.c.inc",
- "crypto/fipsmodule/rsa/blinding.c.inc",
- "crypto/fipsmodule/rsa/padding.c.inc",
- "crypto/fipsmodule/rsa/rsa.c.inc",
- "crypto/fipsmodule/rsa/rsa_impl.c.inc",
- "crypto/fipsmodule/self_check/fips.c.inc",
- "crypto/fipsmodule/self_check/self_check.c.inc",
- "crypto/fipsmodule/service_indicator/service_indicator.c.inc",
- "crypto/fipsmodule/sha/sha1.c.inc",
- "crypto/fipsmodule/sha/sha256.c.inc",
- "crypto/fipsmodule/sha/sha512.c.inc",
- "crypto/fipsmodule/tls/kdf.c.inc",
+ "crypto/fipsmodule/aes/aes.cc.inc",
+ "crypto/fipsmodule/aes/aes_nohw.cc.inc",
+ "crypto/fipsmodule/aes/key_wrap.cc.inc",
+ "crypto/fipsmodule/aes/mode_wrappers.cc.inc",
+ "crypto/fipsmodule/bn/add.cc.inc",
+ "crypto/fipsmodule/bn/asm/x86_64-gcc.cc.inc",
+ "crypto/fipsmodule/bn/bn.cc.inc",
+ "crypto/fipsmodule/bn/bytes.cc.inc",
+ "crypto/fipsmodule/bn/cmp.cc.inc",
+ "crypto/fipsmodule/bn/ctx.cc.inc",
+ "crypto/fipsmodule/bn/div.cc.inc",
+ "crypto/fipsmodule/bn/div_extra.cc.inc",
+ "crypto/fipsmodule/bn/exponentiation.cc.inc",
+ "crypto/fipsmodule/bn/gcd.cc.inc",
+ "crypto/fipsmodule/bn/gcd_extra.cc.inc",
+ "crypto/fipsmodule/bn/generic.cc.inc",
+ "crypto/fipsmodule/bn/jacobi.cc.inc",
+ "crypto/fipsmodule/bn/montgomery.cc.inc",
+ "crypto/fipsmodule/bn/montgomery_inv.cc.inc",
+ "crypto/fipsmodule/bn/mul.cc.inc",
+ "crypto/fipsmodule/bn/prime.cc.inc",
+ "crypto/fipsmodule/bn/random.cc.inc",
+ "crypto/fipsmodule/bn/rsaz_exp.cc.inc",
+ "crypto/fipsmodule/bn/shift.cc.inc",
+ "crypto/fipsmodule/bn/sqrt.cc.inc",
+ "crypto/fipsmodule/cipher/aead.cc.inc",
+ "crypto/fipsmodule/cipher/cipher.cc.inc",
+ "crypto/fipsmodule/cipher/e_aes.cc.inc",
+ "crypto/fipsmodule/cipher/e_aesccm.cc.inc",
+ "crypto/fipsmodule/cmac/cmac.cc.inc",
+ "crypto/fipsmodule/dh/check.cc.inc",
+ "crypto/fipsmodule/dh/dh.cc.inc",
+ "crypto/fipsmodule/digest/digest.cc.inc",
+ "crypto/fipsmodule/digest/digests.cc.inc",
+ "crypto/fipsmodule/digestsign/digestsign.cc.inc",
+ "crypto/fipsmodule/ec/ec.cc.inc",
+ "crypto/fipsmodule/ec/ec_key.cc.inc",
+ "crypto/fipsmodule/ec/ec_montgomery.cc.inc",
+ "crypto/fipsmodule/ec/felem.cc.inc",
+ "crypto/fipsmodule/ec/oct.cc.inc",
+ "crypto/fipsmodule/ec/p224-64.cc.inc",
+ "crypto/fipsmodule/ec/p256-nistz.cc.inc",
+ "crypto/fipsmodule/ec/p256.cc.inc",
+ "crypto/fipsmodule/ec/scalar.cc.inc",
+ "crypto/fipsmodule/ec/simple.cc.inc",
+ "crypto/fipsmodule/ec/simple_mul.cc.inc",
+ "crypto/fipsmodule/ec/util.cc.inc",
+ "crypto/fipsmodule/ec/wnaf.cc.inc",
+ "crypto/fipsmodule/ecdh/ecdh.cc.inc",
+ "crypto/fipsmodule/ecdsa/ecdsa.cc.inc",
+ "crypto/fipsmodule/hkdf/hkdf.cc.inc",
+ "crypto/fipsmodule/hmac/hmac.cc.inc",
+ "crypto/fipsmodule/modes/cbc.cc.inc",
+ "crypto/fipsmodule/modes/cfb.cc.inc",
+ "crypto/fipsmodule/modes/ctr.cc.inc",
+ "crypto/fipsmodule/modes/gcm.cc.inc",
+ "crypto/fipsmodule/modes/gcm_nohw.cc.inc",
+ "crypto/fipsmodule/modes/ofb.cc.inc",
+ "crypto/fipsmodule/modes/polyval.cc.inc",
+ "crypto/fipsmodule/rand/ctrdrbg.cc.inc",
+ "crypto/fipsmodule/rand/rand.cc.inc",
+ "crypto/fipsmodule/rsa/blinding.cc.inc",
+ "crypto/fipsmodule/rsa/padding.cc.inc",
+ "crypto/fipsmodule/rsa/rsa.cc.inc",
+ "crypto/fipsmodule/rsa/rsa_impl.cc.inc",
+ "crypto/fipsmodule/self_check/fips.cc.inc",
+ "crypto/fipsmodule/self_check/self_check.cc.inc",
+ "crypto/fipsmodule/service_indicator/service_indicator.cc.inc",
+ "crypto/fipsmodule/sha/sha1.cc.inc",
+ "crypto/fipsmodule/sha/sha256.cc.inc",
+ "crypto/fipsmodule/sha/sha512.cc.inc",
+ "crypto/fipsmodule/tls/kdf.cc.inc",
]
bcm_sources_asm = [
@@ -244,255 +244,255 @@
]
crypto_sources = [
- "crypto/asn1/a_bitstr.c",
- "crypto/asn1/a_bool.c",
- "crypto/asn1/a_d2i_fp.c",
- "crypto/asn1/a_dup.c",
- "crypto/asn1/a_gentm.c",
- "crypto/asn1/a_i2d_fp.c",
- "crypto/asn1/a_int.c",
- "crypto/asn1/a_mbstr.c",
- "crypto/asn1/a_object.c",
- "crypto/asn1/a_octet.c",
- "crypto/asn1/a_strex.c",
- "crypto/asn1/a_strnid.c",
- "crypto/asn1/a_time.c",
- "crypto/asn1/a_type.c",
- "crypto/asn1/a_utctm.c",
- "crypto/asn1/asn1_lib.c",
- "crypto/asn1/asn1_par.c",
- "crypto/asn1/asn_pack.c",
- "crypto/asn1/f_int.c",
- "crypto/asn1/f_string.c",
- "crypto/asn1/posix_time.c",
- "crypto/asn1/tasn_dec.c",
- "crypto/asn1/tasn_enc.c",
- "crypto/asn1/tasn_fre.c",
- "crypto/asn1/tasn_new.c",
- "crypto/asn1/tasn_typ.c",
- "crypto/asn1/tasn_utl.c",
- "crypto/base64/base64.c",
- "crypto/bio/bio.c",
- "crypto/bio/bio_mem.c",
- "crypto/bio/connect.c",
- "crypto/bio/errno.c",
- "crypto/bio/fd.c",
- "crypto/bio/file.c",
- "crypto/bio/hexdump.c",
- "crypto/bio/pair.c",
- "crypto/bio/printf.c",
- "crypto/bio/socket.c",
- "crypto/bio/socket_helper.c",
- "crypto/blake2/blake2.c",
- "crypto/bn_extra/bn_asn1.c",
- "crypto/bn_extra/convert.c",
- "crypto/buf/buf.c",
- "crypto/bytestring/asn1_compat.c",
- "crypto/bytestring/ber.c",
- "crypto/bytestring/cbb.c",
- "crypto/bytestring/cbs.c",
- "crypto/bytestring/unicode.c",
- "crypto/chacha/chacha.c",
- "crypto/cipher_extra/cipher_extra.c",
- "crypto/cipher_extra/derive_key.c",
- "crypto/cipher_extra/e_aesctrhmac.c",
- "crypto/cipher_extra/e_aesgcmsiv.c",
- "crypto/cipher_extra/e_chacha20poly1305.c",
- "crypto/cipher_extra/e_des.c",
- "crypto/cipher_extra/e_null.c",
- "crypto/cipher_extra/e_rc2.c",
- "crypto/cipher_extra/e_rc4.c",
- "crypto/cipher_extra/e_tls.c",
- "crypto/cipher_extra/tls_cbc.c",
- "crypto/conf/conf.c",
- "crypto/cpu_aarch64_apple.c",
- "crypto/cpu_aarch64_fuchsia.c",
- "crypto/cpu_aarch64_linux.c",
- "crypto/cpu_aarch64_openbsd.c",
- "crypto/cpu_aarch64_sysreg.c",
- "crypto/cpu_aarch64_win.c",
- "crypto/cpu_arm_freebsd.c",
- "crypto/cpu_arm_linux.c",
- "crypto/cpu_intel.c",
- "crypto/crypto.c",
- "crypto/curve25519/curve25519.c",
- "crypto/curve25519/curve25519_64_adx.c",
- "crypto/curve25519/spake25519.c",
- "crypto/des/des.c",
- "crypto/dh_extra/dh_asn1.c",
- "crypto/dh_extra/params.c",
- "crypto/digest_extra/digest_extra.c",
- "crypto/dilithium/dilithium.c",
- "crypto/dsa/dsa.c",
- "crypto/dsa/dsa_asn1.c",
- "crypto/ec_extra/ec_asn1.c",
- "crypto/ec_extra/ec_derive.c",
- "crypto/ec_extra/hash_to_curve.c",
- "crypto/ecdh_extra/ecdh_extra.c",
- "crypto/ecdsa_extra/ecdsa_asn1.c",
- "crypto/engine/engine.c",
- "crypto/err/err.c",
- "crypto/evp/evp.c",
- "crypto/evp/evp_asn1.c",
- "crypto/evp/evp_ctx.c",
- "crypto/evp/p_dh.c",
- "crypto/evp/p_dh_asn1.c",
- "crypto/evp/p_dsa_asn1.c",
- "crypto/evp/p_ec.c",
- "crypto/evp/p_ec_asn1.c",
- "crypto/evp/p_ed25519.c",
- "crypto/evp/p_ed25519_asn1.c",
- "crypto/evp/p_hkdf.c",
- "crypto/evp/p_rsa.c",
- "crypto/evp/p_rsa_asn1.c",
- "crypto/evp/p_x25519.c",
- "crypto/evp/p_x25519_asn1.c",
- "crypto/evp/pbkdf.c",
- "crypto/evp/print.c",
- "crypto/evp/scrypt.c",
- "crypto/evp/sign.c",
- "crypto/ex_data.c",
- "crypto/fipsmodule/fips_shared_support.c",
- "crypto/hpke/hpke.c",
- "crypto/hrss/hrss.c",
- "crypto/keccak/keccak.c",
- "crypto/kyber/kyber.c",
- "crypto/lhash/lhash.c",
- "crypto/md4/md4.c",
- "crypto/md5/md5.c",
- "crypto/mem.c",
+ "crypto/asn1/a_bitstr.cc",
+ "crypto/asn1/a_bool.cc",
+ "crypto/asn1/a_d2i_fp.cc",
+ "crypto/asn1/a_dup.cc",
+ "crypto/asn1/a_gentm.cc",
+ "crypto/asn1/a_i2d_fp.cc",
+ "crypto/asn1/a_int.cc",
+ "crypto/asn1/a_mbstr.cc",
+ "crypto/asn1/a_object.cc",
+ "crypto/asn1/a_octet.cc",
+ "crypto/asn1/a_strex.cc",
+ "crypto/asn1/a_strnid.cc",
+ "crypto/asn1/a_time.cc",
+ "crypto/asn1/a_type.cc",
+ "crypto/asn1/a_utctm.cc",
+ "crypto/asn1/asn1_lib.cc",
+ "crypto/asn1/asn1_par.cc",
+ "crypto/asn1/asn_pack.cc",
+ "crypto/asn1/f_int.cc",
+ "crypto/asn1/f_string.cc",
+ "crypto/asn1/posix_time.cc",
+ "crypto/asn1/tasn_dec.cc",
+ "crypto/asn1/tasn_enc.cc",
+ "crypto/asn1/tasn_fre.cc",
+ "crypto/asn1/tasn_new.cc",
+ "crypto/asn1/tasn_typ.cc",
+ "crypto/asn1/tasn_utl.cc",
+ "crypto/base64/base64.cc",
+ "crypto/bio/bio.cc",
+ "crypto/bio/bio_mem.cc",
+ "crypto/bio/connect.cc",
+ "crypto/bio/errno.cc",
+ "crypto/bio/fd.cc",
+ "crypto/bio/file.cc",
+ "crypto/bio/hexdump.cc",
+ "crypto/bio/pair.cc",
+ "crypto/bio/printf.cc",
+ "crypto/bio/socket.cc",
+ "crypto/bio/socket_helper.cc",
+ "crypto/blake2/blake2.cc",
+ "crypto/bn_extra/bn_asn1.cc",
+ "crypto/bn_extra/convert.cc",
+ "crypto/buf/buf.cc",
+ "crypto/bytestring/asn1_compat.cc",
+ "crypto/bytestring/ber.cc",
+ "crypto/bytestring/cbb.cc",
+ "crypto/bytestring/cbs.cc",
+ "crypto/bytestring/unicode.cc",
+ "crypto/chacha/chacha.cc",
+ "crypto/cipher_extra/cipher_extra.cc",
+ "crypto/cipher_extra/derive_key.cc",
+ "crypto/cipher_extra/e_aesctrhmac.cc",
