diff --git a/build.json b/build.json index eaf1a3e..dcb03ce 100644 --- a/build.json +++ b/build.json
@@ -13,81 +13,81 @@ { "bcm": { "srcs": [ - "crypto/fipsmodule/bcm.c" + "crypto/fipsmodule/bcm.cc" ], "internal_hdrs": [ - "crypto/fipsmodule/aes/aes.c.inc", - "crypto/fipsmodule/aes/aes_nohw.c.inc", - "crypto/fipsmodule/aes/key_wrap.c.inc", - "crypto/fipsmodule/aes/mode_wrappers.c.inc", - "crypto/fipsmodule/bn/add.c.inc", - "crypto/fipsmodule/bn/asm/x86_64-gcc.c.inc", - "crypto/fipsmodule/bn/bn.c.inc", - "crypto/fipsmodule/bn/bytes.c.inc", - "crypto/fipsmodule/bn/cmp.c.inc", - "crypto/fipsmodule/bn/ctx.c.inc", - "crypto/fipsmodule/bn/div.c.inc", - "crypto/fipsmodule/bn/div_extra.c.inc", - "crypto/fipsmodule/bn/exponentiation.c.inc", - "crypto/fipsmodule/bn/gcd.c.inc", - "crypto/fipsmodule/bn/gcd_extra.c.inc", - "crypto/fipsmodule/bn/generic.c.inc", - "crypto/fipsmodule/bn/jacobi.c.inc", - "crypto/fipsmodule/bn/montgomery.c.inc", - "crypto/fipsmodule/bn/montgomery_inv.c.inc", - "crypto/fipsmodule/bn/mul.c.inc", - "crypto/fipsmodule/bn/prime.c.inc", - "crypto/fipsmodule/bn/random.c.inc", - "crypto/fipsmodule/bn/rsaz_exp.c.inc", - "crypto/fipsmodule/bn/shift.c.inc", - "crypto/fipsmodule/bn/sqrt.c.inc", - "crypto/fipsmodule/cipher/aead.c.inc", - "crypto/fipsmodule/cipher/cipher.c.inc", - "crypto/fipsmodule/cipher/e_aes.c.inc", - "crypto/fipsmodule/cipher/e_aesccm.c.inc", - "crypto/fipsmodule/cmac/cmac.c.inc", - "crypto/fipsmodule/dh/check.c.inc", - "crypto/fipsmodule/dh/dh.c.inc", - "crypto/fipsmodule/digest/digest.c.inc", - "crypto/fipsmodule/digest/digests.c.inc", - "crypto/fipsmodule/digestsign/digestsign.c.inc", - "crypto/fipsmodule/ec/ec.c.inc", - "crypto/fipsmodule/ec/ec_key.c.inc", - "crypto/fipsmodule/ec/ec_montgomery.c.inc", - "crypto/fipsmodule/ec/felem.c.inc", - "crypto/fipsmodule/ec/oct.c.inc", - "crypto/fipsmodule/ec/p224-64.c.inc", - "crypto/fipsmodule/ec/p256-nistz.c.inc", - "crypto/fipsmodule/ec/p256.c.inc", - "crypto/fipsmodule/ec/scalar.c.inc", - "crypto/fipsmodule/ec/simple.c.inc", - "crypto/fipsmodule/ec/simple_mul.c.inc", - "crypto/fipsmodule/ec/util.c.inc", - "crypto/fipsmodule/ec/wnaf.c.inc", - "crypto/fipsmodule/ecdh/ecdh.c.inc", - "crypto/fipsmodule/ecdsa/ecdsa.c.inc", - "crypto/fipsmodule/hkdf/hkdf.c.inc", - "crypto/fipsmodule/hmac/hmac.c.inc", - "crypto/fipsmodule/modes/cbc.c.inc", - "crypto/fipsmodule/modes/cfb.c.inc", - "crypto/fipsmodule/modes/ctr.c.inc", - "crypto/fipsmodule/modes/gcm.c.inc", - "crypto/fipsmodule/modes/gcm_nohw.c.inc", - "crypto/fipsmodule/modes/ofb.c.inc", - "crypto/fipsmodule/modes/polyval.c.inc", - "crypto/fipsmodule/rand/ctrdrbg.c.inc", - "crypto/fipsmodule/rand/rand.c.inc", - "crypto/fipsmodule/rsa/blinding.c.inc", - "crypto/fipsmodule/rsa/padding.c.inc", - "crypto/fipsmodule/rsa/rsa.c.inc", - "crypto/fipsmodule/rsa/rsa_impl.c.inc", - "crypto/fipsmodule/self_check/fips.c.inc", - "crypto/fipsmodule/self_check/self_check.c.inc", - "crypto/fipsmodule/service_indicator/service_indicator.c.inc", - "crypto/fipsmodule/sha/sha1.c.inc", - "crypto/fipsmodule/sha/sha256.c.inc", - "crypto/fipsmodule/sha/sha512.c.inc", - "crypto/fipsmodule/tls/kdf.c.inc" + "crypto/fipsmodule/aes/aes.cc.inc", + "crypto/fipsmodule/aes/aes_nohw.cc.inc", + "crypto/fipsmodule/aes/key_wrap.cc.inc", + "crypto/fipsmodule/aes/mode_wrappers.cc.inc", + "crypto/fipsmodule/bn/add.cc.inc", + "crypto/fipsmodule/bn/asm/x86_64-gcc.cc.inc", + "crypto/fipsmodule/bn/bn.cc.inc", + "crypto/fipsmodule/bn/bytes.cc.inc", + "crypto/fipsmodule/bn/cmp.cc.inc", + "crypto/fipsmodule/bn/ctx.cc.inc", + "crypto/fipsmodule/bn/div.cc.inc", + "crypto/fipsmodule/bn/div_extra.cc.inc", + "crypto/fipsmodule/bn/exponentiation.cc.inc", + "crypto/fipsmodule/bn/gcd.cc.inc", + "crypto/fipsmodule/bn/gcd_extra.cc.inc", + "crypto/fipsmodule/bn/generic.cc.inc", + "crypto/fipsmodule/bn/jacobi.cc.inc", + "crypto/fipsmodule/bn/montgomery.cc.inc", + "crypto/fipsmodule/bn/montgomery_inv.cc.inc", + "crypto/fipsmodule/bn/mul.cc.inc", + "crypto/fipsmodule/bn/prime.cc.inc", + "crypto/fipsmodule/bn/random.cc.inc", + "crypto/fipsmodule/bn/rsaz_exp.cc.inc", + "crypto/fipsmodule/bn/shift.cc.inc", + "crypto/fipsmodule/bn/sqrt.cc.inc", + "crypto/fipsmodule/cipher/aead.cc.inc", + "crypto/fipsmodule/cipher/cipher.cc.inc", + "crypto/fipsmodule/cipher/e_aes.cc.inc", + "crypto/fipsmodule/cipher/e_aesccm.cc.inc", + "crypto/fipsmodule/cmac/cmac.cc.inc", + "crypto/fipsmodule/dh/check.cc.inc", + "crypto/fipsmodule/dh/dh.cc.inc", + "crypto/fipsmodule/digest/digest.cc.inc", + "crypto/fipsmodule/digest/digests.cc.inc", + "crypto/fipsmodule/digestsign/digestsign.cc.inc", + "crypto/fipsmodule/ec/ec.cc.inc", + "crypto/fipsmodule/ec/ec_key.cc.inc", + "crypto/fipsmodule/ec/ec_montgomery.cc.inc", + "crypto/fipsmodule/ec/felem.cc.inc", + "crypto/fipsmodule/ec/oct.cc.inc", + "crypto/fipsmodule/ec/p224-64.cc.inc", + "crypto/fipsmodule/ec/p256-nistz.cc.inc", + "crypto/fipsmodule/ec/p256.cc.inc", + "crypto/fipsmodule/ec/scalar.cc.inc", + "crypto/fipsmodule/ec/simple.cc.inc", + "crypto/fipsmodule/ec/simple_mul.cc.inc", + "crypto/fipsmodule/ec/util.cc.inc", + "crypto/fipsmodule/ec/wnaf.cc.inc", + "crypto/fipsmodule/ecdh/ecdh.cc.inc", + "crypto/fipsmodule/ecdsa/ecdsa.cc.inc", + "crypto/fipsmodule/hkdf/hkdf.cc.inc", + "crypto/fipsmodule/hmac/hmac.cc.inc", + "crypto/fipsmodule/modes/cbc.cc.inc", + "crypto/fipsmodule/modes/cfb.cc.inc", + "crypto/fipsmodule/modes/ctr.cc.inc", + "crypto/fipsmodule/modes/gcm.cc.inc", + "crypto/fipsmodule/modes/gcm_nohw.cc.inc", + "crypto/fipsmodule/modes/ofb.cc.inc", + "crypto/fipsmodule/modes/polyval.cc.inc", + "crypto/fipsmodule/rand/ctrdrbg.cc.inc", + "crypto/fipsmodule/rand/rand.cc.inc", + "crypto/fipsmodule/rsa/blinding.cc.inc", + "crypto/fipsmodule/rsa/padding.cc.inc", + "crypto/fipsmodule/rsa/rsa.cc.inc", + "crypto/fipsmodule/rsa/rsa_impl.cc.inc", + "crypto/fipsmodule/self_check/fips.cc.inc", + "crypto/fipsmodule/self_check/self_check.cc.inc", + "crypto/fipsmodule/service_indicator/service_indicator.cc.inc", + "crypto/fipsmodule/sha/sha1.cc.inc", + "crypto/fipsmodule/sha/sha256.cc.inc", + "crypto/fipsmodule/sha/sha512.cc.inc", + "crypto/fipsmodule/tls/kdf.cc.inc" ], "asm": [ "third_party/fiat/asm/fiat_p256_adx_mul.S", @@ -149,254 +149,254 @@ }, "crypto": { "srcs": [ - "crypto/asn1/a_bitstr.c", - "crypto/asn1/a_bool.c", - "crypto/asn1/a_d2i_fp.c", - "crypto/asn1/a_dup.c", - "crypto/asn1/a_gentm.c", - "crypto/asn1/a_i2d_fp.c", - "crypto/asn1/a_int.c", - "crypto/asn1/a_mbstr.c", - "crypto/asn1/a_object.c", - "crypto/asn1/a_octet.c", - "crypto/asn1/a_strex.c", - "crypto/asn1/a_strnid.c", - "crypto/asn1/a_time.c", - "crypto/asn1/a_type.c", - "crypto/asn1/a_utctm.c", - "crypto/asn1/asn1_lib.c", - "crypto/asn1/asn1_par.c", - "crypto/asn1/asn_pack.c", - "crypto/asn1/f_int.c", - "crypto/asn1/f_string.c", - "crypto/asn1/posix_time.c", - "crypto/asn1/tasn_dec.c", - "crypto/asn1/tasn_enc.c", - "crypto/asn1/tasn_fre.c", - "crypto/asn1/tasn_new.c", - "crypto/asn1/tasn_typ.c", - "crypto/asn1/tasn_utl.c", - "crypto/base64/base64.c", - "crypto/bio/bio.c", - "crypto/bio/bio_mem.c", - "crypto/bio/connect.c", - "crypto/bio/errno.c", - "crypto/bio/fd.c", - "crypto/bio/file.c", - "crypto/bio/hexdump.c", - "crypto/bio/pair.c", - "crypto/bio/printf.c", - "crypto/bio/socket.c", - "crypto/bio/socket_helper.c", - "crypto/blake2/blake2.c", - "crypto/bn_extra/bn_asn1.c", - "crypto/bn_extra/convert.c", - "crypto/buf/buf.c", - "crypto/bytestring/asn1_compat.c", - "crypto/bytestring/ber.c", - "crypto/bytestring/cbb.c", - "crypto/bytestring/cbs.c", - "crypto/bytestring/unicode.c", - "crypto/chacha/chacha.c", - "crypto/cipher_extra/cipher_extra.c", - "crypto/cipher_extra/derive_key.c", - "crypto/cipher_extra/e_aesctrhmac.c", - "crypto/cipher_extra/e_aesgcmsiv.c", - "crypto/cipher_extra/e_chacha20poly1305.c", - "crypto/cipher_extra/e_des.c", - "crypto/cipher_extra/e_null.c", - "crypto/cipher_extra/e_rc2.c", - "crypto/cipher_extra/e_rc4.c", - "crypto/cipher_extra/e_tls.c", - "crypto/cipher_extra/tls_cbc.c", - "crypto/conf/conf.c", - "crypto/cpu_aarch64_apple.c", - "crypto/cpu_aarch64_fuchsia.c", - "crypto/cpu_aarch64_linux.c", - "crypto/cpu_aarch64_openbsd.c", - "crypto/cpu_aarch64_sysreg.c", - "crypto/cpu_aarch64_win.c", - "crypto/cpu_arm_freebsd.c", - "crypto/cpu_arm_linux.c", - "crypto/cpu_intel.c", - "crypto/crypto.c", - "crypto/curve25519/curve25519.c", - "crypto/curve25519/curve25519_64_adx.c", - "crypto/curve25519/spake25519.c", - "crypto/des/des.c", - "crypto/dh_extra/dh_asn1.c", - "crypto/dh_extra/params.c", - "crypto/digest_extra/digest_extra.c", - "crypto/dilithium/dilithium.c", - "crypto/dsa/dsa.c", - "crypto/dsa/dsa_asn1.c", - "crypto/ec_extra/ec_asn1.c", - "crypto/ec_extra/ec_derive.c", - "crypto/ec_extra/hash_to_curve.c", - "crypto/ecdh_extra/ecdh_extra.c", - "crypto/ecdsa_extra/ecdsa_asn1.c", - "crypto/engine/engine.c", - "crypto/err/err.c", - "crypto/evp/evp.c", - "crypto/evp/evp_asn1.c", - "crypto/evp/evp_ctx.c", - "crypto/evp/p_dh.c", - "crypto/evp/p_dh_asn1.c", - "crypto/evp/p_dsa_asn1.c", - "crypto/evp/p_ec.c", - "crypto/evp/p_ec_asn1.c", - "crypto/evp/p_ed25519.c", - "crypto/evp/p_ed25519_asn1.c", - "crypto/evp/p_hkdf.c", - "crypto/evp/p_rsa.c", - "crypto/evp/p_rsa_asn1.c", - "crypto/evp/p_x25519.c", - "crypto/evp/p_x25519_asn1.c", - "crypto/evp/pbkdf.c", - "crypto/evp/print.c", - "crypto/evp/scrypt.c", - "crypto/evp/sign.c", - "crypto/ex_data.c", - "crypto/fipsmodule/fips_shared_support.c", - "crypto/hpke/hpke.c", - "crypto/hrss/hrss.c", - "crypto/keccak/keccak.c", - "crypto/kyber/kyber.c", - "crypto/lhash/lhash.c", - "crypto/md4/md4.c", - "crypto/md5/md5.c", - "crypto/mem.c", + "crypto/asn1/a_bitstr.cc", + "crypto/asn1/a_bool.cc", + "crypto/asn1/a_d2i_fp.cc", + "crypto/asn1/a_dup.cc", + "crypto/asn1/a_gentm.cc", + "crypto/asn1/a_i2d_fp.cc", + "crypto/asn1/a_int.cc", + "crypto/asn1/a_mbstr.cc", + "crypto/asn1/a_object.cc", + "crypto/asn1/a_octet.cc", + "crypto/asn1/a_strex.cc", + "crypto/asn1/a_strnid.cc", + "crypto/asn1/a_time.cc", + "crypto/asn1/a_type.cc", + "crypto/asn1/a_utctm.cc", + "crypto/asn1/asn1_lib.cc", + "crypto/asn1/asn1_par.cc", + "crypto/asn1/asn_pack.cc", + "crypto/asn1/f_int.cc", + "crypto/asn1/f_string.cc", + "crypto/asn1/posix_time.cc", + "crypto/asn1/tasn_dec.cc", + "crypto/asn1/tasn_enc.cc", + "crypto/asn1/tasn_fre.cc", + "crypto/asn1/tasn_new.cc", + "crypto/asn1/tasn_typ.cc", + "crypto/asn1/tasn_utl.cc", + "crypto/base64/base64.cc", + "crypto/bio/bio.cc", + "crypto/bio/bio_mem.cc", + "crypto/bio/connect.cc", + "crypto/bio/errno.cc", + "crypto/bio/fd.cc", + "crypto/bio/file.cc", + "crypto/bio/hexdump.cc", + "crypto/bio/pair.cc", + "crypto/bio/printf.cc", + "crypto/bio/socket.cc", + "crypto/bio/socket_helper.cc", + "crypto/blake2/blake2.cc", + "crypto/bn_extra/bn_asn1.cc", + "crypto/bn_extra/convert.cc", + "crypto/buf/buf.cc", + "crypto/bytestring/asn1_compat.cc", + "crypto/bytestring/ber.cc", + "crypto/bytestring/cbb.cc", + "crypto/bytestring/cbs.cc", + "crypto/bytestring/unicode.cc", + "crypto/chacha/chacha.cc", + "crypto/cipher_extra/cipher_extra.cc", + "crypto/cipher_extra/derive_key.cc", + "crypto/cipher_extra/e_aesctrhmac.cc", + "crypto/cipher_extra/e_aesgcmsiv.cc", + "crypto/cipher_extra/e_chacha20poly1305.cc", + "crypto/cipher_extra/e_des.cc", + "crypto/cipher_extra/e_null.cc", + "crypto/cipher_extra/e_rc2.cc", + "crypto/cipher_extra/e_rc4.cc", + "crypto/cipher_extra/e_tls.cc", + "crypto/cipher_extra/tls_cbc.cc", + "crypto/conf/conf.cc", + "crypto/cpu_aarch64_apple.cc", + "crypto/cpu_aarch64_fuchsia.cc", + "crypto/cpu_aarch64_linux.cc", + "crypto/cpu_aarch64_openbsd.cc", + "crypto/cpu_aarch64_sysreg.cc", + "crypto/cpu_aarch64_win.cc", + "crypto/cpu_arm_freebsd.cc", + "crypto/cpu_arm_linux.cc", + "crypto/cpu_intel.cc", + "crypto/crypto.cc", + "crypto/curve25519/curve25519.cc", + "crypto/curve25519/curve25519_64_adx.cc", + "crypto/curve25519/spake25519.cc", + "crypto/des/des.cc", + "crypto/dh_extra/dh_asn1.cc", + "crypto/dh_extra/params.cc", + "crypto/digest_extra/digest_extra.cc", + "crypto/dilithium/dilithium.cc", + "crypto/dsa/dsa.cc", + "crypto/dsa/dsa_asn1.cc", + "crypto/ec_extra/ec_asn1.cc", + "crypto/ec_extra/ec_derive.cc", + "crypto/ec_extra/hash_to_curve.cc", + "crypto/ecdh_extra/ecdh_extra.cc", + "crypto/ecdsa_extra/ecdsa_asn1.cc", + "crypto/engine/engine.cc", + "crypto/err/err.cc", + "crypto/evp/evp.cc", + "crypto/evp/evp_asn1.cc", + "crypto/evp/evp_ctx.cc", + "crypto/evp/p_dh.cc", + "crypto/evp/p_dh_asn1.cc", + "crypto/evp/p_dsa_asn1.cc", + "crypto/evp/p_ec.cc", + "crypto/evp/p_ec_asn1.cc", + "crypto/evp/p_ed25519.cc", + "crypto/evp/p_ed25519_asn1.cc", + "crypto/evp/p_hkdf.cc", + "crypto/evp/p_rsa.cc", + "crypto/evp/p_rsa_asn1.cc", + "crypto/evp/p_x25519.cc", + "crypto/evp/p_x25519_asn1.cc", + "crypto/evp/pbkdf.cc", + "crypto/evp/print.cc", + "crypto/evp/scrypt.cc", + "crypto/evp/sign.cc", + "crypto/ex_data.cc", + "crypto/fipsmodule/fips_shared_support.cc", + "crypto/hpke/hpke.cc", + "crypto/hrss/hrss.cc", + "crypto/keccak/keccak.cc", + "crypto/kyber/kyber.cc", + "crypto/lhash/lhash.cc", + "crypto/md4/md4.cc", + "crypto/md5/md5.cc", + "crypto/mem.cc", "crypto/mldsa/mldsa.cc", "crypto/mlkem/mlkem.cc", - "crypto/obj/obj.c", - "crypto/obj/obj_xref.c", - "crypto/pem/pem_all.c", - "crypto/pem/pem_info.c", - "crypto/pem/pem_lib.c", - "crypto/pem/pem_oth.c", - "crypto/pem/pem_pk8.c", - "crypto/pem/pem_pkey.c", - "crypto/pem/pem_x509.c", - "crypto/pem/pem_xaux.c", - "crypto/pkcs7/pkcs7.c", - "crypto/pkcs7/pkcs7_x509.c", - "crypto/pkcs8/p5_pbev2.c", - "crypto/pkcs8/pkcs8.c", - "crypto/pkcs8/pkcs8_x509.c", - "crypto/poly1305/poly1305.c", - "crypto/poly1305/poly1305_arm.c", - "crypto/poly1305/poly1305_vec.c", - "crypto/pool/pool.c", - "crypto/rand_extra/deterministic.c", - "crypto/rand_extra/fork_detect.c", - "crypto/rand_extra/forkunsafe.c", - "crypto/rand_extra/getentropy.c", - "crypto/rand_extra/ios.c", - "crypto/rand_extra/passive.c", - "crypto/rand_extra/rand_extra.c", - "crypto/rand_extra/trusty.c", - "crypto/rand_extra/urandom.c", - "crypto/rand_extra/windows.c", - "crypto/rc4/rc4.c", - "crypto/refcount.c", - "crypto/rsa_extra/rsa_asn1.c", - "crypto/rsa_extra/rsa_crypt.c", - "crypto/rsa_extra/rsa_extra.c", - "crypto/rsa_extra/rsa_print.c", - "crypto/sha/sha1.c", - "crypto/sha/sha256.c", - "crypto/sha/sha512.c", - "crypto/siphash/siphash.c", - "crypto/slhdsa/fors.c", - "crypto/slhdsa/merkle.c", - "crypto/slhdsa/slhdsa.c", - "crypto/slhdsa/thash.c", - "crypto/slhdsa/wots.c", - "crypto/spx/spx_address.c", - "crypto/spx/spx_fors.c", - "crypto/spx/spx_merkle.c", - "crypto/spx/spx.c", - "crypto/spx/spx_util.c", - "crypto/spx/spx_thash.c", - "crypto/spx/spx_wots.c", - "crypto/stack/stack.c", - "crypto/thread.c", - "crypto/thread_none.c", - "crypto/thread_pthread.c", - "crypto/thread_win.c", - "crypto/trust_token/pmbtoken.c", - "crypto/trust_token/trust_token.c", - "crypto/trust_token/voprf.c", - "crypto/x509/a_digest.c", - "crypto/x509/a_sign.c", - "crypto/x509/a_verify.c", - "crypto/x509/algorithm.c", - "crypto/x509/asn1_gen.c", - "crypto/x509/by_dir.c", - "crypto/x509/by_file.c", - "crypto/x509/i2d_pr.c", - "crypto/x509/name_print.c", - "crypto/x509/policy.c", - "crypto/x509/rsa_pss.c", - "crypto/x509/t_crl.c", - "crypto/x509/t_req.c", - "crypto/x509/t_x509.c", - "crypto/x509/t_x509a.c", - "crypto/x509/v3_akey.c", - "crypto/x509/v3_akeya.c", - "crypto/x509/v3_alt.c", - "crypto/x509/v3_bcons.c", - "crypto/x509/v3_bitst.c", - "crypto/x509/v3_conf.c", - "crypto/x509/v3_cpols.c", - "crypto/x509/v3_crld.c", - "crypto/x509/v3_enum.c", - "crypto/x509/v3_extku.c", - "crypto/x509/v3_genn.c", - "crypto/x509/v3_ia5.c", - "crypto/x509/v3_info.c", - "crypto/x509/v3_int.c", - "crypto/x509/v3_lib.c", - "crypto/x509/v3_ncons.c", - "crypto/x509/v3_ocsp.c", - "crypto/x509/v3_pcons.c", - "crypto/x509/v3_pmaps.c", - "crypto/x509/v3_prn.c", - "crypto/x509/v3_purp.c", - "crypto/x509/v3_skey.c", - "crypto/x509/v3_utl.c", - "crypto/x509/x509.c", - "crypto/x509/x509_att.c", - "crypto/x509/x509_cmp.c", - "crypto/x509/x509_d2.c", - "crypto/x509/x509_def.c", - "crypto/x509/x509_ext.c", - "crypto/x509/x509_lu.c", - "crypto/x509/x509_obj.c", - "crypto/x509/x509_req.c", - "crypto/x509/x509_set.c", - "crypto/x509/x509_trs.c", - "crypto/x509/x509_txt.c", - "crypto/x509/x509_v3.c", - "crypto/x509/x509_vfy.c", - "crypto/x509/x509_vpm.c", - "crypto/x509/x509cset.c", - "crypto/x509/x509name.c", - "crypto/x509/x509rset.c", - "crypto/x509/x509spki.c", - "crypto/x509/x_algor.c", - "crypto/x509/x_all.c", - "crypto/x509/x_attrib.c", - "crypto/x509/x_crl.c", - "crypto/x509/x_exten.c", - "crypto/x509/x_name.c", - "crypto/x509/x_pubkey.c", - "crypto/x509/x_req.c", - "crypto/x509/x_sig.c", - "crypto/x509/x_spki.c", - "crypto/x509/x_val.c", - "crypto/x509/x_x509.c", - "crypto/x509/x_x509a.c" + "crypto/obj/obj.cc", + "crypto/obj/obj_xref.cc", + "crypto/pem/pem_all.cc", + "crypto/pem/pem_info.cc", + "crypto/pem/pem_lib.cc", + "crypto/pem/pem_oth.cc", + "crypto/pem/pem_pk8.cc", + "crypto/pem/pem_pkey.cc", + "crypto/pem/pem_x509.cc", + "crypto/pem/pem_xaux.cc", + "crypto/pkcs7/pkcs7.cc", + "crypto/pkcs7/pkcs7_x509.cc", + "crypto/pkcs8/p5_pbev2.cc", + "crypto/pkcs8/pkcs8.cc", + "crypto/pkcs8/pkcs8_x509.cc", + "crypto/poly1305/poly1305.cc", + "crypto/poly1305/poly1305_arm.cc", + "crypto/poly1305/poly1305_vec.cc", + "crypto/pool/pool.cc", + "crypto/rand_extra/deterministic.cc", + "crypto/rand_extra/fork_detect.cc", + "crypto/rand_extra/forkunsafe.cc", + "crypto/rand_extra/getentropy.cc", + "crypto/rand_extra/ios.cc", + "crypto/rand_extra/passive.cc", + "crypto/rand_extra/rand_extra.cc", + "crypto/rand_extra/trusty.cc", + "crypto/rand_extra/urandom.cc", + "crypto/rand_extra/windows.cc", + "crypto/rc4/rc4.cc", + "crypto/refcount.cc", + "crypto/rsa_extra/rsa_asn1.cc", + "crypto/rsa_extra/rsa_crypt.cc", + "crypto/rsa_extra/rsa_extra.cc", + "crypto/rsa_extra/rsa_print.cc", + "crypto/sha/sha1.cc", + "crypto/sha/sha256.cc", + "crypto/sha/sha512.cc", + "crypto/siphash/siphash.cc", + "crypto/slhdsa/fors.cc", + "crypto/slhdsa/merkle.cc", + "crypto/slhdsa/slhdsa.cc", + "crypto/slhdsa/thash.cc", + "crypto/slhdsa/wots.cc", + "crypto/spx/spx_address.cc", + "crypto/spx/spx_fors.cc", + "crypto/spx/spx_merkle.cc", + "crypto/spx/spx.cc", + "crypto/spx/spx_util.cc", + "crypto/spx/spx_thash.cc", + "crypto/spx/spx_wots.cc", + "crypto/stack/stack.cc", + "crypto/thread.cc", + "crypto/thread_none.cc", + "crypto/thread_pthread.cc", + "crypto/thread_win.cc", + "crypto/trust_token/pmbtoken.cc", + "crypto/trust_token/trust_token.cc", + "crypto/trust_token/voprf.cc", + "crypto/x509/a_digest.cc", + "crypto/x509/a_sign.cc", + "crypto/x509/a_verify.cc", + "crypto/x509/algorithm.cc", + "crypto/x509/asn1_gen.cc", + "crypto/x509/by_dir.cc", + "crypto/x509/by_file.cc", + "crypto/x509/i2d_pr.cc", + "crypto/x509/name_print.cc", + "crypto/x509/policy.cc", + "crypto/x509/rsa_pss.cc", + "crypto/x509/t_crl.cc", + "crypto/x509/t_req.cc", + "crypto/x509/t_x509.cc", + "crypto/x509/t_x509a.cc", + "crypto/x509/v3_akey.cc", + "crypto/x509/v3_akeya.cc", + "crypto/x509/v3_alt.cc", + "crypto/x509/v3_bcons.cc", + "crypto/x509/v3_bitst.cc", + "crypto/x509/v3_conf.cc", + "crypto/x509/v3_cpols.cc", + "crypto/x509/v3_crld.cc", + "crypto/x509/v3_enum.cc", + "crypto/x509/v3_extku.cc", + "crypto/x509/v3_genn.cc", + "crypto/x509/v3_ia5.cc", + "crypto/x509/v3_info.cc", + "crypto/x509/v3_int.cc", + "crypto/x509/v3_lib.cc", + "crypto/x509/v3_ncons.cc", + "crypto/x509/v3_ocsp.cc", + "crypto/x509/v3_pcons.cc", + "crypto/x509/v3_pmaps.cc", + "crypto/x509/v3_prn.cc", + "crypto/x509/v3_purp.cc", + "crypto/x509/v3_skey.cc", + "crypto/x509/v3_utl.cc", + "crypto/x509/x509.cc", + "crypto/x509/x509_att.cc", + "crypto/x509/x509_cmp.cc", + "crypto/x509/x509_d2.cc", + "crypto/x509/x509_def.cc", + "crypto/x509/x509_ext.cc", + "crypto/x509/x509_lu.cc", + "crypto/x509/x509_obj.cc", + "crypto/x509/x509_req.cc", + "crypto/x509/x509_set.cc", + "crypto/x509/x509_trs.cc", + "crypto/x509/x509_txt.cc", + "crypto/x509/x509_v3.cc", + "crypto/x509/x509_vfy.cc", + "crypto/x509/x509_vpm.cc", + "crypto/x509/x509cset.cc", + "crypto/x509/x509name.cc", + "crypto/x509/x509rset.cc", + "crypto/x509/x509spki.cc", + "crypto/x509/x_algor.cc", + "crypto/x509/x_all.cc", + "crypto/x509/x_attrib.cc", + "crypto/x509/x_crl.cc", + "crypto/x509/x_exten.cc", + "crypto/x509/x_name.cc", + "crypto/x509/x_pubkey.cc", + "crypto/x509/x_req.cc", + "crypto/x509/x_sig.cc", + "crypto/x509/x_spki.cc", + "crypto/x509/x_val.cc", + "crypto/x509/x_x509.cc", + "crypto/x509/x_x509a.cc" ], "hdrs": [ "include/openssl/aead.h", @@ -741,23 +741,23 @@ }, "decrepit": { "srcs": [ - "decrepit/bio/base64_bio.c", - "decrepit/blowfish/blowfish.c", - "decrepit/cast/cast.c", - "decrepit/cast/cast_tables.c", - "decrepit/cfb/cfb.c", - "decrepit/des/cfb64ede.c", - "decrepit/dh/dh_decrepit.c", - "decrepit/dsa/dsa_decrepit.c", - "decrepit/evp/dss1.c", - "decrepit/evp/evp_do_all.c", - "decrepit/obj/obj_decrepit.c", - "decrepit/rc4/rc4_decrepit.c", - "decrepit/ripemd/ripemd.c", - "decrepit/rsa/rsa_decrepit.c", - "decrepit/ssl/ssl_decrepit.c", - "decrepit/x509/x509_decrepit.c", - "decrepit/xts/xts.c" + "decrepit/bio/base64_bio.cc", + "decrepit/blowfish/blowfish.cc", + "decrepit/cast/cast.cc", + "decrepit/cast/cast_tables.cc", + "decrepit/cfb/cfb.cc", + "decrepit/des/cfb64ede.cc", + "decrepit/dh/dh_decrepit.cc", + "decrepit/dsa/dsa_decrepit.cc", + "decrepit/evp/dss1.cc", + "decrepit/evp/evp_do_all.cc", + "decrepit/obj/obj_decrepit.cc", + "decrepit/rc4/rc4_decrepit.cc", + "decrepit/ripemd/ripemd.cc", + "decrepit/rsa/rsa_decrepit.cc", + "decrepit/ssl/ssl_decrepit.cc", + "decrepit/x509/x509_decrepit.cc", + "decrepit/xts/xts.cc" ], "internal_hdrs": [ "decrepit/cast/internal.h",
diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.cc similarity index 98% rename from crypto/asn1/a_bitstr.c rename to crypto/asn1/a_bitstr.cc index 2be07a4..04a14f2 100644 --- a/crypto/asn1/a_bitstr.c +++ b/crypto/asn1/a_bitstr.cc
@@ -142,6 +142,7 @@ const unsigned char *p; unsigned char *s; int padding; + uint8_t padding_mask; if (len < 1) { OPENSSL_PUT_ERROR(ASN1, ASN1_R_STRING_TOO_SHORT); @@ -170,7 +171,7 @@ } // Unused bits in a BIT STRING must be zero. - uint8_t padding_mask = (1 << padding) - 1; + padding_mask = (1 << padding) - 1; if (padding != 0 && (len < 1 || (p[len - 1] & padding_mask) != 0)) { OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_BIT_STRING_PADDING); goto err; @@ -182,7 +183,7 @@ ret->flags |= (ASN1_STRING_FLAG_BITS_LEFT | padding); // set if (len > 0) { - s = OPENSSL_memdup(p, len); + s = reinterpret_cast<uint8_t *>(OPENSSL_memdup(p, len)); if (s == NULL) { goto err; }
diff --git a/crypto/asn1/a_bool.c b/crypto/asn1/a_bool.cc similarity index 100% rename from crypto/asn1/a_bool.c rename to crypto/asn1/a_bool.cc
diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.cc similarity index 97% rename from crypto/asn1/a_d2i_fp.c rename to crypto/asn1/a_d2i_fp.cc index 36c9d69..6508a9e 100644 --- a/crypto/asn1/a_d2i_fp.c +++ b/crypto/asn1/a_d2i_fp.cc
@@ -72,7 +72,7 @@ return NULL; } const uint8_t *ptr = data; - void *ret = ASN1_item_d2i(x, &ptr, len, it); + void *ret = ASN1_item_d2i(reinterpret_cast<ASN1_VALUE **>(x), &ptr, len, it); OPENSSL_free(data); return ret; }
diff --git a/crypto/asn1/a_dup.c b/crypto/asn1/a_dup.cc similarity index 97% rename from crypto/asn1/a_dup.c rename to crypto/asn1/a_dup.cc index b37a5c6..387c75e 100644 --- a/crypto/asn1/a_dup.c +++ b/crypto/asn1/a_dup.cc
@@ -73,7 +73,7 @@ return NULL; } - i = ASN1_item_i2d(x, &b, it); + i = ASN1_item_i2d(reinterpret_cast<ASN1_VALUE *>(x), &b, it); if (b == NULL) { return NULL; }
diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.cc similarity index 100% rename from crypto/asn1/a_gentm.c rename to crypto/asn1/a_gentm.cc
diff --git a/crypto/asn1/a_i2d_fp.c b/crypto/asn1/a_i2d_fp.cc similarity index 97% rename from crypto/asn1/a_i2d_fp.c rename to crypto/asn1/a_i2d_fp.cc index e0713fa..c74fa06 100644 --- a/crypto/asn1/a_i2d_fp.c +++ b/crypto/asn1/a_i2d_fp.cc
@@ -74,7 +74,7 @@ int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x) { unsigned char *b = NULL; - int n = ASN1_item_i2d(x, &b, it); + int n = ASN1_item_i2d(reinterpret_cast<ASN1_VALUE *>(x), &b, it); if (b == NULL) { return 0; }
diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.cc similarity index 99% rename from crypto/asn1/a_int.c rename to crypto/asn1/a_int.cc index 27845c0..6837f8c 100644 --- a/crypto/asn1/a_int.c +++ b/crypto/asn1/a_int.cc
@@ -408,6 +408,7 @@ } else { ret = ai; } + int len; if (ret == NULL) { OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR); goto err; @@ -419,7 +420,7 @@ ret->type = type; } - int len = BN_num_bytes(bn); + len = BN_num_bytes(bn); if (!ASN1_STRING_set(ret, NULL, len) || !BN_bn2bin_padded(ret->data, len, bn)) { goto err;
diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.cc similarity index 95% rename from crypto/asn1/a_mbstr.c rename to crypto/asn1/a_mbstr.cc index 4d7ea14..e0e2916 100644 --- a/crypto/asn1/a_mbstr.c +++ b/crypto/asn1/a_mbstr.cc
@@ -226,6 +226,8 @@ CBB cbb; CBB_zero(&cbb); // If both the same type just copy across + uint8_t *data = NULL; + size_t data_len = 0; if (inform == outform) { if (!ASN1_STRING_set(dest, in, len)) { goto err; @@ -245,12 +247,12 @@ goto err; } } - uint8_t *data = NULL; - size_t data_len; - if (// OpenSSL historically NUL-terminated this value with a single byte, - // even for |MBSTRING_BMP| and |MBSTRING_UNIV|. - !CBB_add_u8(&cbb, 0) || !CBB_finish(&cbb, &data, &data_len) || - data_len < 1 || data_len > INT_MAX) { + if (/* OpenSSL historically NUL-terminated this value with a single byte, + * even for |MBSTRING_BMP| and |MBSTRING_UNIV|. */ + !CBB_add_u8(&cbb, 0) || // + !CBB_finish(&cbb, &data, &data_len) || // + data_len < 1 || // + data_len > INT_MAX) { OPENSSL_PUT_ERROR(ASN1, ERR_R_INTERNAL_ERROR); OPENSSL_free(data); goto err; @@ -272,7 +274,7 @@ if (value > 0x7f) { return 0; } - return OPENSSL_isalnum(value) || // + return OPENSSL_isalnum(value) || // value == ' ' || value == '\'' || value == '(' || value == ')' || value == '+' || value == ',' || value == '-' || value == '.' || value == '/' || value == ':' || value == '=' || value == '?';
diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.cc similarity index 98% rename from crypto/asn1/a_object.c rename to crypto/asn1/a_object.cc index e501934..f8a3a4f 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.cc
@@ -114,7 +114,7 @@ int len = i2t_ASN1_OBJECT(buf, sizeof(buf), a); if (len > (int)sizeof(buf) - 1) { // The input was truncated. Allocate a buffer that fits. - allocated = OPENSSL_malloc(len + 1); + allocated = reinterpret_cast<char *>(OPENSSL_malloc(len + 1)); if (allocated == NULL) { return -1; }
diff --git a/crypto/asn1/a_octet.c b/crypto/asn1/a_octet.cc similarity index 100% rename from crypto/asn1/a_octet.c rename to crypto/asn1/a_octet.cc
diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.cc similarity index 100% rename from crypto/asn1/a_strex.c rename to crypto/asn1/a_strex.cc
diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.cc similarity index 95% rename from crypto/asn1/a_strnid.c rename to crypto/asn1/a_strnid.cc index db25b2a..2b49396 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.cc
@@ -159,7 +159,8 @@ } static int table_cmp_void(const void *a, const void *b) { - return table_cmp(a, b); + return table_cmp(reinterpret_cast<const ASN1_STRING_TABLE *>(a), + reinterpret_cast<const ASN1_STRING_TABLE *>(b)); } static uint32_t table_hash(const ASN1_STRING_TABLE *tbl) { @@ -169,9 +170,9 @@ static const ASN1_STRING_TABLE *asn1_string_table_get(int nid) { ASN1_STRING_TABLE key; key.nid = nid; - const ASN1_STRING_TABLE *tbl = + const ASN1_STRING_TABLE *tbl = reinterpret_cast<ASN1_STRING_TABLE *>( bsearch(&key, tbl_standard, OPENSSL_ARRAY_SIZE(tbl_standard), - sizeof(ASN1_STRING_TABLE), table_cmp_void); + sizeof(ASN1_STRING_TABLE), table_cmp_void)); if (tbl != NULL) { return tbl; } @@ -198,6 +199,7 @@ int ret = 0; CRYPTO_MUTEX_lock_write(&string_tables_lock); + ASN1_STRING_TABLE *tbl = NULL; if (string_tables == NULL) { string_tables = lh_ASN1_STRING_TABLE_new(table_hash, table_cmp); if (string_tables == NULL) { @@ -214,7 +216,8 @@ } } - ASN1_STRING_TABLE *tbl = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE)); + tbl = reinterpret_cast<ASN1_STRING_TABLE *>( + OPENSSL_malloc(sizeof(ASN1_STRING_TABLE))); if (tbl == NULL) { goto err; }
diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.cc similarity index 100% rename from crypto/asn1/a_time.c rename to crypto/asn1/a_time.cc
diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.cc similarity index 95% rename from crypto/asn1/a_type.c rename to crypto/asn1/a_type.cc index af603a3..dfc992c 100644 --- a/crypto/asn1/a_type.c +++ b/crypto/asn1/a_type.cc
@@ -137,10 +137,10 @@ a->value.boolean = value ? ASN1_BOOLEAN_TRUE : ASN1_BOOLEAN_FALSE; break; case V_ASN1_OBJECT: - a->value.object = value; + a->value.object = reinterpret_cast<ASN1_OBJECT *>(value); break; default: - a->value.asn1_string = value; + a->value.asn1_string = reinterpret_cast<ASN1_STRING *>(value); break; } } @@ -151,14 +151,14 @@ ASN1_TYPE_set(a, type, p); } else if (type == V_ASN1_OBJECT) { ASN1_OBJECT *odup; - odup = OBJ_dup(value); + odup = OBJ_dup(reinterpret_cast<const ASN1_OBJECT *>(value)); if (!odup) { return 0; } ASN1_TYPE_set(a, type, odup); } else { ASN1_STRING *sdup; - sdup = ASN1_STRING_dup(value); + sdup = ASN1_STRING_dup(reinterpret_cast<const ASN1_STRING *>(value)); if (!sdup) { return 0; }
diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.cc similarity index 100% rename from crypto/asn1/a_utctm.c rename to crypto/asn1/a_utctm.cc
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.cc similarity index 97% rename from crypto/asn1/asn1_lib.c rename to crypto/asn1/asn1_lib.cc index 0158622..78ea33f 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.cc
@@ -271,7 +271,7 @@ } int ASN1_STRING_set(ASN1_STRING *str, const void *_data, ossl_ssize_t len_s) { - const char *data = _data; + const char *data = reinterpret_cast<const char *>(_data); size_t len; if (len_s < 0) { if (data == NULL) { @@ -291,9 +291,9 @@ if (str->length <= (int)len || str->data == NULL) { unsigned char *c = str->data; if (c == NULL) { - str->data = OPENSSL_malloc(len + 1); + str->data = reinterpret_cast<uint8_t *>(OPENSSL_malloc(len + 1)); } else { - str->data = OPENSSL_realloc(c, len + 1); + str->data = reinterpret_cast<uint8_t *>(OPENSSL_realloc(c, len + 1)); } if (str->data == NULL) { @@ -315,7 +315,7 @@ void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len) { OPENSSL_free(str->data); - str->data = data; + str->data = reinterpret_cast<uint8_t *>(data); str->length = len; }
diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.cc similarity index 100% rename from crypto/asn1/asn1_par.c rename to crypto/asn1/asn1_par.cc
diff --git a/crypto/asn1/asn_pack.c b/crypto/asn1/asn_pack.cc similarity index 96% rename from crypto/asn1/asn_pack.c rename to crypto/asn1/asn_pack.cc index c42cc05..971ea63 100644 --- a/crypto/asn1/asn_pack.c +++ b/crypto/asn1/asn_pack.cc
@@ -62,7 +62,7 @@ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **out) { uint8_t *new_data = NULL; - int len = ASN1_item_i2d(obj, &new_data, it); + int len = ASN1_item_i2d(reinterpret_cast<ASN1_VALUE *>(obj), &new_data, it); if (len <= 0) { OPENSSL_PUT_ERROR(ASN1, ASN1_R_ENCODE_ERROR); return NULL; @@ -91,7 +91,7 @@ void *ret = ASN1_item_d2i(NULL, &p, oct->length, it); if (ret == NULL || p != oct->data + oct->length) { OPENSSL_PUT_ERROR(ASN1, ASN1_R_DECODE_ERROR); - ASN1_item_free(ret, it); + ASN1_item_free(reinterpret_cast<ASN1_VALUE *>(ret), it); return NULL; } return ret;
diff --git a/crypto/asn1/f_int.c b/crypto/asn1/f_int.cc similarity index 100% rename from crypto/asn1/f_int.c rename to crypto/asn1/f_int.cc
diff --git a/crypto/asn1/f_string.c b/crypto/asn1/f_string.cc similarity index 100% rename from crypto/asn1/f_string.c rename to crypto/asn1/f_string.cc
diff --git a/crypto/asn1/posix_time.c b/crypto/asn1/posix_time.cc similarity index 99% rename from crypto/asn1/posix_time.c rename to crypto/asn1/posix_time.cc index ff95cca..d4d3c5e 100644 --- a/crypto/asn1/posix_time.c +++ b/crypto/asn1/posix_time.cc
@@ -154,7 +154,7 @@ } int OPENSSL_posix_to_tm(int64_t time, struct tm *out_tm) { - struct tm tmp_tm = {0}; + struct tm tmp_tm = {}; if (!utc_from_posix_time(time, &tmp_tm.tm_year, &tmp_tm.tm_mon, &tmp_tm.tm_mday, &tmp_tm.tm_hour, &tmp_tm.tm_min, &tmp_tm.tm_sec)) {
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.cc similarity index 98% rename from crypto/asn1/tasn_dec.c rename to crypto/asn1/tasn_dec.cc index 94891c8..56bbf0d 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.cc
@@ -282,7 +282,8 @@ OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_TEMPLATE); goto err; } - const ASN1_EXTERN_FUNCS *ef = it->funcs; + const ASN1_EXTERN_FUNCS *ef = + reinterpret_cast<const ASN1_EXTERN_FUNCS *>(it->funcs); return ef->asn1_ex_d2i(pval, in, len, it, opt, NULL); } @@ -294,7 +295,7 @@ goto err; } - const ASN1_AUX *aux = it->funcs; + const ASN1_AUX *aux = reinterpret_cast<const ASN1_AUX *>(it->funcs); ASN1_aux_cb *asn1_cb = aux != NULL ? aux->asn1_cb : NULL; if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) { goto auxerr; @@ -379,7 +380,7 @@ goto err; } - const ASN1_AUX *aux = it->funcs; + const ASN1_AUX *aux = reinterpret_cast<const ASN1_AUX *>(it->funcs); ASN1_aux_cb *asn1_cb = aux != NULL ? aux->asn1_cb : NULL; if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) { goto auxerr;
diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.cc similarity index 97% rename from crypto/asn1/tasn_enc.c rename to crypto/asn1/tasn_enc.cc index bffc3cc..ab6f580 100644 --- a/crypto/asn1/tasn_enc.c +++ b/crypto/asn1/tasn_enc.cc
@@ -90,7 +90,7 @@ if (len <= 0) { return len; } - buf = OPENSSL_malloc(len); + buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(len)); if (!buf) { return -1; } @@ -191,7 +191,8 @@ OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_TEMPLATE); return -1; } - const ASN1_EXTERN_FUNCS *ef = it->funcs; + const ASN1_EXTERN_FUNCS *ef = + reinterpret_cast<const ASN1_EXTERN_FUNCS *>(it->funcs); int ret = ef->asn1_ex_i2d(pval, out, it); if (ret == 0) { // |asn1_ex_i2d| should never return zero. We have already checked @@ -424,7 +425,8 @@ } DER_ENC; static int der_cmp(const void *a, const void *b) { - const DER_ENC *d1 = a, *d2 = b; + const DER_ENC *d1 = reinterpret_cast<const DER_ENC *>(a), + *d2 = reinterpret_cast<const DER_ENC *>(b); int cmplen, i; cmplen = (d1->length < d2->length) ? d1->length : d2->length; i = OPENSSL_memcmp(d1->data, d2->data, cmplen); @@ -453,14 +455,15 @@ } int ret = 0; - unsigned char *const buf = OPENSSL_malloc(skcontlen); - DER_ENC *encoded = OPENSSL_calloc(sk_ASN1_VALUE_num(sk), sizeof(*encoded)); + uint8_t *const buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(skcontlen)); + DER_ENC *encoded = reinterpret_cast<DER_ENC *>( + OPENSSL_calloc(sk_ASN1_VALUE_num(sk), sizeof(*encoded))); + uint8_t *p = buf; if (encoded == NULL || buf == NULL) { goto err; } // Encode all the elements into |buf| and populate |encoded|. - unsigned char *p = buf; for (size_t i = 0; i < sk_ASN1_VALUE_num(sk); i++) { ASN1_VALUE *skitem = sk_ASN1_VALUE_value(sk, i); encoded[i].data = p;
diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.cc similarity index 96% rename from crypto/asn1/tasn_fre.c rename to crypto/asn1/tasn_fre.cc index add46f5..3cb3d80 100644 --- a/crypto/asn1/tasn_fre.c +++ b/crypto/asn1/tasn_fre.cc
@@ -94,7 +94,7 @@ break; case ASN1_ITYPE_CHOICE: { - const ASN1_AUX *aux = it->funcs; + const ASN1_AUX *aux = reinterpret_cast<const ASN1_AUX *>(it->funcs); ASN1_aux_cb *asn1_cb = aux != NULL ? aux->asn1_cb : NULL; if (asn1_cb) { i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL); @@ -118,7 +118,7 @@ } case ASN1_ITYPE_EXTERN: - ef = it->funcs; + ef = reinterpret_cast<const ASN1_EXTERN_FUNCS *>(it->funcs); if (ef && ef->asn1_ex_free) { ef->asn1_ex_free(pval, it); } @@ -128,7 +128,7 @@ if (!asn1_refcount_dec_and_test_zero(pval, it)) { return; } - const ASN1_AUX *aux = it->funcs; + const ASN1_AUX *aux = reinterpret_cast<const ASN1_AUX *>(it->funcs); ASN1_aux_cb *asn1_cb = aux != NULL ? aux->asn1_cb : NULL; if (asn1_cb) { i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL);
diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.cc similarity index 94% rename from crypto/asn1/tasn_new.c rename to crypto/asn1/tasn_new.cc index 76c52c3..38b30a9 100644 --- a/crypto/asn1/tasn_new.c +++ b/crypto/asn1/tasn_new.cc
@@ -91,7 +91,7 @@ switch (it->itype) { case ASN1_ITYPE_EXTERN: - ef = it->funcs; + ef = reinterpret_cast<const ASN1_EXTERN_FUNCS *>(it->funcs); if (ef && ef->asn1_ex_new) { if (!ef->asn1_ex_new(pval, it)) { goto memerr; @@ -116,7 +116,7 @@ break; case ASN1_ITYPE_CHOICE: { - const ASN1_AUX *aux = it->funcs; + const ASN1_AUX *aux = reinterpret_cast<const ASN1_AUX *>(it->funcs); ASN1_aux_cb *asn1_cb = aux != NULL ? aux->asn1_cb : NULL; if (asn1_cb) { i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL); @@ -127,7 +127,7 @@ return 1; } } - *pval = OPENSSL_zalloc(it->size); + *pval = reinterpret_cast<ASN1_VALUE *>(OPENSSL_zalloc(it->size)); if (!*pval) { goto memerr; } @@ -139,7 +139,7 @@ } case ASN1_ITYPE_SEQUENCE: { - const ASN1_AUX *aux = it->funcs; + const ASN1_AUX *aux = reinterpret_cast<const ASN1_AUX *>(it->funcs); ASN1_aux_cb *asn1_cb = aux != NULL ? aux->asn1_cb : NULL; if (asn1_cb) { i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL); @@ -150,7 +150,7 @@ return 1; } } - *pval = OPENSSL_zalloc(it->size); + *pval = reinterpret_cast<ASN1_VALUE *>(OPENSSL_zalloc(it->size)); if (!*pval) { goto memerr; } @@ -279,7 +279,8 @@ return 1; case V_ASN1_ANY: { - ASN1_TYPE *typ = OPENSSL_malloc(sizeof(ASN1_TYPE)); + ASN1_TYPE *typ = + reinterpret_cast<ASN1_TYPE *>(OPENSSL_malloc(sizeof(ASN1_TYPE))); if (!typ) { return 0; }
diff --git a/crypto/asn1/tasn_typ.c b/crypto/asn1/tasn_typ.cc similarity index 100% rename from crypto/asn1/tasn_typ.c rename to crypto/asn1/tasn_typ.cc
diff --git a/crypto/asn1/tasn_utl.c b/crypto/asn1/tasn_utl.cc similarity index 91% rename from crypto/asn1/tasn_utl.c rename to crypto/asn1/tasn_utl.cc index 488c206..420f1db 100644 --- a/crypto/asn1/tasn_utl.c +++ b/crypto/asn1/tasn_utl.cc
@@ -77,7 +77,7 @@ // Given an ASN1_ITEM CHOICE type return the selector value int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it) { - int *sel = offset2ptr(*pval, it->utype); + int *sel = reinterpret_cast<int *>(offset2ptr(*pval, it->utype)); return *sel; } @@ -85,7 +85,7 @@ int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it) { int *sel, ret; - sel = offset2ptr(*pval, it->utype); + sel = reinterpret_cast<int *>(offset2ptr(*pval, it->utype)); ret = *sel; *sel = value; return ret; @@ -96,11 +96,12 @@ if (it->itype != ASN1_ITYPE_SEQUENCE) { return NULL; } - const ASN1_AUX *aux = it->funcs; + const ASN1_AUX *aux = reinterpret_cast<const ASN1_AUX *>(it->funcs); if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT)) { return NULL; } - return offset2ptr(*pval, aux->ref_offset); + return reinterpret_cast<CRYPTO_refcount_t *>( + offset2ptr(*pval, aux->ref_offset)); } void asn1_refcount_set_one(ASN1_VALUE **pval, const ASN1_ITEM *it) { @@ -124,11 +125,11 @@ if (!pval || !*pval) { return NULL; } - aux = it->funcs; + aux = reinterpret_cast<const ASN1_AUX *>(it->funcs); if (!aux || !(aux->flags & ASN1_AFLG_ENCODING)) { return NULL; } - return offset2ptr(*pval, aux->enc_offset); + return reinterpret_cast<ASN1_ENCODING *>(offset2ptr(*pval, aux->enc_offset)); } void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it) { @@ -163,7 +164,7 @@ enc->buf = buf; enc->enc = (uint8_t *)in; } else { - enc->enc = OPENSSL_memdup(in, in_len); + enc->enc = reinterpret_cast<uint8_t *>(OPENSSL_memdup(in, in_len)); if (!enc->enc) { return 0; } @@ -202,7 +203,8 @@ // Given an ASN1_TEMPLATE get a pointer to a field ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) { - ASN1_VALUE **pvaltmp = offset2ptr(*pval, tt->offset); + ASN1_VALUE **pvaltmp = + reinterpret_cast<ASN1_VALUE **>(offset2ptr(*pval, tt->offset)); // NOTE for BOOLEAN types the field is just a plain int so we can't return // int **, so settle for (int *). return pvaltmp; @@ -224,9 +226,10 @@ adb = ASN1_ADB_ptr(tt->item); // Get the selector field - sfld = offset2ptr(*pval, adb->offset); + sfld = reinterpret_cast<ASN1_VALUE **>(offset2ptr(*pval, adb->offset)); // Check if NULL + int selector; if (*sfld == NULL) { if (!adb->null_tt) { goto err; @@ -238,7 +241,7 @@ // NB: don't check for NID_undef here because it // might be a legitimate value in the table assert(tt->flags & ASN1_TFLG_ADB_OID); - int selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld); + selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld); // Try to find matching entry in table Maybe should check application types // first to allow application override? Might also be useful to have a flag
diff --git a/crypto/base64/base64.c b/crypto/base64/base64.cc similarity index 95% rename from crypto/base64/base64.c rename to crypto/base64/base64.cc index 26ad974..6878321 100644 --- a/crypto/base64/base64.c +++ b/crypto/base64/base64.cc
@@ -121,12 +121,11 @@ } EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void) { - return OPENSSL_zalloc(sizeof(EVP_ENCODE_CTX)); + return reinterpret_cast<EVP_ENCODE_CTX *>( + OPENSSL_zalloc(sizeof(EVP_ENCODE_CTX))); } -void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx) { - OPENSSL_free(ctx); -} +void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx) { OPENSSL_free(ctx); } void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) { OPENSSL_memset(ctx, 0, sizeof(EVP_ENCODE_CTX)); @@ -302,9 +301,9 @@ const uint32_t v = ((uint32_t)a) << 18 | ((uint32_t)b) << 12 | ((uint32_t)c) << 6 | (uint32_t)d; - const unsigned padding_pattern = (in[0] == '=') << 3 | - (in[1] == '=') << 2 | - (in[2] == '=') << 1 | + const unsigned padding_pattern = (in[0] == '=') << 3 | // + (in[1] == '=') << 2 | // + (in[2] == '=') << 1 | // (in[3] == '='); // In presence of padding, the lowest bits of v are unused. Canonical encoding @@ -412,8 +411,7 @@ } size_t max_len; - if (!EVP_DecodedLength(&max_len, in_len) || - max_out < max_len) { + if (!EVP_DecodedLength(&max_len, in_len) || max_out < max_len) { return 0; } @@ -449,7 +447,7 @@ // Trim newlines, spaces and tabs from the end of the line. while (src_len > 0) { - switch (src[src_len-1]) { + switch (src[src_len - 1]) { case ' ': case '\t': case '\r': @@ -462,8 +460,7 @@ } size_t dst_len; - if (!EVP_DecodedLength(&dst_len, src_len) || - dst_len > INT_MAX || + if (!EVP_DecodedLength(&dst_len, src_len) || dst_len > INT_MAX || !EVP_DecodeBase64(dst, &dst_len, dst_len, src, src_len)) { return -1; }
diff --git a/crypto/bio/bio.c b/crypto/bio/bio.cc similarity index 89% rename from crypto/bio/bio.c rename to crypto/bio/bio.cc index 1543b30..b1a91f7 100644 --- a/crypto/bio/bio.c +++ b/crypto/bio/bio.cc
@@ -73,7 +73,7 @@ CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA; BIO *BIO_new(const BIO_METHOD *method) { - BIO *ret = OPENSSL_zalloc(sizeof(BIO)); + BIO *ret = reinterpret_cast<BIO *>(OPENSSL_zalloc(sizeof(BIO))); if (ret == NULL) { return NULL; } @@ -116,13 +116,9 @@ return 1; } -void BIO_vfree(BIO *bio) { - BIO_free(bio); -} +void BIO_vfree(BIO *bio) { BIO_free(bio); } -void BIO_free_all(BIO *bio) { - BIO_free(bio); -} +void BIO_free_all(BIO *bio) { BIO_free(bio); } int BIO_read(BIO *bio, void *buf, int len) { if (bio == NULL || bio->method == NULL || bio->method->bread == NULL) { @@ -136,7 +132,7 @@ if (len <= 0) { return 0; } - int ret = bio->method->bread(bio, buf, len); + int ret = bio->method->bread(bio, reinterpret_cast<char *>(buf), len); if (ret > 0) { bio->num_read += ret; } @@ -174,7 +170,7 @@ if (inl <= 0) { return 0; } - int ret = bio->method->bwrite(bio, in, inl); + int ret = bio->method->bwrite(bio, reinterpret_cast<const char *>(in), inl); if (ret > 0) { bio->num_write += ret; } @@ -182,7 +178,7 @@ } int BIO_write_all(BIO *bio, const void *data, size_t len) { - const uint8_t *data_u8 = data; + const uint8_t *data_u8 = reinterpret_cast<const uint8_t *>(data); while (len > 0) { int ret = BIO_write(bio, data_u8, len > INT_MAX ? INT_MAX : (int)len); if (ret <= 0) { @@ -204,9 +200,7 @@ return BIO_write(bio, in, (int)len); } -int BIO_flush(BIO *bio) { - return (int)BIO_ctrl(bio, BIO_CTRL_FLUSH, 0, NULL); -} +int BIO_flush(BIO *bio) { return (int)BIO_ctrl(bio, BIO_CTRL_FLUSH, 0, NULL); } long BIO_ctrl(BIO *bio, int cmd, long larg, void *parg) { if (bio == NULL) { @@ -237,21 +231,13 @@ return BIO_ctrl(b, cmd, larg, (void *)&i); } -int BIO_reset(BIO *bio) { - return (int)BIO_ctrl(bio, BIO_CTRL_RESET, 0, NULL); -} +int BIO_reset(BIO *bio) { return (int)BIO_ctrl(bio, BIO_CTRL_RESET, 0, NULL); } -int BIO_eof(BIO *bio) { - return (int)BIO_ctrl(bio, BIO_CTRL_EOF, 0, NULL); -} +int BIO_eof(BIO *bio) { return (int)BIO_ctrl(bio, BIO_CTRL_EOF, 0, NULL); } -void BIO_set_flags(BIO *bio, int flags) { - bio->flags |= flags; -} +void BIO_set_flags(BIO *bio, int flags) { bio->flags |= flags; } -int BIO_test_flags(const BIO *bio, int flags) { - return bio->flags & flags; -} +int BIO_test_flags(const BIO *bio, int flags) { return bio->flags & flags; } int BIO_should_read(const BIO *bio) { return BIO_test_flags(bio, BIO_FLAGS_READ); @@ -273,9 +259,7 @@ void BIO_set_retry_reason(BIO *bio, int reason) { bio->retry_reason = reason; } -void BIO_clear_flags(BIO *bio, int flags) { - bio->flags &= ~flags; -} +void BIO_clear_flags(BIO *bio, int flags) { bio->flags &= ~flags; } void BIO_set_retry_read(BIO *bio) { bio->flags |= BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY; @@ -287,9 +271,7 @@ static const int kRetryFlags = BIO_FLAGS_RWS | BIO_FLAGS_SHOULD_RETRY; -int BIO_get_retry_flags(BIO *bio) { - return bio->flags & kRetryFlags; -} +int BIO_get_retry_flags(BIO *bio) { return bio->flags & kRetryFlags; } void BIO_clear_retry_flags(BIO *bio) { bio->flags &= ~kRetryFlags; @@ -318,7 +300,7 @@ } size_t BIO_pending(const BIO *bio) { - const long r = BIO_ctrl((BIO *) bio, BIO_CTRL_PENDING, 0, NULL); + const long r = BIO_ctrl((BIO *)bio, BIO_CTRL_PENDING, 0, NULL); assert(r >= 0); if (r < 0) { @@ -327,12 +309,10 @@ return r; } -size_t BIO_ctrl_pending(const BIO *bio) { - return BIO_pending(bio); -} +size_t BIO_ctrl_pending(const BIO *bio) { return BIO_pending(bio); } size_t BIO_wpending(const BIO *bio) { - const long r = BIO_ctrl((BIO *) bio, BIO_CTRL_WPENDING, 0, NULL); + const long r = BIO_ctrl((BIO *)bio, BIO_CTRL_WPENDING, 0, NULL); assert(r >= 0); if (r < 0) { @@ -430,9 +410,7 @@ return BIO_write_all((BIO *)bio, str, len); } -void ERR_print_errors(BIO *bio) { - ERR_print_errors_cb(print_bio, bio); -} +void ERR_print_errors(BIO *bio) { ERR_print_errors_cb(print_bio, bio); } // bio_read_all reads everything from |bio| and prepends |prefix| to it. On // success, |*out| is set to an allocated buffer (which should be freed with @@ -454,7 +432,7 @@ if (len < prefix_len) { return 0; } - *out = OPENSSL_malloc(len); + *out = reinterpret_cast<uint8_t *>(OPENSSL_malloc(len)); if (*out == NULL) { return 0; } @@ -485,7 +463,8 @@ if (len < kChunkSize || len > max_len) { len = max_len; } - uint8_t *new_buf = OPENSSL_realloc(*out, len); + uint8_t *new_buf = + reinterpret_cast<uint8_t *>(OPENSSL_realloc(*out, len)); if (new_buf == NULL) { OPENSSL_free(*out); return 0; @@ -594,7 +573,7 @@ return 0; } - if ((len32 >> ((num_bytes-1)*8)) == 0) { + if ((len32 >> ((num_bytes - 1) * 8)) == 0) { // Length should have been at least one byte shorter. OPENSSL_PUT_ERROR(ASN1, ASN1_R_DECODE_ERROR); return 0; @@ -603,16 +582,14 @@ len = len32; } - if (len + header_len < len || - len + header_len > max_len || - len > INT_MAX) { + if (len + header_len < len || len + header_len > max_len || len > INT_MAX) { OPENSSL_PUT_ERROR(ASN1, ASN1_R_TOO_LONG); return 0; } len += header_len; *out_len = len; - *out = OPENSSL_malloc(len); + *out = reinterpret_cast<uint8_t *>(OPENSSL_malloc(len)); if (*out == NULL) { return 0; } @@ -644,7 +621,8 @@ } BIO_METHOD *BIO_meth_new(int type, const char *name) { - BIO_METHOD *method = OPENSSL_zalloc(sizeof(BIO_METHOD)); + BIO_METHOD *method = + reinterpret_cast<BIO_METHOD *>(OPENSSL_zalloc(sizeof(BIO_METHOD))); if (method == NULL) { return NULL; } @@ -653,18 +631,14 @@ return method; } -void BIO_meth_free(BIO_METHOD *method) { - OPENSSL_free(method); -} +void BIO_meth_free(BIO_METHOD *method) { OPENSSL_free(method); } -int BIO_meth_set_create(BIO_METHOD *method, - int (*create_func)(BIO *)) { +int BIO_meth_set_create(BIO_METHOD *method, int (*create_func)(BIO *)) { method->create = create_func; return 1; } -int BIO_meth_set_destroy(BIO_METHOD *method, - int (*destroy_func)(BIO *)) { +int BIO_meth_set_destroy(BIO_METHOD *method, int (*destroy_func)(BIO *)) { method->destroy = destroy_func; return 1; } @@ -710,10 +684,10 @@ return 1; } -int BIO_get_ex_new_index(long argl, void *argp, - CRYPTO_EX_unused *unused, - CRYPTO_EX_dup *dup_unused, - CRYPTO_EX_free *free_func) { +int BIO_get_ex_new_index(long argl, void *argp, // + CRYPTO_EX_unused *unused, // + CRYPTO_EX_dup *dup_unused, // + CRYPTO_EX_free *free_func) { return CRYPTO_get_ex_new_index_ex(&g_ex_data_class, argl, argp, free_func); }
diff --git a/crypto/bio/bio_mem.c b/crypto/bio/bio_mem.cc similarity index 94% rename from crypto/bio/bio_mem.c rename to crypto/bio/bio_mem.cc index 5d7534c..7d9c4b7 100644 --- a/crypto/bio/bio_mem.c +++ b/crypto/bio/bio_mem.cc
@@ -83,7 +83,7 @@ b = (BUF_MEM *)ret->ptr; // BIO_FLAGS_MEM_RDONLY ensures |b->data| is not written to. - b->data = (void *)buf; + b->data = reinterpret_cast<char *>(const_cast<void *>(buf)); b->length = size; b->max = size; @@ -135,7 +135,7 @@ return 0; } - BUF_MEM *b = bio->ptr; + BUF_MEM *b = reinterpret_cast<BUF_MEM *>(bio->ptr); int ret = outl; if ((size_t)ret > b->length) { ret = (int)b->length; @@ -169,7 +169,7 @@ return -1; } - BUF_MEM *b = bio->ptr; + BUF_MEM *b = reinterpret_cast<BUF_MEM *>(bio->ptr); if (!BUF_MEM_append(b, in, inl)) { return -1; } @@ -185,14 +185,15 @@ // The buffer size includes space for the trailing NUL, so we can read at most // one fewer byte. - BUF_MEM *b = bio->ptr; + BUF_MEM *b = reinterpret_cast<BUF_MEM *>(bio->ptr); int ret = size - 1; if ((size_t)ret > b->length) { ret = (int)b->length; } // Stop at the first newline. - const char *newline = OPENSSL_memchr(b->data, '\n', ret); + const char *newline = + reinterpret_cast<char *>(OPENSSL_memchr(b->data, '\n', ret)); if (newline != NULL) { ret = (int)(newline - b->data + 1); } @@ -231,7 +232,7 @@ case BIO_CTRL_INFO: ret = (long)b->length; if (ptr != NULL) { - char **pptr = ptr; + char **pptr = reinterpret_cast<char **>(ptr); *pptr = b->data; } break; @@ -242,7 +243,7 @@ break; case BIO_C_GET_BUF_MEM_PTR: if (ptr != NULL) { - BUF_MEM **pptr = ptr; + BUF_MEM **pptr = reinterpret_cast<BUF_MEM **>(ptr); *pptr = b; } break;
diff --git a/crypto/bio/connect.c b/crypto/bio/connect.cc similarity index 93% rename from crypto/bio/connect.c rename to crypto/bio/connect.cc index 50d8983..7efd4ff 100644 --- a/crypto/bio/connect.c +++ b/crypto/bio/connect.cc
@@ -63,9 +63,9 @@ #include <string.h> #if !defined(OPENSSL_WINDOWS) -#include <sys/socket.h> -#include <netinet/in.h> #include <arpa/inet.h> +#include <netinet/in.h> +#include <sys/socket.h> #include <unistd.h> #else OPENSSL_MSVC_PRAGMA(warning(push, 3)) @@ -77,8 +77,8 @@ #include <openssl/err.h> #include <openssl/mem.h> -#include "internal.h" #include "../internal.h" +#include "internal.h" enum { @@ -109,9 +109,7 @@ } BIO_CONNECT; #if !defined(OPENSSL_WINDOWS) -static int closesocket(int sock) { - return close(sock); -} +static int closesocket(int sock) { return close(sock); } #endif // split_host_and_port sets |*out_host| and |*out_port| to the host and port @@ -231,7 +229,7 @@ } BIO_clear_retry_flags(bio); - ret = connect(bio->num, (struct sockaddr*) &c->them, c->them_length); + ret = connect(bio->num, (struct sockaddr *)&c->them, c->them_length); if (ret < 0) { if (bio_socket_should_retry(ret)) { BIO_set_flags(bio, (BIO_FLAGS_IO_SPECIAL | BIO_FLAGS_SHOULD_RETRY)); @@ -261,7 +259,8 @@ BIO_clear_retry_flags(bio); OPENSSL_PUT_SYSTEM_ERROR(); OPENSSL_PUT_ERROR(BIO, BIO_R_NBIO_CONNECT_ERROR); - ERR_add_error_data(4, "host=", c->param_hostname, ":", c->param_port); + ERR_add_error_data(4, "host=", c->param_hostname, ":", + c->param_port); ret = 0; } goto exit_loop; @@ -296,7 +295,8 @@ } static BIO_CONNECT *BIO_CONNECT_new(void) { - BIO_CONNECT *ret = OPENSSL_zalloc(sizeof(BIO_CONNECT)); + BIO_CONNECT *ret = + reinterpret_cast<BIO_CONNECT *>(OPENSSL_zalloc(sizeof(BIO_CONNECT))); if (ret == NULL) { return NULL; } @@ -323,7 +323,7 @@ } static void conn_close_socket(BIO *bio) { - BIO_CONNECT *c = (BIO_CONNECT *) bio->ptr; + BIO_CONNECT *c = (BIO_CONNECT *)bio->ptr; if (bio->num == -1) { return; @@ -342,7 +342,7 @@ conn_close_socket(bio); } - BIO_CONNECT_free((BIO_CONNECT*) bio->ptr); + BIO_CONNECT_free((BIO_CONNECT *)bio->ptr); return 1; } @@ -422,13 +422,15 @@ bio->init = 1; if (num == 0) { OPENSSL_free(data->param_hostname); - data->param_hostname = OPENSSL_strdup(ptr); + data->param_hostname = + OPENSSL_strdup(reinterpret_cast<const char *>(ptr)); if (data->param_hostname == NULL) { ret = 0; } } else if (num == 1) { OPENSSL_free(data->param_port); - data->param_port = OPENSSL_strdup(ptr); + data->param_port = + OPENSSL_strdup(reinterpret_cast<const char *>(ptr)); if (data->param_port == NULL) { ret = 0; } @@ -464,7 +466,8 @@ case BIO_CTRL_FLUSH: break; case BIO_CTRL_GET_CALLBACK: { - int (**fptr)(const BIO *bio, int state, int xret) = ptr; + int (**fptr)(const BIO *bio, int state, int xret); + fptr = reinterpret_cast<decltype(fptr)>(ptr); *fptr = data->info_callback; } break; default: @@ -488,7 +491,8 @@ OPENSSL_MSVC_PRAGMA(warning(push)) OPENSSL_MSVC_PRAGMA(warning(disable : 4191)) OPENSSL_CLANG_PRAGMA("clang diagnostic push") - OPENSSL_CLANG_PRAGMA("clang diagnostic ignored \"-Wunknown-warning-option\"") + OPENSSL_CLANG_PRAGMA( + "clang diagnostic ignored \"-Wunknown-warning-option\"") OPENSSL_CLANG_PRAGMA("clang diagnostic ignored \"-Wcast-function-type\"") data->info_callback = (int (*)(const struct bio_st *, int, int))fp; OPENSSL_CLANG_PRAGMA("clang diagnostic pop") @@ -524,11 +528,11 @@ const BIO_METHOD *BIO_s_connect(void) { return &methods_connectp; } int BIO_set_conn_hostname(BIO *bio, const char *name) { - return (int)BIO_ctrl(bio, BIO_C_SET_CONNECT, 0, (void*) name); + return (int)BIO_ctrl(bio, BIO_C_SET_CONNECT, 0, (void *)name); } int BIO_set_conn_port(BIO *bio, const char *port_str) { - return (int)BIO_ctrl(bio, BIO_C_SET_CONNECT, 1, (void*) port_str); + return (int)BIO_ctrl(bio, BIO_C_SET_CONNECT, 1, (void *)port_str); } int BIO_set_conn_int_port(BIO *bio, const int *port) {
diff --git a/crypto/bio/errno.c b/crypto/bio/errno.cc similarity index 100% rename from crypto/bio/errno.c rename to crypto/bio/errno.cc
diff --git a/crypto/bio/fd.c b/crypto/bio/fd.cc similarity index 100% rename from crypto/bio/fd.c rename to crypto/bio/fd.cc
diff --git a/crypto/bio/file.c b/crypto/bio/file.cc similarity index 97% rename from crypto/bio/file.c rename to crypto/bio/file.cc index e68a898..81d2f43 100644 --- a/crypto/bio/file.c +++ b/crypto/bio/file.cc
@@ -143,7 +143,7 @@ } if (bio->init && bio->ptr != NULL) { - fclose(bio->ptr); + fclose(reinterpret_cast<FILE *>(bio->ptr)); bio->ptr = NULL; } bio->init = 0; @@ -208,7 +208,7 @@ // tested under POSIX will inadvertently change the state of |FILE| // objects when wrapping them in a |BIO|. if (num & BIO_FP_TEXT) { - _setmode(_fileno(ptr), _O_TEXT); + _setmode(_fileno(reinterpret_cast<FILE *>(ptr)), _O_TEXT); } #endif b->shutdown = (int)num & BIO_CLOSE; @@ -236,7 +236,7 @@ ret = 0; break; } - fp = fopen_if_available(ptr, mode); + fp = fopen_if_available(reinterpret_cast<const char *>(ptr), mode); if (fp == NULL) { OPENSSL_PUT_SYSTEM_ERROR(); ERR_add_error_data(5, "fopen('", ptr, "','", mode, "')");
diff --git a/crypto/bio/hexdump.c b/crypto/bio/hexdump.cc similarity index 100% rename from crypto/bio/hexdump.c rename to crypto/bio/hexdump.cc
diff --git a/crypto/bio/pair.c b/crypto/bio/pair.cc similarity index 90% rename from crypto/bio/pair.c rename to crypto/bio/pair.cc index 988b4ce..02a8ae6 100644 --- a/crypto/bio/pair.c +++ b/crypto/bio/pair.cc
@@ -81,7 +81,8 @@ }; static int bio_new(BIO *bio) { - struct bio_bio_st *b = OPENSSL_zalloc(sizeof *b); + struct bio_bio_st *b = + reinterpret_cast<bio_bio_st *>(OPENSSL_zalloc(sizeof *b)); if (b == NULL) { return 0; } @@ -92,7 +93,7 @@ } static void bio_destroy_pair(BIO *bio) { - struct bio_bio_st *b = bio->ptr; + struct bio_bio_st *b = reinterpret_cast<bio_bio_st *>(bio->ptr); BIO *peer_bio; struct bio_bio_st *peer_b; @@ -105,7 +106,7 @@ return; } - peer_b = peer_bio->ptr; + peer_b = reinterpret_cast<bio_bio_st *>(peer_bio->ptr); assert(peer_b != NULL); assert(peer_b->peer == bio); @@ -124,7 +125,7 @@ } static int bio_free(BIO *bio) { - struct bio_bio_st *b = bio->ptr; + struct bio_bio_st *b = reinterpret_cast<bio_bio_st *>(bio->ptr); assert(b != NULL); @@ -149,10 +150,10 @@ return 0; } - b = bio->ptr; + b = reinterpret_cast<bio_bio_st *>(bio->ptr); assert(b != NULL); assert(b->peer != NULL); - peer_b = b->peer->ptr; + peer_b = reinterpret_cast<bio_bio_st *>(b->peer->ptr); assert(peer_b != NULL); assert(peer_b->buf != NULL); @@ -233,7 +234,7 @@ return 0; } - b = bio->ptr; + b = reinterpret_cast<bio_bio_st *>(bio->ptr); assert(b != NULL); assert(b->peer != NULL); assert(b->buf != NULL); @@ -302,8 +303,8 @@ assert(bio1 != NULL); assert(bio2 != NULL); - b1 = bio1->ptr; - b2 = bio2->ptr; + b1 = reinterpret_cast<bio_bio_st *>(bio1->ptr); + b2 = reinterpret_cast<bio_bio_st *>(bio2->ptr); if (b1->peer != NULL || b2->peer != NULL) { OPENSSL_PUT_ERROR(BIO, BIO_R_IN_USE); @@ -314,7 +315,7 @@ if (writebuf1_len) { b1->size = writebuf1_len; } - b1->buf = OPENSSL_malloc(b1->size); + b1->buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(b1->size)); if (b1->buf == NULL) { return 0; } @@ -326,7 +327,7 @@ if (writebuf2_len) { b2->size = writebuf2_len; } - b2->buf = OPENSSL_malloc(b2->size); + b2->buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(b2->size)); if (b2->buf == NULL) { return 0; } @@ -349,13 +350,12 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) { long ret; - struct bio_bio_st *b = bio->ptr; + struct bio_bio_st *b = reinterpret_cast<bio_bio_st *>(bio->ptr); assert(b != NULL); switch (cmd) { - // specific CTRL codes - + // Specific control codes first: case BIO_C_GET_WRITE_BUF_SIZE: ret = (long)b->size; break; @@ -392,8 +392,8 @@ ret = 1; break; - // standard CTRL codes follow + // Standard control codes: case BIO_CTRL_GET_CLOSE: ret = bio->shutdown; break; @@ -405,7 +405,8 @@ case BIO_CTRL_PENDING: if (b->peer != NULL) { - struct bio_bio_st *peer_b = b->peer->ptr; + struct bio_bio_st *peer_b = + reinterpret_cast<bio_bio_st *>(b->peer->ptr); ret = (long)peer_b->len; } else { ret = 0; @@ -424,10 +425,11 @@ break; case BIO_CTRL_EOF: { - BIO *other_bio = ptr; + BIO *other_bio = reinterpret_cast<BIO *>(ptr); if (other_bio) { - struct bio_bio_st *other_b = other_bio->ptr; + struct bio_bio_st *other_b = + reinterpret_cast<bio_bio_st *>(other_bio->ptr); assert(other_b != NULL); ret = other_b->len == 0 && other_b->closed; } else { @@ -449,8 +451,8 @@ static const BIO_METHOD *bio_s_bio(void) { return &methods_biop; } -int BIO_new_bio_pair(BIO** bio1_p, size_t writebuf1_len, - BIO** bio2_p, size_t writebuf2_len) { +int BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1_len, BIO **bio2_p, + size_t writebuf2_len) { BIO *bio1 = BIO_new(bio_s_bio()); BIO *bio2 = BIO_new(bio_s_bio()); if (bio1 == NULL || bio2 == NULL ||
diff --git a/crypto/bio/printf.c b/crypto/bio/printf.cc similarity index 96% rename from crypto/bio/printf.c rename to crypto/bio/printf.cc index 102256b..37f4510 100644 --- a/crypto/bio/printf.c +++ b/crypto/bio/printf.cc
@@ -75,12 +75,12 @@ return -1; } - if ((size_t) out_len >= sizeof(buf)) { + if ((size_t)out_len >= sizeof(buf)) { const int requested_len = out_len; // The output was truncated. Note that vsnprintf's return value // does not include a trailing NUL, but the buffer must be sized // for it. - out = OPENSSL_malloc(requested_len + 1); + out = reinterpret_cast<char *>(OPENSSL_malloc(requested_len + 1)); out_malloced = 1; if (out == NULL) { return -1;
diff --git a/crypto/bio/socket.c b/crypto/bio/socket.cc similarity index 100% rename from crypto/bio/socket.c rename to crypto/bio/socket.cc
diff --git a/crypto/bio/socket_helper.c b/crypto/bio/socket_helper.cc similarity index 100% rename from crypto/bio/socket_helper.c rename to crypto/bio/socket_helper.cc
diff --git a/crypto/blake2/blake2.c b/crypto/blake2/blake2.cc similarity index 98% rename from crypto/blake2/blake2.c rename to crypto/blake2/blake2.cc index 14bbe5b..d129dbd 100644 --- a/crypto/blake2/blake2.c +++ b/crypto/blake2/blake2.cc
@@ -121,7 +121,7 @@ return; } - const uint8_t *data = in_data; + const uint8_t *data = reinterpret_cast<const uint8_t *>(in_data); size_t todo = sizeof(b2b->block) - b2b->block_used; if (todo > len) { todo = len;
diff --git a/crypto/bn_extra/bn_asn1.c b/crypto/bn_extra/bn_asn1.cc similarity index 100% rename from crypto/bn_extra/bn_asn1.c rename to crypto/bn_extra/bn_asn1.cc
diff --git a/crypto/bn_extra/convert.c b/crypto/bn_extra/convert.cc similarity index 92% rename from crypto/bn_extra/convert.c rename to crypto/bn_extra/convert.cc index c9161fa..e540523 100644 --- a/crypto/bn_extra/convert.c +++ b/crypto/bn_extra/convert.cc
@@ -78,8 +78,9 @@ char *BN_bn2hex(const BIGNUM *bn) { int width = bn_minimal_width(bn); - char *buf = OPENSSL_malloc(1 /* leading '-' */ + 1 /* zero is non-empty */ + - width * BN_BYTES * 2 + 1 /* trailing NUL */); + char *buf = reinterpret_cast<char *>( + OPENSSL_malloc(1 /* leading '-' */ + 1 /* zero is non-empty */ + + width * BN_BYTES * 2 + 1 /* trailing NUL */)); if (buf == NULL) { return NULL; } @@ -112,7 +113,7 @@ // decode_hex decodes |in_len| bytes of hex data from |in| and updates |bn|. static int decode_hex(BIGNUM *bn, const char *in, int in_len) { - if (in_len > INT_MAX/4) { + if (in_len > INT_MAX / 4) { OPENSSL_PUT_ERROR(BN, BN_R_BIGNUM_TOO_LONG); return 0; } @@ -163,8 +164,7 @@ l *= 10; l += in[i] - '0'; if (++j == BN_DEC_NUM) { - if (!BN_mul_word(bn, BN_DEC_CONV) || - !BN_add_word(bn, l)) { + if (!BN_mul_word(bn, BN_DEC_CONV) || !BN_add_word(bn, l)) { return 0; } l = 0; @@ -174,10 +174,11 @@ return 1; } -typedef int (*decode_func) (BIGNUM *bn, const char *in, int in_len); -typedef int (*char_test_func) (int c); +typedef int (*decode_func)(BIGNUM *bn, const char *in, int in_len); +typedef int (*char_test_func)(int c); -static int bn_x2bn(BIGNUM **outp, const char *in, decode_func decode, char_test_func want_char) { +static int bn_x2bn(BIGNUM **outp, const char *in, decode_func decode, + char_test_func want_char) { BIGNUM *ret = NULL; int neg = 0, i; int num; @@ -191,7 +192,8 @@ in++; } - for (i = 0; want_char((unsigned char)in[i]) && i + neg < INT_MAX; i++) {} + for (i = 0; want_char((unsigned char)in[i]) && i + neg < INT_MAX; i++) { + } num = i + neg; if (outp == NULL) { @@ -238,7 +240,7 @@ // and fix at the end. BIGNUM *copy = NULL; CBB cbb; - if (!CBB_init(&cbb, 16) || + if (!CBB_init(&cbb, 16) || // !CBB_add_u8(&cbb, 0 /* trailing NUL */)) { goto err; } @@ -270,7 +272,7 @@ } } - if (BN_is_negative(a) && + if (BN_is_negative(a) && // !CBB_add_u8(&cbb, '-')) { goto err; } @@ -282,7 +284,7 @@ } // Reverse the buffer. - for (size_t i = 0; i < len/2; i++) { + for (size_t i = 0; i < len / 2; i++) { uint8_t tmp = data[i]; data[i] = data[len - 1 - i]; data[len - 1 - i] = tmp; @@ -308,7 +310,7 @@ } if (in[0] == '0' && (in[1] == 'X' || in[1] == 'x')) { - if (!BN_hex2bn(outp, in+2)) { + if (!BN_hex2bn(outp, in + 2)) { return 0; } } else { @@ -377,9 +379,7 @@ } const size_t len = bytes + extend; - if (len < bytes || - 4 + len < len || - (len & 0xffffffff) != len) { + if (len < bytes || 4 + len < len || (len & 0xffffffff) != len) { // If we cannot represent the number then we emit zero as the interface // doesn't allow an error to be signalled. if (out) { @@ -411,9 +411,9 @@ OPENSSL_PUT_ERROR(BN, BN_R_BAD_ENCODING); return NULL; } - const size_t in_len = ((size_t)in[0] << 24) | - ((size_t)in[1] << 16) | - ((size_t)in[2] << 8) | + const size_t in_len = ((size_t)in[0] << 24) | // + ((size_t)in[1] << 16) | // + ((size_t)in[2] << 8) | // ((size_t)in[3]); if (in_len != len - 4) { OPENSSL_PUT_ERROR(BN, BN_R_BAD_ENCODING); @@ -449,7 +449,7 @@ } int BN_bn2binpad(const BIGNUM *in, uint8_t *out, int len) { - if (len < 0 || + if (len < 0 || // !BN_bn2bin_padded(out, (size_t)len, in)) { return -1; } @@ -457,7 +457,7 @@ } int BN_bn2lebinpad(const BIGNUM *in, uint8_t *out, int len) { - if (len < 0 || + if (len < 0 || // !BN_bn2le_padded(out, (size_t)len, in)) { return -1; }
diff --git a/crypto/buf/buf.c b/crypto/buf/buf.cc similarity index 96% rename from crypto/buf/buf.c rename to crypto/buf/buf.cc index 1fe8fe6..c63ada6 100644 --- a/crypto/buf/buf.c +++ b/crypto/buf/buf.cc
@@ -58,13 +58,15 @@ #include <string.h> -#include <openssl/mem.h> #include <openssl/err.h> +#include <openssl/mem.h> #include "../internal.h" -BUF_MEM *BUF_MEM_new(void) { return OPENSSL_zalloc(sizeof(BUF_MEM)); } +BUF_MEM *BUF_MEM_new(void) { + return reinterpret_cast<BUF_MEM *>(OPENSSL_zalloc(sizeof(BUF_MEM))); +} void BUF_MEM_free(BUF_MEM *buf) { if (buf == NULL) { @@ -92,7 +94,8 @@ return 0; } - char *new_buf = OPENSSL_realloc(buf->data, alloc_size); + char *new_buf = + reinterpret_cast<char *>(OPENSSL_realloc(buf->data, alloc_size)); if (new_buf == NULL) { return 0; }
diff --git a/crypto/bytestring/asn1_compat.c b/crypto/bytestring/asn1_compat.cc similarity index 100% rename from crypto/bytestring/asn1_compat.c rename to crypto/bytestring/asn1_compat.cc
diff --git a/crypto/bytestring/ber.c b/crypto/bytestring/ber.cc similarity index 100% rename from crypto/bytestring/ber.c rename to crypto/bytestring/ber.cc
diff --git a/crypto/bytestring/cbb.c b/crypto/bytestring/cbb.cc similarity index 90% rename from crypto/bytestring/cbb.c rename to crypto/bytestring/cbb.cc index d126acf..17baf64 100644 --- a/crypto/bytestring/cbb.c +++ b/crypto/bytestring/cbb.cc
@@ -18,15 +18,13 @@ #include <limits.h> #include <string.h> -#include <openssl/mem.h> #include <openssl/err.h> +#include <openssl/mem.h> #include "../internal.h" -void CBB_zero(CBB *cbb) { - OPENSSL_memset(cbb, 0, sizeof(CBB)); -} +void CBB_zero(CBB *cbb) { OPENSSL_memset(cbb, 0, sizeof(CBB)); } static void cbb_init(CBB *cbb, uint8_t *buf, size_t cap, int can_resize) { cbb->is_child = 0; @@ -41,7 +39,7 @@ int CBB_init(CBB *cbb, size_t initial_capacity) { CBB_zero(cbb); - uint8_t *buf = OPENSSL_malloc(initial_capacity); + uint8_t *buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(initial_capacity)); if (initial_capacity > 0 && buf == NULL) { return 0; } @@ -92,7 +90,8 @@ if (newcap < base->cap || newcap < newlen) { newcap = newlen; } - uint8_t *newbuf = OPENSSL_realloc(base->buf, newcap); + uint8_t *newbuf = + reinterpret_cast<uint8_t *>(OPENSSL_realloc(base->buf, newcap)); if (newbuf == NULL) { goto err; } @@ -200,13 +199,13 @@ assert(child->base == base); size_t child_start = child->offset + child->pending_len_len; - if (!CBB_flush(cbb->child) || - child_start < child->offset || + size_t len; + if (!CBB_flush(cbb->child) || child_start < child->offset || base->len < child_start) { goto err; } - size_t len = base->len - child_start; + len = base->len - child_start; if (child->pending_is_asn1) { // For ASN.1 we assume that we'll only need a single byte for the length. @@ -215,7 +214,7 @@ uint8_t len_len; uint8_t initial_length_byte; - assert (child->pending_len_len == 1); + assert(child->pending_len_len == 1); if (len > 0xfffffffe) { OPENSSL_PUT_ERROR(CRYPTO, ERR_R_OVERFLOW); @@ -403,8 +402,7 @@ } int CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len) { - if (!CBB_flush(cbb) || - !cbb_buffer_add(cbb_get_base(cbb), out_data, len)) { + if (!CBB_flush(cbb) || !cbb_buffer_add(cbb_get_base(cbb), out_data, len)) { return 0; } return 1; @@ -421,9 +419,7 @@ int CBB_did_write(CBB *cbb, size_t len) { struct cbb_buffer_st *base = cbb_get_base(cbb); size_t newlen = base->len + len; - if (cbb->child != NULL || - newlen < base->len || - newlen > base->cap) { + if (cbb->child != NULL || newlen < base->len || newlen > base->cap) { return 0; } base->len = newlen; @@ -450,33 +446,23 @@ return 1; } -int CBB_add_u8(CBB *cbb, uint8_t value) { - return cbb_add_u(cbb, value, 1); -} +int CBB_add_u8(CBB *cbb, uint8_t value) { return cbb_add_u(cbb, value, 1); } -int CBB_add_u16(CBB *cbb, uint16_t value) { - return cbb_add_u(cbb, value, 2); -} +int CBB_add_u16(CBB *cbb, uint16_t value) { return cbb_add_u(cbb, value, 2); } int CBB_add_u16le(CBB *cbb, uint16_t value) { return CBB_add_u16(cbb, CRYPTO_bswap2(value)); } -int CBB_add_u24(CBB *cbb, uint32_t value) { - return cbb_add_u(cbb, value, 3); -} +int CBB_add_u24(CBB *cbb, uint32_t value) { return cbb_add_u(cbb, value, 3); } -int CBB_add_u32(CBB *cbb, uint32_t value) { - return cbb_add_u(cbb, value, 4); -} +int CBB_add_u32(CBB *cbb, uint32_t value) { return cbb_add_u(cbb, value, 4); } int CBB_add_u32le(CBB *cbb, uint32_t value) { return CBB_add_u32(cbb, CRYPTO_bswap4(value)); } -int CBB_add_u64(CBB *cbb, uint64_t value) { - return cbb_add_u(cbb, value, 8); -} +int CBB_add_u64(CBB *cbb, uint64_t value) { return cbb_add_u(cbb, value, 8); } int CBB_add_u64le(CBB *cbb, uint64_t value) { return CBB_add_u64(cbb, CRYPTO_bswap8(value)); @@ -501,13 +487,13 @@ int CBB_add_asn1_uint64_with_tag(CBB *cbb, uint64_t value, CBS_ASN1_TAG tag) { CBB child; + int started = 0; if (!CBB_add_asn1(cbb, &child, tag)) { goto err; } - int started = 0; for (size_t i = 0; i < 8; i++) { - uint8_t byte = (value >> 8*(7-i)) & 0xff; + uint8_t byte = (value >> 8 * (7 - i)) & 0xff; if (!started) { if (byte == 0) { // Don't encode leading zeros. @@ -573,8 +559,7 @@ int CBB_add_asn1_octet_string(CBB *cbb, const uint8_t *data, size_t data_len) { CBB child; if (!CBB_add_asn1(cbb, &child, CBS_ASN1_OCTETSTRING) || - !CBB_add_bytes(&child, data, data_len) || - !CBB_flush(cbb)) { + !CBB_add_bytes(&child, data, data_len) || !CBB_flush(cbb)) { cbb_on_error(cbb); return 0; } @@ -585,8 +570,7 @@ int CBB_add_asn1_bool(CBB *cbb, int value) { CBB child; if (!CBB_add_asn1(cbb, &child, CBS_ASN1_BOOLEAN) || - !CBB_add_u8(&child, value != 0 ? 0xff : 0) || - !CBB_flush(cbb)) { + !CBB_add_u8(&child, value != 0 ? 0xff : 0) || !CBB_flush(cbb)) { cbb_on_error(cbb); return 0; } @@ -620,24 +604,20 @@ // OIDs must have at least two components. uint64_t a, b; - if (!parse_dotted_decimal(&cbs, &a) || - !parse_dotted_decimal(&cbs, &b)) { + if (!parse_dotted_decimal(&cbs, &a) || !parse_dotted_decimal(&cbs, &b)) { return 0; } // The first component is encoded as 40 * |a| + |b|. This assumes that |a| is // 0, 1, or 2 and that, when it is 0 or 1, |b| is at most 39. - if (a > 2 || - (a < 2 && b > 39) || - b > UINT64_MAX - 80 || + if (a > 2 || (a < 2 && b > 39) || b > UINT64_MAX - 80 || !add_base128_integer(cbb, 40u * a + b)) { return 0; } // The remaining components are encoded unmodified. while (CBS_len(&cbs) > 0) { - if (!parse_dotted_decimal(&cbs, &a) || - !add_base128_integer(cbb, a)) { + if (!parse_dotted_decimal(&cbs, &a) || !add_base128_integer(cbb, a)) { return 0; } } @@ -648,7 +628,8 @@ static int compare_set_of_element(const void *a_ptr, const void *b_ptr) { // See X.690, section 11.6 for the ordering. They are sorted in ascending // order by their DER encoding. - const CBS *a = a_ptr, *b = b_ptr; + const CBS *a = reinterpret_cast<const CBS *>(a_ptr), + *b = reinterpret_cast<const CBS *>(b_ptr); size_t a_len = CBS_len(a), b_len = CBS_len(b); size_t min_len = a_len < b_len ? a_len : b_len; int ret = OPENSSL_memcmp(CBS_data(a), CBS_data(b), min_len); @@ -687,8 +668,12 @@ // remain valid as we rewrite |cbb|. int ret = 0; size_t buf_len = CBB_len(cbb); - uint8_t *buf = OPENSSL_memdup(CBB_data(cbb), buf_len); - CBS *children = OPENSSL_calloc(num_children, sizeof(CBS)); + uint8_t *buf = + reinterpret_cast<uint8_t *>(OPENSSL_memdup(CBB_data(cbb), buf_len)); + CBS *children = + reinterpret_cast<CBS *>(OPENSSL_calloc(num_children, sizeof(CBS))); + uint8_t *out; + size_t offset = 0; if (buf == NULL || children == NULL) { goto err; } @@ -701,8 +686,7 @@ qsort(children, num_children, sizeof(CBS), compare_set_of_element); // Write the contents back in the new order. - uint8_t *out = (uint8_t *)CBB_data(cbb); - size_t offset = 0; + out = (uint8_t *)CBB_data(cbb); for (size_t i = 0; i < num_children; i++) { OPENSSL_memcpy(out + offset, CBS_data(&children[i]), CBS_len(&children[i])); offset += CBS_len(&children[i]);
diff --git a/crypto/bytestring/cbs.c b/crypto/bytestring/cbs.cc similarity index 94% rename from crypto/bytestring/cbs.c rename to crypto/bytestring/cbs.cc index c5f0464..cc5752f 100644 --- a/crypto/bytestring/cbs.c +++ b/crypto/bytestring/cbs.cc
@@ -50,7 +50,7 @@ if (cbs->len == 0) { return 1; } - *out_ptr = OPENSSL_memdup(cbs->data, cbs->len); + *out_ptr = reinterpret_cast<uint8_t *>(OPENSSL_memdup(cbs->data, cbs->len)); if (*out_ptr == NULL) { return 0; } @@ -62,7 +62,7 @@ if (*out_ptr != NULL) { OPENSSL_free(*out_ptr); } - *out_ptr = OPENSSL_strndup((const char*)cbs->data, cbs->len); + *out_ptr = OPENSSL_strndup((const char *)cbs->data, cbs->len); return (*out_ptr != NULL); } @@ -144,9 +144,7 @@ return 1; } -int CBS_get_u64(CBS *cbs, uint64_t *out) { - return cbs_get_u(cbs, out, 8); -} +int CBS_get_u64(CBS *cbs, uint64_t *out) { return cbs_get_u(cbs, out, 8); } int CBS_get_u64le(CBS *cbs, uint64_t *out) { if (!cbs_get_u(cbs, out, 8)) { @@ -207,7 +205,8 @@ } int CBS_get_until_first(CBS *cbs, CBS *out, uint8_t c) { - const uint8_t *split = OPENSSL_memchr(CBS_data(cbs), c, CBS_len(cbs)); + const uint8_t *split = reinterpret_cast<const uint8_t *>( + OPENSSL_memchr(CBS_data(cbs), c, CBS_len(cbs))); if (split == NULL) { return 0; } @@ -223,7 +222,7 @@ break; } CBS_skip(cbs, 1); - if (// Forbid stray leading zeros. + if (/* Forbid stray leading zeros */ (v == 0 && seen_digit) || // Check for overflow. v > UINT64_MAX / 10 || // @@ -341,7 +340,7 @@ // 8.1.3. if ((length_byte & 0x80) == 0) { // Short form length. - len = ((size_t) length_byte) + header_len; + len = ((size_t)length_byte) + header_len; if (out_header_len != NULL) { *out_header_len = header_len; } @@ -420,7 +419,7 @@ } int CBS_get_any_asn1_element(CBS *cbs, CBS *out, CBS_ASN1_TAG *out_tag, - size_t *out_header_len) { + size_t *out_header_len) { return cbs_get_any_asn1_element(cbs, out, out_tag, out_header_len, NULL, NULL, /*ber_ok=*/0); } @@ -515,8 +514,7 @@ int CBS_get_asn1_bool(CBS *cbs, int *out) { CBS bytes; - if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_BOOLEAN) || - CBS_len(&bytes) != 1) { + if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_BOOLEAN) || CBS_len(&bytes) != 1) { return 0; } @@ -529,7 +527,8 @@ return 1; } -int CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present, CBS_ASN1_TAG tag) { +int CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present, + CBS_ASN1_TAG tag) { int present = 0; if (CBS_peek_asn1_tag(cbs, tag)) { @@ -576,8 +575,7 @@ return 0; } if (present) { - if (!CBS_get_asn1_uint64(&child, out) || - CBS_len(&child) != 0) { + if (!CBS_get_asn1_uint64(&child, out) || CBS_len(&child) != 0) { return 0; } } else { @@ -597,8 +595,7 @@ uint8_t boolean; if (!CBS_get_asn1(&child, &child2, CBS_ASN1_BOOLEAN) || - CBS_len(&child2) != 1 || - CBS_len(&child) != 0) { + CBS_len(&child2) != 1 || CBS_len(&child) != 0) { return 0; } @@ -619,8 +616,7 @@ int CBS_is_valid_asn1_bitstring(const CBS *cbs) { CBS in = *cbs; uint8_t num_unused_bits; - if (!CBS_get_u8(&in, &num_unused_bits) || - num_unused_bits > 7) { + if (!CBS_get_u8(&in, &num_unused_bits) || num_unused_bits > 7) { return 0; } @@ -707,12 +703,12 @@ } char *CBS_asn1_oid_to_text(const CBS *cbs) { + CBS copy = *cbs; CBB cbb; if (!CBB_init(&cbb, 32)) { goto err; } - CBS copy = *cbs; // The first component is 40 * value1 + value2, where value1 is 0, 1, or 2. uint64_t v; if (!parse_base128_integer(©, &v)) { @@ -724,15 +720,13 @@ !add_decimal(&cbb, v - 80)) { goto err; } - } else if (!add_decimal(&cbb, v / 40) || - !CBB_add_u8(&cbb, '.') || + } else if (!add_decimal(&cbb, v / 40) || !CBB_add_u8(&cbb, '.') || !add_decimal(&cbb, v % 40)) { goto err; } while (CBS_len(©) != 0) { - if (!parse_base128_integer(©, &v) || - !CBB_add_u8(&cbb, '.') || + if (!parse_base128_integer(©, &v) || !CBB_add_u8(&cbb, '.') || !add_decimal(&cbb, v)) { goto err; } @@ -740,8 +734,7 @@ uint8_t *txt; size_t txt_len; - if (!CBB_add_u8(&cbb, '\0') || - !CBB_finish(&cbb, &txt, &txt_len)) { + if (!CBB_add_u8(&cbb, '\0') || !CBB_finish(&cbb, &txt, &txt_len)) { goto err; } @@ -814,7 +807,7 @@ if (!cbs_get_two_digits(©, &tmp)) { return 0; } - year += tmp; + year += tmp; } else { year = 1900; if (!cbs_get_two_digits(©, &tmp)) {
diff --git a/crypto/bytestring/unicode.c b/crypto/bytestring/unicode.cc similarity index 100% rename from crypto/bytestring/unicode.c rename to crypto/bytestring/unicode.cc
diff --git a/crypto/chacha/chacha.c b/crypto/chacha/chacha.cc similarity index 100% rename from crypto/chacha/chacha.c rename to crypto/chacha/chacha.cc
diff --git a/crypto/cipher_extra/cipher_extra.c b/crypto/cipher_extra/cipher_extra.cc similarity index 100% rename from crypto/cipher_extra/cipher_extra.c rename to crypto/cipher_extra/cipher_extra.cc
diff --git a/crypto/cipher_extra/derive_key.c b/crypto/cipher_extra/derive_key.cc similarity index 100% rename from crypto/cipher_extra/derive_key.c rename to crypto/cipher_extra/derive_key.cc
diff --git a/crypto/cipher_extra/e_aesctrhmac.c b/crypto/cipher_extra/e_aesctrhmac.cc similarity index 100% rename from crypto/cipher_extra/e_aesctrhmac.c rename to crypto/cipher_extra/e_aesctrhmac.cc
diff --git a/crypto/cipher_extra/e_aesgcmsiv.c b/crypto/cipher_extra/e_aesgcmsiv.cc similarity index 95% rename from crypto/cipher_extra/e_aesgcmsiv.c rename to crypto/cipher_extra/e_aesgcmsiv.cc index c2bf993..985d6de 100644 --- a/crypto/cipher_extra/e_aesgcmsiv.c +++ b/crypto/cipher_extra/e_aesgcmsiv.cc
@@ -36,7 +36,7 @@ // Optimised AES-GCM-SIV struct aead_aes_gcm_siv_asm_ctx { - alignas(16) uint8_t key[16*15]; + alignas(16) uint8_t key[16 * 15]; int is_128_bit; }; @@ -57,15 +57,17 @@ return (struct aead_aes_gcm_siv_asm_ctx *)(&ctx->state.opaque[offset]); } +extern "C" { // aes128gcmsiv_aes_ks writes an AES-128 key schedule for |key| to // |out_expanded_key|. -extern void aes128gcmsiv_aes_ks( - const uint8_t key[16], uint8_t out_expanded_key[16*15]); +extern void aes128gcmsiv_aes_ks(const uint8_t key[16], + uint8_t out_expanded_key[16 * 15]); // aes256gcmsiv_aes_ks writes an AES-256 key schedule for |key| to // |out_expanded_key|. -extern void aes256gcmsiv_aes_ks( - const uint8_t key[32], uint8_t out_expanded_key[16*15]); +extern void aes256gcmsiv_aes_ks(const uint8_t key[32], + uint8_t out_expanded_key[16 * 15]); +} static int aead_aes_gcm_siv_asm_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, size_t tag_len) { @@ -103,6 +105,7 @@ static void aead_aes_gcm_siv_asm_cleanup(EVP_AEAD_CTX *ctx) {} +extern "C" { // aesgcmsiv_polyval_horner updates the POLYVAL value in |in_out_poly| to // include a number (|in_blocks|) of 16-byte blocks of data from |in|, given // the POLYVAL key in |key|. @@ -217,6 +220,7 @@ const uint8_t *tag, const struct aead_aes_gcm_siv_asm_ctx *key, size_t in_len); +} // gcm_siv_asm_polyval evaluates POLYVAL at |auth_key| on the given plaintext // and AD. The result is written to |out_tag|. @@ -228,7 +232,7 @@ const size_t ad_blocks = ad_len / 16; const size_t in_blocks = in_len / 16; int htable_init = 0; - alignas(16) uint8_t htable[16*8]; + alignas(16) uint8_t htable[16 * 8]; if (ad_blocks > 8 || in_blocks > 8) { htable_init = 1; @@ -335,8 +339,7 @@ const uint64_t in_len_64 = in_len; const uint64_t ad_len_64 = ad_len; - if (in_len_64 > (UINT64_C(1) << 36) || - ad_len_64 >= (UINT64_C(1) << 61)) { + if (in_len_64 > (UINT64_C(1) << 36) || ad_len_64 >= (UINT64_C(1) << 61)) { OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); return 0; } @@ -424,9 +427,9 @@ struct aead_aes_gcm_siv_asm_ctx expanded_key; if (gcm_siv_ctx->is_128_bit) { - aes128gcmsiv_aes_ks((const uint8_t *) record_enc_key, &expanded_key.key[0]); + aes128gcmsiv_aes_ks((const uint8_t *)record_enc_key, &expanded_key.key[0]); } else { - aes256gcmsiv_aes_ks((const uint8_t *) record_enc_key, &expanded_key.key[0]); + aes256gcmsiv_aes_ks((const uint8_t *)record_enc_key, &expanded_key.key[0]); } // calculated_tag is 16*8 bytes, rather than 16 bytes, because // aes[128|256]gcmsiv_dec uses the extra as scratch space. @@ -535,7 +538,7 @@ AES_KEY ks; } ks; block128_f kgk_block; - unsigned is_256:1; + unsigned is_256 : 1; }; static_assert(sizeof(((EVP_AEAD_CTX *)NULL)->state) >= @@ -635,8 +638,8 @@ } uint8_t length_block[16]; - CRYPTO_store_u64_le(length_block, ((uint64_t) ad_len) * 8); - CRYPTO_store_u64_le(length_block + 8, ((uint64_t) in_len) * 8); + CRYPTO_store_u64_le(length_block, ((uint64_t)ad_len) * 8); + CRYPTO_store_u64_le(length_block + 8, ((uint64_t)in_len) * 8); CRYPTO_POLYVAL_update_blocks(&polyval_ctx, length_block, sizeof(length_block)); @@ -659,10 +662,9 @@ // gcm_siv_keys calculates the keys for a specific GCM-SIV record with the // given nonce and writes them to |*out_keys|. -static void gcm_siv_keys( - const struct aead_aes_gcm_siv_ctx *gcm_siv_ctx, - struct gcm_siv_record_keys *out_keys, - const uint8_t nonce[EVP_AEAD_AES_GCM_SIV_NONCE_LEN]) { +static void gcm_siv_keys(const struct aead_aes_gcm_siv_ctx *gcm_siv_ctx, + struct gcm_siv_record_keys *out_keys, + const uint8_t nonce[EVP_AEAD_AES_GCM_SIV_NONCE_LEN]) { const AES_KEY *const key = &gcm_siv_ctx->ks.ks; uint8_t key_material[(128 /* POLYVAL key */ + 256 /* max AES key */) / 8]; const size_t blocks_needed = gcm_siv_ctx->is_256 ? 6 : 4; @@ -703,8 +705,7 @@ const uint64_t ad_len_64 = ad_len; if (in_len + EVP_AEAD_AES_GCM_SIV_TAG_LEN < in_len || - in_len_64 > (UINT64_C(1) << 36) || - ad_len_64 >= (UINT64_C(1) << 61)) { + in_len_64 > (UINT64_C(1) << 36) || ad_len_64 >= (UINT64_C(1) << 61)) { OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); return 0; } @@ -830,12 +831,8 @@ #else -const EVP_AEAD *EVP_aead_aes_128_gcm_siv(void) { - return &aead_aes_128_gcm_siv; -} +const EVP_AEAD *EVP_aead_aes_128_gcm_siv(void) { return &aead_aes_128_gcm_siv; } -const EVP_AEAD *EVP_aead_aes_256_gcm_siv(void) { - return &aead_aes_256_gcm_siv; -} +const EVP_AEAD *EVP_aead_aes_256_gcm_siv(void) { return &aead_aes_256_gcm_siv; } #endif // AES_GCM_SIV_ASM
diff --git a/crypto/cipher_extra/e_chacha20poly1305.c b/crypto/cipher_extra/e_chacha20poly1305.cc similarity index 100% rename from crypto/cipher_extra/e_chacha20poly1305.c rename to crypto/cipher_extra/e_chacha20poly1305.cc
diff --git a/crypto/cipher_extra/e_des.c b/crypto/cipher_extra/e_des.cc similarity index 79% rename from crypto/cipher_extra/e_des.c rename to crypto/cipher_extra/e_des.cc index 62ac2a0..586e2ff 100644 --- a/crypto/cipher_extra/e_des.c +++ b/crypto/cipher_extra/e_des.cc
@@ -85,14 +85,16 @@ } static const EVP_CIPHER evp_des_cbc = { - .nid = NID_des_cbc, - .block_size = 8, - .key_len = 8, - .iv_len = 8, - .ctx_size = sizeof(EVP_DES_KEY), - .flags = EVP_CIPH_CBC_MODE, - .init = des_init_key, - .cipher = des_cbc_cipher, + /*nid=*/NID_des_cbc, + /*block_size=*/8, + /*key_len=*/8, + /*iv_len=*/8, + /*ctx_size=*/sizeof(EVP_DES_KEY), + /*flags=*/EVP_CIPH_CBC_MODE, + /*init=*/des_init_key, + /*cipher=*/des_cbc_cipher, + /*cleanup=*/nullptr, + /*ctrl=*/nullptr, }; const EVP_CIPHER *EVP_des_cbc(void) { return &evp_des_cbc; } @@ -112,14 +114,16 @@ } static const EVP_CIPHER evp_des_ecb = { - .nid = NID_des_ecb, - .block_size = 8, - .key_len = 8, - .iv_len = 0, - .ctx_size = sizeof(EVP_DES_KEY), - .flags = EVP_CIPH_ECB_MODE, - .init = des_init_key, - .cipher = des_ecb_cipher, + /*nid=*/NID_des_ecb, + /*block_size=*/8, + /*key_len=*/8, + /*iv_len=*/0, + /*ctx_size=*/sizeof(EVP_DES_KEY), + /*flags=*/EVP_CIPH_ECB_MODE, + /*init=*/des_init_key, + /*cipher=*/des_ecb_cipher, + /*cleanup=*/nullptr, + /*ctrl=*/nullptr, }; const EVP_CIPHER *EVP_des_ecb(void) { return &evp_des_ecb; } @@ -149,14 +153,16 @@ } static const EVP_CIPHER evp_des_ede3_cbc = { - .nid = NID_des_ede3_cbc, - .block_size = 8, - .key_len = 24, - .iv_len = 8, - .ctx_size = sizeof(DES_EDE_KEY), - .flags = EVP_CIPH_CBC_MODE, - .init = des_ede3_init_key, - .cipher = des_ede3_cbc_cipher, + /*nid=*/NID_des_ede3_cbc, + /*block_size=*/8, + /*key_len=*/24, + /*iv_len=*/8, + /*ctx_size=*/sizeof(DES_EDE_KEY), + /*flags=*/EVP_CIPH_CBC_MODE, + /*init=*/des_ede3_init_key, + /*cipher=*/des_ede3_cbc_cipher, + /*cleanup=*/nullptr, + /*ctrl=*/nullptr, }; const EVP_CIPHER *EVP_des_ede3_cbc(void) { return &evp_des_ede3_cbc; } @@ -172,14 +178,16 @@ } static const EVP_CIPHER evp_des_ede_cbc = { - .nid = NID_des_ede_cbc, - .block_size = 8, - .key_len = 16, - .iv_len = 8, - .ctx_size = sizeof(DES_EDE_KEY), - .flags = EVP_CIPH_CBC_MODE, - .init = des_ede_init_key, - .cipher = des_ede3_cbc_cipher, + /*nid=*/NID_des_ede_cbc, + /*block_size=*/8, + /*key_len=*/16, + /*iv_len=*/8, + /*ctx_size=*/sizeof(DES_EDE_KEY), + /*flags=*/EVP_CIPH_CBC_MODE, + /*init=*/des_ede_init_key, + /*cipher=*/des_ede3_cbc_cipher, + /*cleanup=*/nullptr, + /*ctrl=*/nullptr, }; const EVP_CIPHER *EVP_des_ede_cbc(void) { return &evp_des_ede_cbc; } @@ -191,7 +199,7 @@ } in_len -= ctx->cipher->block_size; - DES_EDE_KEY *dat = (DES_EDE_KEY *) ctx->cipher_data; + DES_EDE_KEY *dat = (DES_EDE_KEY *)ctx->cipher_data; for (size_t i = 0; i <= in_len; i += ctx->cipher->block_size) { DES_ecb3_encrypt_ex(in + i, out + i, &dat->ks.ks[0], &dat->ks.ks[1], &dat->ks.ks[2], ctx->encrypt); @@ -200,27 +208,31 @@ } static const EVP_CIPHER evp_des_ede = { - .nid = NID_des_ede_ecb, - .block_size = 8, - .key_len = 16, - .iv_len = 0, - .ctx_size = sizeof(DES_EDE_KEY), - .flags = EVP_CIPH_ECB_MODE, - .init = des_ede_init_key, - .cipher = des_ede_ecb_cipher, + /*nid=*/NID_des_ede_ecb, + /*block_size=*/8, + /*key_len=*/16, + /*iv_len=*/0, + /*ctx_size=*/sizeof(DES_EDE_KEY), + /*flags=*/EVP_CIPH_ECB_MODE, + /*init=*/des_ede_init_key, + /*cipher=*/des_ede_ecb_cipher, + /*cleanup=*/nullptr, + /*ctrl=*/nullptr, }; const EVP_CIPHER *EVP_des_ede(void) { return &evp_des_ede; } static const EVP_CIPHER evp_des_ede3 = { - .nid = NID_des_ede3_ecb, - .block_size = 8, - .key_len = 24, - .iv_len = 0, - .ctx_size = sizeof(DES_EDE_KEY), - .flags = EVP_CIPH_ECB_MODE, - .init = des_ede3_init_key, - .cipher = des_ede_ecb_cipher, + /*nid=*/NID_des_ede3_ecb, + /*block_size=*/8, + /*key_len=*/24, + /*iv_len=*/0, + /*ctx_size=*/sizeof(DES_EDE_KEY), + /*flags=*/EVP_CIPH_ECB_MODE, + /*init=*/des_ede3_init_key, + /*cipher=*/des_ede_ecb_cipher, + /*cleanup=*/nullptr, + /*ctrl=*/nullptr, }; const EVP_CIPHER *EVP_des_ede3(void) { return &evp_des_ede3; }
diff --git a/crypto/cipher_extra/e_null.c b/crypto/cipher_extra/e_null.cc similarity index 91% rename from crypto/cipher_extra/e_null.c rename to crypto/cipher_extra/e_null.cc index ad99df9..34b15a9 100644 --- a/crypto/cipher_extra/e_null.c +++ b/crypto/cipher_extra/e_null.cc
@@ -69,8 +69,8 @@ return 1; } -static int null_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, - const uint8_t *in, size_t in_len) { +static int null_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, + size_t in_len) { if (in != out) { OPENSSL_memcpy(out, in, in_len); } @@ -78,13 +78,16 @@ } static const EVP_CIPHER n_cipher = { - .nid = NID_undef, - .block_size = 1, - .key_len = 0, - .iv_len = 0, - .ctx_size = 0, - .init = null_init_key, - .cipher = null_cipher, + /*nid=*/NID_undef, + /*block_size=*/1, + /*key_len=*/0, + /*iv_len=*/0, + /*ctx_size=*/0, + /*flags=*/0, + /*init=*/null_init_key, + /*cipher=*/null_cipher, + /*cleanup=*/nullptr, + /*ctrl=*/nullptr, }; const EVP_CIPHER *EVP_enc_null(void) { return &n_cipher; }
diff --git a/crypto/cipher_extra/e_rc2.c b/crypto/cipher_extra/e_rc2.cc similarity index 95% rename from crypto/cipher_extra/e_rc2.c rename to crypto/cipher_extra/e_rc2.cc index c2a143e..f826e71 100644 --- a/crypto/cipher_extra/e_rc2.c +++ b/crypto/cipher_extra/e_rc2.cc
@@ -138,7 +138,9 @@ } \ } while (0) -typedef struct rc2_key_st { uint16_t data[64]; } RC2_KEY; +typedef struct rc2_key_st { + uint16_t data[64]; +} RC2_KEY; static void RC2_encrypt(uint32_t *d, RC2_KEY *key) { int i, n; @@ -427,29 +429,31 @@ } static const EVP_CIPHER rc2_40_cbc = { - .nid = NID_rc2_40_cbc, - .block_size = 8, - .key_len = 5 /* 40 bit */, - .iv_len = 8, - .ctx_size = sizeof(EVP_RC2_KEY), - .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, - .init = rc2_init_key, - .cipher = rc2_cbc_cipher, - .ctrl = rc2_ctrl, + /*nid=*/NID_rc2_40_cbc, + /*block_size=*/8, + /*key_len=*/5 /* 40 bit */, + /*iv_len=*/8, + /*ctx_size=*/sizeof(EVP_RC2_KEY), + /*flags=*/EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, + /*init=*/rc2_init_key, + /*cipher=*/rc2_cbc_cipher, + /*cleanup=*/nullptr, + /*ctrl=*/rc2_ctrl, }; const EVP_CIPHER *EVP_rc2_40_cbc(void) { return &rc2_40_cbc; } static const EVP_CIPHER rc2_cbc = { - .nid = NID_rc2_cbc, - .block_size = 8, - .key_len = 16 /* 128 bit */, - .iv_len = 8, - .ctx_size = sizeof(EVP_RC2_KEY), - .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, - .init = rc2_init_key, - .cipher = rc2_cbc_cipher, - .ctrl = rc2_ctrl, + /*nid=*/NID_rc2_cbc, + /*block_size=*/8, + /*key_len=*/16 /* 128 bit */, + /*iv_len=*/8, + /*ctx_size=*/sizeof(EVP_RC2_KEY), + /*flags=*/EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, + /*init=*/rc2_init_key, + /*cipher=*/rc2_cbc_cipher, + /*cleanup=*/nullptr, + /*ctrl=*/rc2_ctrl, }; const EVP_CIPHER *EVP_rc2_cbc(void) { return &rc2_cbc; }
diff --git a/crypto/cipher_extra/e_rc4.c b/crypto/cipher_extra/e_rc4.cc similarity index 93% rename from crypto/cipher_extra/e_rc4.c rename to crypto/cipher_extra/e_rc4.cc index 0c3404f..4e736e3 100644 --- a/crypto/cipher_extra/e_rc4.c +++ b/crypto/cipher_extra/e_rc4.cc
@@ -81,14 +81,16 @@ } static const EVP_CIPHER rc4 = { - .nid = NID_rc4, - .block_size = 1, - .key_len = 16, - .iv_len = 0, - .ctx_size = sizeof(RC4_KEY), - .flags = EVP_CIPH_VARIABLE_LENGTH, - .init = rc4_init_key, - .cipher = rc4_cipher, + /*nid=*/NID_rc4, + /*block_size=*/1, + /*key_len=*/16, + /*iv_len=*/0, + /*ctx_size=*/sizeof(RC4_KEY), + /*flags=*/EVP_CIPH_VARIABLE_LENGTH, + /*init=*/rc4_init_key, + /*cipher=*/rc4_cipher, + /*cleanup=*/nullptr, + /*ctrl=*/nullptr, }; const EVP_CIPHER *EVP_rc4(void) { return &rc4; }
diff --git a/crypto/cipher_extra/e_tls.c b/crypto/cipher_extra/e_tls.cc similarity index 100% rename from crypto/cipher_extra/e_tls.c rename to crypto/cipher_extra/e_tls.cc
diff --git a/crypto/cipher_extra/tls_cbc.c b/crypto/cipher_extra/tls_cbc.cc similarity index 100% rename from crypto/cipher_extra/tls_cbc.c rename to crypto/cipher_extra/tls_cbc.cc
diff --git a/crypto/conf/conf.c b/crypto/conf/conf.cc similarity index 95% rename from crypto/conf/conf.c rename to crypto/conf/conf.cc index 1faba5f..cdcd3e9 100644 --- a/crypto/conf/conf.c +++ b/crypto/conf/conf.cc
@@ -57,8 +57,8 @@ #include <openssl/conf.h> #include <assert.h> -#include <string.h> #include <ctype.h> +#include <string.h> #include <openssl/bio.h> #include <openssl/buf.h> @@ -66,8 +66,8 @@ #include <openssl/lhash.h> #include <openssl/mem.h> -#include "internal.h" #include "../internal.h" +#include "internal.h" struct conf_section_st { @@ -106,7 +106,7 @@ return NULL; } - CONF *conf = OPENSSL_malloc(sizeof(CONF)); + CONF *conf = reinterpret_cast<CONF *>(OPENSSL_malloc(sizeof(CONF))); if (conf == NULL) { return NULL; } @@ -121,7 +121,9 @@ return conf; } -CONF_VALUE *CONF_VALUE_new(void) { return OPENSSL_zalloc(sizeof(CONF_VALUE)); } +CONF_VALUE *CONF_VALUE_new(void) { + return reinterpret_cast<CONF_VALUE *>(OPENSSL_zalloc(sizeof(CONF_VALUE))); +} static void value_free(CONF_VALUE *value) { if (value == NULL) { @@ -161,7 +163,8 @@ } static CONF_SECTION *NCONF_new_section(const CONF *conf, const char *section) { - CONF_SECTION *s = OPENSSL_malloc(sizeof(CONF_SECTION)); + CONF_SECTION *s = + reinterpret_cast<CONF_SECTION *>(OPENSSL_malloc(sizeof(CONF_SECTION))); if (!s) { return NULL; } @@ -275,10 +278,10 @@ } static CONF_SECTION *get_section(const CONF *conf, const char *section) { - CONF_SECTION template; - OPENSSL_memset(&template, 0, sizeof(template)); - template.name = (char *) section; - return lh_CONF_SECTION_retrieve(conf->sections, &template); + CONF_SECTION templ; + OPENSSL_memset(&templ, 0, sizeof(templ)); + templ.name = (char *)section; + return lh_CONF_SECTION_retrieve(conf->sections, &templ); } const STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, @@ -292,16 +295,16 @@ const char *NCONF_get_string(const CONF *conf, const char *section, const char *name) { - CONF_VALUE template, *value; + CONF_VALUE templ, *value; if (section == NULL) { section = kDefaultSectionName; } - OPENSSL_memset(&template, 0, sizeof(template)); - template.section = (char *)section; - template.name = (char *)name; - value = lh_CONF_VALUE_retrieve(conf->values, &template); + OPENSSL_memset(&templ, 0, sizeof(templ)); + templ.section = (char *)section; + templ.name = (char *)name; + value = lh_CONF_VALUE_retrieve(conf->values, &templ); if (value == NULL) { return NULL; }
diff --git a/crypto/cpu_aarch64_apple.c b/crypto/cpu_aarch64_apple.cc similarity index 100% rename from crypto/cpu_aarch64_apple.c rename to crypto/cpu_aarch64_apple.cc
diff --git a/crypto/cpu_aarch64_fuchsia.c b/crypto/cpu_aarch64_fuchsia.cc similarity index 100% rename from crypto/cpu_aarch64_fuchsia.c rename to crypto/cpu_aarch64_fuchsia.cc
diff --git a/crypto/cpu_aarch64_linux.c b/crypto/cpu_aarch64_linux.cc similarity index 100% rename from crypto/cpu_aarch64_linux.c rename to crypto/cpu_aarch64_linux.cc
diff --git a/crypto/cpu_aarch64_openbsd.c b/crypto/cpu_aarch64_openbsd.cc similarity index 100% rename from crypto/cpu_aarch64_openbsd.c rename to crypto/cpu_aarch64_openbsd.cc
diff --git a/crypto/cpu_aarch64_sysreg.c b/crypto/cpu_aarch64_sysreg.cc similarity index 100% rename from crypto/cpu_aarch64_sysreg.c rename to crypto/cpu_aarch64_sysreg.cc
diff --git a/crypto/cpu_aarch64_win.c b/crypto/cpu_aarch64_win.cc similarity index 100% rename from crypto/cpu_aarch64_win.c rename to crypto/cpu_aarch64_win.cc
diff --git a/crypto/cpu_arm_freebsd.c b/crypto/cpu_arm_freebsd.cc similarity index 100% rename from crypto/cpu_arm_freebsd.c rename to crypto/cpu_arm_freebsd.cc
diff --git a/crypto/cpu_arm_linux.c b/crypto/cpu_arm_linux.cc similarity index 96% rename from crypto/cpu_arm_linux.c rename to crypto/cpu_arm_linux.cc index 426dfe2..d9e3fb3 100644 --- a/crypto/cpu_arm_linux.c +++ b/crypto/cpu_arm_linux.cc
@@ -55,7 +55,7 @@ static const size_t kReadSize = 1024; int ret = 0; size_t cap = kReadSize, len = 0; - char *buf = OPENSSL_malloc(cap); + char *buf = reinterpret_cast<char *>(OPENSSL_malloc(cap)); if (buf == NULL) { goto err; } @@ -66,7 +66,7 @@ if (new_cap < cap) { goto err; } - char *new_buf = OPENSSL_realloc(buf, new_cap); + char *new_buf = reinterpret_cast<char *>(OPENSSL_realloc(buf, new_cap)); if (new_buf == NULL) { goto err; }
diff --git a/crypto/cpu_intel.c b/crypto/cpu_intel.cc similarity index 90% rename from crypto/cpu_intel.c rename to crypto/cpu_intel.cc index 7193493..f8950fb 100644 --- a/crypto/cpu_intel.c +++ b/crypto/cpu_intel.cc
@@ -56,7 +56,8 @@ #include <openssl/base.h> -#if !defined(OPENSSL_NO_ASM) && (defined(OPENSSL_X86) || defined(OPENSSL_X86_64)) +#if !defined(OPENSSL_NO_ASM) && \ + (defined(OPENSSL_X86) || defined(OPENSSL_X86_64)) #include <inttypes.h> #include <stdio.h> @@ -88,21 +89,19 @@ #elif defined(__pic__) && defined(OPENSSL_32_BIT) // Inline assembly may not clobber the PIC register. For 32-bit, this is EBX. // See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=47602. - __asm__ volatile ( - "xor %%ecx, %%ecx\n" - "mov %%ebx, %%edi\n" - "cpuid\n" - "xchg %%edi, %%ebx\n" - : "=a"(*out_eax), "=D"(*out_ebx), "=c"(*out_ecx), "=d"(*out_edx) - : "a"(leaf) - ); + __asm__ volatile( + "xor %%ecx, %%ecx\n" + "mov %%ebx, %%edi\n" + "cpuid\n" + "xchg %%edi, %%ebx\n" + : "=a"(*out_eax), "=D"(*out_ebx), "=c"(*out_ecx), "=d"(*out_edx) + : "a"(leaf)); #else - __asm__ volatile ( - "xor %%ecx, %%ecx\n" - "cpuid\n" - : "=a"(*out_eax), "=b"(*out_ebx), "=c"(*out_ecx), "=d"(*out_edx) - : "a"(leaf) - ); + __asm__ volatile( + "xor %%ecx, %%ecx\n" + "cpuid\n" + : "=a"(*out_eax), "=b"(*out_ebx), "=c"(*out_ecx), "=d"(*out_edx) + : "a"(leaf)); #endif } @@ -113,7 +112,7 @@ return (uint64_t)_xgetbv(xcr); #else uint32_t eax, edx; - __asm__ volatile ("xgetbv" : "=a"(eax), "=d"(edx) : "c"(xcr)); + __asm__ volatile("xgetbv" : "=a"(eax), "=d"(edx) : "c"(xcr)); return (((uint64_t)edx) << 32) | eax; #endif } @@ -121,27 +120,27 @@ // handle_cpu_env applies the value from |in| to the CPUID values in |out[0]| // and |out[1]|. See the comment in |OPENSSL_cpuid_setup| about this. static void handle_cpu_env(uint32_t *out, const char *in) { - const int invert = in[0] == '~'; - const int or = in[0] == '|'; - const int skip_first_byte = invert || or; - const int hex = in[skip_first_byte] == '0' && in[skip_first_byte+1] == 'x'; + const int invert_op = in[0] == '~'; + const int or_op = in[0] == '|'; + const int skip_first_byte = invert_op || or_op; + const int hex = in[skip_first_byte] == '0' && in[skip_first_byte + 1] == 'x'; int sscanf_result; uint64_t v; if (hex) { - sscanf_result = sscanf(in + invert + 2, "%" PRIx64, &v); + sscanf_result = sscanf(in + invert_op + 2, "%" PRIx64, &v); } else { - sscanf_result = sscanf(in + invert, "%" PRIu64, &v); + sscanf_result = sscanf(in + invert_op, "%" PRIu64, &v); } if (!sscanf_result) { return; } - if (invert) { + if (invert_op) { out[0] &= ~v; out[1] &= ~(v >> 32); - } else if (or) { + } else if (or_op) { out[0] |= v; out[1] |= (v >> 32); } else { @@ -157,11 +156,11 @@ uint32_t num_ids = eax; - int is_intel = ebx == 0x756e6547 /* Genu */ && - edx == 0x49656e69 /* ineI */ && + int is_intel = ebx == 0x756e6547 /* Genu */ && // + edx == 0x49656e69 /* ineI */ && // ecx == 0x6c65746e /* ntel */; - int is_amd = ebx == 0x68747541 /* Auth */ && - edx == 0x69746e65 /* enti */ && + int is_amd = ebx == 0x68747541 /* Auth */ && // + edx == 0x69746e65 /* enti */ && // ecx == 0x444d4163 /* cAMD */; uint32_t extended_features[2] = {0}; @@ -225,9 +224,9 @@ // See Intel manual, volume 1, section 14.3. if ((xcr0 & 6) != 6) { // YMM registers cannot be used. - ecx &= ~(1u << 28); // AVX - ecx &= ~(1u << 12); // FMA - ecx &= ~(1u << 11); // AMD XOP + ecx &= ~(1u << 28); // AVX + ecx &= ~(1u << 12); // FMA + ecx &= ~(1u << 11); // AMD XOP extended_features[0] &= ~(1u << 5); // AVX2 extended_features[1] &= ~(1u << 9); // VAES extended_features[1] &= ~(1u << 10); // VPCLMULQDQ
diff --git a/crypto/crypto.c b/crypto/crypto.cc similarity index 100% rename from crypto/crypto.c rename to crypto/crypto.cc
diff --git a/crypto/curve25519/curve25519.c b/crypto/curve25519/curve25519.cc similarity index 97% rename from crypto/curve25519/curve25519.c rename to crypto/curve25519/curve25519.cc index 761af4c..7b2a5e2 100644 --- a/crypto/curve25519/curve25519.c +++ b/crypto/curve25519/curve25519.cc
@@ -26,8 +26,8 @@ #include <openssl/rand.h> #include <openssl/sha.h> -#include "internal.h" #include "../internal.h" +#include "internal.h" // Various pre-computed constants. #include "./curve25519_tables.h" @@ -168,13 +168,9 @@ } // h = 0 -static void fe_0(fe *h) { - OPENSSL_memset(h, 0, sizeof(fe)); -} +static void fe_0(fe *h) { OPENSSL_memset(h, 0, sizeof(fe)); } -static void fe_loose_0(fe_loose *h) { - OPENSSL_memset(h, 0, sizeof(fe_loose)); -} +static void fe_loose_0(fe_loose *h) { OPENSSL_memset(h, 0, sizeof(fe_loose)); } // h = 1 static void fe_1(fe *h) { @@ -205,7 +201,7 @@ assert_fe_loose(h->v); } -static void fe_carry(fe *h, const fe_loose* f) { +static void fe_carry(fe *h, const fe_loose *f) { assert_fe_loose(f->v); fiat_25519_carry(h->v, f->v); assert_fe(h->v); @@ -261,7 +257,7 @@ // // Preconditions: b in {0,1}. static void fe_cswap(fe *f, fe *g, fe_limb_t b) { - b = 0-b; + b = 0 - b; for (unsigned i = 0; i < FE_NUM_LIMBS; i++) { fe_limb_t x = f->v[i] ^ g->v[i]; x &= b; @@ -293,9 +289,8 @@ // // TODO(davidben): Switch to fiat's calling convention, or ask fiat to emit a // different one. - (void)fiat_25519_selectznz; - b = 0-b; + b = 0 - b; for (unsigned i = 0; i < FE_NUM_LIMBS; i++) { fe_limb_t x = f->v[i] ^ g->v[i]; x &= b; @@ -304,9 +299,7 @@ } // h = f -static void fe_copy(fe *h, const fe *f) { - OPENSSL_memmove(h, f, sizeof(fe)); -} +static void fe_copy(fe *h, const fe *f) { OPENSSL_memmove(h, f, sizeof(fe)); } static void fe_copy_lt(fe_loose *h, const fe *f) { static_assert(sizeof(fe_loose) == sizeof(fe), "fe and fe_loose mismatch"); @@ -506,8 +499,8 @@ fe_carry(&u, &v); fe_add(&v, &vxx, &h->Z); // v = dy^2+1 - fe_mul_ttl(&w, &u, &v); // w = u*v - fe_pow22523(&h->X, &w); // x = w^((q-5)/8) + fe_mul_ttl(&w, &u, &v); // w = u*v + fe_pow22523(&h->X, &w); // x = w^((q-5)/8) fe_mul_ttt(&h->X, &h->X, &u); // x = u*w^((q-5)/8) fe_sq_tt(&vxx, &h->X); @@ -706,7 +699,7 @@ for (i = 0; i < 15; i++) { // The precomputed table is assumed to already clear the top bit, so // |fe_frombytes_strict| may be used directly. - const uint8_t *bytes = &precomp_table[i*(2 * 32)]; + const uint8_t *bytes = &precomp_table[i * (2 * 32)]; fe x, y; fe_frombytes_strict(&x, bytes); fe_frombytes_strict(&y, bytes + 32); @@ -736,7 +729,7 @@ ge_precomp_0(&e); for (j = 1; j < 16; j++) { - cmov(&e, &multiples[j-1], 1&constant_time_eq_w(index, j)); + cmov(&e, &multiples[j - 1], 1 & constant_time_eq_w(index, j)); } ge_cached cached; @@ -763,9 +756,11 @@ uint8_t babs = b - ((bnegative & b) << 1); uint8_t t_bytes[3][32] = { - {constant_time_is_zero_w(b) & 1}, {constant_time_is_zero_w(b) & 1}, {0}}; -#if defined(__clang__) // materialize for vectorization, 6% speedup - __asm__("" : "+m" (t_bytes) : /*no inputs*/); + {static_cast<uint8_t>(constant_time_is_zero_w(b) & 1)}, + {static_cast<uint8_t>(constant_time_is_zero_w(b) & 1)}, + {0}}; +#if defined(__clang__) // materialize for vectorization, 6% speedup + __asm__("" : "+m"(t_bytes) : /*no inputs*/); #endif static_assert(sizeof(t_bytes) == sizeof(k25519Precomp[pos][0]), ""); for (int i = 0; i < 8; i++) { @@ -787,7 +782,7 @@ fe_copy_lt(&minust.yplusx, &yminusx); fe_copy_lt(&minust.yminusx, &yplusx); fe_neg(&minust.xy2d, &xy2d); - cmov(t, &minust, bnegative>>7); + cmov(t, &minust, bnegative >> 7); } // h = a * B @@ -903,7 +898,7 @@ ge_p2_dbl(&t, r); x25519_ge_p1p1_to_p3(&u, &t); - uint8_t index = scalar[31 - i/8]; + uint8_t index = scalar[31 - i / 8]; index >>= 4 - (i & 4); index &= 0xf; @@ -911,7 +906,7 @@ ge_cached selected; ge_cached_0(&selected); for (j = 0; j < 16; j++) { - cmov_cached(&selected, &Ai[j], 1&constant_time_eq_w(index, j)); + cmov_cached(&selected, &Ai[j], 1 & constant_time_eq_w(index, j)); } x25519_ge_add(&t, &u, &selected); @@ -1937,10 +1932,10 @@ // kOrder is the order of Curve25519 in little-endian form. static const uint64_t kOrder[4] = { - UINT64_C(0x5812631a5cf5d3ed), - UINT64_C(0x14def9dea2f79cd6), - 0, - UINT64_C(0x1000000000000000), + UINT64_C(0x5812631a5cf5d3ed), + UINT64_C(0x14def9dea2f79cd6), + 0, + UINT64_C(0x1000000000000000), }; for (size_t i = 3;; i--) { uint64_t word = CRYPTO_load_u64_le(scopy + i * 8); @@ -2045,8 +2040,10 @@ // Coq transcription of ladderstep formula (called from transcribed loop): // <https://github.com/mit-plv/fiat-crypto/blob/2456d821825521f7e03e65882cc3521795b0320f/src/Curves/Montgomery/XZ.v#L89> // <https://github.com/mit-plv/fiat-crypto/blob/2456d821825521f7e03e65882cc3521795b0320f/src/Curves/Montgomery/XZProofs.v#L131> - // x1 != 0 <https://github.com/mit-plv/fiat-crypto/blob/2456d821825521f7e03e65882cc3521795b0320f/src/Curves/Montgomery/XZProofs.v#L217> - // x1 = 0 <https://github.com/mit-plv/fiat-crypto/blob/2456d821825521f7e03e65882cc3521795b0320f/src/Curves/Montgomery/XZProofs.v#L147> + // x1 != 0 + // <https://github.com/mit-plv/fiat-crypto/blob/2456d821825521f7e03e65882cc3521795b0320f/src/Curves/Montgomery/XZProofs.v#L217> + // x1 = 0 + // <https://github.com/mit-plv/fiat-crypto/blob/2456d821825521f7e03e65882cc3521795b0320f/src/Curves/Montgomery/XZProofs.v#L147> fe_sub(&tmp0l, &x3, &z3); fe_sub(&tmp1l, &x2, &z2); fe_add(&x2l, &x2, &z2);
diff --git a/crypto/curve25519/curve25519_64_adx.c b/crypto/curve25519/curve25519_64_adx.cc similarity index 100% rename from crypto/curve25519/curve25519_64_adx.c rename to crypto/curve25519/curve25519_64_adx.cc
diff --git a/crypto/curve25519/spake25519.c b/crypto/curve25519/spake25519.cc similarity index 95% rename from crypto/curve25519/spake25519.c rename to crypto/curve25519/spake25519.cc index adbf60d..f9b1b5f 100644 --- a/crypto/curve25519/spake25519.c +++ b/crypto/curve25519/spake25519.cc
@@ -31,13 +31,17 @@ // points used in the SPAKE2 protocol. // // N: -// x: 49918732221787544735331783592030787422991506689877079631459872391322455579424 -// y: 54629554431565467720832445949441049581317094546788069926228343916274969994000 +// x: +// 49918732221787544735331783592030787422991506689877079631459872391322455579424 +// y: +// 54629554431565467720832445949441049581317094546788069926228343916274969994000 // encoded: 10e3df0ae37d8e7a99b5fe74b44672103dbddcbd06af680d71329a11693bc778 // // M: -// x: 31406539342727633121250288103050113562375374900226415211311216773867585644232 -// y: 21177308356423958466833845032658859666296341766942662650232962324899758529114 +// x: +// 31406539342727633121250288103050113562375374900226415211311216773867585644232 +// y: +// 21177308356423958466833845032658859666296341766942662650232962324899758529114 // encoded: 5ada7e4bf6ddd9adb6626d32131c6b5c51a1e347a3478f53cfcf441b88eed12e // // These points and their precomputation tables are generated with the @@ -269,10 +273,11 @@ 0xa6, 0x76, 0x81, 0x28, 0xb2, 0x65, 0xe8, 0x47, 0x14, 0xc6, 0x39, 0x06, }; -SPAKE2_CTX *SPAKE2_CTX_new(enum spake2_role_t my_role, - const uint8_t *my_name, size_t my_name_len, - const uint8_t *their_name, size_t their_name_len) { - SPAKE2_CTX *ctx = OPENSSL_zalloc(sizeof(SPAKE2_CTX)); +SPAKE2_CTX *SPAKE2_CTX_new(enum spake2_role_t my_role, const uint8_t *my_name, + size_t my_name_len, const uint8_t *their_name, + size_t their_name_len) { + SPAKE2_CTX *ctx = + reinterpret_cast<SPAKE2_CTX *>(OPENSSL_zalloc(sizeof(SPAKE2_CTX))); if (ctx == NULL) { return NULL; } @@ -341,8 +346,8 @@ } int SPAKE2_generate_msg(SPAKE2_CTX *ctx, uint8_t *out, size_t *out_len, - size_t max_out_len, const uint8_t *password, - size_t password_len) { + size_t max_out_len, const uint8_t *password, + size_t password_len) { if (ctx->state != spake2_state_init) { return 0; } @@ -459,8 +464,7 @@ int SPAKE2_process_msg(SPAKE2_CTX *ctx, uint8_t *out_key, size_t *out_key_len, size_t max_out_key_len, const uint8_t *their_msg, size_t their_msg_len) { - if (ctx->state != spake2_state_msg_generated || - their_msg_len != 32) { + if (ctx->state != spake2_state_msg_generated || their_msg_len != 32) { return 0; } @@ -473,9 +477,9 @@ // Unmask peer's value. ge_p3 peers_mask; x25519_ge_scalarmult_small_precomp(&peers_mask, ctx->password_scalar, - ctx->my_role == spake2_role_alice - ? kSpakeNSmallPrecomp - : kSpakeMSmallPrecomp); + ctx->my_role == spake2_role_alice + ? kSpakeNSmallPrecomp + : kSpakeMSmallPrecomp); ge_cached peers_mask_cached; x25519_ge_p3_to_cached(&peers_mask_cached, &peers_mask);
diff --git a/crypto/des/des.c b/crypto/des/des.cc similarity index 100% rename from crypto/des/des.c rename to crypto/des/des.cc
diff --git a/crypto/dh_extra/dh_asn1.c b/crypto/dh_extra/dh_asn1.cc similarity index 100% rename from crypto/dh_extra/dh_asn1.c rename to crypto/dh_extra/dh_asn1.cc
diff --git a/crypto/dh_extra/params.c b/crypto/dh_extra/params.cc similarity index 100% rename from crypto/dh_extra/params.c rename to crypto/dh_extra/params.cc
diff --git a/crypto/digest_extra/digest_extra.c b/crypto/digest_extra/digest_extra.cc similarity index 79% rename from crypto/digest_extra/digest_extra.c rename to crypto/digest_extra/digest_extra.cc index 7033d9c..0b30897 100644 --- a/crypto/digest_extra/digest_extra.c +++ b/crypto/digest_extra/digest_extra.cc
@@ -60,19 +60,19 @@ #include <openssl/blake2.h> #include <openssl/bytestring.h> -#include <openssl/obj.h> #include <openssl/md4.h> #include <openssl/md5.h> #include <openssl/nid.h> +#include <openssl/obj.h> #include "../asn1/internal.h" -#include "../internal.h" #include "../fipsmodule/digest/internal.h" +#include "../internal.h" struct nid_to_digest { int nid; - const EVP_MD* (*md_func)(void); + const EVP_MD *(*md_func)(void); const char *short_name; const char *long_name; }; @@ -107,7 +107,7 @@ LN_sha512WithRSAEncryption}, }; -const EVP_MD* EVP_get_digestbynid(int nid) { +const EVP_MD *EVP_get_digestbynid(int nid) { if (nid == NID_undef) { // Skip the |NID_undef| entries in |nid_to_digest_mapping|. return NULL; @@ -127,20 +127,20 @@ uint8_t oid_len; int nid; } kMDOIDs[] = { - // 1.2.840.113549.2.4 - { {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x04}, 8, NID_md4 }, - // 1.2.840.113549.2.5 - { {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05}, 8, NID_md5 }, - // 1.3.14.3.2.26 - { {0x2b, 0x0e, 0x03, 0x02, 0x1a}, 5, NID_sha1 }, - // 2.16.840.1.101.3.4.2.1 - { {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01}, 9, NID_sha256 }, - // 2.16.840.1.101.3.4.2.2 - { {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02}, 9, NID_sha384 }, - // 2.16.840.1.101.3.4.2.3 - { {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03}, 9, NID_sha512 }, - // 2.16.840.1.101.3.4.2.4 - { {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04}, 9, NID_sha224 }, + // 1.2.840.113549.2.4 + {{0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x04}, 8, NID_md4}, + // 1.2.840.113549.2.5 + {{0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05}, 8, NID_md5}, + // 1.3.14.3.2.26 + {{0x2b, 0x0e, 0x03, 0x02, 0x1a}, 5, NID_sha1}, + // 2.16.840.1.101.3.4.2.1 + {{0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01}, 9, NID_sha256}, + // 2.16.840.1.101.3.4.2.2 + {{0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02}, 9, NID_sha384}, + // 2.16.840.1.101.3.4.2.3 + {{0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03}, 9, NID_sha512}, + // 2.16.840.1.101.3.4.2.4 + {{0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04}, 9, NID_sha224}, }; static const EVP_MD *cbs_to_md(const CBS *cbs) { @@ -188,7 +188,7 @@ if (CBS_len(&algorithm) > 0) { CBS param; if (!CBS_get_asn1(&algorithm, ¶m, CBS_ASN1_NULL) || - CBS_len(¶m) != 0 || + CBS_len(¶m) != 0 || // CBS_len(&algorithm) != 0) { OPENSSL_PUT_ERROR(DIGEST, DIGEST_R_DECODE_ERROR); return NULL; @@ -223,7 +223,7 @@ } // TODO(crbug.com/boringssl/710): Is this correct? See RFC 4055, section 2.1. - if (!CBB_add_asn1(&algorithm, &null, CBS_ASN1_NULL) || + if (!CBB_add_asn1(&algorithm, &null, CBS_ASN1_NULL) || // !CBB_flush(cbb)) { return 0; } @@ -244,76 +244,69 @@ return NULL; } -static void blake2b256_init(EVP_MD_CTX *ctx) { BLAKE2B256_Init(ctx->md_data); } +static void blake2b256_init(EVP_MD_CTX *ctx) { + BLAKE2B256_Init(reinterpret_cast<BLAKE2B_CTX *>(ctx->md_data)); +} static void blake2b256_update(EVP_MD_CTX *ctx, const void *data, size_t len) { - BLAKE2B256_Update(ctx->md_data, data, len); + BLAKE2B256_Update(reinterpret_cast<BLAKE2B_CTX *>(ctx->md_data), data, len); } static void blake2b256_final(EVP_MD_CTX *ctx, uint8_t *md) { - BLAKE2B256_Final(md, ctx->md_data); + BLAKE2B256_Final(md, reinterpret_cast<BLAKE2B_CTX *>(ctx->md_data)); } static const EVP_MD evp_md_blake2b256 = { - NID_undef, - BLAKE2B256_DIGEST_LENGTH, - 0, - blake2b256_init, - blake2b256_update, - blake2b256_final, - BLAKE2B_CBLOCK, - sizeof(BLAKE2B_CTX), + NID_undef, BLAKE2B256_DIGEST_LENGTH, 0, + blake2b256_init, blake2b256_update, blake2b256_final, + BLAKE2B_CBLOCK, sizeof(BLAKE2B_CTX), }; const EVP_MD *EVP_blake2b256(void) { return &evp_md_blake2b256; } static void md4_init(EVP_MD_CTX *ctx) { - BSSL_CHECK(MD4_Init(ctx->md_data)); + BSSL_CHECK(MD4_Init(reinterpret_cast<MD4_CTX *>(ctx->md_data))); } static void md4_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - BSSL_CHECK(MD4_Update(ctx->md_data, data, count)); + BSSL_CHECK( + MD4_Update(reinterpret_cast<MD4_CTX *>(ctx->md_data), data, count)); } static void md4_final(EVP_MD_CTX *ctx, uint8_t *out) { - BSSL_CHECK(MD4_Final(out, ctx->md_data)); + BSSL_CHECK(MD4_Final(out, reinterpret_cast<MD4_CTX *>(ctx->md_data))); } static const EVP_MD evp_md_md4 = { - NID_md4, - MD4_DIGEST_LENGTH, - 0, - md4_init, - md4_update, - md4_final, - 64, - sizeof(MD4_CTX), + NID_md4, // + MD4_DIGEST_LENGTH, // + 0, + md4_init, + md4_update, + md4_final, + 64, + sizeof(MD4_CTX), }; const EVP_MD *EVP_md4(void) { return &evp_md_md4; } static void md5_init(EVP_MD_CTX *ctx) { - BSSL_CHECK(MD5_Init(ctx->md_data)); + BSSL_CHECK(MD5_Init(reinterpret_cast<MD5_CTX *>(ctx->md_data))); } static void md5_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - BSSL_CHECK(MD5_Update(ctx->md_data, data, count)); + BSSL_CHECK( + MD5_Update(reinterpret_cast<MD5_CTX *>(ctx->md_data), data, count)); } static void md5_final(EVP_MD_CTX *ctx, uint8_t *out) { - BSSL_CHECK(MD5_Final(out, ctx->md_data)); + BSSL_CHECK(MD5_Final(out, reinterpret_cast<MD5_CTX *>(ctx->md_data))); } static const EVP_MD evp_md_md5 = { - NID_md5, - MD5_DIGEST_LENGTH, - 0, - md5_init, - md5_update, - md5_final, - 64, - sizeof(MD5_CTX), + NID_md5, MD5_DIGEST_LENGTH, 0, md5_init, + md5_update, md5_final, 64, sizeof(MD5_CTX), }; const EVP_MD *EVP_md5(void) { return &evp_md_md5; } @@ -324,32 +317,32 @@ } MD5_SHA1_CTX; static void md5_sha1_init(EVP_MD_CTX *md_ctx) { - MD5_SHA1_CTX *ctx = md_ctx->md_data; + MD5_SHA1_CTX *ctx = reinterpret_cast<MD5_SHA1_CTX *>(md_ctx->md_data); BSSL_CHECK(MD5_Init(&ctx->md5) && SHA1_Init(&ctx->sha1)); } static void md5_sha1_update(EVP_MD_CTX *md_ctx, const void *data, size_t count) { - MD5_SHA1_CTX *ctx = md_ctx->md_data; + MD5_SHA1_CTX *ctx = reinterpret_cast<MD5_SHA1_CTX *>(md_ctx->md_data); BSSL_CHECK(MD5_Update(&ctx->md5, data, count) && - SHA1_Update(&ctx->sha1, data, count)); + SHA1_Update(&ctx->sha1, data, count)); } static void md5_sha1_final(EVP_MD_CTX *md_ctx, uint8_t *out) { - MD5_SHA1_CTX *ctx = md_ctx->md_data; + MD5_SHA1_CTX *ctx = reinterpret_cast<MD5_SHA1_CTX *>(md_ctx->md_data); BSSL_CHECK(MD5_Final(out, &ctx->md5) && - SHA1_Final(out + MD5_DIGEST_LENGTH, &ctx->sha1)); + SHA1_Final(out + MD5_DIGEST_LENGTH, &ctx->sha1)); } const EVP_MD evp_md_md5_sha1 = { - NID_md5_sha1, - MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, - 0, - md5_sha1_init, - md5_sha1_update, - md5_sha1_final, - 64, - sizeof(MD5_SHA1_CTX), + NID_md5_sha1, + MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, + 0, + md5_sha1_init, + md5_sha1_update, + md5_sha1_final, + 64, + sizeof(MD5_SHA1_CTX), }; const EVP_MD *EVP_md5_sha1(void) { return &evp_md_md5_sha1; }
diff --git a/crypto/dilithium/dilithium.c b/crypto/dilithium/dilithium.cc similarity index 98% rename from crypto/dilithium/dilithium.c rename to crypto/dilithium/dilithium.cc index 9630715..a94d6ef 100644 --- a/crypto/dilithium/dilithium.c +++ b/crypto/dilithium/dilithium.cc
@@ -1165,9 +1165,10 @@ vectorl s1_ntt; vectork t; }; - struct values_st *values = OPENSSL_malloc(sizeof(*values)); + struct values_st *values = + reinterpret_cast<values_st *>(OPENSSL_malloc(sizeof(*values))); if (values == NULL) { - goto err; + return 0; } struct private_key *priv = private_key_from_external(out_private_key); @@ -1217,8 +1218,6 @@ int DILITHIUM_public_from_private( struct DILITHIUM_public_key *out_public_key, const struct DILITHIUM_private_key *private_key) { - int ret = 0; - // Intermediate values, allocated on the heap to allow use when there is a // limited amount of stack. struct values_st { @@ -1227,9 +1226,10 @@ vectork t; vectork t0; }; - struct values_st *values = OPENSSL_malloc(sizeof(*values)); + struct values_st *values = + reinterpret_cast<values_st *>(OPENSSL_malloc(sizeof(*values))); if (values == NULL) { - goto err; + return 0; } const struct private_key *priv = private_key_from_external(private_key); @@ -1250,10 +1250,8 @@ vectork_power2_round(&pub->t1, &values->t0, &values->t); - ret = 1; -err: OPENSSL_free(values); - return ret; + return 1; } // FIPS 204, Algorithm 2 (`ML-DSA.Sign`). Returns 1 on success and 0 on failure. @@ -1299,7 +1297,8 @@ vectork r0; vectork ct0; }; - struct values_st *values = OPENSSL_malloc(sizeof(*values)); + struct values_st *values = + reinterpret_cast<values_st *>(OPENSSL_malloc(sizeof(*values))); if (values == NULL) { goto err; } @@ -1428,8 +1427,6 @@ int DILITHIUM_verify(const struct DILITHIUM_public_key *public_key, const uint8_t encoded_signature[DILITHIUM_SIGNATURE_BYTES], const uint8_t *msg, size_t msg_len) { - int ret = 0; - // Intermediate values, allocated on the heap to allow use when there is a // limited amount of stack. struct values_st { @@ -1442,9 +1439,10 @@ vectork w_approx; vectork w1; }; - struct values_st *values = OPENSSL_malloc(sizeof(*values)); + struct values_st *values = + reinterpret_cast<values_st *>(OPENSSL_malloc(sizeof(*values))); if (values == NULL) { - goto err; + return 0; } const struct public_key *pub = public_key_from_external(public_key); @@ -1452,7 +1450,8 @@ CBS cbs; CBS_init(&cbs, encoded_signature, DILITHIUM_SIGNATURE_BYTES); if (!dilithium_parse_signature(&values->sign, &cbs)) { - goto err; + OPENSSL_free(values); + return 0; } matrix_expand(&values->a_ntt, pub->rho); @@ -1494,12 +1493,12 @@ uint32_t z_max = vectorl_max(&values->sign.z); size_t h_ones = vectork_count_ones(&values->sign.h); + int ret = 0; if (z_max < kGamma1 - BETA && h_ones <= OMEGA && OPENSSL_memcmp(c_tilde, values->sign.c_tilde, 2 * LAMBDA_BYTES) == 0) { ret = 1; } -err: OPENSSL_free(values); return ret; }
diff --git a/crypto/dsa/dsa.c b/crypto/dsa/dsa.cc similarity index 79% rename from crypto/dsa/dsa.c rename to crypto/dsa/dsa.cc index b2eda20..876ce41 100644 --- a/crypto/dsa/dsa.c +++ b/crypto/dsa/dsa.cc
@@ -72,10 +72,10 @@ #include <openssl/sha.h> #include <openssl/thread.h> -#include "internal.h" #include "../fipsmodule/bn/internal.h" #include "../fipsmodule/dh/internal.h" #include "../internal.h" +#include "internal.h" // Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of @@ -88,7 +88,7 @@ static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT; DSA *DSA_new(void) { - DSA *dsa = OPENSSL_zalloc(sizeof(DSA)); + DSA *dsa = reinterpret_cast<DSA *>(OPENSSL_zalloc(sizeof(DSA))); if (dsa == NULL) { return NULL; } @@ -179,8 +179,7 @@ } int DSA_set0_pqg(DSA *dsa, BIGNUM *p, BIGNUM *q, BIGNUM *g) { - if ((dsa->p == NULL && p == NULL) || - (dsa->q == NULL && q == NULL) || + if ((dsa->p == NULL && p == NULL) || (dsa->q == NULL && q == NULL) || (dsa->g == NULL && g == NULL)) { return 0; } @@ -312,7 +311,8 @@ } // step 4 - r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, use_random_seed, cb); + r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, use_random_seed, + cb); if (r > 0) { break; } @@ -356,25 +356,20 @@ } // step 8 - if (!BN_bin2bn(md, qsize, r0) || - !BN_lshift(r0, r0, (qsize << 3) * k) || + if (!BN_bin2bn(md, qsize, r0) || !BN_lshift(r0, r0, (qsize << 3) * k) || !BN_add(W, W, r0)) { goto err; } } // more of step 8 - if (!BN_mask_bits(W, bits - 1) || - !BN_copy(X, W) || - !BN_add(X, X, test)) { + if (!BN_mask_bits(W, bits - 1) || !BN_copy(X, W) || !BN_add(X, X, test)) { goto err; } // step 9 - if (!BN_lshift1(r0, q) || - !BN_mod(c, X, r0, ctx) || - !BN_sub(r0, c, BN_value_one()) || - !BN_sub(p, X, r0)) { + if (!BN_lshift1(r0, q) || !BN_mod(c, X, r0, ctx) || + !BN_sub(r0, c, BN_value_one()) || !BN_sub(p, X, r0)) { goto err; } @@ -407,14 +402,12 @@ // We now need to generate g // Set r0=(p-1)/q - if (!BN_sub(test, p, BN_value_one()) || - !BN_div(r0, NULL, test, q, ctx)) { + if (!BN_sub(test, p, BN_value_one()) || !BN_div(r0, NULL, test, q, ctx)) { goto err; } mont = BN_MONT_CTX_new_for_modulus(p, ctx); - if (mont == NULL || - !BN_set_word(test, h)) { + if (mont == NULL || !BN_set_word(test, h)) { goto err; } @@ -541,7 +534,9 @@ return ok; } -DSA_SIG *DSA_SIG_new(void) { return OPENSSL_zalloc(sizeof(DSA_SIG)); } +DSA_SIG *DSA_SIG_new(void) { + return reinterpret_cast<DSA_SIG *>(OPENSSL_zalloc(sizeof(DSA_SIG))); +} void DSA_SIG_free(DSA_SIG *sig) { if (!sig) { @@ -583,8 +578,7 @@ BIGNUM *tmp = BN_CTX_get(ctx); // |BN_mod_mul_montgomery| removes a factor of R, so we cancel it with a // single |BN_to_montgomery| which adds one factor of R. - int ok = tmp != NULL && - BN_to_montgomery(tmp, a, mont, ctx) && + int ok = tmp != NULL && BN_to_montgomery(tmp, a, mont, ctx) && BN_mod_mul_montgomery(r, tmp, b, mont, ctx); BN_CTX_end(ctx); return ok; @@ -609,79 +603,80 @@ BN_init(&m); BN_init(&xr); s = BN_new(); - if (s == NULL) { - goto err; - } - ctx = BN_CTX_new(); - if (ctx == NULL) { - goto err; - } - - // Cap iterations so that invalid parameters do not infinite loop. This does - // not impact valid parameters because the probability of requiring even one - // retry is negligible, let alone 32. Unfortunately, DSA was mis-specified, so - // invalid parameters are reachable from most callers handling untrusted - // private keys. (The |dsa_check_key| call above is not sufficient. Checking - // whether arbitrary paremeters form a valid DSA group is expensive.) - static const int kMaxIterations = 32; - int iters = 0; -redo: - if (!dsa_sign_setup(dsa, ctx, &kinv, &r)) { - goto err; - } - - if (digest_len > BN_num_bytes(dsa->q)) { - // If the digest length is greater than the size of |dsa->q| use the - // BN_num_bits(dsa->q) leftmost bits of the digest, see FIPS 186-3, 4.2. - // Note the above check that |dsa->q| is a multiple of 8 bits. - digest_len = BN_num_bytes(dsa->q); - } - - if (BN_bin2bn(digest, digest_len, &m) == NULL) { - goto err; - } - - // |m| is bounded by 2^(num_bits(q)), which is slightly looser than q. This - // violates |bn_mod_add_consttime| and |mod_mul_consttime|'s preconditions. - // (The underlying algorithms could accept looser bounds, but we reduce for - // simplicity.) - size_t q_width = bn_minimal_width(dsa->q); - if (!bn_resize_words(&m, q_width) || - !bn_resize_words(&xr, q_width)) { - goto err; - } - bn_reduce_once_in_place(m.d, 0 /* no carry word */, dsa->q->d, - xr.d /* scratch space */, q_width); - - // Compute s = inv(k) (m + xr) mod q. Note |dsa->method_mont_q| is - // initialized by |dsa_sign_setup|. - if (!mod_mul_consttime(&xr, dsa->priv_key, r, dsa->method_mont_q, ctx) || - !bn_mod_add_consttime(s, &xr, &m, dsa->q, ctx) || - !mod_mul_consttime(s, s, kinv, dsa->method_mont_q, ctx)) { - goto err; - } - - // The signature is computed from the private key, but is public. - bn_declassify(r); - bn_declassify(s); - - // Redo if r or s is zero as required by FIPS 186-3: this is - // very unlikely. - if (BN_is_zero(r) || BN_is_zero(s)) { - iters++; - if (iters > kMaxIterations) { - OPENSSL_PUT_ERROR(DSA, DSA_R_TOO_MANY_ITERATIONS); + { + if (s == NULL) { goto err; } - goto redo; - } + ctx = BN_CTX_new(); + if (ctx == NULL) { + goto err; + } - ret = DSA_SIG_new(); - if (ret == NULL) { - goto err; + // Cap iterations so that invalid parameters do not infinite loop. This does + // not impact valid parameters because the probability of requiring even one + // retry is negligible, let alone 32. Unfortunately, DSA was mis-specified, + // so invalid parameters are reachable from most callers handling untrusted + // private keys. (The |dsa_check_key| call above is not sufficient. Checking + // whether arbitrary paremeters form a valid DSA group is expensive.) + static const int kMaxIterations = 32; + int iters = 0; + redo: + if (!dsa_sign_setup(dsa, ctx, &kinv, &r)) { + goto err; + } + + if (digest_len > BN_num_bytes(dsa->q)) { + // If the digest length is greater than the size of |dsa->q| use the + // BN_num_bits(dsa->q) leftmost bits of the digest, see FIPS 186-3, 4.2. + // Note the above check that |dsa->q| is a multiple of 8 bits. + digest_len = BN_num_bytes(dsa->q); + } + + if (BN_bin2bn(digest, digest_len, &m) == NULL) { + goto err; + } + + // |m| is bounded by 2^(num_bits(q)), which is slightly looser than q. This + // violates |bn_mod_add_consttime| and |mod_mul_consttime|'s preconditions. + // (The underlying algorithms could accept looser bounds, but we reduce for + // simplicity.) + size_t q_width = bn_minimal_width(dsa->q); + if (!bn_resize_words(&m, q_width) || !bn_resize_words(&xr, q_width)) { + goto err; + } + bn_reduce_once_in_place(m.d, 0 /* no carry word */, dsa->q->d, + xr.d /* scratch space */, q_width); + + // Compute s = inv(k) (m + xr) mod q. Note |dsa->method_mont_q| is + // initialized by |dsa_sign_setup|. + if (!mod_mul_consttime(&xr, dsa->priv_key, r, dsa->method_mont_q, ctx) || + !bn_mod_add_consttime(s, &xr, &m, dsa->q, ctx) || + !mod_mul_consttime(s, s, kinv, dsa->method_mont_q, ctx)) { + goto err; + } + + // The signature is computed from the private key, but is public. + bn_declassify(r); + bn_declassify(s); + + // Redo if r or s is zero as required by FIPS 186-3: this is + // very unlikely. + if (BN_is_zero(r) || BN_is_zero(s)) { + iters++; + if (iters > kMaxIterations) { + OPENSSL_PUT_ERROR(DSA, DSA_R_TOO_MANY_ITERATIONS); + goto err; + } + goto redo; + } + + ret = DSA_SIG_new(); + if (ret == NULL) { + goto err; + } + ret->r = r; + ret->s = s; } - ret->r = r; - ret->s = s; err: if (ret == NULL) { @@ -725,71 +720,73 @@ BN_init(&u2); BN_init(&t1); BN_CTX *ctx = BN_CTX_new(); - if (ctx == NULL) { - goto err; - } + { + if (ctx == NULL) { + goto err; + } - if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || - BN_ucmp(sig->r, dsa->q) >= 0) { + if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || + BN_ucmp(sig->r, dsa->q) >= 0) { + ret = 1; + goto err; + } + if (BN_is_zero(sig->s) || BN_is_negative(sig->s) || + BN_ucmp(sig->s, dsa->q) >= 0) { + ret = 1; + goto err; + } + + // Calculate W = inv(S) mod Q + // save W in u2 + if (BN_mod_inverse(&u2, sig->s, dsa->q, ctx) == NULL) { + goto err; + } + + // save M in u1 + unsigned q_bits = BN_num_bits(dsa->q); + if (digest_len > (q_bits >> 3)) { + // if the digest length is greater than the size of q use the + // BN_num_bits(dsa->q) leftmost bits of the digest, see + // fips 186-3, 4.2 + digest_len = (q_bits >> 3); + } + + if (BN_bin2bn(digest, digest_len, &u1) == NULL) { + goto err; + } + + // u1 = M * w mod q + if (!BN_mod_mul(&u1, &u1, &u2, dsa->q, ctx)) { + goto err; + } + + // u2 = r * w mod q + if (!BN_mod_mul(&u2, sig->r, &u2, dsa->q, ctx)) { + goto err; + } + + if (!BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p, + (CRYPTO_MUTEX *)&dsa->method_mont_lock, dsa->p, + ctx)) { + goto err; + } + + if (!BN_mod_exp2_mont(&t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, + dsa->method_mont_p)) { + goto err; + } + + // BN_copy(&u1,&t1); + // let u1 = u1 mod q + if (!BN_mod(&u1, &t1, dsa->q, ctx)) { + goto err; + } + + // V is now in u1. If the signature is correct, it will be + // equal to R. + *out_valid = BN_ucmp(&u1, sig->r) == 0; ret = 1; - goto err; } - if (BN_is_zero(sig->s) || BN_is_negative(sig->s) || - BN_ucmp(sig->s, dsa->q) >= 0) { - ret = 1; - goto err; - } - - // Calculate W = inv(S) mod Q - // save W in u2 - if (BN_mod_inverse(&u2, sig->s, dsa->q, ctx) == NULL) { - goto err; - } - - // save M in u1 - unsigned q_bits = BN_num_bits(dsa->q); - if (digest_len > (q_bits >> 3)) { - // if the digest length is greater than the size of q use the - // BN_num_bits(dsa->q) leftmost bits of the digest, see - // fips 186-3, 4.2 - digest_len = (q_bits >> 3); - } - - if (BN_bin2bn(digest, digest_len, &u1) == NULL) { - goto err; - } - - // u1 = M * w mod q - if (!BN_mod_mul(&u1, &u1, &u2, dsa->q, ctx)) { - goto err; - } - - // u2 = r * w mod q - if (!BN_mod_mul(&u2, sig->r, &u2, dsa->q, ctx)) { - goto err; - } - - if (!BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p, - (CRYPTO_MUTEX *)&dsa->method_mont_lock, dsa->p, - ctx)) { - goto err; - } - - if (!BN_mod_exp2_mont(&t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, - dsa->method_mont_p)) { - goto err; - } - - // BN_copy(&u1,&t1); - // let u1 = u1 mod q - if (!BN_mod(&u1, &t1, dsa->q, ctx)) { - goto err; - } - - // V is now in u1. If the signature is correct, it will be - // equal to R. - *out_valid = BN_ucmp(&u1, sig->r) == 0; - ret = 1; err: if (ret != 1) { @@ -835,23 +832,25 @@ uint8_t *der = NULL; s = DSA_SIG_new(); - if (s == NULL) { - goto err; - } + { + if (s == NULL) { + goto err; + } - const uint8_t *sigp = sig; - if (d2i_DSA_SIG(&s, &sigp, sig_len) == NULL || sigp != sig + sig_len) { - goto err; - } + const uint8_t *sigp = sig; + if (d2i_DSA_SIG(&s, &sigp, sig_len) == NULL || sigp != sig + sig_len) { + goto err; + } - // Ensure that the signature uses DER and doesn't have trailing garbage. - int der_len = i2d_DSA_SIG(s, &der); - if (der_len < 0 || (size_t)der_len != sig_len || - OPENSSL_memcmp(sig, der, sig_len)) { - goto err; - } + // Ensure that the signature uses DER and doesn't have trailing garbage. + int der_len = i2d_DSA_SIG(s, &der); + if (der_len < 0 || (size_t)der_len != sig_len || + OPENSSL_memcmp(sig, der, sig_len)) { + goto err; + } - ret = DSA_do_check_signature(out_valid, digest, digest_len, s, dsa); + ret = DSA_do_check_signature(out_valid, digest, digest_len, s, dsa); + } err: OPENSSL_free(der);
diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.cc similarity index 100% rename from crypto/dsa/dsa_asn1.c rename to crypto/dsa/dsa_asn1.cc
diff --git a/crypto/ec_extra/ec_asn1.c b/crypto/ec_extra/ec_asn1.cc similarity index 100% rename from crypto/ec_extra/ec_asn1.c rename to crypto/ec_extra/ec_asn1.cc
diff --git a/crypto/ec_extra/ec_derive.c b/crypto/ec_extra/ec_derive.cc similarity index 100% rename from crypto/ec_extra/ec_derive.c rename to crypto/ec_extra/ec_derive.cc
diff --git a/crypto/ec_extra/hash_to_curve.c b/crypto/ec_extra/hash_to_curve.cc similarity index 87% rename from crypto/ec_extra/hash_to_curve.c rename to crypto/ec_extra/hash_to_curve.cc index f29ef13..5af97e9 100644 --- a/crypto/ec_extra/hash_to_curve.c +++ b/crypto/ec_extra/hash_to_curve.cc
@@ -20,10 +20,10 @@ #include <assert.h> -#include "internal.h" #include "../fipsmodule/bn/internal.h" #include "../fipsmodule/ec/internal.h" #include "../internal.h" +#include "internal.h" // This file implements hash-to-curve, as described in RFC 9380. @@ -63,71 +63,74 @@ EVP_MD_CTX ctx; EVP_MD_CTX_init(&ctx); - // Long DSTs are hashed down to size. See section 5.3.3. - static_assert(EVP_MAX_MD_SIZE < 256, "hashed DST still too large"); - uint8_t dst_buf[EVP_MAX_MD_SIZE]; - if (dst_len >= 256) { - static const char kPrefix[] = "H2C-OVERSIZE-DST-"; - if (!EVP_DigestInit_ex(&ctx, md, NULL) || - !EVP_DigestUpdate(&ctx, kPrefix, sizeof(kPrefix) - 1) || - !EVP_DigestUpdate(&ctx, dst, dst_len) || - !EVP_DigestFinal_ex(&ctx, dst_buf, NULL)) { - goto err; - } - dst = dst_buf; - dst_len = md_size; - } - uint8_t dst_len_u8 = (uint8_t)dst_len; - - // Compute b_0. - static const uint8_t kZeros[EVP_MAX_MD_BLOCK_SIZE] = {0}; - // If |out_len| exceeds 16 bits then |i| will wrap below causing an error to - // be returned. This depends on the static assert above. - uint8_t l_i_b_str_zero[3] = {out_len >> 8, out_len, 0}; - uint8_t b_0[EVP_MAX_MD_SIZE]; - if (!EVP_DigestInit_ex(&ctx, md, NULL) || - !EVP_DigestUpdate(&ctx, kZeros, block_size) || - !EVP_DigestUpdate(&ctx, msg, msg_len) || - !EVP_DigestUpdate(&ctx, l_i_b_str_zero, sizeof(l_i_b_str_zero)) || - !EVP_DigestUpdate(&ctx, dst, dst_len) || - !EVP_DigestUpdate(&ctx, &dst_len_u8, 1) || - !EVP_DigestFinal_ex(&ctx, b_0, NULL)) { - goto err; - } - - uint8_t b_i[EVP_MAX_MD_SIZE]; - uint8_t i = 1; - while (out_len > 0) { - if (i == 0) { - // Input was too large. - OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR); - goto err; - } - if (i > 1) { - for (size_t j = 0; j < md_size; j++) { - b_i[j] ^= b_0[j]; + { + // Long DSTs are hashed down to size. See section 5.3.3. + static_assert(EVP_MAX_MD_SIZE < 256, "hashed DST still too large"); + uint8_t dst_buf[EVP_MAX_MD_SIZE]; + if (dst_len >= 256) { + static const char kPrefix[] = "H2C-OVERSIZE-DST-"; + if (!EVP_DigestInit_ex(&ctx, md, NULL) || + !EVP_DigestUpdate(&ctx, kPrefix, sizeof(kPrefix) - 1) || + !EVP_DigestUpdate(&ctx, dst, dst_len) || + !EVP_DigestFinal_ex(&ctx, dst_buf, NULL)) { + goto err; } - } else { - OPENSSL_memcpy(b_i, b_0, md_size); + dst = dst_buf; + dst_len = md_size; } + uint8_t dst_len_u8 = (uint8_t)dst_len; + // Compute b_0. + static const uint8_t kZeros[EVP_MAX_MD_BLOCK_SIZE] = {0}; + // If |out_len| exceeds 16 bits then |i| will wrap below causing an error to + // be returned. This depends on the static assert above. + uint8_t l_i_b_str_zero[3] = {static_cast<uint8_t>(out_len >> 8), + static_cast<uint8_t>(out_len), 0}; + uint8_t b_0[EVP_MAX_MD_SIZE]; if (!EVP_DigestInit_ex(&ctx, md, NULL) || - !EVP_DigestUpdate(&ctx, b_i, md_size) || - !EVP_DigestUpdate(&ctx, &i, 1) || + !EVP_DigestUpdate(&ctx, kZeros, block_size) || + !EVP_DigestUpdate(&ctx, msg, msg_len) || + !EVP_DigestUpdate(&ctx, l_i_b_str_zero, sizeof(l_i_b_str_zero)) || !EVP_DigestUpdate(&ctx, dst, dst_len) || !EVP_DigestUpdate(&ctx, &dst_len_u8, 1) || - !EVP_DigestFinal_ex(&ctx, b_i, NULL)) { + !EVP_DigestFinal_ex(&ctx, b_0, NULL)) { goto err; } - size_t todo = out_len >= md_size ? md_size : out_len; - OPENSSL_memcpy(out, b_i, todo); - out += todo; - out_len -= todo; - i++; - } + uint8_t b_i[EVP_MAX_MD_SIZE]; + uint8_t i = 1; + while (out_len > 0) { + if (i == 0) { + // Input was too large. + OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR); + goto err; + } + if (i > 1) { + for (size_t j = 0; j < md_size; j++) { + b_i[j] ^= b_0[j]; + } + } else { + OPENSSL_memcpy(b_i, b_0, md_size); + } - ret = 1; + if (!EVP_DigestInit_ex(&ctx, md, NULL) || + !EVP_DigestUpdate(&ctx, b_i, md_size) || + !EVP_DigestUpdate(&ctx, &i, 1) || + !EVP_DigestUpdate(&ctx, dst, dst_len) || + !EVP_DigestUpdate(&ctx, &dst_len_u8, 1) || + !EVP_DigestFinal_ex(&ctx, b_i, NULL)) { + goto err; + } + + size_t todo = out_len >= md_size ? md_size : out_len; + OPENSSL_memcpy(out, b_i, todo); + out += todo; + out_len -= todo; + i++; + } + + ret = 1; + } err: EVP_MD_CTX_cleanup(&ctx); @@ -144,8 +147,7 @@ // |felem_reduce| and |ec_scalar_reduce|. All defined hash-to-curve suites // define |k| to be well under this bound. (|k| is usually around half of // |p_bits|.) - if (L * 8 >= 2 * bits - 2 || - L > 2 * EC_MAX_BYTES) { + if (L * 8 >= 2 * bits - 2 || L > 2 * EC_MAX_BYTES) { assert(0); OPENSSL_PUT_ERROR(EC, ERR_R_INTERNAL_ERROR); return 0; @@ -462,9 +464,9 @@ msg, msg_len); } -int ec_hash_to_scalar_p384_xmd_sha384( - const EC_GROUP *group, EC_SCALAR *out, const uint8_t *dst, size_t dst_len, - const uint8_t *msg, size_t msg_len) { +int ec_hash_to_scalar_p384_xmd_sha384(const EC_GROUP *group, EC_SCALAR *out, + const uint8_t *dst, size_t dst_len, + const uint8_t *msg, size_t msg_len) { if (EC_GROUP_get_curve_name(group) != NID_secp384r1) { OPENSSL_PUT_ERROR(EC, EC_R_GROUP_MISMATCH); return 0; @@ -475,8 +477,8 @@ } int ec_hash_to_curve_p384_xmd_sha512_sswu_draft07( - const EC_GROUP *group, EC_JACOBIAN *out, const uint8_t *dst, - size_t dst_len, const uint8_t *msg, size_t msg_len) { + const EC_GROUP *group, EC_JACOBIAN *out, const uint8_t *dst, size_t dst_len, + const uint8_t *msg, size_t msg_len) { // See section 8.3 of draft-irtf-cfrg-hash-to-curve-07. if (EC_GROUP_get_curve_name(group) != NID_secp384r1) { OPENSSL_PUT_ERROR(EC, EC_R_GROUP_MISMATCH);
diff --git a/crypto/ecdh_extra/ecdh_extra.c b/crypto/ecdh_extra/ecdh_extra.cc similarity index 100% rename from crypto/ecdh_extra/ecdh_extra.c rename to crypto/ecdh_extra/ecdh_extra.cc
diff --git a/crypto/ecdsa_extra/ecdsa_asn1.c b/crypto/ecdsa_extra/ecdsa_asn1.cc similarity index 92% rename from crypto/ecdsa_extra/ecdsa_asn1.c rename to crypto/ecdsa_extra/ecdsa_asn1.cc index b2d4fc6..eeaffa7 100644 --- a/crypto/ecdsa_extra/ecdsa_asn1.c +++ b/crypto/ecdsa_extra/ecdsa_asn1.cc
@@ -57,8 +57,8 @@ #include <openssl/bn.h> #include <openssl/bytestring.h> -#include <openssl/err.h> #include <openssl/ec_key.h> +#include <openssl/err.h> #include <openssl/mem.h> #include "../bytestring/internal.h" @@ -79,8 +79,7 @@ return NULL; } ECDSA_SIG *ret = ECDSA_SIG_new(); - if (ret == NULL || - !BN_bin2bn(in, scalar_len, ret->r) || + if (ret == NULL || !BN_bin2bn(in, scalar_len, ret->r) || !BN_bin2bn(in + scalar_len, scalar_len, ret->s)) { ECDSA_SIG_free(ret); return NULL; @@ -100,8 +99,7 @@ OPENSSL_PUT_ERROR(EC, EC_R_BUFFER_TOO_SMALL); return 0; } - if (BN_is_negative(sig->r) || - !BN_bn2bin_padded(out, scalar_len, sig->r) || + if (BN_is_negative(sig->r) || !BN_bn2bin_padded(out, scalar_len, sig->r) || BN_is_negative(sig->s) || !BN_bn2bin_padded(out + scalar_len, scalar_len, sig->s)) { OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_BAD_SIGNATURE); @@ -115,7 +113,7 @@ unsigned int *out_sig_len, const EC_KEY *eckey) { if (eckey->ecdsa_meth && eckey->ecdsa_meth->sign) { return eckey->ecdsa_meth->sign(digest, digest_len, sig, out_sig_len, - (EC_KEY*) eckey /* cast away const */); + (EC_KEY *)eckey /* cast away const */); } *out_sig_len = 0; @@ -137,8 +135,7 @@ CBB cbb; CBB_init_fixed(&cbb, sig, ECDSA_size(eckey)); size_t len; - if (!ECDSA_SIG_marshal(&cbb, s) || - !CBB_finish(&cbb, NULL, &len)) { + if (!ECDSA_SIG_marshal(&cbb, s) || !CBB_finish(&cbb, NULL, &len)) { OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_ENCODE_ERROR); goto err; } @@ -165,8 +162,8 @@ // Defend against potential laxness in the DER parser. size_t der_len; - if (!ECDSA_SIG_to_bytes(&der, &der_len, s) || - der_len != sig_len || OPENSSL_memcmp(sig, der, sig_len) != 0) { + if (!ECDSA_SIG_to_bytes(&der, &der_len, s) || der_len != sig_len || + OPENSSL_memcmp(sig, der, sig_len) != 0) { // This should never happen. crypto/bytestring is strictly DER. OPENSSL_PUT_ERROR(ECDSA, ERR_R_INTERNAL_ERROR); goto err; @@ -205,7 +202,8 @@ } ECDSA_SIG *ECDSA_SIG_new(void) { - ECDSA_SIG *sig = OPENSSL_malloc(sizeof(ECDSA_SIG)); + ECDSA_SIG *sig = + reinterpret_cast<ECDSA_SIG *>(OPENSSL_malloc(sizeof(ECDSA_SIG))); if (sig == NULL) { return NULL; } @@ -228,13 +226,9 @@ OPENSSL_free(sig); } -const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig) { - return sig->r; -} +const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig) { return sig->r; } -const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig) { - return sig->s; -} +const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig) { return sig->s; } void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **out_r, const BIGNUM **out_s) { @@ -301,8 +295,7 @@ CBS child; if (!CBS_get_asn1(cbs, &child, CBS_ASN1_SEQUENCE) || !BN_parse_asn1_unsigned(&child, ret->r) || - !BN_parse_asn1_unsigned(&child, ret->s) || - CBS_len(&child) != 0) { + !BN_parse_asn1_unsigned(&child, ret->s) || CBS_len(&child) != 0) { OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_BAD_SIGNATURE); ECDSA_SIG_free(ret); return NULL; @@ -325,8 +318,7 @@ int ECDSA_SIG_marshal(CBB *cbb, const ECDSA_SIG *sig) { CBB child; if (!CBB_add_asn1(cbb, &child, CBS_ASN1_SEQUENCE) || - !BN_marshal_asn1(&child, sig->r) || - !BN_marshal_asn1(&child, sig->s) || + !BN_marshal_asn1(&child, sig->r) || !BN_marshal_asn1(&child, sig->s) || !CBB_flush(cbb)) { OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_ENCODE_ERROR); return 0; @@ -338,8 +330,7 @@ const ECDSA_SIG *sig) { CBB cbb; CBB_zero(&cbb); - if (!CBB_init(&cbb, 0) || - !ECDSA_SIG_marshal(&cbb, sig) || + if (!CBB_init(&cbb, 0) || !ECDSA_SIG_marshal(&cbb, sig) || !CBB_finish(&cbb, out_bytes, out_len)) { OPENSSL_PUT_ERROR(ECDSA, ECDSA_R_ENCODE_ERROR); CBB_cleanup(&cbb); @@ -402,8 +393,7 @@ int i2d_ECDSA_SIG(const ECDSA_SIG *sig, uint8_t **outp) { CBB cbb; - if (!CBB_init(&cbb, 0) || - !ECDSA_SIG_marshal(&cbb, sig)) { + if (!CBB_init(&cbb, 0) || !ECDSA_SIG_marshal(&cbb, sig)) { CBB_cleanup(&cbb); return -1; }
diff --git a/crypto/engine/engine.c b/crypto/engine/engine.cc similarity index 84% rename from crypto/engine/engine.c rename to crypto/engine/engine.cc index 831d468..2bc945e 100644 --- a/crypto/engine/engine.c +++ b/crypto/engine/engine.cc
@@ -14,8 +14,8 @@ #include <openssl/engine.h> -#include <string.h> #include <assert.h> +#include <string.h> #include <openssl/ec_key.h> #include <openssl/err.h> @@ -31,7 +31,9 @@ ECDSA_METHOD *ecdsa_method; }; -ENGINE *ENGINE_new(void) { return OPENSSL_zalloc(sizeof(ENGINE)); } +ENGINE *ENGINE_new(void) { + return reinterpret_cast<ENGINE *>(OPENSSL_zalloc(sizeof(ENGINE))); +} int ENGINE_free(ENGINE *engine) { // Methods are currently required to be static so are not unref'ed. @@ -46,17 +48,18 @@ // static. static int set_method(void **out_member, const void *method, size_t method_size, size_t compiled_size) { - const struct openssl_method_common_st *common = method; + const struct openssl_method_common_st *common = + reinterpret_cast<const openssl_method_common_st *>(method); if (method_size != compiled_size || !common->is_static) { return 0; } - *out_member = (void*) method; + *out_member = (void *)method; return 1; } int ENGINE_set_RSA_method(ENGINE *engine, const RSA_METHOD *method, - size_t method_size) { + size_t method_size) { return set_method((void **)&engine->rsa_method, method, method_size, sizeof(RSA_METHOD)); } @@ -76,11 +79,12 @@ } void METHOD_ref(void *method_in) { - assert(((struct openssl_method_common_st*) method_in)->is_static); + assert(((struct openssl_method_common_st *)method_in)->is_static); } void METHOD_unref(void *method_in) { - struct openssl_method_common_st *method = method_in; + struct openssl_method_common_st *method = + reinterpret_cast<openssl_method_common_st *>(method_in); if (method == NULL) { return;
diff --git a/crypto/err/err.c b/crypto/err/err.cc similarity index 94% rename from crypto/err/err.c rename to crypto/err/err.cc index 6f08e78..68f8439 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.cc
@@ -168,7 +168,7 @@ // |strdup| is not in C until C23, so MSVC triggers deprecation warnings, and // glibc and musl gate it on a feature macro. Reimplementing it is easier. size_t len = strlen(str); - char *ret = malloc(len + 1); + char *ret = reinterpret_cast<char *>(malloc(len + 1)); if (ret != NULL) { memcpy(ret, str, len + 1); } @@ -202,7 +202,7 @@ static CRYPTO_MUTEX global_next_library_mutex = CRYPTO_MUTEX_INIT; static void err_state_free(void *statep) { - ERR_STATE *state = statep; + ERR_STATE *state = reinterpret_cast<ERR_STATE *>(statep); if (state == NULL) { return; @@ -217,9 +217,10 @@ // err_get_state gets the ERR_STATE object for the current thread. static ERR_STATE *err_get_state(void) { - ERR_STATE *state = CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_ERR); + ERR_STATE *state = reinterpret_cast<ERR_STATE *>( + CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_ERR)); if (state == NULL) { - state = malloc(sizeof(ERR_STATE)); + state = reinterpret_cast<ERR_STATE *>(malloc(sizeof(ERR_STATE))); if (state == NULL) { return NULL; } @@ -380,19 +381,15 @@ return ret; } -void ERR_remove_state(unsigned long pid) { - ERR_clear_error(); -} +void ERR_remove_state(unsigned long pid) { ERR_clear_error(); } -void ERR_clear_system_error(void) { - errno = 0; -} +void ERR_clear_system_error(void) { errno = 0; } // err_string_cmp is a compare function for searching error values with // |bsearch| in |err_string_lookup|. static int err_string_cmp(const void *a, const void *b) { - const uint32_t a_key = *((const uint32_t*) a) >> 15; - const uint32_t b_key = *((const uint32_t*) b) >> 15; + const uint32_t a_key = *((const uint32_t *)a) >> 15; + const uint32_t b_key = *((const uint32_t *)b) >> 15; if (a_key < b_key) { return -1; @@ -406,8 +403,7 @@ // err_string_lookup looks up the string associated with |lib| and |key| in // |values| and |string_data|. It returns the string or NULL if not found. static const char *err_string_lookup(uint32_t lib, uint32_t key, - const uint32_t *values, - size_t num_values, + const uint32_t *values, size_t num_values, const char *string_data) { // |values| points to data in err_data.h, which is generated by // err_data_generate.go. It's an array of uint32_t values. Each value has the @@ -426,8 +422,8 @@ return NULL; } uint32_t search_key = lib << 26 | key << 15; - const uint32_t *result = bsearch(&search_key, values, num_values, - sizeof(uint32_t), err_string_cmp); + const uint32_t *result = reinterpret_cast<const uint32_t *>(bsearch( + &search_key, values, num_values, sizeof(uint32_t), err_string_cmp)); if (result == NULL) { return NULL; } @@ -632,7 +628,7 @@ // thread_hash is the least-significant bits of the |ERR_STATE| pointer value // for this thread. - const unsigned long thread_hash = (uintptr_t) err_get_state(); + const unsigned long thread_hash = (uintptr_t)err_get_state(); for (;;) { packed_error = ERR_get_error_line_data(&file, &line, &data, &flags); @@ -649,9 +645,9 @@ } } -static int print_errors_to_file(const char* msg, size_t msg_len, void* ctx) { +static int print_errors_to_file(const char *msg, size_t msg_len, void *ctx) { assert(msg[msg_len] == '\0'); - FILE* fp = ctx; + FILE *fp = reinterpret_cast<FILE *>(ctx); int res = fputs(msg, fp); return res < 0 ? 0 : 1; } @@ -722,16 +718,16 @@ } size_t substr_len = strlen(substr); if (SIZE_MAX - total_size < substr_len) { - return; // Would overflow. + return; // Would overflow. } total_size += substr_len; } va_end(args_copy); if (total_size == SIZE_MAX) { - return; // Would overflow. + return; // Would overflow. } - total_size += 1; // NUL terminator. - if ((buf = malloc(total_size)) == NULL) { + total_size += 1; // NUL terminator. + if ((buf = reinterpret_cast<char *>(malloc(total_size))) == NULL) { return; } buf[0] = '\0'; @@ -741,7 +737,7 @@ continue; } if (OPENSSL_strlcat(buf, substr, total_size) >= total_size) { - assert(0); // should not be possible. + assert(0); // should not be possible. } } va_end(args); @@ -855,7 +851,8 @@ return NULL; } - ERR_SAVE_STATE *ret = malloc(sizeof(ERR_SAVE_STATE)); + ERR_SAVE_STATE *ret = + reinterpret_cast<ERR_SAVE_STATE *>(malloc(sizeof(ERR_SAVE_STATE))); if (ret == NULL) { return NULL; } @@ -865,7 +862,8 @@ ? state->top - state->bottom : ERR_NUM_ERRORS + state->top - state->bottom; assert(num_errors < ERR_NUM_ERRORS); - ret->errors = malloc(num_errors * sizeof(struct err_error_st)); + ret->errors = reinterpret_cast<err_error_st *>( + malloc(num_errors * sizeof(struct err_error_st))); if (ret->errors == NULL) { free(ret); return NULL;