+ "crypto/cipher_extra/e_aesgcmsiv.cc",
+ "crypto/cipher_extra/e_chacha20poly1305.cc",
+ "crypto/cipher_extra/e_des.cc",
+ "crypto/cipher_extra/e_null.cc",
+ "crypto/cipher_extra/e_rc2.cc",
+ "crypto/cipher_extra/e_rc4.cc",
+ "crypto/cipher_extra/e_tls.cc",
+ "crypto/cipher_extra/tls_cbc.cc",
+ "crypto/conf/conf.cc",
+ "crypto/cpu_aarch64_apple.cc",
+ "crypto/cpu_aarch64_fuchsia.cc",
+ "crypto/cpu_aarch64_linux.cc",
+ "crypto/cpu_aarch64_openbsd.cc",
+ "crypto/cpu_aarch64_sysreg.cc",
+ "crypto/cpu_aarch64_win.cc",
+ "crypto/cpu_arm_freebsd.cc",
+ "crypto/cpu_arm_linux.cc",
+ "crypto/cpu_intel.cc",
+ "crypto/crypto.cc",
+ "crypto/curve25519/curve25519.cc",
+ "crypto/curve25519/curve25519_64_adx.cc",
+ "crypto/curve25519/spake25519.cc",
+ "crypto/des/des.cc",
+ "crypto/dh_extra/dh_asn1.cc",
+ "crypto/dh_extra/params.cc",
+ "crypto/digest_extra/digest_extra.cc",
+ "crypto/dilithium/dilithium.cc",
+ "crypto/dsa/dsa.cc",
+ "crypto/dsa/dsa_asn1.cc",
+ "crypto/ec_extra/ec_asn1.cc",
+ "crypto/ec_extra/ec_derive.cc",
+ "crypto/ec_extra/hash_to_curve.cc",
+ "crypto/ecdh_extra/ecdh_extra.cc",
+ "crypto/ecdsa_extra/ecdsa_asn1.cc",
+ "crypto/engine/engine.cc",
+ "crypto/err/err.cc",
+ "crypto/evp/evp.cc",
+ "crypto/evp/evp_asn1.cc",
+ "crypto/evp/evp_ctx.cc",
+ "crypto/evp/p_dh.cc",
+ "crypto/evp/p_dh_asn1.cc",
+ "crypto/evp/p_dsa_asn1.cc",
+ "crypto/evp/p_ec.cc",
+ "crypto/evp/p_ec_asn1.cc",
+ "crypto/evp/p_ed25519.cc",
+ "crypto/evp/p_ed25519_asn1.cc",
+ "crypto/evp/p_hkdf.cc",
+ "crypto/evp/p_rsa.cc",
+ "crypto/evp/p_rsa_asn1.cc",
+ "crypto/evp/p_x25519.cc",
+ "crypto/evp/p_x25519_asn1.cc",
+ "crypto/evp/pbkdf.cc",
+ "crypto/evp/print.cc",
+ "crypto/evp/scrypt.cc",
+ "crypto/evp/sign.cc",
+ "crypto/ex_data.cc",
+ "crypto/fipsmodule/fips_shared_support.cc",
+ "crypto/hpke/hpke.cc",
+ "crypto/hrss/hrss.cc",
+ "crypto/keccak/keccak.cc",
+ "crypto/kyber/kyber.cc",
+ "crypto/lhash/lhash.cc",
+ "crypto/md4/md4.cc",
+ "crypto/md5/md5.cc",
+ "crypto/mem.cc",
"crypto/mldsa/mldsa.cc",
"crypto/mlkem/mlkem.cc",
- "crypto/obj/obj.c",
- "crypto/obj/obj_xref.c",
- "crypto/pem/pem_all.c",
- "crypto/pem/pem_info.c",
- "crypto/pem/pem_lib.c",
- "crypto/pem/pem_oth.c",
- "crypto/pem/pem_pk8.c",
- "crypto/pem/pem_pkey.c",
- "crypto/pem/pem_x509.c",
- "crypto/pem/pem_xaux.c",
- "crypto/pkcs7/pkcs7.c",
- "crypto/pkcs7/pkcs7_x509.c",
- "crypto/pkcs8/p5_pbev2.c",
- "crypto/pkcs8/pkcs8.c",
- "crypto/pkcs8/pkcs8_x509.c",
- "crypto/poly1305/poly1305.c",
- "crypto/poly1305/poly1305_arm.c",
- "crypto/poly1305/poly1305_vec.c",
- "crypto/pool/pool.c",
- "crypto/rand_extra/deterministic.c",
- "crypto/rand_extra/fork_detect.c",
- "crypto/rand_extra/forkunsafe.c",
- "crypto/rand_extra/getentropy.c",
- "crypto/rand_extra/ios.c",
- "crypto/rand_extra/passive.c",
- "crypto/rand_extra/rand_extra.c",
- "crypto/rand_extra/trusty.c",
- "crypto/rand_extra/urandom.c",
- "crypto/rand_extra/windows.c",
- "crypto/rc4/rc4.c",
- "crypto/refcount.c",
- "crypto/rsa_extra/rsa_asn1.c",
- "crypto/rsa_extra/rsa_crypt.c",
- "crypto/rsa_extra/rsa_extra.c",
- "crypto/rsa_extra/rsa_print.c",
- "crypto/sha/sha1.c",
- "crypto/sha/sha256.c",
- "crypto/sha/sha512.c",
- "crypto/siphash/siphash.c",
- "crypto/slhdsa/fors.c",
- "crypto/slhdsa/merkle.c",
- "crypto/slhdsa/slhdsa.c",
- "crypto/slhdsa/thash.c",
- "crypto/slhdsa/wots.c",
- "crypto/spx/spx.c",
- "crypto/spx/spx_address.c",
- "crypto/spx/spx_fors.c",
- "crypto/spx/spx_merkle.c",
- "crypto/spx/spx_thash.c",
- "crypto/spx/spx_util.c",
- "crypto/spx/spx_wots.c",
- "crypto/stack/stack.c",
- "crypto/thread.c",
- "crypto/thread_none.c",
- "crypto/thread_pthread.c",
- "crypto/thread_win.c",
- "crypto/trust_token/pmbtoken.c",
- "crypto/trust_token/trust_token.c",
- "crypto/trust_token/voprf.c",
- "crypto/x509/a_digest.c",
- "crypto/x509/a_sign.c",
- "crypto/x509/a_verify.c",
- "crypto/x509/algorithm.c",
- "crypto/x509/asn1_gen.c",
- "crypto/x509/by_dir.c",
- "crypto/x509/by_file.c",
- "crypto/x509/i2d_pr.c",
- "crypto/x509/name_print.c",
- "crypto/x509/policy.c",
- "crypto/x509/rsa_pss.c",
- "crypto/x509/t_crl.c",
- "crypto/x509/t_req.c",
- "crypto/x509/t_x509.c",
- "crypto/x509/t_x509a.c",
- "crypto/x509/v3_akey.c",
- "crypto/x509/v3_akeya.c",
- "crypto/x509/v3_alt.c",
- "crypto/x509/v3_bcons.c",
- "crypto/x509/v3_bitst.c",
- "crypto/x509/v3_conf.c",
- "crypto/x509/v3_cpols.c",
- "crypto/x509/v3_crld.c",
- "crypto/x509/v3_enum.c",
- "crypto/x509/v3_extku.c",
- "crypto/x509/v3_genn.c",
- "crypto/x509/v3_ia5.c",
- "crypto/x509/v3_info.c",
- "crypto/x509/v3_int.c",
- "crypto/x509/v3_lib.c",
- "crypto/x509/v3_ncons.c",
- "crypto/x509/v3_ocsp.c",
- "crypto/x509/v3_pcons.c",
- "crypto/x509/v3_pmaps.c",
- "crypto/x509/v3_prn.c",
- "crypto/x509/v3_purp.c",
- "crypto/x509/v3_skey.c",
- "crypto/x509/v3_utl.c",
- "crypto/x509/x509.c",
- "crypto/x509/x509_att.c",
- "crypto/x509/x509_cmp.c",
- "crypto/x509/x509_d2.c",
- "crypto/x509/x509_def.c",
- "crypto/x509/x509_ext.c",
- "crypto/x509/x509_lu.c",
- "crypto/x509/x509_obj.c",
- "crypto/x509/x509_req.c",
- "crypto/x509/x509_set.c",
- "crypto/x509/x509_trs.c",
- "crypto/x509/x509_txt.c",
- "crypto/x509/x509_v3.c",
- "crypto/x509/x509_vfy.c",
- "crypto/x509/x509_vpm.c",
- "crypto/x509/x509cset.c",
- "crypto/x509/x509name.c",
- "crypto/x509/x509rset.c",
- "crypto/x509/x509spki.c",
- "crypto/x509/x_algor.c",
- "crypto/x509/x_all.c",
- "crypto/x509/x_attrib.c",
- "crypto/x509/x_crl.c",
- "crypto/x509/x_exten.c",
- "crypto/x509/x_name.c",
- "crypto/x509/x_pubkey.c",
- "crypto/x509/x_req.c",
- "crypto/x509/x_sig.c",
- "crypto/x509/x_spki.c",
- "crypto/x509/x_val.c",
- "crypto/x509/x_x509.c",
- "crypto/x509/x_x509a.c",
- "gen/crypto/err_data.c",
+ "crypto/obj/obj.cc",
+ "crypto/obj/obj_xref.cc",
+ "crypto/pem/pem_all.cc",
+ "crypto/pem/pem_info.cc",
+ "crypto/pem/pem_lib.cc",
+ "crypto/pem/pem_oth.cc",
+ "crypto/pem/pem_pk8.cc",
+ "crypto/pem/pem_pkey.cc",
+ "crypto/pem/pem_x509.cc",
+ "crypto/pem/pem_xaux.cc",
+ "crypto/pkcs7/pkcs7.cc",
+ "crypto/pkcs7/pkcs7_x509.cc",
+ "crypto/pkcs8/p5_pbev2.cc",
+ "crypto/pkcs8/pkcs8.cc",
+ "crypto/pkcs8/pkcs8_x509.cc",
+ "crypto/poly1305/poly1305.cc",
+ "crypto/poly1305/poly1305_arm.cc",
+ "crypto/poly1305/poly1305_vec.cc",
+ "crypto/pool/pool.cc",
+ "crypto/rand_extra/deterministic.cc",
+ "crypto/rand_extra/fork_detect.cc",
+ "crypto/rand_extra/forkunsafe.cc",
+ "crypto/rand_extra/getentropy.cc",
+ "crypto/rand_extra/ios.cc",
+ "crypto/rand_extra/passive.cc",
+ "crypto/rand_extra/rand_extra.cc",
+ "crypto/rand_extra/trusty.cc",
+ "crypto/rand_extra/urandom.cc",
+ "crypto/rand_extra/windows.cc",
+ "crypto/rc4/rc4.cc",
+ "crypto/refcount.cc",
+ "crypto/rsa_extra/rsa_asn1.cc",
+ "crypto/rsa_extra/rsa_crypt.cc",
+ "crypto/rsa_extra/rsa_extra.cc",
+ "crypto/rsa_extra/rsa_print.cc",
+ "crypto/sha/sha1.cc",
+ "crypto/sha/sha256.cc",
+ "crypto/sha/sha512.cc",
+ "crypto/siphash/siphash.cc",
+ "crypto/slhdsa/fors.cc",
+ "crypto/slhdsa/merkle.cc",
+ "crypto/slhdsa/slhdsa.cc",
+ "crypto/slhdsa/thash.cc",
+ "crypto/slhdsa/wots.cc",
+ "crypto/spx/spx.cc",
+ "crypto/spx/spx_address.cc",
+ "crypto/spx/spx_fors.cc",
+ "crypto/spx/spx_merkle.cc",
+ "crypto/spx/spx_thash.cc",
+ "crypto/spx/spx_util.cc",
+ "crypto/spx/spx_wots.cc",
+ "crypto/stack/stack.cc",
+ "crypto/thread.cc",
+ "crypto/thread_none.cc",
+ "crypto/thread_pthread.cc",
+ "crypto/thread_win.cc",
+ "crypto/trust_token/pmbtoken.cc",
+ "crypto/trust_token/trust_token.cc",
+ "crypto/trust_token/voprf.cc",
+ "crypto/x509/a_digest.cc",
+ "crypto/x509/a_sign.cc",
+ "crypto/x509/a_verify.cc",
+ "crypto/x509/algorithm.cc",
+ "crypto/x509/asn1_gen.cc",
+ "crypto/x509/by_dir.cc",
+ "crypto/x509/by_file.cc",
+ "crypto/x509/i2d_pr.cc",
+ "crypto/x509/name_print.cc",
+ "crypto/x509/policy.cc",
+ "crypto/x509/rsa_pss.cc",
+ "crypto/x509/t_crl.cc",
+ "crypto/x509/t_req.cc",
+ "crypto/x509/t_x509.cc",
+ "crypto/x509/t_x509a.cc",
+ "crypto/x509/v3_akey.cc",
+ "crypto/x509/v3_akeya.cc",
+ "crypto/x509/v3_alt.cc",
+ "crypto/x509/v3_bcons.cc",
+ "crypto/x509/v3_bitst.cc",
+ "crypto/x509/v3_conf.cc",
+ "crypto/x509/v3_cpols.cc",
+ "crypto/x509/v3_crld.cc",
+ "crypto/x509/v3_enum.cc",
+ "crypto/x509/v3_extku.cc",
+ "crypto/x509/v3_genn.cc",
+ "crypto/x509/v3_ia5.cc",
+ "crypto/x509/v3_info.cc",
+ "crypto/x509/v3_int.cc",
+ "crypto/x509/v3_lib.cc",
+ "crypto/x509/v3_ncons.cc",
+ "crypto/x509/v3_ocsp.cc",
+ "crypto/x509/v3_pcons.cc",
+ "crypto/x509/v3_pmaps.cc",
+ "crypto/x509/v3_prn.cc",
+ "crypto/x509/v3_purp.cc",