diff --git a/crypto/err/ssl.errordata b/crypto/err/ssl.errordata index a8e6e08..528110c 100644 --- a/crypto/err/ssl.errordata +++ b/crypto/err/ssl.errordata
@@ -1,6 +1,5 @@ SSL,277,ALPN_MISMATCH_ON_EARLY_DATA SSL,309,ALPS_MISMATCH_ON_EARLY_DATA -SSL,281,APPLICATION_DATA_INSTEAD_OF_HANDSHAKE SSL,291,APPLICATION_DATA_ON_SHUTDOWN SSL,100,APP_DATA_IN_HANDSHAKE SSL,101,ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT
diff --git a/crypto/evp/evp.c b/crypto/evp/evp.cc similarity index 96% rename from crypto/evp/evp.c rename to crypto/evp/evp.cc index d81abe9..bd05974 100644 --- a/crypto/evp/evp.c +++ b/crypto/evp/evp.cc
@@ -64,8 +64,8 @@ #include <openssl/nid.h> #include <openssl/thread.h> -#include "internal.h" #include "../internal.h" +#include "internal.h" // Node depends on |EVP_R_NOT_XOF_OR_INVALID_LENGTH|. @@ -78,7 +78,8 @@ OPENSSL_DECLARE_ERROR_REASON(EVP, EMPTY_PSK) EVP_PKEY *EVP_PKEY_new(void) { - EVP_PKEY *ret = OPENSSL_zalloc(sizeof(EVP_PKEY)); + EVP_PKEY *ret = + reinterpret_cast<EVP_PKEY *>(OPENSSL_zalloc(sizeof(EVP_PKEY))); if (ret == NULL) { return NULL; } @@ -196,9 +197,7 @@ return 0; } -int EVP_PKEY_id(const EVP_PKEY *pkey) { - return pkey->type; -} +int EVP_PKEY_id(const EVP_PKEY *pkey) { return pkey->type; } // evp_pkey_asn1_find returns the ASN.1 method table for the given |nid|, which // should be one of the |EVP_PKEY_*| values. It returns NULL if |nid| is @@ -238,13 +237,13 @@ // public API. switch (type) { case EVP_PKEY_RSA: - return EVP_PKEY_assign_RSA(pkey, key); + return EVP_PKEY_assign_RSA(pkey, reinterpret_cast<RSA *>(key)); case EVP_PKEY_DSA: - return EVP_PKEY_assign_DSA(pkey, key); + return EVP_PKEY_assign_DSA(pkey, reinterpret_cast<DSA *>(key)); case EVP_PKEY_EC: - return EVP_PKEY_assign_EC_KEY(pkey, key); + return EVP_PKEY_assign_EC_KEY(pkey, reinterpret_cast<EC_KEY *>(key)); case EVP_PKEY_DH: - return EVP_PKEY_assign_DH(pkey, key); + return EVP_PKEY_assign_DH(pkey, reinterpret_cast<DH *>(key)); } OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM);
diff --git a/crypto/evp/evp_asn1.c b/crypto/evp/evp_asn1.cc similarity index 100% rename from crypto/evp/evp_asn1.c rename to crypto/evp/evp_asn1.cc
diff --git a/crypto/evp/evp_ctx.c b/crypto/evp/evp_ctx.cc similarity index 96% rename from crypto/evp/evp_ctx.c rename to crypto/evp/evp_ctx.cc index ea2781f..d5acb10 100644 --- a/crypto/evp/evp_ctx.c +++ b/crypto/evp/evp_ctx.cc
@@ -67,15 +67,12 @@ static const EVP_PKEY_METHOD *const evp_methods[] = { - &rsa_pkey_meth, - &ec_pkey_meth, - &ed25519_pkey_meth, - &x25519_pkey_meth, - &hkdf_pkey_meth, + &rsa_pkey_meth, &ec_pkey_meth, &ed25519_pkey_meth, + &x25519_pkey_meth, &hkdf_pkey_meth, }; static const EVP_PKEY_METHOD *evp_pkey_meth_find(int type) { - for (size_t i = 0; i < sizeof(evp_methods)/sizeof(EVP_PKEY_METHOD*); i++) { + for (size_t i = 0; i < sizeof(evp_methods) / sizeof(EVP_PKEY_METHOD *); i++) { if (evp_methods[i]->pkey_id == type) { return evp_methods[i]; } @@ -86,7 +83,8 @@ static EVP_PKEY_CTX *evp_pkey_ctx_new(EVP_PKEY *pkey, ENGINE *e, const EVP_PKEY_METHOD *pmeth) { - EVP_PKEY_CTX *ret = OPENSSL_zalloc(sizeof(EVP_PKEY_CTX)); + EVP_PKEY_CTX *ret = + reinterpret_cast<EVP_PKEY_CTX *>(OPENSSL_zalloc(sizeof(EVP_PKEY_CTX))); if (!ret) { return NULL; } @@ -155,7 +153,8 @@ return NULL; } - EVP_PKEY_CTX *ret = OPENSSL_zalloc(sizeof(EVP_PKEY_CTX)); + EVP_PKEY_CTX *ret = + reinterpret_cast<EVP_PKEY_CTX *>(OPENSSL_zalloc(sizeof(EVP_PKEY_CTX))); if (!ret) { return NULL; }
diff --git a/crypto/evp/p_dh.c b/crypto/evp/p_dh.cc similarity index 74% rename from crypto/evp/p_dh.c rename to crypto/evp/p_dh.cc index 9953f82..43a18b3 100644 --- a/crypto/evp/p_dh.c +++ b/crypto/evp/p_dh.cc
@@ -23,7 +23,8 @@ } DH_PKEY_CTX; static int pkey_dh_init(EVP_PKEY_CTX *ctx) { - DH_PKEY_CTX *dctx = OPENSSL_zalloc(sizeof(DH_PKEY_CTX)); + DH_PKEY_CTX *dctx = + reinterpret_cast<DH_PKEY_CTX *>(OPENSSL_zalloc(sizeof(DH_PKEY_CTX))); if (dctx == NULL) { return 0; } @@ -37,8 +38,8 @@ return 0; } - const DH_PKEY_CTX *sctx = src->data; - DH_PKEY_CTX *dctx = dst->data; + const DH_PKEY_CTX *sctx = reinterpret_cast<DH_PKEY_CTX *>(src->data); + DH_PKEY_CTX *dctx = reinterpret_cast<DH_PKEY_CTX *>(dst->data); dctx->pad = sctx->pad; return 1; } @@ -63,14 +64,14 @@ } static int pkey_dh_derive(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *out_len) { - DH_PKEY_CTX *dctx = ctx->data; + DH_PKEY_CTX *dctx = reinterpret_cast<DH_PKEY_CTX *>(ctx->data); if (ctx->pkey == NULL || ctx->peerkey == NULL) { OPENSSL_PUT_ERROR(EVP, EVP_R_KEYS_NOT_SET); return 0; } - DH *our_key = ctx->pkey->pkey; - DH *peer_key = ctx->peerkey->pkey; + DH *our_key = reinterpret_cast<DH *>(ctx->pkey->pkey); + DH *peer_key = reinterpret_cast<DH *>(ctx->peerkey->pkey); if (our_key == NULL || peer_key == NULL) { OPENSSL_PUT_ERROR(EVP, EVP_R_KEYS_NOT_SET); return 0; @@ -104,7 +105,7 @@ } static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { - DH_PKEY_CTX *dctx = ctx->data; + DH_PKEY_CTX *dctx = reinterpret_cast<DH_PKEY_CTX *>(ctx->data); switch (type) { case EVP_PKEY_CTRL_PEER_KEY: // |EVP_PKEY_derive_set_peer| requires the key implement this command, @@ -122,13 +123,21 @@ } const EVP_PKEY_METHOD dh_pkey_meth = { - .pkey_id = EVP_PKEY_DH, - .init = pkey_dh_init, - .copy = pkey_dh_copy, - .cleanup = pkey_dh_cleanup, - .keygen = pkey_dh_keygen, - .derive = pkey_dh_derive, - .ctrl = pkey_dh_ctrl, + /*pkey_id=*/EVP_PKEY_DH, + /*init=*/pkey_dh_init, + /*copy=*/pkey_dh_copy, + /*cleanup=*/pkey_dh_cleanup, + /*keygen=*/pkey_dh_keygen, + /*sign=*/nullptr, + /*sign_message=*/nullptr, + /*verify=*/nullptr, + /*verify_message=*/nullptr, + /*verify_recover=*/nullptr, + /*encrypt=*/nullptr, + /*decrypt=*/nullptr, + /*derive=*/pkey_dh_derive, + /*paramgen=*/nullptr, + /*ctrl=*/pkey_dh_ctrl, }; int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad) {
diff --git a/crypto/evp/p_dh_asn1.c b/crypto/evp/p_dh_asn1.cc similarity index 63% rename from crypto/evp/p_dh_asn1.c rename to crypto/evp/p_dh_asn1.cc index b1038d1..877b49c 100644 --- a/crypto/evp/p_dh_asn1.c +++ b/crypto/evp/p_dh_asn1.cc
@@ -13,21 +13,25 @@ #include <openssl/dh.h> #include <openssl/err.h> -#include "internal.h" #include "../internal.h" +#include "internal.h" static void dh_free(EVP_PKEY *pkey) { - DH_free(pkey->pkey); + DH_free(reinterpret_cast<DH *>(pkey->pkey)); pkey->pkey = NULL; } -static int dh_size(const EVP_PKEY *pkey) { return DH_size(pkey->pkey); } +static int dh_size(const EVP_PKEY *pkey) { + return DH_size(reinterpret_cast<const DH *>(pkey->pkey)); +} -static int dh_bits(const EVP_PKEY *pkey) { return DH_bits(pkey->pkey); } +static int dh_bits(const EVP_PKEY *pkey) { + return DH_bits(reinterpret_cast<const DH *>(pkey->pkey)); +} static int dh_param_missing(const EVP_PKEY *pkey) { - const DH *dh = pkey->pkey; + const DH *dh = reinterpret_cast<const DH *>(pkey->pkey); return dh == NULL || DH_get0_p(dh) == NULL || DH_get0_g(dh) == NULL; } @@ -37,13 +41,13 @@ return 0; } - const DH *dh = from->pkey; + const DH *dh = reinterpret_cast<DH *>(from->pkey); const BIGNUM *q_old = DH_get0_q(dh); BIGNUM *p = BN_dup(DH_get0_p(dh)); BIGNUM *q = q_old == NULL ? NULL : BN_dup(q_old); BIGNUM *g = BN_dup(DH_get0_g(dh)); if (p == NULL || (q_old != NULL && q == NULL) || g == NULL || - !DH_set0_pqg(to->pkey, p, q, g)) { + !DH_set0_pqg(reinterpret_cast<DH *>(to->pkey), p, q, g)) { BN_free(p); BN_free(q); BN_free(g); @@ -61,8 +65,8 @@ // Matching OpenSSL, only compare p and g for PKCS#3-style Diffie-Hellman. // OpenSSL only checks q in X9.42-style Diffie-Hellman ("DHX"). - const DH *a_dh = a->pkey; - const DH *b_dh = b->pkey; + const DH *a_dh = reinterpret_cast<const DH *>(a->pkey); + const DH *b_dh = reinterpret_cast<const DH *>(b->pkey); return BN_cmp(DH_get0_p(a_dh), DH_get0_p(b_dh)) == 0 && BN_cmp(DH_get0_g(a_dh), DH_get0_g(b_dh)) == 0; } @@ -72,21 +76,34 @@ return 0; } - const DH *a_dh = a->pkey; - const DH *b_dh = b->pkey; + const DH *a_dh = reinterpret_cast<const DH *>(a->pkey); + const DH *b_dh = reinterpret_cast<const DH *>(b->pkey); return BN_cmp(DH_get0_pub_key(a_dh), DH_get0_pub_key(b_dh)) == 0; } const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { - .pkey_id = EVP_PKEY_DH, - .pkey_method = &dh_pkey_meth, - .pub_cmp = dh_pub_cmp, - .pkey_size = dh_size, - .pkey_bits = dh_bits, - .param_missing = dh_param_missing, - .param_copy = dh_param_copy, - .param_cmp = dh_param_cmp, - .pkey_free = dh_free, + /*pkey_id=*/EVP_PKEY_DH, + /*oid=*/{0}, + /*oid_len=*/0, + /*pkey_method=*/&dh_pkey_meth, + /*pub_decode=*/nullptr, + /*pub_encode=*/nullptr, + /*pub_cmp=*/dh_pub_cmp, + /*priv_decode=*/nullptr, + /*priv_encode=*/nullptr, + /*set_priv_raw=*/nullptr, + /*set_pub_raw=*/nullptr, + /*get_priv_raw=*/nullptr, + /*get_pub_raw=*/nullptr, + /*set1_tls_encodedpoint=*/nullptr, + /*get1_tls_encodedpoint=*/nullptr, + /*pkey_opaque=*/nullptr, + /*pkey_size=*/dh_size, + /*pkey_bits=*/dh_bits, + /*param_missing=*/dh_param_missing, + /*param_copy=*/dh_param_copy, + /*param_cmp=*/dh_param_cmp, + /*pkey_free=*/dh_free, }; int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) { @@ -108,7 +125,7 @@ OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_A_DH_KEY); return NULL; } - return pkey->pkey; + return reinterpret_cast<DH *>(const_cast<EVP_PKEY *>(pkey)->pkey); } DH *EVP_PKEY_get1_DH(const EVP_PKEY *pkey) {
diff --git a/crypto/evp/p_dsa_asn1.c b/crypto/evp/p_dsa_asn1.cc similarity index 88% rename from crypto/evp/p_dsa_asn1.c rename to crypto/evp/p_dsa_asn1.cc index 9874747..7f2c90f 100644 --- a/crypto/evp/p_dsa_asn1.c +++ b/crypto/evp/p_dsa_asn1.cc
@@ -55,9 +55,9 @@ #include <openssl/evp.h> -#include <openssl/digest.h> #include <openssl/bn.h> #include <openssl/bytestring.h> +#include <openssl/digest.h> #include <openssl/dsa.h> #include <openssl/err.h> @@ -88,8 +88,7 @@ goto err; } - if (!BN_parse_asn1_unsigned(key, dsa->pub_key) || - CBS_len(key) != 0) { + if (!BN_parse_asn1_unsigned(key, dsa->pub_key) || CBS_len(key) != 0) { OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR); goto err; } @@ -103,7 +102,7 @@ } static int dsa_pub_encode(CBB *out, const EVP_PKEY *key) { - const DSA *dsa = key->pkey; + const DSA *dsa = reinterpret_cast<const DSA *>(key->pkey); const int has_params = dsa->p != NULL && dsa->q != NULL && dsa->g != NULL; // See RFC 5480, section 2. @@ -112,12 +111,10 @@ !CBB_add_asn1(&spki, &algorithm, CBS_ASN1_SEQUENCE) || !CBB_add_asn1(&algorithm, &oid, CBS_ASN1_OBJECT) || !CBB_add_bytes(&oid, dsa_asn1_meth.oid, dsa_asn1_meth.oid_len) || - (has_params && - !DSA_marshal_parameters(&algorithm, dsa)) || + (has_params && !DSA_marshal_parameters(&algorithm, dsa)) || !CBB_add_asn1(&spki, &key_bitstring, CBS_ASN1_BITSTRING) || !CBB_add_u8(&key_bitstring, 0 /* padding */) || - !BN_marshal_asn1(&key_bitstring, dsa->pub_key) || - !CBB_flush(out)) { + !BN_marshal_asn1(&key_bitstring, dsa->pub_key) || !CBB_flush(out)) { OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR); return 0; } @@ -140,8 +137,7 @@ if (dsa->priv_key == NULL) { goto err; } - if (!BN_parse_asn1_unsigned(key, dsa->priv_key) || - CBS_len(key) != 0) { + if (!BN_parse_asn1_unsigned(key, dsa->priv_key) || CBS_len(key) != 0) { OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR); goto err; } @@ -174,7 +170,7 @@ } static int dsa_priv_encode(CBB *out, const EVP_PKEY *key) { - const DSA *dsa = key->pkey; + const DSA *dsa = reinterpret_cast<const DSA *>(key->pkey); if (dsa == NULL || dsa->priv_key == NULL) { OPENSSL_PUT_ERROR(EVP, EVP_R_MISSING_PARAMETERS); return 0; @@ -189,8 +185,7 @@ !CBB_add_bytes(&oid, dsa_asn1_meth.oid, dsa_asn1_meth.oid_len) || !DSA_marshal_parameters(&algorithm, dsa) || !CBB_add_asn1(&pkcs8, &private_key, CBS_ASN1_OCTETSTRING) || - !BN_marshal_asn1(&private_key, dsa->priv_key) || - !CBB_flush(out)) { + !BN_marshal_asn1(&private_key, dsa->priv_key) || !CBB_flush(out)) { OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR); return 0; } @@ -199,17 +194,17 @@ } static int int_dsa_size(const EVP_PKEY *pkey) { - const DSA *dsa = pkey->pkey; + const DSA *dsa = reinterpret_cast<const DSA *>(pkey->pkey); return DSA_size(dsa); } static int dsa_bits(const EVP_PKEY *pkey) { - const DSA *dsa = pkey->pkey; + const DSA *dsa = reinterpret_cast<const DSA *>(pkey->pkey); return BN_num_bits(DSA_get0_p(dsa)); } static int dsa_missing_parameters(const EVP_PKEY *pkey) { - const DSA *dsa = pkey->pkey; + const DSA *dsa = reinterpret_cast<const DSA *>(pkey->pkey); if (DSA_get0_p(dsa) == NULL || DSA_get0_q(dsa) == NULL || DSA_get0_g(dsa) == NULL) { return 1; @@ -231,8 +226,8 @@ } static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) { - DSA *to_dsa = to->pkey; - const DSA *from_dsa = from->pkey; + DSA *to_dsa = reinterpret_cast<DSA *>(to->pkey); + const DSA *from_dsa = reinterpret_cast<const DSA *>(from->pkey); if (!dup_bn_into(&to_dsa->p, from_dsa->p) || !dup_bn_into(&to_dsa->q, from_dsa->q) || !dup_bn_into(&to_dsa->g, from_dsa->g)) { @@ -243,21 +238,21 @@ } static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) { - const DSA *a_dsa = a->pkey; - const DSA *b_dsa = b->pkey; + const DSA *a_dsa = reinterpret_cast<const DSA *>(a->pkey); + const DSA *b_dsa = reinterpret_cast<const DSA *>(b->pkey); return BN_cmp(DSA_get0_p(a_dsa), DSA_get0_p(b_dsa)) == 0 && BN_cmp(DSA_get0_q(a_dsa), DSA_get0_q(b_dsa)) == 0 && BN_cmp(DSA_get0_g(a_dsa), DSA_get0_g(b_dsa)) == 0; } static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { - const DSA *a_dsa = a->pkey; - const DSA *b_dsa = b->pkey; + const DSA *a_dsa = reinterpret_cast<const DSA *>(a->pkey); + const DSA *b_dsa = reinterpret_cast<const DSA *>(b->pkey); return BN_cmp(DSA_get0_pub_key(b_dsa), DSA_get0_pub_key(a_dsa)) == 0; } static void int_dsa_free(EVP_PKEY *pkey) { - DSA_free(pkey->pkey); + DSA_free(reinterpret_cast<DSA *>(pkey->pkey)); pkey->pkey = NULL; } @@ -326,7 +321,7 @@ OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_A_DSA_KEY); return NULL; } - return pkey->pkey; + return reinterpret_cast<DSA *>(pkey->pkey); } DSA *EVP_PKEY_get1_DSA(const EVP_PKEY *pkey) {
diff --git a/crypto/evp/p_ec.c b/crypto/evp/p_ec.cc similarity index 86% rename from crypto/evp/p_ec.c rename to crypto/evp/p_ec.cc index 7e1594e..f2c140f 100644 --- a/crypto/evp/p_ec.c +++ b/crypto/evp/p_ec.cc
@@ -67,9 +67,9 @@ #include <openssl/mem.h> #include <openssl/nid.h> -#include "internal.h" #include "../fipsmodule/ec/internal.h" #include "../internal.h" +#include "internal.h" typedef struct { @@ -80,7 +80,8 @@ static int pkey_ec_init(EVP_PKEY_CTX *ctx) { - EC_PKEY_CTX *dctx = OPENSSL_zalloc(sizeof(EC_PKEY_CTX)); + EC_PKEY_CTX *dctx = + reinterpret_cast<EC_PKEY_CTX *>(OPENSSL_zalloc(sizeof(EC_PKEY_CTX))); if (!dctx) { return 0; } @@ -94,15 +95,15 @@ return 0; } - const EC_PKEY_CTX *sctx = src->data; - EC_PKEY_CTX *dctx = dst->data; + const EC_PKEY_CTX *sctx = reinterpret_cast<EC_PKEY_CTX *>(src->data); + EC_PKEY_CTX *dctx = reinterpret_cast<EC_PKEY_CTX *>(dst->data); dctx->md = sctx->md; dctx->gen_group = sctx->gen_group; return 1; } static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx) { - EC_PKEY_CTX *dctx = ctx->data; + EC_PKEY_CTX *dctx = reinterpret_cast<EC_PKEY_CTX *>(ctx->data); if (!dctx) { return; } @@ -112,7 +113,7 @@ static int pkey_ec_sign(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *siglen, const uint8_t *tbs, size_t tbslen) { - const EC_KEY *ec = ctx->pkey->pkey; + const EC_KEY *ec = reinterpret_cast<EC_KEY *>(ctx->pkey->pkey); if (!sig) { *siglen = ECDSA_size(ec); return 1; @@ -131,18 +132,17 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx, const uint8_t *sig, size_t siglen, const uint8_t *tbs, size_t tbslen) { - const EC_KEY *ec_key = ctx->pkey->pkey; + const EC_KEY *ec_key = reinterpret_cast<EC_KEY *>(ctx->pkey->pkey); return ECDSA_verify(0, tbs, tbslen, sig, siglen, ec_key); } -static int pkey_ec_derive(EVP_PKEY_CTX *ctx, uint8_t *key, - size_t *keylen) { +static int pkey_ec_derive(EVP_PKEY_CTX *ctx, uint8_t *key, size_t *keylen) { if (!ctx->pkey || !ctx->peerkey) { OPENSSL_PUT_ERROR(EVP, EVP_R_KEYS_NOT_SET); return 0; } - const EC_KEY *eckey = ctx->pkey->pkey; + const EC_KEY *eckey = reinterpret_cast<EC_KEY *>(ctx->pkey->pkey); if (!key) { const EC_GROUP *group; group = EC_KEY_get0_group(eckey); @@ -150,7 +150,7 @@ return 1; } - const EC_KEY *eckey_peer = ctx->peerkey->pkey; + const EC_KEY *eckey_peer = reinterpret_cast<EC_KEY *>(ctx->peerkey->pkey); const EC_POINT *pubkey = EC_KEY_get0_public_key(eckey_peer); // NB: unlike PKCS#3 DH, if *outlen is less than maximum size this is @@ -165,11 +165,11 @@ } static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { - EC_PKEY_CTX *dctx = ctx->data; + EC_PKEY_CTX *dctx = reinterpret_cast<EC_PKEY_CTX *>(ctx->data); switch (type) { case EVP_PKEY_CTRL_MD: { - const EVP_MD *md = p2; + const EVP_MD *md = reinterpret_cast<const EVP_MD *>(p2); int md_type = EVP_MD_type(md); if (md_type != NID_sha1 && md_type != NID_sha224 && md_type != NID_sha256 && md_type != NID_sha384 && @@ -205,19 +205,17 @@ } static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { - EC_PKEY_CTX *dctx = ctx->data; + EC_PKEY_CTX *dctx = reinterpret_cast<EC_PKEY_CTX *>(ctx->data); const EC_GROUP *group = dctx->gen_group; if (group == NULL) { if (ctx->pkey == NULL) { OPENSSL_PUT_ERROR(EVP, EVP_R_NO_PARAMETERS_SET); return 0; } - group = EC_KEY_get0_group(ctx->pkey->pkey); + group = EC_KEY_get0_group(reinterpret_cast<EC_KEY *>(ctx->pkey->pkey)); } EC_KEY *ec = EC_KEY_new(); - if (ec == NULL || - !EC_KEY_set_group(ec, group) || - !EC_KEY_generate_key(ec)) { + if (ec == NULL || !EC_KEY_set_group(ec, group) || !EC_KEY_generate_key(ec)) { EC_KEY_free(ec); return 0; } @@ -226,14 +224,13 @@ } static int pkey_ec_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { - EC_PKEY_CTX *dctx = ctx->data; + EC_PKEY_CTX *dctx = reinterpret_cast<EC_PKEY_CTX *>(ctx->data); if (dctx->gen_group == NULL) { OPENSSL_PUT_ERROR(EVP, EVP_R_NO_PARAMETERS_SET); return 0; } EC_KEY *ec = EC_KEY_new(); - if (ec == NULL || - !EC_KEY_set_group(ec, dctx->gen_group)) { + if (ec == NULL || !EC_KEY_set_group(ec, dctx->gen_group)) { EC_KEY_free(ec); return 0; }
diff --git a/crypto/evp/p_ec_asn1.c b/crypto/evp/p_ec_asn1.cc similarity index 89% rename from crypto/evp/p_ec_asn1.c rename to crypto/evp/p_ec_asn1.cc index 54d02c3..fcaf63c 100644 --- a/crypto/evp/p_ec_asn1.c +++ b/crypto/evp/p_ec_asn1.cc
@@ -9,7 +9,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -66,7 +66,7 @@ static int eckey_pub_encode(CBB *out, const EVP_PKEY *key) { - const EC_KEY *ec_key = key->pkey; + const EC_KEY *ec_key = reinterpret_cast<const EC_KEY *>(key->pkey); const EC_GROUP *group = EC_KEY_get0_group(ec_key); const EC_POINT *public_key = EC_KEY_get0_public_key(ec_key); @@ -101,7 +101,7 @@ } eckey = EC_KEY_new(); - if (eckey == NULL || // + if (eckey == NULL || // !EC_KEY_set_group(eckey, group) || !EC_KEY_oct2key(eckey, CBS_data(key), CBS_len(key), NULL)) { goto err; @@ -116,8 +116,8 @@ } static int eckey_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { - const EC_KEY *a_ec = a->pkey; - const EC_KEY *b_ec = b->pkey; + const EC_KEY *a_ec = reinterpret_cast<const EC_KEY *>(a->pkey); + const EC_KEY *b_ec = reinterpret_cast<const EC_KEY *>(b->pkey); const EC_GROUP *group = EC_KEY_get0_group(b_ec); const EC_POINT *pa = EC_KEY_get0_public_key(a_ec), *pb = EC_KEY_get0_public_key(b_ec); @@ -151,7 +151,7 @@ } static int eckey_priv_encode(CBB *out, const EVP_PKEY *key) { - const EC_KEY *ec_key = key->pkey; + const EC_KEY *ec_key = reinterpret_cast<const EC_KEY *>(key->pkey); // Omit the redundant copy of the curve name. This contradicts RFC 5915 but // aligns with PKCS #11. SEC 1 only says they may be omitted if known by other @@ -179,7 +179,7 @@ static int eckey_set1_tls_encodedpoint(EVP_PKEY *pkey, const uint8_t *in, size_t len) { - EC_KEY *ec_key = pkey->pkey; + EC_KEY *ec_key = reinterpret_cast<EC_KEY *>(pkey->pkey); if (ec_key == NULL) { OPENSSL_PUT_ERROR(EVP, EVP_R_NO_KEY_SET); return 0; @@ -190,7 +190,7 @@ static size_t eckey_get1_tls_encodedpoint(const EVP_PKEY *pkey, uint8_t **out_ptr) { - const EC_KEY *ec_key = pkey->pkey; + const EC_KEY *ec_key = reinterpret_cast<const EC_KEY *>(pkey->pkey); if (ec_key == NULL) { OPENSSL_PUT_ERROR(EVP, EVP_R_NO_KEY_SET); return 0; @@ -200,12 +200,12 @@ } static int int_ec_size(const EVP_PKEY *pkey) { - const EC_KEY *ec_key = pkey->pkey; + const EC_KEY *ec_key = reinterpret_cast<const EC_KEY *>(pkey->pkey); return ECDSA_size(ec_key); } static int ec_bits(const EVP_PKEY *pkey) { - const EC_KEY *ec_key = pkey->pkey; + const EC_KEY *ec_key = reinterpret_cast<const EC_KEY *>(pkey->pkey); const EC_GROUP *group = EC_KEY_get0_group(ec_key); if (group == NULL) { ERR_clear_error(); @@ -215,12 +215,12 @@ } static int ec_missing_parameters(const EVP_PKEY *pkey) { - const EC_KEY *ec_key = pkey->pkey; + const EC_KEY *ec_key = reinterpret_cast<const EC_KEY *>(pkey->pkey); return ec_key == NULL || EC_KEY_get0_group(ec_key) == NULL; } static int ec_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) { - const EC_KEY *from_key = from->pkey; + const EC_KEY *from_key = reinterpret_cast<const EC_KEY *>(from->pkey); if (from_key == NULL) { OPENSSL_PUT_ERROR(EVP, EVP_R_NO_KEY_SET); return 0; @@ -236,12 +236,12 @@ return 0; } } - return EC_KEY_set_group(to->pkey, group); + return EC_KEY_set_group(reinterpret_cast<EC_KEY *>(to->pkey), group); } static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) { - const EC_KEY *a_ec = a->pkey; - const EC_KEY *b_ec = b->pkey; + const EC_KEY *a_ec = reinterpret_cast<const EC_KEY *>(a->pkey); + const EC_KEY *b_ec = reinterpret_cast<const EC_KEY *>(b->pkey); if (a_ec == NULL || b_ec == NULL) { return -2; } @@ -258,12 +258,12 @@ } static void int_ec_free(EVP_PKEY *pkey) { - EC_KEY_free(pkey->pkey); + EC_KEY_free(reinterpret_cast<EC_KEY *>(pkey->pkey)); pkey->pkey = NULL; } static int eckey_opaque(const EVP_PKEY *pkey) { - const EC_KEY *ec_key = pkey->pkey; + const EC_KEY *ec_key = reinterpret_cast<const EC_KEY *>(pkey->pkey); return EC_KEY_is_opaque(ec_key); } @@ -320,7 +320,7 @@ OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_AN_EC_KEY_KEY); return NULL; } - return pkey->pkey; + return reinterpret_cast<EC_KEY *>(pkey->pkey); } EC_KEY *EVP_PKEY_get1_EC_KEY(const EVP_PKEY *pkey) {
diff --git a/crypto/evp/p_ed25519.c b/crypto/evp/p_ed25519.cc similarity index 76% rename from crypto/evp/p_ed25519.c rename to crypto/evp/p_ed25519.cc index 66e7197..e8007c5 100644 --- a/crypto/evp/p_ed25519.c +++ b/crypto/evp/p_ed25519.cc
@@ -25,7 +25,8 @@ static int pkey_ed25519_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) { return 1; } static int pkey_ed25519_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { - ED25519_KEY *key = OPENSSL_malloc(sizeof(ED25519_KEY)); + ED25519_KEY *key = + reinterpret_cast<ED25519_KEY *>(OPENSSL_malloc(sizeof(ED25519_KEY))); if (key == NULL) { return 0; } @@ -44,7 +45,8 @@ static int pkey_ed25519_sign_message(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *siglen, const uint8_t *tbs, size_t tbslen) { - const ED25519_KEY *key = ctx->pkey->pkey; + const ED25519_KEY *key = + reinterpret_cast<const ED25519_KEY *>(ctx->pkey->pkey); if (!key->has_private) { OPENSSL_PUT_ERROR(EVP, EVP_R_NOT_A_PRIVATE_KEY); return 0; @@ -71,7 +73,8 @@ static int pkey_ed25519_verify_message(EVP_PKEY_CTX *ctx, const uint8_t *sig, size_t siglen, const uint8_t *tbs, size_t tbslen) { - const ED25519_KEY *key = ctx->pkey->pkey; + const ED25519_KEY *key = + reinterpret_cast<const ED25519_KEY *>(ctx->pkey->pkey); if (siglen != 64 || !ED25519_verify(tbs, tbslen, sig, key->key + ED25519_PUBLIC_KEY_OFFSET)) { OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_SIGNATURE); @@ -82,19 +85,19 @@ } const EVP_PKEY_METHOD ed25519_pkey_meth = { - EVP_PKEY_ED25519, - NULL /* init */, - pkey_ed25519_copy, - NULL /* cleanup */, - pkey_ed25519_keygen, - NULL /* sign */, - pkey_ed25519_sign_message, - NULL /* verify */, - pkey_ed25519_verify_message, - NULL /* verify_recover */, - NULL /* encrypt */, - NULL /* decrypt */, - NULL /* derive */, - NULL /* paramgen */, - NULL /* ctrl */, + /*pkey_id=*/EVP_PKEY_ED25519, + /*init=*/nullptr, + /*copy=*/pkey_ed25519_copy, + /*cleanup=*/nullptr, + /*keygen=*/pkey_ed25519_keygen, + /*sign=*/nullptr, + /*sign_message=*/pkey_ed25519_sign_message, + /*verify=*/nullptr, + /*verify_message=*/pkey_ed25519_verify_message, + /*verify_recover=*/nullptr, + /*encrypt=*/nullptr, + /*decrypt=*/nullptr, + /*derive=*/nullptr, + /*paramgen=*/nullptr, + /*ctrl=*/nullptr, };
diff --git a/crypto/evp/p_ed25519_asn1.c b/crypto/evp/p_ed25519_asn1.cc similarity index 88% rename from crypto/evp/p_ed25519_asn1.c rename to crypto/evp/p_ed25519_asn1.cc index 3b8f27f..50d7b88 100644 --- a/crypto/evp/p_ed25519_asn1.c +++ b/crypto/evp/p_ed25519_asn1.cc
@@ -19,8 +19,8 @@ #include <openssl/err.h> #include <openssl/mem.h> -#include "internal.h" #include "../internal.h" +#include "internal.h" static void ed25519_free(EVP_PKEY *pkey) { @@ -34,7 +34,8 @@ return 0; } - ED25519_KEY *key = OPENSSL_malloc(sizeof(ED25519_KEY)); + ED25519_KEY *key = + reinterpret_cast<ED25519_KEY *>(OPENSSL_malloc(sizeof(ED25519_KEY))); if (key == NULL) { return 0; } @@ -56,7 +57,8 @@ return 0; } - ED25519_KEY *key = OPENSSL_malloc(sizeof(ED25519_KEY)); + ED25519_KEY *key = + reinterpret_cast<ED25519_KEY *>(OPENSSL_malloc(sizeof(ED25519_KEY))); if (key == NULL) { return 0; } @@ -71,7 +73,7 @@ static int ed25519_get_priv_raw(const EVP_PKEY *pkey, uint8_t *out, size_t *out_len) { - const ED25519_KEY *key = pkey->pkey; + const ED25519_KEY *key = reinterpret_cast<const ED25519_KEY *>(pkey->pkey); if (!key->has_private) { OPENSSL_PUT_ERROR(EVP, EVP_R_NOT_A_PRIVATE_KEY); return 0; @@ -95,7 +97,7 @@ static int ed25519_get_pub_raw(const EVP_PKEY *pkey, uint8_t *out, size_t *out_len) { - const ED25519_KEY *key = pkey->pkey; + const ED25519_KEY *key = reinterpret_cast<const ED25519_KEY *>(pkey->pkey); if (out == NULL) { *out_len = 32; return 1; @@ -124,7 +126,7 @@ } static int ed25519_pub_encode(CBB *out, const EVP_PKEY *pkey) { - const ED25519_KEY *key = pkey->pkey; + const ED25519_KEY *key = reinterpret_cast<const ED25519_KEY *>(pkey->pkey); // See RFC 8410, section 4. CBB spki, algorithm, oid, key_bitstring; @@ -145,8 +147,8 @@ } static int ed25519_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { - const ED25519_KEY *a_key = a->pkey; - const ED25519_KEY *b_key = b->pkey; + const ED25519_KEY *a_key = reinterpret_cast<const ED25519_KEY *>(a->pkey); + const ED25519_KEY *b_key = reinterpret_cast<const ED25519_KEY *>(b->pkey); return OPENSSL_memcmp(a_key->key + ED25519_PUBLIC_KEY_OFFSET, b_key->key + ED25519_PUBLIC_KEY_OFFSET, 32) == 0; } @@ -158,8 +160,7 @@ // OCTET STRING layer. CBS inner; if (CBS_len(params) != 0 || - !CBS_get_asn1(key, &inner, CBS_ASN1_OCTETSTRING) || - CBS_len(key) != 0) { + !CBS_get_asn1(key, &inner, CBS_ASN1_OCTETSTRING) || CBS_len(key) != 0) { OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR); return 0; } @@ -168,7 +169,7 @@ } static int ed25519_priv_encode(CBB *out, const EVP_PKEY *pkey) { - const ED25519_KEY *key = pkey->pkey; + const ED25519_KEY *key = reinterpret_cast<const ED25519_KEY *>(pkey->pkey); if (!key->has_private) { OPENSSL_PUT_ERROR(EVP, EVP_R_NOT_A_PRIVATE_KEY); return 0; @@ -185,7 +186,7 @@ !CBB_add_asn1(&private_key, &inner, CBS_ASN1_OCTETSTRING) || // The PKCS#8 encoding stores only the 32-byte seed which is the first 32 // bytes of the private key. - !CBB_add_bytes(&inner, key->key, 32) || + !CBB_add_bytes(&inner, key->key, 32) || // !CBB_flush(out)) { OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR); return 0;
diff --git a/crypto/evp/p_hkdf.c b/crypto/evp/p_hkdf.cc similarity index 86% rename from crypto/evp/p_hkdf.c rename to crypto/evp/p_hkdf.cc index d9cbfc7..bf0e5e2 100644 --- a/crypto/evp/p_hkdf.c +++ b/crypto/evp/p_hkdf.cc
@@ -35,7 +35,8 @@ } HKDF_PKEY_CTX; static int pkey_hkdf_init(EVP_PKEY_CTX *ctx) { - HKDF_PKEY_CTX *hctx = OPENSSL_zalloc(sizeof(HKDF_PKEY_CTX)); + HKDF_PKEY_CTX *hctx = + reinterpret_cast<HKDF_PKEY_CTX *>(OPENSSL_zalloc(sizeof(HKDF_PKEY_CTX))); if (hctx == NULL) { return 0; } @@ -54,13 +55,15 @@ return 0; } - HKDF_PKEY_CTX *hctx_dst = dst->data; - const HKDF_PKEY_CTX *hctx_src = src->data; + HKDF_PKEY_CTX *hctx_dst = reinterpret_cast<HKDF_PKEY_CTX *>(dst->data); + const HKDF_PKEY_CTX *hctx_src = + reinterpret_cast<const HKDF_PKEY_CTX *>(src->data); hctx_dst->mode = hctx_src->mode; hctx_dst->md = hctx_src->md; if (hctx_src->key_len != 0) { - hctx_dst->key = OPENSSL_memdup(hctx_src->key, hctx_src->key_len); + hctx_dst->key = reinterpret_cast<uint8_t *>( + OPENSSL_memdup(hctx_src->key, hctx_src->key_len)); if (hctx_dst->key == NULL) { return 0; } @@ -68,7 +71,8 @@ } if (hctx_src->salt_len != 0) { - hctx_dst->salt = OPENSSL_memdup(hctx_src->salt, hctx_src->salt_len); + hctx_dst->salt = reinterpret_cast<uint8_t *>( + OPENSSL_memdup(hctx_src->salt, hctx_src->salt_len)); if (hctx_dst->salt == NULL) { return 0; } @@ -84,7 +88,7 @@ } static void pkey_hkdf_cleanup(EVP_PKEY_CTX *ctx) { - HKDF_PKEY_CTX *hctx = ctx->data; + HKDF_PKEY_CTX *hctx = reinterpret_cast<HKDF_PKEY_CTX *>(ctx->data); if (hctx != NULL) { OPENSSL_free(hctx->key); OPENSSL_free(hctx->salt); @@ -95,7 +99,7 @@ } static int pkey_hkdf_derive(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *out_len) { - HKDF_PKEY_CTX *hctx = ctx->data; + HKDF_PKEY_CTX *hctx = reinterpret_cast<HKDF_PKEY_CTX *>(ctx->data); if (hctx->md == NULL) { OPENSSL_PUT_ERROR(EVP, EVP_R_MISSING_PARAMETERS); return 0; @@ -136,7 +140,7 @@ } static int pkey_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { - HKDF_PKEY_CTX *hctx = ctx->data; + HKDF_PKEY_CTX *hctx = reinterpret_cast<HKDF_PKEY_CTX *>(ctx->data); switch (type) { case EVP_PKEY_CTRL_HKDF_MODE: if (p1 != EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND && @@ -148,24 +152,24 @@ hctx->mode = p1; return 1; case EVP_PKEY_CTRL_HKDF_MD: - hctx->md = p2; + hctx->md = reinterpret_cast<const EVP_MD *>(p2); return 1; case EVP_PKEY_CTRL_HKDF_KEY: { - const CBS *key = p2; + const CBS *key = reinterpret_cast<const CBS *>(p2); if (!CBS_stow(key, &hctx->key, &hctx->key_len)) { return 0; } return 1; } case EVP_PKEY_CTRL_HKDF_SALT: { - const CBS *salt = p2; + const CBS *salt = reinterpret_cast<const CBS *>(p2); if (!CBS_stow(salt, &hctx->salt, &hctx->salt_len)) { return 0; } return 1; } case EVP_PKEY_CTRL_HKDF_INFO: { - const CBS *info = p2; + const CBS *info = reinterpret_cast<const CBS *>(p2); // |EVP_PKEY_CTX_add1_hkdf_info| appends to the info string, rather than // replacing it. if (!CBB_add_bytes(&hctx->info, CBS_data(info), CBS_len(info))) { @@ -180,7 +184,7 @@ } const EVP_PKEY_METHOD hkdf_pkey_meth = { - EVP_PKEY_HKDF, + /*pkey_id=*/EVP_PKEY_HKDF, pkey_hkdf_init, pkey_hkdf_copy, pkey_hkdf_cleanup,
diff --git a/crypto/evp/p_rsa.c b/crypto/evp/p_rsa.cc similarity index 89% rename from crypto/evp/p_rsa.c rename to crypto/evp/p_rsa.cc index 3bdd85d..809dfca 100644 --- a/crypto/evp/p_rsa.c +++ b/crypto/evp/p_rsa.cc
@@ -97,7 +97,8 @@ } RSA_OAEP_LABEL_PARAMS; static int pkey_rsa_init(EVP_PKEY_CTX *ctx) { - RSA_PKEY_CTX *rctx = OPENSSL_zalloc(sizeof(RSA_PKEY_CTX)); + RSA_PKEY_CTX *rctx = + reinterpret_cast<RSA_PKEY_CTX *>(OPENSSL_zalloc(sizeof(RSA_PKEY_CTX))); if (!rctx) { return 0; } @@ -116,8 +117,8 @@ if (!pkey_rsa_init(dst)) { return 0; } - sctx = src->data; - dctx = dst->data; + sctx = reinterpret_cast<RSA_PKEY_CTX *>(src->data); + dctx = reinterpret_cast<RSA_PKEY_CTX *>(dst->data); dctx->nbits = sctx->nbits; if (sctx->pub_exp) { dctx->pub_exp = BN_dup(sctx->pub_exp); @@ -132,7 +133,8 @@ dctx->saltlen = sctx->saltlen; if (sctx->oaep_label) { OPENSSL_free(dctx->oaep_label); - dctx->oaep_label = OPENSSL_memdup(sctx->oaep_label, sctx->oaep_labellen); + dctx->oaep_label = reinterpret_cast<uint8_t *>( + OPENSSL_memdup(sctx->oaep_label, sctx->oaep_labellen)); if (!dctx->oaep_label) { return 0; } @@ -143,7 +145,7 @@ } static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx) { - RSA_PKEY_CTX *rctx = ctx->data; + RSA_PKEY_CTX *rctx = reinterpret_cast<RSA_PKEY_CTX *>(ctx->data); if (rctx == NULL) { return; @@ -159,7 +161,8 @@ if (ctx->tbuf) { return 1; } - ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey)); + ctx->tbuf = + reinterpret_cast<uint8_t *>(OPENSSL_malloc(EVP_PKEY_size(pk->pkey))); if (!ctx->tbuf) { return 0; } @@ -168,8 +171,8 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, uint8_t *sig, size_t *siglen, const uint8_t *tbs, size_t tbslen) { - RSA_PKEY_CTX *rctx = ctx->data; - RSA *rsa = ctx->pkey->pkey; + RSA_PKEY_CTX *rctx = reinterpret_cast<RSA_PKEY_CTX *>(ctx->data); + RSA *rsa = reinterpret_cast<RSA *>(ctx->pkey->pkey); const size_t key_len = EVP_PKEY_size(ctx->pkey); if (!sig) { @@ -204,11 +207,10 @@ return RSA_sign_raw(rsa, siglen, sig, *siglen, tbs, tbslen, rctx->pad_mode); } -static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, const uint8_t *sig, - size_t siglen, const uint8_t *tbs, - size_t tbslen) { - RSA_PKEY_CTX *rctx = ctx->data; - RSA *rsa = ctx->pkey->pkey; +static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, const uint8_t *sig, size_t siglen, + const uint8_t *tbs, size_t tbslen) { + RSA_PKEY_CTX *rctx = reinterpret_cast<RSA_PKEY_CTX *>(ctx->data); + RSA *rsa = reinterpret_cast<RSA *>(ctx->pkey->pkey); if (rctx->md) { switch (rctx->pad_mode) { @@ -229,8 +231,7 @@ if (!setup_tbuf(rctx, ctx) || !RSA_verify_raw(rsa, &rslen, rctx->tbuf, key_len, sig, siglen, rctx->pad_mode) || - rslen != tbslen || - CRYPTO_memcmp(tbs, rctx->tbuf, rslen) != 0) { + rslen != tbslen || CRYPTO_memcmp(tbs, rctx->tbuf, rslen) != 0) { return 0; } @@ -240,8 +241,8 @@ static int pkey_rsa_verify_recover(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *out_len, const uint8_t *sig, size_t sig_len) { - RSA_PKEY_CTX *rctx = ctx->data; - RSA *rsa = ctx->pkey->pkey; + RSA_PKEY_CTX *rctx = reinterpret_cast<RSA_PKEY_CTX *>(ctx->data); + RSA *rsa = reinterpret_cast<RSA *>(ctx->pkey->pkey); const size_t key_len = EVP_PKEY_size(ctx->pkey); if (out == NULL) { @@ -304,8 +305,8 @@ static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen, const uint8_t *in, size_t inlen) { - RSA_PKEY_CTX *rctx = ctx->data; - RSA *rsa = ctx->pkey->pkey; + RSA_PKEY_CTX *rctx = reinterpret_cast<RSA_PKEY_CTX *>(ctx->data); + RSA *rsa = reinterpret_cast<RSA *>(ctx->pkey->pkey); const size_t key_len = EVP_PKEY_size(ctx->pkey); if (!out) { @@ -333,11 +334,10 @@ return RSA_encrypt(rsa, outlen, out, *outlen, in, inlen, rctx->pad_mode); } -static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, uint8_t *out, - size_t *outlen, const uint8_t *in, - size_t inlen) { - RSA_PKEY_CTX *rctx = ctx->data; - RSA *rsa = ctx->pkey->pkey; +static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, uint8_t *out, size_t *outlen, + const uint8_t *in, size_t inlen) { + RSA_PKEY_CTX *rctx = reinterpret_cast<RSA_PKEY_CTX *>(ctx->data); + RSA *rsa = reinterpret_cast<RSA *>(ctx->pkey->pkey); const size_t key_len = EVP_PKEY_size(ctx->pkey); if (!out) { @@ -392,7 +392,7 @@ } static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) { - RSA_PKEY_CTX *rctx = ctx->data; + RSA_PKEY_CTX *rctx = reinterpret_cast<RSA_PKEY_CTX *>(ctx->data); switch (type) { case EVP_PKEY_CTRL_RSA_PADDING: if (!is_known_padding(p1) || !check_padding_md(rctx->md, p1) || @@ -443,7 +443,7 @@ return 0; } BN_free(rctx->pub_exp); - rctx->pub_exp = p2; + rctx->pub_exp = reinterpret_cast<BIGNUM *>(p2); return 1; case EVP_PKEY_CTRL_RSA_OAEP_MD: @@ -455,15 +455,15 @@ if (type == EVP_PKEY_CTRL_GET_RSA_OAEP_MD) { *(const EVP_MD **)p2 = rctx->md; } else { - rctx->md = p2; + rctx->md = reinterpret_cast<EVP_MD *>(p2); } return 1; case EVP_PKEY_CTRL_MD: - if (!check_padding_md(p2, rctx->pad_mode)) { + if (!check_padding_md(reinterpret_cast<EVP_MD *>(p2), rctx->pad_mode)) { return 0; } - rctx->md = p2; + rctx->md = reinterpret_cast<EVP_MD *>(p2); return 1; case EVP_PKEY_CTRL_GET_MD: @@ -484,7 +484,7 @@ *(const EVP_MD **)p2 = rctx->md; } } else { - rctx->mgf1md = p2; + rctx->mgf1md = reinterpret_cast<EVP_MD *>(p2); } return 1; @@ -494,7 +494,8 @@ return 0; } OPENSSL_free(rctx->oaep_label); - RSA_OAEP_LABEL_PARAMS *params = p2; + RSA_OAEP_LABEL_PARAMS *params = + reinterpret_cast<RSA_OAEP_LABEL_PARAMS *>(p2); rctx->oaep_label = params->data; rctx->oaep_labellen = params->len; return 1; @@ -516,7 +517,7 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { RSA *rsa = NULL; - RSA_PKEY_CTX *rctx = ctx->data; + RSA_PKEY_CTX *rctx = reinterpret_cast<RSA_PKEY_CTX *>(ctx->data); if (!rctx->pub_exp) { rctx->pub_exp = BN_new(); @@ -608,19 +609,19 @@ int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **out_md) { return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void*) out_md); + EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)out_md); } int EVP_PKEY_CTX_set_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) { return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void*) md); + EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)md); } int EVP_PKEY_CTX_get_rsa_mgf1_md(EVP_PKEY_CTX *ctx, const EVP_MD **out_md) { return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, - EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void*) out_md); + EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)out_md); } int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, uint8_t *label,
diff --git a/crypto/evp/p_rsa_asn1.c b/crypto/evp/p_rsa_asn1.cc similarity index 89% rename from crypto/evp/p_rsa_asn1.c rename to crypto/evp/p_rsa_asn1.cc index 24b8e17..41a7b95 100644 --- a/crypto/evp/p_rsa_asn1.c +++ b/crypto/evp/p_rsa_asn1.cc
@@ -9,7 +9,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -68,7 +68,7 @@ static int rsa_pub_encode(CBB *out, const EVP_PKEY *key) { // See RFC 3279, section 2.3.1. - const RSA *rsa = key->pkey; + const RSA *rsa = reinterpret_cast<const RSA *>(key->pkey); CBB spki, algorithm, oid, null, key_bitstring; if (!CBB_add_asn1(out, &spki, CBS_ASN1_SEQUENCE) || !CBB_add_asn1(&spki, &algorithm, CBS_ASN1_SEQUENCE) || @@ -77,7 +77,7 @@ !CBB_add_asn1(&algorithm, &null, CBS_ASN1_NULL) || !CBB_add_asn1(&spki, &key_bitstring, CBS_ASN1_BITSTRING) || !CBB_add_u8(&key_bitstring, 0 /* padding */) || - !RSA_marshal_public_key(&key_bitstring, rsa) || + !RSA_marshal_public_key(&key_bitstring, rsa) || // !CBB_flush(out)) { OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR); return 0; @@ -91,8 +91,7 @@ // The parameters must be NULL. CBS null; - if (!CBS_get_asn1(params, &null, CBS_ASN1_NULL) || - CBS_len(&null) != 0 || + if (!CBS_get_asn1(params, &null, CBS_ASN1_NULL) || CBS_len(&null) != 0 || CBS_len(params) != 0) { OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR); return 0; @@ -110,14 +109,14 @@ } static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { - const RSA *a_rsa = a->pkey; - const RSA *b_rsa = b->pkey; + const RSA *a_rsa = reinterpret_cast<const RSA *>(a->pkey); + const RSA *b_rsa = reinterpret_cast<const RSA *>(b->pkey); return BN_cmp(RSA_get0_n(b_rsa), RSA_get0_n(a_rsa)) == 0 && BN_cmp(RSA_get0_e(b_rsa), RSA_get0_e(a_rsa)) == 0; } static int rsa_priv_encode(CBB *out, const EVP_PKEY *key) { - const RSA *rsa = key->pkey; + const RSA *rsa = reinterpret_cast<const RSA *>(key->pkey); CBB pkcs8, algorithm, oid, null, private_key; if (!CBB_add_asn1(out, &pkcs8, CBS_ASN1_SEQUENCE) || !CBB_add_asn1_uint64(&pkcs8, 0 /* version */) || @@ -126,7 +125,7 @@ !CBB_add_bytes(&oid, rsa_asn1_meth.oid, rsa_asn1_meth.oid_len) || !CBB_add_asn1(&algorithm, &null, CBS_ASN1_NULL) || !CBB_add_asn1(&pkcs8, &private_key, CBS_ASN1_OCTETSTRING) || - !RSA_marshal_private_key(&private_key, rsa) || + !RSA_marshal_private_key(&private_key, rsa) || // !CBB_flush(out)) { OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR); return 0; @@ -138,8 +137,7 @@ static int rsa_priv_decode(EVP_PKEY *out, CBS *params, CBS *key) { // Per RFC 3447, A.1, the parameters have type NULL. CBS null; - if (!CBS_get_asn1(params, &null, CBS_ASN1_NULL) || - CBS_len(&null) != 0 || + if (!CBS_get_asn1(params, &null, CBS_ASN1_NULL) || CBS_len(&null) != 0 || CBS_len(params) != 0) { OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR); return 0; @@ -157,22 +155,22 @@ } static int rsa_opaque(const EVP_PKEY *pkey) { - const RSA *rsa = pkey->pkey; + const RSA *rsa = reinterpret_cast<const RSA *>(pkey->pkey); return RSA_is_opaque(rsa); } static int int_rsa_size(const EVP_PKEY *pkey) { - const RSA *rsa = pkey->pkey; + const RSA *rsa = reinterpret_cast<const RSA *>(pkey->pkey); return RSA_size(rsa); } static int rsa_bits(const EVP_PKEY *pkey) { - const RSA *rsa = pkey->pkey; + const RSA *rsa = reinterpret_cast<const RSA *>(pkey->pkey); return RSA_bits(rsa); } static void int_rsa_free(EVP_PKEY *pkey) { - RSA_free(pkey->pkey); + RSA_free(reinterpret_cast<RSA *>(pkey->pkey)); pkey->pkey = NULL; } @@ -229,7 +227,7 @@ OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_AN_RSA_KEY); return NULL; } - return pkey->pkey; + return reinterpret_cast<RSA *>(pkey->pkey); } RSA *EVP_PKEY_get1_RSA(const EVP_PKEY *pkey) {
diff --git a/crypto/evp/p_x25519.c b/crypto/evp/p_x25519.cc similarity index 77% rename from crypto/evp/p_x25519.c rename to crypto/evp/p_x25519.cc index a4c9136..2688527 100644 --- a/crypto/evp/p_x25519.c +++ b/crypto/evp/p_x25519.cc
@@ -25,7 +25,8 @@ static int pkey_x25519_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) { return 1; } static int pkey_x25519_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { - X25519_KEY *key = OPENSSL_malloc(sizeof(X25519_KEY)); + X25519_KEY *key = + reinterpret_cast<X25519_KEY *>(OPENSSL_malloc(sizeof(X25519_KEY))); if (key == NULL) { return 0; } @@ -47,8 +48,10 @@ return 0; } - const X25519_KEY *our_key = ctx->pkey->pkey; - const X25519_KEY *peer_key = ctx->peerkey->pkey; + const X25519_KEY *our_key = + reinterpret_cast<const X25519_KEY *>(ctx->pkey->pkey); + const X25519_KEY *peer_key = + reinterpret_cast<const X25519_KEY *>(ctx->peerkey->pkey); if (our_key == NULL || peer_key == NULL) { OPENSSL_PUT_ERROR(EVP, EVP_R_KEYS_NOT_SET); return 0; @@ -88,19 +91,19 @@ } const EVP_PKEY_METHOD x25519_pkey_meth = { - EVP_PKEY_X25519, - NULL /* init */, - pkey_x25519_copy, - NULL /* cleanup */, - pkey_x25519_keygen, - NULL /* sign */, - NULL /* sign_message */, - NULL /* verify */, - NULL /* verify_message */, - NULL /* verify_recover */, - NULL /* encrypt */, - NULL /* decrypt */, - pkey_x25519_derive, - NULL /* paramgen */, - pkey_x25519_ctrl, + /*pkey_id=*/EVP_PKEY_X25519, + /*init=*/NULL, + /*copy=*/pkey_x25519_copy, + /*cleanup=*/NULL, + /*keygen=*/pkey_x25519_keygen, + /*sign=*/NULL, + /*sign_message=*/NULL, + /*verify=*/NULL, + /*verify_message=*/NULL, + /*verify_recover=*/NULL, + /*encrypt=*/NULL, + /*decrypt=*/NULL, + /*derive=*/pkey_x25519_derive, + /*paramgen=*/NULL, + /*ctrl=*/pkey_x25519_ctrl, };
diff --git a/crypto/evp/p_x25519_asn1.c b/crypto/evp/p_x25519_asn1.cc similarity index 85% rename from crypto/evp/p_x25519_asn1.c rename to crypto/evp/p_x25519_asn1.cc index bf98427..ccc399c 100644 --- a/crypto/evp/p_x25519_asn1.c +++ b/crypto/evp/p_x25519_asn1.cc
@@ -19,8 +19,8 @@ #include <openssl/err.h> #include <openssl/mem.h> -#include "internal.h" #include "../internal.h" +#include "internal.h" static void x25519_free(EVP_PKEY *pkey) { @@ -34,7 +34,8 @@ return 0; } - X25519_KEY *key = OPENSSL_malloc(sizeof(X25519_KEY)); + X25519_KEY *key = + reinterpret_cast<X25519_KEY *>(OPENSSL_malloc(sizeof(X25519_KEY))); if (key == NULL) { return 0; } @@ -54,7 +55,8 @@ return 0; } - X25519_KEY *key = OPENSSL_malloc(sizeof(X25519_KEY)); + X25519_KEY *key = + reinterpret_cast<X25519_KEY *>(OPENSSL_malloc(sizeof(X25519_KEY))); if (key == NULL) { return 0; } @@ -69,7 +71,7 @@ static int x25519_get_priv_raw(const EVP_PKEY *pkey, uint8_t *out, size_t *out_len) { - const X25519_KEY *key = pkey->pkey; + const X25519_KEY *key = reinterpret_cast<X25519_KEY *>(pkey->pkey); if (!key->has_private) { OPENSSL_PUT_ERROR(EVP, EVP_R_NOT_A_PRIVATE_KEY); return 0; @@ -91,8 +93,8 @@ } static int x25519_get_pub_raw(const EVP_PKEY *pkey, uint8_t *out, - size_t *out_len) { - const X25519_KEY *key = pkey->pkey; + size_t *out_len) { + const X25519_KEY *key = reinterpret_cast<X25519_KEY *>(pkey->pkey); if (out == NULL) { *out_len = 32; return 1; @@ -115,13 +117,13 @@ static size_t x25519_get1_tls_encodedpoint(const EVP_PKEY *pkey, uint8_t **out_ptr) { - const X25519_KEY *key = pkey->pkey; + const X25519_KEY *key = reinterpret_cast<X25519_KEY *>(pkey->pkey); if (key == NULL) { OPENSSL_PUT_ERROR(EVP, EVP_R_NO_KEY_SET); return 0; } - *out_ptr = OPENSSL_memdup(key->pub, 32); + *out_ptr = reinterpret_cast<uint8_t *>(OPENSSL_memdup(key->pub, 32)); return *out_ptr == NULL ? 0 : 32; } @@ -138,7 +140,7 @@ } static int x25519_pub_encode(CBB *out, const EVP_PKEY *pkey) { - const X25519_KEY *key = pkey->pkey; + const X25519_KEY *key = reinterpret_cast<X25519_KEY *>(pkey->pkey); // See RFC 8410, section 4. CBB spki, algorithm, oid, key_bitstring; @@ -148,7 +150,7 @@ !CBB_add_bytes(&oid, x25519_asn1_meth.oid, x25519_asn1_meth.oid_len) || !CBB_add_asn1(&spki, &key_bitstring, CBS_ASN1_BITSTRING) || !CBB_add_u8(&key_bitstring, 0 /* padding */) || - !CBB_add_bytes(&key_bitstring, key->pub, 32) || + !CBB_add_bytes(&key_bitstring, key->pub, 32) || // !CBB_flush(out)) { OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR); return 0; @@ -158,8 +160,8 @@ } static int x25519_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { - const X25519_KEY *a_key = a->pkey; - const X25519_KEY *b_key = b->pkey; + const X25519_KEY *a_key = reinterpret_cast<const X25519_KEY *>(a->pkey); + const X25519_KEY *b_key = reinterpret_cast<const X25519_KEY *>(b->pkey); return OPENSSL_memcmp(a_key->pub, b_key->pub, 32) == 0; } @@ -170,8 +172,7 @@ // OCTET STRING layer. CBS inner; if (CBS_len(params) != 0 || - !CBS_get_asn1(key, &inner, CBS_ASN1_OCTETSTRING) || - CBS_len(key) != 0) { + !CBS_get_asn1(key, &inner, CBS_ASN1_OCTETSTRING) || CBS_len(key) != 0) { OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR); return 0; } @@ -180,7 +181,7 @@ } static int x25519_priv_encode(CBB *out, const EVP_PKEY *pkey) { - const X25519_KEY *key = pkey->pkey; + const X25519_KEY *key = reinterpret_cast<const X25519_KEY *>(pkey->pkey); if (!key->has_private) { OPENSSL_PUT_ERROR(EVP, EVP_R_NOT_A_PRIVATE_KEY); return 0; @@ -197,7 +198,7 @@ !CBB_add_asn1(&private_key, &inner, CBS_ASN1_OCTETSTRING) || // The PKCS#8 encoding stores only the 32-byte seed which is the first 32 // bytes of the private key. - !CBB_add_bytes(&inner, key->priv, 32) || + !CBB_add_bytes(&inner, key->priv, 32) || // !CBB_flush(out)) { OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR); return 0;
diff --git a/crypto/evp/pbkdf.c b/crypto/evp/pbkdf.cc similarity index 100% rename from crypto/evp/pbkdf.c rename to crypto/evp/pbkdf.cc
diff --git a/crypto/evp/print.c b/crypto/evp/print.cc similarity index 97% rename from crypto/evp/print.c rename to crypto/evp/print.cc index 05383b7..2e7d329 100644 --- a/crypto/evp/print.c +++ b/crypto/evp/print.cc
@@ -60,8 +60,8 @@ #include <openssl/mem.h> #include <openssl/rsa.h> -#include "../internal.h" #include "../fipsmodule/rsa/internal.h" +#include "../internal.h" static int print_hex(BIO *bp, const uint8_t *data, size_t len, int off) { @@ -105,7 +105,7 @@ } if (BIO_printf(bp, "%s%s", name, - (BN_is_negative(num)) ? " (Negative)" : "") <= 0) { + (BN_is_negative(num)) ? " (Negative)" : "") <= 0) { return 0; } @@ -115,7 +115,7 @@ // TODO(davidben): Do we need to do this? We already print "(Negative)" above // and negative values are never valid in keys anyway. size_t len = BN_num_bytes(num); - uint8_t *buf = OPENSSL_malloc(len + 1); + uint8_t *buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(len + 1)); if (buf == NULL) { return 0; } @@ -161,8 +161,7 @@ str = "Modulus:"; s = "Exponent:"; } - if (!bn_print(out, str, rsa->n, off) || - !bn_print(out, s, rsa->e, off)) { + if (!bn_print(out, str, rsa->n, off) || !bn_print(out, s, rsa->e, off)) { return 0; }
diff --git a/crypto/evp/scrypt.c b/crypto/evp/scrypt.cc similarity index 96% rename from crypto/evp/scrypt.c rename to crypto/evp/scrypt.cc index 2830267..e11cce5 100644 --- a/crypto/evp/scrypt.c +++ b/crypto/evp/scrypt.cc
@@ -27,7 +27,9 @@ // scrypt blocks, respectively. // A block_t is a Salsa20 block. -typedef struct { uint32_t words[16]; } block_t; +typedef struct { + uint32_t words[16]; +} block_t; static_assert(sizeof(block_t) == 64, "block_t has padding"); @@ -162,8 +164,7 @@ } size_t max_scrypt_blocks = max_mem / (2 * r * sizeof(block_t)); - if (max_scrypt_blocks < p + 1 || - max_scrypt_blocks - p - 1 < N) { + if (max_scrypt_blocks < p + 1 || max_scrypt_blocks - p - 1 < N) { OPENSSL_PUT_ERROR(EVP, EVP_R_MEMORY_LIMIT_EXCEEDED); return 0; } @@ -175,7 +176,8 @@ size_t B_bytes = B_blocks * sizeof(block_t); size_t T_blocks = 2 * r; size_t V_blocks = N * 2 * r; - block_t *B = OPENSSL_calloc(B_blocks + T_blocks + V_blocks, sizeof(block_t)); + block_t *B = reinterpret_cast<block_t *>( + OPENSSL_calloc(B_blocks + T_blocks + V_blocks, sizeof(block_t))); if (B == NULL) { return 0; }
diff --git a/crypto/evp/sign.c b/crypto/evp/sign.cc similarity index 100% rename from crypto/evp/sign.c rename to crypto/evp/sign.cc
diff --git a/crypto/ex_data.c b/crypto/ex_data.cc similarity index 97% rename from crypto/ex_data.c rename to crypto/ex_data.cc index 17de45e..893515d 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.cc
@@ -134,7 +134,8 @@ int CRYPTO_get_ex_new_index_ex(CRYPTO_EX_DATA_CLASS *ex_data_class, long argl, void *argp, CRYPTO_EX_free *free_func) { - CRYPTO_EX_DATA_FUNCS *funcs = OPENSSL_malloc(sizeof(CRYPTO_EX_DATA_FUNCS)); + CRYPTO_EX_DATA_FUNCS *funcs = reinterpret_cast<CRYPTO_EX_DATA_FUNCS *>( + OPENSSL_malloc(sizeof(CRYPTO_EX_DATA_FUNCS))); if (funcs == NULL) { return -1; } @@ -202,9 +203,7 @@ return sk_void_value(ad->sk, idx); } -void CRYPTO_new_ex_data(CRYPTO_EX_DATA *ad) { - ad->sk = NULL; -} +void CRYPTO_new_ex_data(CRYPTO_EX_DATA *ad) { ad->sk = NULL; } void CRYPTO_free_ex_data(CRYPTO_EX_DATA_CLASS *ex_data_class, void *obj, CRYPTO_EX_DATA *ad) {
diff --git a/crypto/fipsmodule/aes/aes.c.inc b/crypto/fipsmodule/aes/aes.cc.inc similarity index 100% rename from crypto/fipsmodule/aes/aes.c.inc rename to crypto/fipsmodule/aes/aes.cc.inc
diff --git a/crypto/fipsmodule/aes/aes_nohw.c.inc b/crypto/fipsmodule/aes/aes_nohw.cc.inc similarity index 100% rename from crypto/fipsmodule/aes/aes_nohw.c.inc rename to crypto/fipsmodule/aes/aes_nohw.cc.inc
diff --git a/crypto/fipsmodule/aes/internal.h b/crypto/fipsmodule/aes/internal.h index a89da46..bc61a50 100644 --- a/crypto/fipsmodule/aes/internal.h +++ b/crypto/fipsmodule/aes/internal.h
@@ -21,9 +21,7 @@ #include "../../internal.h" -#if defined(__cplusplus) extern "C" { -#endif #if !defined(OPENSSL_NO_ASM) @@ -247,8 +245,6 @@ const AES_KEY *key, uint8_t *ivec, int enc); -#if defined(__cplusplus) } // extern C -#endif #endif // OPENSSL_HEADER_AES_INTERNAL_H
diff --git a/crypto/fipsmodule/aes/key_wrap.c.inc b/crypto/fipsmodule/aes/key_wrap.cc.inc similarity index 98% rename from crypto/fipsmodule/aes/key_wrap.c.inc rename to crypto/fipsmodule/aes/key_wrap.cc.inc index 95b12d2..67ef3f9 100644 --- a/crypto/fipsmodule/aes/key_wrap.c.inc +++ b/crypto/fipsmodule/aes/key_wrap.cc.inc
@@ -184,7 +184,7 @@ return 1; } - uint8_t *padded_in = OPENSSL_malloc(padded_len); + uint8_t *padded_in = reinterpret_cast<uint8_t *>(OPENSSL_malloc(padded_len)); if (padded_in == NULL) { return 0; }
diff --git a/crypto/fipsmodule/aes/mode_wrappers.c.inc b/crypto/fipsmodule/aes/mode_wrappers.cc.inc similarity index 100% rename from crypto/fipsmodule/aes/mode_wrappers.c.inc rename to crypto/fipsmodule/aes/mode_wrappers.cc.inc
diff --git a/crypto/fipsmodule/bcm.c b/crypto/fipsmodule/bcm.cc similarity index 62% rename from crypto/fipsmodule/bcm.c rename to crypto/fipsmodule/bcm.cc index 0d55c08..fc0e2da 100644 --- a/crypto/fipsmodule/bcm.c +++ b/crypto/fipsmodule/bcm.cc
@@ -28,84 +28,84 @@ #include <openssl/hmac.h> #include <openssl/sha.h> -#include "bcm_interface.h" #include "../bcm_support.h" #include "../internal.h" +#include "bcm_interface.h" // TODO(crbug.com/362530616): When delocate is removed, build these files as // separate compilation units again. -#include "aes/aes.c.inc" -#include "aes/aes_nohw.c.inc" -#include "aes/key_wrap.c.inc" -#include "aes/mode_wrappers.c.inc" -#include "bn/add.c.inc" -#include "bn/asm/x86_64-gcc.c.inc" -#include "bn/bn.c.inc" -#include "bn/bytes.c.inc" -#include "bn/cmp.c.inc" -#include "bn/ctx.c.inc" -#include "bn/div.c.inc" -#include "bn/div_extra.c.inc" -#include "bn/exponentiation.c.inc" -#include "bn/gcd.c.inc" -#include "bn/gcd_extra.c.inc" -#include "bn/generic.c.inc" -#include "bn/jacobi.c.inc" -#include "bn/montgomery.c.inc" -#include "bn/montgomery_inv.c.inc" -#include "bn/mul.c.inc" -#include "bn/prime.c.inc" -#include "bn/random.c.inc" -#include "bn/rsaz_exp.c.inc" -#include "bn/shift.c.inc" -#include "bn/sqrt.c.inc" -#include "cipher/aead.c.inc" -#include "cipher/cipher.c.inc" -#include "cipher/e_aes.c.inc" -#include "cipher/e_aesccm.c.inc" -#include "cmac/cmac.c.inc" -#include "dh/check.c.inc" -#include "dh/dh.c.inc" -#include "digest/digest.c.inc" -#include "digest/digests.c.inc" -#include "digestsign/digestsign.c.inc" -#include "ecdh/ecdh.c.inc" -#include "ecdsa/ecdsa.c.inc" -#include "ec/ec.c.inc" -#include "ec/ec_key.c.inc" -#include "ec/ec_montgomery.c.inc" -#include "ec/felem.c.inc" -#include "ec/oct.c.inc" -#include "ec/p224-64.c.inc" -#include "ec/p256.c.inc" -#include "ec/p256-nistz.c.inc" -#include "ec/scalar.c.inc" -#include "ec/simple.c.inc" -#include "ec/simple_mul.c.inc" -#include "ec/util.c.inc" -#include "ec/wnaf.c.inc" -#include "hkdf/hkdf.c.inc" -#include "hmac/hmac.c.inc" -#include "modes/cbc.c.inc" -#include "modes/cfb.c.inc" -#include "modes/ctr.c.inc" -#include "modes/gcm.c.inc" -#include "modes/gcm_nohw.c.inc" -#include "modes/ofb.c.inc" -#include "modes/polyval.c.inc" -#include "rand/ctrdrbg.c.inc" -#include "rand/rand.c.inc" -#include "rsa/blinding.c.inc" -#include "rsa/padding.c.inc" -#include "rsa/rsa.c.inc" -#include "rsa/rsa_impl.c.inc" -#include "self_check/fips.c.inc" -#include "self_check/self_check.c.inc" -#include "service_indicator/service_indicator.c.inc" -#include "sha/sha1.c.inc" -#include "sha/sha256.c.inc" -#include "sha/sha512.c.inc" -#include "tls/kdf.c.inc" +#include "aes/aes.cc.inc" +#include "aes/aes_nohw.cc.inc" +#include "aes/key_wrap.cc.inc" +#include "aes/mode_wrappers.cc.inc" +#include "bn/add.cc.inc" +#include "bn/asm/x86_64-gcc.cc.inc" +#include "bn/bn.cc.inc" +#include "bn/bytes.cc.inc" +#include "bn/cmp.cc.inc" +#include "bn/ctx.cc.inc" +#include "bn/div.cc.inc" +#include "bn/div_extra.cc.inc" +#include "bn/exponentiation.cc.inc" +#include "bn/gcd.cc.inc" +#include "bn/gcd_extra.cc.inc" +#include "bn/generic.cc.inc" +#include "bn/jacobi.cc.inc" +#include "bn/montgomery.cc.inc" +#include "bn/montgomery_inv.cc.inc" +#include "bn/mul.cc.inc" +#include "bn/prime.cc.inc" +#include "bn/random.cc.inc" +#include "bn/rsaz_exp.cc.inc" +#include "bn/shift.cc.inc" +#include "bn/sqrt.cc.inc" +#include "cipher/aead.cc.inc" +#include "cipher/cipher.cc.inc" +#include "cipher/e_aes.cc.inc" +#include "cipher/e_aesccm.cc.inc" +#include "cmac/cmac.cc.inc" +#include "dh/check.cc.inc" +#include "dh/dh.cc.inc" +#include "digest/digest.cc.inc" +#include "digest/digests.cc.inc" +#include "digestsign/digestsign.cc.inc" +#include "ec/ec.cc.inc" +#include "ec/ec_key.cc.inc" +#include "ec/ec_montgomery.cc.inc" +#include "ec/felem.cc.inc" +#include "ec/oct.cc.inc" +#include "ec/p224-64.cc.inc" +#include "ec/p256-nistz.cc.inc" +#include "ec/p256.cc.inc" +#include "ec/scalar.cc.inc" +#include "ec/simple.cc.inc" +#include "ec/simple_mul.cc.inc" +#include "ec/util.cc.inc" +#include "ec/wnaf.cc.inc" +#include "ecdh/ecdh.cc.inc" +#include "ecdsa/ecdsa.cc.inc" +#include "hkdf/hkdf.cc.inc" +#include "hmac/hmac.cc.inc" +#include "modes/cbc.cc.inc" +#include "modes/cfb.cc.inc" +#include "modes/ctr.cc.inc" +#include "modes/gcm.cc.inc" +#include "modes/gcm_nohw.cc.inc" +#include "modes/ofb.cc.inc" +#include "modes/polyval.cc.inc" +#include "rand/ctrdrbg.cc.inc" +#include "rand/rand.cc.inc" +#include "rsa/blinding.cc.inc" +#include "rsa/padding.cc.inc" +#include "rsa/rsa.cc.inc" +#include "rsa/rsa_impl.cc.inc" +#include "self_check/fips.cc.inc" +#include "self_check/self_check.cc.inc" +#include "service_indicator/service_indicator.cc.inc" +#include "sha/sha1.cc.inc" +#include "sha/sha256.cc.inc" +#include "sha/sha512.cc.inc" +#include "tls/kdf.cc.inc" #if defined(BORINGSSL_FIPS) @@ -128,18 +128,17 @@ // aborts otherwise. static void assert_within(const void *start, const void *symbol, const void *end) { - const uintptr_t start_val = (uintptr_t) start; - const uintptr_t symbol_val = (uintptr_t) symbol; - const uintptr_t end_val = (uintptr_t) end; + const uintptr_t start_val = (uintptr_t)start; + const uintptr_t symbol_val = (uintptr_t)symbol; + const uintptr_t end_val = (uintptr_t)end; if (start_val <= symbol_val && symbol_val < end_val) { return; } - fprintf( - CRYPTO_get_stderr(), - "FIPS module doesn't span expected symbol. Expected %p <= %p < %p\n", - start, symbol, end); + fprintf(CRYPTO_get_stderr(), + "FIPS module doesn't span expected symbol. Expected %p <= %p < %p\n", + start, symbol, end); BORINGSSL_FIPS_abort(); } @@ -191,13 +190,13 @@ const uint8_t *const start = BORINGSSL_bcm_text_start; const uint8_t *const end = BORINGSSL_bcm_text_end; - assert_within(start, AES_encrypt, end); - assert_within(start, RSA_sign, end); - assert_within(start, BCM_rand_bytes, end); - assert_within(start, EC_GROUP_cmp, end); - assert_within(start, BCM_sha256_update, end); - assert_within(start, ecdsa_verify_fixed, end); - assert_within(start, EVP_AEAD_CTX_seal, end); + assert_within(start, reinterpret_cast<const void *>(AES_encrypt), end); + assert_within(start, reinterpret_cast<const void *>(RSA_sign), end); + assert_within(start, reinterpret_cast<const void *>(BCM_rand_bytes), end); + assert_within(start, reinterpret_cast<const void *>(EC_GROUP_cmp), end); + assert_within(start, reinterpret_cast<const void *>(BCM_sha256_update), end); + assert_within(start, reinterpret_cast<const void *>(ecdsa_verify_fixed), end); + assert_within(start, reinterpret_cast<const void *>(EVP_AEAD_CTX_seal), end); #if defined(BORINGSSL_SHARED_LIBRARY) const uint8_t *const rodata_start = BORINGSSL_bcm_rodata_start; @@ -214,8 +213,7 @@ uint8_t result[SHA256_DIGEST_LENGTH]; const EVP_MD *const kHashFunction = EVP_sha256(); - if (!boringssl_self_test_sha256() || - !boringssl_self_test_hmac_sha256()) { + if (!boringssl_self_test_sha256() || !boringssl_self_test_hmac_sha256()) { return 0; } @@ -232,11 +230,11 @@ BORINGSSL_maybe_set_module_text_permissions(PROT_READ | PROT_EXEC); #if defined(BORINGSSL_SHARED_LIBRARY) uint64_t length = end - start; - HMAC_Update(&hmac_ctx, (const uint8_t *) &length, sizeof(length)); + HMAC_Update(&hmac_ctx, (const uint8_t *)&length, sizeof(length)); HMAC_Update(&hmac_ctx, start, length); length = rodata_end - rodata_start; - HMAC_Update(&hmac_ctx, (const uint8_t *) &length, sizeof(length)); + HMAC_Update(&hmac_ctx, (const uint8_t *)&length, sizeof(length)); HMAC_Update(&hmac_ctx, rodata_start, length); #else HMAC_Update(&hmac_ctx, start, end - start); @@ -248,7 +246,7 @@ fprintf(CRYPTO_get_stderr(), "HMAC failed.\n"); return 0; } - HMAC_CTX_cleanse(&hmac_ctx); // FIPS 140-3, AS05.10. + HMAC_CTX_cleanse(&hmac_ctx); // FIPS 140-3, AS05.10. const uint8_t *expected = BORINGSSL_bcm_text_hash; @@ -258,13 +256,11 @@ #endif } - OPENSSL_cleanse(result, sizeof(result)); // FIPS 140-3, AS05.10. + OPENSSL_cleanse(result, sizeof(result)); // FIPS 140-3, AS05.10. return 1; } -const uint8_t* FIPS_module_hash(void) { - return BORINGSSL_bcm_text_hash; -} +const uint8_t *FIPS_module_hash(void) { return BORINGSSL_bcm_text_hash; } #endif // OPENSSL_ASAN
diff --git a/crypto/fipsmodule/bn/add.c.inc b/crypto/fipsmodule/bn/add.cc.inc similarity index 99% rename from crypto/fipsmodule/bn/add.c.inc rename to crypto/fipsmodule/bn/add.cc.inc index 1a8785e..1487ac9 100644 --- a/crypto/fipsmodule/bn/add.c.inc +++ b/crypto/fipsmodule/bn/add.cc.inc
@@ -61,6 +61,7 @@ #include <openssl/err.h> #include <openssl/mem.h> +#include "../../internal.h" #include "internal.h"
diff --git a/crypto/fipsmodule/bn/asm/x86_64-gcc.c.inc b/crypto/fipsmodule/bn/asm/x86_64-gcc.cc.inc similarity index 98% rename from crypto/fipsmodule/bn/asm/x86_64-gcc.c.inc rename to crypto/fipsmodule/bn/asm/x86_64-gcc.cc.inc index 30fff21..4f6bcae 100644 --- a/crypto/fipsmodule/bn/asm/x86_64-gcc.c.inc +++ b/crypto/fipsmodule/bn/asm/x86_64-gcc.cc.inc
@@ -67,7 +67,7 @@ // want to keep the value of zero; #define mul_add(r, a, word, carry) \ do { \ - register BN_ULONG high, low; \ + BN_ULONG high, low; \ __asm__("mulq %3" : "=a"(low), "=d"(high) : "a"(word), "m"(a) : "cc"); \ __asm__("addq %2,%0; adcq %3,%1" \ : "+r"(carry), "+d"(high) \ @@ -82,7 +82,7 @@ #define mul(r, a, word, carry) \ do { \ - register BN_ULONG high, low; \ + BN_ULONG high, low; \ __asm__("mulq %3" : "=a"(low), "=d"(high) : "a"(word), "g"(a) : "cc"); \ __asm__("addq %2,%0; adcq %3,%1" \ : "+r"(carry), "+d"(high) \ @@ -194,7 +194,7 @@ return 0; } - __asm__ volatile ( + __asm__ volatile( " subq %0,%0 \n" // clear carry " jmp 1f \n" ".p2align 4 \n" @@ -222,7 +222,7 @@ return 0; } - __asm__ volatile ( + __asm__ volatile( " subq %0,%0 \n" // clear borrow " jmp 1f \n" ".p2align 4 \n"
diff --git a/crypto/fipsmodule/bn/bn.c.inc b/crypto/fipsmodule/bn/bn.cc.inc similarity index 93% rename from crypto/fipsmodule/bn/bn.c.inc rename to crypto/fipsmodule/bn/bn.cc.inc index ecebcca..a3b8f08 100644 --- a/crypto/fipsmodule/bn/bn.c.inc +++ b/crypto/fipsmodule/bn/bn.cc.inc
@@ -63,8 +63,8 @@ #include <openssl/err.h> #include <openssl/mem.h> -#include "internal.h" #include "../delocate.h" +#include "internal.h" // BN_MAX_WORDS is the maximum number of words allowed in a |BIGNUM|. It is @@ -73,7 +73,7 @@ #define BN_MAX_WORDS (INT_MAX / (4 * BN_BITS2)) BIGNUM *BN_new(void) { - BIGNUM *bn = OPENSSL_malloc(sizeof(BIGNUM)); + BIGNUM *bn = reinterpret_cast<BIGNUM *>(OPENSSL_malloc(sizeof(BIGNUM))); if (bn == NULL) { return NULL; @@ -87,9 +87,7 @@ BIGNUM *BN_secure_new(void) { return BN_new(); } -void BN_init(BIGNUM *bn) { - OPENSSL_memset(bn, 0, sizeof(BIGNUM)); -} +void BN_init(BIGNUM *bn) { OPENSSL_memset(bn, 0, sizeof(BIGNUM)); } void BN_free(BIGNUM *bn) { if (bn == NULL) { @@ -107,9 +105,7 @@ } } -void BN_clear_free(BIGNUM *bn) { - BN_free(bn); -} +void BN_clear_free(BIGNUM *bn) { BN_free(bn); } BIGNUM *BN_dup(const BIGNUM *src) { BIGNUM *copy; @@ -157,8 +153,8 @@ } DEFINE_METHOD_FUNCTION(BIGNUM, BN_value_one) { - static const BN_ULONG kOneLimbs[1] = { 1 }; - out->d = (BN_ULONG*) kOneLimbs; + static const BN_ULONG kOneLimbs[1] = {1}; + out->d = (BN_ULONG *)kOneLimbs; out->width = 1; out->dmax = 1; out->neg = 0; @@ -229,17 +225,11 @@ return (width - 1) * BN_BITS2 + BN_num_bits_word(bn->d[width - 1]); } -unsigned BN_num_bytes(const BIGNUM *bn) { - return (BN_num_bits(bn) + 7) / 8; -} +unsigned BN_num_bytes(const BIGNUM *bn) { return (BN_num_bits(bn) + 7) / 8; } -void BN_zero(BIGNUM *bn) { - bn->width = bn->neg = 0; -} +void BN_zero(BIGNUM *bn) { bn->width = bn->neg = 0; } -int BN_one(BIGNUM *bn) { - return BN_set_word(bn, 1); -} +int BN_one(BIGNUM *bn) { return BN_set_word(bn, 1); } int BN_set_word(BIGNUM *bn, BN_ULONG value) { if (value == 0) { @@ -332,9 +322,7 @@ return 1; } -int BN_is_negative(const BIGNUM *bn) { - return bn->neg != 0; -} +int BN_is_negative(const BIGNUM *bn) { return bn->neg != 0; } void BN_set_negative(BIGNUM *bn, int sign) { if (sign && !BN_is_zero(bn)) { @@ -361,7 +349,7 @@ return 0; } - a = OPENSSL_calloc(words, sizeof(BN_ULONG)); + a = reinterpret_cast<BN_ULONG *>(OPENSSL_calloc(words, sizeof(BN_ULONG))); if (a == NULL) { return 0; } @@ -380,7 +368,7 @@ OPENSSL_PUT_ERROR(BN, BN_R_BIGNUM_TOO_LONG); return 0; } - return bn_wexpand(bn, (bits+BN_BITS2-1)/BN_BITS2); + return bn_wexpand(bn, (bits + BN_BITS2 - 1) / BN_BITS2); } int bn_resize_words(BIGNUM *bn, size_t words) {
diff --git a/crypto/fipsmodule/bn/bytes.c.inc b/crypto/fipsmodule/bn/bytes.cc.inc similarity index 100% rename from crypto/fipsmodule/bn/bytes.c.inc rename to crypto/fipsmodule/bn/bytes.cc.inc
diff --git a/crypto/fipsmodule/bn/cmp.c.inc b/crypto/fipsmodule/bn/cmp.cc.inc similarity index 100% rename from crypto/fipsmodule/bn/cmp.c.inc rename to crypto/fipsmodule/bn/cmp.cc.inc
diff --git a/crypto/fipsmodule/bn/ctx.c.inc b/crypto/fipsmodule/bn/ctx.cc.inc similarity index 96% rename from crypto/fipsmodule/bn/ctx.c.inc rename to crypto/fipsmodule/bn/ctx.cc.inc index 740fb78..bd54181 100644 --- a/crypto/fipsmodule/bn/ctx.c.inc +++ b/crypto/fipsmodule/bn/ctx.cc.inc
@@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -106,7 +106,7 @@ }; BN_CTX *BN_CTX_new(void) { - BN_CTX *ret = OPENSSL_malloc(sizeof(BN_CTX)); + BN_CTX *ret = reinterpret_cast<BN_CTX *>(OPENSSL_malloc(sizeof(BN_CTX))); if (!ret) { return NULL; } @@ -201,9 +201,7 @@ st->depth = st->size = 0; } -static void BN_STACK_cleanup(BN_STACK *st) { - OPENSSL_free(st->indexes); -} +static void BN_STACK_cleanup(BN_STACK *st) { OPENSSL_free(st->indexes); } static int BN_STACK_push(BN_STACK *st, size_t idx) { if (st->depth == st->size) { @@ -213,8 +211,8 @@ if (new_size <= st->size || new_size > SIZE_MAX / sizeof(size_t)) { return 0; } - size_t *new_indexes = - OPENSSL_realloc(st->indexes, new_size * sizeof(size_t)); + size_t *new_indexes = reinterpret_cast<size_t *>( + OPENSSL_realloc(st->indexes, new_size * sizeof(size_t))); if (new_indexes == NULL) { return 0; }
diff --git a/crypto/fipsmodule/bn/div.c.inc b/crypto/fipsmodule/bn/div.cc.inc similarity index 94% rename from crypto/fipsmodule/bn/div.c.inc rename to crypto/fipsmodule/bn/div.cc.inc index 06c4db5..eae9dc5 100644 --- a/crypto/fipsmodule/bn/div.c.inc +++ b/crypto/fipsmodule/bn/div.cc.inc
@@ -66,8 +66,7 @@ // bn_div_words divides a double-width |h|,|l| by |d| and returns the result, // which must fit in a |BN_ULONG|. -OPENSSL_UNUSED static BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, - BN_ULONG d) { +static inline BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) { BN_ULONG dh, dl, q, ret = 0, th, tl, t; int i, count = 2; @@ -195,6 +194,8 @@ BIGNUM *snum = BN_CTX_get(ctx); BIGNUM *sdiv = BN_CTX_get(ctx); BIGNUM *res = quotient == NULL ? BN_CTX_get(ctx) : quotient; + int norm_shift, num_n, loop, div_n; + BN_ULONG d0, d1; if (tmp == NULL || snum == NULL || sdiv == NULL || res == NULL) { goto err; } @@ -202,7 +203,7 @@ // Knuth step D1: Normalise the numbers such that the divisor's MSB is set. // This ensures, in Knuth's terminology, that v1 >= b/2, needed for the // quotient estimation step. - int norm_shift = BN_BITS2 - (BN_num_bits(divisor) % BN_BITS2); + norm_shift = BN_BITS2 - (BN_num_bits(divisor) % BN_BITS2); if (!BN_lshift(sdiv, divisor, norm_shift) || !BN_lshift(snum, numerator, norm_shift)) { goto err; @@ -213,9 +214,9 @@ // avoid looping on leading zeros, as we're not trying to be leak-free. bn_set_minimal_width(sdiv); bn_set_minimal_width(snum); - int div_n = sdiv->width; - const BN_ULONG d0 = sdiv->d[div_n - 1]; - const BN_ULONG d1 = (div_n == 1) ? 0 : sdiv->d[div_n - 2]; + div_n = sdiv->width; + d0 = sdiv->d[div_n - 1]; + d1 = (div_n == 1) ? 0 : sdiv->d[div_n - 2]; assert(d0 & (((BN_ULONG)1) << (BN_BITS2 - 1))); // Extend |snum| with zeros to satisfy the long division invariants: @@ -223,14 +224,14 @@ // - |snum|'s most significant word must be zero to guarantee the first loop // iteration works with a prefix greater than |sdiv|. (This is the extra u0 // digit in Knuth step D1.) - int num_n = snum->width <= div_n ? div_n + 1 : snum->width + 1; + num_n = snum->width <= div_n ? div_n + 1 : snum->width + 1; if (!bn_resize_words(snum, num_n)) { goto err; } // Knuth step D2: The quotient's width is the difference between numerator and // denominator. Also set up its sign and size a temporary for the loop. - int loop = num_n - div_n; + loop = num_n - div_n; res->neg = snum->neg ^ sdiv->neg; if (!bn_wexpand(res, loop) || // !bn_wexpand(tmp, div_n + 1)) { @@ -447,9 +448,9 @@ r = BN_CTX_get(ctx); } BIGNUM *tmp = BN_CTX_get(ctx); + int initial_words; if (q == NULL || r == NULL || tmp == NULL || - !bn_wexpand(q, numerator->width) || - !bn_wexpand(r, divisor->width) || + !bn_wexpand(q, numerator->width) || !bn_wexpand(r, divisor->width) || !bn_wexpand(tmp, divisor->width)) { goto err; } @@ -472,7 +473,7 @@ // without reductions. This significantly speeds up |RSA_check_key|. For // simplicity, we round down to a whole number of words. declassify_assert(divisor_min_bits <= BN_num_bits(divisor)); - int initial_words = 0; + initial_words = 0; if (divisor_min_bits > 0) { initial_words = (divisor_min_bits - 1) / BN_BITS2; if (initial_words > numerator->width) { @@ -514,8 +515,7 @@ static BIGNUM *bn_scratch_space_from_ctx(size_t width, BN_CTX *ctx) { BIGNUM *ret = BN_CTX_get(ctx); - if (ret == NULL || - !bn_wexpand(ret, width)) { + if (ret == NULL || !bn_wexpand(ret, width)) { return NULL; } ret->neg = 0; @@ -536,9 +536,7 @@ return bn; } BIGNUM *ret = bn_scratch_space_from_ctx(width, ctx); - if (ret == NULL || - !BN_copy(ret, bn) || - !bn_resize_words(ret, width)) { + if (ret == NULL || !BN_copy(ret, bn) || !bn_resize_words(ret, width)) { return NULL; } return ret; @@ -555,8 +553,7 @@ int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m) { BN_CTX *ctx = BN_CTX_new(); - int ok = ctx != NULL && - bn_mod_add_consttime(r, a, b, m, ctx); + int ok = ctx != NULL && bn_mod_add_consttime(r, a, b, m, ctx); BN_CTX_free(ctx); return ok; } @@ -567,8 +564,7 @@ a = bn_resized_from_ctx(a, m->width, ctx); b = bn_resized_from_ctx(b, m->width, ctx); BIGNUM *tmp = bn_scratch_space_from_ctx(m->width, ctx); - int ok = a != NULL && b != NULL && tmp != NULL && - bn_wexpand(r, m->width); + int ok = a != NULL && b != NULL && tmp != NULL && bn_wexpand(r, m->width); if (ok) { bn_mod_add_words(r->d, a->d, b->d, m->d, tmp->d, m->width); r->width = m->width; @@ -592,8 +588,7 @@ a = bn_resized_from_ctx(a, m->width, ctx); b = bn_resized_from_ctx(b, m->width, ctx); BIGNUM *tmp = bn_scratch_space_from_ctx(m->width, ctx); - int ok = a != NULL && b != NULL && tmp != NULL && - bn_wexpand(r, m->width); + int ok = a != NULL && b != NULL && tmp != NULL && bn_wexpand(r, m->width); if (ok) { bn_mod_sub_words(r->d, a->d, b->d, m->d, tmp->d, m->width); r->width = m->width; @@ -606,8 +601,7 @@ int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m) { BN_CTX *ctx = BN_CTX_new(); - int ok = ctx != NULL && - bn_mod_sub_consttime(r, a, b, m, ctx); + int ok = ctx != NULL && bn_mod_sub_consttime(r, a, b, m, ctx); BN_CTX_free(ctx); return ok; } @@ -678,8 +672,7 @@ int bn_mod_lshift_consttime(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx) { - if (!BN_copy(r, a) || - !bn_resize_words(r, m->width)) { + if (!BN_copy(r, a) || !bn_resize_words(r, m->width)) { return 0; } @@ -698,8 +691,7 @@ int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m) { BN_CTX *ctx = BN_CTX_new(); - int ok = ctx != NULL && - bn_mod_lshift_consttime(r, a, n, m, ctx); + int ok = ctx != NULL && bn_mod_lshift_consttime(r, a, n, m, ctx); BN_CTX_free(ctx); return ok; } @@ -719,8 +711,7 @@ int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m) { BN_CTX *ctx = BN_CTX_new(); - int ok = ctx != NULL && - bn_mod_lshift1_consttime(r, a, m, ctx); + int ok = ctx != NULL && bn_mod_lshift1_consttime(r, a, m, ctx); BN_CTX_free(ctx); return ok; } @@ -731,7 +722,7 @@ if (!w) { // actually this an error (division by zero) - return (BN_ULONG) - 1; + return (BN_ULONG)-1; } if (a->width == 0) { @@ -742,7 +733,7 @@ j = BN_BITS2 - BN_num_bits_word(w); w <<= j; if (!BN_lshift(a, a, j)) { - return (BN_ULONG) - 1; + return (BN_ULONG)-1; } for (i = a->width - 1; i >= 0; i--) { @@ -768,7 +759,7 @@ int i; if (w == 0) { - return (BN_ULONG) -1; + return (BN_ULONG)-1; } #ifndef BN_CAN_DIVIDE_ULLONG @@ -805,7 +796,7 @@ size_t num_words = 1 + ((e - 1) / BN_BITS2); // If |a| definitely has less than |e| bits, just BN_copy. - if ((size_t) a->width < num_words) { + if ((size_t)a->width < num_words) { return BN_copy(r, a) != NULL; } @@ -821,12 +812,12 @@ // If |e| isn't word-aligned, we have to mask off some of our bits. size_t top_word_exponent = e % (sizeof(BN_ULONG) * 8); if (top_word_exponent != 0) { - r->d[num_words - 1] &= (((BN_ULONG) 1) << top_word_exponent) - 1; + r->d[num_words - 1] &= (((BN_ULONG)1) << top_word_exponent) - 1; } // Fill in the remaining fields of |r|. r->neg = a->neg; - r->width = (int) num_words; + r->width = (int)num_words; bn_set_minimal_width(r); return 1; } @@ -853,7 +844,7 @@ // Set parameters of |r|. r->neg = 0; - r->width = (int) num_words; + r->width = (int)num_words; // Now, invert every word. The idea here is that we want to compute 2^e-|x|, // which is actually equivalent to the twos-complement representation of |x| @@ -865,7 +856,7 @@ // If our exponent doesn't span the top word, we have to mask the rest. size_t top_word_exponent = e % BN_BITS2; if (top_word_exponent != 0) { - r->d[r->width - 1] &= (((BN_ULONG) 1) << top_word_exponent) - 1; + r->d[r->width - 1] &= (((BN_ULONG)1) << top_word_exponent) - 1; } // Keep the minimal-width invariant for |BIGNUM|.