+ "crypto/x509/v3_skey.cc",
+ "crypto/x509/v3_utl.cc",
+ "crypto/x509/x509.cc",
+ "crypto/x509/x509_att.cc",
+ "crypto/x509/x509_cmp.cc",
+ "crypto/x509/x509_d2.cc",
+ "crypto/x509/x509_def.cc",
+ "crypto/x509/x509_ext.cc",
+ "crypto/x509/x509_lu.cc",
+ "crypto/x509/x509_obj.cc",
+ "crypto/x509/x509_req.cc",
+ "crypto/x509/x509_set.cc",
+ "crypto/x509/x509_trs.cc",
+ "crypto/x509/x509_txt.cc",
+ "crypto/x509/x509_v3.cc",
+ "crypto/x509/x509_vfy.cc",
+ "crypto/x509/x509_vpm.cc",
+ "crypto/x509/x509cset.cc",
+ "crypto/x509/x509name.cc",
+ "crypto/x509/x509rset.cc",
+ "crypto/x509/x509spki.cc",
+ "crypto/x509/x_algor.cc",
+ "crypto/x509/x_all.cc",
+ "crypto/x509/x_attrib.cc",
+ "crypto/x509/x_crl.cc",
+ "crypto/x509/x_exten.cc",
+ "crypto/x509/x_name.cc",
+ "crypto/x509/x_pubkey.cc",
+ "crypto/x509/x_req.cc",
+ "crypto/x509/x_sig.cc",
+ "crypto/x509/x_spki.cc",
+ "crypto/x509/x_val.cc",
+ "crypto/x509/x_x509.cc",
+ "crypto/x509/x_x509a.cc",
+ "gen/crypto/err_data.cc",
]
crypto_headers = [
@@ -1042,23 +1042,23 @@
]
decrepit_sources = [
- "decrepit/bio/base64_bio.c",
- "decrepit/blowfish/blowfish.c",
- "decrepit/cast/cast.c",
- "decrepit/cast/cast_tables.c",
- "decrepit/cfb/cfb.c",
- "decrepit/des/cfb64ede.c",
- "decrepit/dh/dh_decrepit.c",
- "decrepit/dsa/dsa_decrepit.c",
- "decrepit/evp/dss1.c",
- "decrepit/evp/evp_do_all.c",
- "decrepit/obj/obj_decrepit.c",
- "decrepit/rc4/rc4_decrepit.c",
- "decrepit/ripemd/ripemd.c",
- "decrepit/rsa/rsa_decrepit.c",
- "decrepit/ssl/ssl_decrepit.c",
- "decrepit/x509/x509_decrepit.c",
- "decrepit/xts/xts.c",
+ "decrepit/bio/base64_bio.cc",
+ "decrepit/blowfish/blowfish.cc",
+ "decrepit/cast/cast.cc",
+ "decrepit/cast/cast_tables.cc",
+ "decrepit/cfb/cfb.cc",
+ "decrepit/des/cfb64ede.cc",
+ "decrepit/dh/dh_decrepit.cc",
+ "decrepit/dsa/dsa_decrepit.cc",
+ "decrepit/evp/dss1.cc",
+ "decrepit/evp/evp_do_all.cc",
+ "decrepit/obj/obj_decrepit.cc",
+ "decrepit/rc4/rc4_decrepit.cc",
+ "decrepit/ripemd/ripemd.cc",
+ "decrepit/rsa/rsa_decrepit.cc",
+ "decrepit/ssl/ssl_decrepit.cc",
+ "decrepit/x509/x509_decrepit.cc",
+ "decrepit/xts/xts.cc",
]
decrepit_internal_headers = [
diff --git a/gen/sources.json b/gen/sources.json
index 667a16c..9e52ec4 100644
--- a/gen/sources.json
+++ b/gen/sources.json
@@ -1,81 +1,81 @@
{
"bcm": {
"srcs": [
- "crypto/fipsmodule/bcm.c"
+ "crypto/fipsmodule/bcm.cc"
],
"internal_hdrs": [
- "crypto/fipsmodule/aes/aes.c.inc",
- "crypto/fipsmodule/aes/aes_nohw.c.inc",
- "crypto/fipsmodule/aes/key_wrap.c.inc",
- "crypto/fipsmodule/aes/mode_wrappers.c.inc",
- "crypto/fipsmodule/bn/add.c.inc",
- "crypto/fipsmodule/bn/asm/x86_64-gcc.c.inc",
- "crypto/fipsmodule/bn/bn.c.inc",
- "crypto/fipsmodule/bn/bytes.c.inc",
- "crypto/fipsmodule/bn/cmp.c.inc",
- "crypto/fipsmodule/bn/ctx.c.inc",
- "crypto/fipsmodule/bn/div.c.inc",
- "crypto/fipsmodule/bn/div_extra.c.inc",
- "crypto/fipsmodule/bn/exponentiation.c.inc",
- "crypto/fipsmodule/bn/gcd.c.inc",
- "crypto/fipsmodule/bn/gcd_extra.c.inc",
- "crypto/fipsmodule/bn/generic.c.inc",
- "crypto/fipsmodule/bn/jacobi.c.inc",
- "crypto/fipsmodule/bn/montgomery.c.inc",
- "crypto/fipsmodule/bn/montgomery_inv.c.inc",
- "crypto/fipsmodule/bn/mul.c.inc",
- "crypto/fipsmodule/bn/prime.c.inc",
- "crypto/fipsmodule/bn/random.c.inc",
- "crypto/fipsmodule/bn/rsaz_exp.c.inc",
- "crypto/fipsmodule/bn/shift.c.inc",
- "crypto/fipsmodule/bn/sqrt.c.inc",
- "crypto/fipsmodule/cipher/aead.c.inc",
- "crypto/fipsmodule/cipher/cipher.c.inc",
- "crypto/fipsmodule/cipher/e_aes.c.inc",
- "crypto/fipsmodule/cipher/e_aesccm.c.inc",
- "crypto/fipsmodule/cmac/cmac.c.inc",
- "crypto/fipsmodule/dh/check.c.inc",
- "crypto/fipsmodule/dh/dh.c.inc",
- "crypto/fipsmodule/digest/digest.c.inc",
- "crypto/fipsmodule/digest/digests.c.inc",
- "crypto/fipsmodule/digestsign/digestsign.c.inc",
- "crypto/fipsmodule/ec/ec.c.inc",
- "crypto/fipsmodule/ec/ec_key.c.inc",
- "crypto/fipsmodule/ec/ec_montgomery.c.inc",
- "crypto/fipsmodule/ec/felem.c.inc",
- "crypto/fipsmodule/ec/oct.c.inc",
- "crypto/fipsmodule/ec/p224-64.c.inc",
- "crypto/fipsmodule/ec/p256-nistz.c.inc",
- "crypto/fipsmodule/ec/p256.c.inc",
- "crypto/fipsmodule/ec/scalar.c.inc",
- "crypto/fipsmodule/ec/simple.c.inc",
- "crypto/fipsmodule/ec/simple_mul.c.inc",
- "crypto/fipsmodule/ec/util.c.inc",
- "crypto/fipsmodule/ec/wnaf.c.inc",
- "crypto/fipsmodule/ecdh/ecdh.c.inc",
- "crypto/fipsmodule/ecdsa/ecdsa.c.inc",
- "crypto/fipsmodule/hkdf/hkdf.c.inc",
- "crypto/fipsmodule/hmac/hmac.c.inc",
- "crypto/fipsmodule/modes/cbc.c.inc",
- "crypto/fipsmodule/modes/cfb.c.inc",
- "crypto/fipsmodule/modes/ctr.c.inc",
- "crypto/fipsmodule/modes/gcm.c.inc",
- "crypto/fipsmodule/modes/gcm_nohw.c.inc",
- "crypto/fipsmodule/modes/ofb.c.inc",
- "crypto/fipsmodule/modes/polyval.c.inc",
- "crypto/fipsmodule/rand/ctrdrbg.c.inc",
- "crypto/fipsmodule/rand/rand.c.inc",
- "crypto/fipsmodule/rsa/blinding.c.inc",
- "crypto/fipsmodule/rsa/padding.c.inc",
- "crypto/fipsmodule/rsa/rsa.c.inc",
- "crypto/fipsmodule/rsa/rsa_impl.c.inc",
- "crypto/fipsmodule/self_check/fips.c.inc",
- "crypto/fipsmodule/self_check/self_check.c.inc",
- "crypto/fipsmodule/service_indicator/service_indicator.c.inc",
- "crypto/fipsmodule/sha/sha1.c.inc",
- "crypto/fipsmodule/sha/sha256.c.inc",
- "crypto/fipsmodule/sha/sha512.c.inc",
- "crypto/fipsmodule/tls/kdf.c.inc"
+ "crypto/fipsmodule/aes/aes.cc.inc",
+ "crypto/fipsmodule/aes/aes_nohw.cc.inc",
+ "crypto/fipsmodule/aes/key_wrap.cc.inc",
+ "crypto/fipsmodule/aes/mode_wrappers.cc.inc",
+ "crypto/fipsmodule/bn/add.cc.inc",
+ "crypto/fipsmodule/bn/asm/x86_64-gcc.cc.inc",
+ "crypto/fipsmodule/bn/bn.cc.inc",
+ "crypto/fipsmodule/bn/bytes.cc.inc",
+ "crypto/fipsmodule/bn/cmp.cc.inc",
+ "crypto/fipsmodule/bn/ctx.cc.inc",
+ "crypto/fipsmodule/bn/div.cc.inc",
+ "crypto/fipsmodule/bn/div_extra.cc.inc",
+ "crypto/fipsmodule/bn/exponentiation.cc.inc",
+ "crypto/fipsmodule/bn/gcd.cc.inc",
+ "crypto/fipsmodule/bn/gcd_extra.cc.inc",
+ "crypto/fipsmodule/bn/generic.cc.inc",
+ "crypto/fipsmodule/bn/jacobi.cc.inc",
+ "crypto/fipsmodule/bn/montgomery.cc.inc",
+ "crypto/fipsmodule/bn/montgomery_inv.cc.inc",
+ "crypto/fipsmodule/bn/mul.cc.inc",
+ "crypto/fipsmodule/bn/prime.cc.inc",
+ "crypto/fipsmodule/bn/random.cc.inc",
+ "crypto/fipsmodule/bn/rsaz_exp.cc.inc",
+ "crypto/fipsmodule/bn/shift.cc.inc",
+ "crypto/fipsmodule/bn/sqrt.cc.inc",
+ "crypto/fipsmodule/cipher/aead.cc.inc",
+ "crypto/fipsmodule/cipher/cipher.cc.inc",
+ "crypto/fipsmodule/cipher/e_aes.cc.inc",
+ "crypto/fipsmodule/cipher/e_aesccm.cc.inc",
+ "crypto/fipsmodule/cmac/cmac.cc.inc",
+ "crypto/fipsmodule/dh/check.cc.inc",
+ "crypto/fipsmodule/dh/dh.cc.inc",
+ "crypto/fipsmodule/digest/digest.cc.inc",
+ "crypto/fipsmodule/digest/digests.cc.inc",
+ "crypto/fipsmodule/digestsign/digestsign.cc.inc",
+ "crypto/fipsmodule/ec/ec.cc.inc",
+ "crypto/fipsmodule/ec/ec_key.cc.inc",
+ "crypto/fipsmodule/ec/ec_montgomery.cc.inc",
+ "crypto/fipsmodule/ec/felem.cc.inc",
+ "crypto/fipsmodule/ec/oct.cc.inc",
+ "crypto/fipsmodule/ec/p224-64.cc.inc",
+ "crypto/fipsmodule/ec/p256-nistz.cc.inc",
+ "crypto/fipsmodule/ec/p256.cc.inc",
+ "crypto/fipsmodule/ec/scalar.cc.inc",
+ "crypto/fipsmodule/ec/simple.cc.inc",
+ "crypto/fipsmodule/ec/simple_mul.cc.inc",
+ "crypto/fipsmodule/ec/util.cc.inc",
+ "crypto/fipsmodule/ec/wnaf.cc.inc",
+ "crypto/fipsmodule/ecdh/ecdh.cc.inc",
+ "crypto/fipsmodule/ecdsa/ecdsa.cc.inc",
+ "crypto/fipsmodule/hkdf/hkdf.cc.inc",
+ "crypto/fipsmodule/hmac/hmac.cc.inc",
+ "crypto/fipsmodule/modes/cbc.cc.inc",
+ "crypto/fipsmodule/modes/cfb.cc.inc",
+ "crypto/fipsmodule/modes/ctr.cc.inc",
+ "crypto/fipsmodule/modes/gcm.cc.inc",
+ "crypto/fipsmodule/modes/gcm_nohw.cc.inc",
+ "crypto/fipsmodule/modes/ofb.cc.inc",
+ "crypto/fipsmodule/modes/polyval.cc.inc",
+ "crypto/fipsmodule/rand/ctrdrbg.cc.inc",
+ "crypto/fipsmodule/rand/rand.cc.inc",
+ "crypto/fipsmodule/rsa/blinding.cc.inc",
+ "crypto/fipsmodule/rsa/padding.cc.inc",
+ "crypto/fipsmodule/rsa/rsa.cc.inc",
+ "crypto/fipsmodule/rsa/rsa_impl.cc.inc",
+ "crypto/fipsmodule/self_check/fips.cc.inc",
+ "crypto/fipsmodule/self_check/self_check.cc.inc",
+ "crypto/fipsmodule/service_indicator/service_indicator.cc.inc",
+ "crypto/fipsmodule/sha/sha1.cc.inc",
+ "crypto/fipsmodule/sha/sha256.cc.inc",
+ "crypto/fipsmodule/sha/sha512.cc.inc",
+ "crypto/fipsmodule/tls/kdf.cc.inc"
],
"asm": [
"gen/bcm/aesni-gcm-x86_64-apple.S",
@@ -228,255 +228,255 @@
},
"crypto": {
"srcs": [
- "crypto/asn1/a_bitstr.c",
- "crypto/asn1/a_bool.c",
- "crypto/asn1/a_d2i_fp.c",
- "crypto/asn1/a_dup.c",
- "crypto/asn1/a_gentm.c",
- "crypto/asn1/a_i2d_fp.c",
- "crypto/asn1/a_int.c",
- "crypto/asn1/a_mbstr.c",
- "crypto/asn1/a_object.c",
- "crypto/asn1/a_octet.c",
- "crypto/asn1/a_strex.c",
- "crypto/asn1/a_strnid.c",
- "crypto/asn1/a_time.c",
- "crypto/asn1/a_type.c",
- "crypto/asn1/a_utctm.c",
- "crypto/asn1/asn1_lib.c",
- "crypto/asn1/asn1_par.c",
- "crypto/asn1/asn_pack.c",
- "crypto/asn1/f_int.c",
- "crypto/asn1/f_string.c",
- "crypto/asn1/posix_time.c",
- "crypto/asn1/tasn_dec.c",
- "crypto/asn1/tasn_enc.c",
- "crypto/asn1/tasn_fre.c",
- "crypto/asn1/tasn_new.c",
- "crypto/asn1/tasn_typ.c",
- "crypto/asn1/tasn_utl.c",
- "crypto/base64/base64.c",
- "crypto/bio/bio.c",
- "crypto/bio/bio_mem.c",
- "crypto/bio/connect.c",
- "crypto/bio/errno.c",
- "crypto/bio/fd.c",
- "crypto/bio/file.c",
- "crypto/bio/hexdump.c",
- "crypto/bio/pair.c",
- "crypto/bio/printf.c",
- "crypto/bio/socket.c",
- "crypto/bio/socket_helper.c",
- "crypto/blake2/blake2.c",
- "crypto/bn_extra/bn_asn1.c",
- "crypto/bn_extra/convert.c",
- "crypto/buf/buf.c",
- "crypto/bytestring/asn1_compat.c",
- "crypto/bytestring/ber.c",
- "crypto/bytestring/cbb.c",
- "crypto/bytestring/cbs.c",
- "crypto/bytestring/unicode.c",
- "crypto/chacha/chacha.c",
- "crypto/cipher_extra/cipher_extra.c",
- "crypto/cipher_extra/derive_key.c",
- "crypto/cipher_extra/e_aesctrhmac.c",
- "crypto/cipher_extra/e_aesgcmsiv.c",
- "crypto/cipher_extra/e_chacha20poly1305.c",
- "crypto/cipher_extra/e_des.c",
- "crypto/cipher_extra/e_null.c",
- "crypto/cipher_extra/e_rc2.c",
- "crypto/cipher_extra/e_rc4.c",
- "crypto/cipher_extra/e_tls.c",
- "crypto/cipher_extra/tls_cbc.c",
- "crypto/conf/conf.c",
- "crypto/cpu_aarch64_apple.c",
- "crypto/cpu_aarch64_fuchsia.c",
- "crypto/cpu_aarch64_linux.c",
- "crypto/cpu_aarch64_openbsd.c",
- "crypto/cpu_aarch64_sysreg.c",
- "crypto/cpu_aarch64_win.c",
- "crypto/cpu_arm_freebsd.c",
- "crypto/cpu_arm_linux.c",
- "crypto/cpu_intel.c",
- "crypto/crypto.c",
- "crypto/curve25519/curve25519.c",
- "crypto/curve25519/curve25519_64_adx.c",
- "crypto/curve25519/spake25519.c",
- "crypto/des/des.c",
- "crypto/dh_extra/dh_asn1.c",
- "crypto/dh_extra/params.c",
- "crypto/digest_extra/digest_extra.c",
- "crypto/dilithium/dilithium.c",
- "crypto/dsa/dsa.c",
- "crypto/dsa/dsa_asn1.c",
- "crypto/ec_extra/ec_asn1.c",
- "crypto/ec_extra/ec_derive.c",
- "crypto/ec_extra/hash_to_curve.c",
- "crypto/ecdh_extra/ecdh_extra.c",
- "crypto/ecdsa_extra/ecdsa_asn1.c",
- "crypto/engine/engine.c",
- "crypto/err/err.c",
- "crypto/evp/evp.c",
- "crypto/evp/evp_asn1.c",
- "crypto/evp/evp_ctx.c",
- "crypto/evp/p_dh.c",
- "crypto/evp/p_dh_asn1.c",
- "crypto/evp/p_dsa_asn1.c",
- "crypto/evp/p_ec.c",
- "crypto/evp/p_ec_asn1.c",
- "crypto/evp/p_ed25519.c",
- "crypto/evp/p_ed25519_asn1.c",
- "crypto/evp/p_hkdf.c",
- "crypto/evp/p_rsa.c",
- "crypto/evp/p_rsa_asn1.c",
- "crypto/evp/p_x25519.c",
- "crypto/evp/p_x25519_asn1.c",
- "crypto/evp/pbkdf.c",
- "crypto/evp/print.c",
- "crypto/evp/scrypt.c",
- "crypto/evp/sign.c",
- "crypto/ex_data.c",
- "crypto/fipsmodule/fips_shared_support.c",
- "crypto/hpke/hpke.c",
- "crypto/hrss/hrss.c",
- "crypto/keccak/keccak.c",
- "crypto/kyber/kyber.c",
- "crypto/lhash/lhash.c",
- "crypto/md4/md4.c",
- "crypto/md5/md5.c",
- "crypto/mem.c",
+ "crypto/asn1/a_bitstr.cc",
+ "crypto/asn1/a_bool.cc",
+ "crypto/asn1/a_d2i_fp.cc",
+ "crypto/asn1/a_dup.cc",
+ "crypto/asn1/a_gentm.cc",
+ "crypto/asn1/a_i2d_fp.cc",
+ "crypto/asn1/a_int.cc",
+ "crypto/asn1/a_mbstr.cc",
+ "crypto/asn1/a_object.cc",
+ "crypto/asn1/a_octet.cc",
+ "crypto/asn1/a_strex.cc",
+ "crypto/asn1/a_strnid.cc",
+ "crypto/asn1/a_time.cc",
+ "crypto/asn1/a_type.cc",
+ "crypto/asn1/a_utctm.cc",
+ "crypto/asn1/asn1_lib.cc",
+ "crypto/asn1/asn1_par.cc",
+ "crypto/asn1/asn_pack.cc",
+ "crypto/asn1/f_int.cc",
+ "crypto/asn1/f_string.cc",
+ "crypto/asn1/posix_time.cc",
+ "crypto/asn1/tasn_dec.cc",
+ "crypto/asn1/tasn_enc.cc",
+ "crypto/asn1/tasn_fre.cc",
+ "crypto/asn1/tasn_new.cc",
+ "crypto/asn1/tasn_typ.cc",
+ "crypto/asn1/tasn_utl.cc",
+ "crypto/base64/base64.cc",
+ "crypto/bio/bio.cc",
+ "crypto/bio/bio_mem.cc",
+ "crypto/bio/connect.cc",
+ "crypto/bio/errno.cc",
+ "crypto/bio/fd.cc",
+ "crypto/bio/file.cc",
+ "crypto/bio/hexdump.cc",
+ "crypto/bio/pair.cc",
+ "crypto/bio/printf.cc",
+ "crypto/bio/socket.cc",
+ "crypto/bio/socket_helper.cc",
+ "crypto/blake2/blake2.cc",
+ "crypto/bn_extra/bn_asn1.cc",
+ "crypto/bn_extra/convert.cc",
+ "crypto/buf/buf.cc",
+ "crypto/bytestring/asn1_compat.cc",
+ "crypto/bytestring/ber.cc",
+ "crypto/bytestring/cbb.cc",
+ "crypto/bytestring/cbs.cc",
+ "crypto/bytestring/unicode.cc",
+ "crypto/chacha/chacha.cc",
+ "crypto/cipher_extra/cipher_extra.cc",
+ "crypto/cipher_extra/derive_key.cc",
+ "crypto/cipher_extra/e_aesctrhmac.cc",
+ "crypto/cipher_extra/e_aesgcmsiv.cc",
+ "crypto/cipher_extra/e_chacha20poly1305.cc",
+ "crypto/cipher_extra/e_des.cc",
+ "crypto/cipher_extra/e_null.cc",
+ "crypto/cipher_extra/e_rc2.cc",
+ "crypto/cipher_extra/e_rc4.cc",
+ "crypto/cipher_extra/e_tls.cc",
+ "crypto/cipher_extra/tls_cbc.cc",
+ "crypto/conf/conf.cc",
+ "crypto/cpu_aarch64_apple.cc",
+ "crypto/cpu_aarch64_fuchsia.cc",
+ "crypto/cpu_aarch64_linux.cc",
+ "crypto/cpu_aarch64_openbsd.cc",
+ "crypto/cpu_aarch64_sysreg.cc",
+ "crypto/cpu_aarch64_win.cc",
+ "crypto/cpu_arm_freebsd.cc",
+ "crypto/cpu_arm_linux.cc",
+ "crypto/cpu_intel.cc",
+ "crypto/crypto.cc",
+ "crypto/curve25519/curve25519.cc",
+ "crypto/curve25519/curve25519_64_adx.cc",
+ "crypto/curve25519/spake25519.cc",
+ "crypto/des/des.cc",
+ "crypto/dh_extra/dh_asn1.cc",
+ "crypto/dh_extra/params.cc",
+ "crypto/digest_extra/digest_extra.cc",
+ "crypto/dilithium/dilithium.cc",
+ "crypto/dsa/dsa.cc",
+ "crypto/dsa/dsa_asn1.cc",
+ "crypto/ec_extra/ec_asn1.cc",
+ "crypto/ec_extra/ec_derive.cc",
+ "crypto/ec_extra/hash_to_curve.cc",
+ "crypto/ecdh_extra/ecdh_extra.cc",
+ "crypto/ecdsa_extra/ecdsa_asn1.cc",
+ "crypto/engine/engine.cc",
+ "crypto/err/err.cc",
+ "crypto/evp/evp.cc",
+ "crypto/evp/evp_asn1.cc",
+ "crypto/evp/evp_ctx.cc",
+ "crypto/evp/p_dh.cc",
+ "crypto/evp/p_dh_asn1.cc",
+ "crypto/evp/p_dsa_asn1.cc",
+ "crypto/evp/p_ec.cc",
+ "crypto/evp/p_ec_asn1.cc",
+ "crypto/evp/p_ed25519.cc",
+ "crypto/evp/p_ed25519_asn1.cc",
+ "crypto/evp/p_hkdf.cc",
+ "crypto/evp/p_rsa.cc",
+ "crypto/evp/p_rsa_asn1.cc",
+ "crypto/evp/p_x25519.cc",
+ "crypto/evp/p_x25519_asn1.cc",
+ "crypto/evp/pbkdf.cc",
+ "crypto/evp/print.cc",
+ "crypto/evp/scrypt.cc",
+ "crypto/evp/sign.cc",
+ "crypto/ex_data.cc",
+ "crypto/fipsmodule/fips_shared_support.cc",
+ "crypto/hpke/hpke.cc",
+ "crypto/hrss/hrss.cc",
+ "crypto/keccak/keccak.cc",
+ "crypto/kyber/kyber.cc",
+ "crypto/lhash/lhash.cc",
+ "crypto/md4/md4.cc",
+ "crypto/md5/md5.cc",
+ "crypto/mem.cc",
"crypto/mldsa/mldsa.cc",
"crypto/mlkem/mlkem.cc",
- "crypto/obj/obj.c",
- "crypto/obj/obj_xref.c",
- "crypto/pem/pem_all.c",
- "crypto/pem/pem_info.c",
- "crypto/pem/pem_lib.c",
- "crypto/pem/pem_oth.c",
- "crypto/pem/pem_pk8.c",
- "crypto/pem/pem_pkey.c",
- "crypto/pem/pem_x509.c",
- "crypto/pem/pem_xaux.c",
- "crypto/pkcs7/pkcs7.c",
- "crypto/pkcs7/pkcs7_x509.c",
- "crypto/pkcs8/p5_pbev2.c",
- "crypto/pkcs8/pkcs8.c",
- "crypto/pkcs8/pkcs8_x509.c",
- "crypto/poly1305/poly1305.c",
- "crypto/poly1305/poly1305_arm.c",
- "crypto/poly1305/poly1305_vec.c",
- "crypto/pool/pool.c",
- "crypto/rand_extra/deterministic.c",
- "crypto/rand_extra/fork_detect.c",
- "crypto/rand_extra/forkunsafe.c",
- "crypto/rand_extra/getentropy.c",
- "crypto/rand_extra/ios.c",
- "crypto/rand_extra/passive.c",
- "crypto/rand_extra/rand_extra.c",
- "crypto/rand_extra/trusty.c",
- "crypto/rand_extra/urandom.c",
- "crypto/rand_extra/windows.c",
- "crypto/rc4/rc4.c",
- "crypto/refcount.c",
- "crypto/rsa_extra/rsa_asn1.c",
- "crypto/rsa_extra/rsa_crypt.c",
- "crypto/rsa_extra/rsa_extra.c",
- "crypto/rsa_extra/rsa_print.c",
- "crypto/sha/sha1.c",
- "crypto/sha/sha256.c",
- "crypto/sha/sha512.c",
- "crypto/siphash/siphash.c",
- "crypto/slhdsa/fors.c",
- "crypto/slhdsa/merkle.c",
- "crypto/slhdsa/slhdsa.c",
- "crypto/slhdsa/thash.c",
- "crypto/slhdsa/wots.c",
- "crypto/spx/spx.c",
- "crypto/spx/spx_address.c",
- "crypto/spx/spx_fors.c",
- "crypto/spx/spx_merkle.c",
- "crypto/spx/spx_thash.c",
- "crypto/spx/spx_util.c",
- "crypto/spx/spx_wots.c",
- "crypto/stack/stack.c",
- "crypto/thread.c",
- "crypto/thread_none.c",