diff --git a/crypto/fipsmodule/bn/div_extra.c.inc b/crypto/fipsmodule/bn/div_extra.cc.inc similarity index 100% rename from crypto/fipsmodule/bn/div_extra.c.inc rename to crypto/fipsmodule/bn/div_extra.cc.inc
diff --git a/crypto/fipsmodule/bn/exponentiation.c.inc b/crypto/fipsmodule/bn/exponentiation.cc.inc similarity index 96% rename from crypto/fipsmodule/bn/exponentiation.c.inc rename to crypto/fipsmodule/bn/exponentiation.cc.inc index 9030aa8..13a8605 100644 --- a/crypto/fipsmodule/bn/exponentiation.c.inc +++ b/crypto/fipsmodule/bn/exponentiation.cc.inc
@@ -130,9 +130,9 @@ // WARNING: This function implements Almost Montgomery Multiplication from // https://eprint.iacr.org/2011/239. The inputs do not need to be fully reduced. // However, even if they are fully reduced, the output may not be. -static void bn_mul_mont_gather5( - BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *table, const BN_ULONG *np, - const BN_ULONG *n0, int num, int power) { +static void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap, + const BN_ULONG *table, const BN_ULONG *np, + const BN_ULONG *n0, int num, int power) { if (bn_mulx4x_mont_gather5_capable(num)) { bn_mulx4x_mont_gather5(rp, ap, table, np, n0, num, power); } else if (bn_mul4x_mont_gather5_capable(num)) { @@ -162,7 +162,7 @@ } } -#endif // defined(OPENSSL_BN_ASM_MONT5) +#endif // defined(OPENSSL_BN_ASM_MONT5) int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) { int i, bits, ret = 0; @@ -534,9 +534,9 @@ } } - start = 1; // This is used to avoid multiplication etc - // when there is only the value '1' in the - // buffer. + start = 1; // This is used to avoid multiplication etc + // when there is only the value '1' in the + // buffer. wstart = bits - 1; // The top bit of the window if (!BN_one(r)) { @@ -545,7 +545,7 @@ for (;;) { int wvalue; // The 'value' of the window - int wend; // The bottom bit of the window + int wend; // The bottom bit of the window if (!BN_is_bit_set(p, wstart)) { if (!start) { @@ -661,6 +661,7 @@ BN_CTX_start(ctx); BIGNUM *r = BN_CTX_get(ctx); val[0] = BN_CTX_get(ctx); + int window, r_is_one, wstart; if (r == NULL || val[0] == NULL) { goto err; } @@ -678,14 +679,13 @@ // precomputing powers of |a|. Windows may be shifted so they always end on a // set bit, so only precompute odd powers. We compute val[i] = a^(2*i + 1) // for i = 0 to 2^(window-1), all in Montgomery form. - int window = BN_window_bits_for_exponent_size(bits); + window = BN_window_bits_for_exponent_size(bits); if (!BN_to_montgomery(val[0], a, mont, ctx)) { goto err; } if (window > 1) { BIGNUM *d = BN_CTX_get(ctx); - if (d == NULL || - !BN_mod_mul_montgomery(d, val[0], val[0], mont, ctx)) { + if (d == NULL || !BN_mod_mul_montgomery(d, val[0], val[0], mont, ctx)) { goto err; } for (int i = 1; i < 1 << (window - 1); i++) { @@ -699,8 +699,8 @@ // |p| is non-zero, so at least one window is non-zero. To save some // multiplications, defer initializing |r| until then. - int r_is_one = 1; - int wstart = bits - 1; // The top bit of the window. + r_is_one = 1; + wstart = bits - 1; // The top bit of the window. for (;;) { if (!BN_is_bit_set(p, wstart)) { if (!r_is_one && !BN_mod_mul_montgomery(r, r, r, mont, ctx)) { @@ -930,7 +930,7 @@ int i, ret = 0, wvalue; BN_MONT_CTX *new_mont = NULL; - unsigned char *powerbuf_free = NULL; + void *powerbuf_free = NULL; size_t powerbuf_len = 0; BN_ULONG *powerbuf = NULL; @@ -963,6 +963,7 @@ } // Allocate a montgomery context if it was not supplied by the caller. + int top, num_powers, window; if (mont == NULL) { new_mont = BN_MONT_CTX_new_consttime(m, ctx); if (new_mont == NULL) { @@ -973,7 +974,7 @@ // Use the width in |mont->N|, rather than the copy in |m|. The assembly // implementation assumes it can use |top| to size R. - int top = mont->N.width; + top = mont->N.width; #if defined(OPENSSL_BN_ASM_MONT5) || defined(RSAZ_ENABLED) // Share one large stack-allocated buffer between the RSAZ and non-RSAZ code @@ -1001,7 +1002,7 @@ #endif // Get the window size to use with size of p. - int window = BN_window_bits_for_ctime_exponent_size(bits); + window = BN_window_bits_for_ctime_exponent_size(bits); assert(window <= BN_MAX_MOD_EXP_CTIME_WINDOW); // Calculating |powerbuf_len| below cannot overflow because of the bound on @@ -1022,7 +1023,7 @@ // Allocate a buffer large enough to hold all of the pre-computed // powers of |am|, |am| itself, and |tmp|. - int num_powers = 1 << window; + num_powers = 1 << window; powerbuf_len += sizeof(m->d[0]) * top * (num_powers + 2); #if defined(OPENSSL_BN_ASM_MONT5) @@ -1037,7 +1038,8 @@ if (powerbuf_free == NULL) { goto err; } - powerbuf = align_pointer(powerbuf_free, MOD_EXP_CTIME_ALIGN); + powerbuf = reinterpret_cast<BN_ULONG *>( + align_pointer(powerbuf_free, MOD_EXP_CTIME_ALIGN)); } OPENSSL_memset(powerbuf, 0, powerbuf_len); @@ -1050,16 +1052,14 @@ tmp.neg = am.neg = 0; tmp.flags = am.flags = BN_FLG_STATIC_DATA; - if (!bn_one_to_montgomery(&tmp, mont, ctx) || - !bn_resize_words(&tmp, top)) { + if (!bn_one_to_montgomery(&tmp, mont, ctx) || !bn_resize_words(&tmp, top)) { goto err; } // Prepare a^1 in the Montgomery domain. assert(!a->neg); declassify_assert(BN_ucmp(a, m) < 0); - if (!BN_to_montgomery(&am, a, mont, ctx) || - !bn_resize_words(&am, top)) { + if (!BN_to_montgomery(&am, a, mont, ctx) || !bn_resize_words(&am, top)) { goto err; }
diff --git a/crypto/fipsmodule/bn/gcd.c.inc b/crypto/fipsmodule/bn/gcd.cc.inc similarity index 98% rename from crypto/fipsmodule/bn/gcd.c.inc rename to crypto/fipsmodule/bn/gcd.cc.inc index 7aa0043..ecf8244 100644 --- a/crypto/fipsmodule/bn/gcd.c.inc +++ b/crypto/fipsmodule/bn/gcd.cc.inc
@@ -136,12 +136,11 @@ B = BN_CTX_get(ctx); X = BN_CTX_get(ctx); Y = BN_CTX_get(ctx); + BIGNUM *R = out; if (Y == NULL) { goto err; } - BIGNUM *R = out; - BN_zero(Y); if (!BN_one(X) || BN_copy(B, a) == NULL || BN_copy(A, n) == NULL) { goto err; @@ -376,8 +375,7 @@ BN_CTX *ctx, const BN_MONT_CTX *mont_p) { BN_CTX_start(ctx); BIGNUM *p_minus_2 = BN_CTX_get(ctx); - int ok = p_minus_2 != NULL && - BN_copy(p_minus_2, p) && + int ok = p_minus_2 != NULL && BN_copy(p_minus_2, p) && BN_sub_word(p_minus_2, 2) && BN_mod_exp_mont(out, a, p_minus_2, p, ctx, mont_p); BN_CTX_end(ctx); @@ -388,8 +386,7 @@ BN_CTX *ctx, const BN_MONT_CTX *mont_p) { BN_CTX_start(ctx); BIGNUM *p_minus_2 = BN_CTX_get(ctx); - int ok = p_minus_2 != NULL && - BN_copy(p_minus_2, p) && + int ok = p_minus_2 != NULL && BN_copy(p_minus_2, p) && BN_sub_word(p_minus_2, 2) && BN_mod_exp_mont_consttime(out, a, p_minus_2, p, ctx, mont_p); BN_CTX_end(ctx);
diff --git a/crypto/fipsmodule/bn/gcd_extra.c.inc b/crypto/fipsmodule/bn/gcd_extra.cc.inc similarity index 89% rename from crypto/fipsmodule/bn/gcd_extra.c.inc rename to crypto/fipsmodule/bn/gcd_extra.cc.inc index 531ff59..0830bdf 100644 --- a/crypto/fipsmodule/bn/gcd_extra.c.inc +++ b/crypto/fipsmodule/bn/gcd_extra.cc.inc
@@ -35,7 +35,7 @@ maybe_rshift1_words(a, mask, tmp, num); if (num != 0) { carry &= mask; - a[num - 1] |= carry << (BN_BITS2-1); + a[num - 1] |= carry << (BN_BITS2 - 1); } } @@ -61,25 +61,27 @@ BIGNUM *u = BN_CTX_get(ctx); BIGNUM *v = BN_CTX_get(ctx); BIGNUM *tmp = BN_CTX_get(ctx); - if (u == NULL || v == NULL || tmp == NULL || - !BN_copy(u, x) || - !BN_copy(v, y) || - !bn_resize_words(u, width) || - !bn_resize_words(v, width) || + unsigned x_bits, y_bits, num_iters, shift; + if (u == NULL || v == NULL || tmp == NULL || // + !BN_copy(u, x) || // + !BN_copy(v, y) || // + !bn_resize_words(u, width) || // + !bn_resize_words(v, width) || // !bn_resize_words(tmp, width)) { goto err; } // Each loop iteration halves at least one of |u| and |v|. Thus we need at // most the combined bit width of inputs for at least one value to be zero. - unsigned x_bits = x->width * BN_BITS2, y_bits = y->width * BN_BITS2; - unsigned num_iters = x_bits + y_bits; + x_bits = x->width * BN_BITS2; + y_bits = y->width * BN_BITS2; + num_iters = x_bits + y_bits; if (num_iters < x_bits) { OPENSSL_PUT_ERROR(BN, BN_R_BIGNUM_TOO_LONG); goto err; } - unsigned shift = 0; + shift = 0; for (unsigned i = 0; i < num_iters; i++) { BN_ULONG both_odd = word_is_odd_mask(u->d[0]) & word_is_odd_mask(v->d[0]); @@ -121,8 +123,7 @@ int BN_gcd(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) { unsigned shift; - return bn_gcd_consttime(r, &shift, x, y, ctx) && - BN_lshift(r, r, shift); + return bn_gcd_consttime(r, &shift, x, y, ctx) && BN_lshift(r, r, shift); } int bn_is_relatively_prime(int *out_relatively_prime, const BIGNUM *x, @@ -131,8 +132,7 @@ BN_CTX_start(ctx); unsigned shift; BIGNUM *gcd = BN_CTX_get(ctx); - if (gcd == NULL || - !bn_gcd_consttime(gcd, &shift, x, y, ctx)) { + if (gcd == NULL || !bn_gcd_consttime(gcd, &shift, x, y, ctx)) { goto err; } @@ -217,23 +217,30 @@ BIGNUM *D = BN_CTX_get(ctx); BIGNUM *tmp = BN_CTX_get(ctx); BIGNUM *tmp2 = BN_CTX_get(ctx); - if (u == NULL || v == NULL || A == NULL || B == NULL || C == NULL || - D == NULL || tmp == NULL || tmp2 == NULL || - !BN_copy(u, a) || - !BN_copy(v, n) || - !BN_one(A) || + size_t a_bits, num_iters, n_bits; + if (u == NULL || // + v == NULL || // + A == NULL || // + B == NULL || // + C == NULL || // + D == NULL || // + tmp == NULL || // + tmp2 == NULL || // + !BN_copy(u, a) || // + !BN_copy(v, n) || // + !BN_one(A) || // !BN_one(D) || // For convenience, size |u| and |v| equivalently. - !bn_resize_words(u, n_width) || + !bn_resize_words(u, n_width) || // !bn_resize_words(v, n_width) || // |A| and |C| are bounded by |m|. - !bn_resize_words(A, n_width) || + !bn_resize_words(A, n_width) || // !bn_resize_words(C, n_width) || // |B| and |D| are bounded by |a|. - !bn_resize_words(B, a_width) || + !bn_resize_words(B, a_width) || // !bn_resize_words(D, a_width) || // |tmp| and |tmp2| may be used at either size. - !bn_resize_words(tmp, n_width) || + !bn_resize_words(tmp, n_width) || // !bn_resize_words(tmp2, n_width)) { goto err; } @@ -242,8 +249,9 @@ // most the combined bit width of inputs for at least one value to be zero. // |a_bits| and |n_bits| cannot overflow because |bn_wexpand| ensures bit // counts fit in even |int|. - size_t a_bits = a_width * BN_BITS2, n_bits = n_width * BN_BITS2; - size_t num_iters = a_bits + n_bits; + a_bits = a_width * BN_BITS2; + n_bits = n_width * BN_BITS2; + num_iters = a_bits + n_bits; if (num_iters < a_bits) { OPENSSL_PUT_ERROR(BN, BN_R_BIGNUM_TOO_LONG); goto err;
diff --git a/crypto/fipsmodule/bn/generic.c.inc b/crypto/fipsmodule/bn/generic.cc.inc similarity index 100% rename from crypto/fipsmodule/bn/generic.c.inc rename to crypto/fipsmodule/bn/generic.cc.inc
diff --git a/crypto/fipsmodule/bn/jacobi.c.inc b/crypto/fipsmodule/bn/jacobi.cc.inc similarity index 100% rename from crypto/fipsmodule/bn/jacobi.c.inc rename to crypto/fipsmodule/bn/jacobi.cc.inc
diff --git a/crypto/fipsmodule/bn/montgomery.c.inc b/crypto/fipsmodule/bn/montgomery.cc.inc similarity index 96% rename from crypto/fipsmodule/bn/montgomery.c.inc rename to crypto/fipsmodule/bn/montgomery.cc.inc index cf483b0..eda57f3 100644 --- a/crypto/fipsmodule/bn/montgomery.c.inc +++ b/crypto/fipsmodule/bn/montgomery.cc.inc
@@ -117,8 +117,8 @@ #include <openssl/mem.h> #include <openssl/thread.h> -#include "internal.h" #include "../../internal.h" +#include "internal.h" void bn_mont_ctx_init(BN_MONT_CTX *mont) { @@ -133,7 +133,8 @@ } BN_MONT_CTX *BN_MONT_CTX_new(void) { - BN_MONT_CTX *ret = OPENSSL_malloc(sizeof(BN_MONT_CTX)); + BN_MONT_CTX *ret = + reinterpret_cast<BN_MONT_CTX *>(OPENSSL_malloc(sizeof(BN_MONT_CTX))); if (ret == NULL) { return NULL; } @@ -156,8 +157,7 @@ return to; } - if (!BN_copy(&to->RR, &from->RR) || - !BN_copy(&to->N, &from->N)) { + if (!BN_copy(&to->RR, &from->RR) || !BN_copy(&to->N, &from->N)) { return NULL; } to->n0[0] = from->n0[0]; @@ -243,8 +243,7 @@ BN_MONT_CTX *BN_MONT_CTX_new_for_modulus(const BIGNUM *mod, BN_CTX *ctx) { BN_MONT_CTX *mont = BN_MONT_CTX_new(); - if (mont == NULL || - !BN_MONT_CTX_set(mont, mod, ctx)) { + if (mont == NULL || !BN_MONT_CTX_set(mont, mod, ctx)) { BN_MONT_CTX_free(mont); return NULL; } @@ -253,8 +252,7 @@ BN_MONT_CTX *BN_MONT_CTX_new_consttime(const BIGNUM *mod, BN_CTX *ctx) { BN_MONT_CTX *mont = BN_MONT_CTX_new(); - if (mont == NULL || - !bn_mont_ctx_set_N_and_n0(mont, mod) || + if (mont == NULL || !bn_mont_ctx_set_N_and_n0(mont, mod) || !bn_mont_ctx_set_RR_consttime(mont, ctx)) { BN_MONT_CTX_free(mont); return NULL; @@ -331,8 +329,7 @@ } int max = 2 * n->width; // carry is stored separately - if (!bn_resize_words(r, max) || - !bn_wexpand(ret, n->width)) { + if (!bn_resize_words(r, max) || !bn_wexpand(ret, n->width)) { return 0; } @@ -348,8 +345,7 @@ BN_CTX_start(ctx); t = BN_CTX_get(ctx); - if (t == NULL || - !BN_copy(t, a)) { + if (t == NULL || !BN_copy(t, a)) { goto err; } @@ -425,9 +421,7 @@ #if defined(OPENSSL_BN_ASM_MONT) // |bn_mul_mont| requires at least 128 bits of limbs, at least for x86. int num = mont->N.width; - if (num >= (128 / BN_BITS2) && - a->width == num && - b->width == num) { + if (num >= (128 / BN_BITS2) && a->width == num && b->width == num) { if (!bn_wexpand(r, num)) { return 0; } @@ -450,8 +444,7 @@ } int bn_less_than_montgomery_R(const BIGNUM *bn, const BN_MONT_CTX *mont) { - return !BN_is_negative(bn) && - bn_fits_in_words(bn, mont->N.width); + return !BN_is_negative(bn) && bn_fits_in_words(bn, mont->N.width); } void bn_to_montgomery_small(BN_ULONG *r, const BN_ULONG *a, size_t num,
diff --git a/crypto/fipsmodule/bn/montgomery_inv.c.inc b/crypto/fipsmodule/bn/montgomery_inv.cc.inc similarity index 100% rename from crypto/fipsmodule/bn/montgomery_inv.c.inc rename to crypto/fipsmodule/bn/montgomery_inv.cc.inc
diff --git a/crypto/fipsmodule/bn/mul.c.inc b/crypto/fipsmodule/bn/mul.cc.inc similarity index 97% rename from crypto/fipsmodule/bn/mul.c.inc rename to crypto/fipsmodule/bn/mul.cc.inc index 07612c5..6e1a0fe 100644 --- a/crypto/fipsmodule/bn/mul.c.inc +++ b/crypto/fipsmodule/bn/mul.cc.inc
@@ -63,8 +63,8 @@ #include <openssl/err.h> #include <openssl/mem.h> -#include "internal.h" #include "../../internal.h" +#include "internal.h" #define BN_MUL_RECURSIVE_SIZE_NORMAL 16 @@ -181,9 +181,7 @@ int r_len = a->width < b->width ? b->width : a->width; BN_CTX_start(ctx); BIGNUM *tmp = BN_CTX_get(ctx); - int ok = tmp != NULL && - bn_wexpand(r, r_len) && - bn_wexpand(tmp, r_len); + int ok = tmp != NULL && bn_wexpand(r, r_len) && bn_wexpand(tmp, r_len); if (ok) { bn_abs_sub_part_words(r->d, a->d, b->d, cl, dl, tmp->d); r->width = r_len; @@ -208,8 +206,8 @@ // |n2| is a power of two. assert(n2 != 0 && (n2 & (n2 - 1)) == 0); // Check |dna| and |dnb| are in range. - assert(-BN_MUL_RECURSIVE_SIZE_NORMAL/2 <= dna && dna <= 0); - assert(-BN_MUL_RECURSIVE_SIZE_NORMAL/2 <= dnb && dnb <= 0); + assert(-BN_MUL_RECURSIVE_SIZE_NORMAL / 2 <= dna && dna <= 0); + assert(-BN_MUL_RECURSIVE_SIZE_NORMAL / 2 <= dnb && dnb <= 0); // Only call bn_mul_comba 8 if n2 == 8 and the // two arrays are complete [steve] @@ -421,7 +419,7 @@ return 1; } - int ret = 0; + int ret = 0, i, top; BIGNUM *rr; BN_CTX_start(ctx); if (r == a || r == b) { @@ -434,7 +432,7 @@ } rr->neg = a->neg ^ b->neg; - int i = al - bl; + i = al - bl; if (i == 0) { if (al == 8) { if (!bn_wexpand(rr, 16)) { @@ -446,7 +444,7 @@ } } - int top = al + bl; + top = al + bl; static const int kMulNormalSize = 16; if (al >= kMulNormalSize && bl >= kMulNormalSize) { if (-1 <= i && i <= 1) { @@ -471,8 +469,7 @@ // algorithms. Is this optimization necessary? See notes in // https://boringssl-review.googlesource.com/q/I0bd604e2cd6a75c266f64476c23a730ca1721ea6 assert(al >= j && bl >= j); - if (!bn_wexpand(t, j * 8) || - !bn_wexpand(rr, j * 4)) { + if (!bn_wexpand(t, j * 8) || !bn_wexpand(rr, j * 4)) { goto err; } bn_mul_part_recursive(rr->d, a->d, b->d, j, al - j, bl - j, t->d); @@ -480,8 +477,7 @@ // al <= j && bl <= j. Additionally, we know j <= al or j <= bl, so one // of al - j or bl - j is zero. The other, by the bound on |i| above, is // zero or -1. Thus, we can use |bn_mul_recursive|. - if (!bn_wexpand(t, j * 4) || - !bn_wexpand(rr, j * 2)) { + if (!bn_wexpand(t, j * 4) || !bn_wexpand(rr, j * 2)) { goto err; } bn_mul_recursive(rr->d, a->d, b->d, j, al - j, bl - j, t->d); @@ -669,7 +665,7 @@ return 1; } - int ret = 0; + int ret = 0, max; BN_CTX_start(ctx); BIGNUM *rr = (a != r) ? r : BN_CTX_get(ctx); BIGNUM *tmp = BN_CTX_get(ctx); @@ -677,7 +673,7 @@ goto err; } - int max = 2 * al; // Non-zero (from above) + max = 2 * al; // Non-zero (from above) if (!bn_wexpand(rr, max)) { goto err; }
diff --git a/crypto/fipsmodule/bn/prime.c.inc b/crypto/fipsmodule/bn/prime.cc.inc similarity index 97% rename from crypto/fipsmodule/bn/prime.c.inc rename to crypto/fipsmodule/bn/prime.cc.inc index 4722f80..ae4b004 100644 --- a/crypto/fipsmodule/bn/prime.c.inc +++ b/crypto/fipsmodule/bn/prime.cc.inc
@@ -111,8 +111,8 @@ #include <openssl/err.h> #include <openssl/mem.h> -#include "internal.h" #include "../../internal.h" +#include "internal.h" // kPrimes contains the first 1024 primes. @@ -359,13 +359,14 @@ static int probable_prime_dh_safe(BIGNUM *rnd, int bits, const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); -BN_GENCB *BN_GENCB_new(void) { return OPENSSL_zalloc(sizeof(BN_GENCB)); } +BN_GENCB *BN_GENCB_new(void) { + return reinterpret_cast<BN_GENCB *>(OPENSSL_zalloc(sizeof(BN_GENCB))); +} void BN_GENCB_free(BN_GENCB *callback) { OPENSSL_free(callback); } void BN_GENCB_set(BN_GENCB *callback, - int (*f)(int event, int n, struct bn_gencb_st *), - void *arg) { + int (*f)(int event, int n, struct bn_gencb_st *), void *arg) { callback->callback = f; callback->arg = arg; } @@ -513,9 +514,9 @@ miller_rabin->m = BN_CTX_get(ctx); miller_rabin->one_mont = BN_CTX_get(ctx); miller_rabin->w1_mont = BN_CTX_get(ctx); - if (miller_rabin->w1 == NULL || - miller_rabin->m == NULL || - miller_rabin->one_mont == NULL || + if (miller_rabin->w1 == NULL || // + miller_rabin->m == NULL || // + miller_rabin->one_mont == NULL || // miller_rabin->w1_mont == NULL) { return 0; } @@ -553,6 +554,7 @@ // timing leaks. const BIGNUM *w = &mont->N; BIGNUM *z = BN_CTX_get(ctx); + crypto_word_t is_possibly_prime; if (z == NULL || !BN_mod_exp_mont_consttime(z, b, miller_rabin->m, w, ctx, mont) || !BN_to_montgomery(z, z, mont, ctx)) { @@ -563,7 +565,7 @@ // witness for |w|. This is equivalent to going to step 4.7 in the original // algorithm. To avoid timing leaks, we run the algorithm to the end for prime // inputs. - crypto_word_t is_possibly_prime = 0; + is_possibly_prime = 0; // Step 4.4. If z = 1 or z = w-1, b is not a composite witness and w is still // possibly prime. @@ -705,6 +707,7 @@ BIGNUM *b = BN_CTX_get(ctx); BN_MONT_CTX *mont = BN_MONT_CTX_new_consttime(w, ctx); BN_MILLER_RABIN miller_rabin; + crypto_word_t uniform_iterations = 0; if (b == NULL || mont == NULL || // Steps 1-3. !bn_miller_rabin_init(&miller_rabin, mont, ctx)) { @@ -739,7 +742,6 @@ // Note this blinding does not impact most calls when picking primes because // composites are rejected early. Only the two secret primes see extra work. - crypto_word_t uniform_iterations = 0; // Using |constant_time_lt_w| seems to prevent the compiler from optimizing // this into two jumps. for (int i = 1; constant_time_declassify_w( @@ -749,7 +751,7 @@ // Step 4.1-4.2 int is_uniform; if (!bn_rand_secret_range(b, &is_uniform, 2, miller_rabin.w1)) { - goto err; + goto err; } uniform_iterations += is_uniform; @@ -818,33 +820,28 @@ BN_CTX_start(ctx); BIGNUM *w1 = BN_CTX_get(ctx); - if (w1 == NULL || - !BN_copy(w1, w) || - !BN_sub_word(w1, 1)) { + BIGNUM *b, *g, *z, *x, *x1, *m; + int a; + if (w1 == NULL || !BN_copy(w1, w) || !BN_sub_word(w1, 1)) { goto err; } // Write w1 as m*2^a (Steps 1 and 2). - int a = 0; + a = 0; while (!BN_is_bit_set(w1, a)) { a++; } - BIGNUM *m = BN_CTX_get(ctx); - if (m == NULL || - !BN_rshift(m, w1, a)) { + m = BN_CTX_get(ctx); + if (m == NULL || !BN_rshift(m, w1, a)) { goto err; } - BIGNUM *b = BN_CTX_get(ctx); - BIGNUM *g = BN_CTX_get(ctx); - BIGNUM *z = BN_CTX_get(ctx); - BIGNUM *x = BN_CTX_get(ctx); - BIGNUM *x1 = BN_CTX_get(ctx); - if (b == NULL || - g == NULL || - z == NULL || - x == NULL || - x1 == NULL) { + b = BN_CTX_get(ctx); + g = BN_CTX_get(ctx); + z = BN_CTX_get(ctx); + x = BN_CTX_get(ctx); + x1 = BN_CTX_get(ctx); + if (b == NULL || g == NULL || z == NULL || x == NULL || x1 == NULL) { goto err; } @@ -905,11 +902,9 @@ goto err; } - composite: + composite: // Step 4.12-4.14 - if (!BN_copy(x1, x) || - !BN_sub_word(x1, 1) || - !BN_gcd(g, x1, w, ctx)) { + if (!BN_copy(x1, x) || !BN_sub_word(x1, 1) || !BN_gcd(g, x1, w, ctx)) { goto err; } if (BN_cmp_word(g, 1) > 0) { @@ -921,7 +916,7 @@ ret = 1; goto err; - loop: + loop: // Step 4.15 if (!BN_GENCB_call(cb, BN_GENCB_PRIME_TEST, i - 1)) { goto err; @@ -953,6 +948,7 @@ BIGNUM *t1; BN_CTX_start(ctx); + size_t num_primes; if ((t1 = BN_CTX_get(ctx)) == NULL) { goto err; } @@ -980,7 +976,7 @@ } // we now have a random number 'rand' to test. - const size_t num_primes = num_trial_division_primes(rnd); + num_primes = num_trial_division_primes(rnd); loop: for (size_t i = 1; i < num_primes; i++) { // check that rnd is a prime @@ -1009,6 +1005,7 @@ t1 = BN_CTX_get(ctx); q = BN_CTX_get(ctx); qadd = BN_CTX_get(ctx); + size_t num_primes; if (qadd == NULL) { goto err; } @@ -1051,7 +1048,7 @@ goto err; } - const size_t num_primes = num_trial_division_primes(p); + num_primes = num_trial_division_primes(p); loop: for (size_t i = 1; i < num_primes; i++) { // check that p and q are prime
diff --git a/crypto/fipsmodule/bn/random.c.inc b/crypto/fipsmodule/bn/random.cc.inc similarity index 100% rename from crypto/fipsmodule/bn/random.c.inc rename to crypto/fipsmodule/bn/random.cc.inc
diff --git a/crypto/fipsmodule/bn/rsaz_exp.c.inc b/crypto/fipsmodule/bn/rsaz_exp.cc.inc similarity index 100% rename from crypto/fipsmodule/bn/rsaz_exp.c.inc rename to crypto/fipsmodule/bn/rsaz_exp.cc.inc
diff --git a/crypto/fipsmodule/bn/shift.c.inc b/crypto/fipsmodule/bn/shift.cc.inc similarity index 98% rename from crypto/fipsmodule/bn/shift.c.inc rename to crypto/fipsmodule/bn/shift.cc.inc index 6960e57..fe277d9 100644 --- a/crypto/fipsmodule/bn/shift.c.inc +++ b/crypto/fipsmodule/bn/shift.cc.inc
@@ -174,14 +174,13 @@ int ret = 0; BN_CTX_start(ctx); BIGNUM *tmp = BN_CTX_get(ctx); - if (tmp == NULL || - !BN_copy(r, a) || - !bn_wexpand(tmp, r->width)) { + unsigned max_bits; + if (tmp == NULL || !BN_copy(r, a) || !bn_wexpand(tmp, r->width)) { goto err; } // Shift conditionally by powers of two. - unsigned max_bits = BN_BITS2 * r->width; + max_bits = BN_BITS2 * r->width; for (unsigned i = 0; (max_bits >> i) != 0; i++) { BN_ULONG mask = (n >> i) & 1; mask = 0 - mask;
diff --git a/crypto/fipsmodule/bn/sqrt.c.inc b/crypto/fipsmodule/bn/sqrt.cc.inc similarity index 100% rename from crypto/fipsmodule/bn/sqrt.c.inc rename to crypto/fipsmodule/bn/sqrt.cc.inc
diff --git a/crypto/fipsmodule/cipher/aead.c.inc b/crypto/fipsmodule/cipher/aead.cc.inc similarity index 92% rename from crypto/fipsmodule/cipher/aead.c.inc rename to crypto/fipsmodule/cipher/aead.cc.inc index 4a578d3..bbe3e48 100644 --- a/crypto/fipsmodule/cipher/aead.c.inc +++ b/crypto/fipsmodule/cipher/aead.cc.inc
@@ -21,8 +21,8 @@ #include <openssl/err.h> #include <openssl/mem.h> -#include "internal.h" #include "../../internal.h" +#include "internal.h" size_t EVP_AEAD_key_length(const EVP_AEAD *aead) { return aead->key_len; } @@ -39,7 +39,11 @@ EVP_AEAD_CTX *EVP_AEAD_CTX_new(const EVP_AEAD *aead, const uint8_t *key, size_t key_len, size_t tag_len) { - EVP_AEAD_CTX *ctx = OPENSSL_malloc(sizeof(EVP_AEAD_CTX)); + EVP_AEAD_CTX *ctx = + reinterpret_cast<EVP_AEAD_CTX *>(OPENSSL_malloc(sizeof(EVP_AEAD_CTX))); + if (!ctx) { + return NULL; + } EVP_AEAD_CTX_zero(ctx); if (EVP_AEAD_CTX_init(ctx, aead, key, key_len, tag_len, NULL)) { @@ -150,11 +154,13 @@ return 0; } -int EVP_AEAD_CTX_seal_scatter( - const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag, size_t - *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce, size_t - nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in, - size_t extra_in_len, const uint8_t *ad, size_t ad_len) { +int EVP_AEAD_CTX_seal_scatter(const EVP_AEAD_CTX *ctx, uint8_t *out, + uint8_t *out_tag, size_t *out_tag_len, + size_t max_out_tag_len, const uint8_t *nonce, + size_t nonce_len, const uint8_t *in, + size_t in_len, const uint8_t *extra_in, + size_t extra_in_len, const uint8_t *ad, + size_t ad_len) { // |in| and |out| may alias exactly, |out_tag| may not alias. if (!check_alias(in, in_len, out, in_len) || buffers_alias(out, in_len, out_tag, max_out_tag_len) || @@ -187,6 +193,7 @@ size_t max_out_len, const uint8_t *nonce, size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *ad, size_t ad_len) { + size_t plaintext_len; if (!check_alias(in, in_len, out, max_out_len)) { OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_OUTPUT_ALIASES_INPUT); goto error; @@ -194,7 +201,7 @@ if (ctx->aead->open) { if (!ctx->aead->open(ctx, out, out_len, max_out_len, nonce, nonce_len, in, - in_len, ad, ad_len)) { + in_len, ad, ad_len)) { goto error; } return 1; @@ -209,7 +216,7 @@ goto error; } - size_t plaintext_len = in_len - ctx->tag_len; + plaintext_len = in_len - ctx->tag_len; if (max_out_len < plaintext_len) { OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_BUFFER_TOO_SMALL); goto error;
diff --git a/crypto/fipsmodule/cipher/cipher.c.inc b/crypto/fipsmodule/cipher/cipher.cc.inc similarity index 98% rename from crypto/fipsmodule/cipher/cipher.c.inc rename to crypto/fipsmodule/cipher/cipher.cc.inc index 7ce3c20..c43d920 100644 --- a/crypto/fipsmodule/cipher/cipher.c.inc +++ b/crypto/fipsmodule/cipher/cipher.cc.inc
@@ -64,9 +64,9 @@ #include <openssl/mem.h> #include <openssl/nid.h> -#include "internal.h" -#include "../service_indicator/internal.h" #include "../../internal.h" +#include "../service_indicator/internal.h" +#include "internal.h" void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) { @@ -74,7 +74,8 @@ } EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) { - EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof(EVP_CIPHER_CTX)); + EVP_CIPHER_CTX *ctx = reinterpret_cast<EVP_CIPHER_CTX *>( + OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))); if (ctx) { EVP_CIPHER_CTX_init(ctx); } @@ -568,9 +569,7 @@ return ctx->cipher; } -int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) { - return ctx->cipher->nid; -} +int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) { return ctx->cipher->nid; } int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx) { return ctx->encrypt; @@ -710,8 +709,6 @@ return EVP_DecryptFinal_ex(ctx, out, out_len); } -int EVP_add_cipher_alias(const char *a, const char *b) { - return 1; -} +int EVP_add_cipher_alias(const char *a, const char *b) { return 1; } void EVP_CIPHER_CTX_set_flags(const EVP_CIPHER_CTX *ctx, uint32_t flags) {}
diff --git a/crypto/fipsmodule/cipher/e_aes.c.inc b/crypto/fipsmodule/cipher/e_aes.cc.inc similarity index 93% rename from crypto/fipsmodule/cipher/e_aes.c.inc rename to crypto/fipsmodule/cipher/e_aes.cc.inc index ab05e43..9774268 100644 --- a/crypto/fipsmodule/cipher/e_aes.c.inc +++ b/crypto/fipsmodule/cipher/e_aes.cc.inc
@@ -57,17 +57,17 @@ #include <openssl/mem.h> #include <openssl/nid.h> -#include "internal.h" #include "../../internal.h" #include "../aes/internal.h" #include "../bcm_interface.h" +#include "../delocate.h" #include "../modes/internal.h" #include "../service_indicator/internal.h" -#include "../delocate.h" +#include "internal.h" OPENSSL_MSVC_PRAGMA(warning(push)) -OPENSSL_MSVC_PRAGMA(warning(disable: 4702)) // Unreachable code. +OPENSSL_MSVC_PRAGMA(warning(disable : 4702)) // Unreachable code. #define AES_GCM_NONCE_LENGTH 12 @@ -131,9 +131,9 @@ int key_set; // Set if key initialised int iv_set; // Set if an iv is set uint8_t *iv; // Temporary IV store - int ivlen; // IV length + int ivlen; // IV length int taglen; - int iv_gen; // It is OK to generate IVs + int iv_gen; // It is OK to generate IVs ctr128_f ctr; } EVP_AES_GCM_CTX; @@ -332,7 +332,7 @@ } #if defined(OPENSSL_32_BIT) -#define EVP_AES_GCM_CTX_PADDING (4+8) +#define EVP_AES_GCM_CTX_PADDING (4 + 8) #else #define EVP_AES_GCM_CTX_PADDING 8 #endif @@ -347,7 +347,7 @@ assert(ctx->cipher->ctx_size == sizeof(EVP_AES_GCM_CTX) + EVP_AES_GCM_CTX_PADDING); - char *ptr = ctx->cipher_data; + char *ptr = reinterpret_cast<char *>(ctx->cipher_data); #if defined(OPENSSL_32_BIT) assert((uintptr_t)ptr % 4 == 0); ptr += (uintptr_t)ptr & 4; @@ -430,7 +430,7 @@ if (gctx->iv != c->iv) { OPENSSL_free(gctx->iv); } - gctx->iv = OPENSSL_malloc(arg); + gctx->iv = reinterpret_cast<uint8_t *>(OPENSSL_malloc(arg)); if (!gctx->iv) { return 0; } @@ -508,7 +508,7 @@ return 1; case EVP_CTRL_COPY: { - EVP_CIPHER_CTX *out = ptr; + EVP_CIPHER_CTX *out = reinterpret_cast<EVP_CIPHER_CTX *>(ptr); EVP_AES_GCM_CTX *gctx_out = aes_gcm_from_cipher_ctx(out); // |EVP_CIPHER_CTX_copy| copies this generically, but we must redo it in // case |out->cipher_data| and |in->cipher_data| are differently aligned. @@ -516,7 +516,8 @@ if (gctx->iv == c->iv) { gctx_out->iv = out->iv; } else { - gctx_out->iv = OPENSSL_memdup(gctx->iv, gctx->ivlen); + gctx_out->iv = + reinterpret_cast<uint8_t *>(OPENSSL_memdup(gctx->iv, gctx->ivlen)); if (!gctx_out->iv) { return 0; } @@ -809,7 +810,9 @@ return 1; } - aes_hw_ecb_encrypt(in, out, len, ctx->cipher_data, ctx->encrypt); + aes_hw_ecb_encrypt(in, out, len, + reinterpret_cast<const AES_KEY *>(ctx->cipher_data), + ctx->encrypt); return 1; } @@ -927,7 +930,7 @@ static int aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, size_t requested_tag_len) { - struct aead_aes_gcm_ctx *gcm_ctx = (struct aead_aes_gcm_ctx *) &ctx->state; + struct aead_aes_gcm_ctx *gcm_ctx = (struct aead_aes_gcm_ctx *)&ctx->state; size_t actual_tag_len; if (!aead_aes_gcm_init_impl(gcm_ctx, &actual_tag_len, key, key_len, @@ -942,13 +945,10 @@ static void aead_aes_gcm_cleanup(EVP_AEAD_CTX *ctx) {} static int aead_aes_gcm_seal_scatter_impl( - const struct aead_aes_gcm_ctx *gcm_ctx, - uint8_t *out, uint8_t *out_tag, size_t *out_tag_len, size_t max_out_tag_len, - const uint8_t *nonce, size_t nonce_len, - const uint8_t *in, size_t in_len, - const uint8_t *extra_in, size_t extra_in_len, - const uint8_t *ad, size_t ad_len, - size_t tag_len) { + const struct aead_aes_gcm_ctx *gcm_ctx, uint8_t *out, uint8_t *out_tag, + size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce, + size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in, + size_t extra_in_len, const uint8_t *ad, size_t ad_len, size_t tag_len) { if (extra_in_len + tag_len < tag_len) { OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_TOO_LARGE); return 0; @@ -1003,14 +1003,11 @@ return 1; } -static int aead_aes_gcm_seal_scatter(const EVP_AEAD_CTX *ctx, uint8_t *out, - uint8_t *out_tag, size_t *out_tag_len, - size_t max_out_tag_len, - const uint8_t *nonce, size_t nonce_len, - const uint8_t *in, size_t in_len, - const uint8_t *extra_in, - size_t extra_in_len, - const uint8_t *ad, size_t ad_len) { +static int aead_aes_gcm_seal_scatter( + const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag, + size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *nonce, + size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in, + size_t extra_in_len, const uint8_t *ad, size_t ad_len) { const struct aead_aes_gcm_ctx *gcm_ctx = (const struct aead_aes_gcm_ctx *)&ctx->state; return aead_aes_gcm_seal_scatter_impl( @@ -1019,13 +1016,11 @@ } static int aead_aes_gcm_open_gather_impl(const struct aead_aes_gcm_ctx *gcm_ctx, - uint8_t *out, - const uint8_t *nonce, size_t nonce_len, - const uint8_t *in, size_t in_len, - const uint8_t *in_tag, - size_t in_tag_len, - const uint8_t *ad, size_t ad_len, - size_t tag_len) { + uint8_t *out, const uint8_t *nonce, + size_t nonce_len, const uint8_t *in, + size_t in_len, const uint8_t *in_tag, + size_t in_tag_len, const uint8_t *ad, + size_t ad_len, size_t tag_len) { uint8_t tag[EVP_AEAD_AES_GCM_TAG_LEN]; if (nonce_len == 0) { @@ -1150,12 +1145,11 @@ } static int aead_aes_gcm_seal_scatter_randnonce( - const EVP_AEAD_CTX *ctx, - uint8_t *out, uint8_t *out_tag, size_t *out_tag_len, size_t max_out_tag_len, - const uint8_t *external_nonce, size_t external_nonce_len, - const uint8_t *in, size_t in_len, - const uint8_t *extra_in, size_t extra_in_len, - const uint8_t *ad, size_t ad_len) { + const EVP_AEAD_CTX *ctx, uint8_t *out, uint8_t *out_tag, + size_t *out_tag_len, size_t max_out_tag_len, const uint8_t *external_nonce, + size_t external_nonce_len, const uint8_t *in, size_t in_len, + const uint8_t *extra_in, size_t extra_in_len, const uint8_t *ad, + size_t ad_len) { if (external_nonce_len != 0) { OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_NONCE_SIZE); return 0; @@ -1193,11 +1187,10 @@ } static int aead_aes_gcm_open_gather_randnonce( - const EVP_AEAD_CTX *ctx, uint8_t *out, - const uint8_t *external_nonce, size_t external_nonce_len, - const uint8_t *in, size_t in_len, - const uint8_t *in_tag, size_t in_tag_len, - const uint8_t *ad, size_t ad_len) { + const EVP_AEAD_CTX *ctx, uint8_t *out, const uint8_t *external_nonce, + size_t external_nonce_len, const uint8_t *in, size_t in_len, + const uint8_t *in_tag, size_t in_tag_len, const uint8_t *ad, + size_t ad_len) { if (external_nonce_len != 0) { OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_NONCE_SIZE); return 0; @@ -1212,9 +1205,9 @@ const struct aead_aes_gcm_ctx *gcm_ctx = (const struct aead_aes_gcm_ctx *)&ctx->state; if (!aead_aes_gcm_open_gather_impl( - gcm_ctx, out, nonce, AES_GCM_NONCE_LENGTH, in, in_len, in_tag, - in_tag_len - AES_GCM_NONCE_LENGTH, ad, ad_len, - ctx->tag_len - AES_GCM_NONCE_LENGTH)) { + gcm_ctx, out, nonce, AES_GCM_NONCE_LENGTH, in, in_len, in_tag, + in_tag_len - AES_GCM_NONCE_LENGTH, ad, ad_len, + ctx->tag_len - AES_GCM_NONCE_LENGTH)) { return 0; } @@ -1267,7 +1260,7 @@ static int aead_aes_gcm_tls12_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, size_t requested_tag_len) { struct aead_aes_gcm_tls12_ctx *gcm_ctx = - (struct aead_aes_gcm_tls12_ctx *) &ctx->state; + (struct aead_aes_gcm_tls12_ctx *)&ctx->state; gcm_ctx->min_next_nonce = 0; @@ -1287,7 +1280,7 @@ size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in, size_t extra_in_len, const uint8_t *ad, size_t ad_len) { struct aead_aes_gcm_tls12_ctx *gcm_ctx = - (struct aead_aes_gcm_tls12_ctx *) &ctx->state; + (struct aead_aes_gcm_tls12_ctx *)&ctx->state; if (nonce_len != AES_GCM_NONCE_LENGTH) { OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE); @@ -1361,7 +1354,7 @@ static int aead_aes_gcm_tls13_init(EVP_AEAD_CTX *ctx, const uint8_t *key, size_t key_len, size_t requested_tag_len) { struct aead_aes_gcm_tls13_ctx *gcm_ctx = - (struct aead_aes_gcm_tls13_ctx *) &ctx->state; + (struct aead_aes_gcm_tls13_ctx *)&ctx->state; gcm_ctx->min_next_nonce = 0; gcm_ctx->first = 1; @@ -1382,7 +1375,7 @@ size_t nonce_len, const uint8_t *in, size_t in_len, const uint8_t *extra_in, size_t extra_in_len, const uint8_t *ad, size_t ad_len) { struct aead_aes_gcm_tls13_ctx *gcm_ctx = - (struct aead_aes_gcm_tls13_ctx *) &ctx->state; + (struct aead_aes_gcm_tls13_ctx *)&ctx->state; if (nonce_len != AES_GCM_NONCE_LENGTH) { OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_UNSUPPORTED_NONCE_SIZE); @@ -1403,8 +1396,7 @@ } given_counter ^= gcm_ctx->mask; - if (given_counter == UINT64_MAX || - given_counter < gcm_ctx->min_next_nonce) { + if (given_counter == UINT64_MAX || given_counter < gcm_ctx->min_next_nonce) { OPENSSL_PUT_ERROR(CIPHER, CIPHER_R_INVALID_NONCE); return 0; }
diff --git a/crypto/fipsmodule/cipher/e_aesccm.c.inc b/crypto/fipsmodule/cipher/e_aesccm.cc.inc similarity index 100% rename from crypto/fipsmodule/cipher/e_aesccm.c.inc rename to crypto/fipsmodule/cipher/e_aesccm.cc.inc
diff --git a/crypto/fipsmodule/cmac/cmac.c.inc b/crypto/fipsmodule/cmac/cmac.cc.inc similarity index 96% rename from crypto/fipsmodule/cmac/cmac.c.inc rename to crypto/fipsmodule/cmac/cmac.cc.inc index efffe5f..94931b5 100644 --- a/crypto/fipsmodule/cmac/cmac.c.inc +++ b/crypto/fipsmodule/cmac/cmac.cc.inc
@@ -119,7 +119,7 @@ } CMAC_CTX *CMAC_CTX_new(void) { - CMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); + CMAC_CTX *ctx = reinterpret_cast<CMAC_CTX *>(OPENSSL_malloc(sizeof(*ctx))); if (ctx != NULL) { CMAC_CTX_init(ctx); } @@ -155,7 +155,7 @@ // Shift |in| to left, including carry. for (i = 0; i < 15; i++) { - out[i] = (in[i] << 1) | (in[i+1] >> 7); + out[i] = (in[i] << 1) | (in[i + 1] >> 7); } // If MSB set fixup with R. @@ -172,7 +172,7 @@ // Shift |in| to left, including carry. for (i = 0; i < 7; i++) { - out[i] = (in[i] << 1) | (in[i+1] >> 7); + out[i] = (in[i] << 1) | (in[i + 1] >> 7); } // If MSB set fixup with R. @@ -194,7 +194,8 @@ size_t block_size = EVP_CIPHER_block_size(cipher); if ((block_size != AES_BLOCK_SIZE && block_size != 8 /* 3-DES */) || EVP_CIPHER_key_length(cipher) != key_len || - !EVP_EncryptInit_ex(&ctx->cipher_ctx, cipher, NULL, key, kZeroIV) || + !EVP_EncryptInit_ex(&ctx->cipher_ctx, cipher, NULL, + reinterpret_cast<const uint8_t *>(key), kZeroIV) || !EVP_Cipher(&ctx->cipher_ctx, scratch, kZeroIV, block_size) || // Reset context again ready for first data. !EVP_EncryptInit_ex(&ctx->cipher_ctx, NULL, NULL, NULL, kZeroIV)) { @@ -291,13 +292,12 @@ FIPS_service_indicator_lock_state(); *out_len = block_size; + const uint8_t *mask = ctx->k1; if (out == NULL) { ret = 1; goto out; } - const uint8_t *mask = ctx->k1; - if (ctx->block_used != block_size) { // If the last block is incomplete, terminate it with a single 'one' bit // followed by zeros.