- "crypto/thread_pthread.c",
- "crypto/thread_win.c",
- "crypto/trust_token/pmbtoken.c",
- "crypto/trust_token/trust_token.c",
- "crypto/trust_token/voprf.c",
- "crypto/x509/a_digest.c",
- "crypto/x509/a_sign.c",
- "crypto/x509/a_verify.c",
- "crypto/x509/algorithm.c",
- "crypto/x509/asn1_gen.c",
- "crypto/x509/by_dir.c",
- "crypto/x509/by_file.c",
- "crypto/x509/i2d_pr.c",
- "crypto/x509/name_print.c",
- "crypto/x509/policy.c",
- "crypto/x509/rsa_pss.c",
- "crypto/x509/t_crl.c",
- "crypto/x509/t_req.c",
- "crypto/x509/t_x509.c",
- "crypto/x509/t_x509a.c",
- "crypto/x509/v3_akey.c",
- "crypto/x509/v3_akeya.c",
- "crypto/x509/v3_alt.c",
- "crypto/x509/v3_bcons.c",
- "crypto/x509/v3_bitst.c",
- "crypto/x509/v3_conf.c",
- "crypto/x509/v3_cpols.c",
- "crypto/x509/v3_crld.c",
- "crypto/x509/v3_enum.c",
- "crypto/x509/v3_extku.c",
- "crypto/x509/v3_genn.c",
- "crypto/x509/v3_ia5.c",
- "crypto/x509/v3_info.c",
- "crypto/x509/v3_int.c",
- "crypto/x509/v3_lib.c",
- "crypto/x509/v3_ncons.c",
- "crypto/x509/v3_ocsp.c",
- "crypto/x509/v3_pcons.c",
- "crypto/x509/v3_pmaps.c",
- "crypto/x509/v3_prn.c",
- "crypto/x509/v3_purp.c",
- "crypto/x509/v3_skey.c",
- "crypto/x509/v3_utl.c",
- "crypto/x509/x509.c",
- "crypto/x509/x509_att.c",
- "crypto/x509/x509_cmp.c",
- "crypto/x509/x509_d2.c",
- "crypto/x509/x509_def.c",
- "crypto/x509/x509_ext.c",
- "crypto/x509/x509_lu.c",
- "crypto/x509/x509_obj.c",
- "crypto/x509/x509_req.c",
- "crypto/x509/x509_set.c",
- "crypto/x509/x509_trs.c",
- "crypto/x509/x509_txt.c",
- "crypto/x509/x509_v3.c",
- "crypto/x509/x509_vfy.c",
- "crypto/x509/x509_vpm.c",
- "crypto/x509/x509cset.c",
- "crypto/x509/x509name.c",
- "crypto/x509/x509rset.c",
- "crypto/x509/x509spki.c",
- "crypto/x509/x_algor.c",
- "crypto/x509/x_all.c",
- "crypto/x509/x_attrib.c",
- "crypto/x509/x_crl.c",
- "crypto/x509/x_exten.c",
- "crypto/x509/x_name.c",
- "crypto/x509/x_pubkey.c",
- "crypto/x509/x_req.c",
- "crypto/x509/x_sig.c",
- "crypto/x509/x_spki.c",
- "crypto/x509/x_val.c",
- "crypto/x509/x_x509.c",
- "crypto/x509/x_x509a.c",
- "gen/crypto/err_data.c"
+ "crypto/obj/obj.cc",
+ "crypto/obj/obj_xref.cc",
+ "crypto/pem/pem_all.cc",
+ "crypto/pem/pem_info.cc",
+ "crypto/pem/pem_lib.cc",
+ "crypto/pem/pem_oth.cc",
+ "crypto/pem/pem_pk8.cc",
+ "crypto/pem/pem_pkey.cc",
+ "crypto/pem/pem_x509.cc",
+ "crypto/pem/pem_xaux.cc",
+ "crypto/pkcs7/pkcs7.cc",
+ "crypto/pkcs7/pkcs7_x509.cc",
+ "crypto/pkcs8/p5_pbev2.cc",
+ "crypto/pkcs8/pkcs8.cc",
+ "crypto/pkcs8/pkcs8_x509.cc",
+ "crypto/poly1305/poly1305.cc",
+ "crypto/poly1305/poly1305_arm.cc",
+ "crypto/poly1305/poly1305_vec.cc",
+ "crypto/pool/pool.cc",
+ "crypto/rand_extra/deterministic.cc",
+ "crypto/rand_extra/fork_detect.cc",
+ "crypto/rand_extra/forkunsafe.cc",
+ "crypto/rand_extra/getentropy.cc",
+ "crypto/rand_extra/ios.cc",
+ "crypto/rand_extra/passive.cc",
+ "crypto/rand_extra/rand_extra.cc",
+ "crypto/rand_extra/trusty.cc",
+ "crypto/rand_extra/urandom.cc",
+ "crypto/rand_extra/windows.cc",
+ "crypto/rc4/rc4.cc",
+ "crypto/refcount.cc",
+ "crypto/rsa_extra/rsa_asn1.cc",
+ "crypto/rsa_extra/rsa_crypt.cc",
+ "crypto/rsa_extra/rsa_extra.cc",
+ "crypto/rsa_extra/rsa_print.cc",
+ "crypto/sha/sha1.cc",
+ "crypto/sha/sha256.cc",
+ "crypto/sha/sha512.cc",
+ "crypto/siphash/siphash.cc",
+ "crypto/slhdsa/fors.cc",
+ "crypto/slhdsa/merkle.cc",
+ "crypto/slhdsa/slhdsa.cc",
+ "crypto/slhdsa/thash.cc",
+ "crypto/slhdsa/wots.cc",
+ "crypto/spx/spx.cc",
+ "crypto/spx/spx_address.cc",
+ "crypto/spx/spx_fors.cc",
+ "crypto/spx/spx_merkle.cc",
+ "crypto/spx/spx_thash.cc",
+ "crypto/spx/spx_util.cc",
+ "crypto/spx/spx_wots.cc",
+ "crypto/stack/stack.cc",
+ "crypto/thread.cc",
+ "crypto/thread_none.cc",
+ "crypto/thread_pthread.cc",
+ "crypto/thread_win.cc",
+ "crypto/trust_token/pmbtoken.cc",
+ "crypto/trust_token/trust_token.cc",
+ "crypto/trust_token/voprf.cc",
+ "crypto/x509/a_digest.cc",
+ "crypto/x509/a_sign.cc",
+ "crypto/x509/a_verify.cc",
+ "crypto/x509/algorithm.cc",
+ "crypto/x509/asn1_gen.cc",
+ "crypto/x509/by_dir.cc",
+ "crypto/x509/by_file.cc",
+ "crypto/x509/i2d_pr.cc",
+ "crypto/x509/name_print.cc",
+ "crypto/x509/policy.cc",
+ "crypto/x509/rsa_pss.cc",
+ "crypto/x509/t_crl.cc",
+ "crypto/x509/t_req.cc",
+ "crypto/x509/t_x509.cc",
+ "crypto/x509/t_x509a.cc",
+ "crypto/x509/v3_akey.cc",
+ "crypto/x509/v3_akeya.cc",
+ "crypto/x509/v3_alt.cc",
+ "crypto/x509/v3_bcons.cc",
+ "crypto/x509/v3_bitst.cc",
+ "crypto/x509/v3_conf.cc",
+ "crypto/x509/v3_cpols.cc",
+ "crypto/x509/v3_crld.cc",
+ "crypto/x509/v3_enum.cc",
+ "crypto/x509/v3_extku.cc",
+ "crypto/x509/v3_genn.cc",
+ "crypto/x509/v3_ia5.cc",
+ "crypto/x509/v3_info.cc",
+ "crypto/x509/v3_int.cc",
+ "crypto/x509/v3_lib.cc",
+ "crypto/x509/v3_ncons.cc",
+ "crypto/x509/v3_ocsp.cc",
+ "crypto/x509/v3_pcons.cc",
+ "crypto/x509/v3_pmaps.cc",
+ "crypto/x509/v3_prn.cc",
+ "crypto/x509/v3_purp.cc",
+ "crypto/x509/v3_skey.cc",
+ "crypto/x509/v3_utl.cc",
+ "crypto/x509/x509.cc",
+ "crypto/x509/x509_att.cc",
+ "crypto/x509/x509_cmp.cc",
+ "crypto/x509/x509_d2.cc",
+ "crypto/x509/x509_def.cc",
+ "crypto/x509/x509_ext.cc",
+ "crypto/x509/x509_lu.cc",
+ "crypto/x509/x509_obj.cc",
+ "crypto/x509/x509_req.cc",
+ "crypto/x509/x509_set.cc",
+ "crypto/x509/x509_trs.cc",
+ "crypto/x509/x509_txt.cc",
+ "crypto/x509/x509_v3.cc",
+ "crypto/x509/x509_vfy.cc",
+ "crypto/x509/x509_vpm.cc",
+ "crypto/x509/x509cset.cc",
+ "crypto/x509/x509name.cc",
+ "crypto/x509/x509rset.cc",
+ "crypto/x509/x509spki.cc",
+ "crypto/x509/x_algor.cc",
+ "crypto/x509/x_all.cc",
+ "crypto/x509/x_attrib.cc",
+ "crypto/x509/x_crl.cc",
+ "crypto/x509/x_exten.cc",
+ "crypto/x509/x_name.cc",
+ "crypto/x509/x_pubkey.cc",
+ "crypto/x509/x_req.cc",
+ "crypto/x509/x_sig.cc",
+ "crypto/x509/x_spki.cc",
+ "crypto/x509/x_val.cc",
+ "crypto/x509/x_x509.cc",
+ "crypto/x509/x_x509a.cc",
+ "gen/crypto/err_data.cc"
],
"hdrs": [
"include/openssl/aead.h",
@@ -1023,23 +1023,23 @@
},
"decrepit": {
"srcs": [
- "decrepit/bio/base64_bio.c",
- "decrepit/blowfish/blowfish.c",
- "decrepit/cast/cast.c",
- "decrepit/cast/cast_tables.c",
- "decrepit/cfb/cfb.c",
- "decrepit/des/cfb64ede.c",
- "decrepit/dh/dh_decrepit.c",
- "decrepit/dsa/dsa_decrepit.c",
- "decrepit/evp/dss1.c",
- "decrepit/evp/evp_do_all.c",
- "decrepit/obj/obj_decrepit.c",
- "decrepit/rc4/rc4_decrepit.c",
- "decrepit/ripemd/ripemd.c",
- "decrepit/rsa/rsa_decrepit.c",
- "decrepit/ssl/ssl_decrepit.c",
- "decrepit/x509/x509_decrepit.c",
- "decrepit/xts/xts.c"
+ "decrepit/bio/base64_bio.cc",
+ "decrepit/blowfish/blowfish.cc",
+ "decrepit/cast/cast.cc",
+ "decrepit/cast/cast_tables.cc",
+ "decrepit/cfb/cfb.cc",
+ "decrepit/des/cfb64ede.cc",
+ "decrepit/dh/dh_decrepit.cc",
+ "decrepit/dsa/dsa_decrepit.cc",
+ "decrepit/evp/dss1.cc",
+ "decrepit/evp/evp_do_all.cc",
+ "decrepit/obj/obj_decrepit.cc",
+ "decrepit/rc4/rc4_decrepit.cc",
+ "decrepit/ripemd/ripemd.cc",
+ "decrepit/rsa/rsa_decrepit.cc",
+ "decrepit/ssl/ssl_decrepit.cc",
+ "decrepit/x509/x509_decrepit.cc",
+ "decrepit/xts/xts.cc"
],
"internal_hdrs": [
"decrepit/cast/internal.h",
diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h
index 7547b60..0f47d09 100644
--- a/include/openssl/asn1t.h
+++ b/include/openssl/asn1t.h
@@ -9,7 +9,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -57,8 +57,8 @@
#ifndef OPENSSL_HEADER_ASN1T_H
#define OPENSSL_HEADER_ASN1T_H
-#include <openssl/base.h>
#include <openssl/asn1.h>
+#include <openssl/base.h>
#if defined(__cplusplus)
extern "C" {
@@ -81,32 +81,23 @@
/* Macros for start and end of ASN1_ITEM definition */
-#define ASN1_ITEM_start(itname) \
- const ASN1_ITEM itname##_it = {
-
+#define ASN1_ITEM_start(itname) const ASN1_ITEM itname##_it = {
#define ASN1_ITEM_end(itname) \
- };
+ } \
+ ;
/* Macros to aid ASN1 template writing */
-#define ASN1_ITEM_TEMPLATE(tname) \
- static const ASN1_TEMPLATE tname##_item_tt
+#define ASN1_ITEM_TEMPLATE(tname) static const ASN1_TEMPLATE tname##_item_tt
-#define ASN1_ITEM_TEMPLATE_END(tname) \
- ;\
- ASN1_ITEM_start(tname) \
- ASN1_ITYPE_PRIMITIVE,\
- -1,\
- &tname##_item_tt,\
- 0,\
- NULL,\
- 0,\
- #tname \
- ASN1_ITEM_end(tname)
+#define ASN1_ITEM_TEMPLATE_END(tname) \
+ ; \
+ ASN1_ITEM_start(tname) ASN1_ITYPE_PRIMITIVE, -1, &tname##_item_tt, 0, NULL, \
+ 0, #tname ASN1_ITEM_end(tname)
/* This is a ASN1 type which just embeds a template */
-
+
/* This pair helps declare a SEQUENCE. We can do:
*
* ASN1_SEQUENCE(stname) = {
@@ -127,50 +118,40 @@
* a structure called stname.