diff --git a/crypto/fipsmodule/delocate.h b/crypto/fipsmodule/delocate.h index 5890ea8..cf063a8 100644 --- a/crypto/fipsmodule/delocate.h +++ b/crypto/fipsmodule/delocate.h
@@ -22,19 +22,23 @@ #if !defined(BORINGSSL_SHARED_LIBRARY) && defined(BORINGSSL_FIPS) && \ !defined(OPENSSL_ASAN) && !defined(OPENSSL_MSAN) -#define DEFINE_BSS_GET(type, name) \ - static type name __attribute__((used)); \ - type *name##_bss_get(void) __attribute__((const)); +#define DEFINE_BSS_GET(type, name, init_value) \ + static type name __attribute__((used)) = init_value; \ + extern "C" { \ + type *name##_bss_get(void) __attribute__((const)); \ + } // For FIPS builds we require that CRYPTO_ONCE_INIT be zero. -#define DEFINE_STATIC_ONCE(name) DEFINE_BSS_GET(CRYPTO_once_t, name) +#define DEFINE_STATIC_ONCE(name) \ + DEFINE_BSS_GET(CRYPTO_once_t, name, CRYPTO_ONCE_INIT) // For FIPS builds we require that CRYPTO_MUTEX_INIT be zero. -#define DEFINE_STATIC_MUTEX(name) DEFINE_BSS_GET(CRYPTO_MUTEX, name) +#define DEFINE_STATIC_MUTEX(name) \ + DEFINE_BSS_GET(CRYPTO_MUTEX, name, CRYPTO_MUTEX_INIT) // For FIPS builds we require that CRYPTO_EX_DATA_CLASS_INIT be zero. #define DEFINE_STATIC_EX_DATA_CLASS(name) \ - DEFINE_BSS_GET(CRYPTO_EX_DATA_CLASS, name) + DEFINE_BSS_GET(CRYPTO_EX_DATA_CLASS, name, CRYPTO_EX_DATA_CLASS_INIT) #else -#define DEFINE_BSS_GET(type, name) \ - static type name; \ +#define DEFINE_BSS_GET(type, name, init_value) \ + static type name = init_value; \ static type *name##_bss_get(void) { return &name; } #define DEFINE_STATIC_ONCE(name) \ static CRYPTO_once_t name = CRYPTO_ONCE_INIT; \ @@ -48,7 +52,7 @@ #endif #define DEFINE_DATA(type, name, accessor_decorations) \ - DEFINE_BSS_GET(type, name##_storage) \ + DEFINE_BSS_GET(type, name##_storage, {}) \ DEFINE_STATIC_ONCE(name##_once) \ static void name##_do_init(type *out); \ static void name##_init(void) { name##_do_init(name##_storage_bss_get()); } \
diff --git a/crypto/fipsmodule/dh/check.c.inc b/crypto/fipsmodule/dh/check.cc.inc similarity index 100% rename from crypto/fipsmodule/dh/check.c.inc rename to crypto/fipsmodule/dh/check.cc.inc
diff --git a/crypto/fipsmodule/dh/dh.c.inc b/crypto/fipsmodule/dh/dh.cc.inc similarity index 95% rename from crypto/fipsmodule/dh/dh.c.inc rename to crypto/fipsmodule/dh/dh.cc.inc index 39c6b8e..e32c4af 100644 --- a/crypto/fipsmodule/dh/dh.c.inc +++ b/crypto/fipsmodule/dh/dh.cc.inc
@@ -59,8 +59,8 @@ #include <string.h> #include <openssl/bn.h> -#include <openssl/err.h> #include <openssl/digest.h> +#include <openssl/err.h> #include <openssl/mem.h> #include <openssl/thread.h> @@ -71,7 +71,7 @@ DH *DH_new(void) { - DH *dh = OPENSSL_zalloc(sizeof(DH)); + DH *dh = reinterpret_cast<DH *>(OPENSSL_zalloc(sizeof(DH))); if (dh == NULL) { return NULL; } @@ -151,8 +151,7 @@ } int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) { - if ((dh->p == NULL && p == NULL) || - (dh->g == NULL && g == NULL)) { + if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL)) { return 0; } @@ -322,8 +321,7 @@ if (!BN_mod_exp_mont_consttime(out_shared_key, peers_key, dh->priv_key, dh->p, ctx, dh->method_mont_p) || - !BN_copy(p_minus_1, dh->p) || - !BN_sub_word(p_minus_1, 1)) { + !BN_copy(p_minus_1, dh->p) || !BN_sub_word(p_minus_1, 1)) { OPENSSL_PUT_ERROR(DH, ERR_R_BN_LIB); goto err; } @@ -337,7 +335,7 @@ ret = 1; - err: +err: BN_CTX_end(ctx); return ret; } @@ -353,8 +351,7 @@ int dh_size = DH_size(dh); int ret = -1; BIGNUM *shared_key = BN_CTX_get(ctx); - if (shared_key && - dh_compute_key(dh, shared_key, peers_key, ctx) && + if (shared_key && dh_compute_key(dh, shared_key, peers_key, ctx) && BN_bn2bin_padded(out, dh_size, shared_key)) { ret = dh_size; } @@ -405,7 +402,7 @@ int ret = 0; const size_t dh_len = DH_size(dh); - uint8_t *shared_bytes = OPENSSL_malloc(dh_len); + uint8_t *shared_bytes = reinterpret_cast<uint8_t *>(OPENSSL_malloc(dh_len)); unsigned out_len_unsigned; if (!shared_bytes || // SP 800-56A is ambiguous about whether the output should be padded prior @@ -423,7 +420,7 @@ *out_len = digest_len; ret = 1; - err: +err: FIPS_service_indicator_unlock_state(); OPENSSL_free(shared_bytes); return ret; @@ -472,18 +469,17 @@ bn_set_static_words(ffdhe2048_p, kFFDHE2048Data, OPENSSL_ARRAY_SIZE(kFFDHE2048Data)); - if (!BN_rshift1(ffdhe2048_q, ffdhe2048_p) || - !BN_set_word(ffdhe2048_g, 2) || + if (!BN_rshift1(ffdhe2048_q, ffdhe2048_p) || !BN_set_word(ffdhe2048_g, 2) || !DH_set0_pqg(dh, ffdhe2048_p, ffdhe2048_q, ffdhe2048_g)) { goto err; } return dh; - err: - BN_free(ffdhe2048_p); - BN_free(ffdhe2048_q); - BN_free(ffdhe2048_g); - DH_free(dh); - return NULL; +err: + BN_free(ffdhe2048_p); + BN_free(ffdhe2048_q); + BN_free(ffdhe2048_g); + DH_free(dh); + return NULL; }
diff --git a/crypto/fipsmodule/digest/digest.c.inc b/crypto/fipsmodule/digest/digest.cc.inc similarity index 95% rename from crypto/fipsmodule/digest/digest.c.inc rename to crypto/fipsmodule/digest/digest.cc.inc index 52197c1..0f7cb9e 100644 --- a/crypto/fipsmodule/digest/digest.c.inc +++ b/crypto/fipsmodule/digest/digest.cc.inc
@@ -62,8 +62,8 @@ #include <openssl/err.h> #include <openssl/mem.h> -#include "internal.h" #include "../../internal.h" +#include "internal.h" int EVP_MD_type(const EVP_MD *md) { return md->type; } @@ -82,7 +82,8 @@ } EVP_MD_CTX *EVP_MD_CTX_new(void) { - EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof(EVP_MD_CTX)); + EVP_MD_CTX *ctx = + reinterpret_cast<EVP_MD_CTX *>(OPENSSL_malloc(sizeof(EVP_MD_CTX))); if (ctx) { EVP_MD_CTX_init(ctx); @@ -152,7 +153,8 @@ if (in->digest != NULL) { if (out->digest != in->digest) { assert(in->digest->ctx_size != 0); - tmp_buf = OPENSSL_malloc(in->digest->ctx_size); + tmp_buf = + reinterpret_cast<uint8_t *>(OPENSSL_malloc(in->digest->ctx_size)); if (tmp_buf == NULL) { if (pctx) { in->pctx_ops->free(pctx); @@ -163,7 +165,7 @@ // |md_data| will be the correct size in this case. It's removed from // |out| so that |EVP_MD_CTX_cleanup| doesn't free it, and then it's // reused. - tmp_buf = out->md_data; + tmp_buf = reinterpret_cast<uint8_t *>(out->md_data); out->md_data = NULL; } } @@ -207,7 +209,8 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *engine) { if (ctx->digest != type) { assert(type->ctx_size != 0); - uint8_t *md_data = OPENSSL_malloc(type->ctx_size); + uint8_t *md_data = + reinterpret_cast<uint8_t *>(OPENSSL_malloc(type->ctx_size)); if (md_data == NULL) { return 0; } @@ -283,6 +286,4 @@ return EVP_MD_type(EVP_MD_CTX_md(ctx)); } -int EVP_add_digest(const EVP_MD *digest) { - return 1; -} +int EVP_add_digest(const EVP_MD *digest) { return 1; }
diff --git a/crypto/fipsmodule/digest/digests.c.inc b/crypto/fipsmodule/digest/digests.cc.inc similarity index 81% rename from crypto/fipsmodule/digest/digests.c.inc rename to crypto/fipsmodule/digest/digests.cc.inc index 9ead2c6..e1b08fa 100644 --- a/crypto/fipsmodule/digest/digests.c.inc +++ b/crypto/fipsmodule/digest/digests.cc.inc
@@ -61,27 +61,28 @@ #include <openssl/nid.h> -#include "internal.h" -#include "../delocate.h" #include "../../internal.h" +#include "../bcm_interface.h" +#include "../delocate.h" +#include "internal.h" #if defined(NDEBUG) -#define CHECK(x) (void) (x) +#define CHECK(x) (void)(x) #else #define CHECK(x) assert(x) #endif static void sha1_init(EVP_MD_CTX *ctx) { - BCM_sha1_init(ctx->md_data); + BCM_sha1_init(reinterpret_cast<SHA_CTX *>(ctx->md_data)); } static void sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - BCM_sha1_update(ctx->md_data, data, count); + BCM_sha1_update(reinterpret_cast<SHA_CTX *>(ctx->md_data), data, count); } static void sha1_final(EVP_MD_CTX *ctx, uint8_t *md) { - BCM_sha1_final(md, ctx->md_data); + BCM_sha1_final(md, reinterpret_cast<SHA_CTX *>(ctx->md_data)); } DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha1) { @@ -97,15 +98,15 @@ static void sha224_init(EVP_MD_CTX *ctx) { - BCM_sha224_init(ctx->md_data); + BCM_sha224_init(reinterpret_cast<SHA256_CTX *>(ctx->md_data)); } static void sha224_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - BCM_sha224_update(ctx->md_data, data, count); + BCM_sha224_update(reinterpret_cast<SHA256_CTX *>(ctx->md_data), data, count); } static void sha224_final(EVP_MD_CTX *ctx, uint8_t *md) { - BCM_sha224_final(md, ctx->md_data); + BCM_sha224_final(md, reinterpret_cast<SHA256_CTX *>(ctx->md_data)); } DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha224) { @@ -121,15 +122,15 @@ static void sha256_init(EVP_MD_CTX *ctx) { - BCM_sha256_init(ctx->md_data); + BCM_sha256_init(reinterpret_cast<SHA256_CTX *>(ctx->md_data)); } static void sha256_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - BCM_sha256_update(ctx->md_data, data, count); + BCM_sha256_update(reinterpret_cast<SHA256_CTX *>(ctx->md_data), data, count); } static void sha256_final(EVP_MD_CTX *ctx, uint8_t *md) { - BCM_sha256_final(md, ctx->md_data); + BCM_sha256_final(md, reinterpret_cast<SHA256_CTX *>(ctx->md_data)); } DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha256) { @@ -145,15 +146,15 @@ static void sha384_init(EVP_MD_CTX *ctx) { - BCM_sha384_init(ctx->md_data); + BCM_sha384_init(reinterpret_cast<SHA512_CTX *>(ctx->md_data)); } static void sha384_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - BCM_sha384_update(ctx->md_data, data, count); + BCM_sha384_update(reinterpret_cast<SHA512_CTX *>(ctx->md_data), data, count); } static void sha384_final(EVP_MD_CTX *ctx, uint8_t *md) { - BCM_sha384_final(md, ctx->md_data); + BCM_sha384_final(md, reinterpret_cast<SHA512_CTX *>(ctx->md_data)); } DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha384) { @@ -169,15 +170,15 @@ static void sha512_init(EVP_MD_CTX *ctx) { - BCM_sha512_init(ctx->md_data); + BCM_sha512_init(reinterpret_cast<SHA512_CTX *>(ctx->md_data)); } static void sha512_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - BCM_sha512_update(ctx->md_data, data, count); + BCM_sha512_update(reinterpret_cast<SHA512_CTX *>(ctx->md_data), data, count); } static void sha512_final(EVP_MD_CTX *ctx, uint8_t *md) { - BCM_sha512_final(md, ctx->md_data); + BCM_sha512_final(md, reinterpret_cast<SHA512_CTX *>(ctx->md_data)); } DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha512) { @@ -193,15 +194,16 @@ static void sha512_256_init(EVP_MD_CTX *ctx) { - BCM_sha512_256_init(ctx->md_data); + BCM_sha512_256_init(reinterpret_cast<SHA512_CTX *>(ctx->md_data)); } static void sha512_256_update(EVP_MD_CTX *ctx, const void *data, size_t count) { - BCM_sha512_256_update(ctx->md_data, data, count); + BCM_sha512_256_update(reinterpret_cast<SHA512_CTX *>(ctx->md_data), data, + count); } static void sha512_256_final(EVP_MD_CTX *ctx, uint8_t *md) { - BCM_sha512_256_final(md, ctx->md_data); + BCM_sha512_256_final(md, reinterpret_cast<SHA512_CTX *>(ctx->md_data)); } DEFINE_METHOD_FUNCTION(EVP_MD, EVP_sha512_256) {
diff --git a/crypto/fipsmodule/digestsign/digestsign.c.inc b/crypto/fipsmodule/digestsign/digestsign.cc.inc similarity index 100% rename from crypto/fipsmodule/digestsign/digestsign.c.inc rename to crypto/fipsmodule/digestsign/digestsign.cc.inc
diff --git a/crypto/fipsmodule/ec/ec.c.inc b/crypto/fipsmodule/ec/ec.cc.inc similarity index 98% rename from crypto/fipsmodule/ec/ec.c.inc rename to crypto/fipsmodule/ec/ec.cc.inc index 0ae566a..1240eed 100644 --- a/crypto/fipsmodule/ec/ec.c.inc +++ b/crypto/fipsmodule/ec/ec.cc.inc
@@ -75,10 +75,10 @@ #include <openssl/mem.h> #include <openssl/nid.h> -#include "internal.h" #include "../../internal.h" #include "../bn/internal.h" #include "../delocate.h" +#include "internal.h" #include "builtin_curves.h" @@ -245,12 +245,11 @@ BIGNUM *a_reduced = BN_CTX_get(ctx); BIGNUM *b_reduced = BN_CTX_get(ctx); if (a_reduced == NULL || b_reduced == NULL || - !BN_nnmod(a_reduced, a, p, ctx) || - !BN_nnmod(b_reduced, b, p, ctx)) { + !BN_nnmod(a_reduced, a, p, ctx) || !BN_nnmod(b_reduced, b, p, ctx)) { goto err; } - ret = OPENSSL_zalloc(sizeof(EC_GROUP)); + ret = reinterpret_cast<EC_GROUP *>(OPENSSL_zalloc(sizeof(EC_GROUP))); if (ret == NULL) { return NULL; } @@ -301,8 +300,7 @@ // the ECDSA implementation. int ret = 0; BIGNUM *tmp = BN_new(); - if (tmp == NULL || - !BN_lshift1(tmp, order)) { + if (tmp == NULL || !BN_lshift1(tmp, order)) { goto err; } if (BN_cmp(tmp, &group->field.N) <= 0) { @@ -470,7 +468,7 @@ return NULL; } - EC_POINT *ret = OPENSSL_malloc(sizeof *ret); + EC_POINT *ret = reinterpret_cast<EC_POINT *>(OPENSSL_malloc(sizeof *ret)); if (ret == NULL) { return NULL; } @@ -514,8 +512,7 @@ } EC_POINT *ret = EC_POINT_new(group); - if (ret == NULL || - !EC_POINT_copy(ret, a)) { + if (ret == NULL || !EC_POINT_copy(ret, a)) { EC_POINT_free(ret); return NULL; } @@ -720,8 +717,7 @@ // This is an unusual input, so we do not guarantee constant-time processing. BN_CTX_start(ctx); BIGNUM *tmp = BN_CTX_get(ctx); - int ok = tmp != NULL && - BN_nnmod(tmp, in, EC_GROUP_get0_order(group), ctx) && + int ok = tmp != NULL && BN_nnmod(tmp, in, EC_GROUP_get0_order(group), ctx) && ec_bignum_to_scalar(group, out, tmp); BN_CTX_end(ctx); return ok; @@ -734,7 +730,7 @@ // nothing to multiply. But, nobody should be calling this function with // nothing to multiply in the first place. if ((g_scalar == NULL && p_scalar == NULL) || - (p == NULL) != (p_scalar == NULL)) { + (p == NULL) != (p_scalar == NULL)) { OPENSSL_PUT_ERROR(EC, ERR_R_PASSED_NULL_PARAMETER); return 0; } @@ -874,8 +870,7 @@ int ec_point_mul_scalar_batch(const EC_GROUP *group, EC_JACOBIAN *r, const EC_JACOBIAN *p0, const EC_SCALAR *scalar0, const EC_JACOBIAN *p1, const EC_SCALAR *scalar1, - const EC_JACOBIAN *p2, - const EC_SCALAR *scalar2) { + const EC_JACOBIAN *p2, const EC_SCALAR *scalar2) { if (group->meth->mul_batch == NULL) { OPENSSL_PUT_ERROR(EC, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; @@ -926,7 +921,7 @@ } void ec_point_select(const EC_GROUP *group, EC_JACOBIAN *out, BN_ULONG mask, - const EC_JACOBIAN *a, const EC_JACOBIAN *b) { + const EC_JACOBIAN *a, const EC_JACOBIAN *b) { ec_felem_select(group, &out->X, mask, &a->X, &b->X); ec_felem_select(group, &out->Y, mask, &a->Y, &b->Y); ec_felem_select(group, &out->Z, mask, &a->Z, &b->Z);
diff --git a/crypto/fipsmodule/ec/ec_key.c.inc b/crypto/fipsmodule/ec/ec_key.cc.inc similarity index 96% rename from crypto/fipsmodule/ec/ec_key.c.inc rename to crypto/fipsmodule/ec/ec_key.cc.inc index 376fa65..c5417a6 100644 --- a/crypto/fipsmodule/ec/ec_key.c.inc +++ b/crypto/fipsmodule/ec/ec_key.cc.inc
@@ -77,17 +77,19 @@ #include <openssl/mem.h> #include <openssl/thread.h> -#include "internal.h" +#include "../../internal.h" +#include "../bcm_interface.h" #include "../delocate.h" #include "../ecdsa/internal.h" #include "../service_indicator/internal.h" -#include "../../internal.h" +#include "internal.h" DEFINE_STATIC_EX_DATA_CLASS(g_ec_ex_data_class) static EC_WRAPPED_SCALAR *ec_wrapped_scalar_new(const EC_GROUP *group) { - EC_WRAPPED_SCALAR *wrapped = OPENSSL_zalloc(sizeof(EC_WRAPPED_SCALAR)); + EC_WRAPPED_SCALAR *wrapped = reinterpret_cast<EC_WRAPPED_SCALAR *>( + OPENSSL_zalloc(sizeof(EC_WRAPPED_SCALAR))); if (wrapped == NULL) { return NULL; } @@ -106,7 +108,7 @@ EC_KEY *EC_KEY_new(void) { return EC_KEY_new_method(NULL); } EC_KEY *EC_KEY_new_method(const ENGINE *engine) { - EC_KEY *ret = OPENSSL_zalloc(sizeof(EC_KEY)); + EC_KEY *ret = reinterpret_cast<EC_KEY *>(OPENSSL_zalloc(sizeof(EC_KEY))); if (ret == NULL) { return NULL; } @@ -184,10 +186,8 @@ return NULL; } - if ((src->group != NULL && - !EC_KEY_set_group(ret, src->group)) || - (src->pub_key != NULL && - !EC_KEY_set_public_key(ret, src->pub_key)) || + if ((src->group != NULL && !EC_KEY_set_group(ret, src->group)) || + (src->pub_key != NULL && !EC_KEY_set_public_key(ret, src->pub_key)) || (src->priv_key != NULL && !EC_KEY_set_private_key(ret, EC_KEY_get0_private_key(src)))) { EC_KEY_free(ret); @@ -385,8 +385,7 @@ point = EC_POINT_new(key->group); if (point == NULL || !EC_POINT_set_affine_coordinates_GFp(key->group, point, x, y, NULL) || - !EC_KEY_set_public_key(key, point) || - !EC_KEY_check_key(key)) { + !EC_KEY_set_public_key(key, point) || !EC_KEY_check_key(key)) { goto err; } @@ -468,7 +467,7 @@ return 0; } - uint8_t *buf = OPENSSL_malloc(len); + uint8_t *buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(len)); if (buf == NULL) { return 0; } @@ -546,7 +545,7 @@ CRYPTO_EX_dup *dup_unused, CRYPTO_EX_free *free_func) { return CRYPTO_get_ex_new_index_ex(g_ec_ex_data_class_bss_get(), argl, argp, - free_func); + free_func); } int EC_KEY_set_ex_data(EC_KEY *d, int idx, void *arg) {
diff --git a/crypto/fipsmodule/ec/ec_montgomery.c.inc b/crypto/fipsmodule/ec/ec_montgomery.cc.inc similarity index 100% rename from crypto/fipsmodule/ec/ec_montgomery.c.inc rename to crypto/fipsmodule/ec/ec_montgomery.cc.inc
diff --git a/crypto/fipsmodule/ec/felem.c.inc b/crypto/fipsmodule/ec/felem.cc.inc similarity index 100% rename from crypto/fipsmodule/ec/felem.c.inc rename to crypto/fipsmodule/ec/felem.cc.inc
diff --git a/crypto/fipsmodule/ec/oct.c.inc b/crypto/fipsmodule/ec/oct.cc.inc similarity index 97% rename from crypto/fipsmodule/ec/oct.c.inc rename to crypto/fipsmodule/ec/oct.cc.inc index 6cb84f5..b598036 100644 --- a/crypto/fipsmodule/ec/oct.c.inc +++ b/crypto/fipsmodule/ec/oct.cc.inc
@@ -141,8 +141,8 @@ return 0; } - point_conversion_form_t form = buf[0]; - if (form == POINT_CONVERSION_UNCOMPRESSED) { + uint8_t form = buf[0]; + if (form == static_cast<uint8_t>(POINT_CONVERSION_UNCOMPRESSED)) { EC_AFFINE affine; if (!ec_point_from_uncompressed(group, &affine, buf, len)) { // In the event of an error, defend against the caller not checking the @@ -157,7 +157,7 @@ const int y_bit = form & 1; const size_t field_len = BN_num_bytes(&group->field.N); form = form & ~1u; - if (form != POINT_CONVERSION_COMPRESSED || + if (form != static_cast<uint8_t>(POINT_CONVERSION_COMPRESSED) || len != 1 /* type byte */ + field_len) { OPENSSL_PUT_ERROR(EC, EC_R_INVALID_ENCODING); return 0; @@ -239,7 +239,7 @@ if (len == 0) { return 0; } - uint8_t *buf = OPENSSL_malloc(len); + uint8_t *buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(len)); if (buf == NULL) { return 0; } @@ -286,8 +286,7 @@ BIGNUM *a = BN_CTX_get(ctx); BIGNUM *b = BN_CTX_get(ctx); BIGNUM *y = BN_CTX_get(ctx); - if (y == NULL || - !EC_GROUP_get_curve_GFp(group, NULL, a, b, ctx)) { + if (y == NULL || !EC_GROUP_get_curve_GFp(group, NULL, a, b, ctx)) { goto err; }
diff --git a/crypto/fipsmodule/ec/p224-64.c.inc b/crypto/fipsmodule/ec/p224-64.cc.inc similarity index 100% rename from crypto/fipsmodule/ec/p224-64.c.inc rename to crypto/fipsmodule/ec/p224-64.cc.inc
diff --git a/crypto/fipsmodule/ec/p256-nistz-table.h b/crypto/fipsmodule/ec/p256-nistz-table.h index b81480b..f2c8a48 100644 --- a/crypto/fipsmodule/ec/p256-nistz-table.h +++ b/crypto/fipsmodule/ec/p256-nistz-table.h
@@ -22,7 +22,7 @@ // This file is generated by make_tables.go. -static const alignas(4096) PRECOMP256_ROW ecp_nistz256_precomputed[37] = { +static const PRECOMP256_ROW ecp_nistz256_precomputed alignas(4096)[37] = { {{{TOBN(0x79e730d4, 0x18a9143c), TOBN(0x75ba95fc, 0x5fedb601), TOBN(0x79fb732b, 0x77622510), TOBN(0x18905f76, 0xa53755c6)}, {TOBN(0xddf25357, 0xce95560a), TOBN(0x8b4ab8e4, 0xba19e45c),
diff --git a/crypto/fipsmodule/ec/p256-nistz.c.inc b/crypto/fipsmodule/ec/p256-nistz.cc.inc similarity index 97% rename from crypto/fipsmodule/ec/p256-nistz.c.inc rename to crypto/fipsmodule/ec/p256-nistz.cc.inc index 6d667fc..b6a3f9a 100644 --- a/crypto/fipsmodule/ec/p256-nistz.c.inc +++ b/crypto/fipsmodule/ec/p256-nistz.cc.inc
@@ -26,22 +26,24 @@ #include <openssl/crypto.h> #include <openssl/err.h> +#include "../../internal.h" #include "../bn/internal.h" #include "../delocate.h" -#include "../../internal.h" #include "internal.h" #include "p256-nistz.h" -#if !defined(OPENSSL_NO_ASM) && \ - (defined(OPENSSL_X86_64) || defined(OPENSSL_AARCH64)) && \ +#if !defined(OPENSSL_NO_ASM) && \ + (defined(OPENSSL_X86_64) || defined(OPENSSL_AARCH64)) && \ !defined(OPENSSL_SMALL) typedef P256_POINT_AFFINE PRECOMP256_ROW[64]; // One converted into the Montgomery domain static const BN_ULONG ONE_MONT[P256_LIMBS] = { - TOBN(0x00000000, 0x00000001), TOBN(0xffffffff, 0x00000000), - TOBN(0xffffffff, 0xffffffff), TOBN(0x00000000, 0xfffffffe), + TOBN(0x00000000, 0x00000001), + TOBN(0xffffffff, 0x00000000), + TOBN(0xffffffff, 0xffffffff), + TOBN(0x00000000, 0xfffffffe), }; // Precomputed tables for the default generator @@ -104,11 +106,11 @@ // // (declare-fun x () (_ BitVec 64)) // -// (assert (and (= x #x0000000000000000) (= (is_not_zero x) #x0000000000000001))) -// (check-sat) +// (assert (and (= x #x0000000000000000) (= (is_not_zero x) +// #x0000000000000001))) (check-sat) // -// (assert (and (not (= x #x0000000000000000)) (= (is_not_zero x) #x0000000000000000))) -// (check-sat) +// (assert (and (not (= x #x0000000000000000)) (= (is_not_zero x) +// #x0000000000000000))) (check-sat) // static BN_ULONG is_not_zero(BN_ULONG in) { in |= (0 - in); @@ -651,8 +653,8 @@ } static int ecp_nistz256_scalar_to_montgomery_inv_vartime(const EC_GROUP *group, - EC_SCALAR *out, - const EC_SCALAR *in) { + EC_SCALAR *out, + const EC_SCALAR *in) { #if defined(OPENSSL_X86_64) if (!CRYPTO_is_AVX_capable()) { // No AVX support; fallback to generic code. @@ -729,6 +731,6 @@ out->cmp_x_coordinate = ecp_nistz256_cmp_x_coordinate; } -#endif /* !defined(OPENSSL_NO_ASM) && \ - (defined(OPENSSL_X86_64) || defined(OPENSSL_AARCH64)) && \ +#endif /* !defined(OPENSSL_NO_ASM) && \ + (defined(OPENSSL_X86_64) || defined(OPENSSL_AARCH64)) && \ !defined(OPENSSL_SMALL) */
diff --git a/crypto/fipsmodule/ec/p256.c.inc b/crypto/fipsmodule/ec/p256.cc.inc similarity index 100% rename from crypto/fipsmodule/ec/p256.c.inc rename to crypto/fipsmodule/ec/p256.cc.inc
diff --git a/crypto/fipsmodule/ec/scalar.c.inc b/crypto/fipsmodule/ec/scalar.cc.inc similarity index 100% rename from crypto/fipsmodule/ec/scalar.c.inc rename to crypto/fipsmodule/ec/scalar.cc.inc
diff --git a/crypto/fipsmodule/ec/simple.c.inc b/crypto/fipsmodule/ec/simple.cc.inc similarity index 100% rename from crypto/fipsmodule/ec/simple.c.inc rename to crypto/fipsmodule/ec/simple.cc.inc
diff --git a/crypto/fipsmodule/ec/simple_mul.c.inc b/crypto/fipsmodule/ec/simple_mul.cc.inc similarity index 100% rename from crypto/fipsmodule/ec/simple_mul.c.inc rename to crypto/fipsmodule/ec/simple_mul.cc.inc
diff --git a/crypto/fipsmodule/ec/util.c.inc b/crypto/fipsmodule/ec/util.cc.inc similarity index 100% rename from crypto/fipsmodule/ec/util.c.inc rename to crypto/fipsmodule/ec/util.cc.inc
diff --git a/crypto/fipsmodule/ec/wnaf.c.inc b/crypto/fipsmodule/ec/wnaf.cc.inc similarity index 91% rename from crypto/fipsmodule/ec/wnaf.c.inc rename to crypto/fipsmodule/ec/wnaf.cc.inc index 225cdfe..8e997f8 100644 --- a/crypto/fipsmodule/ec/wnaf.c.inc +++ b/crypto/fipsmodule/ec/wnaf.cc.inc
@@ -75,9 +75,9 @@ #include <openssl/mem.h> #include <openssl/thread.h> -#include "internal.h" -#include "../bn/internal.h" #include "../../internal.h" +#include "../bn/internal.h" +#include "internal.h" // This file implements the wNAF-based interleaving multi-exponentiation method @@ -186,22 +186,34 @@ size_t bits = EC_GROUP_order_bits(group); size_t wNAF_len = bits + 1; - int ret = 0; + // Stack-allocated space, which will be used if the task is small enough. int8_t wNAF_stack[EC_WNAF_STACK][EC_MAX_BYTES * 8 + 1]; - int8_t (*wNAF_alloc)[EC_MAX_BYTES * 8 + 1] = NULL; - int8_t (*wNAF)[EC_MAX_BYTES * 8 + 1]; EC_JACOBIAN precomp_stack[EC_WNAF_STACK][EC_WNAF_TABLE_SIZE]; - EC_JACOBIAN (*precomp_alloc)[EC_WNAF_TABLE_SIZE] = NULL; - EC_JACOBIAN (*precomp)[EC_WNAF_TABLE_SIZE]; + + // Allocated pointers, which will remain NULL unless needed. + EC_JACOBIAN(*precomp_alloc)[EC_WNAF_TABLE_SIZE] = NULL; + int8_t(*wNAF_alloc)[EC_MAX_BYTES * 8 + 1] = NULL; + + // These fields point either to the stack or heap buffers of the same name. + int8_t(*wNAF)[EC_MAX_BYTES * 8 + 1]; + EC_JACOBIAN(*precomp)[EC_WNAF_TABLE_SIZE]; + if (num <= EC_WNAF_STACK) { wNAF = wNAF_stack; precomp = precomp_stack; } else { - wNAF_alloc = OPENSSL_calloc(num, sizeof(wNAF_alloc[0])); - precomp_alloc = OPENSSL_calloc(num, sizeof(precomp_alloc[0])); - if (wNAF_alloc == NULL || precomp_alloc == NULL) { - goto err; + wNAF_alloc = reinterpret_cast<decltype(wNAF_alloc)>( + OPENSSL_calloc(num, sizeof(wNAF_alloc[0]))); + if (wNAF_alloc == NULL) { + return 0; } + precomp_alloc = reinterpret_cast<decltype(precomp_alloc)>( + OPENSSL_calloc(num, sizeof(precomp_alloc[0]))); + if (precomp_alloc == NULL) { + OPENSSL_free(wNAF_alloc); + return 0; + } + wNAF = wNAF_alloc; precomp = precomp_alloc; } @@ -255,10 +267,7 @@ ec_GFp_simple_point_set_to_infinity(group, r); } - ret = 1; - -err: OPENSSL_free(wNAF_alloc); OPENSSL_free(precomp_alloc); - return ret; + return 1; }
diff --git a/crypto/fipsmodule/ecdh/ecdh.c.inc b/crypto/fipsmodule/ecdh/ecdh.cc.inc similarity index 100% rename from crypto/fipsmodule/ecdh/ecdh.c.inc rename to crypto/fipsmodule/ecdh/ecdh.cc.inc
diff --git a/crypto/fipsmodule/ecdsa/ecdsa.c.inc b/crypto/fipsmodule/ecdsa/ecdsa.cc.inc similarity index 100% rename from crypto/fipsmodule/ecdsa/ecdsa.c.inc rename to crypto/fipsmodule/ecdsa/ecdsa.cc.inc
diff --git a/crypto/fipsmodule/fips_shared.lds b/crypto/fipsmodule/fips_shared.lds index ebd3c89..1f20b96 100644 --- a/crypto/fipsmodule/fips_shared.lds +++ b/crypto/fipsmodule/fips_shared.lds
@@ -4,6 +4,10 @@ BORINGSSL_bcm_text_start = .; *(.text) *(.text.unlikely.*) + /* These sections shouldn't exist. But C++ `inline` symbols seem to be + * placed in function sections on Android even with + * -fno-function-sections. */ + *(text.*) BORINGSSL_bcm_text_end = .; } .rodata : { @@ -19,7 +23,6 @@ *(.rela.dyn) *(.data) *(.rel.ro) - *(*.text.*) *(*.data.*) } }
diff --git a/crypto/fipsmodule/fips_shared_support.c b/crypto/fipsmodule/fips_shared_support.cc similarity index 93% rename from crypto/fipsmodule/fips_shared_support.c rename to crypto/fipsmodule/fips_shared_support.cc index 74b35f0..01de6a1 100644 --- a/crypto/fipsmodule/fips_shared_support.c +++ b/crypto/fipsmodule/fips_shared_support.cc
@@ -20,8 +20,7 @@ // that must be replaced with the real value during the build process. This // value need only be distinct, i.e. so that we can safely search-and-replace it // in an object file. -const uint8_t BORINGSSL_bcm_text_hash[32]; -const uint8_t BORINGSSL_bcm_text_hash[32] = { +extern const uint8_t BORINGSSL_bcm_text_hash[32] = { 0xae, 0x2c, 0xea, 0x2a, 0xbd, 0xa6, 0xf3, 0xec, 0x97, 0x7f, 0x9b, 0xf6, 0x94, 0x9a, 0xfc, 0x83, 0x68, 0x27, 0xcb, 0xa0, 0xa0, 0x9f, 0x6b, 0x6f, 0xde, 0x52, 0xcd, 0xe2, 0xcd, 0xff, 0x31, 0x80,
diff --git a/crypto/fipsmodule/hkdf/hkdf.c.inc b/crypto/fipsmodule/hkdf/hkdf.cc.inc similarity index 100% rename from crypto/fipsmodule/hkdf/hkdf.c.inc rename to crypto/fipsmodule/hkdf/hkdf.cc.inc
diff --git a/crypto/fipsmodule/hmac/hmac.c.inc b/crypto/fipsmodule/hmac/hmac.cc.inc similarity index 98% rename from crypto/fipsmodule/hmac/hmac.c.inc rename to crypto/fipsmodule/hmac/hmac.cc.inc index c6f12e2..4faa4e2 100644 --- a/crypto/fipsmodule/hmac/hmac.c.inc +++ b/crypto/fipsmodule/hmac/hmac.cc.inc
@@ -98,7 +98,8 @@ } HMAC_CTX *HMAC_CTX_new(void) { - HMAC_CTX *ctx = OPENSSL_malloc(sizeof(HMAC_CTX)); + HMAC_CTX *ctx = + reinterpret_cast<HMAC_CTX *>(OPENSSL_malloc(sizeof(HMAC_CTX))); if (ctx != NULL) { HMAC_CTX_init(ctx); } @@ -215,7 +216,7 @@ ret = 1; - out: +out: FIPS_service_indicator_unlock_state(); if (ret) { HMAC_verify_service_indicator(ctx->md);
diff --git a/crypto/fipsmodule/modes/cbc.c.inc b/crypto/fipsmodule/modes/cbc.cc.inc similarity index 100% rename from crypto/fipsmodule/modes/cbc.c.inc rename to crypto/fipsmodule/modes/cbc.cc.inc
diff --git a/crypto/fipsmodule/modes/cfb.c.inc b/crypto/fipsmodule/modes/cfb.cc.inc similarity index 100% rename from crypto/fipsmodule/modes/cfb.c.inc rename to crypto/fipsmodule/modes/cfb.cc.inc
diff --git a/crypto/fipsmodule/modes/ctr.c.inc b/crypto/fipsmodule/modes/ctr.cc.inc similarity index 100% rename from crypto/fipsmodule/modes/ctr.c.inc rename to crypto/fipsmodule/modes/ctr.cc.inc
diff --git a/crypto/fipsmodule/modes/gcm.c.inc b/crypto/fipsmodule/modes/gcm.cc.inc similarity index 100% rename from crypto/fipsmodule/modes/gcm.c.inc rename to crypto/fipsmodule/modes/gcm.cc.inc
diff --git a/crypto/fipsmodule/modes/gcm_nohw.c.inc b/crypto/fipsmodule/modes/gcm_nohw.cc.inc similarity index 100% rename from crypto/fipsmodule/modes/gcm_nohw.c.inc rename to crypto/fipsmodule/modes/gcm_nohw.cc.inc
diff --git a/crypto/fipsmodule/modes/ofb.c.inc b/crypto/fipsmodule/modes/ofb.cc.inc similarity index 100% rename from crypto/fipsmodule/modes/ofb.c.inc rename to crypto/fipsmodule/modes/ofb.cc.inc
diff --git a/crypto/fipsmodule/modes/polyval.c.inc b/crypto/fipsmodule/modes/polyval.cc.inc similarity index 100% rename from crypto/fipsmodule/modes/polyval.c.inc rename to crypto/fipsmodule/modes/polyval.cc.inc
diff --git a/crypto/fipsmodule/rand/ctrdrbg.c.inc b/crypto/fipsmodule/rand/ctrdrbg.cc.inc similarity index 97% rename from crypto/fipsmodule/rand/ctrdrbg.c.inc rename to crypto/fipsmodule/rand/ctrdrbg.cc.inc index 805372f..41ad032 100644 --- a/crypto/fipsmodule/rand/ctrdrbg.c.inc +++ b/crypto/fipsmodule/rand/ctrdrbg.cc.inc
@@ -18,9 +18,9 @@ #include <openssl/mem.h> -#include "internal.h" #include "../cipher/internal.h" #include "../service_indicator/internal.h" +#include "internal.h" // Section references in this file refer to SP 800-90Ar1: @@ -32,7 +32,8 @@ CTR_DRBG_STATE *CTR_DRBG_new(const uint8_t entropy[CTR_DRBG_ENTROPY_LEN], const uint8_t *personalization, size_t personalization_len) { - CTR_DRBG_STATE *drbg = OPENSSL_malloc(sizeof(CTR_DRBG_STATE)); + CTR_DRBG_STATE *drbg = reinterpret_cast<CTR_DRBG_STATE *>( + OPENSSL_malloc(sizeof(CTR_DRBG_STATE))); if (drbg == NULL || !CTR_DRBG_init(drbg, entropy, personalization, personalization_len)) { CTR_DRBG_free(drbg); @@ -177,7 +178,7 @@ todo = out_len; } - todo &= ~(AES_BLOCK_SIZE-1); + todo &= ~(AES_BLOCK_SIZE - 1); const size_t num_blocks = todo / AES_BLOCK_SIZE; if (drbg->ctr) {
diff --git a/crypto/fipsmodule/rand/rand.c.inc b/crypto/fipsmodule/rand/rand.cc.inc similarity index 97% rename from crypto/fipsmodule/rand/rand.c.inc rename to crypto/fipsmodule/rand/rand.cc.inc index 8ba8514..60b5e6d 100644 --- a/crypto/fipsmodule/rand/rand.c.inc +++ b/crypto/fipsmodule/rand/rand.cc.inc
@@ -85,7 +85,7 @@ // objects in the process, one per thread. This is needed because FIPS requires // that they be zeroed on process exit, but thread-local destructors aren't // called when the whole process is exiting. -DEFINE_BSS_GET(struct rand_thread_state *, thread_states_list) +DEFINE_BSS_GET(struct rand_thread_state *, thread_states_list, nullptr) DEFINE_STATIC_MUTEX(thread_states_list_lock) static void rand_thread_state_clear_all(void) __attribute__((destructor)); @@ -106,7 +106,8 @@ // rand_thread_state_free frees a |rand_thread_state|. This is called when a // thread exits. static void rand_thread_state_free(void *state_in) { - struct rand_thread_state *state = state_in; + struct rand_thread_state *state = + reinterpret_cast<rand_thread_state *>(state_in); if (state_in == NULL) { return; @@ -195,7 +196,7 @@ int want_additional_input; }; -DEFINE_BSS_GET(struct entropy_buffer, entropy_buffer) +DEFINE_BSS_GET(struct entropy_buffer, entropy_buffer, {}) DEFINE_STATIC_MUTEX(entropy_buffer_lock) bcm_infallible BCM_rand_load_entropy(const uint8_t *entropy, size_t entropy_len, @@ -366,11 +367,12 @@ } struct rand_thread_state stack_state; - struct rand_thread_state *state = - CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_RAND); + struct rand_thread_state *state = reinterpret_cast<rand_thread_state *>( + CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_RAND)); if (state == NULL) { - state = OPENSSL_zalloc(sizeof(struct rand_thread_state)); + state = reinterpret_cast<rand_thread_state *>( + OPENSSL_zalloc(sizeof(struct rand_thread_state))); if (state == NULL || !CRYPTO_set_thread_local(OPENSSL_THREAD_LOCAL_RAND, state, rand_thread_state_free)) {
diff --git a/crypto/fipsmodule/rsa/blinding.c.inc b/crypto/fipsmodule/rsa/blinding.cc.inc similarity index 98% rename from crypto/fipsmodule/rsa/blinding.c.inc rename to crypto/fipsmodule/rsa/blinding.cc.inc index 8838ad8..97f679e 100644 --- a/crypto/fipsmodule/rsa/blinding.c.inc +++ b/crypto/fipsmodule/rsa/blinding.cc.inc
@@ -111,17 +111,17 @@ #include <string.h> #include <openssl/bn.h> -#include <openssl/mem.h> #include <openssl/err.h> +#include <openssl/mem.h> -#include "internal.h" #include "../../internal.h" +#include "internal.h" #define BN_BLINDING_COUNTER 32 struct bn_blinding_st { - BIGNUM *A; // The base blinding factor, Montgomery-encoded. + BIGNUM *A; // The base blinding factor, Montgomery-encoded. BIGNUM *Ai; // The inverse of the blinding factor, Montgomery-encoded. unsigned counter; }; @@ -130,7 +130,8 @@ const BN_MONT_CTX *mont, BN_CTX *ctx); BN_BLINDING *BN_BLINDING_new(void) { - BN_BLINDING *ret = OPENSSL_zalloc(sizeof(BN_BLINDING)); + BN_BLINDING *ret = + reinterpret_cast<BN_BLINDING *>(OPENSSL_zalloc(sizeof(BN_BLINDING))); if (ret == NULL) { return NULL; }
diff --git a/crypto/fipsmodule/rsa/padding.c.inc b/crypto/fipsmodule/rsa/padding.cc.inc similarity index 93% rename from crypto/fipsmodule/rsa/padding.c.inc rename to crypto/fipsmodule/rsa/padding.cc.inc index 2deceb3..e3b06f3 100644 --- a/crypto/fipsmodule/rsa/padding.c.inc +++ b/crypto/fipsmodule/rsa/padding.cc.inc
@@ -64,10 +64,10 @@ #include <openssl/err.h> #include <openssl/mem.h> -#include "internal.h" -#include "../service_indicator/internal.h" -#include "../bcm_interface.h" #include "../../internal.h" +#include "../bcm_interface.h" +#include "../service_indicator/internal.h" +#include "internal.h" int RSA_padding_add_PKCS1_type_1(uint8_t *to, size_t to_len, @@ -215,8 +215,11 @@ int ret = 0; uint8_t *DB = NULL; + const uint8_t *H; EVP_MD_CTX ctx; EVP_MD_CTX_init(&ctx); + unsigned MSBits; + size_t emLen, maskedDBLen, salt_start; FIPS_service_indicator_lock_state(); // Negative sLen has special meanings: @@ -233,8 +236,8 @@ goto err; } - unsigned MSBits = (BN_num_bits(rsa->n) - 1) & 0x7; - size_t emLen = RSA_size(rsa); + MSBits = (BN_num_bits(rsa->n) - 1) & 0x7; + emLen = RSA_size(rsa); if (EM[0] & (0xFF << MSBits)) { OPENSSL_PUT_ERROR(RSA, RSA_R_FIRST_OCTET_INVALID); goto err; @@ -244,8 +247,7 @@ emLen--; } // |sLen| may be -2 for the non-standard salt length recovery mode. - if (emLen < hLen + 2 || - (sLen >= 0 && emLen < hLen + (size_t)sLen + 2)) { + if (emLen < hLen + 2 || (sLen >= 0 && emLen < hLen + (size_t)sLen + 2)) { OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE); goto err; } @@ -253,9 +255,9 @@ OPENSSL_PUT_ERROR(RSA, RSA_R_LAST_OCTET_INVALID); goto err; } - size_t maskedDBLen = emLen - hLen - 1; - const uint8_t *H = EM + maskedDBLen; - DB = OPENSSL_malloc(maskedDBLen); + maskedDBLen = emLen - hLen - 1; + H = EM + maskedDBLen; + DB = reinterpret_cast<uint8_t *>(OPENSSL_malloc(maskedDBLen)); if (!DB) { goto err; } @@ -271,7 +273,6 @@ // This step differs slightly from EMSA-PSS-VERIFY (RFC 8017) step 10 because // it accepts a non-standard salt recovery flow. DB should be some number of // zeros, a one, then the salt. - size_t salt_start; for (salt_start = 0; DB[salt_start] == 0 && salt_start < maskedDBLen - 1; salt_start++) { ; @@ -312,7 +313,7 @@ const unsigned char *mHash, const EVP_MD *Hash, const EVP_MD *mgf1Hash, int sLenRequested) { - int ret = 0; + int ret = 0, digest_ok; size_t maskedDBLen, MSBits, emLen; size_t hLen; unsigned char *H, *salt = NULL, *p; @@ -364,7 +365,7 @@ } if (sLen > 0) { - salt = OPENSSL_malloc(sLen); + salt = reinterpret_cast<uint8_t *>(OPENSSL_malloc(sLen)); if (!salt) { goto err; } @@ -375,11 +376,11 @@ EVP_MD_CTX ctx; EVP_MD_CTX_init(&ctx); - int digest_ok = EVP_DigestInit_ex(&ctx, Hash, NULL) && - EVP_DigestUpdate(&ctx, kPSSZeroes, sizeof(kPSSZeroes)) && - EVP_DigestUpdate(&ctx, mHash, hLen) && - EVP_DigestUpdate(&ctx, salt, sLen) && - EVP_DigestFinal_ex(&ctx, H, NULL); + digest_ok = EVP_DigestInit_ex(&ctx, Hash, NULL) && + EVP_DigestUpdate(&ctx, kPSSZeroes, sizeof(kPSSZeroes)) && + EVP_DigestUpdate(&ctx, mHash, hLen) && + EVP_DigestUpdate(&ctx, salt, sLen) && + EVP_DigestFinal_ex(&ctx, H, NULL); EVP_MD_CTX_cleanup(&ctx); if (!digest_ok) { goto err;
diff --git a/crypto/fipsmodule/rsa/rsa.c.inc b/crypto/fipsmodule/rsa/rsa.cc.inc similarity index 88% rename from crypto/fipsmodule/rsa/rsa.c.inc rename to crypto/fipsmodule/rsa/rsa.cc.inc index 5f38005..83d8f39 100644 --- a/crypto/fipsmodule/rsa/rsa.c.inc +++ b/crypto/fipsmodule/rsa/rsa.cc.inc
@@ -70,9 +70,10 @@ #include <openssl/nid.h> #include <openssl/thread.h> +#include "../../internal.h" +#include "../bcm_interface.h" #include "../bn/internal.h" #include "../delocate.h" -#include "../../internal.h" #include "internal.h" @@ -205,7 +206,7 @@ RSA *RSA_new(void) { return RSA_new_method(NULL); } RSA *RSA_new_method(const ENGINE *engine) { - RSA *rsa = OPENSSL_zalloc(sizeof(RSA)); + RSA *rsa = reinterpret_cast<RSA *>(OPENSSL_zalloc(sizeof(RSA))); if (rsa == NULL) { return NULL; } @@ -215,7 +216,7 @@ } if (rsa->meth == NULL) { - rsa->meth = (RSA_METHOD *) RSA_default_method(); + rsa->meth = (RSA_METHOD *)RSA_default_method(); } METHOD_ref(rsa->meth); @@ -237,8 +238,7 @@ RSA *RSA_new_method_no_e(const ENGINE *engine, const BIGNUM *n) { RSA *rsa = RSA_new_method(engine); - if (rsa == NULL || - !bn_dup_into(&rsa->n, n)) { + if (rsa == NULL || !bn_dup_into(&rsa->n, n)) { RSA_free(rsa); return NULL; } @@ -341,8 +341,7 @@ } int RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d) { - if ((rsa->n == NULL && n == NULL) || - (rsa->e == NULL && e == NULL)) { + if ((rsa->n == NULL && n == NULL) || (rsa->e == NULL && e == NULL)) { return 0; } @@ -364,8 +363,7 @@ } int RSA_set0_factors(RSA *rsa, BIGNUM *p, BIGNUM *q) { - if ((rsa->p == NULL && p == NULL) || - (rsa->q == NULL && q == NULL)) { + if ((rsa->p == NULL && p == NULL) || (rsa->q == NULL && q == NULL)) { return 0; } @@ -439,7 +437,7 @@ int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_unused *unused, CRYPTO_EX_dup *dup_unused, CRYPTO_EX_free *free_func) { return CRYPTO_get_ex_new_index_ex(g_rsa_ex_data_class_bss_get(), argl, argp, - free_func); + free_func); } int RSA_set_ex_data(RSA *rsa, int idx, void *arg) { @@ -471,49 +469,52 @@ // different hash functions. static const struct pkcs1_sig_prefix kPKCS1SigPrefixes[] = { { - NID_md5, - MD5_DIGEST_LENGTH, - 18, - {0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x02, 0x05, 0x05, 0x00, 0x04, 0x10}, + NID_md5, + MD5_DIGEST_LENGTH, + 18, + {0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x02, 0x05, 0x05, 0x00, 0x04, 0x10}, }, { - NID_sha1, - BCM_SHA_DIGEST_LENGTH, - 15, - {0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, - 0x00, 0x04, 0x14}, + NID_sha1, + BCM_SHA_DIGEST_LENGTH, + 15, + {0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, + 0x00, 0x04, 0x14}, }, { - NID_sha224, - BCM_SHA224_DIGEST_LENGTH, - 19, - {0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, - 0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1c}, + NID_sha224, + BCM_SHA224_DIGEST_LENGTH, + 19, + {0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1c}, }, { - NID_sha256, - BCM_SHA256_DIGEST_LENGTH, - 19, - {0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, - 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20}, + NID_sha256, + BCM_SHA256_DIGEST_LENGTH, + 19, + {0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20}, }, { - NID_sha384, - BCM_SHA384_DIGEST_LENGTH, - 19, - {0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, - 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30}, + NID_sha384, + BCM_SHA384_DIGEST_LENGTH, + 19, + {0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30}, }, { - NID_sha512, - BCM_SHA512_DIGEST_LENGTH, - 19, - {0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, - 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40}, + NID_sha512, + BCM_SHA512_DIGEST_LENGTH, + 19, + {0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40}, }, { - NID_undef, 0, 0, {0}, + NID_undef, + 0, + 0, + {0}, }, }; @@ -539,7 +540,6 @@ OPENSSL_PUT_ERROR(RSA, RSA_R_UNKNOWN_ALGORITHM_TYPE); return 0; - } int RSA_add_pkcs1_prefix(uint8_t **out_msg, size_t *out_msg_len, @@ -566,7 +566,7 @@ // The length should already have been checked. assert(digest_len == sig_prefix->hash_len); - const uint8_t* prefix = sig_prefix->bytes; + const uint8_t *prefix = sig_prefix->bytes; size_t prefix_len = sig_prefix->len; size_t signed_msg_len = prefix_len + digest_len; if (signed_msg_len < prefix_len) { @@ -574,7 +574,8 @@ return 0; } - uint8_t *signed_msg = OPENSSL_malloc(signed_msg_len); + uint8_t *signed_msg = + reinterpret_cast<uint8_t *>(OPENSSL_malloc(signed_msg_len)); if (!signed_msg) { return 0; } @@ -653,7 +654,7 @@ } size_t padded_len = RSA_size(rsa); - uint8_t *padded = OPENSSL_malloc(padded_len); + uint8_t *padded = reinterpret_cast<uint8_t *>(OPENSSL_malloc(padded_len)); if (padded == NULL) { return 0; } @@ -686,7 +687,7 @@ return 0; } - buf = OPENSSL_malloc(rsa_size); + buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(rsa_size)); if (!buf) { return 0; } @@ -732,7 +733,7 @@ } size_t em_len = RSA_size(rsa); - uint8_t *em = OPENSSL_malloc(em_len); + uint8_t *em = reinterpret_cast<uint8_t *>(OPENSSL_malloc(em_len)); if (em == NULL) { return 0; } @@ -768,8 +769,7 @@ // were checked by the caller. BN_CTX_start(ctx); BIGNUM *tmp = BN_CTX_get(ctx); - int ret = tmp != NULL && - bn_mul_consttime(tmp, a, ainv, ctx) && + int ret = tmp != NULL && bn_mul_consttime(tmp, a, ainv, ctx) && bn_div_consttime(NULL, tmp, tmp, m, m_min_bits, ctx); if (ret) { *out_ok = constant_time_declassify_int(BN_is_one(tmp)); @@ -819,7 +819,8 @@ } BIGNUM tmp, de, pm1, qm1, dmp1, dmq1; - int ok = 0; + int ok = 0, has_crt_values; + unsigned pm1_bits, qm1_bits; BN_init(&tmp); BN_init(&de); BN_init(&pm1); @@ -856,8 +857,8 @@ OPENSSL_PUT_ERROR(RSA, ERR_LIB_BN); goto out; } - const unsigned pm1_bits = BN_num_bits(&pm1); - const unsigned qm1_bits = BN_num_bits(&qm1); + pm1_bits = BN_num_bits(&pm1); + qm1_bits = BN_num_bits(&qm1); if (!bn_mul_consttime(&de, key->d, key->e, ctx) || !bn_div_consttime(NULL, &tmp, &de, &pm1, pm1_bits, ctx) || !bn_div_consttime(NULL, &de, &de, &qm1, qm1_bits, ctx)) { @@ -871,7 +872,7 @@ goto out; } - int has_crt_values = key->dmp1 != NULL; + has_crt_values = key->dmp1 != NULL; if (has_crt_values != (key->dmq1 != NULL) || has_crt_values != (key->iqmp != NULL)) { OPENSSL_PUT_ERROR(RSA, RSA_R_INCONSISTENT_SET_OF_CRT_VALUES); @@ -912,20 +913,26 @@ // This is the product of the 132 smallest odd primes, from 3 to 751. -static const BN_ULONG kSmallFactorsLimbs[] = { - TOBN(0xc4309333, 0x3ef4e3e1), TOBN(0x71161eb6, 0xcd2d655f), - TOBN(0x95e2238c, 0x0bf94862), TOBN(0x3eb233d3, 0x24f7912b), - TOBN(0x6b55514b, 0xbf26c483), TOBN(0x0a84d817, 0x5a144871), - TOBN(0x77d12fee, 0x9b82210a), TOBN(0xdb5b93c2, 0x97f050b3), - TOBN(0x4acad6b9, 0x4d6c026b), TOBN(0xeb7751f3, 0x54aec893), - TOBN(0xdba53368, 0x36bc85c4), TOBN(0xd85a1b28, 0x7f5ec78e), - TOBN(0x2eb072d8, 0x6b322244), TOBN(0xbba51112, 0x5e2b3aea), - TOBN(0x36ed1a6c, 0x0e2486bf), TOBN(0x5f270460, 0xec0c5727), - 0x000017b1 -}; +static const BN_ULONG kSmallFactorsLimbs[] = {TOBN(0xc4309333, 0x3ef4e3e1), + TOBN(0x71161eb6, 0xcd2d655f), + TOBN(0x95e2238c, 0x0bf94862), + TOBN(0x3eb233d3, 0x24f7912b), + TOBN(0x6b55514b, 0xbf26c483), + TOBN(0x0a84d817, 0x5a144871), + TOBN(0x77d12fee, 0x9b82210a), + TOBN(0xdb5b93c2, 0x97f050b3), + TOBN(0x4acad6b9, 0x4d6c026b), + TOBN(0xeb7751f3, 0x54aec893), + TOBN(0xdba53368, 0x36bc85c4), + TOBN(0xd85a1b28, 0x7f5ec78e), + TOBN(0x2eb072d8, 0x6b322244), + TOBN(0xbba51112, 0x5e2b3aea), + TOBN(0x36ed1a6c, 0x0e2486bf), + TOBN(0x5f270460, 0xec0c5727), + 0x000017b1}; DEFINE_LOCAL_DATA(BIGNUM, g_small_factors) { - out->d = (BN_ULONG *) kSmallFactorsLimbs; + out->d = (BN_ULONG *)kSmallFactorsLimbs; out->width = OPENSSL_ARRAY_SIZE(kSmallFactorsLimbs); out->dmax = out->width; out->neg = 0; @@ -960,9 +967,9 @@ // composite, so too few iterations will cause us to reject the key, not use // an implausible one. enum bn_primality_result_t primality_result; - if (BN_num_bits(key->e) <= 16 || - BN_num_bits(key->e) > 256 || - !BN_is_odd(key->n) || + if (BN_num_bits(key->e) <= 16 || // + BN_num_bits(key->e) > 256 || // + !BN_is_odd(key->n) || // !BN_is_odd(key->e) || !BN_gcd(&small_gcd, key->n, g_small_factors(), ctx) || !BN_is_one(&small_gcd) || @@ -989,7 +996,7 @@ // perform a signing test. uint8_t data[32] = {0}; unsigned sig_len = RSA_size(key); - uint8_t *sig = OPENSSL_malloc(sig_len); + uint8_t *sig = reinterpret_cast<uint8_t *>(OPENSSL_malloc(sig_len)); if (sig == NULL) { return 0; } @@ -1032,6 +1039,4 @@ int RSA_test_flags(const RSA *rsa, int flags) { return rsa->flags & flags; } -int RSA_blinding_on(RSA *rsa, BN_CTX *ctx) { - return 1; -} +int RSA_blinding_on(RSA *rsa, BN_CTX *ctx) { return 1; }
diff --git a/crypto/fipsmodule/rsa/rsa_impl.c.inc b/crypto/fipsmodule/rsa/rsa_impl.cc.inc similarity index 95% rename from crypto/fipsmodule/rsa/rsa_impl.c.inc rename to crypto/fipsmodule/rsa/rsa_impl.cc.inc index c7af4fc..dc32d3a 100644 --- a/crypto/fipsmodule/rsa/rsa_impl.c.inc +++ b/crypto/fipsmodule/rsa/rsa_impl.cc.inc
@@ -147,8 +147,7 @@ return 1; } BIGNUM *copy = BN_dup(in); - if (copy == NULL || - !bn_resize_words(copy, width)) { + if (copy == NULL || !bn_resize_words(copy, width)) { BN_free(copy); return 0; } @@ -171,6 +170,7 @@ } int ret = 0; + const BIGNUM *n_fixed; CRYPTO_MUTEX_lock_write(&rsa->lock); if (rsa->private_key_frozen) { ret = 1; @@ -194,7 +194,7 @@ goto err; } } - const BIGNUM *n_fixed = &rsa->mont_n->N; + n_fixed = &rsa->mont_n->N; // The only public upper-bound of |rsa->d| is the bit length of |rsa->n|. The // ASN.1 serialization of RSA private keys unfortunately leaks the byte length @@ -231,9 +231,8 @@ // Key generation relies on this function to compute |iqmp|. if (rsa->iqmp == NULL) { BIGNUM *iqmp = BN_new(); - if (iqmp == NULL || - !bn_mod_inverse_secret_prime(iqmp, rsa->q, rsa->p, ctx, - rsa->mont_p)) { + if (iqmp == NULL || !bn_mod_inverse_secret_prime(iqmp, rsa->q, rsa->p, + ctx, rsa->mont_p)) { BN_free(iqmp); goto err; } @@ -300,9 +299,7 @@ rsa->blinding_fork_generation = 0; } -size_t rsa_default_size(const RSA *rsa) { - return BN_num_bytes(rsa->n); -} +size_t rsa_default_size(const RSA *rsa) { return BN_num_bytes(rsa->n); } // MAX_BLINDINGS_PER_RSA defines the maximum number of cached BN_BLINDINGs per // RSA*. Then this limit is exceeded, BN_BLINDING objects will be created and @@ -342,8 +339,11 @@ rsa->blinding_fork_generation = fork_generation; } - uint8_t *const free_inuse_flag = - OPENSSL_memchr(rsa->blindings_inuse, 0, rsa->num_blindings); + uint8_t *const free_inuse_flag = reinterpret_cast<uint8_t *>( + OPENSSL_memchr(rsa->blindings_inuse, 0, rsa->num_blindings)); + size_t new_num_blindings; + BN_BLINDING **new_blindings; + uint8_t *new_blindings_inuse; if (free_inuse_flag != NULL) { *free_inuse_flag = 1; *index_used = free_inuse_flag - rsa->blindings_inuse; @@ -363,7 +363,7 @@ // Double the length of the cache. static_assert(MAX_BLINDINGS_PER_RSA < UINT_MAX / 2, "MAX_BLINDINGS_PER_RSA too large"); - size_t new_num_blindings = rsa->num_blindings * 2; + new_num_blindings = rsa->num_blindings * 2; if (new_num_blindings == 0) { new_num_blindings = 1; } @@ -372,9 +372,10 @@ } assert(new_num_blindings > rsa->num_blindings); - BN_BLINDING **new_blindings = - OPENSSL_calloc(new_num_blindings, sizeof(BN_BLINDING *)); - uint8_t *new_blindings_inuse = OPENSSL_malloc(new_num_blindings); + new_blindings = reinterpret_cast<BN_BLINDING **>( + OPENSSL_calloc(new_num_blindings, sizeof(BN_BLINDING *))); + new_blindings_inuse = + reinterpret_cast<uint8_t *>(OPENSSL_malloc(new_num_blindings)); if (new_blindings == NULL || new_blindings_inuse == NULL) { goto err; } @@ -445,7 +446,7 @@ return 0; } - buf = OPENSSL_malloc(rsa_size); + buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(rsa_size)); if (buf == NULL) { goto err; } @@ -527,7 +528,7 @@ buf = out; } else { // Allocate a temporary buffer to hold the padded plaintext. - buf = OPENSSL_malloc(rsa_size); + buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(rsa_size)); if (buf == NULL) { goto err; } @@ -580,9 +581,8 @@ return ret; } -int RSA_verify_raw(RSA *rsa, size_t *out_len, uint8_t *out, - size_t max_out, const uint8_t *in, - size_t in_len, int padding) { +int RSA_verify_raw(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, + const uint8_t *in, size_t in_len, int padding) { boringssl_ensure_rsa_self_test(); return rsa_verify_raw_no_self_test(rsa, out_len, out, max_out, in, in_len, padding); @@ -599,7 +599,7 @@ BN_CTX *ctx = NULL; size_t blinding_index = 0; BN_BLINDING *blinding = NULL; - int ret = 0; + int ret = 0, do_blinding; ctx = BN_CTX_new(); if (ctx == NULL) { @@ -632,7 +632,7 @@ goto err; } - const int do_blinding = + do_blinding = (rsa->flags & (RSA_FLAG_NO_BLINDING | RSA_FLAG_NO_PUBLIC_EXPONENT)) == 0; if (rsa->e == NULL && do_blinding) { @@ -695,8 +695,7 @@ } } - if (do_blinding && - !BN_BLINDING_invert(result, blinding, rsa->mont_n, ctx)) { + if (do_blinding && !BN_BLINDING_invert(result, blinding, rsa->mont_n, ctx)) { goto err; } @@ -739,7 +738,7 @@ return 0; } - if (// Reduce mod p with Montgomery reduction. This computes I * R^-1 mod p. + if ( // Reduce mod p with Montgomery reduction. This computes I * R^-1 mod p. !BN_from_montgomery(r, I, mont_p, ctx) || // Multiply by R^2 and do another Montgomery reduction to compute // I * R^-1 * R^2 * R^-1 = I mod p. @@ -775,8 +774,8 @@ BN_CTX_start(ctx); r1 = BN_CTX_get(ctx); m1 = BN_CTX_get(ctx); - if (r1 == NULL || - m1 == NULL) { + BIGNUM *n, *p, *q; + if (r1 == NULL || m1 == NULL) { goto err; } @@ -787,15 +786,15 @@ // Use the minimal-width versions of |n|, |p|, and |q|. Either works, but if // someone gives us non-minimal values, these will be slightly more efficient // on the non-Montgomery operations. - const BIGNUM *n = &rsa->mont_n->N; - const BIGNUM *p = &rsa->mont_p->N; - const BIGNUM *q = &rsa->mont_q->N; + n = &rsa->mont_n->N; + p = &rsa->mont_p->N; + q = &rsa->mont_q->N; // This is a pre-condition for |mod_montgomery|. It was already checked by the // caller. declassify_assert(BN_ucmp(I, n) < 0); - if (// |m1| is the result modulo |q|. + if ( // |m1| is the result modulo |q|. !mod_montgomery(r1, I, q, rsa->mont_q, p, ctx) || !BN_mod_exp_mont_consttime(m1, r1, rsa->dmq1_fixed, q, ctx, rsa->mont_q) || @@ -881,10 +880,12 @@ // then [] // else let (high, low) = divrem 64 x in low : bnWords high // -// showWord x = let (high, low) = divrem 32 x in printf "TOBN(0x%08x, 0x%08x)" high low +// showWord x = let (high, low) = divrem 32 x in printf "TOBN(0x%08x, 0x%08x)" +// high low // // output :: String -// output = intercalate ", " $ map showWord $ bnWords $ converge (2 ^ (pow2 `div` 2)) +// output = intercalate ", " $ map showWord $ bnWords $ converge (2 ^ (pow2 +// `div` 2)) // // To verify this number, check that n² < 2⁴⁰⁹⁵ < (n+1)², where n is value // represented here. Note the components are listed in little-endian order. Here @@ -962,7 +963,7 @@ // 22.21518251065506 // >>> f(2048, 3, 8*2048) // 22.211701985875937 - if (bits >= INT_MAX/32) { + if (bits >= INT_MAX / 32) { OPENSSL_PUT_ERROR(RSA, RSA_R_MODULUS_TOO_LARGE); return 0; } @@ -1086,16 +1087,18 @@ int ret = 0; int prime_bits = bits / 2; BN_CTX *ctx = BN_CTX_new(); + BIGNUM *totient, *pm1, *qm1, *sqrt2, *pow2_prime_bits_100, *pow2_prime_bits; + int sqrt2_bits; if (ctx == NULL) { goto bn_err; } BN_CTX_start(ctx); - BIGNUM *totient = BN_CTX_get(ctx); - BIGNUM *pm1 = BN_CTX_get(ctx); - BIGNUM *qm1 = BN_CTX_get(ctx); - BIGNUM *sqrt2 = BN_CTX_get(ctx); - BIGNUM *pow2_prime_bits_100 = BN_CTX_get(ctx); - BIGNUM *pow2_prime_bits = BN_CTX_get(ctx); + totient = BN_CTX_get(ctx); + pm1 = BN_CTX_get(ctx); + qm1 = BN_CTX_get(ctx); + sqrt2 = BN_CTX_get(ctx); + pow2_prime_bits_100 = BN_CTX_get(ctx); + pow2_prime_bits = BN_CTX_get(ctx); if (totient == NULL || pm1 == NULL || qm1 == NULL || sqrt2 == NULL || pow2_prime_bits_100 == NULL || pow2_prime_bits == NULL || !BN_set_bit(pow2_prime_bits_100, prime_bits - 100) || @@ -1104,12 +1107,9 @@ } // We need the RSA components non-NULL. - if (!ensure_bignum(&rsa->n) || - !ensure_bignum(&rsa->d) || - !ensure_bignum(&rsa->e) || - !ensure_bignum(&rsa->p) || - !ensure_bignum(&rsa->q) || - !ensure_bignum(&rsa->dmp1) || + if (!ensure_bignum(&rsa->n) || !ensure_bignum(&rsa->d) || + !ensure_bignum(&rsa->e) || !ensure_bignum(&rsa->p) || + !ensure_bignum(&rsa->q) || !ensure_bignum(&rsa->dmp1) || !ensure_bignum(&rsa->dmq1)) { goto bn_err; } @@ -1122,7 +1122,7 @@ if (!bn_set_words(sqrt2, kBoringSSLRSASqrtTwo, kBoringSSLRSASqrtTwoLen)) { goto bn_err; } - int sqrt2_bits = kBoringSSLRSASqrtTwoLen * BN_BITS2; + sqrt2_bits = kBoringSSLRSASqrtTwoLen * BN_BITS2; assert(sqrt2_bits == (int)BN_num_bits(sqrt2)); if (sqrt2_bits > prime_bits) { // For key sizes up to 4096 (prime_bits = 2048), this is exactly @@ -1183,7 +1183,7 @@ assert(BN_num_bits(pm1) == (unsigned)prime_bits); assert(BN_num_bits(qm1) == (unsigned)prime_bits); - if (// Calculate n. + if ( // Calculate n. !bn_mul_consttime(rsa->n, rsa->p, rsa->q, ctx) || // Calculate d mod (p-1). !bn_div_consttime(NULL, rsa->dmp1, rsa->d, pm1, prime_bits, ctx) || @@ -1329,8 +1329,7 @@ } BIGNUM *e = BN_new(); - int ret = e != NULL && - BN_set_word(e, RSA_F4) && + int ret = e != NULL && BN_set_word(e, RSA_F4) && RSA_generate_key_ex_maybe_fips(rsa, bits, e, cb, /*check_fips=*/1); BN_free(e);
diff --git a/crypto/fipsmodule/self_check/fips.c.inc b/crypto/fipsmodule/self_check/fips.cc.inc similarity index 94% rename from crypto/fipsmodule/self_check/fips.c.inc rename to crypto/fipsmodule/self_check/fips.cc.inc index 920a6cb..8dca715 100644 --- a/crypto/fipsmodule/self_check/fips.c.inc +++ b/crypto/fipsmodule/self_check/fips.cc.inc
@@ -85,8 +85,8 @@ abort(); } - const size_t *array = - CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_FIPS_COUNTERS); + const size_t *array = reinterpret_cast<const size_t *>( + CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_FIPS_COUNTERS)); if (!array) { return 0; } @@ -100,11 +100,11 @@ abort(); } - size_t *array = - CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_FIPS_COUNTERS); + size_t *array = reinterpret_cast<size_t *>( + CRYPTO_get_thread_local(OPENSSL_THREAD_LOCAL_FIPS_COUNTERS)); if (!array) { const size_t num_bytes = sizeof(size_t) * (fips_counter_max + 1); - array = OPENSSL_zalloc(num_bytes); + array = reinterpret_cast<size_t *>(OPENSSL_zalloc(num_bytes)); if (!array) { return; }
diff --git a/crypto/fipsmodule/self_check/self_check.c.inc b/crypto/fipsmodule/self_check/self_check.cc.inc similarity index 97% rename from crypto/fipsmodule/self_check/self_check.c.inc rename to crypto/fipsmodule/self_check/self_check.cc.inc index 9c90e0a..71d5ca8 100644 --- a/crypto/fipsmodule/self_check/self_check.c.inc +++ b/crypto/fipsmodule/self_check/self_check.cc.inc
@@ -24,8 +24,8 @@ #include <openssl/dh.h> #include <openssl/digest.h> #include <openssl/ec.h> -#include <openssl/ecdsa.h> #include <openssl/ec_key.h> +#include <openssl/ecdsa.h> #include <openssl/hkdf.h> #include <openssl/hmac.h> #include <openssl/nid.h> @@ -48,15 +48,14 @@ // compile the real logic. #if defined(_MSC_VER) -int BORINGSSL_self_test(void) { - return 0; -} +int BORINGSSL_self_test(void) { return 0; } #else -static void hexdump(FILE *out, const uint8_t *in, size_t len) { +static void hexdump(FILE *out, const void *in, size_t len) { + const uint8_t *in8 = reinterpret_cast<const uint8_t *>(in); for (size_t i = 0; i < len; i++) { - fprintf(out, "%02x", in[i]); + fprintf(out, "%02x", in8[i]); } } @@ -197,7 +196,7 @@ }; RSA *rsa = RSA_new(); - if (rsa == NULL || + if (rsa == NULL || // !set_bignum(&rsa->n, kN, sizeof(kN)) || !set_bignum(&rsa->e, kE, sizeof(kE)) || !set_bignum(&rsa->d, kD, sizeof(kD)) || @@ -396,6 +395,11 @@ EC_POINT *ec_point_in = NULL; EC_POINT *ec_point_out = NULL; BIGNUM *ec_scalar = NULL; + const EC_GROUP *ec_group = NULL; + + // The 'k' value for ECDSA is fixed to avoid an entropy draw. + uint8_t ecdsa_k[32] = {0}; + ecdsa_k[31] = 42; ec_key = self_test_ecdsa_key(); if (ec_key == NULL) { @@ -419,10 +423,6 @@ 0x70, 0xb5, 0xbb, 0x0d, 0xfd, 0x8e, 0x0c, 0x02, 0x3f, }; - // The 'k' value for ECDSA is fixed to avoid an entropy draw. - uint8_t ecdsa_k[32] = {0}; - ecdsa_k[31] = 42; - uint8_t ecdsa_sign_output[64]; size_t ecdsa_sign_output_len; if (!ecdsa_sign_fixed_with_nonce_for_known_answer_test( @@ -483,7 +483,7 @@ 0x7c, 0x41, 0x8f, 0xaf, 0x9c, 0x40, 0xaf, 0x2e, 0x4a, 0x0c, }; - const EC_GROUP *ec_group = EC_group_p256(); + ec_group = EC_group_p256(); ec_point_in = EC_POINT_new(ec_group); ec_point_out = EC_POINT_new(ec_group); ec_scalar = BN_new(); @@ -701,7 +701,10 @@ } static int boringssl_self_test_fast(void) { - static const uint8_t kAESKey[16] = "BoringCrypto Key"; + static const uint8_t kAESKey[16] = { + 'B', 'o', 'r', 'i', 'n', 'g', 'C', 'r', + 'y', 'p', 't', 'o', ' ', 'K', 'e', 'y', + }; static const uint8_t kAESIV[16] = {0}; EVP_AEAD_CTX aead_ctx; @@ -823,13 +826,11 @@ 0x09, 0x11, 0x6d, 0x1a, 0xfd, 0x0f, 0x1e, 0x11, 0xe3, 0xcb, }; SHA1(kSHA1Input, sizeof(kSHA1Input), output); - if (!check_test(kSHA1Digest, output, sizeof(kSHA1Digest), - "SHA-1 KAT")) { + if (!check_test(kSHA1Digest, output, sizeof(kSHA1Digest), "SHA-1 KAT")) { goto err; } - if (!boringssl_self_test_sha256() || - !boringssl_self_test_sha512() || + if (!boringssl_self_test_sha256() || !boringssl_self_test_sha512() || !boringssl_self_test_hmac_sha256()) { goto err; } @@ -841,8 +842,11 @@ 0x3f, 0x17, 0x4c, 0xf4, 0x78, 0x7a, 0x4f, 0x1a, 0x40, 0xc2, 0xb5, 0x0b, 0xab, 0xe1, 0x4a, 0xae, 0x53, 0x0b, 0xe5, 0x88, 0x6d, 0x91, 0x0a, 0x27, }; - static const uint8_t kDRBGPersonalization[18] = "BCMPersonalization"; - static const uint8_t kDRBGAD[16] = "BCM DRBG KAT AD "; + static const uint8_t kDRBGPersonalization[18] = { + 'B', 'C', 'M', 'P', 'e', 'r', 's', 'o', 'n', + 'a', 'l', 'i', 'z', 'a', 't', 'i', 'o', 'n'}; + static const uint8_t kDRBGAD[16] = {'B', 'C', 'M', ' ', 'D', 'R', 'B', 'G', + ' ', 'K', 'A', 'T', ' ', 'A', 'D', ' '}; static const uint8_t kDRBGOutput[64] = { 0x19, 0x1f, 0x2b, 0x49, 0x76, 0x85, 0xfd, 0x51, 0xb6, 0x56, 0xbc, 0x1c, 0x7d, 0xd5, 0xdd, 0x44, 0x76, 0xa3, 0x5e, 0x17, 0x9b, 0x8e, @@ -1022,8 +1026,8 @@ int BORINGSSL_self_test(void) { if (!boringssl_self_test_fast() || // When requested to run self tests, also run the lazy tests. - !boringssl_self_test_rsa() || - !boringssl_self_test_ecc() || + !boringssl_self_test_rsa() || // + !boringssl_self_test_ecc() || // !boringssl_self_test_ffdh()) { return 0; } @@ -1032,9 +1036,7 @@ } #if defined(BORINGSSL_FIPS) -int boringssl_self_test_startup(void) { - return boringssl_self_test_fast(); -} +int boringssl_self_test_startup(void) { return boringssl_self_test_fast(); } #endif #endif // !_MSC_VER
diff --git a/crypto/fipsmodule/service_indicator/service_indicator.c.inc b/crypto/fipsmodule/service_indicator/service_indicator.cc.inc similarity index 96% rename from crypto/fipsmodule/service_indicator/service_indicator.c.inc rename to crypto/fipsmodule/service_indicator/service_indicator.cc.inc index 80ab82e..a6cecf3 100644 --- a/crypto/fipsmodule/service_indicator/service_indicator.c.inc +++ b/crypto/fipsmodule/service_indicator/service_indicator.cc.inc
@@ -45,11 +45,13 @@ // for approved services irrespective of whether the user queries it or not. // Hence, it is lazily initialized in any call to an approved service. static struct fips_service_indicator_state *service_indicator_get(void) { - struct fips_service_indicator_state *indicator = CRYPTO_get_thread_local( - OPENSSL_THREAD_LOCAL_FIPS_SERVICE_INDICATOR_STATE); + struct fips_service_indicator_state *indicator = + reinterpret_cast<fips_service_indicator_state *>(CRYPTO_get_thread_local( + OPENSSL_THREAD_LOCAL_FIPS_SERVICE_INDICATOR_STATE)); if (indicator == NULL) { - indicator = OPENSSL_malloc(sizeof(struct fips_service_indicator_state)); + indicator = reinterpret_cast<fips_service_indicator_state *>( + OPENSSL_malloc(sizeof(struct fips_service_indicator_state))); if (indicator == NULL) { return NULL; } @@ -186,7 +188,7 @@ int (*md_ok)(int md_type)) { if (EVP_MD_CTX_md(ctx) == NULL) { // Signature schemes without a prehash are currently never FIPS approved. - goto err; + return; } EVP_PKEY_CTX *const pctx = ctx->pctx; @@ -242,7 +244,7 @@ } } - err: +err: // Ensure that junk errors aren't left on the queue. ERR_clear_error(); }
diff --git a/crypto/fipsmodule/sha/internal.h b/crypto/fipsmodule/sha/internal.h index d2a4269..24a9230 100644 --- a/crypto/fipsmodule/sha/internal.h +++ b/crypto/fipsmodule/sha/internal.h
@@ -196,9 +196,7 @@ #define SHA512_ASM_AVX OPENSSL_INLINE int sha512_avx_capable(void) { - // Pre-Zen AMD CPUs had slow SHLD/SHRD; Zen added the SHA extension; see the - // discussion in sha1-586.pl. - return CRYPTO_is_AVX_capable() && CRYPTO_is_intel_cpu(); + return CRYPTO_is_AVX_capable(); } void sha512_block_data_order_avx(uint64_t state[8], const uint8_t *data, size_t num);
diff --git a/crypto/fipsmodule/sha/sha1.c.inc b/crypto/fipsmodule/sha/sha1.cc.inc similarity index 96% rename from crypto/fipsmodule/sha/sha1.c.inc rename to crypto/fipsmodule/sha/sha1.cc.inc index 53117a5..8cabfaf 100644 --- a/crypto/fipsmodule/sha/sha1.c.inc +++ b/crypto/fipsmodule/sha/sha1.cc.inc
@@ -58,8 +58,8 @@ #include <openssl/mem.h> -#include "../bcm_interface.h" #include "../../internal.h" +#include "../bcm_interface.h" #include "../digest/md32_common.h" #include "../service_indicator/internal.h" #include "internal.h" @@ -87,7 +87,8 @@ bcm_infallible BCM_sha1_update(SHA_CTX *c, const void *data, size_t len) { crypto_md32_update(&sha1_block_data_order, c->h, c->data, SHA_CBLOCK, &c->num, - &c->Nh, &c->Nl, data, len); + &c->Nh, &c->Nl, reinterpret_cast<const uint8_t *>(data), + len); return bcm_infallible_approved; } @@ -110,7 +111,7 @@ } bcm_infallible BCM_fips_186_2_prf(uint8_t *out, size_t out_len, - const uint8_t xkey[SHA_DIGEST_LENGTH]) { + const uint8_t xkey[SHA_DIGEST_LENGTH]) { // XKEY and XVAL are 160-bit values, but are internally right-padded up to // block size. See FIPS 186-2, Appendix 3.3. This buffer maintains both the // current value of XKEY and the padding. @@ -215,22 +216,22 @@ #endif /* Originally X was an array. As it's automatic it's natural -* to expect RISC compiler to accomodate at least part of it in -* the register bank, isn't it? Unfortunately not all compilers -* "find" this expectation reasonable:-( On order to make such -* compilers generate better code I replace X[] with a bunch of -* X0, X1, etc. See the function body below... -* <appro@fy.chalmers.se> */ -#define X(i) XX##i + * to expect RISC compiler to accomodate at least part of it in + * the register bank, isn't it? Unfortunately not all compilers + * "find" this expectation reasonable:-( On order to make such + * compilers generate better code I replace X[] with a bunch of + * X0, X1, etc. See the function body below... + * <appro@fy.chalmers.se> */ +#define X(i) XX##i #if !defined(SHA1_ASM) #if !defined(SHA1_ASM_NOHW) static void sha1_block_data_order_nohw(uint32_t state[5], const uint8_t *data, size_t num) { - register uint32_t A, B, C, D, E, T; - uint32_t XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10, - XX11, XX12, XX13, XX14, XX15; + uint32_t A, B, C, D, E, T; + uint32_t XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, XX8, XX9, XX10, XX11, XX12, + XX13, XX14, XX15; A = state[0]; B = state[1];
diff --git a/crypto/fipsmodule/sha/sha256.c.inc b/crypto/fipsmodule/sha/sha256.cc.inc similarity index 98% rename from crypto/fipsmodule/sha/sha256.c.inc rename to crypto/fipsmodule/sha/sha256.cc.inc index 91188ab..1daee88 100644 --- a/crypto/fipsmodule/sha/sha256.c.inc +++ b/crypto/fipsmodule/sha/sha256.cc.inc
@@ -106,7 +106,8 @@ bcm_infallible BCM_sha256_update(SHA256_CTX *c, const void *data, size_t len) { crypto_md32_update(&sha256_block_data_order, c->h, c->data, BCM_SHA256_CBLOCK, - &c->num, &c->Nh, &c->Nl, data, len); + &c->num, &c->Nh, &c->Nl, + reinterpret_cast<const uint8_t *>(data), len); return bcm_infallible_approved; }
diff --git a/crypto/fipsmodule/sha/sha512.c.inc b/crypto/fipsmodule/sha/sha512.cc.inc similarity index 99% rename from crypto/fipsmodule/sha/sha512.c.inc rename to crypto/fipsmodule/sha/sha512.cc.inc index 65a5265..c3d86a3 100644 --- a/crypto/fipsmodule/sha/sha512.c.inc +++ b/crypto/fipsmodule/sha/sha512.cc.inc
@@ -168,7 +168,7 @@ size_t len) { uint64_t l; uint8_t *p = c->p; - const uint8_t *data = in_data; + const uint8_t *data = reinterpret_cast<const uint8_t *>(in_data); if (len == 0) { return bcm_infallible_approved; @@ -189,7 +189,7 @@ if (len < n) { OPENSSL_memcpy(p + c->num, data, len); c->num += (unsigned int)len; - return 1; + return bcm_infallible_approved; } else { OPENSSL_memcpy(p + c->num, data, n), c->num = 0; len -= n;
diff --git a/crypto/fipsmodule/tls/kdf.c.inc b/crypto/fipsmodule/tls/kdf.cc.inc similarity index 100% rename from crypto/fipsmodule/tls/kdf.c.inc rename to crypto/fipsmodule/tls/kdf.cc.inc
diff --git a/crypto/hpke/hpke.c b/crypto/hpke/hpke.cc similarity index 98% rename from crypto/hpke/hpke.c rename to crypto/hpke/hpke.cc index 4aa74d4..35b9c08 100644 --- a/crypto/hpke/hpke.c +++ b/crypto/hpke/hpke.cc
@@ -137,7 +137,8 @@ const uint8_t *kem_context, size_t kem_context_len) { // concat("KEM", I2OSP(kem_id, 2)) - uint8_t suite_id[5] = {'K', 'E', 'M', kem_id >> 8, kem_id & 0xff}; + uint8_t suite_id[5] = {'K', 'E', 'M', static_cast<uint8_t>(kem_id >> 8), + static_cast<uint8_t>(kem_id & 0xff)}; uint8_t prk[EVP_MAX_MD_SIZE]; size_t prk_len; return hpke_labeled_extract(hkdf_md, prk, &prk_len, NULL, 0, suite_id, @@ -622,7 +623,8 @@ } EVP_HPKE_KEY *EVP_HPKE_KEY_new(void) { - EVP_HPKE_KEY *key = OPENSSL_malloc(sizeof(EVP_HPKE_KEY)); + EVP_HPKE_KEY *key = + reinterpret_cast<EVP_HPKE_KEY *>(OPENSSL_malloc(sizeof(EVP_HPKE_KEY))); if (key == NULL) { return NULL; } @@ -847,7 +849,8 @@ } EVP_HPKE_CTX *EVP_HPKE_CTX_new(void) { - EVP_HPKE_CTX *ctx = OPENSSL_malloc(sizeof(EVP_HPKE_CTX)); + EVP_HPKE_CTX *ctx = + reinterpret_cast<EVP_HPKE_CTX *>(OPENSSL_malloc(sizeof(EVP_HPKE_CTX))); if (ctx == NULL) { return NULL; }
diff --git a/crypto/hrss/hrss.c b/crypto/hrss/hrss.cc similarity index 94% rename from crypto/hrss/hrss.c rename to crypto/hrss/hrss.cc index 572e981..55a21f0 100644 --- a/crypto/hrss/hrss.c +++ b/crypto/hrss/hrss.cc
@@ -17,6 +17,7 @@ #include <assert.h> #include <stdio.h> #include <stdlib.h> +#include <type_traits> #include <openssl/bn.h> #include <openssl/hmac.h> @@ -24,12 +25,6 @@ #include <openssl/rand.h> #include <openssl/sha.h> -#if defined(_MSC_VER) -#define RESTRICT -#else -#define RESTRICT restrict -#endif - #include "../internal.h" #include "internal.h" @@ -226,9 +221,7 @@ return vextq_u16(left, right, 5); } -static inline uint16_t vec_get_word(vec_t v, unsigned i) { - return v[i]; -} +static inline uint16_t vec_get_word(vec_t v, unsigned i) { return v[i]; } #if !defined(OPENSSL_AARCH64) @@ -298,14 +291,6 @@ // crypto_word_t v[WORDS_PER_POLY]; // }; -OPENSSL_UNUSED static void hexdump(const void *void_in, size_t len) { - const uint8_t *in = (const uint8_t *)void_in; - for (size_t i = 0; i < len; i++) { - printf("%02x", in[i]); - } - printf("\n"); -} - static void poly2_zero(struct poly2 *p) { OPENSSL_memset(&p->v[0], 0, sizeof(crypto_word_t) * WORDS_PER_POLY); } @@ -314,20 +299,13 @@ static crypto_word_t word_reverse(crypto_word_t in) { #if defined(OPENSSL_64_BIT) static const crypto_word_t kMasks[6] = { - UINT64_C(0x5555555555555555), - UINT64_C(0x3333333333333333), - UINT64_C(0x0f0f0f0f0f0f0f0f), - UINT64_C(0x00ff00ff00ff00ff), - UINT64_C(0x0000ffff0000ffff), - UINT64_C(0x00000000ffffffff), + UINT64_C(0x5555555555555555), UINT64_C(0x3333333333333333), + UINT64_C(0x0f0f0f0f0f0f0f0f), UINT64_C(0x00ff00ff00ff00ff), + UINT64_C(0x0000ffff0000ffff), UINT64_C(0x00000000ffffffff), }; #else static const crypto_word_t kMasks[5] = { - 0x55555555, - 0x33333333, - 0x0f0f0f0f, - 0x00ff00ff, - 0x0000ffff, + 0x55555555, 0x33333333, 0x0f0f0f0f, 0x00ff00ff, 0x0000ffff, }; #endif @@ -362,12 +340,12 @@ t.v[i] = word_reverse(in->v[i]); } - static const size_t shift = BITS_PER_WORD - ((N-1) % BITS_PER_WORD); - for (size_t i = 0; i < WORDS_PER_POLY-1; i++) { - out->v[i] = t.v[WORDS_PER_POLY-1-i] >> shift; - out->v[i] |= t.v[WORDS_PER_POLY-2-i] << (BITS_PER_WORD - shift); + static const size_t shift = BITS_PER_WORD - ((N - 1) % BITS_PER_WORD); + for (size_t i = 0; i < WORDS_PER_POLY - 1; i++) { + out->v[i] = t.v[WORDS_PER_POLY - 1 - i] >> shift; + out->v[i] |= t.v[WORDS_PER_POLY - 2 - i] << (BITS_PER_WORD - shift); } - out->v[WORDS_PER_POLY-1] = t.v[0] >> shift; + out->v[WORDS_PER_POLY - 1] = t.v[0] >> shift; } // poly2_cswap exchanges the values of |a| and |b| if |swap| is all ones. @@ -416,13 +394,6 @@ p->v[WORDS_PER_POLY - 1] &= (UINT64_C(1) << BITS_IN_LAST_WORD) - 1; } -// poly2_top_bits_are_clear returns one iff the extra bits in the final words of -// |p| are zero. -static int poly2_top_bits_are_clear(const struct poly2 *p) { - return (p->v[WORDS_PER_POLY - 1] & - ~((UINT64_C(1) << BITS_IN_LAST_WORD) - 1)) == 0; -} - // Ternary polynomials. // poly3 represents a degree-N polynomial over GF(3). Each coefficient is @@ -460,29 +431,6 @@ // struct poly2 s, a; // }; -OPENSSL_UNUSED static void poly3_print(const struct poly3 *in) { - struct poly3 p; - OPENSSL_memcpy(&p, in, sizeof(p)); - p.s.v[WORDS_PER_POLY - 1] &= ((crypto_word_t)1 << BITS_IN_LAST_WORD) - 1; - p.a.v[WORDS_PER_POLY - 1] &= ((crypto_word_t)1 << BITS_IN_LAST_WORD) - 1; - - printf("{["); - for (unsigned i = 0; i < WORDS_PER_POLY; i++) { - if (i) { - printf(" "); - } - printf(BN_HEX_FMT2, p.s.v[i]); - } - printf("] ["); - for (unsigned i = 0; i < WORDS_PER_POLY; i++) { - if (i) { - printf(" "); - } - printf(BN_HEX_FMT2, p.a.v[i]); - } - printf("]}\n"); -} - static void poly3_zero(struct poly3 *p) { poly2_zero(&p->s); poly2_zero(&p->a); @@ -533,9 +481,8 @@ } // poly3_fmadd sets |out| to |out| - |in|×m, where m is (ms, ma). -static void poly3_fmsub(struct poly3 *RESTRICT out, - const struct poly3 *RESTRICT in, crypto_word_t ms, - crypto_word_t ma) { +static void poly3_fmsub(struct poly3 *out, const struct poly3 *in, + crypto_word_t ms, crypto_word_t ma) { crypto_word_t product_s, product_a; for (size_t i = 0; i < WORDS_PER_POLY; i++) { poly3_word_mul(&product_s, &product_a, in->s.v[i], in->a.v[i], ms, ma); @@ -550,12 +497,6 @@ return lsb_to_all(v >> (BITS_IN_LAST_WORD - 1)); } -// poly3_top_bits_are_clear returns one iff the extra bits in the final words of -// |p| are zero. -OPENSSL_UNUSED static int poly3_top_bits_are_clear(const struct poly3 *p) { - return poly2_top_bits_are_clear(&p->s) && poly2_top_bits_are_clear(&p->a); -} - // poly3_mod_phiN reduces |p| by Φ(N). static void poly3_mod_phiN(struct poly3 *p) { // In order to reduce by Φ(N) we subtract by the value of the greatest @@ -802,15 +743,16 @@ int delta = 1; - for (size_t i = 0; i < (2*(N-1)) - 1; i++) { + for (size_t i = 0; i < (2 * (N - 1)) - 1; i++) { poly3_vec_lshift1(v_s, v_a); const crypto_word_t delta_sign_bit = (delta >> (sizeof(delta) * 8 - 1)) & 1; const crypto_word_t delta_is_non_negative = delta_sign_bit - 1; const crypto_word_t delta_is_non_zero = ~constant_time_is_zero_w(delta); const vec_t g_has_constant_term = vec_broadcast_bit(g_a[0]); - const vec_t mask_w = - {delta_is_non_negative & delta_is_non_zero}; + const vec_t mask_w = { + static_cast<std::remove_reference<decltype(mask_w[0])>::type>( + delta_is_non_negative & delta_is_non_zero)}; const vec_t mask = vec_broadcast_bit(mask_w) & g_has_constant_term; const vec_t c_a = vec_broadcast_bit(f_a[0] & g_a[0]); @@ -863,7 +805,7 @@ poly3_reverse_700(&g, in); int delta = 1; - for (size_t i = 0; i < (2*(N-1)) - 1; i++) { + for (size_t i = 0; i < (2 * (N - 1)) - 1; i++) { poly3_lshift1(&v); const crypto_word_t delta_sign_bit = (delta >> (sizeof(delta) * 8 - 1)) & 1; @@ -940,17 +882,6 @@ assert(x->v[N + 2] == 0); } -OPENSSL_UNUSED static void poly_print(const struct poly *p) { - printf("["); - for (unsigned i = 0; i < N; i++) { - if (i) { - printf(" "); - } - printf("%d", p->v[i]); - } - printf("]\n"); -} - // POLY_MUL_SCRATCH contains space for the working variables needed by // |poly_mul|. The contents afterwards may be discarded, but the object may also // be reused with future |poly_mul| calls to save heap allocations. @@ -986,9 +917,8 @@ // of |scratch| and the function recurses, except if |n| < 3, when |scratch| // isn't used and the recursion stops. If |n| == |VECS_PER_POLY| then |scratch| // needs 172 elements. -static void poly_mul_vec_aux(vec_t *restrict out, vec_t *restrict scratch, - const vec_t *restrict a, const vec_t *restrict b, - const size_t n) { +static void poly_mul_vec_aux(vec_t *out, vec_t *scratch, const vec_t *a, + const vec_t *b, const size_t n) { // In [HRSS], the technique they used for polynomial multiplication is // described: they start with Toom-4 at the top level and then two layers of // Karatsuba. Karatsuba is a specific instance of the general Toom–Cook @@ -1245,8 +1175,8 @@ for (size_t i = 0; i < VECS_PER_POLY; i++) { const vec_t prev = prod[VECS_PER_POLY - 1 + i]; - const vec_t this = prod[VECS_PER_POLY + i]; - out_vecs[i] = vec_add(prod[i], vec_merge_3_5(prev, this)); + const vec_t this_vec = prod[VECS_PER_POLY + i]; + out_vecs[i] = vec_add(prod[i], vec_merge_3_5(prev, this_vec)); } OPENSSL_memset(&out->v[N], 0, 3 * sizeof(uint16_t)); @@ -1266,7 +1196,7 @@ OPENSSL_memset(out, 0, sizeof(uint16_t) * n * 2); for (size_t i = 0; i < n; i++) { for (size_t j = 0; j < n; j++) { - out[i + j] += (unsigned) a[i] * b[j]; + out[i + j] += (unsigned)a[i] * b[j]; } } @@ -1334,7 +1264,7 @@ #endif #if defined(HRSS_HAVE_VECTOR_UNIT) - if (vec_capable()) { + if (vec_capable()) { poly_mul_vec(scratch, r, a, b); } else #endif @@ -1563,7 +1493,7 @@ poly2_reverse_700(&g, &g); int delta = 1; - for (size_t i = 0; i < (2*(N-1)) - 1; i++) { + for (size_t i = 0; i < (2 * (N - 1)) - 1; i++) { poly2_lshift1(&v); const crypto_word_t delta_sign_bit = (delta >> (sizeof(delta) * 8 - 1)) & 1; @@ -1728,7 +1658,7 @@ const uint16_t *coeffs = in->v; // Only 700 coefficients are marshaled because in[700] must be zero. - assert(coeffs[N-1] == 0); + assert(coeffs[N - 1] == 0); for (size_t i = 0; i < HRSS_POLY3_BYTES; i++) { const uint16_t coeffs0 = mod3_from_modQ(coeffs[0]); @@ -1772,15 +1702,15 @@ // because |sum| is bound by +/- (N-2), and N < 2^15 so it works out. uint16_t sum = 0; for (unsigned i = 0; i < N - 2; i++) { - sum += (unsigned) out->v[i] * out->v[i + 1]; + sum += (unsigned)out->v[i] * out->v[i + 1]; } // If the sum is negative, flip the sign of even-positioned coefficients. (See // page 8 of [HRSS].) - sum = ((int16_t) sum) >> 15; + sum = ((int16_t)sum) >> 15; const uint16_t scale = sum | (~sum & 1); for (unsigned i = 0; i < N; i += 2) { - out->v[i] = (unsigned) out->v[i] * scale; + out->v[i] = (unsigned)out->v[i] * scale; } poly_assert_normalized(out); } @@ -1877,7 +1807,7 @@ // Note that s0 + s1 + s2 = 0. out->v[0] += s0; - out->v[1] -= (s0 + s2); // = s1 + out->v[1] -= (s0 + s2); // = s1 out->v[2] += s2; // Calculate the remaining inner products by taking advantage of the @@ -1924,7 +1854,7 @@ sizeof(struct HRSS_public_key) >= sizeof(struct public_key) + 15, "HRSS public key too small"); - return align_pointer(ext->opaque, 16); + return reinterpret_cast<public_key *>(align_pointer(ext->opaque, 16)); } // private_key_from_external does the same thing as |public_key_from_external|, @@ -1936,7 +1866,7 @@ sizeof(struct HRSS_private_key) >= sizeof(struct private_key) + 15, "HRSS private key too small"); - return align_pointer(ext->opaque, 16); + return reinterpret_cast<private_key *>(align_pointer(ext->opaque, 16)); } // malloc_align32 returns a pointer to |size| bytes of 32-byte-aligned heap and @@ -1968,13 +1898,14 @@ }; void *malloc_ptr; - struct vars *const vars = malloc_align32(&malloc_ptr, sizeof(struct vars)); + struct vars *const vars = reinterpret_cast<struct vars *>( + malloc_align32(&malloc_ptr, sizeof(struct vars))); if (!vars) { // If the caller ignores the return value the output will still be safe. // The private key output is randomised in case it's later passed to // |HRSS_encap|. memset(out_pub, 0, sizeof(struct HRSS_public_key)); - RAND_bytes((uint8_t*) out_priv, sizeof(struct HRSS_private_key)); + RAND_bytes((uint8_t *)out_priv, sizeof(struct HRSS_private_key)); return 0; } @@ -2031,7 +1962,8 @@ }; void *malloc_ptr; - struct vars *const vars = malloc_align32(&malloc_ptr, sizeof(struct vars)); + struct vars *const vars = reinterpret_cast<struct vars *>( + malloc_align32(&malloc_ptr, sizeof(struct vars))); if (!vars) { // If the caller ignores the return value the output will still be safe. // The private key output is randomised in case it's used to encrypt and @@ -2071,11 +2003,17 @@ } int HRSS_decap(uint8_t out_shared_key[HRSS_KEY_BYTES], - const struct HRSS_private_key *in_priv, - const uint8_t *ciphertext, size_t ciphertext_len) { + const struct HRSS_private_key *in_priv, + const uint8_t *ciphertext, size_t ciphertext_len) { const struct private_key *priv = private_key_from_external((struct HRSS_private_key *)in_priv); +#if defined(_MSC_VER) + // MSVC will produce this useless warning: + // warning C4324: structure was padded due to alignment specifier +#pragma warning(push) +#pragma warning(disable : 4324) +#endif struct vars { struct POLY_MUL_SCRATCH scratch; uint8_t masked_key[SHA256_CBLOCK]; @@ -2091,9 +2029,13 @@ uint8_t r_bytes[HRSS_POLY3_BYTES]; uint8_t shared_key[32]; }; +#if defined(_MSC_VER) +#pragma warning(pop) +#endif void *malloc_ptr; - struct vars *const vars = malloc_align32(&malloc_ptr, sizeof(struct vars)); + struct vars *const vars = reinterpret_cast<struct vars *>( + malloc_align32(&malloc_ptr, sizeof(struct vars))); if (!vars) { // If the caller ignores the return value the output will still be safe. // The private key output is randomised in case it's used to encrypt and @@ -2139,6 +2081,7 @@ // If the ciphertext is publicly invalid then a random shared key is still // returned to simply the logic of the caller, but this path is not constant // time. + crypto_word_t ok = 0; if (ciphertext_len != HRSS_CIPHERTEXT_BYTES || !poly_unmarshal(&vars->c, ciphertext)) { goto out; @@ -2161,7 +2104,7 @@ poly_mod_phiN(&vars->r); poly_clamp(&vars->r); - crypto_word_t ok = poly3_from_poly_checked(&vars->r3, &vars->r); + ok = poly3_from_poly_checked(&vars->r3, &vars->r); // [NTRUCOMP] section 5.1 includes ReEnc2 and a proof that it's valid. Rather // than do an expensive |poly_mul|, it rebuilds |c'| from |c - lift(m)|
diff --git a/crypto/internal.h b/crypto/internal.h index ca37027..6821618 100644 --- a/crypto/internal.h +++ b/crypto/internal.h
@@ -126,16 +126,6 @@ #include <stdlib.h> #endif -#if !defined(__cplusplus) -#if !defined(__STDC_VERSION__) || __STDC_VERSION__ < 201112L -// BoringSSL requires C11 to build the library. The most likely cause of -// pre-C11 modes is stale -std=c99 or -std=gnu99 flags in build configuration. -// Such flags can be removed. If building with MSVC, build with /std:c11. -#error "BoringSSL must be built in C11 mode or higher." -#endif -#include <stdalign.h> -#endif - #if defined(OPENSSL_THREADS) && \ (!defined(OPENSSL_WINDOWS) || defined(__MINGW32__)) #include <pthread.h> @@ -147,29 +137,11 @@ #define OPENSSL_WINDOWS_THREADS #endif -// Determine the atomics implementation to use with C. -#if !defined(__cplusplus) -#if !defined(OPENSSL_C11_ATOMIC) && defined(OPENSSL_THREADS) && \ - !defined(__STDC_NO_ATOMICS__) -#define OPENSSL_C11_ATOMIC +#if defined(OPENSSL_THREADS) +#include <atomic> #endif -#if defined(OPENSSL_C11_ATOMIC) -#include <stdatomic.h> -#endif - -// Older MSVC does not support C11 atomics, so we fallback to the Windows APIs. -// When both are available (e.g. clang-cl), we prefer the C11 ones. The Windows -// APIs don't allow some operations to be implemented as efficiently. This can -// be removed once we can rely on -// https://devblogs.microsoft.com/cppblog/c11-atomics-in-visual-studio-2022-version-17-5-preview-2/ -#if !defined(OPENSSL_C11_ATOMIC) && defined(OPENSSL_THREADS) && \ - defined(OPENSSL_WINDOWS) -#define OPENSSL_WINDOWS_ATOMIC -#endif -#endif // !__cplusplus - -#if defined(OPENSSL_WINDOWS_THREADS) || defined(OPENSSL_WINDOWS_ATOMIC) +#if defined(OPENSSL_WINDOWS_THREADS) OPENSSL_MSVC_PRAGMA(warning(push, 3)) #include <windows.h> OPENSSL_MSVC_PRAGMA(warning(pop)) @@ -219,33 +191,35 @@ // These may be bugs in the toolchain definition, but just disable it for now. // EDK2's toolchain is missing __udivti3 (b/339380897) so cannot support // 128-bit division currently. -#if !defined(_MSC_VER) && !defined(OPENSSL_NANOLIBC) && !defined(__EDK2_BORINGSSL__) +#if !defined(_MSC_VER) && !defined(OPENSSL_NANOLIBC) && \ + !defined(__EDK2_BORINGSSL__) #define BORINGSSL_CAN_DIVIDE_UINT128 #endif #endif #define OPENSSL_ARRAY_SIZE(array) (sizeof(array) / sizeof((array)[0])) +#if defined(__clang__) && __clang_major__ >= 5 +#if __has_attribute(fallthrough) +#define OPENSSL_CAN_USE_ATTR_FALLTHROUGH +#endif +#endif + // Have a generic fall-through for different versions of C/C++. #if defined(__cplusplus) && __cplusplus >= 201703L #define OPENSSL_FALLTHROUGH [[fallthrough]] #elif defined(__cplusplus) && __cplusplus >= 201103L && defined(__clang__) #define OPENSSL_FALLTHROUGH [[clang::fallthrough]] -#elif defined(__cplusplus) && __cplusplus >= 201103L && defined(__GNUC__) && \ - __GNUC__ >= 7 +#elif defined(__cplusplus) && __cplusplus >= 201103L && defined(__GNUC__) #define OPENSSL_FALLTHROUGH [[gnu::fallthrough]] -#elif defined(__GNUC__) && __GNUC__ >= 7 // gcc 7 -#define OPENSSL_FALLTHROUGH __attribute__ ((fallthrough)) -#elif defined(__clang__) -#if __has_attribute(fallthrough) && __clang_major__ >= 5 +#elif defined(__GNUC__) +#define OPENSSL_FALLTHROUGH __attribute__((fallthrough)) +#elif defined(OPENSSL_CAN_USE_ATTR_FALLTHROUGH) // Clang 3.5, at least, complains about "error: declaration does not declare // anything", possibily because we put a semicolon after this macro in // practice. Thus limit it to >= Clang 5, which does work. -#define OPENSSL_FALLTHROUGH __attribute__ ((fallthrough)) -#else // clang versions that do not support fallthrough. -#define OPENSSL_FALLTHROUGH -#endif -#else // C++11 on gcc 6, and all other cases +#define OPENSSL_FALLTHROUGH __attribute__((fallthrough)) +#else // all other cases #define OPENSSL_FALLTHROUGH #endif @@ -311,8 +285,8 @@ // Pointer utility functions. // buffers_alias returns one if |a| and |b| alias and zero otherwise. -static inline int buffers_alias(const void *a, size_t a_bytes, - const void *b, size_t b_bytes) { +static inline int buffers_alias(const void *a, size_t a_bytes, const void *b, + size_t b_bytes) { // Cast |a| and |b| to integers. In C, pointer comparisons between unrelated // objects are undefined whereas pointer to integer conversions are merely // implementation-defined. We assume the implementation defined it in a sane @@ -448,7 +422,7 @@ // (assert (not (= (= #x00000001 (bvlshr (lt a b) #x0000001f)) (bvult a b)))) // (check-sat) // (get-model) - return constant_time_msb_w(a^((a^b)|((a-b)^a))); + return constant_time_msb_w(a ^ ((a ^ b) | ((a - b) ^ a))); } // constant_time_lt_8 acts like |constant_time_lt_w| but returns an 8-bit @@ -479,9 +453,8 @@ // // (declare-fun a () (_ BitVec 32)) // - // (assert (not (= (= #x00000001 (bvlshr (is_zero a) #x0000001f)) (= a #x00000000)))) - // (check-sat) - // (get-model) + // (assert (not (= (= #x00000001 (bvlshr (is_zero a) #x0000001f)) (= a + // #x00000000)))) (check-sat) (get-model) return constant_time_msb_w(~a & (a - 1)); } @@ -577,10 +550,10 @@ #if defined(__GNUC__) && !defined(__clang__) // gcc 13.2.0 doesn't automatically vectorize this loop regardless of barrier typedef uint8_t v32u8 __attribute__((vector_size(32), aligned(1), may_alias)); - size_t n_vec = n&~(size_t)31; - v32u8 masks = ((uint8_t)mask-(v32u8){}); // broadcast + size_t n_vec = n & ~(size_t)31; + v32u8 masks = ((uint8_t)mask - (v32u8){}); // broadcast for (size_t i = 0; i < n_vec; i += 32) { - *(v32u8*)&out[i] ^= masks & *(v32u8*)&in[i]; + *(v32u8 *)&out[i] ^= masks & *(v32u8 *)&in[i]; } out += n_vec; n -= n_vec; @@ -671,73 +644,28 @@ // The following functions provide an API analogous to <stdatomic.h> from C11 // and abstract between a few variations on atomics we need to support. -#if defined(__cplusplus) +#if defined(OPENSSL_THREADS) -// In C++, we can't easily detect whether C will use |OPENSSL_C11_ATOMIC| or -// |OPENSSL_WINDOWS_ATOMIC|. Instead, we define a layout-compatible type without -// the corresponding functions. When we can rely on C11 atomics in MSVC, that -// will no longer be a concern. -typedef uint32_t CRYPTO_atomic_u32; +using CRYPTO_atomic_u32 = std::atomic<uint32_t>; -#elif defined(OPENSSL_C11_ATOMIC) +static_assert(sizeof(CRYPTO_atomic_u32) == sizeof(uint32_t), ""); -typedef _Atomic uint32_t CRYPTO_atomic_u32; - -// This should be const, but the |OPENSSL_WINDOWS_ATOMIC| implementation is not -// const due to Windows limitations. When we can rely on C11 atomics, make this -// const-correct. -OPENSSL_INLINE uint32_t CRYPTO_atomic_load_u32(CRYPTO_atomic_u32 *val) { - return atomic_load(val); +inline uint32_t CRYPTO_atomic_load_u32(const CRYPTO_atomic_u32 *val) { + return val->load(std::memory_order_seq_cst); } -OPENSSL_INLINE int CRYPTO_atomic_compare_exchange_weak_u32( - CRYPTO_atomic_u32 *val, uint32_t *expected, uint32_t desired) { - return atomic_compare_exchange_weak(val, expected, desired); +inline bool CRYPTO_atomic_compare_exchange_weak_u32(CRYPTO_atomic_u32 *val, + uint32_t *expected, + uint32_t desired) { + return val->compare_exchange_weak( + *expected, desired, std::memory_order_seq_cst, std::memory_order_seq_cst); } -OPENSSL_INLINE void CRYPTO_atomic_store_u32(CRYPTO_atomic_u32 *val, - uint32_t desired) { - atomic_store(val, desired); +inline void CRYPTO_atomic_store_u32(CRYPTO_atomic_u32 *val, uint32_t desired) { + val->store(desired, std::memory_order_seq_cst); } -#elif defined(OPENSSL_WINDOWS_ATOMIC) - -typedef LONG CRYPTO_atomic_u32; - -OPENSSL_INLINE uint32_t CRYPTO_atomic_load_u32(volatile CRYPTO_atomic_u32 *val) { - // This is not ideal because it still writes to a cacheline. MSVC is not able - // to optimize this to a true atomic read, and Windows does not provide an - // InterlockedLoad function. - // - // The Windows documentation [1] does say "Simple reads and writes to - // properly-aligned 32-bit variables are atomic operations", but this is not - // phrased in terms of the C11 and C++11 memory models, and indeed a read or - // write seems to produce slightly different code on MSVC than a sequentially - // consistent std::atomic::load in C++. Moreover, it is unclear if non-MSVC - // compilers on Windows provide the same guarantees. Thus we avoid relying on - // this and instead still use an interlocked function. This is still - // preferable a global mutex, and eventually this code will be replaced by - // [2]. Additionally, on clang-cl, we'll use the |OPENSSL_C11_ATOMIC| path. - // - // [1] https://learn.microsoft.com/en-us/windows/win32/sync/interlocked-variable-access - // [2] https://devblogs.microsoft.com/cppblog/c11-atomics-in-visual-studio-2022-version-17-5-preview-2/ - return (uint32_t)InterlockedCompareExchange(val, 0, 0); -} - -OPENSSL_INLINE int CRYPTO_atomic_compare_exchange_weak_u32( - volatile CRYPTO_atomic_u32 *val, uint32_t *expected32, uint32_t desired) { - LONG expected = (LONG)*expected32; - LONG actual = InterlockedCompareExchange(val, (LONG)desired, expected); - *expected32 = (uint32_t)actual; - return actual == expected; -} - -OPENSSL_INLINE void CRYPTO_atomic_store_u32(volatile CRYPTO_atomic_u32 *val, - uint32_t desired) { - InterlockedExchange(val, (LONG)desired); -} - -#elif !defined(OPENSSL_THREADS) +#else typedef uint32_t CRYPTO_atomic_u32; @@ -760,12 +688,6 @@ *val = desired; } -#else - -// Require some atomics implementation. Contact BoringSSL maintainers if you -// have a platform with fails this check. -#error "Thread-compatible configurations require atomics" - #endif // See the comment in the |__cplusplus| section above. @@ -803,7 +725,8 @@ typedef struct crypto_mutex_st { char padding; // Empty structs have different sizes in C and C++. } CRYPTO_MUTEX; -#define CRYPTO_MUTEX_INIT { 0 } +#define CRYPTO_MUTEX_INIT \ + { 0 } #elif defined(OPENSSL_WINDOWS_THREADS) typedef SRWLOCK CRYPTO_MUTEX; #define CRYPTO_MUTEX_INIT SRWLOCK_INIT @@ -868,7 +791,7 @@ BSSL_NAMESPACE_END -} // extern "C++" +} // extern "C++" #endif // defined(__cplusplus) @@ -932,9 +855,10 @@ uint8_t num_reserved; } CRYPTO_EX_DATA_CLASS; -#define CRYPTO_EX_DATA_CLASS_INIT {CRYPTO_MUTEX_INIT, NULL, NULL, 0, 0} +#define CRYPTO_EX_DATA_CLASS_INIT \ + { CRYPTO_MUTEX_INIT, NULL, NULL, {}, 0 } #define CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA \ - {CRYPTO_MUTEX_INIT, NULL, NULL, 0, 1} + { CRYPTO_MUTEX_INIT, NULL, NULL, {}, 1 } // CRYPTO_get_ex_new_index_ex allocates a new index for |ex_data_class|. Each // class of object should provide a wrapper function that uses the correct @@ -980,21 +904,13 @@ #include <stdlib.h> OPENSSL_MSVC_PRAGMA(warning(pop)) #pragma intrinsic(_byteswap_uint64, _byteswap_ulong, _byteswap_ushort) -static inline uint16_t CRYPTO_bswap2(uint16_t x) { - return _byteswap_ushort(x); -} +static inline uint16_t CRYPTO_bswap2(uint16_t x) { return _byteswap_ushort(x); } -static inline uint32_t CRYPTO_bswap4(uint32_t x) { - return _byteswap_ulong(x); -} +static inline uint32_t CRYPTO_bswap4(uint32_t x) { return _byteswap_ulong(x); } -static inline uint64_t CRYPTO_bswap8(uint64_t x) { - return _byteswap_uint64(x); -} +static inline uint64_t CRYPTO_bswap8(uint64_t x) { return _byteswap_uint64(x); } #else -static inline uint16_t CRYPTO_bswap2(uint16_t x) { - return (x >> 8) | (x << 8); -} +static inline uint16_t CRYPTO_bswap2(uint16_t x) { return (x >> 8) | (x << 8); } static inline uint32_t CRYPTO_bswap4(uint32_t x) { x = (x >> 16) | (x << 16); @@ -1041,7 +957,7 @@ return memchr(s, c, n); } -} // extern "C++" +} // extern "C++" #else // __cplusplus static inline void *OPENSSL_memchr(const void *s, int c, size_t n) { @@ -1208,117 +1124,6 @@ } -// Arithmetic functions. - -// The most efficient versions of these functions on GCC and Clang depend on C11 -// |_Generic|. If we ever need to call these from C++, we'll need to add a -// variant that uses C++ overloads instead. -#if !defined(__cplusplus) - -// CRYPTO_addc_* returns |x + y + carry|, and sets |*out_carry| to the carry -// bit. |carry| must be zero or one. -#if OPENSSL_HAS_BUILTIN(__builtin_addc) - -#define CRYPTO_GENERIC_ADDC(x, y, carry, out_carry) \ - (_Generic((x), \ - unsigned: __builtin_addc, \ - unsigned long: __builtin_addcl, \ - unsigned long long: __builtin_addcll))((x), (y), (carry), (out_carry)) - -static inline uint32_t CRYPTO_addc_u32(uint32_t x, uint32_t y, uint32_t carry, - uint32_t *out_carry) { - declassify_assert(carry <= 1); - return CRYPTO_GENERIC_ADDC(x, y, carry, out_carry); -} - -static inline uint64_t CRYPTO_addc_u64(uint64_t x, uint64_t y, uint64_t carry, - uint64_t *out_carry) { - declassify_assert(carry <= 1); - return CRYPTO_GENERIC_ADDC(x, y, carry, out_carry); -} - -#else - -static inline uint32_t CRYPTO_addc_u32(uint32_t x, uint32_t y, uint32_t carry, - uint32_t *out_carry) { - declassify_assert(carry <= 1); - uint64_t ret = carry; - ret += (uint64_t)x + y; - *out_carry = (uint32_t)(ret >> 32); - return (uint32_t)ret; -} - -static inline uint64_t CRYPTO_addc_u64(uint64_t x, uint64_t y, uint64_t carry, - uint64_t *out_carry) { - declassify_assert(carry <= 1); -#if defined(BORINGSSL_HAS_UINT128) - uint128_t ret = carry; - ret += (uint128_t)x + y; - *out_carry = (uint64_t)(ret >> 64); - return (uint64_t)ret; -#else - x += carry; - carry = x < carry; - uint64_t ret = x + y; - carry += ret < x; - *out_carry = carry; - return ret; -#endif -} -#endif - -// CRYPTO_subc_* returns |x - y - borrow|, and sets |*out_borrow| to the borrow -// bit. |borrow| must be zero or one. -#if OPENSSL_HAS_BUILTIN(__builtin_subc) - -#define CRYPTO_GENERIC_SUBC(x, y, borrow, out_borrow) \ - (_Generic((x), \ - unsigned: __builtin_subc, \ - unsigned long: __builtin_subcl, \ - unsigned long long: __builtin_subcll))((x), (y), (borrow), (out_borrow)) - -static inline uint32_t CRYPTO_subc_u32(uint32_t x, uint32_t y, uint32_t borrow, - uint32_t *out_borrow) { - declassify_assert(borrow <= 1); - return CRYPTO_GENERIC_SUBC(x, y, borrow, out_borrow); -} - -static inline uint64_t CRYPTO_subc_u64(uint64_t x, uint64_t y, uint64_t borrow, - uint64_t *out_borrow) { - declassify_assert(borrow <= 1); - return CRYPTO_GENERIC_SUBC(x, y, borrow, out_borrow); -} - -#else - -static inline uint32_t CRYPTO_subc_u32(uint32_t x, uint32_t y, uint32_t borrow, - uint32_t *out_borrow) { - declassify_assert(borrow <= 1); - uint32_t ret = x - y - borrow; - *out_borrow = (x < y) | ((x == y) & borrow); - return ret; -} - -static inline uint64_t CRYPTO_subc_u64(uint64_t x, uint64_t y, uint64_t borrow, - uint64_t *out_borrow) { - declassify_assert(borrow <= 1); - uint64_t ret = x - y - borrow; - *out_borrow = (x < y) | ((x == y) & borrow); - return ret; -} -#endif - -#if defined(OPENSSL_64_BIT) -#define CRYPTO_addc_w CRYPTO_addc_u64 -#define CRYPTO_subc_w CRYPTO_subc_u64 -#else -#define CRYPTO_addc_w CRYPTO_addc_u32 -#define CRYPTO_subc_w CRYPTO_subc_u32 -#endif - -#endif // !__cplusplus - - // FIPS functions. #if defined(BORINGSSL_FIPS) @@ -1379,9 +1184,7 @@ return value != NULL && strcmp(value, test) == 0; } #else -OPENSSL_INLINE int boringssl_fips_break_test(const char *test) { - return 0; -} +OPENSSL_INLINE int boringssl_fips_break_test(const char *test) { return 0; } #endif // BORINGSSL_FIPS_BREAK_TESTS @@ -1749,4 +1552,163 @@ } // extern C #endif +// Arithmetic functions. + +// CRYPTO_addc_* returns |x + y + carry|, and sets |*out_carry| to the carry +// bit. |carry| must be zero or one. +#if OPENSSL_HAS_BUILTIN(__builtin_addc) + +template <typename T> +struct CRYPTO_addc_impl { + static_assert(sizeof(T) == 0, "Unsupported type for addc operation"); +}; + +template <> +struct CRYPTO_addc_impl<unsigned int> { + static unsigned int add(unsigned int x, unsigned int y, unsigned int carry, + unsigned int *out_carry) { + return __builtin_addc(x, y, carry, out_carry); + } +}; + +template <> +struct CRYPTO_addc_impl<unsigned long> { + static unsigned long add(unsigned long x, unsigned long y, + unsigned long carry, unsigned long *out_carry) { + return __builtin_addcl(x, y, carry, out_carry); + } +}; + +template <> +struct CRYPTO_addc_impl<unsigned long long> { + static unsigned long long add(unsigned long long x, unsigned long long y, + unsigned long long carry, + unsigned long long *out_carry) { + return __builtin_addcll(x, y, carry, out_carry); + } +}; + +template <typename T> +inline T CRYPTO_addc(T x, T y, T carry, T *out_carry) { + return CRYPTO_addc_impl<T>::add(x, y, carry, out_carry); +} + +inline uint32_t CRYPTO_addc_u32(uint32_t x, uint32_t y, uint32_t carry, + uint32_t *out_carry) { + return CRYPTO_addc(x, y, carry, out_carry); +} + +inline uint64_t CRYPTO_addc_u64(uint64_t x, uint64_t y, uint64_t carry, + uint64_t *out_carry) { + return CRYPTO_addc(x, y, carry, out_carry); +} + +#else + +static inline uint32_t CRYPTO_addc_u32(uint32_t x, uint32_t y, uint32_t carry, + uint32_t *out_carry) { + declassify_assert(carry <= 1); + uint64_t ret = carry; + ret += (uint64_t)x + y; + *out_carry = (uint32_t)(ret >> 32); + return (uint32_t)ret; +} + +static inline uint64_t CRYPTO_addc_u64(uint64_t x, uint64_t y, uint64_t carry, + uint64_t *out_carry) { + declassify_assert(carry <= 1); +#if defined(BORINGSSL_HAS_UINT128) + uint128_t ret = carry; + ret += (uint128_t)x + y; + *out_carry = (uint64_t)(ret >> 64); + return (uint64_t)ret; +#else + x += carry; + carry = x < carry; + uint64_t ret = x + y; + carry += ret < x; + *out_carry = carry; + return ret; +#endif +} +#endif + + +// CRYPTO_subc_* returns |x - y - borrow|, and sets |*out_borrow| to the borrow +// bit. |borrow| must be zero or one. +#if OPENSSL_HAS_BUILTIN(__builtin_subc) + +template <typename T> +struct CRYPTO_subc_impl { + static_assert(sizeof(T) == 0, "Unsupported type for subc operation"); +}; + +template <> +struct CRYPTO_subc_impl<unsigned int> { + static unsigned int sub(unsigned int x, unsigned int y, unsigned int borrow, + unsigned int *out_borrow) { + return __builtin_subc(x, y, borrow, out_borrow); + } +}; + +template <> +struct CRYPTO_subc_impl<unsigned long> { + static unsigned long sub(unsigned long x, unsigned long y, + unsigned long borrow, unsigned long *out_borrow) { + return __builtin_subcl(x, y, borrow, out_borrow); + } +}; + +template <> +struct CRYPTO_subc_impl<unsigned long long> { + static unsigned long long sub(unsigned long long x, unsigned long long y, + unsigned long long borrow, + unsigned long long *out_borrow) { + return __builtin_subcll(x, y, borrow, out_borrow); + } +}; + +template <typename T> +inline T CRYPTO_subc(T x, T y, T borrow, T *out_borrow) { + return CRYPTO_subc_impl<T>::sub(x, y, borrow, out_borrow); +} + +inline uint32_t CRYPTO_subc_u32(uint32_t x, uint32_t y, uint32_t borrow, + uint32_t *out_borrow) { + return CRYPTO_subc(x, y, borrow, out_borrow); +} + +inline uint64_t CRYPTO_subc_u64(uint64_t x, uint64_t y, uint64_t borrow, + uint64_t *out_borrow) { + return CRYPTO_subc(x, y, borrow, out_borrow); +} + +#else + +static inline uint32_t CRYPTO_subc_u32(uint32_t x, uint32_t y, uint32_t borrow, + uint32_t *out_borrow) { + declassify_assert(borrow <= 1); + uint32_t ret = x - y - borrow; + *out_borrow = (x < y) | ((x == y) & borrow); + return ret; +} + +static inline uint64_t CRYPTO_subc_u64(uint64_t x, uint64_t y, uint64_t borrow, + uint64_t *out_borrow) { + declassify_assert(borrow <= 1); + uint64_t ret = x - y - borrow; + *out_borrow = (x < y) | ((x == y) & borrow); + return ret; +} +#endif + +#if defined(OPENSSL_64_BIT) +#define CRYPTO_addc_w CRYPTO_addc_u64 +#define CRYPTO_subc_w CRYPTO_subc_u64 +#else +#define CRYPTO_addc_w CRYPTO_addc_u32 +#define CRYPTO_subc_w CRYPTO_subc_u32 +#endif + + #endif // OPENSSL_HEADER_CRYPTO_INTERNAL_H
diff --git a/crypto/keccak/keccak.c b/crypto/keccak/keccak.cc similarity index 100% rename from crypto/keccak/keccak.c rename to crypto/keccak/keccak.cc
diff --git a/crypto/kyber/kyber.c b/crypto/kyber/kyber.cc similarity index 100% rename from crypto/kyber/kyber.c rename to crypto/kyber/kyber.cc
diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.cc similarity index 95% rename from crypto/lhash/lhash.c rename to crypto/lhash/lhash.cc index fbab430..7a607b6 100644 --- a/crypto/lhash/lhash.c +++ b/crypto/lhash/lhash.cc
@@ -62,8 +62,8 @@ #include <openssl/mem.h> -#include "internal.h" #include "../internal.h" +#include "internal.h" // kMinNumBuckets is the minimum size of the buckets array in an |_LHASH|. @@ -104,13 +104,14 @@ }; _LHASH *OPENSSL_lh_new(lhash_hash_func hash, lhash_cmp_func comp) { - _LHASH *ret = OPENSSL_zalloc(sizeof(_LHASH)); + _LHASH *ret = reinterpret_cast<_LHASH *>(OPENSSL_zalloc(sizeof(_LHASH))); if (ret == NULL) { return NULL; } ret->num_buckets = kMinNumBuckets; - ret->buckets = OPENSSL_calloc(ret->num_buckets, sizeof(LHASH_ITEM *)); + ret->buckets = reinterpret_cast<LHASH_ITEM **>( + OPENSSL_calloc(ret->num_buckets, sizeof(LHASH_ITEM *))); if (ret->buckets == NULL) { OPENSSL_free(ret); return NULL; @@ -208,11 +209,11 @@ size_t i, alloc_size; alloc_size = sizeof(LHASH_ITEM *) * new_num_buckets; - if (alloc_size / sizeof(LHASH_ITEM*) != new_num_buckets) { + if (alloc_size / sizeof(LHASH_ITEM *) != new_num_buckets) { return; } - new_buckets = OPENSSL_zalloc(alloc_size); + new_buckets = reinterpret_cast<LHASH_ITEM **>(OPENSSL_zalloc(alloc_size)); if (new_buckets == NULL) { return; } @@ -282,7 +283,7 @@ } // An element equal to |data| doesn't exist in the hash table yet. - item = OPENSSL_malloc(sizeof(LHASH_ITEM)); + item = reinterpret_cast<LHASH_ITEM *>(OPENSSL_malloc(sizeof(LHASH_ITEM))); if (item == NULL) { return 0; } @@ -312,7 +313,7 @@ item = *next_ptr; *next_ptr = item->next; - ret = item->data; + ret = reinterpret_cast<LHASH_ITEM *>(item->data); OPENSSL_free(item); lh->num_items--;
diff --git a/crypto/md4/md4.c b/crypto/md4/md4.cc similarity index 98% rename from crypto/md4/md4.c rename to crypto/md4/md4.cc index 91ba0f6..8090021 100644 --- a/crypto/md4/md4.c +++ b/crypto/md4/md4.cc
@@ -59,8 +59,8 @@ #include <stdlib.h> #include <string.h> -#include "../internal.h" #include "../crypto/fipsmodule/digest/md32_common.h" +#include "../internal.h" uint8_t *MD4(const uint8_t *data, size_t len, uint8_t out[MD4_DIGEST_LENGTH]) { @@ -91,7 +91,8 @@ int MD4_Update(MD4_CTX *c, const void *data, size_t len) { crypto_md32_update(&md4_block_data_order, c->h, c->data, MD4_CBLOCK, &c->num, - &c->Nh, &c->Nl, data, len); + &c->Nh, &c->Nl, reinterpret_cast<const uint8_t *>(data), + len); return 1; }
diff --git a/crypto/md5/md5.c b/crypto/md5/md5.cc similarity index 98% rename from crypto/md5/md5.c rename to crypto/md5/md5.cc index 7eca609..b961261 100644 --- a/crypto/md5/md5.c +++ b/crypto/md5/md5.cc
@@ -60,8 +60,8 @@ #include <openssl/mem.h> -#include "../internal.h" #include "../fipsmodule/digest/md32_common.h" +#include "../internal.h" #include "internal.h" @@ -96,7 +96,8 @@ int MD5_Update(MD5_CTX *c, const void *data, size_t len) { crypto_md32_update(&md5_block_data_order, c->h, c->data, MD5_CBLOCK, &c->num, - &c->Nh, &c->Nl, data, len); + &c->Nh, &c->Nl, reinterpret_cast<const uint8_t *>(data), + len); return 1; }
diff --git a/crypto/mem.c b/crypto/mem.cc similarity index 93% rename from crypto/mem.c rename to crypto/mem.cc index 3c29125..66bc915 100644 --- a/crypto/mem.c +++ b/crypto/mem.cc
@@ -84,8 +84,10 @@ static_assert(OPENSSL_MALLOC_PREFIX >= sizeof(size_t), "size_t too large"); #if defined(OPENSSL_ASAN) +extern "C" { void __asan_poison_memory_region(const volatile void *addr, size_t size); void __asan_unpoison_memory_region(const volatile void *addr, size_t size); +} #else static void __asan_poison_memory_region(const void *addr, size_t size) {} static void __asan_unpoison_memory_region(const void *addr, size_t size) {} @@ -100,10 +102,12 @@ // weak symbols. #if !defined(__EDK2_BORINGSSL__) && defined(__ELF__) && defined(__GNUC__) #define WEAK_SYMBOL_FUNC(rettype, name, args) \ - rettype name args __attribute__((weak)) + extern "C" { \ + rettype name args __attribute__((weak)); \ + } #else #define WEAK_SYMBOL_FUNC(rettype, name, args) \ - static rettype(*const name) args = NULL + static rettype(*const name) args = NULL; #endif #if defined(BORINGSSL_DETECT_SDALLOCX) @@ -115,7 +119,7 @@ // defined, it is part of the same allocator as |malloc|. This is usually true // but may break if |malloc| does not implement |sdallocx|, but some other // allocator with |sdallocx| is imported which does. -WEAK_SYMBOL_FUNC(void, sdallocx, (void *ptr, size_t size, int flags)); +WEAK_SYMBOL_FUNC(void, sdallocx, (void *ptr, size_t size, int flags)) #else static void (*const sdallocx)(void *ptr, size_t size, int flags) = NULL; #endif @@ -138,9 +142,9 @@ // primitives used must tolerate every other synchronization primitive linked // into the process, including pthreads locks. Failing to meet these constraints // may result in deadlocks, crashes, or memory corruption. -WEAK_SYMBOL_FUNC(void *, OPENSSL_memory_alloc, (size_t size)); -WEAK_SYMBOL_FUNC(void, OPENSSL_memory_free, (void *ptr)); -WEAK_SYMBOL_FUNC(size_t, OPENSSL_memory_get_size, (void *ptr)); +WEAK_SYMBOL_FUNC(void *, OPENSSL_memory_alloc, (size_t size)) +WEAK_SYMBOL_FUNC(void, OPENSSL_memory_free, (void *ptr)) +WEAK_SYMBOL_FUNC(size_t, OPENSSL_memory_get_size, (void *ptr)) #if defined(BORINGSSL_MALLOC_FAILURE_TESTING) static CRYPTO_MUTEX malloc_failure_lock = CRYPTO_MUTEX_INIT; @@ -223,6 +227,7 @@ #endif void *OPENSSL_malloc(size_t size) { + void *ptr = nullptr; if (should_fail_allocation()) { goto err; } @@ -230,18 +235,18 @@ if (OPENSSL_memory_alloc != NULL) { assert(OPENSSL_memory_free != NULL); assert(OPENSSL_memory_get_size != NULL); - void *ptr = OPENSSL_memory_alloc(size); - if (ptr == NULL && size != 0) { + void *ptr2 = OPENSSL_memory_alloc(size); + if (ptr2 == NULL && size != 0) { goto err; } - return ptr; + return ptr2; } if (size + OPENSSL_MALLOC_PREFIX < size) { goto err; } - void *ptr = malloc(size + OPENSSL_MALLOC_PREFIX); + ptr = malloc(size + OPENSSL_MALLOC_PREFIX); if (ptr == NULL) { goto err; } @@ -364,8 +369,8 @@ } int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) { - const uint8_t *a = in_a; - const uint8_t *b = in_b; + const uint8_t *a = reinterpret_cast<const uint8_t *>(in_a); + const uint8_t *b = reinterpret_cast<const uint8_t *>(in_b); uint8_t x = 0; for (size_t i = 0; i < len; i++) { @@ -380,7 +385,7 @@ static const uint32_t kPrime = 16777619u; static const uint32_t kOffsetBasis = 2166136261u; - const uint8_t *in = ptr; + const uint8_t *in = reinterpret_cast<const uint8_t *>(ptr); uint32_t h = kOffsetBasis; for (size_t i = 0; i < len; i++) { @@ -408,7 +413,7 @@ return NULL; } // Copy the NUL terminator. - return OPENSSL_memdup(s, strlen(s) + 1); + return reinterpret_cast<char *>(OPENSSL_memdup(s, strlen(s) + 1)); } int OPENSSL_isalpha(int c) { @@ -503,13 +508,14 @@ system_malloc ? realloc : OPENSSL_realloc; char *candidate = NULL; size_t candidate_len = 64; // TODO(bbe) what's the best initial size? + int ret; - if ((candidate = allocate(candidate_len)) == NULL) { + if ((candidate = reinterpret_cast<char *>(allocate(candidate_len))) == NULL) { goto err; } va_list args_copy; va_copy(args_copy, args); - int ret = vsnprintf(candidate, candidate_len, format, args_copy); + ret = vsnprintf(candidate, candidate_len, format, args_copy); va_end(args_copy); if (ret < 0) { goto err; @@ -519,7 +525,8 @@ char *tmp; candidate_len = (size_t)ret + 1; - if ((tmp = reallocate(candidate, candidate_len)) == NULL) { + if ((tmp = reinterpret_cast<char *>( + reallocate(candidate, candidate_len))) == NULL) { goto err; } candidate = tmp; @@ -560,7 +567,7 @@ OPENSSL_PUT_ERROR(CRYPTO, ERR_R_MALLOC_FAILURE); return NULL; } - char *ret = OPENSSL_malloc(alloc_size); + char *ret = reinterpret_cast<char *>(OPENSSL_malloc(alloc_size)); if (ret == NULL) { return NULL; }
diff --git a/crypto/obj/obj.c b/crypto/obj/obj.cc similarity index 91% rename from crypto/obj/obj.c rename to crypto/obj/obj.cc index 4106424..7a5499c 100644 --- a/crypto/obj/obj.c +++ b/crypto/obj/obj.cc
@@ -116,7 +116,7 @@ r->ln = r->sn = NULL; // once data is attached to an object, it remains const - r->data = OPENSSL_memdup(o->data, o->length); + r->data = reinterpret_cast<uint8_t *>(OPENSSL_memdup(o->data, o->length)); if (o->length != 0 && r->data == NULL) { goto err; } @@ -191,7 +191,8 @@ // unsigned int in the array. static int obj_cmp(const void *key, const void *element) { uint16_t nid = *((const uint16_t *)element); - return OBJ_cmp(key, get_builtin_object(nid)); + return OBJ_cmp(reinterpret_cast<const ASN1_OBJECT *>(key), + get_builtin_object(nid)); } int OBJ_obj2nid(const ASN1_OBJECT *obj) { @@ -215,9 +216,9 @@ } CRYPTO_MUTEX_unlock_read(&global_added_lock); - const uint16_t *nid_ptr = + const uint16_t *nid_ptr = reinterpret_cast<const uint16_t *>( bsearch(obj, kNIDsInOIDOrder, OPENSSL_ARRAY_SIZE(kNIDsInOIDOrder), - sizeof(kNIDsInOIDOrder[0]), obj_cmp); + sizeof(kNIDsInOIDOrder[0]), obj_cmp)); if (nid_ptr == NULL) { return NID_undef; } @@ -251,10 +252,10 @@ int OBJ_sn2nid(const char *short_name) { CRYPTO_MUTEX_lock_read(&global_added_lock); if (global_added_by_short_name != NULL) { - ASN1_OBJECT *match, template; + ASN1_OBJECT *match, templ; - template.sn = short_name; - match = lh_ASN1_OBJECT_retrieve(global_added_by_short_name, &template); + templ.sn = short_name; + match = lh_ASN1_OBJECT_retrieve(global_added_by_short_name, &templ); if (match != NULL) { CRYPTO_MUTEX_unlock_read(&global_added_lock); return match->nid; @@ -262,10 +263,10 @@ } CRYPTO_MUTEX_unlock_read(&global_added_lock); - const uint16_t *nid_ptr = + const uint16_t *nid_ptr = reinterpret_cast<const uint16_t *>( bsearch(short_name, kNIDsInShortNameOrder, OPENSSL_ARRAY_SIZE(kNIDsInShortNameOrder), - sizeof(kNIDsInShortNameOrder[0]), short_name_cmp); + sizeof(kNIDsInShortNameOrder[0]), short_name_cmp)); if (nid_ptr == NULL) { return NID_undef; } @@ -286,10 +287,10 @@ int OBJ_ln2nid(const char *long_name) { CRYPTO_MUTEX_lock_read(&global_added_lock); if (global_added_by_long_name != NULL) { - ASN1_OBJECT *match, template; + ASN1_OBJECT *match, templ; - template.ln = long_name; - match = lh_ASN1_OBJECT_retrieve(global_added_by_long_name, &template); + templ.ln = long_name; + match = lh_ASN1_OBJECT_retrieve(global_added_by_long_name, &templ); if (match != NULL) { CRYPTO_MUTEX_unlock_read(&global_added_lock); return match->nid; @@ -297,9 +298,9 @@ } CRYPTO_MUTEX_unlock_read(&global_added_lock); - const uint16_t *nid_ptr = bsearch( + const uint16_t *nid_ptr = reinterpret_cast<const uint16_t *>(bsearch( long_name, kNIDsInLongNameOrder, OPENSSL_ARRAY_SIZE(kNIDsInLongNameOrder), - sizeof(kNIDsInLongNameOrder[0]), long_name_cmp); + sizeof(kNIDsInLongNameOrder[0]), long_name_cmp)); if (nid_ptr == NULL) { return NID_undef; } @@ -321,10 +322,8 @@ const ASN1_OBJECT *obj = OBJ_nid2obj(nid); CBB oid; - if (obj == NULL || - !CBB_add_asn1(out, &oid, CBS_ASN1_OBJECT) || - !CBB_add_bytes(&oid, obj->data, obj->length) || - !CBB_flush(out)) { + if (obj == NULL || !CBB_add_asn1(out, &oid, CBS_ASN1_OBJECT) || + !CBB_add_bytes(&oid, obj->data, obj->length) || !CBB_flush(out)) { return 0; } @@ -358,10 +357,10 @@ CRYPTO_MUTEX_lock_read(&global_added_lock); if (global_added_by_nid != NULL) { - ASN1_OBJECT *match, template; + ASN1_OBJECT *match, templ; - template.nid = nid; - match = lh_ASN1_OBJECT_retrieve(global_added_by_nid, &template); + templ.nid = nid; + match = lh_ASN1_OBJECT_retrieve(global_added_by_nid, &templ); if (match != NULL) { CRYPTO_MUTEX_unlock_read(&global_added_lock); return match; @@ -473,9 +472,7 @@ return ret; } -static uint32_t hash_nid(const ASN1_OBJECT *obj) { - return obj->nid; -} +static uint32_t hash_nid(const ASN1_OBJECT *obj) { return obj->nid; } static int cmp_nid(const ASN1_OBJECT *a, const ASN1_OBJECT *b) { return a->nid - b->nid; @@ -519,13 +516,14 @@ lh_ASN1_OBJECT_new(hash_short_name, cmp_short_name); } if (global_added_by_long_name == NULL) { - global_added_by_long_name = lh_ASN1_OBJECT_new(hash_long_name, cmp_long_name); + global_added_by_long_name = + lh_ASN1_OBJECT_new(hash_long_name, cmp_long_name); } int ok = 0; - if (global_added_by_nid == NULL || - global_added_by_data == NULL || - global_added_by_short_name == NULL || + if (global_added_by_nid == NULL || // + global_added_by_data == NULL || // + global_added_by_short_name == NULL || // global_added_by_long_name == NULL) { goto err; } @@ -554,8 +552,7 @@ int OBJ_create(const char *oid, const char *short_name, const char *long_name) { ASN1_OBJECT *op = create_object_with_text_oid(obj_next_nid, oid, short_name, long_name); - if (op == NULL || - !obj_add_object(op)) { + if (op == NULL || !obj_add_object(op)) { return NID_undef; } return op->nid;
diff --git a/crypto/obj/obj_xref.c b/crypto/obj/obj_xref.cc similarity index 100% rename from crypto/obj/obj_xref.c rename to crypto/obj/obj_xref.cc
diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.cc similarity index 100% rename from crypto/pem/pem_all.c rename to crypto/pem/pem_all.cc
diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.cc similarity index 97% rename from crypto/pem/pem_info.c rename to crypto/pem/pem_info.cc index db8275b..ea96a60 100644 --- a/crypto/pem/pem_info.c +++ b/crypto/pem/pem_info.cc
@@ -71,7 +71,7 @@ static X509_PKEY *X509_PKEY_new(void) { - return OPENSSL_zalloc(sizeof(X509_PKEY)); + return reinterpret_cast<X509_PKEY *>(OPENSSL_zalloc(sizeof(X509_PKEY))); } static void X509_PKEY_free(X509_PKEY *x) { @@ -84,7 +84,7 @@ } static X509_INFO *X509_INFO_new(void) { - return OPENSSL_zalloc(sizeof(X509_INFO)); + return reinterpret_cast<X509_INFO *>(OPENSSL_zalloc(sizeof(X509_INFO))); } void X509_INFO_free(X509_INFO *x) {
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.cc similarity index 98% rename from crypto/pem/pem_lib.c rename to crypto/pem/pem_lib.cc index 6b272cc..9c6789a 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.cc
@@ -467,8 +467,7 @@ p = header; for (;;) { c = *header; - if (!((c >= 'A' && c <= 'Z') || c == '-' || - OPENSSL_isdigit(c))) { + if (!((c >= 'A' && c <= 'Z') || c == '-' || OPENSSL_isdigit(c))) { break; } header++; @@ -553,7 +552,7 @@ } } - buf = OPENSSL_malloc(PEM_BUFSIZE * 8); + buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(PEM_BUFSIZE * 8)); if (buf == NULL) { goto err; } @@ -784,6 +783,6 @@ if (len >= (size_t)size) { return -1; } - OPENSSL_strlcpy(buf, userdata, (size_t)size); + OPENSSL_strlcpy(buf, reinterpret_cast<char *>(userdata), (size_t)size); return (int)len; }
diff --git a/crypto/pem/pem_oth.c b/crypto/pem/pem_oth.cc similarity index 98% rename from crypto/pem/pem_oth.c rename to crypto/pem/pem_oth.cc index a94fed9..822092c 100644 --- a/crypto/pem/pem_oth.c +++ b/crypto/pem/pem_oth.cc
@@ -78,7 +78,7 @@ return NULL; } p = data; - ret = d2i(x, &p, len); + ret = reinterpret_cast<char *>(d2i(x, &p, len)); if (ret == NULL) { OPENSSL_PUT_ERROR(PEM, ERR_R_ASN1_LIB); }
diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.cc similarity index 100% rename from crypto/pem/pem_pk8.c rename to crypto/pem/pem_pk8.cc
diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.cc similarity index 100% rename from crypto/pem/pem_pkey.c rename to crypto/pem/pem_pkey.cc
diff --git a/crypto/pem/pem_x509.c b/crypto/pem/pem_x509.cc similarity index 100% rename from crypto/pem/pem_x509.c rename to crypto/pem/pem_x509.cc
diff --git a/crypto/pem/pem_xaux.c b/crypto/pem/pem_xaux.cc similarity index 100% rename from crypto/pem/pem_xaux.c rename to crypto/pem/pem_xaux.cc
diff --git a/crypto/pkcs7/pkcs7.c b/crypto/pkcs7/pkcs7.cc similarity index 97% rename from crypto/pkcs7/pkcs7.c rename to crypto/pkcs7/pkcs7.cc index 8232af6..7cfa017 100644 --- a/crypto/pkcs7/pkcs7.c +++ b/crypto/pkcs7/pkcs7.cc
@@ -20,8 +20,8 @@ #include <openssl/pool.h> #include <openssl/stack.h> -#include "internal.h" #include "../bytestring/internal.h" +#include "internal.h" // 1.2.840.113549.1.7.1 @@ -109,8 +109,7 @@ } CRYPTO_BUFFER *buf = CRYPTO_BUFFER_new_from_CBS(&cert, pool); - if (buf == NULL || - !sk_CRYPTO_BUFFER_push(out_certs, buf)) { + if (buf == NULL || !sk_CRYPTO_BUFFER_push(out_certs, buf)) { CRYPTO_BUFFER_free(buf); goto err; } @@ -132,7 +131,8 @@ } static int pkcs7_bundle_raw_certificates_cb(CBB *out, const void *arg) { - const STACK_OF(CRYPTO_BUFFER) *certs = arg; + const STACK_OF(CRYPTO_BUFFER) *certs = + reinterpret_cast<const STACK_OF(CRYPTO_BUFFER) *>(arg); CBB certificates; // See https://tools.ietf.org/html/rfc2315#section-9.1
diff --git a/crypto/pkcs7/pkcs7_x509.c b/crypto/pkcs7/pkcs7_x509.cc similarity index 91% rename from crypto/pkcs7/pkcs7_x509.c rename to crypto/pkcs7/pkcs7_x509.cc index 7b10f6f..95fb87e 100644 --- a/crypto/pkcs7/pkcs7_x509.c +++ b/crypto/pkcs7/pkcs7_x509.cc
@@ -26,24 +26,22 @@ #include <openssl/stack.h> #include <openssl/x509.h> -#include "internal.h" #include "../internal.h" +#include "internal.h" int PKCS7_get_certificates(STACK_OF(X509) *out_certs, CBS *cbs) { int ret = 0; const size_t initial_certs_len = sk_X509_num(out_certs); STACK_OF(CRYPTO_BUFFER) *raw = sk_CRYPTO_BUFFER_new_null(); - if (raw == NULL || - !PKCS7_get_raw_certificates(raw, cbs, NULL)) { + if (raw == NULL || !PKCS7_get_raw_certificates(raw, cbs, NULL)) { goto err; } for (size_t i = 0; i < sk_CRYPTO_BUFFER_num(raw); i++) { CRYPTO_BUFFER *buf = sk_CRYPTO_BUFFER_value(raw, i); X509 *x509 = X509_parse_from_buffer(buf); - if (x509 == NULL || - !sk_X509_push(out_certs, x509)) { + if (x509 == NULL || !sk_X509_push(out_certs, x509)) { X509_free(x509); goto err; } @@ -171,7 +169,7 @@ } static int pkcs7_bundle_certificates_cb(CBB *out, const void *arg) { - const STACK_OF(X509) *certs = arg; + const STACK_OF(X509) *certs = reinterpret_cast<const STACK_OF(X509) *>(arg); size_t i; CBB certificates; @@ -186,8 +184,7 @@ uint8_t *buf; int len = i2d_X509(x509, NULL); - if (len < 0 || - !CBB_add_space(&certificates, &buf, len) || + if (len < 0 || !CBB_add_space(&certificates, &buf, len) || i2d_X509(x509, &buf) < 0) { return 0; } @@ -204,7 +201,8 @@ } static int pkcs7_bundle_crls_cb(CBB *out, const void *arg) { - const STACK_OF(X509_CRL) *crls = arg; + const STACK_OF(X509_CRL) *crls = + reinterpret_cast<const STACK_OF(X509_CRL) *>(arg); size_t i; CBB crl_data; @@ -219,8 +217,7 @@ uint8_t *buf; int len = i2d_X509_CRL(crl, NULL); - if (len < 0 || - !CBB_add_space(&crl_data, &buf, len) || + if (len < 0 || !CBB_add_space(&crl_data, &buf, len) || i2d_X509_CRL(crl, &buf) < 0) { return 0; } @@ -237,18 +234,19 @@ } static PKCS7 *pkcs7_new(CBS *cbs) { - PKCS7 *ret = OPENSSL_zalloc(sizeof(PKCS7)); + CBS copy = *cbs, copy2 = *cbs; + PKCS7 *ret = reinterpret_cast<PKCS7 *>(OPENSSL_zalloc(sizeof(PKCS7))); if (ret == NULL) { return NULL; } ret->type = OBJ_nid2obj(NID_pkcs7_signed); - ret->d.sign = OPENSSL_malloc(sizeof(PKCS7_SIGNED)); + ret->d.sign = + reinterpret_cast<PKCS7_SIGNED *>(OPENSSL_malloc(sizeof(PKCS7_SIGNED))); if (ret->d.sign == NULL) { goto err; } ret->d.sign->cert = sk_X509_new_null(); ret->d.sign->crl = sk_X509_CRL_new_null(); - CBS copy = *cbs, copy2 = *cbs; if (ret->d.sign->cert == NULL || ret->d.sign->crl == NULL || !PKCS7_get_certificates(ret->d.sign->cert, ©) || !PKCS7_get_CRLs(ret->d.sign->crl, cbs)) { @@ -266,7 +264,8 @@ } ret->ber_len = CBS_len(©2) - CBS_len(cbs); - ret->ber_bytes = OPENSSL_memdup(CBS_data(©2), ret->ber_len); + ret->ber_bytes = reinterpret_cast<uint8_t *>( + OPENSSL_memdup(CBS_data(©2), ret->ber_len)); if (ret->ber_bytes == NULL) { goto err; } @@ -278,8 +277,7 @@ return NULL; } -PKCS7 *d2i_PKCS7(PKCS7 **out, const uint8_t **inp, - size_t len) { +PKCS7 *d2i_PKCS7(PKCS7 **out, const uint8_t **inp, size_t len) { CBS cbs; CBS_init(&cbs, *inp, len); PKCS7 *ret = pkcs7_new(&cbs); @@ -325,7 +323,8 @@ } if (*out == NULL) { - *out = OPENSSL_memdup(p7->ber_bytes, p7->ber_len); + *out = + reinterpret_cast<uint8_t *>(OPENSSL_memdup(p7->ber_bytes, p7->ber_len)); if (*out == NULL) { return -1; } @@ -382,7 +381,7 @@ static int sign_sha256(uint8_t *out_sig, size_t *out_sig_len, size_t max_out_sig, EVP_PKEY *pkey, BIO *data) { static const size_t kBufSize = 4096; - uint8_t *buffer = OPENSSL_malloc(kBufSize); + uint8_t *buffer = reinterpret_cast<uint8_t *>(OPENSSL_malloc(kBufSize)); if (!buffer) { return 0; } @@ -427,7 +426,8 @@ // https://datatracker.ietf.org/doc/html/rfc2315#section-9.2 to |out|. It // returns one on success or zero on error. static int write_signer_info(CBB *out, const void *arg) { - const struct signer_info_data *const si_data = arg; + const struct signer_info_data *const si_data = + reinterpret_cast<const struct signer_info_data *>(arg); int ret = 0; uint8_t *subject_bytes = NULL; @@ -440,8 +440,7 @@ &serial_bytes); CBB seq, issuer_and_serial, signing_algo, null, signature; - if (subject_len < 0 || - serial_len < 0 || + if (subject_len < 0 || serial_len < 0 || !CBB_add_asn1(out, &seq, CBS_ASN1_SEQUENCE) || // version !CBB_add_asn1_uint64(&seq, 1) || @@ -490,8 +489,10 @@ // sign-file.c from the Linux kernel. const size_t signature_max_len = EVP_PKEY_size(pkey); struct signer_info_data si_data = { - .sign_cert = sign_cert, - .signature = OPENSSL_malloc(signature_max_len), + /*sign_cert=*/sign_cert, + /*signature=*/ + reinterpret_cast<uint8_t *>(OPENSSL_malloc(signature_max_len)), + /*signature_len=*/0, }; if (!si_data.signature ||
diff --git a/crypto/pkcs8/p5_pbev2.c b/crypto/pkcs8/p5_pbev2.cc similarity index 100% rename from crypto/pkcs8/p5_pbev2.c rename to crypto/pkcs8/p5_pbev2.cc
diff --git a/crypto/pkcs8/pkcs8.c b/crypto/pkcs8/pkcs8.cc similarity index 66% rename from crypto/pkcs8/pkcs8.c rename to crypto/pkcs8/pkcs8.cc index 07d5de8..9c755f5 100644 --- a/crypto/pkcs8/pkcs8.c +++ b/crypto/pkcs8/pkcs8.cc
@@ -67,9 +67,9 @@ #include <openssl/nid.h> #include <openssl/rand.h> -#include "internal.h" #include "../bytestring/internal.h" #include "../internal.h" +#include "internal.h" static int pkcs12_encode_password(const char *in, size_t in_len, uint8_t **out, @@ -85,16 +85,14 @@ CBS_init(&cbs, (const uint8_t *)in, in_len); while (CBS_len(&cbs) != 0) { uint32_t c; - if (!CBS_get_utf8(&cbs, &c) || - !CBB_add_ucs2_be(&cbb, c)) { + if (!CBS_get_utf8(&cbs, &c) || !CBB_add_ucs2_be(&cbb, c)) { OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_INVALID_CHARACTERS); goto err; } } // Terminate the result with a UCS-2 NUL. - if (!CBB_add_ucs2_be(&cbb, 0) || - !CBB_finish(&cbb, out, out_len)) { + if (!CBB_add_ucs2_be(&cbb, 0) || !CBB_finish(&cbb, out, out_len)) { goto err; } @@ -121,105 +119,108 @@ EVP_MD_CTX_init(&ctx); uint8_t *pass_raw = NULL, *I = NULL; size_t pass_raw_len = 0, I_len = 0; - // If |pass| is NULL, we use the empty string rather than {0, 0} as the raw - // password. - if (pass != NULL && - !pkcs12_encode_password(pass, pass_len, &pass_raw, &pass_raw_len)) { - goto err; - } - // In the spec, |block_size| is called "v", but measured in bits. - size_t block_size = EVP_MD_block_size(md); - - // 1. Construct a string, D (the "diversifier"), by concatenating v/8 copies - // of ID. - uint8_t D[EVP_MAX_MD_BLOCK_SIZE]; - OPENSSL_memset(D, id, block_size); - - // 2. Concatenate copies of the salt together to create a string S of length - // v(ceiling(s/v)) bits (the final copy of the salt may be truncated to - // create S). Note that if the salt is the empty string, then so is S. - // - // 3. Concatenate copies of the password together to create a string P of - // length v(ceiling(p/v)) bits (the final copy of the password may be - // truncated to create P). Note that if the password is the empty string, - // then so is P. - // - // 4. Set I=S||P to be the concatenation of S and P. - if (salt_len + block_size - 1 < salt_len || - pass_raw_len + block_size - 1 < pass_raw_len) { - OPENSSL_PUT_ERROR(PKCS8, ERR_R_OVERFLOW); - goto err; - } - size_t S_len = block_size * ((salt_len + block_size - 1) / block_size); - size_t P_len = block_size * ((pass_raw_len + block_size - 1) / block_size); - I_len = S_len + P_len; - if (I_len < S_len) { - OPENSSL_PUT_ERROR(PKCS8, ERR_R_OVERFLOW); - goto err; - } - - I = OPENSSL_malloc(I_len); - if (I_len != 0 && I == NULL) { - goto err; - } - - for (size_t i = 0; i < S_len; i++) { - I[i] = salt[i % salt_len]; - } - for (size_t i = 0; i < P_len; i++) { - I[i + S_len] = pass_raw[i % pass_raw_len]; - } - - while (out_len != 0) { - // A. Set A_i=H^r(D||I). (i.e., the r-th hash of D||I, - // H(H(H(... H(D||I)))) - uint8_t A[EVP_MAX_MD_SIZE]; - unsigned A_len; - if (!EVP_DigestInit_ex(&ctx, md, NULL) || - !EVP_DigestUpdate(&ctx, D, block_size) || - !EVP_DigestUpdate(&ctx, I, I_len) || - !EVP_DigestFinal_ex(&ctx, A, &A_len)) { + { + // If |pass| is NULL, we use the empty string rather than {0, 0} as the raw + // password. + if (pass != NULL && + !pkcs12_encode_password(pass, pass_len, &pass_raw, &pass_raw_len)) { goto err; } - for (uint32_t iter = 1; iter < iterations; iter++) { + + // In the spec, |block_size| is called "v", but measured in bits. + size_t block_size = EVP_MD_block_size(md); + + // 1. Construct a string, D (the "diversifier"), by concatenating v/8 copies + // of ID. + uint8_t D[EVP_MAX_MD_BLOCK_SIZE]; + OPENSSL_memset(D, id, block_size); + + // 2. Concatenate copies of the salt together to create a string S of length + // v(ceiling(s/v)) bits (the final copy of the salt may be truncated to + // create S). Note that if the salt is the empty string, then so is S. + // + // 3. Concatenate copies of the password together to create a string P of + // length v(ceiling(p/v)) bits (the final copy of the password may be + // truncated to create P). Note that if the password is the empty string, + // then so is P. + // + // 4. Set I=S||P to be the concatenation of S and P. + if (salt_len + block_size - 1 < salt_len || + pass_raw_len + block_size - 1 < pass_raw_len) { + OPENSSL_PUT_ERROR(PKCS8, ERR_R_OVERFLOW); + goto err; + } + size_t S_len = block_size * ((salt_len + block_size - 1) / block_size); + size_t P_len = block_size * ((pass_raw_len + block_size - 1) / block_size); + I_len = S_len + P_len; + if (I_len < S_len) { + OPENSSL_PUT_ERROR(PKCS8, ERR_R_OVERFLOW); + goto err; + } + + I = reinterpret_cast<uint8_t *>(OPENSSL_malloc(I_len)); + if (I_len != 0 && I == NULL) { + goto err; + } + + for (size_t i = 0; i < S_len; i++) { + I[i] = salt[i % salt_len]; + } + for (size_t i = 0; i < P_len; i++) { + I[i + S_len] = pass_raw[i % pass_raw_len]; + } + + while (out_len != 0) { + // A. Set A_i=H^r(D||I). (i.e., the r-th hash of D||I, + // H(H(H(... H(D||I)))) + uint8_t A[EVP_MAX_MD_SIZE]; + unsigned A_len; if (!EVP_DigestInit_ex(&ctx, md, NULL) || - !EVP_DigestUpdate(&ctx, A, A_len) || + !EVP_DigestUpdate(&ctx, D, block_size) || + !EVP_DigestUpdate(&ctx, I, I_len) || !EVP_DigestFinal_ex(&ctx, A, &A_len)) { goto err; } - } + for (uint32_t iter = 1; iter < iterations; iter++) { + if (!EVP_DigestInit_ex(&ctx, md, NULL) || + !EVP_DigestUpdate(&ctx, A, A_len) || + !EVP_DigestFinal_ex(&ctx, A, &A_len)) { + goto err; + } + } - size_t todo = out_len < A_len ? out_len : A_len; - OPENSSL_memcpy(out, A, todo); - out += todo; - out_len -= todo; - if (out_len == 0) { - break; - } + size_t todo = out_len < A_len ? out_len : A_len; + OPENSSL_memcpy(out, A, todo); + out += todo; + out_len -= todo; + if (out_len == 0) { + break; + } - // B. Concatenate copies of A_i to create a string B of length v bits (the - // final copy of A_i may be truncated to create B). - uint8_t B[EVP_MAX_MD_BLOCK_SIZE]; - for (size_t i = 0; i < block_size; i++) { - B[i] = A[i % A_len]; - } + // B. Concatenate copies of A_i to create a string B of length v bits (the + // final copy of A_i may be truncated to create B). + uint8_t B[EVP_MAX_MD_BLOCK_SIZE]; + for (size_t i = 0; i < block_size; i++) { + B[i] = A[i % A_len]; + } - // C. Treating I as a concatenation I_0, I_1, ..., I_(k-1) of v-bit blocks, - // where k=ceiling(s/v)+ceiling(p/v), modify I by setting I_j=(I_j+B+1) mod - // 2^v for each j. - assert(I_len % block_size == 0); - for (size_t i = 0; i < I_len; i += block_size) { - unsigned carry = 1; - for (size_t j = block_size - 1; j < block_size; j--) { - carry += I[i + j] + B[j]; - I[i + j] = (uint8_t)carry; - carry >>= 8; + // C. Treating I as a concatenation I_0, I_1, ..., I_(k-1) of v-bit + // blocks, where k=ceiling(s/v)+ceiling(p/v), modify I by setting + // I_j=(I_j+B+1) mod 2^v for each j. + assert(I_len % block_size == 0); + for (size_t i = 0; i < I_len; i += block_size) { + unsigned carry = 1; + for (size_t j = block_size - 1; j < block_size; j--) { + carry += I[i + j] + B[j]; + I[i + j] = (uint8_t)carry; + carry >>= 8; + } } } - } - ret = 1; + ret = 1; + } err: OPENSSL_free(I); @@ -260,8 +261,7 @@ if (!CBS_get_asn1(param, &pbe_param, CBS_ASN1_SEQUENCE) || !CBS_get_asn1(&pbe_param, &salt, CBS_ASN1_OCTETSTRING) || !CBS_get_asn1_uint64(&pbe_param, &iterations) || - CBS_len(&pbe_param) != 0 || - CBS_len(param) != 0) { + CBS_len(&pbe_param) != 0 || CBS_len(param) != 0) { OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_DECODE_ERROR); return 0; } @@ -319,8 +319,7 @@ for (unsigned i = 0; i < OPENSSL_ARRAY_SIZE(kBuiltinPBE); i++) { if (kBuiltinPBE[i].pbe_nid == pbe_nid && // If |cipher_func| or |md_func| are missing, this is a PBES2 scheme. - kBuiltinPBE[i].cipher_func != NULL && - kBuiltinPBE[i].md_func != NULL) { + kBuiltinPBE[i].cipher_func != NULL && kBuiltinPBE[i].md_func != NULL) { return &kBuiltinPBE[i]; } } @@ -346,8 +345,7 @@ !CBB_add_asn1(&algorithm, ¶m, CBS_ASN1_SEQUENCE) || !CBB_add_asn1(¶m, &salt_cbb, CBS_ASN1_OCTETSTRING) || !CBB_add_bytes(&salt_cbb, salt, salt_len) || - !CBB_add_asn1_uint64(¶m, iterations) || - !CBB_flush(out)) { + !CBB_add_asn1_uint64(¶m, iterations) || !CBB_flush(out)) { return 0; } @@ -359,17 +357,18 @@ const char *pass, size_t pass_len, const uint8_t *in, size_t in_len) { int ret = 0; - uint8_t *buf = NULL;; + uint8_t *buf = NULL; + ; EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(&ctx); CBS obj; + const struct pbe_suite *suite = NULL; if (!CBS_get_asn1(algorithm, &obj, CBS_ASN1_OBJECT)) { OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_DECODE_ERROR); goto err; } - const struct pbe_suite *suite = NULL; for (unsigned i = 0; i < OPENSSL_ARRAY_SIZE(kBuiltinPBE); i++) { if (CBS_mem_equal(&obj, kBuiltinPBE[i].oid, kBuiltinPBE[i].oid_len)) { suite = &kBuiltinPBE[i]; @@ -386,7 +385,7 @@ goto err; } - buf = OPENSSL_malloc(in_len); + buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(in_len)); if (buf == NULL) { goto err; } @@ -450,74 +449,76 @@ EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(&ctx); - // Generate a random salt if necessary. - if (salt == NULL) { - if (salt_len == 0) { - salt_len = PKCS5_SALT_LEN; + { + // Generate a random salt if necessary. + if (salt == NULL) { + if (salt_len == 0) { + salt_len = PKCS5_SALT_LEN; + } + + salt_buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(salt_len)); + if (salt_buf == NULL || !RAND_bytes(salt_buf, salt_len)) { + goto err; + } + + salt = salt_buf; } - salt_buf = OPENSSL_malloc(salt_len); - if (salt_buf == NULL || - !RAND_bytes(salt_buf, salt_len)) { + if (iterations <= 0) { + iterations = PKCS12_DEFAULT_ITER; + } + + // Serialize the input key. + CBB plaintext_cbb; + if (!CBB_init(&plaintext_cbb, 128) || + !EVP_marshal_private_key(&plaintext_cbb, pkey) || + !CBB_finish(&plaintext_cbb, &plaintext, &plaintext_len)) { + CBB_cleanup(&plaintext_cbb); goto err; } - salt = salt_buf; - } + CBB epki; + if (!CBB_add_asn1(out, &epki, CBS_ASN1_SEQUENCE)) { + goto err; + } - if (iterations <= 0) { - iterations = PKCS12_DEFAULT_ITER; - } + // TODO(davidben): OpenSSL has since extended |pbe_nid| to control either + // the PBES1 scheme or the PBES2 PRF. E.g. passing |NID_hmacWithSHA256| will + // select PBES2 with HMAC-SHA256 as the PRF. Implement this if anything uses + // it. See 5693a30813a031d3921a016a870420e7eb93ec90 in OpenSSL. + int alg_ok; + if (pbe_nid == -1) { + alg_ok = + PKCS5_pbe2_encrypt_init(&epki, &ctx, cipher, (uint32_t)iterations, + pass, pass_len, salt, salt_len); + } else { + alg_ok = + pkcs12_pbe_encrypt_init(&epki, &ctx, pbe_nid, (uint32_t)iterations, + pass, pass_len, salt, salt_len); + } + if (!alg_ok) { + goto err; + } - // Serialize the input key. - CBB plaintext_cbb; - if (!CBB_init(&plaintext_cbb, 128) || - !EVP_marshal_private_key(&plaintext_cbb, pkey) || - !CBB_finish(&plaintext_cbb, &plaintext, &plaintext_len)) { - CBB_cleanup(&plaintext_cbb); - goto err; - } + size_t max_out = plaintext_len + EVP_CIPHER_CTX_block_size(&ctx); + if (max_out < plaintext_len) { + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_TOO_LONG); + goto err; + } - CBB epki; - if (!CBB_add_asn1(out, &epki, CBS_ASN1_SEQUENCE)) { - goto err; - } + CBB ciphertext; + uint8_t *ptr; + int n1, n2; + if (!CBB_add_asn1(&epki, &ciphertext, CBS_ASN1_OCTETSTRING) || + !CBB_reserve(&ciphertext, &ptr, max_out) || + !EVP_CipherUpdate(&ctx, ptr, &n1, plaintext, plaintext_len) || + !EVP_CipherFinal_ex(&ctx, ptr + n1, &n2) || + !CBB_did_write(&ciphertext, n1 + n2) || !CBB_flush(out)) { + goto err; + } - // TODO(davidben): OpenSSL has since extended |pbe_nid| to control either the - // PBES1 scheme or the PBES2 PRF. E.g. passing |NID_hmacWithSHA256| will - // select PBES2 with HMAC-SHA256 as the PRF. Implement this if anything uses - // it. See 5693a30813a031d3921a016a870420e7eb93ec90 in OpenSSL. - int alg_ok; - if (pbe_nid == -1) { - alg_ok = PKCS5_pbe2_encrypt_init(&epki, &ctx, cipher, (uint32_t)iterations, - pass, pass_len, salt, salt_len); - } else { - alg_ok = pkcs12_pbe_encrypt_init(&epki, &ctx, pbe_nid, (uint32_t)iterations, - pass, pass_len, salt, salt_len); + ret = 1; } - if (!alg_ok) { - goto err; - } - - size_t max_out = plaintext_len + EVP_CIPHER_CTX_block_size(&ctx); - if (max_out < plaintext_len) { - OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_TOO_LONG); - goto err; - } - - CBB ciphertext; - uint8_t *ptr; - int n1, n2; - if (!CBB_add_asn1(&epki, &ciphertext, CBS_ASN1_OCTETSTRING) || - !CBB_reserve(&ciphertext, &ptr, max_out) || - !EVP_CipherUpdate(&ctx, ptr, &n1, plaintext, plaintext_len) || - !EVP_CipherFinal_ex(&ctx, ptr + n1, &n2) || - !CBB_did_write(&ciphertext, n1 + n2) || - !CBB_flush(out)) { - goto err; - } - - ret = 1; err: OPENSSL_free(plaintext);
diff --git a/crypto/pkcs8/pkcs8_x509.c b/crypto/pkcs8/pkcs8_x509.cc similarity index 90% rename from crypto/pkcs8/pkcs8_x509.c rename to crypto/pkcs8/pkcs8_x509.cc index f17ee1f..21b710c 100644 --- a/crypto/pkcs8/pkcs8_x509.c +++ b/crypto/pkcs8/pkcs8_x509.cc
@@ -57,14 +57,14 @@ #include <limits.h> -#include <openssl/asn1t.h> #include <openssl/asn1.h> +#include <openssl/asn1t.h> #include <openssl/bio.h> #include <openssl/buf.h> #include <openssl/bytestring.h> +#include <openssl/digest.h> #include <openssl/err.h> #include <openssl/evp.h> -#include <openssl/digest.h> #include <openssl/hmac.h> #include <openssl/mem.h> #include <openssl/rand.h> @@ -126,13 +126,12 @@ CBB cbb; uint8_t *der = NULL; size_t der_len; - if (!CBB_init(&cbb, 0) || - !EVP_marshal_private_key(&cbb, pkey) || - !CBB_finish(&cbb, &der, &der_len) || - der_len > LONG_MAX) { + if (!CBB_init(&cbb, 0) || !EVP_marshal_private_key(&cbb, pkey) || + !CBB_finish(&cbb, &der, &der_len) || der_len > LONG_MAX) { CBB_cleanup(&cbb); OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_ENCODE_ERROR); - goto err; + OPENSSL_free(der); + return NULL; } const uint8_t *p = der; @@ -203,6 +202,7 @@ X509_SIG *ret = NULL; uint8_t *der = NULL; + const uint8_t *ptr; size_t der_len; CBB cbb; if (!CBB_init(&cbb, 128) || @@ -215,7 +215,7 @@ } // Convert back to legacy ASN.1 objects. - const uint8_t *ptr = der; + ptr = der; ret = d2i_X509_SIG(NULL, &ptr, der_len); if (ret == NULL || ptr != der + der_len) { OPENSSL_PUT_ERROR(PKCS8, ERR_R_INTERNAL_ERROR); @@ -255,8 +255,7 @@ } CBS child; - if (!CBS_get_asn1(&in, &child, CBS_ASN1_SEQUENCE) || - CBS_len(&in) != 0) { + if (!CBS_get_asn1(&in, &child, CBS_ASN1_SEQUENCE) || CBS_len(&in) != 0) { OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); goto err; } @@ -318,8 +317,7 @@ CBS attr, oid, values; if (!CBS_get_asn1(attrs, &attr, CBS_ASN1_SEQUENCE) || !CBS_get_asn1(&attr, &oid, CBS_ASN1_OBJECT) || - !CBS_get_asn1(&attr, &values, CBS_ASN1_SET) || - CBS_len(&attr) != 0) { + !CBS_get_asn1(&attr, &values, CBS_ASN1_SET) || CBS_len(&attr) != 0) { OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); goto err; } @@ -328,8 +326,7 @@ CBS value; if (*out_friendly_name != NULL || !CBS_get_asn1(&values, &value, CBS_ASN1_BMPSTRING) || - CBS_len(&values) != 0 || - CBS_len(&value) == 0) { + CBS_len(&values) != 0 || CBS_len(&value) == 0) { OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); goto err; } @@ -340,8 +337,7 @@ } while (CBS_len(&value) != 0) { uint32_t c; - if (!CBS_get_ucs2_be(&value, &c) || - !CBB_add_utf8(&cbb, c)) { + if (!CBS_get_ucs2_be(&value, &c) || !CBB_add_utf8(&cbb, c)) { OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_INVALID_CHARACTERS); CBB_cleanup(&cbb); goto err; @@ -454,8 +450,7 @@ int ok = friendly_name_len == 0 || X509_alias_set1(x509, friendly_name, friendly_name_len); OPENSSL_free(friendly_name); - if (!ok || - 0 == sk_X509_push(ctx->out_certs, x509)) { + if (!ok || 0 == sk_X509_push(ctx->out_certs, x509)) { X509_free(x509); return 0; } @@ -485,7 +480,7 @@ if (!CBS_get_asn1(content_info, &content_type, CBS_ASN1_OBJECT) || !CBS_get_asn1(content_info, &wrapped_contents, - CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0) || + CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0) || CBS_len(content_info) != 0) { OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); goto err; @@ -511,9 +506,9 @@ // AlgorithmIdentifier, see // https://tools.ietf.org/html/rfc5280#section-4.1.1.2 !CBS_get_asn1(&eci, &ai, CBS_ASN1_SEQUENCE) || - !CBS_get_asn1_implicit_string( - &eci, &encrypted_contents, &storage, - CBS_ASN1_CONTEXT_SPECIFIC | 0, CBS_ASN1_OCTETSTRING)) { + !CBS_get_asn1_implicit_string(&eci, &encrypted_contents, &storage, + CBS_ASN1_CONTEXT_SPECIFIC | 0, + CBS_ASN1_OCTETSTRING)) { OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); goto err; } @@ -605,8 +600,7 @@ // See ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf, section // four. - if (!CBS_get_asn1(&in, &pfx, CBS_ASN1_SEQUENCE) || - CBS_len(&in) != 0 || + if (!CBS_get_asn1(&in, &pfx, CBS_ASN1_SEQUENCE) || CBS_len(&in) != 0 || !CBS_get_asn1_uint64(&pfx, &version)) { OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); goto err; @@ -636,7 +630,7 @@ // https://tools.ietf.org/html/rfc2315#section-7. if (!CBS_get_asn1(&authsafe, &content_type, CBS_ASN1_OBJECT) || !CBS_get_asn1(&authsafe, &wrapped_authsafes, - CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0)) { + CBS_ASN1_CONTEXT_SPECIFIC | CBS_ASN1_CONSTRUCTED | 0)) { OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_BAD_PKCS12_DATA); goto err; } @@ -742,12 +736,13 @@ PKCS12 *d2i_PKCS12(PKCS12 **out_p12, const uint8_t **ber_bytes, size_t ber_len) { - PKCS12 *p12 = OPENSSL_malloc(sizeof(PKCS12)); + PKCS12 *p12 = reinterpret_cast<PKCS12 *>(OPENSSL_malloc(sizeof(PKCS12))); if (!p12) { return NULL; } - p12->ber_bytes = OPENSSL_memdup(*ber_bytes, ber_len); + p12->ber_bytes = + reinterpret_cast<uint8_t *>(OPENSSL_memdup(*ber_bytes, ber_len)); if (!p12->ber_bytes) { OPENSSL_free(p12); return NULL; @@ -764,7 +759,7 @@ return p12; } -PKCS12* d2i_PKCS12_bio(BIO *bio, PKCS12 **out_p12) { +PKCS12 *d2i_PKCS12_bio(BIO *bio, PKCS12 **out_p12) { size_t used = 0; BUF_MEM *buf; const uint8_t *dummy; @@ -801,13 +796,12 @@ continue; } - if (buf->length > kMaxSize || - BUF_MEM_grow(buf, buf->length * 2) == 0) { + if (buf->length > kMaxSize || BUF_MEM_grow(buf, buf->length * 2) == 0) { goto out; } } - dummy = (uint8_t*) buf->data; + dummy = (uint8_t *)buf->data; ret = d2i_PKCS12(out_p12, &dummy, used); out: @@ -815,7 +809,7 @@ return ret; } -PKCS12* d2i_PKCS12_fp(FILE *fp, PKCS12 **out_p12) { +PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **out_p12) { BIO *bio; PKCS12 *ret; @@ -840,7 +834,8 @@ } if (*out == NULL) { - *out = OPENSSL_memdup(p12->ber_bytes, p12->ber_len); + *out = reinterpret_cast<uint8_t *>( + OPENSSL_memdup(p12->ber_bytes, p12->ber_len)); if (*out == NULL) { return -1; } @@ -968,8 +963,7 @@ CBS_init(&name_cbs, (const uint8_t *)name, name_len); while (CBS_len(&name_cbs) != 0) { uint32_t c; - if (!CBS_get_utf8(&name_cbs, &c) || - !CBB_add_ucs2_be(&value, c)) { + if (!CBS_get_utf8(&name_cbs, &c) || !CBB_add_ucs2_be(&value, c)) { OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_INVALID_CHARACTERS); return 0; } @@ -986,14 +980,13 @@ return 0; } } - return CBB_flush_asn1_set_of(&attrs) && - CBB_flush(bag); + return CBB_flush_asn1_set_of(&attrs) && CBB_flush(bag); } static int add_cert_bag(CBB *cbb, X509 *cert, const char *name, const uint8_t *key_id, size_t key_id_len) { CBB bag, bag_oid, bag_contents, cert_bag, cert_type, wrapped_cert, cert_value; - if (// See https://tools.ietf.org/html/rfc7292#section-4.2. + if ( // See https://tools.ietf.org/html/rfc7292#section-4.2. !CBB_add_asn1(cbb, &bag, CBS_ASN1_SEQUENCE) || !CBB_add_asn1(&bag, &bag_oid, CBS_ASN1_OBJECT) || !CBB_add_bytes(&bag_oid, kCertBag, sizeof(kCertBag)) || @@ -1024,8 +1017,7 @@ name = cert_name; } - if (len < 0 || - !CBB_add_space(&cert_value, &buf, (size_t)len) || + if (len < 0 || !CBB_add_space(&cert_value, &buf, (size_t)len) || i2d_X509(cert, &buf) < 0 || !add_bag_attributes(&bag, name, name_len, key_id, key_id_len) || !CBB_flush(cbb)) { @@ -1067,7 +1059,7 @@ EVP_CIPHER_CTX_init(&ctx); CBB content_info, type, wrapper, encrypted_data, encrypted_content_info, inner_type, encrypted_content; - if (// Add the ContentInfo wrapping. + if ( // Add the ContentInfo wrapping. !CBB_add_asn1(out, &content_info, CBS_ASN1_SEQUENCE) || !CBB_add_asn1(&content_info, &type, CBS_ASN1_OBJECT) || !CBB_add_bytes(&type, kPKCS7EncryptedData, sizeof(kPKCS7EncryptedData)) || @@ -1092,20 +1084,21 @@ goto err; } - size_t max_out = in_len + EVP_CIPHER_CTX_block_size(&ctx); - if (max_out < in_len) { - OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_TOO_LONG); - goto err; - } + { + size_t max_out = in_len + EVP_CIPHER_CTX_block_size(&ctx); + if (max_out < in_len) { + OPENSSL_PUT_ERROR(PKCS8, PKCS8_R_TOO_LONG); + goto err; + } - uint8_t *ptr; - int n1, n2; - if (!CBB_reserve(&encrypted_content, &ptr, max_out) || - !EVP_CipherUpdate(&ctx, ptr, &n1, in, in_len) || - !EVP_CipherFinal_ex(&ctx, ptr + n1, &n2) || - !CBB_did_write(&encrypted_content, n1 + n2) || - !CBB_flush(out)) { - goto err; + uint8_t *ptr; + int n1, n2; + if (!CBB_reserve(&encrypted_content, &ptr, max_out) || + !EVP_CipherUpdate(&ctx, ptr, &n1, in, in_len) || + !EVP_CipherFinal_ex(&ctx, ptr + n1, &n2) || + !CBB_did_write(&encrypted_content, n1 + n2) || !CBB_flush(out)) { + goto err; + } } ret = 1; @@ -1117,7 +1110,7 @@ PKCS12 *PKCS12_create(const char *password, const char *name, const EVP_PKEY *pkey, X509 *cert, - const STACK_OF(X509)* chain, int key_nid, int cert_nid, + const STACK_OF(X509) *chain, int key_nid, int cert_nid, int iterations, int mac_iterations, int key_type) { if (key_nid == 0) { key_nid = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; @@ -1131,8 +1124,8 @@ if (mac_iterations == 0) { mac_iterations = 1; } - if (// In OpenSSL, this specifies a non-standard Microsoft key usage extension - // which we do not currently support. + if ( // In OpenSSL, this specifies a non-standard Microsoft key usage + // extension which we do not currently support. key_type != 0 || // In OpenSSL, -1 here means to omit the MAC, which we do not // currently support. Omitting it is also invalid for a password-based @@ -1196,8 +1189,7 @@ CBB cbb, pfx, auth_safe, auth_safe_oid, auth_safe_wrapper, auth_safe_data, content_infos; uint8_t mac_key[EVP_MAX_MD_SIZE]; - if (!CBB_init(&cbb, 0) || - !CBB_add_asn1(&cbb, &pfx, CBS_ASN1_SEQUENCE) || + if (!CBB_init(&cbb, 0) || !CBB_add_asn1(&cbb, &pfx, CBS_ASN1_SEQUENCE) || !CBB_add_asn1_uint64(&pfx, 3) || // auth_safe is a data ContentInfo. !CBB_add_asn1(&pfx, &auth_safe, CBS_ASN1_SEQUENCE) || @@ -1256,7 +1248,7 @@ if (pkey != NULL) { CBB content_info, oid, wrapper, data, safe_contents, bag, bag_oid, bag_contents; - if (// Add another data ContentInfo. + if ( // Add another data ContentInfo. !CBB_add_asn1(&content_infos, &content_info, CBS_ASN1_SEQUENCE) || !CBB_add_asn1(&content_info, &oid, CBS_ASN1_OBJECT) || !CBB_add_bytes(&oid, kPKCS7Data, sizeof(kPKCS7Data)) || @@ -1298,43 +1290,44 @@ } } - // Compute the MAC. Match OpenSSL in using SHA-1 as the hash function. The MAC - // covers |auth_safe_data|. - const EVP_MD *mac_md = EVP_sha1(); - uint8_t mac_salt[PKCS5_SALT_LEN]; - uint8_t mac[EVP_MAX_MD_SIZE]; - unsigned mac_len; - if (!CBB_flush(&auth_safe_data) || - !RAND_bytes(mac_salt, sizeof(mac_salt)) || - !pkcs12_key_gen(password, password_len, mac_salt, sizeof(mac_salt), - PKCS12_MAC_ID, mac_iterations, EVP_MD_size(mac_md), - mac_key, mac_md) || - !HMAC(mac_md, mac_key, EVP_MD_size(mac_md), CBB_data(&auth_safe_data), - CBB_len(&auth_safe_data), mac, &mac_len)) { - goto err; - } + { + // Compute the MAC. Match OpenSSL in using SHA-1 as the hash function. The + // MAC covers |auth_safe_data|. + const EVP_MD *mac_md = EVP_sha1(); + uint8_t mac_salt[PKCS5_SALT_LEN]; + uint8_t mac[EVP_MAX_MD_SIZE]; + unsigned mac_len; + if (!CBB_flush(&auth_safe_data) || + !RAND_bytes(mac_salt, sizeof(mac_salt)) || + !pkcs12_key_gen(password, password_len, mac_salt, sizeof(mac_salt), + PKCS12_MAC_ID, mac_iterations, EVP_MD_size(mac_md), + mac_key, mac_md) || + !HMAC(mac_md, mac_key, EVP_MD_size(mac_md), CBB_data(&auth_safe_data), + CBB_len(&auth_safe_data), mac, &mac_len)) { + goto err; + } - CBB mac_data, digest_info, mac_cbb, mac_salt_cbb; - if (!CBB_add_asn1(&pfx, &mac_data, CBS_ASN1_SEQUENCE) || - !CBB_add_asn1(&mac_data, &digest_info, CBS_ASN1_SEQUENCE) || - !EVP_marshal_digest_algorithm(&digest_info, mac_md) || - !CBB_add_asn1(&digest_info, &mac_cbb, CBS_ASN1_OCTETSTRING) || - !CBB_add_bytes(&mac_cbb, mac, mac_len) || - !CBB_add_asn1(&mac_data, &mac_salt_cbb, CBS_ASN1_OCTETSTRING) || - !CBB_add_bytes(&mac_salt_cbb, mac_salt, sizeof(mac_salt)) || - // The iteration count has a DEFAULT of 1, but RFC 7292 says "The default - // is for historical reasons and its use is deprecated." Thus we - // explicitly encode the iteration count, though it is not valid DER. - !CBB_add_asn1_uint64(&mac_data, mac_iterations)) { - goto err; - } + CBB mac_data, digest_info, mac_cbb, mac_salt_cbb; + if (!CBB_add_asn1(&pfx, &mac_data, CBS_ASN1_SEQUENCE) || + !CBB_add_asn1(&mac_data, &digest_info, CBS_ASN1_SEQUENCE) || + !EVP_marshal_digest_algorithm(&digest_info, mac_md) || + !CBB_add_asn1(&digest_info, &mac_cbb, CBS_ASN1_OCTETSTRING) || + !CBB_add_bytes(&mac_cbb, mac, mac_len) || + !CBB_add_asn1(&mac_data, &mac_salt_cbb, CBS_ASN1_OCTETSTRING) || + !CBB_add_bytes(&mac_salt_cbb, mac_salt, sizeof(mac_salt)) || + // The iteration count has a DEFAULT of 1, but RFC 7292 says "The + // default is for historical reasons and its use is deprecated." Thus we + // explicitly encode the iteration count, though it is not valid DER. + !CBB_add_asn1_uint64(&mac_data, mac_iterations)) { + goto err; + } - ret = OPENSSL_malloc(sizeof(PKCS12)); - if (ret == NULL || - !CBB_finish(&cbb, &ret->ber_bytes, &ret->ber_len)) { - OPENSSL_free(ret); - ret = NULL; - goto err; + ret = reinterpret_cast<PKCS12 *>(OPENSSL_malloc(sizeof(PKCS12))); + if (ret == NULL || !CBB_finish(&cbb, &ret->ber_bytes, &ret->ber_len)) { + OPENSSL_free(ret); + ret = NULL; + goto err; + } } err:
diff --git a/crypto/poly1305/poly1305.c b/crypto/poly1305/poly1305.cc similarity index 98% rename from crypto/poly1305/poly1305.c rename to crypto/poly1305/poly1305.cc index 12f49bb..9f2a9b9 100644 --- a/crypto/poly1305/poly1305.c +++ b/crypto/poly1305/poly1305.cc
@@ -21,8 +21,8 @@ #include <assert.h> #include <string.h> -#include "internal.h" #include "../internal.h" +#include "internal.h" #if !defined(BORINGSSL_HAS_UINT128) || !defined(OPENSSL_X86_64) @@ -44,7 +44,7 @@ static inline struct poly1305_state_st *poly1305_aligned_state( poly1305_state *state) { - return align_pointer(state, 64); + return reinterpret_cast<poly1305_state_st *>(align_pointer(state, 64)); } // poly1305_blocks updates |state| given some amount of input data. This
diff --git a/crypto/poly1305/poly1305_arm.c b/crypto/poly1305/poly1305_arm.cc similarity index 98% rename from crypto/poly1305/poly1305_arm.c rename to crypto/poly1305/poly1305_arm.cc index d01e0b7..7ec44aa 100644 --- a/crypto/poly1305/poly1305_arm.c +++ b/crypto/poly1305/poly1305_arm.cc
@@ -33,11 +33,13 @@ #define addmulmod openssl_poly1305_neon2_addmulmod #define blocks openssl_poly1305_neon2_blocks +extern "C" { extern void addmulmod(fe1305x2 *r, const fe1305x2 *x, const fe1305x2 *y, const fe1305x2 *c); extern int blocks(fe1305x2 *h, const fe1305x2 *precomp, const uint8_t *in, size_t inlen); +} static void freeze(fe1305x2 *r) { int i; @@ -175,7 +177,7 @@ } } -static const alignas(16) fe1305x2 zero; +static const fe1305x2 zero alignas(16) = {0}; struct poly1305_state_st { uint8_t data[sizeof(fe1305x2[5]) + 128];
diff --git a/crypto/poly1305/poly1305_vec.c b/crypto/poly1305/poly1305_vec.cc similarity index 100% rename from crypto/poly1305/poly1305_vec.c rename to crypto/poly1305/poly1305_vec.cc
diff --git a/crypto/pool/pool.c b/crypto/pool/pool.cc similarity index 91% rename from crypto/pool/pool.c rename to crypto/pool/pool.cc index fc04840..14f35fb 100644 --- a/crypto/pool/pool.c +++ b/crypto/pool/pool.cc
@@ -41,8 +41,9 @@ return OPENSSL_memcmp(a->data, b->data, a->len); } -CRYPTO_BUFFER_POOL* CRYPTO_BUFFER_POOL_new(void) { - CRYPTO_BUFFER_POOL *pool = OPENSSL_zalloc(sizeof(CRYPTO_BUFFER_POOL)); +CRYPTO_BUFFER_POOL *CRYPTO_BUFFER_POOL_new(void) { + CRYPTO_BUFFER_POOL *pool = reinterpret_cast<CRYPTO_BUFFER_POOL *>( + OPENSSL_zalloc(sizeof(CRYPTO_BUFFER_POOL))); if (pool == NULL) { return NULL; } @@ -87,7 +88,7 @@ CRYPTO_BUFFER_POOL *pool) { if (pool != NULL) { CRYPTO_BUFFER tmp; - tmp.data = (uint8_t *) data; + tmp.data = (uint8_t *)data; tmp.len = len; tmp.pool = pool; @@ -108,7 +109,8 @@ } } - CRYPTO_BUFFER *const buf = OPENSSL_zalloc(sizeof(CRYPTO_BUFFER)); + CRYPTO_BUFFER *const buf = + reinterpret_cast<CRYPTO_BUFFER *>(OPENSSL_zalloc(sizeof(CRYPTO_BUFFER))); if (buf == NULL) { return NULL; } @@ -117,7 +119,7 @@ buf->data = (uint8_t *)data; buf->data_is_static = 1; } else { - buf->data = OPENSSL_memdup(data, len); + buf->data = reinterpret_cast<uint8_t *>(OPENSSL_memdup(data, len)); if (len != 0 && buf->data == NULL) { OPENSSL_free(buf); return NULL; @@ -168,12 +170,13 @@ } CRYPTO_BUFFER *CRYPTO_BUFFER_alloc(uint8_t **out_data, size_t len) { - CRYPTO_BUFFER *const buf = OPENSSL_zalloc(sizeof(CRYPTO_BUFFER)); + CRYPTO_BUFFER *const buf = + reinterpret_cast<CRYPTO_BUFFER *>(OPENSSL_zalloc(sizeof(CRYPTO_BUFFER))); if (buf == NULL) { return NULL; } - buf->data = OPENSSL_malloc(len); + buf->data = reinterpret_cast<uint8_t *>(OPENSSL_malloc(len)); if (len != 0 && buf->data == NULL) { OPENSSL_free(buf); return NULL; @@ -252,9 +255,7 @@ return buf->data; } -size_t CRYPTO_BUFFER_len(const CRYPTO_BUFFER *buf) { - return buf->len; -} +size_t CRYPTO_BUFFER_len(const CRYPTO_BUFFER *buf) { return buf->len; } void CRYPTO_BUFFER_init_CBS(const CRYPTO_BUFFER *buf, CBS *out) { CBS_init(out, buf->data, buf->len);
diff --git a/crypto/rand_extra/deterministic.c b/crypto/rand_extra/deterministic.cc similarity index 97% rename from crypto/rand_extra/deterministic.c rename to crypto/rand_extra/deterministic.cc index d31d52b..c6baffc 100644 --- a/crypto/rand_extra/deterministic.c +++ b/crypto/rand_extra/deterministic.cc
@@ -39,7 +39,7 @@ void CRYPTO_init_sysrand(void) {} void CRYPTO_sysrand(uint8_t *out, size_t requested) { - static const uint8_t kZeroKey[32]; + static const uint8_t kZeroKey[32] = {0}; CRYPTO_MUTEX_lock_write(&g_num_calls_lock); uint64_t num_calls = g_num_calls++;
diff --git a/crypto/rand_extra/fork_detect.c b/crypto/rand_extra/fork_detect.cc similarity index 95% rename from crypto/rand_extra/fork_detect.c rename to crypto/rand_extra/fork_detect.cc index 99be497..af1e607 100644 --- a/crypto/rand_extra/fork_detect.c +++ b/crypto/rand_extra/fork_detect.cc
@@ -19,20 +19,20 @@ #include "../bcm_support.h" #if defined(OPENSSL_FORK_DETECTION_MADVISE) -#include <unistd.h> -#include <stdlib.h> #include <assert.h> +#include <stdlib.h> #include <sys/mman.h> +#include <unistd.h> #if defined(MADV_WIPEONFORK) static_assert(MADV_WIPEONFORK == 18, "MADV_WIPEONFORK is not 18"); #else #define MADV_WIPEONFORK 18 #endif #elif defined(OPENSSL_FORK_DETECTION_PTHREAD_ATFORK) -#include <unistd.h> -#include <stdlib.h> #include <pthread.h> -#endif // OPENSSL_FORK_DETECTION_MADVISE +#include <stdlib.h> +#include <unistd.h> +#endif // OPENSSL_FORK_DETECTION_PTHREAD_ATFORK #include "../internal.h" @@ -41,7 +41,7 @@ static int g_force_madv_wipeonfork_enabled; static CRYPTO_once_t g_fork_detect_once = CRYPTO_ONCE_INIT; static CRYPTO_MUTEX g_fork_detect_lock = CRYPTO_MUTEX_INIT; -static CRYPTO_atomic_u32 * g_fork_detect_addr; +static CRYPTO_atomic_u32 *g_fork_detect_addr; static uint64_t g_fork_generation; static void init_fork_detect(void) { @@ -71,10 +71,10 @@ return; } - CRYPTO_atomic_store_u32(addr, 1); - g_fork_detect_addr = addr; + CRYPTO_atomic_u32 *const atomic = reinterpret_cast<CRYPTO_atomic_u32 *>(addr); + CRYPTO_atomic_store_u32(atomic, 1); + g_fork_detect_addr = atomic; g_fork_generation = 1; - } uint64_t CRYPTO_get_fork_generation(void) { @@ -95,8 +95,7 @@ if (flag_ptr == NULL) { // Our kernel is too old to support |MADV_WIPEONFORK| or // |g_force_madv_wipeonfork| is set. - if (g_force_madv_wipeonfork && - g_force_madv_wipeonfork_enabled) { + if (g_force_madv_wipeonfork && g_force_madv_wipeonfork_enabled) { // A constant generation number to simulate support, even if the kernel // doesn't support it. return 42;