*/
-#define ASN1_SEQUENCE(tname) \
- static const ASN1_TEMPLATE tname##_seq_tt[]
+#define ASN1_SEQUENCE(tname) static const ASN1_TEMPLATE tname##_seq_tt[]
#define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname)
-#define ASN1_SEQUENCE_END_name(stname, tname) \
- ;\
- ASN1_ITEM_start(tname) \
- ASN1_ITYPE_SEQUENCE,\
- V_ASN1_SEQUENCE,\
- tname##_seq_tt,\
- sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
- NULL,\
- sizeof(stname),\
- #stname \
- ASN1_ITEM_end(tname)
+#define ASN1_SEQUENCE_END_name(stname, tname) \
+ ; \
+ ASN1_ITEM_start(tname) ASN1_ITYPE_SEQUENCE, V_ASN1_SEQUENCE, tname##_seq_tt, \
+ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE), NULL, sizeof(stname), \
+ #stname ASN1_ITEM_end(tname)
-#define ASN1_SEQUENCE_cb(tname, cb) \
- static const ASN1_AUX tname##_aux = {NULL, 0, 0, cb, 0}; \
- ASN1_SEQUENCE(tname)
+#define ASN1_SEQUENCE_cb(tname, cb) \
+ static const ASN1_AUX tname##_aux = {NULL, 0, 0, cb, 0}; \
+ ASN1_SEQUENCE(tname)
-#define ASN1_SEQUENCE_ref(tname, cb) \
- static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), cb, 0}; \
- ASN1_SEQUENCE(tname)
+#define ASN1_SEQUENCE_ref(tname, cb) \
+ static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, \
+ offsetof(tname, references), cb, 0}; \
+ ASN1_SEQUENCE(tname)
-#define ASN1_SEQUENCE_enc(tname, enc, cb) \
- static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, cb, offsetof(tname, enc)}; \
- ASN1_SEQUENCE(tname)
+#define ASN1_SEQUENCE_enc(tname, enc, cb) \
+ static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, cb, \
+ offsetof(tname, enc)}; \
+ ASN1_SEQUENCE(tname)
-#define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
+#define ASN1_SEQUENCE_END_enc(stname, tname) \
+ ASN1_SEQUENCE_END_ref(stname, tname)
#define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
-#define ASN1_SEQUENCE_END_ref(stname, tname) \
- ;\
- ASN1_ITEM_start(tname) \
- ASN1_ITYPE_SEQUENCE,\
- V_ASN1_SEQUENCE,\
- tname##_seq_tt,\
- sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
- &tname##_aux,\
- sizeof(stname),\
- #stname \
- ASN1_ITEM_end(tname)
+#define ASN1_SEQUENCE_END_ref(stname, tname) \
+ ; \
+ ASN1_ITEM_start(tname) ASN1_ITYPE_SEQUENCE, V_ASN1_SEQUENCE, tname##_seq_tt, \
+ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE), &tname##_aux, \
+ sizeof(stname), #stname ASN1_ITEM_end(tname)
/* This pair helps declare a CHOICE type. We can do:
@@ -189,152 +170,145 @@
* ASN1_SOMEOTHER *opt2;
* } value;
* } chname;
- *
+ *
* the name of the selector must be 'type'.
* to use an alternative selector name use the
* ASN1_CHOICE_END_selector() version.
*/
-#define ASN1_CHOICE(tname) \
- static const ASN1_TEMPLATE tname##_ch_tt[]
+#define ASN1_CHOICE(tname) static const ASN1_TEMPLATE tname##_ch_tt[]
-#define ASN1_CHOICE_cb(tname, cb) \
- static const ASN1_AUX tname##_aux = {NULL, 0, 0, cb, 0}; \
- ASN1_CHOICE(tname)
+#define ASN1_CHOICE_cb(tname, cb) \
+ static const ASN1_AUX tname##_aux = {NULL, 0, 0, cb, 0}; \
+ ASN1_CHOICE(tname)
#define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname)
-#define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type)
+#define ASN1_CHOICE_END_name(stname, tname) \
+ ASN1_CHOICE_END_selector(stname, tname, type)
-#define ASN1_CHOICE_END_selector(stname, tname, selname) \
- ;\
- ASN1_ITEM_start(tname) \
- ASN1_ITYPE_CHOICE,\
- offsetof(stname,selname) ,\
- tname##_ch_tt,\
- sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
- NULL,\
- sizeof(stname),\
- #stname \
- ASN1_ITEM_end(tname)
+#define ASN1_CHOICE_END_selector(stname, tname, selname) \
+ ; \
+ ASN1_ITEM_start(tname) ASN1_ITYPE_CHOICE, offsetof(stname, selname), \
+ tname##_ch_tt, sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE), NULL, \
+ sizeof(stname), #stname ASN1_ITEM_end(tname)
-#define ASN1_CHOICE_END_cb(stname, tname, selname) \
- ;\
- ASN1_ITEM_start(tname) \
- ASN1_ITYPE_CHOICE,\
- offsetof(stname,selname) ,\
- tname##_ch_tt,\
- sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
- &tname##_aux,\
- sizeof(stname),\
- #stname \
- ASN1_ITEM_end(tname)
+#define ASN1_CHOICE_END_cb(stname, tname, selname) \
+ ; \
+ ASN1_ITEM_start(tname) ASN1_ITYPE_CHOICE, offsetof(stname, selname), \
+ tname##_ch_tt, sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE), \
+ &tname##_aux, sizeof(stname), #stname ASN1_ITEM_end(tname)
/* This helps with the template wrapper form of ASN1_ITEM */
-#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \
- (flags), (tag), 0,\
- #name, ASN1_ITEM_ref(type) }
+#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) \
+ { (flags), (tag), 0, #name, ASN1_ITEM_ref(type) }
/* These help with SEQUENCE or CHOICE components */
/* used to declare other types */
-#define ASN1_EX_TYPE(flags, tag, stname, field, type) { \
- (flags), (tag), offsetof(stname, field),\
- #field, ASN1_ITEM_ref(type) }
+#define ASN1_EX_TYPE(flags, tag, stname, field, type) \
+ { (flags), (tag), offsetof(stname, field), #field, ASN1_ITEM_ref(type) }
/* implicit and explicit helper macros */
#define ASN1_IMP_EX(stname, field, type, tag, ex) \
- ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type)
+ ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type)
#define ASN1_EXP_EX(stname, field, type, tag, ex) \
- ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type)
+ ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type)
/* Any defined by macros: the field used is in the table itself */
-#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
+#define ASN1_ADB_OBJECT(tblname) \
+ { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
/* Plain simple type */
-#define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type)
+#define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0, 0, stname, field, type)
/* OPTIONAL simple type */
-#define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+#define ASN1_OPT(stname, field, type) \
+ ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type)
/* IMPLICIT tagged simple type */
-#define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0)
+#define ASN1_IMP(stname, field, type, tag) \
+ ASN1_IMP_EX(stname, field, type, tag, 0)
/* IMPLICIT tagged OPTIONAL simple type */
-#define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
+#define ASN1_IMP_OPT(stname, field, type, tag) \
+ ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
/* Same as above but EXPLICIT */
-#define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0)
-#define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
+#define ASN1_EXP(stname, field, type, tag) \
+ ASN1_EXP_EX(stname, field, type, tag, 0)
+#define ASN1_EXP_OPT(stname, field, type, tag) \
+ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
/* SEQUENCE OF type */
#define ASN1_SEQUENCE_OF(stname, field, type) \
- ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type)
+ ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type)
/* OPTIONAL SEQUENCE OF */
-#define ASN1_SEQUENCE_OF_OPT(stname, field, type) \
- ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+#define ASN1_SEQUENCE_OF_OPT(stname, field, type) \
+ ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, 0, stname, field, \
+ type)
/* Same as above but for SET OF */
#define ASN1_SET_OF(stname, field, type) \
- ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type)
+ ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type)
#define ASN1_SET_OF_OPT(stname, field, type) \
- ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+ ASN1_EX_TYPE(ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL, 0, stname, field, type)
/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */
#define ASN1_IMP_SET_OF(stname, field, type, tag) \
- ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
+ ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
#define ASN1_EXP_SET_OF(stname, field, type, tag) \
- ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
+ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
#define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \
- ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
+ ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL)
#define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \
- ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
+ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL)
#define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \
- ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
+ ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
#define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \
- ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
+ ASN1_IMP_EX(stname, field, type, tag, \
+ ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL)
#define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \
- ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
+ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
#define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \
- ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
+ ASN1_EXP_EX(stname, field, type, tag, \
+ ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL)
/* Macros for the ASN1_ADB structure */
-#define ASN1_ADB(name) \
- static const ASN1_ADB_TABLE name##_adbtbl[]
+#define ASN1_ADB(name) static const ASN1_ADB_TABLE name##_adbtbl[]
#define ASN1_ADB_END(name, flags, field, app_table, def, none) \
- ;\
- static const ASN1_ADB name##_adb = {\
- flags,\
- offsetof(name, field),\
- app_table,\
- name##_adbtbl,\
- sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
- def,\
- none\
- }
+ ; \
+ static const ASN1_ADB name##_adb = { \
+ flags, \
+ offsetof(name, field), \
+ app_table, \
+ name##_adbtbl, \
+ sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE), \
+ def, \
+ none}
-#define ADB_ENTRY(val, template) {val, template}
+#define ADB_ENTRY(val, template) \
+ { val, template }
-#define ASN1_ADB_TEMPLATE(name) \
- static const ASN1_TEMPLATE name##_tt
+#define ASN1_ADB_TEMPLATE(name) static const ASN1_TEMPLATE name##_tt
/* This is the ASN1 template structure that defines
* a wrapper round the actual type. It determines the
@@ -343,11 +317,11 @@
*/
struct ASN1_TEMPLATE_st {
-uint32_t flags; /* Various flags */
-int tag; /* tag, not used if no tagging */
-unsigned long offset; /* Offset of this field in structure */
-const char *field_name; /* Field name */
-ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */
+ uint32_t flags; /* Various flags */
+ int tag; /* tag, not used if no tagging */
+ unsigned long offset; /* Offset of this field in structure */
+ const char *field_name; /* Field name */
+ ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */
};
/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */
@@ -361,33 +335,33 @@
typedef struct asn1_must_be_null_st ASN1_MUST_BE_NULL;
struct ASN1_ADB_st {
- uint32_t flags; /* Various flags */
- unsigned long offset; /* Offset of selector field */
- ASN1_MUST_BE_NULL *unused;
- const ASN1_ADB_TABLE *tbl; /* Table of possible types */
- long tblcount; /* Number of entries in tbl */
- const ASN1_TEMPLATE *default_tt; /* Type to use if no match */
- const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */
+ uint32_t flags; /* Various flags */
+ unsigned long offset; /* Offset of selector field */
+ ASN1_MUST_BE_NULL *unused;
+ const ASN1_ADB_TABLE *tbl; /* Table of possible types */
+ long tblcount; /* Number of entries in tbl */
+ const ASN1_TEMPLATE *default_tt; /* Type to use if no match */
+ const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */
};
struct ASN1_ADB_TABLE_st {
- int value; /* NID for an object */
- const ASN1_TEMPLATE tt; /* item for this value */
+ int value; /* NID for an object */
+ const ASN1_TEMPLATE tt; /* item for this value */
};
/* template flags */
/* Field is optional */
-#define ASN1_TFLG_OPTIONAL (0x1)
+#define ASN1_TFLG_OPTIONAL (0x1)
/* Field is a SET OF */
-#define ASN1_TFLG_SET_OF (0x1 << 1)
+#define ASN1_TFLG_SET_OF (0x1 << 1)
/* Field is a SEQUENCE OF */
-#define ASN1_TFLG_SEQUENCE_OF (0x2 << 1)
+#define ASN1_TFLG_SEQUENCE_OF (0x2 << 1)
/* Mask for SET OF or SEQUENCE OF */
-#define ASN1_TFLG_SK_MASK (0x3 << 1)
+#define ASN1_TFLG_SK_MASK (0x3 << 1)
/* These flags mean the tag should be taken from the
* tag field. If EXPLICIT then the underlying type
@@ -395,36 +369,36 @@
*/
/* IMPLICIT tagging */
-#define ASN1_TFLG_IMPTAG (0x1 << 3)
+#define ASN1_TFLG_IMPTAG (0x1 << 3)
/* EXPLICIT tagging, inner tag from underlying type */
-#define ASN1_TFLG_EXPTAG (0x2 << 3)
+#define ASN1_TFLG_EXPTAG (0x2 << 3)
-#define ASN1_TFLG_TAG_MASK (0x3 << 3)
+#define ASN1_TFLG_TAG_MASK (0x3 << 3)
/* context specific IMPLICIT */
-#define ASN1_TFLG_IMPLICIT ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT
+#define ASN1_TFLG_IMPLICIT ASN1_TFLG_IMPTAG | ASN1_TFLG_CONTEXT
/* context specific EXPLICIT */
-#define ASN1_TFLG_EXPLICIT ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT
+#define ASN1_TFLG_EXPLICIT ASN1_TFLG_EXPTAG | ASN1_TFLG_CONTEXT
/* If tagging is in force these determine the
* type of tag to use. Otherwise the tag is
- * determined by the underlying type. These
+ * determined by the underlying type. These
* values reflect the actual octet format.
*/
-/* Universal tag */
-#define ASN1_TFLG_UNIVERSAL (0x0<<6)
-/* Application tag */
-#define ASN1_TFLG_APPLICATION (0x1<<6)
-/* Context specific tag */
-#define ASN1_TFLG_CONTEXT (0x2<<6)
-/* Private tag */
-#define ASN1_TFLG_PRIVATE (0x3<<6)
+/* Universal tag */
+#define ASN1_TFLG_UNIVERSAL (0x0 << 6)
+/* Application tag */
+#define ASN1_TFLG_APPLICATION (0x1 << 6)
+/* Context specific tag */
+#define ASN1_TFLG_CONTEXT (0x2 << 6)
+/* Private tag */
+#define ASN1_TFLG_PRIVATE (0x3 << 6)
-#define ASN1_TFLG_TAG_CLASS (0x3<<6)
+#define ASN1_TFLG_TAG_CLASS (0x3 << 6)
/* These are for ANY DEFINED BY type. In this case
* the 'item' field points to an ASN1_ADB structure
@@ -432,20 +406,21 @@
* relevant type
*/
-#define ASN1_TFLG_ADB_MASK (0x3<<8)
+#define ASN1_TFLG_ADB_MASK (0x3 << 8)
-#define ASN1_TFLG_ADB_OID (0x1<<8)
+#define ASN1_TFLG_ADB_OID (0x1 << 8)
/* This is the actual ASN1 item itself */
struct ASN1_ITEM_st {
-char itype; /* The item type, primitive, SEQUENCE, CHOICE or extern */
-int utype; /* underlying type */
-const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains the contents */
-long tcount; /* Number of templates if SEQUENCE or CHOICE */
-const void *funcs; /* functions that handle this type */
-long size; /* Structure size (usually)*/
-const char *sname; /* Structure name */
+ char itype; /* The item type, primitive, SEQUENCE, CHOICE or extern */
+ int utype; /* underlying type */
+ const ASN1_TEMPLATE
+ *templates; /* If SEQUENCE or CHOICE this contains the contents */
+ long tcount; /* Number of templates if SEQUENCE or CHOICE */
+ const void *funcs; /* functions that handle this type */
+ long size; /* Structure size (usually)*/
+ const char *sname; /* Structure name */
};
/* These are values for the itype field and
@@ -454,7 +429,7 @@
* For PRIMITIVE types the underlying type
* determines the behaviour if items is NULL.