diff --git a/crypto/rand_extra/forkunsafe.c b/crypto/rand_extra/forkunsafe.cc similarity index 96% rename from crypto/rand_extra/forkunsafe.c rename to crypto/rand_extra/forkunsafe.cc index 5bdcad3..7161bb9 100644 --- a/crypto/rand_extra/forkunsafe.c +++ b/crypto/rand_extra/forkunsafe.cc
@@ -22,7 +22,7 @@ // g_buffering_enabled is one if fork-unsafe buffering has been enabled and zero // otherwise. -static CRYPTO_atomic_u32 g_buffering_enabled = 0; +static CRYPTO_atomic_u32 g_buffering_enabled; #if !defined(OPENSSL_WINDOWS) void RAND_enable_fork_unsafe_buffering(int fd) {
diff --git a/crypto/rand_extra/getentropy.c b/crypto/rand_extra/getentropy.cc similarity index 100% rename from crypto/rand_extra/getentropy.c rename to crypto/rand_extra/getentropy.cc
diff --git a/crypto/rand_extra/ios.c b/crypto/rand_extra/ios.cc similarity index 100% rename from crypto/rand_extra/ios.c rename to crypto/rand_extra/ios.cc
diff --git a/crypto/rand_extra/passive.c b/crypto/rand_extra/passive.cc similarity index 86% rename from crypto/rand_extra/passive.c rename to crypto/rand_extra/passive.cc index 08e0ad2..ba4aaaf 100644 --- a/crypto/rand_extra/passive.c +++ b/crypto/rand_extra/passive.cc
@@ -14,12 +14,14 @@ #include <openssl/ctrdrbg.h> -#include "../fipsmodule/bcm_interface.h" #include "../bcm_support.h" +#include "../fipsmodule/bcm_interface.h" #include "../internal.h" #if defined(BORINGSSL_FIPS) +#include <atomic> + // passive_get_seed_entropy writes |out_entropy_len| bytes of entropy, suitable // for seeding a DRBG, to |out_entropy|. It sets |*out_used_cpu| to one if the // entropy came directly from the CPU and zero if it came from the OS. It @@ -41,7 +43,6 @@ #if defined(OPENSSL_ANDROID) #include <errno.h> -#include <stdatomic.h> #include <sys/socket.h> #include <sys/types.h> #include <sys/un.h> @@ -52,7 +53,7 @@ // sticky so if the first attempt to read from the daemon fails it's assumed // that the daemon is not present and no more attempts will be made. If the // first attempt is successful then attempts will be made forever more. -enum socket_history_t { +enum class socket_history_t { // initial value, no connections to the entropy daemon have been made yet. socket_not_yet_attempted = 0, // reading from the entropy daemon was successful @@ -61,8 +62,8 @@ socket_failed, }; -static _Atomic enum socket_history_t g_socket_history = - socket_not_yet_attempted; +static std::atomic<socket_history_t> g_socket_history{ + socket_history_t::socket_not_yet_attempted}; // DAEMON_RESPONSE_LEN is the number of bytes that the entropy daemon replies // with. @@ -78,31 +79,31 @@ abort(); } - const enum socket_history_t socket_history = atomic_load(&g_socket_history); - if (socket_history == socket_failed) { + const socket_history_t socket_history = + g_socket_history.load(std::memory_order_acquire); + if (socket_history == socket_history_t::socket_failed) { return 0; } int ret = 0; + static const char kSocketPath[] = "/dev/socket/prng_seeder"; + struct sockaddr_un sun; + uint8_t buffer[DAEMON_RESPONSE_LEN]; + size_t done = 0; const int sock = socket(AF_UNIX, SOCK_STREAM, 0); if (sock < 0) { goto out; } - struct sockaddr_un sun; memset(&sun, 0, sizeof(sun)); sun.sun_family = AF_UNIX; - static const char kSocketPath[] = "/dev/socket/prng_seeder"; - static_assert(sizeof(kSocketPath) <= UNIX_PATH_MAX, - "kSocketPath too long"); + static_assert(sizeof(kSocketPath) <= UNIX_PATH_MAX, "kSocketPath too long"); OPENSSL_memcpy(sun.sun_path, kSocketPath, sizeof(kSocketPath)); if (connect(sock, (struct sockaddr *)&sun, sizeof(sun))) { goto out; } - uint8_t buffer[DAEMON_RESPONSE_LEN]; - size_t done = 0; while (done < sizeof(buffer)) { ssize_t n; do { @@ -126,12 +127,15 @@ ret = 1; out: - if (socket_history == socket_not_yet_attempted) { - enum socket_history_t expected = socket_history; + if (socket_history == socket_history_t::socket_not_yet_attempted) { + socket_history_t expected = socket_history_t::socket_not_yet_attempted; // If another thread has already updated |g_socket_history| then we defer // to their value. - atomic_compare_exchange_strong(&g_socket_history, &expected, - (ret == 0) ? socket_failed : socket_success); + g_socket_history.compare_exchange_strong( + expected, + (ret == 0) ? socket_history_t::socket_failed + : socket_history_t::socket_success, + std::memory_order_release, std::memory_order_relaxed); } close(sock);
diff --git a/crypto/rand_extra/rand_extra.c b/crypto/rand_extra/rand_extra.cc similarity index 100% rename from crypto/rand_extra/rand_extra.c rename to crypto/rand_extra/rand_extra.cc
diff --git a/crypto/rand_extra/trusty.c b/crypto/rand_extra/trusty.cc similarity index 100% rename from crypto/rand_extra/trusty.c rename to crypto/rand_extra/trusty.cc
diff --git a/crypto/rand_extra/urandom.c b/crypto/rand_extra/urandom.cc similarity index 98% rename from crypto/rand_extra/urandom.c rename to crypto/rand_extra/urandom.cc index 8ad0e96..059f9ae 100644 --- a/crypto/rand_extra/urandom.c +++ b/crypto/rand_extra/urandom.cc
@@ -59,17 +59,19 @@ #endif #endif // OPENSSL_LINUX -#include <openssl/thread.h> #include <openssl/mem.h> +#include <openssl/thread.h> -#include "getrandom_fillin.h" #include "../internal.h" +#include "getrandom_fillin.h" #if defined(USE_NR_getrandom) #if defined(OPENSSL_MSAN) +extern "C" { void __msan_unpoison(void *, size_t); +} #endif static ssize_t boringssl_getrandom(void *buf, size_t buf_len, unsigned flags) { @@ -254,7 +256,7 @@ } #endif -#if defined (USE_NR_getrandom) +#if defined(USE_NR_getrandom) if (seed) { getrandom_flags |= extra_getrandom_flags_for_seed; } @@ -294,9 +296,7 @@ return 1; } -void CRYPTO_init_sysrand(void) { - CRYPTO_once(&rand_once, init_once); -} +void CRYPTO_init_sysrand(void) { CRYPTO_once(&rand_once, init_once); } // CRYPTO_sysrand puts |requested| random bytes into |out|. void CRYPTO_sysrand(uint8_t *out, size_t requested) {
diff --git a/crypto/rand_extra/windows.c b/crypto/rand_extra/windows.cc similarity index 100% rename from crypto/rand_extra/windows.c rename to crypto/rand_extra/windows.cc
diff --git a/crypto/rc4/rc4.c b/crypto/rc4/rc4.cc similarity index 100% rename from crypto/rc4/rc4.c rename to crypto/rc4/rc4.cc
diff --git a/crypto/refcount.c b/crypto/refcount.cc similarity index 100% rename from crypto/refcount.c rename to crypto/refcount.cc
diff --git a/crypto/rsa_extra/rsa_asn1.c b/crypto/rsa_extra/rsa_asn1.cc similarity index 100% rename from crypto/rsa_extra/rsa_asn1.c rename to crypto/rsa_extra/rsa_asn1.cc
diff --git a/crypto/rsa_extra/rsa_crypt.c b/crypto/rsa_extra/rsa_crypt.cc similarity index 83% rename from crypto/rsa_extra/rsa_crypt.c rename to crypto/rsa_extra/rsa_crypt.cc index 742284d..68fcf6e 100644 --- a/crypto/rsa_extra/rsa_crypt.c +++ b/crypto/rsa_extra/rsa_crypt.cc
@@ -58,12 +58,12 @@ #include <limits.h> -#include <openssl/err.h> -#include <openssl/rsa.h> #include <openssl/bn.h> -#include <openssl/rand.h> -#include <openssl/mem.h> +#include <openssl/err.h> #include <openssl/evp.h> +#include <openssl/mem.h> +#include <openssl/rand.h> +#include <openssl/rsa.h> #include "../fipsmodule/bn/internal.h" #include "../fipsmodule/rsa/internal.h" @@ -128,7 +128,7 @@ goto out; } - dbmask = OPENSSL_malloc(emlen - mdlen); + dbmask = reinterpret_cast<uint8_t *>(OPENSSL_malloc(emlen - mdlen)); if (dbmask == NULL) { goto out; } @@ -161,91 +161,94 @@ const EVP_MD *mgf1md) { uint8_t *db = NULL; - if (md == NULL) { - md = EVP_sha1(); + { + if (md == NULL) { + md = EVP_sha1(); + } + if (mgf1md == NULL) { + mgf1md = md; + } + + size_t mdlen = EVP_MD_size(md); + + // The encoded message is one byte smaller than the modulus to ensure that + // it doesn't end up greater than the modulus. Thus there's an extra "+1" + // here compared to https://tools.ietf.org/html/rfc2437#section-9.1.1.2. + if (from_len < 1 + 2 * mdlen + 1) { + // 'from_len' is the length of the modulus, i.e. does not depend on the + // particular ciphertext. + goto decoding_err; + } + + size_t dblen = from_len - mdlen - 1; + db = reinterpret_cast<uint8_t *>(OPENSSL_malloc(dblen)); + if (db == NULL) { + goto err; + } + + const uint8_t *maskedseed = from + 1; + const uint8_t *maskeddb = from + 1 + mdlen; + + uint8_t seed[EVP_MAX_MD_SIZE]; + if (!PKCS1_MGF1(seed, mdlen, maskeddb, dblen, mgf1md)) { + goto err; + } + for (size_t i = 0; i < mdlen; i++) { + seed[i] ^= maskedseed[i]; + } + + if (!PKCS1_MGF1(db, dblen, seed, mdlen, mgf1md)) { + goto err; + } + for (size_t i = 0; i < dblen; i++) { + db[i] ^= maskeddb[i]; + } + + uint8_t phash[EVP_MAX_MD_SIZE]; + if (!EVP_Digest(param, param_len, phash, NULL, md, NULL)) { + goto err; + } + + crypto_word_t bad = + ~constant_time_is_zero_w(CRYPTO_memcmp(db, phash, mdlen)); + bad |= ~constant_time_is_zero_w(from[0]); + + crypto_word_t looking_for_one_byte = CONSTTIME_TRUE_W; + size_t one_index = 0; + for (size_t i = mdlen; i < dblen; i++) { + crypto_word_t equals1 = constant_time_eq_w(db[i], 1); + crypto_word_t equals0 = constant_time_eq_w(db[i], 0); + one_index = + constant_time_select_w(looking_for_one_byte & equals1, i, one_index); + looking_for_one_byte = + constant_time_select_w(equals1, 0, looking_for_one_byte); + bad |= looking_for_one_byte & ~equals0; + } + + bad |= looking_for_one_byte; + + // Whether the overall padding was valid or not in OAEP is public. + if (constant_time_declassify_w(bad)) { + goto decoding_err; + } + + // Once the padding is known to be valid, the output length is also public. + static_assert(sizeof(size_t) <= sizeof(crypto_word_t), + "size_t does not fit in crypto_word_t"); + one_index = constant_time_declassify_w(one_index); + + one_index++; + size_t mlen = dblen - one_index; + if (max_out < mlen) { + OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE); + goto err; + } + + OPENSSL_memcpy(out, db + one_index, mlen); + *out_len = mlen; + OPENSSL_free(db); + return 1; } - if (mgf1md == NULL) { - mgf1md = md; - } - - size_t mdlen = EVP_MD_size(md); - - // The encoded message is one byte smaller than the modulus to ensure that it - // doesn't end up greater than the modulus. Thus there's an extra "+1" here - // compared to https://tools.ietf.org/html/rfc2437#section-9.1.1.2. - if (from_len < 1 + 2 * mdlen + 1) { - // 'from_len' is the length of the modulus, i.e. does not depend on the - // particular ciphertext. - goto decoding_err; - } - - size_t dblen = from_len - mdlen - 1; - db = OPENSSL_malloc(dblen); - if (db == NULL) { - goto err; - } - - const uint8_t *maskedseed = from + 1; - const uint8_t *maskeddb = from + 1 + mdlen; - - uint8_t seed[EVP_MAX_MD_SIZE]; - if (!PKCS1_MGF1(seed, mdlen, maskeddb, dblen, mgf1md)) { - goto err; - } - for (size_t i = 0; i < mdlen; i++) { - seed[i] ^= maskedseed[i]; - } - - if (!PKCS1_MGF1(db, dblen, seed, mdlen, mgf1md)) { - goto err; - } - for (size_t i = 0; i < dblen; i++) { - db[i] ^= maskeddb[i]; - } - - uint8_t phash[EVP_MAX_MD_SIZE]; - if (!EVP_Digest(param, param_len, phash, NULL, md, NULL)) { - goto err; - } - - crypto_word_t bad = ~constant_time_is_zero_w(CRYPTO_memcmp(db, phash, mdlen)); - bad |= ~constant_time_is_zero_w(from[0]); - - crypto_word_t looking_for_one_byte = CONSTTIME_TRUE_W; - size_t one_index = 0; - for (size_t i = mdlen; i < dblen; i++) { - crypto_word_t equals1 = constant_time_eq_w(db[i], 1); - crypto_word_t equals0 = constant_time_eq_w(db[i], 0); - one_index = - constant_time_select_w(looking_for_one_byte & equals1, i, one_index); - looking_for_one_byte = - constant_time_select_w(equals1, 0, looking_for_one_byte); - bad |= looking_for_one_byte & ~equals0; - } - - bad |= looking_for_one_byte; - - // Whether the overall padding was valid or not in OAEP is public. - if (constant_time_declassify_w(bad)) { - goto decoding_err; - } - - // Once the padding is known to be valid, the output length is also public. - static_assert(sizeof(size_t) <= sizeof(crypto_word_t), - "size_t does not fit in crypto_word_t"); - one_index = constant_time_declassify_w(one_index); - - one_index++; - size_t mlen = dblen - one_index; - if (max_out < mlen) { - OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE); - goto err; - } - - OPENSSL_memcpy(out, db + one_index, mlen); - *out_len = mlen; - OPENSSL_free(db); - return 1; decoding_err: // To avoid chosen ciphertext attacks, the error message should not reveal @@ -406,7 +409,7 @@ BN_CTX_start(ctx); f = BN_CTX_get(ctx); result = BN_CTX_get(ctx); - buf = OPENSSL_malloc(rsa_size); + buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(rsa_size)); if (!f || !result || !buf) { goto err; } @@ -483,7 +486,7 @@ buf = out; } else { // Allocate a temporary buffer to hold the padded plaintext. - buf = OPENSSL_malloc(rsa_size); + buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(rsa_size)); if (buf == NULL) { goto err; }
diff --git a/crypto/rsa_extra/rsa_extra.c b/crypto/rsa_extra/rsa_extra.cc similarity index 100% rename from crypto/rsa_extra/rsa_extra.c rename to crypto/rsa_extra/rsa_extra.cc
diff --git a/crypto/rsa_extra/rsa_print.c b/crypto/rsa_extra/rsa_print.cc similarity index 100% rename from crypto/rsa_extra/rsa_print.c rename to crypto/rsa_extra/rsa_print.cc
diff --git a/crypto/sha/sha1.c b/crypto/sha/sha1.cc similarity index 100% rename from crypto/sha/sha1.c rename to crypto/sha/sha1.cc
diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.cc similarity index 100% rename from crypto/sha/sha256.c rename to crypto/sha/sha256.cc
diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.cc similarity index 100% rename from crypto/sha/sha512.c rename to crypto/sha/sha512.cc
diff --git a/crypto/siphash/siphash.c b/crypto/siphash/siphash.cc similarity index 100% rename from crypto/siphash/siphash.c rename to crypto/siphash/siphash.cc
diff --git a/crypto/slhdsa/fors.c b/crypto/slhdsa/fors.cc similarity index 100% rename from crypto/slhdsa/fors.c rename to crypto/slhdsa/fors.cc
diff --git a/crypto/slhdsa/merkle.c b/crypto/slhdsa/merkle.cc similarity index 100% rename from crypto/slhdsa/merkle.c rename to crypto/slhdsa/merkle.cc
diff --git a/crypto/slhdsa/slhdsa.c b/crypto/slhdsa/slhdsa.cc similarity index 100% rename from crypto/slhdsa/slhdsa.c rename to crypto/slhdsa/slhdsa.cc
diff --git a/crypto/slhdsa/thash.c b/crypto/slhdsa/thash.cc similarity index 100% rename from crypto/slhdsa/thash.c rename to crypto/slhdsa/thash.cc
diff --git a/crypto/slhdsa/wots.c b/crypto/slhdsa/wots.cc similarity index 100% rename from crypto/slhdsa/wots.c rename to crypto/slhdsa/wots.cc
diff --git a/crypto/spx/spx.c b/crypto/spx/spx.cc similarity index 100% rename from crypto/spx/spx.c rename to crypto/spx/spx.cc
diff --git a/crypto/spx/spx_address.c b/crypto/spx/spx_address.cc similarity index 100% rename from crypto/spx/spx_address.c rename to crypto/spx/spx_address.cc
diff --git a/crypto/spx/spx_fors.c b/crypto/spx/spx_fors.cc similarity index 100% rename from crypto/spx/spx_fors.c rename to crypto/spx/spx_fors.cc
diff --git a/crypto/spx/spx_merkle.c b/crypto/spx/spx_merkle.cc similarity index 100% rename from crypto/spx/spx_merkle.c rename to crypto/spx/spx_merkle.cc
diff --git a/crypto/spx/spx_thash.c b/crypto/spx/spx_thash.cc similarity index 100% rename from crypto/spx/spx_thash.c rename to crypto/spx/spx_thash.cc
diff --git a/crypto/spx/spx_util.c b/crypto/spx/spx_util.cc similarity index 100% rename from crypto/spx/spx_util.c rename to crypto/spx/spx_util.cc
diff --git a/crypto/spx/spx_wots.c b/crypto/spx/spx_wots.cc similarity index 100% rename from crypto/spx/spx_wots.c rename to crypto/spx/spx_wots.cc
diff --git a/crypto/stack/stack.c b/crypto/stack/stack.cc similarity index 96% rename from crypto/stack/stack.c rename to crypto/stack/stack.cc index 97fae1b..fbf5ea7 100644 --- a/crypto/stack/stack.c +++ b/crypto/stack/stack.cc
@@ -84,12 +84,14 @@ static const size_t kMinSize = 4; OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_cmp_func comp) { - OPENSSL_STACK *ret = OPENSSL_zalloc(sizeof(OPENSSL_STACK)); + OPENSSL_STACK *ret = + reinterpret_cast<OPENSSL_STACK *>(OPENSSL_zalloc(sizeof(OPENSSL_STACK))); if (ret == NULL) { return NULL; } - ret->data = OPENSSL_calloc(kMinSize, sizeof(void *)); + ret->data = + reinterpret_cast<void **>(OPENSSL_calloc(kMinSize, sizeof(void *))); if (ret->data == NULL) { goto err; } @@ -117,7 +119,7 @@ if (sk == NULL || sk->num == 0) { return; } - OPENSSL_memset(sk->data, 0, sizeof(void*) * sk->num); + OPENSSL_memset(sk->data, 0, sizeof(void *) * sk->num); sk->num = 0; sk->sorted = 0; } @@ -197,7 +199,7 @@ return 0; } - data = OPENSSL_realloc(sk->data, alloc_size); + data = reinterpret_cast<void **>(OPENSSL_realloc(sk->data, alloc_size)); if (data == NULL) { return 0; } @@ -367,12 +369,14 @@ return NULL; } - OPENSSL_STACK *ret = OPENSSL_zalloc(sizeof(OPENSSL_STACK)); + OPENSSL_STACK *ret = + reinterpret_cast<OPENSSL_STACK *>(OPENSSL_zalloc(sizeof(OPENSSL_STACK))); if (ret == NULL) { return NULL; } - ret->data = OPENSSL_memdup(sk->data, sizeof(void *) * sk->num_alloc); + ret->data = reinterpret_cast<void **>( + OPENSSL_memdup(sk->data, sizeof(void *) * sk->num_alloc)); if (ret->data == NULL) { goto err; }
diff --git a/crypto/thread.c b/crypto/thread.cc similarity index 100% rename from crypto/thread.c rename to crypto/thread.cc
diff --git a/crypto/thread_none.c b/crypto/thread_none.cc similarity index 100% rename from crypto/thread_none.c rename to crypto/thread_none.cc
diff --git a/crypto/thread_pthread.c b/crypto/thread_pthread.cc similarity index 89% rename from crypto/thread_pthread.c rename to crypto/thread_pthread.cc index a40fbc0..e4c8883 100644 --- a/crypto/thread_pthread.c +++ b/crypto/thread_pthread.cc
@@ -53,9 +53,7 @@ } } -void CRYPTO_MUTEX_cleanup(CRYPTO_MUTEX *lock) { - pthread_rwlock_destroy(lock); -} +void CRYPTO_MUTEX_cleanup(CRYPTO_MUTEX *lock) { pthread_rwlock_destroy(lock); } void CRYPTO_once(CRYPTO_once_t *once, void (*init)(void)) { if (pthread_once(once, init) != 0) { @@ -81,7 +79,7 @@ pthread_mutex_unlock(&g_destructors_lock); unsigned i; - void **pointers = arg; + void **pointers = reinterpret_cast<void **>(arg); for (i = 0; i < NUM_OPENSSL_THREAD_LOCALS; i++) { if (destructors[i] != NULL) { destructors[i](pointers[i]); @@ -106,7 +104,8 @@ return NULL; } - void **pointers = pthread_getspecific(g_thread_local_key); + void **pointers = + reinterpret_cast<void **>(pthread_getspecific(g_thread_local_key)); if (pointers == NULL) { return NULL; } @@ -121,9 +120,11 @@ return 0; } - void **pointers = pthread_getspecific(g_thread_local_key); + void **pointers = + reinterpret_cast<void **>(pthread_getspecific(g_thread_local_key)); if (pointers == NULL) { - pointers = malloc(sizeof(void *) * NUM_OPENSSL_THREAD_LOCALS); + pointers = reinterpret_cast<void **>( + malloc(sizeof(void *) * NUM_OPENSSL_THREAD_LOCALS)); if (pointers == NULL) { destructor(value); return 0;
diff --git a/crypto/thread_win.c b/crypto/thread_win.cc similarity index 88% rename from crypto/thread_win.c rename to crypto/thread_win.cc index 6daa814..c0d794f 100644 --- a/crypto/thread_win.c +++ b/crypto/thread_win.cc
@@ -38,13 +38,9 @@ } } -void CRYPTO_MUTEX_init(CRYPTO_MUTEX *lock) { - InitializeSRWLock(lock); -} +void CRYPTO_MUTEX_init(CRYPTO_MUTEX *lock) { InitializeSRWLock(lock); } -void CRYPTO_MUTEX_lock_read(CRYPTO_MUTEX *lock) { - AcquireSRWLockShared(lock); -} +void CRYPTO_MUTEX_lock_read(CRYPTO_MUTEX *lock) { AcquireSRWLockShared(lock); } void CRYPTO_MUTEX_lock_write(CRYPTO_MUTEX *lock) { AcquireSRWLockExclusive(lock); @@ -90,7 +86,7 @@ return; } - void **pointers = (void**) TlsGetValue(g_thread_local_key); + void **pointers = (void **)TlsGetValue(g_thread_local_key); if (pointers == NULL) { return; } @@ -126,12 +122,10 @@ #define STRINGIFY(x) #x #define EXPAND_AND_STRINGIFY(x) STRINGIFY(x) #ifdef _WIN64 -__pragma(comment(linker, "/INCLUDE:_tls_used")) -__pragma(comment( +__pragma(comment(linker, "/INCLUDE:_tls_used")) __pragma(comment( linker, "/INCLUDE:" EXPAND_AND_STRINGIFY(p_thread_callback_boringssl))) #else -__pragma(comment(linker, "/INCLUDE:__tls_used")) -__pragma(comment( +__pragma(comment(linker, "/INCLUDE:__tls_used")) __pragma(comment( linker, "/INCLUDE:_" EXPAND_AND_STRINGIFY(p_thread_callback_boringssl))) #endif @@ -155,9 +149,13 @@ // .CRT section is merged with .rdata on x64 so it must be constant data. #pragma const_seg(".CRT$XLC") -// When defining a const variable, it must have external linkage to be sure the -// linker doesn't discard it. -extern const PIMAGE_TLS_CALLBACK p_thread_callback_boringssl; + // clang-format off + // When defining a const variable, it must have external linkage to be sure + // the linker doesn't discard it. +extern "C" { + extern const PIMAGE_TLS_CALLBACK p_thread_callback_boringssl; +} +// clang-format on const PIMAGE_TLS_CALLBACK p_thread_callback_boringssl = thread_local_destructor; // Reset the default section. #pragma const_seg() @@ -165,6 +163,11 @@ #else #pragma data_seg(".CRT$XLC") + // clang-format off +extern "C" { + extern PIMAGE_TLS_CALLBACK p_thread_callback_boringssl; +} +// clang-format on PIMAGE_TLS_CALLBACK p_thread_callback_boringssl = thread_local_destructor; // Reset the default section. #pragma data_seg() @@ -184,7 +187,7 @@ // // https://msdn.microsoft.com/en-us/library/windows/desktop/ms686812(v=vs.85).aspx DWORD last_error = GetLastError(); - void **ret = TlsGetValue(g_thread_local_key); + void **ret = reinterpret_cast<void **>(TlsGetValue(g_thread_local_key)); SetLastError(last_error); return ret; } @@ -212,7 +215,8 @@ void **pointers = get_thread_locals(); if (pointers == NULL) { - pointers = malloc(sizeof(void *) * NUM_OPENSSL_THREAD_LOCALS); + pointers = reinterpret_cast<void **>( + malloc(sizeof(void *) * NUM_OPENSSL_THREAD_LOCALS)); if (pointers == NULL) { destructor(value); return 0;
diff --git a/crypto/trust_token/pmbtoken.c b/crypto/trust_token/pmbtoken.cc similarity index 87% rename from crypto/trust_token/pmbtoken.c rename to crypto/trust_token/pmbtoken.cc index 0aa4d09..8381dce 100644 --- a/crypto/trust_token/pmbtoken.c +++ b/crypto/trust_token/pmbtoken.cc
@@ -134,13 +134,11 @@ if (prefix_point) { CBB child; if (!CBB_add_u16_length_prefixed(out, &child) || - !point_to_cbb(&child, group, point) || - !CBB_flush(out)) { + !point_to_cbb(&child, group, point) || !CBB_flush(out)) { return 0; } } else { - if (!point_to_cbb(out, group, point) || - !CBB_flush(out)) { + if (!point_to_cbb(out, group, point) || !CBB_flush(out)) { return 0; } } @@ -186,10 +184,10 @@ const EC_SCALAR *xs, const EC_SCALAR *ys) { const EC_GROUP *group = method->group; EC_JACOBIAN pub[3]; - if (!ec_point_mul_scalar_precomp(group, &pub[0], &method->g_precomp, - x0, &method->h_precomp, y0, NULL, NULL) || - !ec_point_mul_scalar_precomp(group, &pub[1], &method->g_precomp, - x1, &method->h_precomp, y1, NULL, NULL) || + if (!ec_point_mul_scalar_precomp(group, &pub[0], &method->g_precomp, x0, + &method->h_precomp, y0, NULL, NULL) || + !ec_point_mul_scalar_precomp(group, &pub[1], &method->g_precomp, x1, + &method->h_precomp, y1, NULL, NULL) || !ec_point_mul_scalar_precomp(method->group, &pub[2], &method->g_precomp, xs, &method->h_precomp, ys, NULL, NULL)) { OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_KEYGEN_FAILURE); @@ -326,14 +324,16 @@ SHA512_CTX hash_ctx; const EC_GROUP *group = method->group; - STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens = sk_TRUST_TOKEN_PRETOKEN_new_null(); + STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens = + sk_TRUST_TOKEN_PRETOKEN_new_null(); if (pretokens == NULL) { goto err; } for (size_t i = 0; i < count; i++) { // Insert |pretoken| into |pretokens| early to simplify error-handling. - TRUST_TOKEN_PRETOKEN *pretoken = OPENSSL_malloc(sizeof(TRUST_TOKEN_PRETOKEN)); + TRUST_TOKEN_PRETOKEN *pretoken = reinterpret_cast<TRUST_TOKEN_PRETOKEN *>( + OPENSSL_malloc(sizeof(TRUST_TOKEN_PRETOKEN))); if (pretoken == NULL || !sk_TRUST_TOKEN_PRETOKEN_push(pretokens, pretoken)) { TRUST_TOKEN_PRETOKEN_free(pretoken); @@ -424,8 +424,7 @@ !point_to_cbb(&cbb, method->group, S) || !point_to_cbb(&cbb, method->group, W) || !point_to_cbb(&cbb, method->group, K0) || - !point_to_cbb(&cbb, method->group, K1) || - !CBB_finish(&cbb, &buf, &len) || + !point_to_cbb(&cbb, method->group, K1) || !CBB_finish(&cbb, &buf, &len) || !method->hash_c(method->group, out, buf, len)) { goto err; } @@ -492,8 +491,7 @@ if (!CBB_init(&cbb, 0) || !CBB_add_bytes(&cbb, kDLEQBatchLabel, sizeof(kDLEQBatchLabel)) || !CBB_add_bytes(&cbb, CBB_data(points), CBB_len(points)) || - !CBB_add_u16(&cbb, (uint16_t)index) || - !CBB_finish(&cbb, &buf, &len) || + !CBB_add_u16(&cbb, (uint16_t)index) || !CBB_finish(&cbb, &buf, &len) || !method->hash_c(method->group, out, buf, len)) { goto err; } @@ -537,7 +535,7 @@ // Setup the DLEQ proof. EC_SCALAR ks0, ks1; - if (// ks0, ks1 <- Zp + if ( // ks0, ks1 <- Zp !ec_random_nonzero_scalar(group, &ks0, kDefaultAdditionalData) || !ec_random_nonzero_scalar(group, &ks1, kDefaultAdditionalData) || // Ks = ks0*(G;T) + ks1*(H;S) @@ -561,7 +559,7 @@ &priv->pub1_precomp); EC_SCALAR k0, k1, minus_co, uo, vo; - if (// k0, k1 <- Zp + if ( // k0, k1 <- Zp !ec_random_nonzero_scalar(group, &k0, kDefaultAdditionalData) || !ec_random_nonzero_scalar(group, &k1, kDefaultAdditionalData) || // Kb = k0*(G;T) + k1*(H;S) @@ -626,8 +624,7 @@ ec_scalar_add(group, &vs, &ks1, &vs); // Store DLEQ2 proof in transcript. - if (!scalar_to_cbb(cbb, group, &cs) || - !scalar_to_cbb(cbb, group, &us) || + if (!scalar_to_cbb(cbb, group, &cs) || !scalar_to_cbb(cbb, group, &us) || !scalar_to_cbb(cbb, group, &vs)) { return 0; } @@ -658,12 +655,9 @@ ec_scalar_select(group, &v1, mask, &vb, &vo); // Store DLEQOR2 proof in transcript. - if (!scalar_to_cbb(cbb, group, &c0) || - !scalar_to_cbb(cbb, group, &c1) || - !scalar_to_cbb(cbb, group, &u0) || - !scalar_to_cbb(cbb, group, &u1) || - !scalar_to_cbb(cbb, group, &v0) || - !scalar_to_cbb(cbb, group, &v1)) { + if (!scalar_to_cbb(cbb, group, &c0) || !scalar_to_cbb(cbb, group, &c1) || + !scalar_to_cbb(cbb, group, &u0) || !scalar_to_cbb(cbb, group, &u1) || + !scalar_to_cbb(cbb, group, &v0) || !scalar_to_cbb(cbb, group, &v1)) { return 0; } @@ -699,8 +693,7 @@ // Decode the DLEQ proof. EC_SCALAR cs, us, vs; - if (!scalar_from_cbs(cbs, group, &cs) || - !scalar_from_cbs(cbs, group, &us) || + if (!scalar_from_cbs(cbs, group, &cs) || !scalar_from_cbs(cbs, group, &us) || !scalar_from_cbs(cbs, group, &vs)) { OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); return 0; @@ -720,12 +713,9 @@ // Decode the DLEQOR proof. EC_SCALAR c0, c1, u0, u1, v0, v1; - if (!scalar_from_cbs(cbs, group, &c0) || - !scalar_from_cbs(cbs, group, &c1) || - !scalar_from_cbs(cbs, group, &u0) || - !scalar_from_cbs(cbs, group, &u1) || - !scalar_from_cbs(cbs, group, &v0) || - !scalar_from_cbs(cbs, group, &v1)) { + if (!scalar_from_cbs(cbs, group, &c0) || !scalar_from_cbs(cbs, group, &c1) || + !scalar_from_cbs(cbs, group, &u0) || !scalar_from_cbs(cbs, group, &u1) || + !scalar_from_cbs(cbs, group, &v0) || !scalar_from_cbs(cbs, group, &v1)) { OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); return 0; } @@ -736,7 +726,7 @@ EC_SCALAR minus_c0, minus_c1; ec_scalar_neg(group, &minus_c0, &c0); ec_scalar_neg(group, &minus_c1, &c1); - if (// K0 = u0*(G;T) + v0*(H;S) - c0*(pub0;W) + if ( // K0 = u0*(G;T) + v0*(H;S) - c0*(pub0;W) !mul_public_3(group, &jacobians[idx_K00], g, &u0, &method->h, &v0, &pub0, &minus_c0) || !mul_public_3(group, &jacobians[idx_K01], T, &u0, S, &v0, W, &minus_c0) || @@ -800,120 +790,124 @@ } int ret = 0; - EC_JACOBIAN *Tps = OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN)); - EC_JACOBIAN *Sps = OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN)); - EC_JACOBIAN *Wps = OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN)); - EC_JACOBIAN *Wsps = OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN)); - EC_SCALAR *es = OPENSSL_calloc(num_to_issue, sizeof(EC_SCALAR)); + EC_JACOBIAN *Tps = reinterpret_cast<EC_JACOBIAN *>( + OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN))); + EC_JACOBIAN *Sps = reinterpret_cast<EC_JACOBIAN *>( + OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN))); + EC_JACOBIAN *Wps = reinterpret_cast<EC_JACOBIAN *>( + OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN))); + EC_JACOBIAN *Wsps = reinterpret_cast<EC_JACOBIAN *>( + OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN))); + EC_SCALAR *es = reinterpret_cast<EC_SCALAR *>( + OPENSSL_calloc(num_to_issue, sizeof(EC_SCALAR))); CBB batch_cbb; CBB_zero(&batch_cbb); - if (!Tps || - !Sps || - !Wps || - !Wsps || - !es || - !CBB_init(&batch_cbb, 0) || - !point_to_cbb(&batch_cbb, method->group, &key->pubs) || - !point_to_cbb(&batch_cbb, method->group, &key->pub0) || - !point_to_cbb(&batch_cbb, method->group, &key->pub1)) { - goto err; - } - for (size_t i = 0; i < num_to_issue; i++) { - EC_AFFINE Tp_affine; - EC_JACOBIAN Tp; - if (!cbs_get_prefixed_point(cbs, group, &Tp_affine, method->prefix_point)) { + { + if (!Tps || !Sps || !Wps || !Wsps || !es || !CBB_init(&batch_cbb, 0) || + !point_to_cbb(&batch_cbb, method->group, &key->pubs) || + !point_to_cbb(&batch_cbb, method->group, &key->pub0) || + !point_to_cbb(&batch_cbb, method->group, &key->pub1)) { + goto err; + } + + for (size_t i = 0; i < num_to_issue; i++) { + EC_AFFINE Tp_affine; + EC_JACOBIAN Tp; + if (!cbs_get_prefixed_point(cbs, group, &Tp_affine, + method->prefix_point)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); + goto err; + } + ec_affine_to_jacobian(group, &Tp, &Tp_affine); + + EC_SCALAR xb, yb; + BN_ULONG mask = ((BN_ULONG)0) - (private_metadata & 1); + ec_scalar_select(group, &xb, mask, &key->x1, &key->x0); + ec_scalar_select(group, &yb, mask, &key->y1, &key->y0); + + uint8_t s[TRUST_TOKEN_NONCE_SIZE]; + RAND_bytes(s, TRUST_TOKEN_NONCE_SIZE); + // The |jacobians| and |affines| contain Sp, Wp, and Wsp. + EC_JACOBIAN jacobians[3]; + EC_AFFINE affines[3]; + if (!method->hash_s(group, &jacobians[0], &Tp_affine, s) || + !ec_point_mul_scalar_batch(group, &jacobians[1], &Tp, &xb, + &jacobians[0], &yb, NULL, NULL) || + !ec_point_mul_scalar_batch(group, &jacobians[2], &Tp, &key->xs, + &jacobians[0], &key->ys, NULL, NULL) || + !ec_jacobian_to_affine_batch(group, affines, jacobians, 3) || + !CBB_add_bytes(cbb, s, TRUST_TOKEN_NONCE_SIZE) || + !cbb_add_prefixed_point(cbb, group, &affines[1], + method->prefix_point) || + !cbb_add_prefixed_point(cbb, group, &affines[2], + method->prefix_point)) { + goto err; + } + + if (!point_to_cbb(&batch_cbb, group, &Tp_affine) || + !point_to_cbb(&batch_cbb, group, &affines[0]) || + !point_to_cbb(&batch_cbb, group, &affines[1]) || + !point_to_cbb(&batch_cbb, group, &affines[2])) { + goto err; + } + Tps[i] = Tp; + Sps[i] = jacobians[0]; + Wps[i] = jacobians[1]; + Wsps[i] = jacobians[2]; + + if (!CBB_flush(cbb)) { + goto err; + } + } + + // The DLEQ batching construction is described in appendix B of + // https://eprint.iacr.org/2020/072/20200324:214215. Note the additional + // computations all act on public inputs. + for (size_t i = 0; i < num_to_issue; i++) { + if (!hash_c_batch(method, &es[i], &batch_cbb, i)) { + goto err; + } + } + + EC_JACOBIAN Tp_batch, Sp_batch, Wp_batch, Wsp_batch; + if (!ec_point_mul_scalar_public_batch(group, &Tp_batch, + /*g_scalar=*/NULL, Tps, es, + num_to_issue) || + !ec_point_mul_scalar_public_batch(group, &Sp_batch, + /*g_scalar=*/NULL, Sps, es, + num_to_issue) || + !ec_point_mul_scalar_public_batch(group, &Wp_batch, + /*g_scalar=*/NULL, Wps, es, + num_to_issue) || + !ec_point_mul_scalar_public_batch(group, &Wsp_batch, + /*g_scalar=*/NULL, Wsps, es, + num_to_issue)) { + goto err; + } + + CBB proof; + if (!CBB_add_u16_length_prefixed(cbb, &proof) || + !dleq_generate(method, &proof, key, &Tp_batch, &Sp_batch, &Wp_batch, + &Wsp_batch, private_metadata) || + !CBB_flush(cbb)) { + goto err; + } + + // Skip over any unused requests. + size_t point_len = ec_point_byte_len(group, POINT_CONVERSION_UNCOMPRESSED); + size_t token_len = point_len; + if (method->prefix_point) { + token_len += 2; + } + if (!CBS_skip(cbs, token_len * (num_requested - num_to_issue))) { OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); goto err; } - ec_affine_to_jacobian(group, &Tp, &Tp_affine); - EC_SCALAR xb, yb; - BN_ULONG mask = ((BN_ULONG)0) - (private_metadata & 1); - ec_scalar_select(group, &xb, mask, &key->x1, &key->x0); - ec_scalar_select(group, &yb, mask, &key->y1, &key->y0); - - uint8_t s[TRUST_TOKEN_NONCE_SIZE]; - RAND_bytes(s, TRUST_TOKEN_NONCE_SIZE); - // The |jacobians| and |affines| contain Sp, Wp, and Wsp. - EC_JACOBIAN jacobians[3]; - EC_AFFINE affines[3]; - if (!method->hash_s(group, &jacobians[0], &Tp_affine, s) || - !ec_point_mul_scalar_batch(group, &jacobians[1], &Tp, &xb, - &jacobians[0], &yb, NULL, NULL) || - !ec_point_mul_scalar_batch(group, &jacobians[2], &Tp, &key->xs, - &jacobians[0], &key->ys, NULL, NULL) || - !ec_jacobian_to_affine_batch(group, affines, jacobians, 3) || - !CBB_add_bytes(cbb, s, TRUST_TOKEN_NONCE_SIZE) || - !cbb_add_prefixed_point(cbb, group, &affines[1], - method->prefix_point) || - !cbb_add_prefixed_point(cbb, group, &affines[2], - method->prefix_point)) { - goto err; - } - - if (!point_to_cbb(&batch_cbb, group, &Tp_affine) || - !point_to_cbb(&batch_cbb, group, &affines[0]) || - !point_to_cbb(&batch_cbb, group, &affines[1]) || - !point_to_cbb(&batch_cbb, group, &affines[2])) { - goto err; - } - Tps[i] = Tp; - Sps[i] = jacobians[0]; - Wps[i] = jacobians[1]; - Wsps[i] = jacobians[2]; - - if (!CBB_flush(cbb)) { - goto err; - } + ret = 1; } - // The DLEQ batching construction is described in appendix B of - // https://eprint.iacr.org/2020/072/20200324:214215. Note the additional - // computations all act on public inputs. - for (size_t i = 0; i < num_to_issue; i++) { - if (!hash_c_batch(method, &es[i], &batch_cbb, i)) { - goto err; - } - } - - EC_JACOBIAN Tp_batch, Sp_batch, Wp_batch, Wsp_batch; - if (!ec_point_mul_scalar_public_batch(group, &Tp_batch, - /*g_scalar=*/NULL, Tps, es, - num_to_issue) || - !ec_point_mul_scalar_public_batch(group, &Sp_batch, - /*g_scalar=*/NULL, Sps, es, - num_to_issue) || - !ec_point_mul_scalar_public_batch(group, &Wp_batch, - /*g_scalar=*/NULL, Wps, es, - num_to_issue) || - !ec_point_mul_scalar_public_batch(group, &Wsp_batch, - /*g_scalar=*/NULL, Wsps, es, - num_to_issue)) { - goto err; - } - - CBB proof; - if (!CBB_add_u16_length_prefixed(cbb, &proof) || - !dleq_generate(method, &proof, key, &Tp_batch, &Sp_batch, &Wp_batch, - &Wsp_batch, private_metadata) || - !CBB_flush(cbb)) { - goto err; - } - - // Skip over any unused requests. - size_t point_len = ec_point_byte_len(group, POINT_CONVERSION_UNCOMPRESSED); - size_t token_len = point_len; - if (method->prefix_point) { - token_len += 2; - } - if (!CBS_skip(cbs, token_len * (num_requested - num_to_issue))) { - OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); - goto err; - } - - ret = 1; - err: OPENSSL_free(Tps); OPENSSL_free(Sps); @@ -936,20 +930,20 @@ int ok = 0; STACK_OF(TRUST_TOKEN) *ret = sk_TRUST_TOKEN_new_null(); - EC_JACOBIAN *Tps = OPENSSL_calloc(count, sizeof(EC_JACOBIAN)); - EC_JACOBIAN *Sps = OPENSSL_calloc(count, sizeof(EC_JACOBIAN)); - EC_JACOBIAN *Wps = OPENSSL_calloc(count, sizeof(EC_JACOBIAN)); - EC_JACOBIAN *Wsps = OPENSSL_calloc(count, sizeof(EC_JACOBIAN)); - EC_SCALAR *es = OPENSSL_calloc(count, sizeof(EC_SCALAR)); + EC_JACOBIAN *Tps = reinterpret_cast<EC_JACOBIAN *>( + OPENSSL_calloc(count, sizeof(EC_JACOBIAN))); + EC_JACOBIAN *Sps = reinterpret_cast<EC_JACOBIAN *>( + OPENSSL_calloc(count, sizeof(EC_JACOBIAN))); + EC_JACOBIAN *Wps = reinterpret_cast<EC_JACOBIAN *>( + OPENSSL_calloc(count, sizeof(EC_JACOBIAN))); + EC_JACOBIAN *Wsps = reinterpret_cast<EC_JACOBIAN *>( + OPENSSL_calloc(count, sizeof(EC_JACOBIAN))); + EC_SCALAR *es = + reinterpret_cast<EC_SCALAR *>(OPENSSL_calloc(count, sizeof(EC_SCALAR))); CBB batch_cbb; CBB_zero(&batch_cbb); - if (ret == NULL || - Tps == NULL || - Sps == NULL || - Wps == NULL || - Wsps == NULL || - es == NULL || - !CBB_init(&batch_cbb, 0) || + if (ret == NULL || Tps == NULL || Sps == NULL || Wps == NULL || + Wsps == NULL || es == NULL || !CBB_init(&batch_cbb, 0) || !point_to_cbb(&batch_cbb, method->group, &key->pubs) || !point_to_cbb(&batch_cbb, method->group, &key->pub0) || !point_to_cbb(&batch_cbb, method->group, &key->pub1)) { @@ -1018,8 +1012,7 @@ TRUST_TOKEN *token = TRUST_TOKEN_new(CBB_data(&token_cbb), CBB_len(&token_cbb)); CBB_cleanup(&token_cbb); - if (token == NULL || - !sk_TRUST_TOKEN_push(ret, token)) { + if (token == NULL || !sk_TRUST_TOKEN_push(ret, token)) { TRUST_TOKEN_free(token); goto err; } @@ -1163,8 +1156,7 @@ CBB cbb; uint8_t *buf = NULL; size_t len; - if (!CBB_init(&cbb, 0) || - !point_to_cbb(&cbb, group, t) || + if (!CBB_init(&cbb, 0) || !point_to_cbb(&cbb, group, t) || !CBB_add_bytes(&cbb, s, TRUST_TOKEN_NONCE_SIZE) || !CBB_finish(&cbb, &buf, &len) || !ec_hash_to_curve_p384_xmd_sha512_sswu_draft07( @@ -1336,8 +1328,7 @@ CBB cbb; uint8_t *buf = NULL; size_t len; - if (!CBB_init(&cbb, 0) || - !point_to_cbb(&cbb, group, t) || + if (!CBB_init(&cbb, 0) || !point_to_cbb(&cbb, group, t) || !CBB_add_bytes(&cbb, s, TRUST_TOKEN_NONCE_SIZE) || !CBB_finish(&cbb, &buf, &len) || !ec_hash_to_curve_p384_xmd_sha512_sswu_draft07( @@ -1383,8 +1374,7 @@ 0x1c, 0x2c, 0x72, 0x25, 0xf0, 0x4a, 0x45, 0x23, 0x2d, 0x57, 0x93, 0x0e, 0xb2, 0x55, 0xb8, 0x57, 0x25, 0x4c, 0x1e, 0xdb, 0xfd, 0x58, 0x70, 0x17, 0x9a, 0xbb, 0x9e, 0x5e, 0x93, 0x9e, 0x92, 0xd3, 0xe8, - 0x25, 0x62, 0xbf, 0x59, 0xb2, 0xd2, 0x3d, 0x71, 0xff - }; + 0x25, 0x62, 0xbf, 0x59, 0xb2, 0xd2, 0x3d, 0x71, 0xff}; pmbtoken_exp2_ok = pmbtoken_init_method( &pmbtoken_exp2_method, EC_group_p384(), kH, sizeof(kH), @@ -1510,12 +1500,11 @@ CBB cbb; uint8_t *buf = NULL; size_t len; - if (!CBB_init(&cbb, 0) || - !point_to_cbb(&cbb, group, t) || + if (!CBB_init(&cbb, 0) || !point_to_cbb(&cbb, group, t) || !CBB_add_bytes(&cbb, s, TRUST_TOKEN_NONCE_SIZE) || !CBB_finish(&cbb, &buf, &len) || - !ec_hash_to_curve_p384_xmd_sha384_sswu( - group, out, kHashSLabel, sizeof(kHashSLabel), buf, len)) { + !ec_hash_to_curve_p384_xmd_sha384_sswu(group, out, kHashSLabel, + sizeof(kHashSLabel), buf, len)) { goto err; } @@ -1530,15 +1519,15 @@ static int pmbtoken_pst1_hash_c(const EC_GROUP *group, EC_SCALAR *out, uint8_t *buf, size_t len) { const uint8_t kHashCLabel[] = "PMBTokens PST V1 HashC"; - return ec_hash_to_scalar_p384_xmd_sha384( - group, out, kHashCLabel, sizeof(kHashCLabel), buf, len); + return ec_hash_to_scalar_p384_xmd_sha384(group, out, kHashCLabel, + sizeof(kHashCLabel), buf, len); } static int pmbtoken_pst1_hash_to_scalar(const EC_GROUP *group, EC_SCALAR *out, uint8_t *buf, size_t len) { const uint8_t kHashLabel[] = "PMBTokens PST V1 HashToScalar"; - return ec_hash_to_scalar_p384_xmd_sha384( - group, out, kHashLabel, sizeof(kHashLabel), buf, len); + return ec_hash_to_scalar_p384_xmd_sha384(group, out, kHashLabel, + sizeof(kHashLabel), buf, len); } static int pmbtoken_pst1_ok = 0; @@ -1557,8 +1546,7 @@ 0xa2, 0x32, 0xf4, 0x22, 0x40, 0x07, 0x2d, 0x9b, 0x6f, 0xab, 0xff, 0x2a, 0x92, 0x03, 0xb1, 0x73, 0x09, 0x1a, 0x6a, 0x4a, 0xc2, 0x4c, 0xac, 0x13, 0x59, 0xf4, 0x28, 0x0e, 0x78, 0x69, 0xa5, 0xdf, 0x0d, - 0x74, 0xeb, 0x14, 0xca, 0x8a, 0x32, 0xbb, 0xd3, 0x91 - }; + 0x74, 0xeb, 0x14, 0xca, 0x8a, 0x32, 0xbb, 0xd3, 0x91}; pmbtoken_pst1_ok = pmbtoken_init_method( &pmbtoken_pst1_method, EC_group_p384(), kH, sizeof(kH),
diff --git a/crypto/trust_token/trust_token.c b/crypto/trust_token/trust_token.cc similarity index 94% rename from crypto/trust_token/trust_token.c rename to crypto/trust_token/trust_token.cc index 521e7ad..7426f5c 100644 --- a/crypto/trust_token/trust_token.c +++ b/crypto/trust_token/trust_token.cc
@@ -118,11 +118,12 @@ } TRUST_TOKEN *TRUST_TOKEN_new(const uint8_t *data, size_t len) { - TRUST_TOKEN *ret = OPENSSL_zalloc(sizeof(TRUST_TOKEN)); + TRUST_TOKEN *ret = + reinterpret_cast<TRUST_TOKEN *>(OPENSSL_zalloc(sizeof(TRUST_TOKEN))); if (ret == NULL) { return NULL; } - ret->data = OPENSSL_memdup(data, len); + ret->data = reinterpret_cast<uint8_t *>(OPENSSL_memdup(data, len)); if (len != 0 && ret->data == NULL) { OPENSSL_free(ret); return NULL; @@ -183,7 +184,7 @@ } if (!method->derive_key_from_secret(&priv_cbb, &pub_cbb, secret, - secret_len)) { + secret_len)) { return 0; } @@ -204,7 +205,8 @@ return NULL; } - TRUST_TOKEN_CLIENT *ret = OPENSSL_zalloc(sizeof(TRUST_TOKEN_CLIENT)); + TRUST_TOKEN_CLIENT *ret = reinterpret_cast<TRUST_TOKEN_CLIENT *>( + OPENSSL_zalloc(sizeof(TRUST_TOKEN_CLIENT))); if (ret == NULL) { return NULL; } @@ -266,8 +268,7 @@ int ret = 0; CBB request; STACK_OF(TRUST_TOKEN_PRETOKEN) *pretokens = NULL; - if (!CBB_init(&request, 0) || - !CBB_add_u16(&request, count)) { + if (!CBB_init(&request, 0) || !CBB_add_u16(&request, count)) { goto err; } @@ -306,17 +307,14 @@ } -STACK_OF(TRUST_TOKEN) * - TRUST_TOKEN_CLIENT_finish_issuance(TRUST_TOKEN_CLIENT *ctx, - size_t *out_key_index, - const uint8_t *response, - size_t response_len) { +STACK_OF(TRUST_TOKEN) *TRUST_TOKEN_CLIENT_finish_issuance( + TRUST_TOKEN_CLIENT *ctx, size_t *out_key_index, const uint8_t *response, + size_t response_len) { CBS in; CBS_init(&in, response, response_len); uint16_t count; uint32_t key_id; - if (!CBS_get_u16(&in, &count) || - !CBS_get_u32(&in, &key_id)) { + if (!CBS_get_u16(&in, &count) || !CBS_get_u32(&in, &key_id)) { OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); return NULL; } @@ -397,8 +395,7 @@ } if (!CBS_get_u16_length_prefixed(&in, &srr) || - !CBS_get_u16_length_prefixed(&in, &sig) || - CBS_len(&in) != 0) { + !CBS_get_u16_length_prefixed(&in, &sig) || CBS_len(&in) != 0) { OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_ERROR); return 0; } @@ -444,7 +441,8 @@ return NULL; } - TRUST_TOKEN_ISSUER *ret = OPENSSL_zalloc(sizeof(TRUST_TOKEN_ISSUER)); + TRUST_TOKEN_ISSUER *ret = reinterpret_cast<TRUST_TOKEN_ISSUER *>( + OPENSSL_zalloc(sizeof(TRUST_TOKEN_ISSUER))); if (ret == NULL) { return NULL; } @@ -500,7 +498,7 @@ } OPENSSL_free(ctx->metadata_key); ctx->metadata_key_len = 0; - ctx->metadata_key = OPENSSL_memdup(key, len); + ctx->metadata_key = reinterpret_cast<uint8_t *>(OPENSSL_memdup(key, len)); if (ctx->metadata_key == NULL) { return 0; } @@ -550,8 +548,7 @@ int ret = 0; CBB response; - if (!CBB_init(&response, 0) || - !CBB_add_u16(&response, num_to_issue) || + if (!CBB_init(&response, 0) || !CBB_add_u16(&response, num_to_issue) || !CBB_add_u32(&response, public_metadata)) { goto err; } @@ -620,11 +617,12 @@ uint8_t *client_data_buf = NULL; size_t client_data_len = 0; + TRUST_TOKEN *token; if (!CBS_stow(&client_data, &client_data_buf, &client_data_len)) { goto err; } - TRUST_TOKEN *token = TRUST_TOKEN_new(nonce, TRUST_TOKEN_NONCE_SIZE); + token = TRUST_TOKEN_new(nonce, TRUST_TOKEN_NONCE_SIZE); if (token == NULL) { goto err; }
diff --git a/crypto/trust_token/voprf.c b/crypto/trust_token/voprf.cc similarity index 82% rename from crypto/trust_token/voprf.c rename to crypto/trust_token/voprf.cc index 504deee..7ee70b7 100644 --- a/crypto/trust_token/voprf.c +++ b/crypto/trust_token/voprf.cc
@@ -209,8 +209,8 @@ for (size_t i = 0; i < count; i++) { // Insert |pretoken| into |pretokens| early to simplify error-handling. - TRUST_TOKEN_PRETOKEN *pretoken = - OPENSSL_malloc(sizeof(TRUST_TOKEN_PRETOKEN)); + TRUST_TOKEN_PRETOKEN *pretoken = reinterpret_cast<TRUST_TOKEN_PRETOKEN *>( + OPENSSL_malloc(sizeof(TRUST_TOKEN_PRETOKEN))); if (pretoken == NULL || !sk_TRUST_TOKEN_PRETOKEN_push(pretokens, pretoken)) { TRUST_TOKEN_PRETOKEN_free(pretoken); @@ -230,8 +230,7 @@ // We sample r in Montgomery form to simplify inverting. EC_SCALAR r; - if (!ec_random_nonzero_scalar(group, &r, - kDefaultAdditionalData)) { + if (!ec_random_nonzero_scalar(group, &r, kDefaultAdditionalData)) { goto err; } @@ -275,12 +274,9 @@ size_t len; if (!CBB_init(&cbb, 0) || !CBB_add_bytes(&cbb, kDLEQLabel, sizeof(kDLEQLabel)) || - !cbb_add_point(&cbb, group, X) || - !cbb_add_point(&cbb, group, T) || - !cbb_add_point(&cbb, group, W) || - !cbb_add_point(&cbb, group, K0) || - !cbb_add_point(&cbb, group, K1) || - !CBB_finish(&cbb, &buf, &len) || + !cbb_add_point(&cbb, group, X) || !cbb_add_point(&cbb, group, T) || + !cbb_add_point(&cbb, group, W) || !cbb_add_point(&cbb, group, K0) || + !cbb_add_point(&cbb, group, K1) || !CBB_finish(&cbb, &buf, &len) || !method->hash_to_scalar(group, out, buf, len)) { goto err; } @@ -335,8 +331,7 @@ if (!CBB_init(&cbb, 0) || !CBB_add_bytes(&cbb, kDLEQBatchLabel, sizeof(kDLEQBatchLabel)) || !CBB_add_bytes(&cbb, CBB_data(points), CBB_len(points)) || - !CBB_add_u16(&cbb, (uint16_t)index) || - !CBB_finish(&cbb, &buf, &len) || + !CBB_add_u16(&cbb, (uint16_t)index) || !CBB_finish(&cbb, &buf, &len) || !method->hash_to_scalar(method->group_func(), out, buf, len)) { goto err; } @@ -365,11 +360,11 @@ // Setup the DLEQ proof. EC_SCALAR r; - if (// r <- Zp + if ( // r <- Zp !ec_random_nonzero_scalar(group, &r, kDefaultAdditionalData) || // k0;k1 = r*(G;T) !ec_point_mul_scalar_base(group, &jacobians[idx_k0], &r) || - !ec_point_mul_scalar(group, &jacobians[idx_k1], T, &r)) { + !ec_point_mul_scalar(group, &jacobians[idx_k1], T, &r)) { return 0; } @@ -398,8 +393,7 @@ ec_scalar_add(group, &u, &r, &u); // Store DLEQ proof in transcript. - if (!scalar_to_cbb(cbb, group, &c) || - !scalar_to_cbb(cbb, group, &u)) { + if (!scalar_to_cbb(cbb, group, &c) || !scalar_to_cbb(cbb, group, &u)) { return 0; } @@ -432,8 +426,7 @@ // Decode the DLEQ proof. EC_SCALAR c, u; - if (!scalar_from_cbs(cbs, group, &c) || - !scalar_from_cbs(cbs, group, &u)) { + if (!scalar_from_cbs(cbs, group, &c) || !scalar_from_cbs(cbs, group, &u)) { OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); return 0; } @@ -484,80 +477,83 @@ } int ret = 0; - EC_JACOBIAN *BTs = OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN)); - EC_JACOBIAN *Zs = OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN)); - EC_SCALAR *es = OPENSSL_calloc(num_to_issue, sizeof(EC_SCALAR)); + EC_JACOBIAN *BTs = reinterpret_cast<EC_JACOBIAN *>( + OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN))); + EC_JACOBIAN *Zs = reinterpret_cast<EC_JACOBIAN *>( + OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN))); + EC_SCALAR *es = reinterpret_cast<EC_SCALAR *>( + OPENSSL_calloc(num_to_issue, sizeof(EC_SCALAR))); CBB batch_cbb; CBB_zero(&batch_cbb); - if (!BTs || - !Zs || - !es || - !CBB_init(&batch_cbb, 0) || - !cbb_add_point(&batch_cbb, group, &key->pubs)) { - goto err; - } - for (size_t i = 0; i < num_to_issue; i++) { - EC_AFFINE BT_affine, Z_affine; - EC_JACOBIAN BT, Z; - if (!cbs_get_point(cbs, group, &BT_affine)) { + { + if (!BTs || !Zs || !es || !CBB_init(&batch_cbb, 0) || + !cbb_add_point(&batch_cbb, group, &key->pubs)) { + goto err; + } + + for (size_t i = 0; i < num_to_issue; i++) { + EC_AFFINE BT_affine, Z_affine; + EC_JACOBIAN BT, Z; + if (!cbs_get_point(cbs, group, &BT_affine)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); + goto err; + } + ec_affine_to_jacobian(group, &BT, &BT_affine); + if (!ec_point_mul_scalar(group, &Z, &BT, &key->xs) || + !ec_jacobian_to_affine(group, &Z_affine, &Z) || + !cbb_add_point(cbb, group, &Z_affine)) { + goto err; + } + + if (!cbb_add_point(&batch_cbb, group, &BT_affine) || + !cbb_add_point(&batch_cbb, group, &Z_affine)) { + goto err; + } + BTs[i] = BT; + Zs[i] = Z; + + if (!CBB_flush(cbb)) { + goto err; + } + } + + // The DLEQ batching construction is described in appendix B of + // https://eprint.iacr.org/2020/072/20200324:214215. Note the additional + // computations all act on public inputs. + for (size_t i = 0; i < num_to_issue; i++) { + if (!hash_to_scalar_batch(method, &es[i], &batch_cbb, i)) { + goto err; + } + } + + EC_JACOBIAN BT_batch, Z_batch; + if (!ec_point_mul_scalar_public_batch(group, &BT_batch, + /*g_scalar=*/NULL, BTs, es, + num_to_issue) || + !ec_point_mul_scalar_public_batch(group, &Z_batch, + /*g_scalar=*/NULL, Zs, es, + num_to_issue)) { + goto err; + } + + CBB proof; + if (!CBB_add_u16_length_prefixed(cbb, &proof) || + !dleq_generate(method, &proof, key, &BT_batch, &Z_batch) || + !CBB_flush(cbb)) { + goto err; + } + + // Skip over any unused requests. + size_t point_len = ec_point_byte_len(group, POINT_CONVERSION_UNCOMPRESSED); + if (!CBS_skip(cbs, point_len * (num_requested - num_to_issue))) { OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); goto err; } - ec_affine_to_jacobian(group, &BT, &BT_affine); - if (!ec_point_mul_scalar(group, &Z, &BT, &key->xs) || - !ec_jacobian_to_affine(group, &Z_affine, &Z) || - !cbb_add_point(cbb, group, &Z_affine)) { - goto err; - } - if (!cbb_add_point(&batch_cbb, group, &BT_affine) || - !cbb_add_point(&batch_cbb, group, &Z_affine)) { - goto err; - } - BTs[i] = BT; - Zs[i] = Z; - - if (!CBB_flush(cbb)) { - goto err; - } + ret = 1; } - // The DLEQ batching construction is described in appendix B of - // https://eprint.iacr.org/2020/072/20200324:214215. Note the additional - // computations all act on public inputs. - for (size_t i = 0; i < num_to_issue; i++) { - if (!hash_to_scalar_batch(method, &es[i], &batch_cbb, i)) { - goto err; - } - } - - EC_JACOBIAN BT_batch, Z_batch; - if (!ec_point_mul_scalar_public_batch(group, &BT_batch, - /*g_scalar=*/NULL, BTs, es, - num_to_issue) || - !ec_point_mul_scalar_public_batch(group, &Z_batch, - /*g_scalar=*/NULL, Zs, es, - num_to_issue)) { - goto err; - } - - CBB proof; - if (!CBB_add_u16_length_prefixed(cbb, &proof) || - !dleq_generate(method, &proof, key, &BT_batch, &Z_batch) || - !CBB_flush(cbb)) { - goto err; - } - - // Skip over any unused requests. - size_t point_len = ec_point_byte_len(group, POINT_CONVERSION_UNCOMPRESSED); - if (!CBS_skip(cbs, point_len * (num_requested - num_to_issue))) { - OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); - goto err; - } - - ret = 1; - err: OPENSSL_free(BTs); OPENSSL_free(Zs); @@ -578,15 +574,15 @@ int ok = 0; STACK_OF(TRUST_TOKEN) *ret = sk_TRUST_TOKEN_new_null(); - EC_JACOBIAN *BTs = OPENSSL_calloc(count, sizeof(EC_JACOBIAN)); - EC_JACOBIAN *Zs = OPENSSL_calloc(count, sizeof(EC_JACOBIAN)); - EC_SCALAR *es = OPENSSL_calloc(count, sizeof(EC_SCALAR)); + EC_JACOBIAN *BTs = reinterpret_cast<EC_JACOBIAN *>( + OPENSSL_calloc(count, sizeof(EC_JACOBIAN))); + EC_JACOBIAN *Zs = reinterpret_cast<EC_JACOBIAN *>( + OPENSSL_calloc(count, sizeof(EC_JACOBIAN))); + EC_SCALAR *es = + reinterpret_cast<EC_SCALAR *>(OPENSSL_calloc(count, sizeof(EC_SCALAR))); CBB batch_cbb; CBB_zero(&batch_cbb); - if (ret == NULL || - BTs == NULL || - Zs == NULL || - es == NULL || + if (ret == NULL || BTs == NULL || Zs == NULL || es == NULL || !CBB_init(&batch_cbb, 0) || !cbb_add_point(&batch_cbb, group, &key->pubs)) { goto err; @@ -635,8 +631,7 @@ TRUST_TOKEN *token = TRUST_TOKEN_new(CBB_data(&token_cbb), CBB_len(&token_cbb)); CBB_cleanup(&token_cbb); - if (token == NULL || - !sk_TRUST_TOKEN_push(ret, token)) { + if (token == NULL || !sk_TRUST_TOKEN_push(ret, token)) { TRUST_TOKEN_free(token); goto err; } @@ -681,15 +676,17 @@ } static void sha384_update_u16(SHA512_CTX *ctx, uint16_t v) { - uint8_t buf[2] = {v >> 8, v & 0xff}; + uint8_t buf[2] = {static_cast<uint8_t>(v >> 8), + static_cast<uint8_t>(v & 0xff)}; SHA384_Update(ctx, buf, 2); } -static void sha384_update_point_with_length( - SHA512_CTX *ctx, const EC_GROUP *group, const EC_AFFINE *point) { +static void sha384_update_point_with_length(SHA512_CTX *ctx, + const EC_GROUP *group, + const EC_AFFINE *point) { uint8_t buf[EC_MAX_COMPRESSED]; - size_t len = ec_point_to_bytes(group, point, POINT_CONVERSION_COMPRESSED, - buf, sizeof(buf)); + size_t len = ec_point_to_bytes(group, point, POINT_CONVERSION_COMPRESSED, buf, + sizeof(buf)); assert(len > 0); sha384_update_u16(ctx, (uint16_t)len); SHA384_Update(ctx, buf, len); @@ -729,11 +726,9 @@ if (!CBB_init_fixed(&cbb, transcript, sizeof(transcript)) || !CBB_add_u16(&cbb, SHA384_DIGEST_LENGTH) || !CBB_add_bytes(&cbb, seed, SHA384_DIGEST_LENGTH) || - !CBB_add_u16(&cbb, index) || - !cbb_serialize_point(&cbb, group, C) || + !CBB_add_u16(&cbb, index) || !cbb_serialize_point(&cbb, group, C) || !cbb_serialize_point(&cbb, group, D) || - !CBB_add_bytes(&cbb, kCompositeLabel, - sizeof(kCompositeLabel) - 1) || + !CBB_add_bytes(&cbb, kCompositeLabel, sizeof(kCompositeLabel) - 1) || !CBB_finish(&cbb, NULL, &len) || !method->hash_to_scalar(group, di, transcript, len)) { return 0; @@ -786,8 +781,7 @@ ec_scalar_sub(group, &s, r, &s); // Store DLEQ proof in transcript. - if (!scalar_to_cbb(cbb, group, &c) || - !scalar_to_cbb(cbb, group, &s)) { + if (!scalar_to_cbb(cbb, group, &c) || !scalar_to_cbb(cbb, group, &s)) { return 0; } @@ -795,8 +789,8 @@ } static int verify_proof(const VOPRF_METHOD *method, CBS *cbs, - const TRUST_TOKEN_CLIENT_KEY *pub, - const EC_JACOBIAN *M, const EC_JACOBIAN *Z) { + const TRUST_TOKEN_CLIENT_KEY *pub, const EC_JACOBIAN *M, + const EC_JACOBIAN *Z) { const EC_GROUP *group = method->group_func(); enum { @@ -809,16 +803,14 @@ EC_JACOBIAN jacobians[num_idx]; EC_SCALAR c, s; - if (!scalar_from_cbs(cbs, group, &c) || - !scalar_from_cbs(cbs, group, &s)) { + if (!scalar_from_cbs(cbs, group, &c) || !scalar_from_cbs(cbs, group, &s)) { OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); return 0; } EC_JACOBIAN pubs; ec_affine_to_jacobian(group, &pubs, &pub->pubs); - if (!ec_point_mul_scalar_public(group, &jacobians[idx_t2], &s, &pubs, - &c) || + if (!ec_point_mul_scalar_public(group, &jacobians[idx_t2], &s, &pubs, &c) || !mul_public_2(group, &jacobians[idx_t3], M, &s, Z, &c)) { return 0; } @@ -857,72 +849,78 @@ } int ret = 0; - EC_JACOBIAN *BTs = OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN)); - EC_JACOBIAN *Zs = OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN)); - EC_SCALAR *dis = OPENSSL_calloc(num_to_issue, sizeof(EC_SCALAR)); - if (!BTs || !Zs || !dis) { - goto err; - } + EC_JACOBIAN *BTs = reinterpret_cast<EC_JACOBIAN *>( + OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN))); + EC_JACOBIAN *Zs = reinterpret_cast<EC_JACOBIAN *>( + OPENSSL_calloc(num_to_issue, sizeof(EC_JACOBIAN))); + EC_SCALAR *dis = reinterpret_cast<EC_SCALAR *>( + OPENSSL_calloc(num_to_issue, sizeof(EC_SCALAR))); - uint8_t seed[SHA384_DIGEST_LENGTH]; - if (!compute_composite_seed(method, seed, &key->pubs)) { - goto err; - } + { + if (!BTs || !Zs || !dis) { + goto err; + } - // This implements the BlindEvaluateBatch as defined in section 4 of - // draft-robert-privacypass-batched-tokens-01, based on the constructions - // in draft-irtf-cfrg-voprf-21. To optimize the computation of the proof, - // the computation of di is done during the token signing and passed into - // the proof generation. - for (size_t i = 0; i < num_to_issue; i++) { - EC_AFFINE BT_affine, Z_affine; - EC_JACOBIAN BT, Z; - if (!cbs_get_point(cbs, group, &BT_affine)) { + uint8_t seed[SHA384_DIGEST_LENGTH]; + if (!compute_composite_seed(method, seed, &key->pubs)) { + goto err; + } + + // This implements the BlindEvaluateBatch as defined in section 4 of + // draft-robert-privacypass-batched-tokens-01, based on the constructions + // in draft-irtf-cfrg-voprf-21. To optimize the computation of the proof, + // the computation of di is done during the token signing and passed into + // the proof generation. + for (size_t i = 0; i < num_to_issue; i++) { + EC_AFFINE BT_affine, Z_affine; + EC_JACOBIAN BT, Z; + if (!cbs_get_point(cbs, group, &BT_affine)) { + OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); + goto err; + } + ec_affine_to_jacobian(group, &BT, &BT_affine); + if (!ec_point_mul_scalar(group, &Z, &BT, &key->xs) || + !ec_jacobian_to_affine(group, &Z_affine, &Z) || + !cbb_add_point(cbb, group, &Z_affine)) { + goto err; + } + BTs[i] = BT; + Zs[i] = Z; + if (!compute_composite_element(method, seed, &dis[i], i, &BT_affine, + &Z_affine)) { + goto err; + } + + if (!CBB_flush(cbb)) { + goto err; + } + } + + EC_JACOBIAN M, Z; + if (!ec_point_mul_scalar_public_batch(group, &M, + /*g_scalar=*/NULL, BTs, dis, + num_to_issue) || + !ec_point_mul_scalar(group, &Z, &M, &key->xs)) { + goto err; + } + + CBB proof; + if (!CBB_add_u16_length_prefixed(cbb, &proof) || + !generate_proof(method, &proof, key, proof_scalar, &M, &Z) || + !CBB_flush(cbb)) { + goto err; + } + + // Skip over any unused requests. + size_t point_len = ec_point_byte_len(group, POINT_CONVERSION_UNCOMPRESSED); + if (!CBS_skip(cbs, point_len * (num_requested - num_to_issue))) { OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); goto err; } - ec_affine_to_jacobian(group, &BT, &BT_affine); - if (!ec_point_mul_scalar(group, &Z, &BT, &key->xs) || - !ec_jacobian_to_affine(group, &Z_affine, &Z) || - !cbb_add_point(cbb, group, &Z_affine)) { - goto err; - } - BTs[i] = BT; - Zs[i] = Z; - if (!compute_composite_element(method, seed, &dis[i], i, &BT_affine, - &Z_affine)) { - goto err; - } - if (!CBB_flush(cbb)) { - goto err; - } + ret = 1; } - EC_JACOBIAN M, Z; - if (!ec_point_mul_scalar_public_batch(group, &M, - /*g_scalar=*/NULL, BTs, dis, - num_to_issue) || - !ec_point_mul_scalar(group, &Z, &M, &key->xs)) { - goto err; - } - - CBB proof; - if (!CBB_add_u16_length_prefixed(cbb, &proof) || - !generate_proof(method, &proof, key, proof_scalar, &M, &Z) || - !CBB_flush(cbb)) { - goto err; - } - - // Skip over any unused requests. - size_t point_len = ec_point_byte_len(group, POINT_CONVERSION_UNCOMPRESSED); - if (!CBS_skip(cbs, point_len * (num_requested - num_to_issue))) { - OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_DECODE_FAILURE); - goto err; - } - - ret = 1; - err: OPENSSL_free(BTs); OPENSSL_free(Zs); @@ -968,9 +966,12 @@ int ok = 0; STACK_OF(TRUST_TOKEN) *ret = sk_TRUST_TOKEN_new_null(); - EC_JACOBIAN *BTs = OPENSSL_calloc(count, sizeof(EC_JACOBIAN)); - EC_JACOBIAN *Zs = OPENSSL_calloc(count, sizeof(EC_JACOBIAN)); - EC_SCALAR *dis = OPENSSL_calloc(count, sizeof(EC_SCALAR)); + EC_JACOBIAN *BTs = reinterpret_cast<EC_JACOBIAN *>( + OPENSSL_calloc(count, sizeof(EC_JACOBIAN))); + EC_JACOBIAN *Zs = reinterpret_cast<EC_JACOBIAN *>( + OPENSSL_calloc(count, sizeof(EC_JACOBIAN))); + EC_SCALAR *dis = + reinterpret_cast<EC_SCALAR *>(OPENSSL_calloc(count, sizeof(EC_SCALAR))); if (ret == NULL || !BTs || !Zs || !dis) { goto err; } @@ -1022,8 +1023,7 @@ TRUST_TOKEN *token = TRUST_TOKEN_new(CBB_data(&token_cbb), CBB_len(&token_cbb)); CBB_cleanup(&token_cbb); - if (token == NULL || - !sk_TRUST_TOKEN_push(ret, token)) { + if (token == NULL || !sk_TRUST_TOKEN_push(ret, token)) { TRUST_TOKEN_free(token); goto err; } @@ -1031,18 +1031,15 @@ EC_JACOBIAN M, Z; if (!ec_point_mul_scalar_public_batch(group, &M, - /*g_scalar=*/NULL, BTs, dis, - count) || + /*g_scalar=*/NULL, BTs, dis, count) || !ec_point_mul_scalar_public_batch(group, &Z, - /*g_scalar=*/NULL, Zs, dis, - count)) { + /*g_scalar=*/NULL, Zs, dis, count)) { goto err; } CBS proof; if (!CBS_get_u16_length_prefixed(cbs, &proof) || - !verify_proof(method, &proof, key, &M, &Z) || - CBS_len(&proof) != 0) { + !verify_proof(method, &proof, key, &M, &Z) || CBS_len(&proof) != 0) { goto err; } @@ -1069,8 +1066,7 @@ CBS_init(&cbs, token, token_len); EC_AFFINE Ws; if (!CBS_get_bytes(&cbs, &salt, TRUST_TOKEN_NONCE_SIZE) || - !cbs_get_point(&cbs, group, &Ws) || - CBS_len(&cbs) != 0) { + !cbs_get_point(&cbs, group, &Ws) || CBS_len(&cbs) != 0) { OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_INVALID_TOKEN); return 0; } @@ -1113,7 +1109,7 @@ } static int voprf_exp2_hash_to_scalar(const EC_GROUP *group, EC_SCALAR *out, - uint8_t *buf, size_t len) { + uint8_t *buf, size_t len) { const uint8_t kHashCLabel[] = "TrustToken VOPRF Experiment V2 HashToScalar"; return ec_hash_to_scalar_p384_xmd_sha512_draft07( group, out, kHashCLabel, sizeof(kHashCLabel), buf, len); @@ -1189,7 +1185,7 @@ } static int voprf_pst1_hash_to_scalar(const EC_GROUP *group, EC_SCALAR *out, - uint8_t *buf, size_t len) { + uint8_t *buf, size_t len) { const uint8_t kHashCLabel[] = "HashToScalar-OPRFV1-\x01-P384-SHA384"; return ec_hash_to_scalar_p384_xmd_sha384(group, out, kHashCLabel, sizeof(kHashCLabel) - 1, buf, len);
diff --git a/crypto/x509/a_digest.c b/crypto/x509/a_digest.cc similarity index 97% rename from crypto/x509/a_digest.c rename to crypto/x509/a_digest.cc index 4686993..cec7da8 100644 --- a/crypto/x509/a_digest.c +++ b/crypto/x509/a_digest.cc
@@ -83,7 +83,7 @@ int i, ret; unsigned char *str = NULL; - i = ASN1_item_i2d(asn, &str, it); + i = ASN1_item_i2d(reinterpret_cast<ASN1_VALUE *>(asn), &str, it); if (!str) { return 0; }
diff --git a/crypto/x509/a_sign.c b/crypto/x509/a_sign.cc similarity index 78% rename from crypto/x509/a_sign.c rename to crypto/x509/a_sign.cc index 7f80e5b..55753b8 100644 --- a/crypto/x509/a_sign.c +++ b/crypto/x509/a_sign.cc
@@ -87,46 +87,49 @@ void *asn, EVP_MD_CTX *ctx) { int ret = 0; uint8_t *in = NULL, *out = NULL; - if (signature->type != V_ASN1_BIT_STRING) { - OPENSSL_PUT_ERROR(ASN1, ASN1_R_WRONG_TYPE); - goto err; - } - // Write out the requested copies of the AlgorithmIdentifier. - if (algor1 && !x509_digest_sign_algorithm(ctx, algor1)) { - goto err; - } - if (algor2 && !x509_digest_sign_algorithm(ctx, algor2)) { - goto err; - } + { + if (signature->type != V_ASN1_BIT_STRING) { + OPENSSL_PUT_ERROR(ASN1, ASN1_R_WRONG_TYPE); + goto err; + } - int in_len = ASN1_item_i2d(asn, &in, it); - if (in_len < 0) { - goto err; - } + // Write out the requested copies of the AlgorithmIdentifier. + if (algor1 && !x509_digest_sign_algorithm(ctx, algor1)) { + goto err; + } + if (algor2 && !x509_digest_sign_algorithm(ctx, algor2)) { + goto err; + } - EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx); - size_t out_len = EVP_PKEY_size(pkey); - if (out_len > INT_MAX) { - OPENSSL_PUT_ERROR(X509, ERR_R_OVERFLOW); - goto err; - } + int in_len = ASN1_item_i2d(reinterpret_cast<ASN1_VALUE *>(asn), &in, it); + if (in_len < 0) { + goto err; + } - out = OPENSSL_malloc(out_len); - if (out == NULL) { - goto err; - } + EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx); + size_t out_len = EVP_PKEY_size(pkey); + if (out_len > INT_MAX) { + OPENSSL_PUT_ERROR(X509, ERR_R_OVERFLOW); + goto err; + } - if (!EVP_DigestSign(ctx, out, &out_len, in, in_len)) { - OPENSSL_PUT_ERROR(X509, ERR_R_EVP_LIB); - goto err; - } + out = reinterpret_cast<uint8_t *>(OPENSSL_malloc(out_len)); + if (out == NULL) { + goto err; + } - ASN1_STRING_set0(signature, out, (int)out_len); - out = NULL; - signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); - signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; - ret = (int)out_len; + if (!EVP_DigestSign(ctx, out, &out_len, in, in_len)) { + OPENSSL_PUT_ERROR(X509, ERR_R_EVP_LIB); + goto err; + } + + ASN1_STRING_set0(signature, out, (int)out_len); + out = NULL; + signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); + signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; + ret = (int)out_len; + } err: EVP_MD_CTX_cleanup(ctx);
diff --git a/crypto/x509/a_verify.c b/crypto/x509/a_verify.cc similarity index 97% rename from crypto/x509/a_verify.c rename to crypto/x509/a_verify.cc index a70769f..52716717 100644 --- a/crypto/x509/a_verify.c +++ b/crypto/x509/a_verify.cc
@@ -95,7 +95,7 @@ goto err; } - inl = ASN1_item_i2d(asn, &buf_in, it); + inl = ASN1_item_i2d(reinterpret_cast<ASN1_VALUE *>(asn), &buf_in, it); if (buf_in == NULL) { goto err;
diff --git a/crypto/x509/algorithm.c b/crypto/x509/algorithm.cc similarity index 100% rename from crypto/x509/algorithm.c rename to crypto/x509/algorithm.cc
diff --git a/crypto/x509/asn1_gen.c b/crypto/x509/asn1_gen.cc similarity index 97% rename from crypto/x509/asn1_gen.c rename to crypto/x509/asn1_gen.cc index 73a5cc3..897d383 100644 --- a/crypto/x509/asn1_gen.c +++ b/crypto/x509/asn1_gen.cc
@@ -133,8 +133,7 @@ static CBS_ASN1_TAG parse_tag(const CBS *cbs) { CBS copy = *cbs; uint64_t num; - if (!CBS_get_u64_decimal(©, &num) || - num > CBS_ASN1_TAG_NUMBER_MASK) { + if (!CBS_get_u64_decimal(©, &num) || num > CBS_ASN1_TAG_NUMBER_MASK) { OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_NUMBER); return 0; } @@ -400,8 +399,7 @@ uint8_t *out; int ok = len > 0 && // CBB_add_space(&child, &out, len) && - i2c_ASN1_INTEGER(obj, &out) == len && - CBB_flush(cbb); + i2c_ASN1_INTEGER(obj, &out) == len && CBB_flush(cbb); ASN1_INTEGER_free(obj); return ok; } @@ -428,7 +426,7 @@ return 0; } CBS value_cbs; - CBS_init(&value_cbs, (const uint8_t*)value, strlen(value)); + CBS_init(&value_cbs, (const uint8_t *)value, strlen(value)); int ok = type == CBS_ASN1_UTCTIME ? CBS_parse_utc_time(&value_cbs, NULL, /*allow_timezone_offset=*/0) @@ -578,7 +576,8 @@ OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_NUMBER); return 0; } - if (!ASN1_BIT_STRING_set_bit(bitstr, (int)bitnum, 1)) { + if (!ASN1_BIT_STRING_set_bit(reinterpret_cast<ASN1_BIT_STRING *>(bitstr), + (int)bitnum, 1)) { return 0; } return 1;
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.cc similarity index 96% rename from crypto/x509/by_dir.c rename to crypto/x509/by_dir.cc index 5829de4..a1719b6 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.cc
@@ -108,7 +108,7 @@ int ret = 0; char *dir = NULL; - BY_DIR *ld = ctx->method_data; + BY_DIR *ld = reinterpret_cast<BY_DIR *>(ctx->method_data); switch (cmd) { case X509_L_ADD_DIR: @@ -165,7 +165,7 @@ } static void free_dir(X509_LOOKUP *lu) { - BY_DIR *a = lu->method_data; + BY_DIR *a = reinterpret_cast<BY_DIR *>(lu->method_data); if (a != NULL) { sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free); OPENSSL_free(a); @@ -213,7 +213,8 @@ return 0; } } - ent = OPENSSL_malloc(sizeof(BY_DIR_ENTRY)); + ent = reinterpret_cast<BY_DIR_ENTRY *>( + OPENSSL_malloc(sizeof(BY_DIR_ENTRY))); if (!ent) { return 0; } @@ -258,6 +259,7 @@ } stmp.type = type; + BY_DIR *ctx = reinterpret_cast<BY_DIR *>(xl->method_data); if (type == X509_LU_X509) { data.x509.st_x509.cert_info = &data.x509.st_x509_cinf; data.x509.st_x509_cinf.subject = name; @@ -278,8 +280,6 @@ goto finish; } - BY_DIR *ctx = xl->method_data; - hash_array[0] = X509_NAME_hash(name); hash_array[1] = X509_NAME_hash_old(name); for (hash_index = 0; hash_index < 2; ++hash_index) { @@ -353,7 +353,8 @@ } } if (!hent) { - hent = OPENSSL_malloc(sizeof(BY_DIR_HASH)); + hent = reinterpret_cast<BY_DIR_HASH *>( + OPENSSL_malloc(sizeof(BY_DIR_HASH))); if (hent == NULL) { CRYPTO_MUTEX_unlock_write(&ent->lock); ok = 0;
diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.cc similarity index 100% rename from crypto/x509/by_file.c rename to crypto/x509/by_file.cc
diff --git a/crypto/x509/i2d_pr.c b/crypto/x509/i2d_pr.cc similarity index 100% rename from crypto/x509/i2d_pr.c rename to crypto/x509/i2d_pr.cc
diff --git a/crypto/x509/name_print.c b/crypto/x509/name_print.cc similarity index 100% rename from crypto/x509/name_print.c rename to crypto/x509/name_print.cc
diff --git a/crypto/x509/policy.c b/crypto/x509/policy.cc similarity index 75% rename from crypto/x509/policy.c rename to crypto/x509/policy.cc index 066e8cc..71d036f 100644 --- a/crypto/x509/policy.c +++ b/crypto/x509/policy.cc
@@ -105,7 +105,8 @@ static X509_POLICY_NODE *x509_policy_node_new(const ASN1_OBJECT *policy) { assert(!is_any_policy(policy)); - X509_POLICY_NODE *node = OPENSSL_zalloc(sizeof(X509_POLICY_NODE)); + X509_POLICY_NODE *node = reinterpret_cast<X509_POLICY_NODE *>( + OPENSSL_zalloc(sizeof(X509_POLICY_NODE))); if (node == NULL) { return NULL; } @@ -131,7 +132,8 @@ } static X509_POLICY_LEVEL *x509_policy_level_new(void) { - X509_POLICY_LEVEL *level = OPENSSL_zalloc(sizeof(X509_POLICY_LEVEL)); + X509_POLICY_LEVEL *level = reinterpret_cast<X509_POLICY_LEVEL *>( + OPENSSL_zalloc(sizeof(X509_POLICY_LEVEL))); if (level == NULL) { return NULL; } @@ -203,7 +205,8 @@ } static int delete_if_not_in_policies(X509_POLICY_NODE *node, void *data) { - const CERTIFICATEPOLICIES *policies = data; + const CERTIFICATEPOLICIES *policies = + reinterpret_cast<CERTIFICATEPOLICIES *>(data); assert(sk_POLICYINFO_is_sorted(policies)); POLICYINFO info; info.policyid = node->policy; @@ -227,81 +230,86 @@ int ret = 0; int critical; STACK_OF(X509_POLICY_NODE) *new_nodes = NULL; - CERTIFICATEPOLICIES *policies = - X509_get_ext_d2i(x509, NID_certificate_policies, &critical, NULL); - if (policies == NULL) { - if (critical != -1) { - return 0; // Syntax error in the extension. + CERTIFICATEPOLICIES *policies = reinterpret_cast<CERTIFICATEPOLICIES *>( + X509_get_ext_d2i(x509, NID_certificate_policies, &critical, NULL)); + + { + if (policies == NULL) { + if (critical != -1) { + return 0; // Syntax error in the extension. + } + + // RFC 5280, section 6.1.3, step (e). + x509_policy_level_clear(level); + return 1; } - // RFC 5280, section 6.1.3, step (e). - x509_policy_level_clear(level); - return 1; - } - - // certificatePolicies may not be empty. See RFC 5280, section 4.2.1.4. - // TODO(https://crbug.com/boringssl/443): Move this check into the parser. - if (sk_POLICYINFO_num(policies) == 0) { - OPENSSL_PUT_ERROR(X509, X509_R_INVALID_POLICY_EXTENSION); - goto err; - } - - sk_POLICYINFO_set_cmp_func(policies, policyinfo_cmp); - sk_POLICYINFO_sort(policies); - int cert_has_any_policy = 0; - for (size_t i = 0; i < sk_POLICYINFO_num(policies); i++) { - const POLICYINFO *policy = sk_POLICYINFO_value(policies, i); - if (is_any_policy(policy->policyid)) { - cert_has_any_policy = 1; - } - if (i > 0 && OBJ_cmp(sk_POLICYINFO_value(policies, i - 1)->policyid, - policy->policyid) == 0) { - // Per RFC 5280, section 4.2.1.4, |policies| may not have duplicates. + // certificatePolicies may not be empty. See RFC 5280, section 4.2.1.4. + // TODO(https://crbug.com/boringssl/443): Move this check into the parser. + if (sk_POLICYINFO_num(policies) == 0) { OPENSSL_PUT_ERROR(X509, X509_R_INVALID_POLICY_EXTENSION); goto err; } - } - // This does the same thing as RFC 5280, section 6.1.3, step (d), though in - // a slighty different order. |level| currently contains "expected_policy_set" - // values of the previous level. See |process_policy_mappings| for details. - const int previous_level_has_any_policy = level->has_any_policy; - - // First, we handle steps (d.1.i) and (d.2). The net effect of these two steps - // is to intersect |level| with |policies|, ignoring anyPolicy if it is - // inhibited. - if (!cert_has_any_policy || !any_policy_allowed) { - sk_X509_POLICY_NODE_delete_if(level->nodes, delete_if_not_in_policies, - policies); - level->has_any_policy = 0; - } - - // Step (d.1.ii) may attach new nodes to the previous level's anyPolicy node. - if (previous_level_has_any_policy) { - new_nodes = sk_X509_POLICY_NODE_new_null(); - if (new_nodes == NULL) { - goto err; - } + sk_POLICYINFO_set_cmp_func(policies, policyinfo_cmp); + sk_POLICYINFO_sort(policies); + int cert_has_any_policy = 0; for (size_t i = 0; i < sk_POLICYINFO_num(policies); i++) { const POLICYINFO *policy = sk_POLICYINFO_value(policies, i); - // Though we've reordered the steps slightly, |policy| is in |level| if - // and only if it would have been a match in step (d.1.ii). - if (!is_any_policy(policy->policyid) && - x509_policy_level_find(level, policy->policyid) == NULL) { - X509_POLICY_NODE *node = x509_policy_node_new(policy->policyid); - if (node == NULL || // - !sk_X509_POLICY_NODE_push(new_nodes, node)) { - x509_policy_node_free(node); - goto err; - } + if (is_any_policy(policy->policyid)) { + cert_has_any_policy = 1; + } + if (i > 0 && OBJ_cmp(sk_POLICYINFO_value(policies, i - 1)->policyid, + policy->policyid) == 0) { + // Per RFC 5280, section 4.2.1.4, |policies| may not have duplicates. + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_POLICY_EXTENSION); + goto err; } } - if (!x509_policy_level_add_nodes(level, new_nodes)) { - goto err; - } - } - ret = 1; + // This does the same thing as RFC 5280, section 6.1.3, step (d), though in + // a slighty different order. |level| currently contains + // "expected_policy_set" values of the previous level. See + // |process_policy_mappings| for details. + const int previous_level_has_any_policy = level->has_any_policy; + + // First, we handle steps (d.1.i) and (d.2). The net effect of these two + // steps is to intersect |level| with |policies|, ignoring anyPolicy if it + // is inhibited. + if (!cert_has_any_policy || !any_policy_allowed) { + sk_X509_POLICY_NODE_delete_if(level->nodes, delete_if_not_in_policies, + policies); + level->has_any_policy = 0; + } + + // Step (d.1.ii) may attach new nodes to the previous level's anyPolicy + // node. + if (previous_level_has_any_policy) { + new_nodes = sk_X509_POLICY_NODE_new_null(); + if (new_nodes == NULL) { + goto err; + } + for (size_t i = 0; i < sk_POLICYINFO_num(policies); i++) { + const POLICYINFO *policy = sk_POLICYINFO_value(policies, i); + // Though we've reordered the steps slightly, |policy| is in |level| if + // and only if it would have been a match in step (d.1.ii). + if (!is_any_policy(policy->policyid) && + x509_policy_level_find(level, policy->policyid) == NULL) { + X509_POLICY_NODE *node = x509_policy_node_new(policy->policyid); + if (node == NULL || // + !sk_X509_POLICY_NODE_push(new_nodes, node)) { + x509_policy_node_free(node); + goto err; + } + } + } + if (!x509_policy_level_add_nodes(level, new_nodes)) { + goto err; + } + } + + ret = 1; + } err: sk_X509_POLICY_NODE_pop_free(new_nodes, x509_policy_node_free); @@ -320,7 +328,7 @@ } static int delete_if_mapped(X509_POLICY_NODE *node, void *data) { - const POLICY_MAPPINGS *mappings = data; + const POLICY_MAPPINGS *mappings = reinterpret_cast<POLICY_MAPPINGS *>(data); // |mappings| must have been sorted by |compare_issuer_policy|. assert(sk_POLICY_MAPPING_is_sorted(mappings)); POLICY_MAPPING mapping; @@ -355,144 +363,147 @@ STACK_OF(X509_POLICY_NODE) *new_nodes = NULL; X509_POLICY_LEVEL *next = NULL; int critical; - POLICY_MAPPINGS *mappings = - X509_get_ext_d2i(cert, NID_policy_mappings, &critical, NULL); - if (mappings == NULL && critical != -1) { - // Syntax error in the policy mappings extension. - goto err; - } + POLICY_MAPPINGS *mappings = reinterpret_cast<POLICY_MAPPINGS *>( + X509_get_ext_d2i(cert, NID_policy_mappings, &critical, NULL)); - if (mappings != NULL) { - // PolicyMappings may not be empty. See RFC 5280, section 4.2.1.5. - // TODO(https://crbug.com/boringssl/443): Move this check into the parser. - if (sk_POLICY_MAPPING_num(mappings) == 0) { - OPENSSL_PUT_ERROR(X509, X509_R_INVALID_POLICY_EXTENSION); + { + if (mappings == NULL && critical != -1) { + // Syntax error in the policy mappings extension. goto err; } - // RFC 5280, section 6.1.4, step (a). - for (size_t i = 0; i < sk_POLICY_MAPPING_num(mappings); i++) { - POLICY_MAPPING *mapping = sk_POLICY_MAPPING_value(mappings, i); - if (is_any_policy(mapping->issuerDomainPolicy) || - is_any_policy(mapping->subjectDomainPolicy)) { + if (mappings != NULL) { + // PolicyMappings may not be empty. See RFC 5280, section 4.2.1.5. + // TODO(https://crbug.com/boringssl/443): Move this check into the parser. + if (sk_POLICY_MAPPING_num(mappings) == 0) { + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_POLICY_EXTENSION); goto err; } - } - // Sort to group by issuerDomainPolicy. - sk_POLICY_MAPPING_set_cmp_func(mappings, compare_issuer_policy); - sk_POLICY_MAPPING_sort(mappings); - - if (mapping_allowed) { - // Mark nodes as mapped, and add any nodes to |level| which may be needed - // as part of RFC 5280, section 6.1.4, step (b.1). - new_nodes = sk_X509_POLICY_NODE_new_null(); - if (new_nodes == NULL) { - goto err; - } - const ASN1_OBJECT *last_policy = NULL; + // RFC 5280, section 6.1.4, step (a). for (size_t i = 0; i < sk_POLICY_MAPPING_num(mappings); i++) { - const POLICY_MAPPING *mapping = sk_POLICY_MAPPING_value(mappings, i); - // There may be multiple mappings with the same |issuerDomainPolicy|. - if (last_policy != NULL && - OBJ_cmp(mapping->issuerDomainPolicy, last_policy) == 0) { - continue; + POLICY_MAPPING *mapping = sk_POLICY_MAPPING_value(mappings, i); + if (is_any_policy(mapping->issuerDomainPolicy) || + is_any_policy(mapping->subjectDomainPolicy)) { + goto err; } - last_policy = mapping->issuerDomainPolicy; + } - X509_POLICY_NODE *node = - x509_policy_level_find(level, mapping->issuerDomainPolicy); - if (node == NULL) { - if (!level->has_any_policy) { + // Sort to group by issuerDomainPolicy. + sk_POLICY_MAPPING_set_cmp_func(mappings, compare_issuer_policy); + sk_POLICY_MAPPING_sort(mappings); + + if (mapping_allowed) { + // Mark nodes as mapped, and add any nodes to |level| which may be + // needed as part of RFC 5280, section 6.1.4, step (b.1). + new_nodes = sk_X509_POLICY_NODE_new_null(); + if (new_nodes == NULL) { + goto err; + } + const ASN1_OBJECT *last_policy = NULL; + for (size_t i = 0; i < sk_POLICY_MAPPING_num(mappings); i++) { + const POLICY_MAPPING *mapping = sk_POLICY_MAPPING_value(mappings, i); + // There may be multiple mappings with the same |issuerDomainPolicy|. + if (last_policy != NULL && + OBJ_cmp(mapping->issuerDomainPolicy, last_policy) == 0) { continue; } - node = x509_policy_node_new(mapping->issuerDomainPolicy); - if (node == NULL || // - !sk_X509_POLICY_NODE_push(new_nodes, node)) { - x509_policy_node_free(node); - goto err; + last_policy = mapping->issuerDomainPolicy; + + X509_POLICY_NODE *node = + x509_policy_level_find(level, mapping->issuerDomainPolicy); + if (node == NULL) { + if (!level->has_any_policy) { + continue; + } + node = x509_policy_node_new(mapping->issuerDomainPolicy); + if (node == NULL || // + !sk_X509_POLICY_NODE_push(new_nodes, node)) { + x509_policy_node_free(node); + goto err; + } } + node->mapped = 1; } - node->mapped = 1; + if (!x509_policy_level_add_nodes(level, new_nodes)) { + goto err; + } + } else { + // RFC 5280, section 6.1.4, step (b.2). If mapping is inhibited, delete + // all mapped nodes. + sk_X509_POLICY_NODE_delete_if(level->nodes, delete_if_mapped, mappings); + sk_POLICY_MAPPING_pop_free(mappings, POLICY_MAPPING_free); + mappings = NULL; } - if (!x509_policy_level_add_nodes(level, new_nodes)) { - goto err; - } - } else { - // RFC 5280, section 6.1.4, step (b.2). If mapping is inhibited, delete - // all mapped nodes. - sk_X509_POLICY_NODE_delete_if(level->nodes, delete_if_mapped, mappings); - sk_POLICY_MAPPING_pop_free(mappings, POLICY_MAPPING_free); - mappings = NULL; } - } - // If a node was not mapped, it retains the original "explicit_policy_set" - // value, itself. Add those to |mappings|. - if (mappings == NULL) { - mappings = sk_POLICY_MAPPING_new_null(); + // If a node was not mapped, it retains the original "explicit_policy_set" + // value, itself. Add those to |mappings|. if (mappings == NULL) { + mappings = sk_POLICY_MAPPING_new_null(); + if (mappings == NULL) { + goto err; + } + } + for (size_t i = 0; i < sk_X509_POLICY_NODE_num(level->nodes); i++) { + X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(level->nodes, i); + if (!node->mapped) { + POLICY_MAPPING *mapping = POLICY_MAPPING_new(); + if (mapping == NULL) { + goto err; + } + mapping->issuerDomainPolicy = OBJ_dup(node->policy); + mapping->subjectDomainPolicy = OBJ_dup(node->policy); + if (mapping->issuerDomainPolicy == NULL || + mapping->subjectDomainPolicy == NULL || + !sk_POLICY_MAPPING_push(mappings, mapping)) { + POLICY_MAPPING_free(mapping); + goto err; + } + } + } + + // Sort to group by subjectDomainPolicy. + sk_POLICY_MAPPING_set_cmp_func(mappings, compare_subject_policy); + sk_POLICY_MAPPING_sort(mappings); + + // Convert |mappings| to our "expected_policy_set" representation. + next = x509_policy_level_new(); + if (next == NULL) { goto err; } - } - for (size_t i = 0; i < sk_X509_POLICY_NODE_num(level->nodes); i++) { - X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(level->nodes, i); - if (!node->mapped) { - POLICY_MAPPING *mapping = POLICY_MAPPING_new(); - if (mapping == NULL) { - goto err; + next->has_any_policy = level->has_any_policy; + + X509_POLICY_NODE *last_node = NULL; + for (size_t i = 0; i < sk_POLICY_MAPPING_num(mappings); i++) { + POLICY_MAPPING *mapping = sk_POLICY_MAPPING_value(mappings, i); + // Skip mappings where |issuerDomainPolicy| does not appear in the graph. + if (!level->has_any_policy && + x509_policy_level_find(level, mapping->issuerDomainPolicy) == NULL) { + continue; } - mapping->issuerDomainPolicy = OBJ_dup(node->policy); - mapping->subjectDomainPolicy = OBJ_dup(node->policy); - if (mapping->issuerDomainPolicy == NULL || - mapping->subjectDomainPolicy == NULL || - !sk_POLICY_MAPPING_push(mappings, mapping)) { - POLICY_MAPPING_free(mapping); - goto err; - } - } - } - // Sort to group by subjectDomainPolicy. - sk_POLICY_MAPPING_set_cmp_func(mappings, compare_subject_policy); - sk_POLICY_MAPPING_sort(mappings); - - // Convert |mappings| to our "expected_policy_set" representation. - next = x509_policy_level_new(); - if (next == NULL) { - goto err; - } - next->has_any_policy = level->has_any_policy; - - X509_POLICY_NODE *last_node = NULL; - for (size_t i = 0; i < sk_POLICY_MAPPING_num(mappings); i++) { - POLICY_MAPPING *mapping = sk_POLICY_MAPPING_value(mappings, i); - // Skip mappings where |issuerDomainPolicy| does not appear in the graph. - if (!level->has_any_policy && - x509_policy_level_find(level, mapping->issuerDomainPolicy) == NULL) { - continue; - } - - if (last_node == NULL || - OBJ_cmp(last_node->policy, mapping->subjectDomainPolicy) != 0) { - last_node = x509_policy_node_new(mapping->subjectDomainPolicy); if (last_node == NULL || - !sk_X509_POLICY_NODE_push(next->nodes, last_node)) { - x509_policy_node_free(last_node); + OBJ_cmp(last_node->policy, mapping->subjectDomainPolicy) != 0) { + last_node = x509_policy_node_new(mapping->subjectDomainPolicy); + if (last_node == NULL || + !sk_X509_POLICY_NODE_push(next->nodes, last_node)) { + x509_policy_node_free(last_node); + goto err; + } + } + + if (!sk_ASN1_OBJECT_push(last_node->parent_policies, + mapping->issuerDomainPolicy)) { goto err; } + mapping->issuerDomainPolicy = NULL; } - if (!sk_ASN1_OBJECT_push(last_node->parent_policies, - mapping->issuerDomainPolicy)) { - goto err; - } - mapping->issuerDomainPolicy = NULL; + sk_X509_POLICY_NODE_sort(next->nodes); + ok = 1; } - sk_X509_POLICY_NODE_sort(next->nodes); - ok = 1; - err: if (!ok) { x509_policy_level_free(next); @@ -535,8 +546,8 @@ size_t *policy_mapping, size_t *inhibit_any_policy) { int critical; - POLICY_CONSTRAINTS *constraints = - X509_get_ext_d2i(x509, NID_policy_constraints, &critical, NULL); + POLICY_CONSTRAINTS *constraints = reinterpret_cast<POLICY_CONSTRAINTS *>( + X509_get_ext_d2i(x509, NID_policy_constraints, &critical, NULL)); if (constraints == NULL && critical != -1) { return 0; } @@ -558,8 +569,8 @@ } } - ASN1_INTEGER *inhibit_any_policy_ext = - X509_get_ext_d2i(x509, NID_inhibit_any_policy, &critical, NULL); + ASN1_INTEGER *inhibit_any_policy_ext = reinterpret_cast<ASN1_INTEGER *>( + X509_get_ext_d2i(x509, NID_inhibit_any_policy, &critical, NULL)); if (inhibit_any_policy_ext == NULL && critical != -1) { return 0; } @@ -673,8 +684,7 @@ (flags & X509_V_FLAG_EXPLICIT_POLICY) ? 0 : num_certs + 1; size_t inhibit_any_policy = (flags & X509_V_FLAG_INHIBIT_ANY) ? 0 : num_certs + 1; - size_t policy_mapping = - (flags & X509_V_FLAG_INHIBIT_MAP) ? 0 : num_certs + 1; + size_t policy_mapping = (flags & X509_V_FLAG_INHIBIT_MAP) ? 0 : num_certs + 1; levels = sk_X509_POLICY_LEVEL_new_null(); if (levels == NULL) {