*
- * Otherwise templates must contain a single
+ * Otherwise templates must contain a single
* template and the type is treated in the
* same way as the type specified in the template.
*
@@ -468,7 +443,7 @@
* selector.
*
* The 'funcs' field is used for application
- * specific functions.
+ * specific functions.
*
* The EXTERN type uses a new style d2i/i2d.
* The new style should be used where possible
@@ -484,15 +459,15 @@
*
*/
-#define ASN1_ITYPE_PRIMITIVE 0x0
+#define ASN1_ITYPE_PRIMITIVE 0x0
-#define ASN1_ITYPE_SEQUENCE 0x1
+#define ASN1_ITYPE_SEQUENCE 0x1
-#define ASN1_ITYPE_CHOICE 0x2
+#define ASN1_ITYPE_CHOICE 0x2
-#define ASN1_ITYPE_EXTERN 0x4
+#define ASN1_ITYPE_EXTERN 0x4
-#define ASN1_ITYPE_MSTRING 0x5
+#define ASN1_ITYPE_MSTRING 0x5
/* Deprecated tag and length cache */
struct ASN1_TLC_st;
@@ -507,7 +482,7 @@
* used. This is most useful where the supplied routines
* *almost* do the right thing but need some extra help
* at a few points. If the callback returns zero then
- * it is assumed a fatal error has occurred and the
+ * it is assumed a fatal error has occurred and the
* main operation should be abandoned.
*
* If major changes in the default behaviour are required
@@ -515,142 +490,129 @@
*/
typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it,
- void *exarg);
+ void *exarg);
typedef struct ASN1_AUX_st {
- void *app_data;
- uint32_t flags;
- int ref_offset; /* Offset of reference value */
- ASN1_aux_cb *asn1_cb;
- int enc_offset; /* Offset of ASN1_ENCODING structure */
+ void *app_data;
+ uint32_t flags;
+ int ref_offset; /* Offset of reference value */
+ ASN1_aux_cb *asn1_cb;
+ int enc_offset; /* Offset of ASN1_ENCODING structure */
} ASN1_AUX;
/* Flags in ASN1_AUX */
/* Use a reference count */
-#define ASN1_AFLG_REFCOUNT 1
+#define ASN1_AFLG_REFCOUNT 1
/* Save the encoding of structure (useful for signatures) */
-#define ASN1_AFLG_ENCODING 2
+#define ASN1_AFLG_ENCODING 2
/* operation values for asn1_cb */
-#define ASN1_OP_NEW_PRE 0
-#define ASN1_OP_NEW_POST 1
-#define ASN1_OP_FREE_PRE 2
-#define ASN1_OP_FREE_POST 3
-#define ASN1_OP_D2I_PRE 4
-#define ASN1_OP_D2I_POST 5
+#define ASN1_OP_NEW_PRE 0
+#define ASN1_OP_NEW_POST 1
+#define ASN1_OP_FREE_PRE 2
+#define ASN1_OP_FREE_POST 3
+#define ASN1_OP_D2I_PRE 4
+#define ASN1_OP_D2I_POST 5
/* ASN1_OP_I2D_PRE and ASN1_OP_I2D_POST are not supported. We leave the
* constants undefined so code relying on them does not accidentally compile. */
-#define ASN1_OP_PRINT_PRE 8
-#define ASN1_OP_PRINT_POST 9
-#define ASN1_OP_STREAM_PRE 10
-#define ASN1_OP_STREAM_POST 11
-#define ASN1_OP_DETACHED_PRE 12
-#define ASN1_OP_DETACHED_POST 13
+#define ASN1_OP_PRINT_PRE 8
+#define ASN1_OP_PRINT_POST 9
+#define ASN1_OP_STREAM_PRE 10
+#define ASN1_OP_STREAM_POST 11
+#define ASN1_OP_DETACHED_PRE 12
+#define ASN1_OP_DETACHED_POST 13
/* Macro to implement a primitive type */
#define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)
-#define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \
- ASN1_ITEM_start(itname) \
- ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \
- ASN1_ITEM_end(itname)
+#define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \
+ ASN1_ITEM_start(itname) ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, \
+ #itname ASN1_ITEM_end(itname)
/* Macro to implement a multi string type */
-#define IMPLEMENT_ASN1_MSTRING(itname, mask) \
- ASN1_ITEM_start(itname) \
- ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \
- ASN1_ITEM_end(itname)
+#define IMPLEMENT_ASN1_MSTRING(itname, mask) \
+ ASN1_ITEM_start(itname) ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, \
+ sizeof(ASN1_STRING), #itname ASN1_ITEM_end(itname)
-#define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \
- ASN1_ITEM_start(sname) \
- ASN1_ITYPE_EXTERN, \
- tag, \
- NULL, \
- 0, \
- &fptrs, \
- 0, \
- #sname \
- ASN1_ITEM_end(sname)
+#define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \
+ ASN1_ITEM_start(sname) ASN1_ITYPE_EXTERN, tag, NULL, 0, &fptrs, 0, \
+ #sname ASN1_ITEM_end(sname)
/* Macro to implement standard functions in terms of ASN1_ITEM structures */
-#define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname)
+#define IMPLEMENT_ASN1_FUNCTIONS(stname) \
+ IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname)
-#define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname)
+#define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) \
+ IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname)
#define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \
- IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname)
+ IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname)
#define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \
- IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname)
+ IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname)
#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \
- IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname)
+ IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname)
#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \
- pre stname *fname##_new(void) \
- { \
- return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
- } \
- pre void fname##_free(stname *a) \
- { \
- ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
- }
+ pre stname *fname##_new(void) { \
+ return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
+ } \
+ pre void fname##_free(stname *a) { \
+ ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
+ }
#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \
- stname *fname##_new(void) \
- { \
- return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
- } \
- void fname##_free(stname *a) \
- { \
- ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
- }
+ stname *fname##_new(void) { \
+ return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
+ } \
+ void fname##_free(stname *a) { \
+ ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
+ }
-#define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \
- IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
- IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
+#define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \
+ IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
+ IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
-#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
- stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
- { \
- return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
- } \
- int i2d_##fname(stname *a, unsigned char **out) \
- { \
- return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
- }
+#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
+ stname *d2i_##fname(stname **a, const unsigned char **in, long len) { \
+ return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, \
+ ASN1_ITEM_rptr(itname)); \
+ } \
+ int i2d_##fname(stname *a, unsigned char **out) { \
+ return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname)); \
+ }
/* This includes evil casts to remove const: they will go away when full
* ASN1 constification is done.
*/
#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
- stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
- { \
- return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
- } \
- int i2d_##fname(const stname *a, unsigned char **out) \
- { \
- return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
- }
-
-#define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \
- stname *stname##_dup(stname *x) { \
- return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \
+ stname *d2i_##fname(stname **a, const unsigned char **in, long len) { \
+ return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, \
+ ASN1_ITEM_rptr(itname)); \
+ } \
+ int i2d_##fname(const stname *a, unsigned char **out) { \
+ return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname)); \
}
-#define IMPLEMENT_ASN1_DUP_FUNCTION_const(stname) \
- stname *stname##_dup(const stname *x) { \
- return ASN1_item_dup(ASN1_ITEM_rptr(stname), (void *)x); \
+#define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \
+ stname *stname##_dup(stname *x) { \
+ return (stname *)ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \
+ }
+
+#define IMPLEMENT_ASN1_DUP_FUNCTION_const(stname) \
+ stname *stname##_dup(const stname *x) { \
+ return (stname *)ASN1_item_dup(ASN1_ITEM_rptr(stname), (void *)x); \
}
#define IMPLEMENT_ASN1_FUNCTIONS_const(name) \
- IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name)
+ IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name)
-#define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \
- IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
- IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
+#define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \
+ IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
+ IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
/* external definitions for primitive types */
diff --git a/include/openssl/base.h b/include/openssl/base.h
index e95efba..ecd878a 100644
--- a/include/openssl/base.h
+++ b/include/openssl/base.h
@@ -171,8 +171,8 @@
// https://sourceforge.net/p/mingw-w64/wiki2/gnu%20printf/.
#if defined(__MINGW_PRINTF_FORMAT)
#define OPENSSL_PRINTF_FORMAT_FUNC(string_index, first_to_check) \
- __attribute__( \
- (__format__(__MINGW_PRINTF_FORMAT, string_index, first_to_check)))
+ __attribute__(( \
+ __format__(__MINGW_PRINTF_FORMAT, string_index, first_to_check)))
#else
#define OPENSSL_PRINTF_FORMAT_FUNC(string_index, first_to_check) \
__attribute__((__format__(__printf__, string_index, first_to_check)))
@@ -197,6 +197,13 @@
#if defined(__GNUC__) || defined(__clang__)
#define OPENSSL_UNUSED __attribute__((unused))
+#elif defined(_MSC_VER)
+// __pragma wants to be on a separate line. The following is what it takes to
+// stop clang-format from messing with that.
+// clang-format off
+#define OPENSSL_UNUSED __pragma(warning(suppress : 4505)) \
+/* */
+// clang-format on
#else
#define OPENSSL_UNUSED
#endif
@@ -438,7 +445,7 @@
#define BORINGSSL_NO_CXX
#endif
-} // extern C++
+} // extern C++
#endif // !BORINGSSL_NO_CXX
#if defined(BORINGSSL_NO_CXX)
@@ -482,7 +489,7 @@
~StackAllocated() { cleanup(&ctx_); }
StackAllocated(const StackAllocated &) = delete;
- StackAllocated& operator=(const StackAllocated &) = delete;
+ StackAllocated &operator=(const StackAllocated &) = delete;
T *get() { return &ctx_; }
const T *get() const { return &ctx_; }
diff --git a/third_party/fiat/curve25519_32.h b/third_party/fiat/curve25519_32.h
index cb83c60..45dd682 100644
--- a/third_party/fiat/curve25519_32.h
+++ b/third_party/fiat/curve25519_32.h
@@ -928,6 +928,8 @@
out1[9] = x10;
}
+/* Not used in BoringSSL. */
+#if 0
/*
* The function fiat_25519_selectznz is a multi-limb conditional select.
*
@@ -973,6 +975,7 @@
out1[8] = x9;
out1[9] = x10;
}
+#endif
/*
* The function fiat_25519_to_bytes serializes a field element to bytes in little-endian order.
@@ -1410,6 +1413,8 @@
out1[9] = x78;
}
+/* Not used in BoringSSL. */
+#if 0
/*
* The function fiat_25519_relax is the identity function converting from tight field elements to loose field elements.
*
@@ -1449,6 +1454,7 @@
out1[8] = x9;
out1[9] = x10;
}
+#endif
/*
* The function fiat_25519_carry_scmul_121666 multiplies a field element by 121666 and reduces the result.
diff --git a/third_party/fiat/curve25519_64.h b/third_party/fiat/curve25519_64.h
index faed049..ea5b78f 100644
--- a/third_party/fiat/curve25519_64.h
+++ b/third_party/fiat/curve25519_64.h
@@ -471,6 +471,8 @@
out1[4] = x5;
}
+/* Not used in BoringSSL. */
+#if 0
/*
* The function fiat_25519_selectznz is a multi-limb conditional select.
*
@@ -501,6 +503,7 @@
out1[3] = x4;
out1[4] = x5;
}
+#endif
/*
* The function fiat_25519_to_bytes serializes a field element to bytes in little-endian order.
@@ -877,6 +880,8 @@
out1[4] = x71;
}
+/* Not used in BoringSSL. */
+#if 0
/*
* The function fiat_25519_relax is the identity function converting from tight field elements to loose field elements.
*
@@ -901,6 +906,7 @@
out1[3] = x4;
out1[4] = x5;
}
+#endif
/*
* The function fiat_25519_carry_scmul_121666 multiplies a field element by 121666 and reduces the result.
diff --git a/third_party/fiat/curve25519_64_adx.h b/third_party/fiat/curve25519_64_adx.h
index 8acfc1b..b902612 100644
--- a/third_party/fiat/curve25519_64_adx.h
+++ b/third_party/fiat/curve25519_64_adx.h
@@ -611,7 +611,10 @@
uint8_t babs = b - ((bnegative & b) << 1);
uint8_t t_bytes[3][32] = {
- {constant_time_is_zero_w(b) & 1}, {constant_time_is_zero_w(b) & 1}, {0}};
+ {static_cast<uint8_t>(constant_time_is_zero_w(b) & 1)},
+ {static_cast<uint8_t>(constant_time_is_zero_w(b) & 1)},
+ {0},
+ };
#if defined(__clang__)
__asm__("" : "+m" (t_bytes) : /*no inputs*/);
#endif
diff --git a/third_party/fiat/p256_32.h b/third_party/fiat/p256_32.h
index 3812d8c..e184049 100644
--- a/third_party/fiat/p256_32.h
+++ b/third_party/fiat/p256_32.h
@@ -23,7 +23,7 @@
#if defined(__GNUC__) || defined(__clang__)
# define FIAT_P256_FIAT_INLINE __inline__
#else
-# define FIAT_P256_FIAT_INLINE
+# define FIAT_P256_FIAT_INLINE inline
#endif
/* The type fiat_p256_montgomery_domain_field_element is a field element in the Montgomery domain. */
diff --git a/third_party/fiat/p256_64.h b/third_party/fiat/p256_64.h
index 6667b31..48a1560 100644
--- a/third_party/fiat/p256_64.h
+++ b/third_party/fiat/p256_64.h
@@ -1,8 +1,11 @@
#include <openssl/base.h>
#include "../../crypto/internal.h"
+
#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) && defined(__x86_64__)
+extern "C" {
void fiat_p256_adx_mul(uint64_t*, const uint64_t*, const uint64_t*);
void fiat_p256_adx_sqr(uint64_t*, const uint64_t*);
+}
#endif
/* Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --inline --static --use-value-barrier p256 64 '2^256 - 2^224 + 2^192 + 2^96 - 1' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp */
diff --git a/util/fipstools/CMakeLists.txt b/util/fipstools/CMakeLists.txt
index 69e1284..ff33b4f 100644
--- a/util/fipstools/CMakeLists.txt
+++ b/util/fipstools/CMakeLists.txt
@@ -1,6 +1,6 @@
add_executable(
test_fips
- test_fips.c
+ test_fips.cc
)
target_link_libraries(test_fips crypto)
diff --git a/util/fipstools/delocate/delocate.go b/util/fipstools/delocate/delocate.go
index 64eb0cf..fa3de15 100644
--- a/util/fipstools/delocate/delocate.go
+++ b/util/fipstools/delocate/delocate.go
@@ -195,7 +195,7 @@
if len(args) < 1 {
return nil, errors.New("comm directive has no arguments")
}
- d.bssAccessorsNeeded[args[0]] = args[0]
+ d.bssAccessorsNeeded[demangle(args[0])] = args[0]
d.writeNode(statement)
case "data":
@@ -1303,7 +1303,7 @@
localSymbol := localTargetName(symbol)
d.output.WriteString(fmt.Sprintf("\n%s:\n", localSymbol))
- d.bssAccessorsNeeded[symbol] = localSymbol
+ d.bssAccessorsNeeded[demangle(symbol)] = localSymbol
}
case ruleLabelContainingDirective:
@@ -1813,6 +1813,42 @@
return "bcm_redirector_" + symbol
}
+// Optionally demangle C++ local variable names.
+func demangle(symbol string) string {
+ if !strings.HasPrefix(symbol, "_Z") {
+ return symbol
+ }
+
+ // The names must have the form "_ZL", followed by the length of the name
+ // in base 10, followed by the name.
+ if !strings.HasPrefix(symbol, "_ZL") {
+ panic("malformed symbol: starts with _Z but not _ZL")
+ }
+
+ if len(symbol) < 4 {
+ panic("malformed symbol: too short")
+ }
+
+ pos := 3
+ for pos < len(symbol) && '0' <= symbol[pos] && symbol[pos] <= '9' {
+ pos++
+ }
+ if pos == 3 {
+ panic("malformed symbol: no length digits")
+ }
+
+ length, err := strconv.Atoi(symbol[3:pos])
+ if err != nil {
+ panic("malformed symbol: invalid length")
+ }
+
+ if len(symbol[pos:]) != length {
+ panic("malformed symbol: length mismatch")
+ }
+
+ return symbol[pos:]
+}
+
// sectionType returns the type of a section. I.e. a section called “.text.foo”
// is a “.text” section.
func sectionType(section string) (string, bool) {
diff --git a/util/fipstools/test_fips.c b/util/fipstools/test_fips.cc
similarity index 92%
rename from util/fipstools/test_fips.c
rename to util/fipstools/test_fips.cc
index d225a5d..aa81f42 100644
--- a/util/fipstools/test_fips.c
+++ b/util/fipstools/test_fips.cc
@@ -50,7 +50,7 @@
}
#endif
-int main(int argc, char **argv) {
+static int run_test() {
// Ensure that the output is line-buffered rather than fully buffered. When
// some of the tests fail, some of the output can otherwise be lost.
setvbuf(stdout, NULL, _IOLBF, 0);
@@ -58,14 +58,14 @@
if (!FIPS_mode()) {
printf("Module not in FIPS mode\n");
- goto err;
+ return 0;
}
printf("Module is in FIPS mode\n");
const uint32_t module_version = FIPS_version();
if (module_version == 0) {
printf("No module version set\n");
- goto err;
+ return 0;
}
printf("Module: '%s', version: %" PRIu32 " hash:\n", FIPS_module_name(),
module_version);
@@ -74,7 +74,7 @@
// |module_version| will be zero, so the non-FIPS build will never get
// this far.
printf("Non zero module version in non-FIPS build - should not happen!\n");
- goto err;
+ return 0;
#else
#if defined(OPENSSL_ASAN)
printf("(not available when compiled for ASAN)");
@@ -82,23 +82,23 @@
hexdump(FIPS_module_hash(), SHA256_DIGEST_LENGTH);
#endif
- static const uint8_t kAESKey[16] = "BoringCrypto Key";
+ static const uint8_t kAESKey[16] = "BoringCrypto Ky";
static const uint8_t kPlaintext[64] =
- "BoringCryptoModule FIPS KAT Encryption and Decryption Plaintext!";
- static const DES_cblock kDESKey1 = {"BCMDESK1"};
- static const DES_cblock kDESKey2 = {"BCMDESK2"};
- static const DES_cblock kDESKey3 = {"BCMDESK3"};
- static const DES_cblock kDESIV = {"BCMDESIV"};
+ "BoringCryptoModule FIPS KAT Encryption and Decryption Plaintext";
+ static const DES_cblock kDESKey1 = {"BCMDES1"};
+ static const DES_cblock kDESKey2 = {"BCMDES2"};
+ static const DES_cblock kDESKey3 = {"BCMDES3"};
+ static const DES_cblock kDESIV = {"BCMDESI"};
static const uint8_t kPlaintextSHA256[32] = {
0x37, 0xbd, 0x70, 0x53, 0x72, 0xfc, 0xd4, 0x03, 0x79, 0x70, 0xfb,
0x06, 0x95, 0xb1, 0x2a, 0x82, 0x48, 0xe1, 0x3e, 0xf2, 0x33, 0xfb,
0xef, 0x29, 0x81, 0x22, 0x45, 0x40, 0x43, 0x70, 0xce, 0x0f};
const uint8_t kDRBGEntropy[48] =
- "DBRG Initial Entropy ";
- const uint8_t kDRBGPersonalization[18] = "BCMPersonalization";
- const uint8_t kDRBGAD[16] = "BCM DRBG AD ";
+ "DBRG Initial Entropy ";
+ const uint8_t kDRBGPersonalization[19] = "BCMPersonalization";
+ const uint8_t kDRBGAD[16] = "BCM DRBG AD ";
const uint8_t kDRBGEntropy2[48] =
- "DBRG Reseed Entropy ";
+ "DBRG Reseed Entropy ";
AES_KEY aes_key;
uint8_t aes_iv[16];
@@ -108,7 +108,7 @@
memset(aes_iv, 0, sizeof(aes_iv));
if (AES_set_encrypt_key(kAESKey, 8 * sizeof(kAESKey), &aes_key) != 0) {
printf("AES_set_encrypt_key failed\n");
- goto err;
+ return 0;
}
printf("About to AES-CBC encrypt ");
@@ -122,7 +122,7 @@
memset(aes_iv, 0, sizeof(aes_iv));
if (AES_set_decrypt_key(kAESKey, 8 * sizeof(kAESKey), &aes_key) != 0) {
printf("AES decrypt failed\n");
- goto err;
+ return 0;
}
printf("About to AES-CBC decrypt ");
hexdump(output, sizeof(kPlaintext));
@@ -138,7 +138,7 @@
if (!EVP_AEAD_CTX_init(&aead_ctx, EVP_aead_aes_128_gcm(), kAESKey,
sizeof(kAESKey), 0, NULL)) {
printf("EVP_AEAD_CTX_init failed\n");
- goto err;
+ return 0;
}
/* AES-GCM Encryption */
@@ -148,7 +148,7 @@
EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm()),
kPlaintext, sizeof(kPlaintext), NULL, 0)) {
printf("AES-GCM encrypt failed\n");
- goto err;
+ return 0;
}
printf(" got ");
hexdump(output, out_len);
@@ -160,7 +160,7 @@
EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm()), output,
out_len, NULL, 0)) {
printf("AES-GCM decrypt failed\n");
- goto err;
+ return 0;
}
printf(" got ");
hexdump(output, out_len);
@@ -216,7 +216,7 @@
printf("About to generate RSA key\n");
if (!RSA_generate_key_fips(rsa_key, 2048, NULL)) {
printf("RSA_generate_key_fips failed\n");
- goto err;
+ return 0;
}
/* RSA Sign */
@@ -226,7 +226,7 @@
if (!RSA_sign(NID_sha256, kPlaintextSHA256, sizeof(kPlaintextSHA256), output,
&sig_len, rsa_key)) {
printf("RSA Sign failed\n");
- goto err;
+ return 0;
}
printf(" got ");
hexdump(output, sig_len);
@@ -237,7 +237,7 @@
if (!RSA_verify(NID_sha256, kPlaintextSHA256, sizeof(kPlaintextSHA256),
output, sig_len, rsa_key)) {
printf("RSA Verify failed.\n");
- goto err;
+ return 0;
}
RSA_free(rsa_key);
@@ -251,19 +251,19 @@
printf(
"RSA_generate_key_fips unexpectedly succeeded with null output "
"parameter\n");
- goto err;
+ return 0;
}
EC_KEY *ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
if (ec_key == NULL) {
printf("invalid ECDSA key\n");
- goto err;
+ return 0;
}
printf("About to generate P-256 key\n");
if (!EC_KEY_generate_key_fips(ec_key)) {
printf("EC_KEY_generate_key_fips failed\n");
- goto err;
+ return 0;
}
/* Primitive Z Computation */
@@ -277,7 +277,7 @@
z_result, sizeof(z_result),
NULL) != sizeof(z_result)) {
fprintf(stderr, "EC_POINT_mul failed.\n");
- goto err;
+ return 0;
}
EC_POINT_free(z_point);
@@ -292,7 +292,7 @@
if (sig == NULL || !ECDSA_do_verify(kPlaintextSHA256,
sizeof(kPlaintextSHA256), sig, ec_key)) {
printf("ECDSA Sign/Verify PWCT failed.\n");
- goto err;
+ return 0;
}
ECDSA_SIG_free(sig);
@@ -307,7 +307,7 @@
printf(
"EC_KEY_generate_key_fips unexpectedly succeeded with a NULL output "
"pointer.\n");
- goto err;
+ return 0;
}
/* ECDSA with an invalid public key. */
@@ -318,7 +318,7 @@
printf("Error while parsing invalid ECDSA public key\n");
} else {
printf("Unexpected success while parsing invalid ECDSA public key\n");
- goto err;
+ return 0;
}
EC_KEY_free(ec_key);
@@ -334,7 +334,7 @@
!CTR_DRBG_generate(&drbg, output, sizeof(output), kDRBGAD,
sizeof(kDRBGAD))) {
printf("DRBG failed\n");
- goto err;
+ return 0;
}
printf(" generated ");
hexdump(output, sizeof(output));
@@ -347,7 +347,7 @@
sizeof(kAESKey), (const uint8_t *)"salt", 4, kPlaintextSHA256,
sizeof(kPlaintextSHA256))) {
fprintf(stderr, "HKDF failed.\n");
- goto err;
+ return 0;
}
printf(" got ");
hexdump(hkdf_output, sizeof(hkdf_output));
@@ -360,7 +360,7 @@
sizeof(kPlaintextSHA256), kPlaintextSHA256,
sizeof(kPlaintextSHA256))) {
fprintf(stderr, "TLS v1.0 KDF failed.\n");
- goto err;
+ return 0;
}
printf(" got ");
hexdump(tls10_output, sizeof(tls10_output));
@@ -373,7 +373,7 @@
sizeof(kPlaintextSHA256), kPlaintextSHA256,
sizeof(kPlaintextSHA256))) {
fprintf(stderr, "TLS v1.2 KDF failed.\n");
- goto err;
+ return 0;
}
printf(" got ");
hexdump(tls12_output, sizeof(tls12_output));
@@ -386,7 +386,7 @@
sizeof(kAESKey), (const uint8_t *)"foo", 3, kPlaintextSHA256,
sizeof(kPlaintextSHA256))) {
fprintf(stderr, "TLS v1.3 KDF failed.\n");
- goto err;
+ return 0;
}
printf(" got ");
hexdump(tls13_output, sizeof(tls13_output));
@@ -399,7 +399,7 @@
DH_compute_key_padded(dh_result, DH_get0_pub_key(dh), dh) !=
sizeof(dh_result)) {
fprintf(stderr, "FFDH failed.\n");
- goto err;
+ return 0;
}
DH_free(dh);
@@ -407,11 +407,15 @@
hexdump(dh_result, sizeof(dh_result));
printf("PASS\n");
- return 0;
-#endif // !defined(BORINGSSL_FIPS)
+ return 1;
+#endif // !defined(BORINGSSL_FIPS)
+}
-err:
- printf("FAIL\n");
- fflush(stdout);
- abort();
+int main(int argc, char **argv) {
+ if (!run_test()) {
+ printf("FAIL\n");
+ fflush(stdout);
+ abort();
+ }
+ return 0;
}
diff --git a/util/pregenerate/build.go b/util/pregenerate/build.go
index ca0cc96..d17ada0 100644
--- a/util/pregenerate/build.go
+++ b/util/pregenerate/build.go
@@ -32,7 +32,7 @@
// patterns as in filepath.Glob.
type InputTarget struct {
build.Target
- // ErrData contains a list of errordata files to combine into err_data.c.
+ // ErrData contains a list of errordata files to combine into err_data.cc.
ErrData []string `json:"err_data,omitempty"`
// The following fields define perlasm sources for the corresponding
// architecture.
diff --git a/util/pregenerate/err_data.go b/util/pregenerate/err_data.go
index 8d89d99..6757122 100644
--- a/util/pregenerate/err_data.go
+++ b/util/pregenerate/err_data.go
@@ -125,14 +125,17 @@
func (st *stringList) WriteTo(out stringWriter, name string) {
list := st.buildList()
values := "kOpenSSL" + name + "Values"
+ out.WriteString("extern const uint32_t " + values + "[];\n")
out.WriteString("const uint32_t " + values + "[] = {\n")
for _, v := range list {
fmt.Fprintf(out, " 0x%x,\n", v)
}
out.WriteString("};\n\n")
+ out.WriteString("extern const size_t " + values + "Len;\n")
out.WriteString("const size_t " + values + "Len = sizeof(" + values + ") / sizeof(" + values + "[0]);\n\n")
stringData := "kOpenSSL" + name + "StringData"
+ out.WriteString("extern const char " + stringData + "[];\n")
out.WriteString("const char " + stringData + "[] =\n \"")
for i, c := range st.stringData {
if c == 0 {
@@ -204,7 +207,7 @@
}
func (t *ErrDataTask) Destination() string {
- return path.Join("gen", t.TargetName, "err_data.c")
+ return path.Join("gen", t.TargetName, "err_data.cc")
}
func (t *ErrDataTask) Run() ([]byte, error) {