diff --git a/crypto/x509/rsa_pss.c b/crypto/x509/rsa_pss.cc similarity index 85% rename from crypto/x509/rsa_pss.c rename to crypto/x509/rsa_pss.cc index 8e19b8c..8824a6e 100644 --- a/crypto/x509/rsa_pss.c +++ b/crypto/x509/rsa_pss.cc
@@ -89,8 +89,7 @@ // Given an MGF1 Algorithm ID decode to an Algorithm Identifier static X509_ALGOR *rsa_mgf1_decode(const X509_ALGOR *alg) { - if (OBJ_obj2nid(alg->algorithm) != NID_mgf1 || - alg->parameter == NULL || + if (OBJ_obj2nid(alg->algorithm) != NID_mgf1 || alg->parameter == NULL || alg->parameter->type != V_ASN1_SEQUENCE) { return NULL; } @@ -241,7 +240,8 @@ goto err; } - if (!X509_ALGOR_set0(algor, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os)) { + if (!X509_ALGOR_set0(algor, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, + os)) { goto err; } os = NULL; @@ -260,51 +260,55 @@ // Decode PSS parameters int ret = 0; RSA_PSS_PARAMS *pss = rsa_pss_decode(sigalg); - if (pss == NULL) { - OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS); - goto err; - } - const EVP_MD *mgf1md = rsa_mgf1_to_md(pss->maskGenAlgorithm); - const EVP_MD *md = rsa_algor_to_md(pss->hashAlgorithm); - if (mgf1md == NULL || md == NULL) { - goto err; - } + { + if (pss == NULL) { + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS); + goto err; + } - // We require the MGF-1 and signing hashes to match. - if (mgf1md != md) { - OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS); - goto err; - } + const EVP_MD *mgf1md = rsa_mgf1_to_md(pss->maskGenAlgorithm); + const EVP_MD *md = rsa_algor_to_md(pss->hashAlgorithm); + if (mgf1md == NULL || md == NULL) { + goto err; + } - // We require the salt length be the hash length. The DEFAULT value is 20, but - // this does not match any supported salt length. - uint64_t salt_len = 0; - if (pss->saltLength == NULL || - !ASN1_INTEGER_get_uint64(&salt_len, pss->saltLength) || - salt_len != EVP_MD_size(md)) { - OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS); - goto err; - } - assert(salt_len <= INT_MAX); + // We require the MGF-1 and signing hashes to match. + if (mgf1md != md) { + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS); + goto err; + } - // The trailer field must be 1 (0xbc). This value is DEFAULT, so the structure - // is required to omit it in DER. Although a syntax error, we also tolerate an - // explicitly-encoded value. See the certificates in cl/362617931. - if (pss->trailerField != NULL && ASN1_INTEGER_get(pss->trailerField) != 1) { - OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS); - goto err; - } + // We require the salt length be the hash length. The DEFAULT value is 20, + // but this does not match any supported salt length. + uint64_t salt_len = 0; + if (pss->saltLength == NULL || + !ASN1_INTEGER_get_uint64(&salt_len, pss->saltLength) || + salt_len != EVP_MD_size(md)) { + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS); + goto err; + } + assert(salt_len <= INT_MAX); - EVP_PKEY_CTX *pctx; - if (!EVP_DigestVerifyInit(ctx, &pctx, md, NULL, pkey) || - !EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) || - !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, (int)salt_len) || - !EVP_PKEY_CTX_set_rsa_mgf1_md(pctx, mgf1md)) { - goto err; - } + // The trailer field must be 1 (0xbc). This value is DEFAULT, so the + // structure is required to omit it in DER. Although a syntax error, we also + // tolerate an explicitly-encoded value. See the certificates in + // cl/362617931. + if (pss->trailerField != NULL && ASN1_INTEGER_get(pss->trailerField) != 1) { + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS); + goto err; + } - ret = 1; + EVP_PKEY_CTX *pctx; + if (!EVP_DigestVerifyInit(ctx, &pctx, md, NULL, pkey) || + !EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) || + !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, (int)salt_len) || + !EVP_PKEY_CTX_set_rsa_mgf1_md(pctx, mgf1md)) { + goto err; + } + + ret = 1; + } err: RSA_PSS_PARAMS_free(pss);
diff --git a/crypto/x509/t_crl.c b/crypto/x509/t_crl.cc similarity index 100% rename from crypto/x509/t_crl.c rename to crypto/x509/t_crl.cc
diff --git a/crypto/x509/t_req.c b/crypto/x509/t_req.cc similarity index 100% rename from crypto/x509/t_req.c rename to crypto/x509/t_req.cc
diff --git a/crypto/x509/t_x509.c b/crypto/x509/t_x509.cc similarity index 100% rename from crypto/x509/t_x509.c rename to crypto/x509/t_x509.cc
diff --git a/crypto/x509/t_x509a.c b/crypto/x509/t_x509a.cc similarity index 100% rename from crypto/x509/t_x509a.c rename to crypto/x509/t_x509a.cc
diff --git a/crypto/x509/v3_akey.c b/crypto/x509/v3_akey.cc similarity index 97% rename from crypto/x509/v3_akey.c rename to crypto/x509/v3_akey.cc index 740058d..cfd5d75 100644 --- a/crypto/x509/v3_akey.c +++ b/crypto/x509/v3_akey.cc
@@ -65,6 +65,7 @@ #include <openssl/obj.h> #include <openssl/x509.h> +#include "ext_dat.h" #include "internal.h" @@ -93,7 +94,8 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID( const X509V3_EXT_METHOD *method, void *ext, STACK_OF(CONF_VALUE) *extlist) { - const AUTHORITY_KEYID *akeyid = ext; + const AUTHORITY_KEYID *akeyid = + reinterpret_cast<const AUTHORITY_KEYID *>(ext); int extlist_was_null = extlist == NULL; if (akeyid->keyid) { char *tmp = x509v3_bytes_to_hex(akeyid->keyid->data, akeyid->keyid->length); @@ -177,7 +179,7 @@ j = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1); const X509_EXTENSION *ext; if ((j >= 0) && (ext = X509_get_ext(cert, j))) { - ikeyid = X509V3_EXT_d2i(ext); + ikeyid = reinterpret_cast<ASN1_OCTET_STRING *>(X509V3_EXT_d2i(ext)); } if (keyid == 2 && !ikeyid) { OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
diff --git a/crypto/x509/v3_akeya.c b/crypto/x509/v3_akeya.cc similarity index 100% rename from crypto/x509/v3_akeya.c rename to crypto/x509/v3_akeya.cc
diff --git a/crypto/x509/v3_alt.c b/crypto/x509/v3_alt.cc similarity index 98% rename from crypto/x509/v3_alt.c rename to crypto/x509/v3_alt.cc index 61ea4a9..c330369 100644 --- a/crypto/x509/v3_alt.c +++ b/crypto/x509/v3_alt.cc
@@ -63,6 +63,7 @@ #include <openssl/obj.h> #include <openssl/x509.h> +#include "ext_dat.h" #include "internal.h" @@ -81,7 +82,7 @@ static STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES_cb( const X509V3_EXT_METHOD *method, void *ext, STACK_OF(CONF_VALUE) *ret) { - return i2v_GENERAL_NAMES(method, ext, ret); + return i2v_GENERAL_NAMES(method, reinterpret_cast<GENERAL_NAMES *>(ext), ret); } const X509V3_EXT_METHOD v3_alt[] = { @@ -314,7 +315,7 @@ GENERAL_NAMES *ialt = NULL; X509_EXTENSION *ext; if (!(ext = X509_get_ext(ctx->issuer_cert, i)) || - !(ialt = X509V3_EXT_d2i(ext))) { + !(ialt = reinterpret_cast<GENERAL_NAMES *>(X509V3_EXT_d2i(ext)))) { OPENSSL_PUT_ERROR(X509V3, X509V3_R_ISSUER_DECODE_ERROR); goto err; } @@ -608,11 +609,11 @@ static int do_dirname(GENERAL_NAME *gen, const char *value, const X509V3_CTX *ctx) { int ret = 0; + const STACK_OF(CONF_VALUE) *sk = X509V3_get_section(ctx, value); X509_NAME *nm = X509_NAME_new(); if (nm == NULL) { goto err; } - const STACK_OF(CONF_VALUE) *sk = X509V3_get_section(ctx, value); if (sk == NULL) { OPENSSL_PUT_ERROR(X509V3, X509V3_R_SECTION_NOT_FOUND); ERR_add_error_data(2, "section=", value);
diff --git a/crypto/x509/v3_bcons.c b/crypto/x509/v3_bcons.cc similarity index 97% rename from crypto/x509/v3_bcons.c rename to crypto/x509/v3_bcons.cc index 0808012..b942752 100644 --- a/crypto/x509/v3_bcons.c +++ b/crypto/x509/v3_bcons.cc
@@ -64,6 +64,7 @@ #include <openssl/obj.h> #include <openssl/x509.h> +#include "ext_dat.h" #include "internal.h" @@ -99,7 +100,8 @@ static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS( const X509V3_EXT_METHOD *method, void *ext, STACK_OF(CONF_VALUE) *extlist) { - const BASIC_CONSTRAINTS *bcons = ext; + const BASIC_CONSTRAINTS *bcons = + reinterpret_cast<const BASIC_CONSTRAINTS *>(ext); X509V3_add_value_bool("CA", bcons->ca, &extlist); X509V3_add_value_int("pathlen", bcons->pathlen, &extlist); return extlist;
diff --git a/crypto/x509/v3_bitst.c b/crypto/x509/v3_bitst.cc similarity index 94% rename from crypto/x509/v3_bitst.c rename to crypto/x509/v3_bitst.cc index 0124502..8c0bd60 100644 --- a/crypto/x509/v3_bitst.c +++ b/crypto/x509/v3_bitst.cc
@@ -62,6 +62,7 @@ #include <openssl/obj.h> #include <openssl/x509.h> +#include "ext_dat.h" #include "internal.h" @@ -90,9 +91,10 @@ static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING( const X509V3_EXT_METHOD *method, void *ext, STACK_OF(CONF_VALUE) *ret) { - const ASN1_BIT_STRING *bits = ext; + const ASN1_BIT_STRING *bits = reinterpret_cast<ASN1_BIT_STRING *>(ext); const BIT_STRING_BITNAME *bnam; - for (bnam = method->usr_data; bnam->lname; bnam++) { + for (bnam = reinterpret_cast<const BIT_STRING_BITNAME *>(method->usr_data); + bnam->lname; bnam++) { if (ASN1_BIT_STRING_get_bit(bits, bnam->bitnum)) { X509V3_add_value(bnam->lname, NULL, &ret); } @@ -110,7 +112,8 @@ for (size_t i = 0; i < sk_CONF_VALUE_num(nval); i++) { const CONF_VALUE *val = sk_CONF_VALUE_value(nval, i); const BIT_STRING_BITNAME *bnam; - for (bnam = method->usr_data; bnam->lname; bnam++) { + for (bnam = reinterpret_cast<const BIT_STRING_BITNAME *>(method->usr_data); + bnam->lname; bnam++) { if (!strcmp(bnam->sname, val->name) || !strcmp(bnam->lname, val->name)) { if (!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) { ASN1_BIT_STRING_free(bs);
diff --git a/crypto/x509/v3_conf.c b/crypto/x509/v3_conf.cc similarity index 97% rename from crypto/x509/v3_conf.c rename to crypto/x509/v3_conf.cc index 998ec18..bd80b69 100644 --- a/crypto/x509/v3_conf.c +++ b/crypto/x509/v3_conf.cc
@@ -190,7 +190,8 @@ } ext = do_ext_i2d(method, ext_nid, crit, ext_struc); - ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it)); + ASN1_item_free(reinterpret_cast<ASN1_VALUE *>(ext_struc), + ASN1_ITEM_ptr(method->it)); return ext; } @@ -198,7 +199,8 @@ int crit, void *ext_struc) { // Convert the extension's internal representation to DER. unsigned char *ext_der = NULL; - int ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it)); + int ext_len = ASN1_item_i2d(reinterpret_cast<ASN1_VALUE *>(ext_struc), + &ext_der, ASN1_ITEM_ptr(method->it)); if (ext_len < 0) { return NULL; } @@ -401,9 +403,7 @@ return NCONF_get_section(ctx->db, section); } -void X509V3_set_nconf(X509V3_CTX *ctx, const CONF *conf) { - ctx->db = conf; -} +void X509V3_set_nconf(X509V3_CTX *ctx, const CONF *conf) { ctx->db = conf; } void X509V3_set_ctx(X509V3_CTX *ctx, const X509 *issuer, const X509 *subj, const X509_REQ *req, const X509_CRL *crl, int flags) {
diff --git a/crypto/x509/v3_cpols.c b/crypto/x509/v3_cpols.cc similarity index 90% rename from crypto/x509/v3_cpols.c rename to crypto/x509/v3_cpols.cc index 3459fcb..95f55b5 100644 --- a/crypto/x509/v3_cpols.c +++ b/crypto/x509/v3_cpols.cc
@@ -68,6 +68,7 @@ #include <openssl/stack.h> #include <openssl/x509.h> +#include "ext_dat.h" #include "internal.h" // Certificate policies extension support: this one is a bit complex... @@ -161,56 +162,60 @@ return NULL; } STACK_OF(CONF_VALUE) *vals = X509V3_parse_list(value); - if (vals == NULL) { - OPENSSL_PUT_ERROR(X509V3, ERR_R_X509V3_LIB); - goto err; - } - int ia5org = 0; - for (size_t i = 0; i < sk_CONF_VALUE_num(vals); i++) { - const CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i); - if (cnf->value || !cnf->name) { - OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_POLICY_IDENTIFIER); - X509V3_conf_err(cnf); - goto err; - } - POLICYINFO *pol; - const char *pstr = cnf->name; - if (!strcmp(pstr, "ia5org")) { - ia5org = 1; - continue; - } else if (*pstr == '@') { - const STACK_OF(CONF_VALUE) *polsect = X509V3_get_section(ctx, pstr + 1); - if (!polsect) { - OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_SECTION); - X509V3_conf_err(cnf); - goto err; - } - pol = policy_section(ctx, polsect, ia5org); - if (!pol) { - goto err; - } - } else { - ASN1_OBJECT *pobj = OBJ_txt2obj(cnf->name, 0); - if (pobj == NULL) { - OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_OBJECT_IDENTIFIER); - X509V3_conf_err(cnf); - goto err; - } - pol = POLICYINFO_new(); - if (pol == NULL) { - ASN1_OBJECT_free(pobj); - goto err; - } - pol->policyid = pobj; - } - if (!sk_POLICYINFO_push(pols, pol)) { - POLICYINFO_free(pol); + { + if (vals == NULL) { + OPENSSL_PUT_ERROR(X509V3, ERR_R_X509V3_LIB); goto err; } + int ia5org = 0; + for (size_t i = 0; i < sk_CONF_VALUE_num(vals); i++) { + const CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i); + if (cnf->value || !cnf->name) { + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_POLICY_IDENTIFIER); + X509V3_conf_err(cnf); + goto err; + } + POLICYINFO *pol; + const char *pstr = cnf->name; + if (!strcmp(pstr, "ia5org")) { + ia5org = 1; + continue; + } else if (*pstr == '@') { + const STACK_OF(CONF_VALUE) *polsect = X509V3_get_section(ctx, pstr + 1); + if (!polsect) { + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_SECTION); + + X509V3_conf_err(cnf); + goto err; + } + pol = policy_section(ctx, polsect, ia5org); + if (!pol) { + goto err; + } + } else { + ASN1_OBJECT *pobj = OBJ_txt2obj(cnf->name, 0); + if (pobj == NULL) { + OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_OBJECT_IDENTIFIER); + X509V3_conf_err(cnf); + goto err; + } + pol = POLICYINFO_new(); + if (pol == NULL) { + ASN1_OBJECT_free(pobj); + goto err; + } + pol->policyid = pobj; + } + if (!sk_POLICYINFO_push(pols, pol)) { + POLICYINFO_free(pol); + goto err; + } + } + sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); + return pols; } - sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); - return pols; + err: sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); sk_POLICYINFO_pop_free(pols, POLICYINFO_free); @@ -408,7 +413,8 @@ static int i2r_certpol(const X509V3_EXT_METHOD *method, void *ext, BIO *out, int indent) { - const STACK_OF(POLICYINFO) *pol = ext; + const STACK_OF(POLICYINFO) *pol = + reinterpret_cast<const STACK_OF(POLICYINFO) *>(ext); // First print out the policy OIDs for (size_t i = 0; i < sk_POLICYINFO_num(pol); i++) { const POLICYINFO *pinfo = sk_POLICYINFO_value(pol, i);
diff --git a/crypto/x509/v3_crld.c b/crypto/x509/v3_crld.cc similarity index 98% rename from crypto/x509/v3_crld.c rename to crypto/x509/v3_crld.cc index 27e8125..4275af6 100644 --- a/crypto/x509/v3_crld.c +++ b/crypto/x509/v3_crld.cc
@@ -65,6 +65,7 @@ #include <openssl/obj.h> #include <openssl/x509.h> +#include "ext_dat.h" #include "internal.h" @@ -518,7 +519,7 @@ static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, int indent) { - ISSUING_DIST_POINT *idp = pidp; + ISSUING_DIST_POINT *idp = reinterpret_cast<ISSUING_DIST_POINT *>(pidp); if (idp->distpoint) { print_distpoint(out, idp->distpoint, indent); } @@ -548,7 +549,7 @@ static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, int indent) { - STACK_OF(DIST_POINT) *crld = pcrldp; + STACK_OF(DIST_POINT) *crld = reinterpret_cast<STACK_OF(DIST_POINT) *>(pcrldp); DIST_POINT *point; size_t i; for (i = 0; i < sk_DIST_POINT_num(crld); i++) {
diff --git a/crypto/x509/v3_enum.c b/crypto/x509/v3_enum.cc similarity index 94% rename from crypto/x509/v3_enum.c rename to crypto/x509/v3_enum.cc index e24fc6b..f359802 100644 --- a/crypto/x509/v3_enum.c +++ b/crypto/x509/v3_enum.cc
@@ -61,6 +61,7 @@ #include <openssl/x509.h> #include <openssl/x509v3.h> +#include "ext_dat.h" #include "internal.h" @@ -84,9 +85,11 @@ static char *i2s_ASN1_ENUMERATED_TABLE(const X509V3_EXT_METHOD *method, void *ext) { - const ASN1_ENUMERATED *e = ext; + const ASN1_ENUMERATED *e = reinterpret_cast<const ASN1_ENUMERATED *>(ext); long strval = ASN1_ENUMERATED_get(e); - for (const ENUMERATED_NAMES *enam = method->usr_data; enam->lname; enam++) { + for (const ENUMERATED_NAMES *enam = + reinterpret_cast<const ENUMERATED_NAMES *>(method->usr_data); + enam->lname; enam++) { if (strval == enam->bitnum) { return OPENSSL_strdup(enam->lname); }
diff --git a/crypto/x509/v3_extku.c b/crypto/x509/v3_extku.cc similarity index 97% rename from crypto/x509/v3_extku.c rename to crypto/x509/v3_extku.cc index d2a438d..33abe8a 100644 --- a/crypto/x509/v3_extku.c +++ b/crypto/x509/v3_extku.cc
@@ -62,6 +62,7 @@ #include <openssl/obj.h> #include <openssl/x509.h> +#include "ext_dat.h" #include "internal.h" @@ -114,7 +115,8 @@ static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE( const X509V3_EXT_METHOD *method, void *a, STACK_OF(CONF_VALUE) *ext_list) { - const EXTENDED_KEY_USAGE *eku = a; + const EXTENDED_KEY_USAGE *eku = + reinterpret_cast<const EXTENDED_KEY_USAGE *>(a); for (size_t i = 0; i < sk_ASN1_OBJECT_num(eku); i++) { const ASN1_OBJECT *obj = sk_ASN1_OBJECT_value(eku, i); char obj_tmp[80];
diff --git a/crypto/x509/v3_genn.c b/crypto/x509/v3_genn.cc similarity index 94% rename from crypto/x509/v3_genn.c rename to crypto/x509/v3_genn.cc index ec3a282..6c9fbb8 100644 --- a/crypto/x509/v3_genn.c +++ b/crypto/x509/v3_genn.cc
@@ -176,33 +176,33 @@ void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value) { switch (type) { case GEN_X400: - a->d.x400Address = value; + a->d.x400Address = reinterpret_cast<ASN1_STRING *>(value); break; case GEN_EDIPARTY: - a->d.ediPartyName = value; + a->d.ediPartyName = reinterpret_cast<EDIPARTYNAME *>(value); break; case GEN_OTHERNAME: - a->d.otherName = value; + a->d.otherName = reinterpret_cast<OTHERNAME *>(value); break; case GEN_EMAIL: case GEN_DNS: case GEN_URI: - a->d.ia5 = value; + a->d.ia5 = reinterpret_cast<ASN1_STRING *>(value); break; case GEN_DIRNAME: - a->d.dirn = value; + a->d.dirn = reinterpret_cast<X509_NAME *>(value); break; case GEN_IPADD: - a->d.ip = value; + a->d.ip = reinterpret_cast<ASN1_STRING *>(value); break; case GEN_RID: - a->d.rid = value; + a->d.rid = reinterpret_cast<ASN1_OBJECT *>(value); break; } a->type = type;
diff --git a/crypto/x509/v3_ia5.c b/crypto/x509/v3_ia5.cc similarity index 95% rename from crypto/x509/v3_ia5.c rename to crypto/x509/v3_ia5.cc index d28b85a..f0e716c 100644 --- a/crypto/x509/v3_ia5.c +++ b/crypto/x509/v3_ia5.cc
@@ -67,15 +67,16 @@ #include <openssl/x509.h> #include "../internal.h" +#include "ext_dat.h" static char *i2s_ASN1_IA5STRING(const X509V3_EXT_METHOD *method, void *ext) { - const ASN1_IA5STRING *ia5 = ext; + const ASN1_IA5STRING *ia5 = reinterpret_cast<const ASN1_IA5STRING *>(ext); char *tmp; if (!ia5 || !ia5->length) { return NULL; } - if (!(tmp = OPENSSL_malloc(ia5->length + 1))) { + if (!(tmp = reinterpret_cast<char *>(OPENSSL_malloc(ia5->length + 1)))) { return NULL; } OPENSSL_memcpy(tmp, ia5->data, ia5->length);
diff --git a/crypto/x509/v3_info.c b/crypto/x509/v3_info.cc similarity index 96% rename from crypto/x509/v3_info.c rename to crypto/x509/v3_info.cc index c3a93ff..4d7ae26 100644 --- a/crypto/x509/v3_info.c +++ b/crypto/x509/v3_info.cc
@@ -67,6 +67,7 @@ #include <openssl/obj.h> #include <openssl/x509.h> +#include "ext_dat.h" #include "internal.h" @@ -125,7 +126,8 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS( const X509V3_EXT_METHOD *method, void *ext, STACK_OF(CONF_VALUE) *ret) { - const AUTHORITY_INFO_ACCESS *ainfo = ext; + const AUTHORITY_INFO_ACCESS *ainfo = + reinterpret_cast<const AUTHORITY_INFO_ACCESS *>(ext); ACCESS_DESCRIPTION *desc; int nlen; char objtmp[80], *ntmp; @@ -144,7 +146,7 @@ vtmp = sk_CONF_VALUE_value(tret, i); i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method); nlen = strlen(objtmp) + strlen(vtmp->name) + 5; - ntmp = OPENSSL_malloc(nlen); + ntmp = reinterpret_cast<char *>(OPENSSL_malloc(nlen)); if (ntmp == NULL) { goto err; }
diff --git a/crypto/x509/v3_int.c b/crypto/x509/v3_int.cc similarity index 97% rename from crypto/x509/v3_int.c rename to crypto/x509/v3_int.cc index 4f1b343..0e45199 100644 --- a/crypto/x509/v3_int.c +++ b/crypto/x509/v3_int.cc
@@ -59,9 +59,11 @@ #include <openssl/obj.h> #include <openssl/x509.h> +#include "ext_dat.h" + static char *i2s_ASN1_INTEGER_cb(const X509V3_EXT_METHOD *method, void *ext) { - return i2s_ASN1_INTEGER(method, ext); + return i2s_ASN1_INTEGER(method, reinterpret_cast<ASN1_INTEGER *>(ext)); } static void *s2i_asn1_int(const X509V3_EXT_METHOD *meth, const X509V3_CTX *ctx,
diff --git a/crypto/x509/v3_lib.c b/crypto/x509/v3_lib.cc similarity index 95% rename from crypto/x509/v3_lib.c rename to crypto/x509/v3_lib.cc index 32bcb7f..7f6578f 100644 --- a/crypto/x509/v3_lib.c +++ b/crypto/x509/v3_lib.cc
@@ -109,8 +109,9 @@ return NULL; } tmp.ext_nid = nid; - ret = bsearch(&t, standard_exts, STANDARD_EXTENSION_COUNT, - sizeof(X509V3_EXT_METHOD *), ext_cmp); + ret = reinterpret_cast<X509V3_EXT_METHOD **>( + bsearch(&t, standard_exts, STANDARD_EXTENSION_COUNT, + sizeof(X509V3_EXT_METHOD *), ext_cmp)); if (ret) { return *ret; } @@ -139,12 +140,13 @@ return 0; } - ASN1_item_free(ext_data, ASN1_ITEM_ptr(ext_method->it)); + ASN1_item_free(reinterpret_cast<ASN1_VALUE *>(ext_data), + ASN1_ITEM_ptr(ext_method->it)); return 1; } int X509V3_EXT_add_alias(int nid_to, int nid_from) { -OPENSSL_BEGIN_ALLOW_DEPRECATED + OPENSSL_BEGIN_ALLOW_DEPRECATED const X509V3_EXT_METHOD *ext; X509V3_EXT_METHOD *tmpext; @@ -163,7 +165,7 @@ return 0; } return 1; -OPENSSL_END_ALLOW_DEPRECATED + OPENSSL_END_ALLOW_DEPRECATED } // Legacy function: we don't need to add standard extensions any more because @@ -188,7 +190,8 @@ } // Check for trailing data. if (p != ext->value->data + ext->value->length) { - ASN1_item_free(ret, ASN1_ITEM_ptr(method->it)); + ASN1_item_free(reinterpret_cast<ASN1_VALUE *>(ret), + ASN1_ITEM_ptr(method->it)); OPENSSL_PUT_ERROR(X509V3, X509V3_R_TRAILING_DATA_IN_EXTENSION); return NULL; }
diff --git a/crypto/x509/v3_ncons.c b/crypto/x509/v3_ncons.cc similarity index 99% rename from crypto/x509/v3_ncons.c rename to crypto/x509/v3_ncons.cc index 31ef58d..05e90b4 100644 --- a/crypto/x509/v3_ncons.c +++ b/crypto/x509/v3_ncons.cc
@@ -65,6 +65,7 @@ #include <openssl/x509.h> #include "../internal.h" +#include "ext_dat.h" #include "internal.h" @@ -166,7 +167,7 @@ static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, BIO *bp, int ind) { - NAME_CONSTRAINTS *ncons = a; + NAME_CONSTRAINTS *ncons = reinterpret_cast<NAME_CONSTRAINTS *>(a); do_i2r_name_constraints(method, ncons->permittedSubtrees, bp, ind, "Permitted"); do_i2r_name_constraints(method, ncons->excludedSubtrees, bp, ind, "Excluded");
diff --git a/crypto/x509/v3_ocsp.c b/crypto/x509/v3_ocsp.cc similarity index 93% rename from crypto/x509/v3_ocsp.c rename to crypto/x509/v3_ocsp.cc index abb7c03..506d949 100644 --- a/crypto/x509/v3_ocsp.c +++ b/crypto/x509/v3_ocsp.cc
@@ -13,6 +13,8 @@ #include <openssl/bio.h> #include <openssl/nid.h> +#include "ext_dat.h" + // OCSP extensions and a couple of CRL entry extensions static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce, @@ -62,7 +64,8 @@ if (BIO_printf(bp, "%*s", ind, "") <= 0) { return 0; } - if (!ASN1_GENERALIZEDTIME_print(bp, cutoff)) { + if (!ASN1_GENERALIZEDTIME_print( + bp, reinterpret_cast<ASN1_GENERALIZEDTIME *>(cutoff))) { return 0; } return 1;
diff --git a/crypto/x509/v3_pcons.c b/crypto/x509/v3_pcons.cc similarity index 97% rename from crypto/x509/v3_pcons.c rename to crypto/x509/v3_pcons.cc index 0ab5bad..68953e1 100644 --- a/crypto/x509/v3_pcons.c +++ b/crypto/x509/v3_pcons.cc
@@ -64,6 +64,7 @@ #include <openssl/obj.h> #include <openssl/x509.h> +#include "ext_dat.h" #include "internal.h" @@ -99,7 +100,7 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS( const X509V3_EXT_METHOD *method, void *a, STACK_OF(CONF_VALUE) *extlist) { - const POLICY_CONSTRAINTS *pcons = a; + const POLICY_CONSTRAINTS *pcons = reinterpret_cast<POLICY_CONSTRAINTS *>(a); X509V3_add_value_int("Require Explicit Policy", pcons->requireExplicitPolicy, &extlist); X509V3_add_value_int("Inhibit Policy Mapping", pcons->inhibitPolicyMapping,
diff --git a/crypto/x509/v3_pmaps.c b/crypto/x509/v3_pmaps.cc similarity index 97% rename from crypto/x509/v3_pmaps.c rename to crypto/x509/v3_pmaps.cc index 25be453..a69d8ca 100644 --- a/crypto/x509/v3_pmaps.c +++ b/crypto/x509/v3_pmaps.cc
@@ -62,6 +62,7 @@ #include <openssl/obj.h> #include <openssl/x509.h> +#include "ext_dat.h" #include "internal.h" @@ -101,7 +102,7 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS( const X509V3_EXT_METHOD *method, void *a, STACK_OF(CONF_VALUE) *ext_list) { - const POLICY_MAPPINGS *pmaps = a; + const POLICY_MAPPINGS *pmaps = reinterpret_cast<POLICY_MAPPINGS *>(a); for (size_t i = 0; i < sk_POLICY_MAPPING_num(pmaps); i++) { const POLICY_MAPPING *pmap = sk_POLICY_MAPPING_value(pmaps, i); char obj_tmp1[80], obj_tmp2[80];
diff --git a/crypto/x509/v3_prn.c b/crypto/x509/v3_prn.cc similarity index 98% rename from crypto/x509/v3_prn.c rename to crypto/x509/v3_prn.cc index 0210fea..8532820 100644 --- a/crypto/x509/v3_prn.c +++ b/crypto/x509/v3_prn.cc
@@ -144,7 +144,8 @@ err: sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); OPENSSL_free(value); - ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it)); + ASN1_item_free(reinterpret_cast<ASN1_VALUE *>(ext_str), + ASN1_ITEM_ptr(method->it)); return ok; }
diff --git a/crypto/x509/v3_purp.c b/crypto/x509/v3_purp.cc similarity index 95% rename from crypto/x509/v3_purp.c rename to crypto/x509/v3_purp.cc index 78681c5..7010716 100644 --- a/crypto/x509/v3_purp.c +++ b/crypto/x509/v3_purp.cc
@@ -203,7 +203,8 @@ static int setup_crldp(X509 *x) { int j; - x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, &j, NULL); + x->crldp = reinterpret_cast<STACK_OF(DIST_POINT) *>( + X509_get_ext_d2i(x, NID_crl_distribution_points, &j, NULL)); if (x->crldp == NULL && j != -1) { return 0; } @@ -244,7 +245,8 @@ x->ex_flags |= EXFLAG_V1; } // Handle basic constraints - if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, &j, NULL))) { + if ((bs = reinterpret_cast<BASIC_CONSTRAINTS *>( + X509_get_ext_d2i(x, NID_basic_constraints, &j, NULL)))) { if (bs->ca) { x->ex_flags |= EXFLAG_CA; } @@ -269,7 +271,8 @@ x->ex_flags |= EXFLAG_INVALID; } // Handle key usage - if ((usage = X509_get_ext_d2i(x, NID_key_usage, &j, NULL))) { + if ((usage = reinterpret_cast<ASN1_BIT_STRING *>( + X509_get_ext_d2i(x, NID_key_usage, &j, NULL)))) { if (usage->length > 0) { x->ex_kusage = usage->data[0]; if (usage->length > 1) { @@ -284,7 +287,8 @@ x->ex_flags |= EXFLAG_INVALID; } x->ex_xkusage = 0; - if ((extusage = X509_get_ext_d2i(x, NID_ext_key_usage, &j, NULL))) { + if ((extusage = reinterpret_cast<EXTENDED_KEY_USAGE *>( + X509_get_ext_d2i(x, NID_ext_key_usage, &j, NULL)))) { x->ex_flags |= EXFLAG_XKUSAGE; for (i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) { switch (OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage, i))) { @@ -331,11 +335,13 @@ x->ex_flags |= EXFLAG_INVALID; } - x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, &j, NULL); + x->skid = reinterpret_cast<ASN1_OCTET_STRING *>( + X509_get_ext_d2i(x, NID_subject_key_identifier, &j, NULL)); if (x->skid == NULL && j != -1) { x->ex_flags |= EXFLAG_INVALID; } - x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, &j, NULL); + x->akid = reinterpret_cast<AUTHORITY_KEYID *>( + X509_get_ext_d2i(x, NID_authority_key_identifier, &j, NULL)); if (x->akid == NULL && j != -1) { x->ex_flags |= EXFLAG_INVALID; } @@ -348,11 +354,13 @@ x->ex_flags |= EXFLAG_SS; } } - x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, &j, NULL); + x->altname = reinterpret_cast<STACK_OF(GENERAL_NAME) *>( + X509_get_ext_d2i(x, NID_subject_alt_name, &j, NULL)); if (x->altname == NULL && j != -1) { x->ex_flags |= EXFLAG_INVALID; } - x->nc = X509_get_ext_d2i(x, NID_name_constraints, &j, NULL); + x->nc = reinterpret_cast<NAME_CONSTRAINTS *>( + X509_get_ext_d2i(x, NID_name_constraints, &j, NULL)); if (x->nc == NULL && j != -1) { x->ex_flags |= EXFLAG_INVALID; }
diff --git a/crypto/x509/v3_skey.c b/crypto/x509/v3_skey.cc similarity index 95% rename from crypto/x509/v3_skey.c rename to crypto/x509/v3_skey.cc index 3d181ce..d60b2bc 100644 --- a/crypto/x509/v3_skey.c +++ b/crypto/x509/v3_skey.cc
@@ -60,10 +60,11 @@ #include <openssl/digest.h> #include <openssl/err.h> -#include <openssl/obj.h> #include <openssl/mem.h> +#include <openssl/obj.h> #include <openssl/x509.h> +#include "ext_dat.h" #include "internal.h" @@ -77,6 +78,7 @@ const char *str) { size_t len; uint8_t *data = x509v3_hex_to_bytes(str, &len); + ASN1_OCTET_STRING *oct; if (data == NULL) { return NULL; } @@ -85,7 +87,7 @@ goto err; } - ASN1_OCTET_STRING *oct = ASN1_OCTET_STRING_new(); + oct = ASN1_OCTET_STRING_new(); if (oct == NULL) { goto err; } @@ -99,7 +101,8 @@ static char *i2s_ASN1_OCTET_STRING_cb(const X509V3_EXT_METHOD *method, void *ext) { - return i2s_ASN1_OCTET_STRING(method, ext); + return i2s_ASN1_OCTET_STRING(method, + reinterpret_cast<ASN1_OCTET_STRING *>(ext)); } static void *s2i_skey_id(const X509V3_EXT_METHOD *method, const X509V3_CTX *ctx,
diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.cc similarity index 97% rename from crypto/x509/v3_utl.c rename to crypto/x509/v3_utl.cc index 4426be5..5200142 100644 --- a/crypto/x509/v3_utl.c +++ b/crypto/x509/v3_utl.cc
@@ -182,7 +182,7 @@ } len = strlen(tmp) + 3; - ret = OPENSSL_malloc(len); + ret = reinterpret_cast<char *>(OPENSSL_malloc(len)); if (ret == NULL) { OPENSSL_free(tmp); return NULL; @@ -502,7 +502,8 @@ OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NULL_ARGUMENT); return NULL; } - if (!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) { + if (!(hexbuf = + reinterpret_cast<uint8_t *>(OPENSSL_malloc(strlen(str) >> 1)))) { goto err; } for (p = (unsigned char *)str, q = hexbuf; *p;) { @@ -559,7 +560,8 @@ GENERAL_NAMES *gens; STACK_OF(OPENSSL_STRING) *ret; - gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); + gens = reinterpret_cast<GENERAL_NAMES *>( + X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL)); ret = get_email(X509_get_subject_name(x), gens); sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); return ret; @@ -570,7 +572,8 @@ STACK_OF(OPENSSL_STRING) *ret = NULL; size_t i; - info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL); + info = reinterpret_cast<AUTHORITY_INFO_ACCESS *>( + X509_get_ext_d2i(x, NID_info_access, NULL, NULL)); if (!info) { return NULL; } @@ -594,7 +597,8 @@ STACK_OF(OPENSSL_STRING) *ret; exts = X509_REQ_get_extensions(x); - gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL); + gens = reinterpret_cast<GENERAL_NAMES *>( + X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL)); ret = get_email(X509_REQ_get_subject_name(x), gens); sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); @@ -995,7 +999,8 @@ equal = equal_case; } - GENERAL_NAMES *gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); + GENERAL_NAMES *gens = reinterpret_cast<GENERAL_NAMES *>( + X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL)); if (gens) { for (size_t i = 0; i < sk_GENERAL_NAME_num(gens); i++) { const GENERAL_NAME *gen = sk_GENERAL_NAME_value(gens, i); @@ -1112,7 +1117,8 @@ unsigned char ipout[32]; char *iptmp = NULL, *p; int iplen1, iplen2; - p = strchr(ipasc, '/'); + // FIXME: yes, this function takes a const pointer and writes to it! + p = const_cast<char *>(strchr(ipasc, '/')); if (!p) { return NULL; } @@ -1293,7 +1299,7 @@ } static int ipv6_cb(const char *elem, size_t len, void *usr) { - IPV6_STAT *s = usr; + IPV6_STAT *s = reinterpret_cast<IPV6_STAT *>(usr); // Error if 16 bytes written if (s->total == 16) { return 0;
diff --git a/crypto/x509/x509.c b/crypto/x509/x509.cc similarity index 100% rename from crypto/x509/x509.c rename to crypto/x509/x509.cc
diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.cc similarity index 97% rename from crypto/x509/x509_att.c rename to crypto/x509/x509_att.cc index e3d0c6a..c92d722 100644 --- a/crypto/x509/x509_att.c +++ b/crypto/x509/x509_att.cc
@@ -157,8 +157,9 @@ // |data| is an encoded string. We must decode and re-encode it to |attr|'s // preferred ASN.1 type. Note |len| may be -1, in which case // |ASN1_STRING_set_by_NID| calls |strlen| automatically. - ASN1_STRING *str = ASN1_STRING_set_by_NID(NULL, data, len, attrtype, - OBJ_obj2nid(attr->object)); + ASN1_STRING *str = + ASN1_STRING_set_by_NID(NULL, reinterpret_cast<const uint8_t *>(data), + len, attrtype, OBJ_obj2nid(attr->object)); if (str == NULL) { OPENSSL_PUT_ERROR(X509, ERR_R_ASN1_LIB); goto err;
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.cc similarity index 100% rename from crypto/x509/x509_cmp.c rename to crypto/x509/x509_cmp.cc
diff --git a/crypto/x509/x509_d2.c b/crypto/x509/x509_d2.cc similarity index 100% rename from crypto/x509/x509_d2.c rename to crypto/x509/x509_d2.cc
diff --git a/crypto/x509/x509_def.c b/crypto/x509/x509_def.cc similarity index 100% rename from crypto/x509/x509_def.c rename to crypto/x509/x509_def.cc
diff --git a/crypto/x509/x509_ext.c b/crypto/x509/x509_ext.cc similarity index 100% rename from crypto/x509/x509_ext.c rename to crypto/x509/x509_ext.cc
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.cc similarity index 97% rename from crypto/x509/x509_lu.c rename to crypto/x509/x509_lu.cc index 7867a80..f2a4085 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.cc
@@ -80,7 +80,8 @@ static X509_LOOKUP *X509_LOOKUP_new(const X509_LOOKUP_METHOD *method, X509_STORE *store) { - X509_LOOKUP *ret = OPENSSL_zalloc(sizeof(X509_LOOKUP)); + X509_LOOKUP *ret = + reinterpret_cast<X509_LOOKUP *>(OPENSSL_zalloc(sizeof(X509_LOOKUP))); if (ret == NULL) { return NULL; } @@ -150,7 +151,8 @@ } X509_STORE *X509_STORE_new(void) { - X509_STORE *ret = OPENSSL_zalloc(sizeof(X509_STORE)); + X509_STORE *ret = + reinterpret_cast<X509_STORE *>(OPENSSL_zalloc(sizeof(X509_STORE))); if (ret == NULL) { return NULL; } @@ -160,8 +162,7 @@ ret->objs = sk_X509_OBJECT_new(x509_object_cmp_sk); ret->get_cert_methods = sk_X509_LOOKUP_new_null(); ret->param = X509_VERIFY_PARAM_new(); - if (ret->objs == NULL || - ret->get_cert_methods == NULL || + if (ret->objs == NULL || ret->get_cert_methods == NULL || ret->param == NULL) { X509_STORE_free(ret); return NULL; @@ -284,7 +285,7 @@ } X509_OBJECT *X509_OBJECT_new(void) { - return OPENSSL_zalloc(sizeof(X509_OBJECT)); + return reinterpret_cast<X509_OBJECT *>(OPENSSL_zalloc(sizeof(X509_OBJECT))); } void X509_OBJECT_free(X509_OBJECT *obj) {
diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.cc similarity index 100% rename from crypto/x509/x509_obj.c rename to crypto/x509/x509_obj.cc
diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.cc similarity index 100% rename from crypto/x509/x509_req.c rename to crypto/x509/x509_req.cc
diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.cc similarity index 100% rename from crypto/x509/x509_set.c rename to crypto/x509/x509_set.cc
diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.cc similarity index 100% rename from crypto/x509/x509_trs.c rename to crypto/x509/x509_trs.cc
diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.cc similarity index 100% rename from crypto/x509/x509_txt.c rename to crypto/x509/x509_txt.cc
diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.cc similarity index 98% rename from crypto/x509/x509_v3.c rename to crypto/x509/x509_v3.cc index 5001a00..d20f925 100644 --- a/crypto/x509/x509_v3.c +++ b/crypto/x509/x509_v3.cc
@@ -143,7 +143,7 @@ const X509_EXTENSION *ex, int loc) { X509_EXTENSION *new_ex = NULL; STACK_OF(X509_EXTENSION) *sk = NULL; - int free_sk = 0; + int free_sk = 0, n; if (x == NULL) { OPENSSL_PUT_ERROR(X509, ERR_R_PASSED_NULL_PARAMETER); @@ -159,7 +159,7 @@ sk = *x; } - int n = (int)sk_X509_EXTENSION_num(sk); + n = (int)sk_X509_EXTENSION_num(sk); if (loc > n) { loc = n; } else if (loc < 0) {
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.cc similarity index 83% rename from crypto/x509/x509_vfy.c rename to crypto/x509/x509_vfy.cc index 9d1406f..9e26d09 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.cc
@@ -180,261 +180,265 @@ int j, retry, trust; STACK_OF(X509) *sktmp = NULL; - if (ctx->cert == NULL) { - OPENSSL_PUT_ERROR(X509, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); - ctx->error = X509_V_ERR_INVALID_CALL; - return 0; - } - - if (ctx->chain != NULL) { - // This X509_STORE_CTX has already been used to verify a cert. We - // cannot do another one. - OPENSSL_PUT_ERROR(X509, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - ctx->error = X509_V_ERR_INVALID_CALL; - return 0; - } - - if (ctx->param->flags & - (X509_V_FLAG_EXTENDED_CRL_SUPPORT | X509_V_FLAG_USE_DELTAS)) { - // We do not support indirect or delta CRLs. The flags still exist for - // compatibility with bindings libraries, but to ensure we do not - // inadvertently skip a CRL check that the caller expects, fail closed. - OPENSSL_PUT_ERROR(X509, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - ctx->error = X509_V_ERR_INVALID_CALL; - return 0; - } - - // first we make sure the chain we are going to build is present and that - // the first entry is in place - ctx->chain = sk_X509_new_null(); - if (ctx->chain == NULL || !sk_X509_push(ctx->chain, ctx->cert)) { - ctx->error = X509_V_ERR_OUT_OF_MEM; - goto end; - } - X509_up_ref(ctx->cert); - ctx->last_untrusted = 1; - - // We use a temporary STACK so we can chop and hack at it. - if (ctx->untrusted != NULL && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) { - ctx->error = X509_V_ERR_OUT_OF_MEM; - goto end; - } - - int num = (int)sk_X509_num(ctx->chain); - X509 *x = sk_X509_value(ctx->chain, num - 1); - // |param->depth| does not include the leaf certificate or the trust anchor, - // so the maximum size is 2 more. - int max_chain = param->depth >= INT_MAX - 2 ? INT_MAX : param->depth + 2; - - for (;;) { - if (num >= max_chain) { - // FIXME: If this happens, we should take note of it and, if appropriate, - // use the X509_V_ERR_CERT_CHAIN_TOO_LONG error code later. - break; + { + if (ctx->cert == NULL) { + OPENSSL_PUT_ERROR(X509, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); + ctx->error = X509_V_ERR_INVALID_CALL; + return 0; } - int is_self_signed; - if (!cert_self_signed(x, &is_self_signed)) { - ctx->error = X509_V_ERR_INVALID_EXTENSION; + if (ctx->chain != NULL) { + // This X509_STORE_CTX has already been used to verify a cert. We + // cannot do another one. + OPENSSL_PUT_ERROR(X509, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + ctx->error = X509_V_ERR_INVALID_CALL; + return 0; + } + + if (ctx->param->flags & + (X509_V_FLAG_EXTENDED_CRL_SUPPORT | X509_V_FLAG_USE_DELTAS)) { + // We do not support indirect or delta CRLs. The flags still exist for + // compatibility with bindings libraries, but to ensure we do not + // inadvertently skip a CRL check that the caller expects, fail closed. + OPENSSL_PUT_ERROR(X509, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + ctx->error = X509_V_ERR_INVALID_CALL; + return 0; + } + + // first we make sure the chain we are going to build is present and that + // the first entry is in place + ctx->chain = sk_X509_new_null(); + if (ctx->chain == NULL || !sk_X509_push(ctx->chain, ctx->cert)) { + ctx->error = X509_V_ERR_OUT_OF_MEM; + goto end; + } + X509_up_ref(ctx->cert); + ctx->last_untrusted = 1; + + // We use a temporary STACK so we can chop and hack at it. + if (ctx->untrusted != NULL && + (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) { + ctx->error = X509_V_ERR_OUT_OF_MEM; goto end; } - // If we are self signed, we break - if (is_self_signed) { - break; - } - // If asked see if we can find issuer in trusted store first - if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) { - X509 *issuer = get_trusted_issuer(ctx, x); - if (issuer != NULL) { - // Free the certificate. It will be picked up again later. - X509_free(issuer); - break; - } - } + int num = (int)sk_X509_num(ctx->chain); + X509 *x = sk_X509_value(ctx->chain, num - 1); + // |param->depth| does not include the leaf certificate or the trust anchor, + // so the maximum size is 2 more. + int max_chain = param->depth >= INT_MAX - 2 ? INT_MAX : param->depth + 2; - // If we were passed a cert chain, use it first - if (sktmp != NULL) { - X509 *issuer = find_issuer(ctx, sktmp, x); - if (issuer != NULL) { - if (!sk_X509_push(ctx->chain, issuer)) { - ctx->error = X509_V_ERR_OUT_OF_MEM; - goto end; - } - X509_up_ref(issuer); - (void)sk_X509_delete_ptr(sktmp, issuer); - ctx->last_untrusted++; - x = issuer; - num++; - // reparse the full chain for the next one - continue; - } - } - break; - } - - // Remember how many untrusted certs we have - j = num; - // at this point, chain should contain a list of untrusted certificates. - // We now need to add at least one trusted one, if possible, otherwise we - // complain. - - do { - // Examine last certificate in chain and see if it is self signed. - i = (int)sk_X509_num(ctx->chain); - x = sk_X509_value(ctx->chain, i - 1); - - int is_self_signed; - if (!cert_self_signed(x, &is_self_signed)) { - ctx->error = X509_V_ERR_INVALID_EXTENSION; - goto end; - } - - if (is_self_signed) { - // we have a self signed certificate - if (sk_X509_num(ctx->chain) == 1) { - // We have a single self signed certificate: see if we can - // find it in the store. We must have an exact match to avoid - // possible impersonation. - X509 *issuer = get_trusted_issuer(ctx, x); - if (issuer == NULL || X509_cmp(x, issuer) != 0) { - X509_free(issuer); - ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; - ctx->current_cert = x; - ctx->error_depth = i - 1; - bad_chain = 1; - if (!call_verify_cb(0, ctx)) { - goto end; - } - } else { - // We have a match: replace certificate with store - // version so we get any trust settings. - X509_free(x); - x = issuer; - (void)sk_X509_set(ctx->chain, i - 1, x); - ctx->last_untrusted = 0; - } - } else { - // extract and save self signed certificate for later use - chain_ss = sk_X509_pop(ctx->chain); - ctx->last_untrusted--; - num--; - j--; - x = sk_X509_value(ctx->chain, num - 1); - } - } - // We now lookup certs from the certificate store for (;;) { if (num >= max_chain) { // FIXME: If this happens, we should take note of it and, if // appropriate, use the X509_V_ERR_CERT_CHAIN_TOO_LONG error code later. break; } + + int is_self_signed; if (!cert_self_signed(x, &is_self_signed)) { ctx->error = X509_V_ERR_INVALID_EXTENSION; goto end; } + // If we are self signed, we break if (is_self_signed) { break; } - X509 *issuer = get_trusted_issuer(ctx, x); - if (issuer == NULL) { - break; - } - x = issuer; - if (!sk_X509_push(ctx->chain, x)) { - X509_free(issuer); - ctx->error = X509_V_ERR_OUT_OF_MEM; - goto end; - } - num++; - } - - // we now have our chain, lets check it... - trust = check_trust(ctx); - - // If explicitly rejected error - if (trust == X509_TRUST_REJECTED) { - goto end; - } - // If it's not explicitly trusted then check if there is an alternative - // chain that could be used. We only do this if we haven't already - // checked via TRUSTED_FIRST and the user hasn't switched off alternate - // chain checking - retry = 0; - if (trust != X509_TRUST_TRUSTED && - !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) && - !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) { - while (j-- > 1) { - X509 *issuer = - get_trusted_issuer(ctx, sk_X509_value(ctx->chain, j - 1)); - // Check if we found an alternate chain + // If asked see if we can find issuer in trusted store first + if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) { + X509 *issuer = get_trusted_issuer(ctx, x); if (issuer != NULL) { - // Free up the found cert we'll add it again later + // Free the certificate. It will be picked up again later. X509_free(issuer); - - // Dump all the certs above this point - we've found an - // alternate chain - while (num > j) { - X509_free(sk_X509_pop(ctx->chain)); - num--; - } - ctx->last_untrusted = (int)sk_X509_num(ctx->chain); - retry = 1; break; } } - } - } while (retry); - // If not explicitly trusted then indicate error unless it's a single - // self signed certificate in which case we've indicated an error already - // and set bad_chain == 1 - if (trust != X509_TRUST_TRUSTED && !bad_chain) { - if (chain_ss == NULL || - !x509_check_issued_with_callback(ctx, x, chain_ss)) { - if (ctx->last_untrusted >= num) { - ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; - } else { - ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; + // If we were passed a cert chain, use it first + if (sktmp != NULL) { + X509 *issuer = find_issuer(ctx, sktmp, x); + if (issuer != NULL) { + if (!sk_X509_push(ctx->chain, issuer)) { + ctx->error = X509_V_ERR_OUT_OF_MEM; + goto end; + } + X509_up_ref(issuer); + (void)sk_X509_delete_ptr(sktmp, issuer); + ctx->last_untrusted++; + x = issuer; + num++; + // reparse the full chain for the next one + continue; + } } - ctx->current_cert = x; - } else { - if (!sk_X509_push(ctx->chain, chain_ss)) { - ctx->error = X509_V_ERR_OUT_OF_MEM; + break; + } + + // Remember how many untrusted certs we have + j = num; + // at this point, chain should contain a list of untrusted certificates. + // We now need to add at least one trusted one, if possible, otherwise we + // complain. + + do { + // Examine last certificate in chain and see if it is self signed. + i = (int)sk_X509_num(ctx->chain); + x = sk_X509_value(ctx->chain, i - 1); + + int is_self_signed; + if (!cert_self_signed(x, &is_self_signed)) { + ctx->error = X509_V_ERR_INVALID_EXTENSION; goto end; } - num++; - ctx->last_untrusted = num; - ctx->current_cert = chain_ss; - ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; - chain_ss = NULL; + + if (is_self_signed) { + // we have a self signed certificate + if (sk_X509_num(ctx->chain) == 1) { + // We have a single self signed certificate: see if we can + // find it in the store. We must have an exact match to avoid + // possible impersonation. + X509 *issuer = get_trusted_issuer(ctx, x); + if (issuer == NULL || X509_cmp(x, issuer) != 0) { + X509_free(issuer); + ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; + ctx->current_cert = x; + ctx->error_depth = i - 1; + bad_chain = 1; + if (!call_verify_cb(0, ctx)) { + goto end; + } + } else { + // We have a match: replace certificate with store + // version so we get any trust settings. + X509_free(x); + x = issuer; + (void)sk_X509_set(ctx->chain, i - 1, x); + ctx->last_untrusted = 0; + } + } else { + // extract and save self signed certificate for later use + chain_ss = sk_X509_pop(ctx->chain); + ctx->last_untrusted--; + num--; + j--; + x = sk_X509_value(ctx->chain, num - 1); + } + } + // We now lookup certs from the certificate store + for (;;) { + if (num >= max_chain) { + // FIXME: If this happens, we should take note of it and, if + // appropriate, use the X509_V_ERR_CERT_CHAIN_TOO_LONG error code + // later. + break; + } + if (!cert_self_signed(x, &is_self_signed)) { + ctx->error = X509_V_ERR_INVALID_EXTENSION; + goto end; + } + // If we are self signed, we break + if (is_self_signed) { + break; + } + X509 *issuer = get_trusted_issuer(ctx, x); + if (issuer == NULL) { + break; + } + x = issuer; + if (!sk_X509_push(ctx->chain, x)) { + X509_free(issuer); + ctx->error = X509_V_ERR_OUT_OF_MEM; + goto end; + } + num++; + } + + // we now have our chain, lets check it... + trust = check_trust(ctx); + + // If explicitly rejected error + if (trust == X509_TRUST_REJECTED) { + goto end; + } + // If it's not explicitly trusted then check if there is an alternative + // chain that could be used. We only do this if we haven't already + // checked via TRUSTED_FIRST and the user hasn't switched off alternate + // chain checking + retry = 0; + if (trust != X509_TRUST_TRUSTED && + !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) && + !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) { + while (j-- > 1) { + X509 *issuer = + get_trusted_issuer(ctx, sk_X509_value(ctx->chain, j - 1)); + // Check if we found an alternate chain + if (issuer != NULL) { + // Free up the found cert we'll add it again later + X509_free(issuer); + + // Dump all the certs above this point - we've found an + // alternate chain + while (num > j) { + X509_free(sk_X509_pop(ctx->chain)); + num--; + } + ctx->last_untrusted = (int)sk_X509_num(ctx->chain); + retry = 1; + break; + } + } + } + } while (retry); + + // If not explicitly trusted then indicate error unless it's a single + // self signed certificate in which case we've indicated an error already + // and set bad_chain == 1 + if (trust != X509_TRUST_TRUSTED && !bad_chain) { + if (chain_ss == NULL || + !x509_check_issued_with_callback(ctx, x, chain_ss)) { + if (ctx->last_untrusted >= num) { + ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; + } else { + ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; + } + ctx->current_cert = x; + } else { + if (!sk_X509_push(ctx->chain, chain_ss)) { + ctx->error = X509_V_ERR_OUT_OF_MEM; + goto end; + } + num++; + ctx->last_untrusted = num; + ctx->current_cert = chain_ss; + ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; + chain_ss = NULL; + } + + ctx->error_depth = num - 1; + bad_chain = 1; + if (!call_verify_cb(0, ctx)) { + goto end; + } } - ctx->error_depth = num - 1; - bad_chain = 1; - if (!call_verify_cb(0, ctx)) { + // We have the chain complete: now we need to check its purpose + if (!check_chain_extensions(ctx) || // + !check_id(ctx) || + // We check revocation status after copying parameters because they may + // be needed for CRL signature verification. + !check_revocation(ctx) || // + !internal_verify(ctx) || // + !check_name_constraints(ctx) || + // TODO(davidben): Does |check_policy| still need to be conditioned on + // |!bad_chain|? DoS concerns have been resolved. + (!bad_chain && !check_policy(ctx))) { goto end; } - } - // We have the chain complete: now we need to check its purpose - if (!check_chain_extensions(ctx) || // - !check_id(ctx) || - // We check revocation status after copying parameters because they may be - // needed for CRL signature verification. - !check_revocation(ctx) || // - !internal_verify(ctx) || // - !check_name_constraints(ctx) || - // TODO(davidben): Does |check_policy| still need to be conditioned on - // |!bad_chain|? DoS concerns have been resolved. - (!bad_chain && !check_policy(ctx))) { - goto end; + ok = 1; } - ok = 1; - end: sk_X509_free(sktmp); X509_free(chain_ss); @@ -1099,13 +1103,13 @@ X509 *issuer = NULL; int crl_score = 0; X509_CRL *crl = NULL; + STACK_OF(X509_CRL) *skcrl = NULL; if (get_crl_sk(ctx, &crl, &issuer, &crl_score, ctx->crls)) { goto done; } // Lookup CRLs from store - STACK_OF(X509_CRL) *skcrl = - X509_STORE_CTX_get1_crls(ctx, X509_get_issuer_name(x)); + skcrl = X509_STORE_CTX_get1_crls(ctx, X509_get_issuer_name(x)); // If no CRLs found and a near match from get_crl_sk use that if (!skcrl && crl) { @@ -1117,7 +1121,6 @@ sk_X509_CRL_pop_free(skcrl, X509_CRL_free); done: - // If we got any kind of CRL use it and return success if (crl) { ctx->current_crl_issuer = issuer; @@ -1515,7 +1518,8 @@ } X509_STORE_CTX *X509_STORE_CTX_new(void) { - return OPENSSL_zalloc(sizeof(X509_STORE_CTX)); + return reinterpret_cast<X509_STORE_CTX *>( + OPENSSL_zalloc(sizeof(X509_STORE_CTX))); } void X509_STORE_CTX_free(X509_STORE_CTX *ctx) {
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.cc similarity index 89% rename from crypto/x509/x509_vpm.c rename to crypto/x509/x509_vpm.cc index 0640fd0..78f1946 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.cc
@@ -116,7 +116,8 @@ } X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) { - X509_VERIFY_PARAM *param = OPENSSL_zalloc(sizeof(X509_VERIFY_PARAM)); + X509_VERIFY_PARAM *param = reinterpret_cast<X509_VERIFY_PARAM *>( + OPENSSL_zalloc(sizeof(X509_VERIFY_PARAM))); if (!param) { return NULL; } @@ -246,7 +247,7 @@ if (*pdest) { OPENSSL_free(*pdest); } - *pdest = tmp; + *pdest = reinterpret_cast<char *>(tmp); if (pdestlen) { *pdestlen = srclen; } @@ -397,26 +398,67 @@ } static const X509_VERIFY_PARAM kDefaultParam = { - .flags = X509_V_FLAG_TRUSTED_FIRST, - .depth = 100, + /*check_time=*/0, + /*flags=*/X509_V_FLAG_TRUSTED_FIRST, + /*purpose=*/0, + /*trust=*/0, + /*depth=*/100, + /*policies=*/nullptr, + /*hosts=*/nullptr, + /*hostflags=*/0, + /*email=*/nullptr, + /*emaillen=*/0, + /*ip=*/nullptr, + /*iplen=*/0, + /*poison=*/0, }; static const X509_VERIFY_PARAM kSMIMESignParam = { - .purpose = X509_PURPOSE_SMIME_SIGN, - .trust = X509_TRUST_EMAIL, - .depth = -1, + /*check_time=*/0, + /*flags=*/0, + /*purpose=*/X509_PURPOSE_SMIME_SIGN, + /*trust=*/X509_TRUST_EMAIL, + /*depth=*/-1, + /*policies=*/nullptr, + /*hosts=*/nullptr, + /*hostflags=*/0, + /*email=*/nullptr, + /*emaillen=*/0, + /*ip=*/nullptr, + /*iplen=*/0, + /*poison=*/0, }; static const X509_VERIFY_PARAM kSSLClientParam = { - .purpose = X509_PURPOSE_SSL_CLIENT, - .trust = X509_TRUST_SSL_CLIENT, - .depth = -1, + /*check_time=*/0, + /*flags=*/0, + /*purpose=*/X509_PURPOSE_SSL_CLIENT, + /*trust=*/X509_TRUST_SSL_CLIENT, + /*depth=*/-1, + /*policies=*/nullptr, + /*hosts=*/nullptr, + /*hostflags=*/0, + /*email=*/nullptr, + /*emaillen=*/0, + /*ip=*/nullptr, + /*iplen=*/0, + /*poison=*/0, }; static const X509_VERIFY_PARAM kSSLServerParam = { - .purpose = X509_PURPOSE_SSL_SERVER, - .trust = X509_TRUST_SSL_SERVER, - .depth = -1, + /*check_time=*/0, + /*flags=*/0, + /*purpose=*/X509_PURPOSE_SSL_SERVER, + /*trust=*/X509_TRUST_SSL_SERVER, + /*depth=*/-1, + /*policies=*/nullptr, + /*hosts=*/nullptr, + /*hostflags=*/0, + /*email=*/nullptr, + /*emaillen=*/0, + /*ip=*/nullptr, + /*iplen=*/0, + /*poison=*/0, }; const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name) {
diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.cc similarity index 100% rename from crypto/x509/x509cset.c rename to crypto/x509/x509cset.cc
diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.cc similarity index 100% rename from crypto/x509/x509name.c rename to crypto/x509/x509name.cc
diff --git a/crypto/x509/x509rset.c b/crypto/x509/x509rset.cc similarity index 100% rename from crypto/x509/x509rset.c rename to crypto/x509/x509rset.cc
diff --git a/crypto/x509/x509spki.c b/crypto/x509/x509spki.cc similarity index 95% rename from crypto/x509/x509spki.c rename to crypto/x509/x509spki.cc index 611a05f..7ca5a07 100644 --- a/crypto/x509/x509spki.c +++ b/crypto/x509/x509spki.cc
@@ -89,7 +89,7 @@ OPENSSL_PUT_ERROR(X509, X509_R_BASE64_DECODE_ERROR); return NULL; } - if (!(spki_der = OPENSSL_malloc(spki_len))) { + if (!(spki_der = reinterpret_cast<uint8_t *>(OPENSSL_malloc(spki_len)))) { return NULL; } if (!EVP_DecodeBase64(spki_der, &spki_len, spki_len, (const uint8_t *)str, @@ -116,11 +116,11 @@ OPENSSL_PUT_ERROR(X509, ERR_R_OVERFLOW); return NULL; } - der_spki = OPENSSL_malloc(der_len); + der_spki = reinterpret_cast<uint8_t *>(OPENSSL_malloc(der_len)); if (der_spki == NULL) { return NULL; } - b64_str = OPENSSL_malloc(b64_len); + b64_str = reinterpret_cast<char *>(OPENSSL_malloc(b64_len)); if (b64_str == NULL) { OPENSSL_free(der_spki); return NULL;
diff --git a/crypto/x509/x_algor.c b/crypto/x509/x_algor.cc similarity index 100% rename from crypto/x509/x_algor.c rename to crypto/x509/x_algor.cc
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.cc similarity index 96% rename from crypto/x509/x_all.c rename to crypto/x509/x_all.cc index 5eda100..519ddcb 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.cc
@@ -131,7 +131,8 @@ } X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl) { - return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); + return reinterpret_cast<X509_CRL *>( + ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl)); } int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl) { @@ -139,7 +140,8 @@ } X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl) { - return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); + return reinterpret_cast<X509_CRL *>( + ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl)); } int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl) { @@ -147,7 +149,8 @@ } X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req) { - return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); + return reinterpret_cast<X509_REQ *>( + ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req)); } int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req) { @@ -155,7 +158,8 @@ } X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req) { - return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req); + return reinterpret_cast<X509_REQ *>( + ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req)); } int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req) {
diff --git a/crypto/x509/x_attrib.c b/crypto/x509/x_attrib.cc similarity index 100% rename from crypto/x509/x_attrib.c rename to crypto/x509/x_attrib.cc
diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.cc similarity index 98% rename from crypto/x509/x_crl.c rename to crypto/x509/x_crl.cc index 758fccb..2fb9def 100644 --- a/crypto/x509/x_crl.c +++ b/crypto/x509/x_crl.cc
@@ -121,8 +121,8 @@ X509_REVOKED *rev = sk_X509_REVOKED_value(revoked, i); int crit; - ASN1_ENUMERATED *reason = - X509_REVOKED_get_ext_d2i(rev, NID_crl_reason, &crit, NULL); + ASN1_ENUMERATED *reason = reinterpret_cast<ASN1_ENUMERATED *>( + X509_REVOKED_get_ext_d2i(rev, NID_crl_reason, &crit, NULL)); if (!reason && crit != -1) { crl->flags |= EXFLAG_INVALID; return 1; @@ -188,8 +188,8 @@ return 0; } - crl->idp = - X509_CRL_get_ext_d2i(crl, NID_issuing_distribution_point, &i, NULL); + crl->idp = reinterpret_cast<ISSUING_DIST_POINT *>( + X509_CRL_get_ext_d2i(crl, NID_issuing_distribution_point, &i, NULL)); if (crl->idp != NULL) { if (!setup_idp(crl, crl->idp)) { return 0; @@ -198,8 +198,8 @@ return 0; } - crl->akid = - X509_CRL_get_ext_d2i(crl, NID_authority_key_identifier, &i, NULL); + crl->akid = reinterpret_cast<AUTHORITY_KEYID *>( + X509_CRL_get_ext_d2i(crl, NID_authority_key_identifier, &i, NULL)); if (crl->akid == NULL && i != -1) { return 0; }
diff --git a/crypto/x509/x_exten.c b/crypto/x509/x_exten.cc similarity index 100% rename from crypto/x509/x_exten.c rename to crypto/x509/x_exten.cc
diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.cc similarity index 91% rename from crypto/x509/x_name.c rename to crypto/x509/x_name.cc index aad2388..1409bfe 100644 --- a/crypto/x509/x_name.c +++ b/crypto/x509/x_name.cc
@@ -65,6 +65,7 @@ #include <openssl/obj.h> #include <openssl/stack.h> #include <openssl/x509.h> +#include <cstdint> #include "../asn1/internal.h" #include "../internal.h" @@ -134,7 +135,7 @@ static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it) { X509_NAME *ret = NULL; - ret = OPENSSL_malloc(sizeof(X509_NAME)); + ret = reinterpret_cast<X509_NAME *>(OPENSSL_malloc(sizeof(X509_NAME))); if (!ret) { goto memerr; } @@ -276,43 +277,49 @@ size_t i; STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = sk_STACK_OF_X509_NAME_ENTRY_new_null(); - if (!intname) { - goto err; - } - for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { - entry = sk_X509_NAME_ENTRY_value(a->entries, i); - if (entry->set != set) { - entries = sk_X509_NAME_ENTRY_new_null(); - if (!entries) { - goto err; - } - if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) { - sk_X509_NAME_ENTRY_free(entries); - goto err; - } - set = entry->set; - } - if (!sk_X509_NAME_ENTRY_push(entries, entry)) { + + { + if (!intname) { goto err; } - } - ASN1_VALUE *intname_val = (ASN1_VALUE *)intname; - len = ASN1_item_ex_i2d(&intname_val, NULL, ASN1_ITEM_rptr(X509_NAME_INTERNAL), + for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { + entry = sk_X509_NAME_ENTRY_value(a->entries, i); + if (entry->set != set) { + entries = sk_X509_NAME_ENTRY_new_null(); + if (!entries) { + goto err; + } + if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) { + sk_X509_NAME_ENTRY_free(entries); + goto err; + } + set = entry->set; + } + if (!sk_X509_NAME_ENTRY_push(entries, entry)) { + goto err; + } + } + ASN1_VALUE *intname_val = (ASN1_VALUE *)intname; + len = + ASN1_item_ex_i2d(&intname_val, NULL, ASN1_ITEM_rptr(X509_NAME_INTERNAL), /*tag=*/-1, /*aclass=*/0); - if (len <= 0) { - goto err; + if (len <= 0) { + goto err; + } + if (!BUF_MEM_grow(a->bytes, len)) { + goto err; + } + p = (unsigned char *)a->bytes->data; + if (ASN1_item_ex_i2d(&intname_val, &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), + /*tag=*/-1, /*aclass=*/0) <= 0) { + goto err; + } + sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname, + local_sk_X509_NAME_ENTRY_free); + a->modified = 0; + return 1; } - if (!BUF_MEM_grow(a->bytes, len)) { - goto err; - } - p = (unsigned char *)a->bytes->data; - if (ASN1_item_ex_i2d(&intname_val, &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), - /*tag=*/-1, /*aclass=*/0) <= 0) { - goto err; - } - sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname, local_sk_X509_NAME_ENTRY_free); - a->modified = 0; - return 1; + err: sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname, local_sk_X509_NAME_ENTRY_free); return 0; @@ -383,7 +390,7 @@ } a->canon_enclen = len; - p = OPENSSL_malloc(a->canon_enclen); + p = reinterpret_cast<uint8_t *>(OPENSSL_malloc(a->canon_enclen)); if (!p) { goto err;
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.cc similarity index 98% rename from crypto/x509/x_pubkey.c rename to crypto/x509/x_pubkey.cc index 1428e34..529030e 100644 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.cc
@@ -77,13 +77,14 @@ // Re-encode the |X509_PUBKEY| to DER and parse it with EVP's APIs. uint8_t *spki = NULL; int spki_len = i2d_X509_PUBKEY(pub, &spki); + EVP_PKEY *pkey; if (spki_len < 0) { goto err; } CBS cbs; CBS_init(&cbs, spki, (size_t)spki_len); - EVP_PKEY *pkey = EVP_parse_public_key(&cbs); + pkey = EVP_parse_public_key(&cbs); if (pkey == NULL || CBS_len(&cbs) != 0) { EVP_PKEY_free(pkey); goto err; @@ -126,6 +127,7 @@ } CBB cbb; + const uint8_t *p; if (!CBB_init(&cbb, 0) || // !EVP_marshal_public_key(&cbb, pkey) || !CBB_finish(&cbb, &spki, &spki_len) || // @@ -135,7 +137,7 @@ goto error; } - const uint8_t *p = spki; + p = spki; pk = d2i_X509_PUBKEY(NULL, &p, (long)spki_len); if (pk == NULL || p != spki + spki_len) { OPENSSL_PUT_ERROR(X509, X509_R_PUBLIC_KEY_DECODE_ERROR);
diff --git a/crypto/x509/x_req.c b/crypto/x509/x_req.cc similarity index 100% rename from crypto/x509/x_req.c rename to crypto/x509/x_req.cc
diff --git a/crypto/x509/x_sig.c b/crypto/x509/x_sig.cc similarity index 100% rename from crypto/x509/x_sig.c rename to crypto/x509/x_sig.cc
diff --git a/crypto/x509/x_spki.c b/crypto/x509/x_spki.cc similarity index 100% rename from crypto/x509/x_spki.c rename to crypto/x509/x_spki.cc
diff --git a/crypto/x509/x_val.c b/crypto/x509/x_val.cc similarity index 100% rename from crypto/x509/x_val.c rename to crypto/x509/x_val.cc
diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.cc similarity index 86% rename from crypto/x509/x_x509.c rename to crypto/x509/x_x509.cc index 9f66ee2..c6d14f5 100644 --- a/crypto/x509/x_x509.c +++ b/crypto/x509/x_x509.cc
@@ -91,7 +91,7 @@ // x509_new_null returns a new |X509| object where the |cert_info|, |sig_alg|, // and |signature| fields are not yet filled in. static X509 *x509_new_null(void) { - X509 *ret = OPENSSL_zalloc(sizeof(X509)); + X509 *ret = reinterpret_cast<X509 *>(OPENSSL_zalloc(sizeof(X509))); if (ret == NULL) { return NULL; } @@ -177,55 +177,58 @@ return NULL; } - // TODO(crbug.com/boringssl/443): When the rest of the library is decoupled - // from the tasn_*.c implementation, replace this with |CBS|-based functions. - const uint8_t *inp = CBS_data(&tbs); - if (ASN1_item_ex_d2i((ASN1_VALUE **)&ret->cert_info, &inp, CBS_len(&tbs), - ASN1_ITEM_rptr(X509_CINF), /*tag=*/-1, - /*aclass=*/0, /*opt=*/0, buf) <= 0 || - inp != CBS_data(&tbs) + CBS_len(&tbs)) { - goto err; - } - - inp = CBS_data(&sigalg); - ret->sig_alg = d2i_X509_ALGOR(NULL, &inp, CBS_len(&sigalg)); - if (ret->sig_alg == NULL || inp != CBS_data(&sigalg) + CBS_len(&sigalg)) { - goto err; - } - - inp = CBS_data(&sig); - ret->signature = c2i_ASN1_BIT_STRING(NULL, &inp, CBS_len(&sig)); - if (ret->signature == NULL || inp != CBS_data(&sig) + CBS_len(&sig)) { - goto err; - } - - // The version must be one of v1(0), v2(1), or v3(2). - long version = X509_VERSION_1; - if (ret->cert_info->version != NULL) { - version = ASN1_INTEGER_get(ret->cert_info->version); - // TODO(https://crbug.com/boringssl/364): |X509_VERSION_1| should - // also be rejected here. This means an explicitly-encoded X.509v1 - // version. v1 is DEFAULT, so DER requires it be omitted. - if (version < X509_VERSION_1 || version > X509_VERSION_3) { - OPENSSL_PUT_ERROR(X509, X509_R_INVALID_VERSION); + { + // TODO(crbug.com/boringssl/443): When the rest of the library is decoupled + // from the tasn_*.c implementation, replace this with |CBS|-based + // functions. + const uint8_t *inp = CBS_data(&tbs); + if (ASN1_item_ex_d2i((ASN1_VALUE **)&ret->cert_info, &inp, CBS_len(&tbs), + ASN1_ITEM_rptr(X509_CINF), /*tag=*/-1, + /*aclass=*/0, /*opt=*/0, buf) <= 0 || + inp != CBS_data(&tbs) + CBS_len(&tbs)) { goto err; } - } - // Per RFC 5280, section 4.1.2.8, these fields require v2 or v3. - if (version == X509_VERSION_1 && (ret->cert_info->issuerUID != NULL || - ret->cert_info->subjectUID != NULL)) { - OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_FOR_VERSION); - goto err; - } + inp = CBS_data(&sigalg); + ret->sig_alg = d2i_X509_ALGOR(NULL, &inp, CBS_len(&sigalg)); + if (ret->sig_alg == NULL || inp != CBS_data(&sigalg) + CBS_len(&sigalg)) { + goto err; + } - // Per RFC 5280, section 4.1.2.9, extensions require v3. - if (version != X509_VERSION_3 && ret->cert_info->extensions != NULL) { - OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_FOR_VERSION); - goto err; - } + inp = CBS_data(&sig); + ret->signature = c2i_ASN1_BIT_STRING(NULL, &inp, CBS_len(&sig)); + if (ret->signature == NULL || inp != CBS_data(&sig) + CBS_len(&sig)) { + goto err; + } - return ret; + // The version must be one of v1(0), v2(1), or v3(2). + long version = X509_VERSION_1; + if (ret->cert_info->version != NULL) { + version = ASN1_INTEGER_get(ret->cert_info->version); + // TODO(https://crbug.com/boringssl/364): |X509_VERSION_1| should + // also be rejected here. This means an explicitly-encoded X.509v1 + // version. v1 is DEFAULT, so DER requires it be omitted. + if (version < X509_VERSION_1 || version > X509_VERSION_3) { + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_VERSION); + goto err; + } + } + + // Per RFC 5280, section 4.1.2.8, these fields require v2 or v3. + if (version == X509_VERSION_1 && (ret->cert_info->issuerUID != NULL || + ret->cert_info->subjectUID != NULL)) { + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_FOR_VERSION); + goto err; + } + + // Per RFC 5280, section 4.1.2.9, extensions require v3. + if (version != X509_VERSION_3 && ret->cert_info->extensions != NULL) { + OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_FOR_VERSION); + goto err; + } + + return ret; + } err: X509_free(ret); @@ -263,6 +266,7 @@ } CBB cbb, cert; + int len; if (!CBB_init(&cbb, 64) || // !CBB_add_asn1(&cbb, &cert, CBS_ASN1_SEQUENCE)) { goto err; @@ -271,7 +275,7 @@ // TODO(crbug.com/boringssl/443): When the rest of the library is decoupled // from the tasn_*.c implementation, replace this with |CBS|-based functions. uint8_t *out; - int len = i2d_X509_CINF(x509->cert_info, NULL); + len = i2d_X509_CINF(x509->cert_info, NULL); if (len < 0 || // !CBB_add_space(&cert, &out, (size_t)len) || i2d_X509_CINF(x509->cert_info, &out) != len) { @@ -481,7 +485,7 @@ } // Allocate requisite combined storage - *pp = tmp = OPENSSL_malloc(length); + *pp = tmp = reinterpret_cast<uint8_t *>(OPENSSL_malloc(length)); if (tmp == NULL) { return -1; // Push error onto error stack? }
diff --git a/crypto/x509/x_x509a.c b/crypto/x509/x_x509a.cc similarity index 98% rename from crypto/x509/x_x509a.c rename to crypto/x509/x_x509a.cc index d0fd3e3..af7d52f 100644 --- a/crypto/x509/x_x509a.c +++ b/crypto/x509/x_x509a.cc
@@ -151,11 +151,12 @@ } int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj) { + X509_CERT_AUX *aux; ASN1_OBJECT *objtmp = OBJ_dup(obj); if (objtmp == NULL) { goto err; } - X509_CERT_AUX *aux = aux_get(x); + aux = aux_get(x); if (aux->trust == NULL) { aux->trust = sk_ASN1_OBJECT_new_null(); if (aux->trust == NULL) { @@ -173,11 +174,12 @@ } int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj) { + X509_CERT_AUX *aux; ASN1_OBJECT *objtmp = OBJ_dup(obj); if (objtmp == NULL) { goto err; } - X509_CERT_AUX *aux = aux_get(x); + aux = aux_get(x); if (aux->reject == NULL) { aux->reject = sk_ASN1_OBJECT_new_null(); if (aux->reject == NULL) {
diff --git a/decrepit/bio/base64_bio.c b/decrepit/bio/base64_bio.cc similarity index 96% rename from decrepit/bio/base64_bio.c rename to decrepit/bio/base64_bio.cc index 3521897..239dcc7 100644 --- a/decrepit/bio/base64_bio.c +++ b/decrepit/bio/base64_bio.cc
@@ -73,7 +73,7 @@ #define B64_NONE 0 #define B64_ENCODE 1 #define B64_DECODE 2 -#define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) +#define EVP_ENCODE_LENGTH(l) (((l + 2) / 3 * 4) + (l / 48 + 1) * 2 + 80) typedef struct b64_struct { int buf_len; @@ -89,7 +89,8 @@ } BIO_B64_CTX; static int b64_new(BIO *bio) { - BIO_B64_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + BIO_B64_CTX *ctx = + reinterpret_cast<BIO_B64_CTX *>(OPENSSL_zalloc(sizeof(*ctx))); if (ctx == NULL) { return 0; } @@ -121,7 +122,7 @@ if (out == NULL) { return 0; } - ctx = (BIO_B64_CTX *) b->ptr; + ctx = (BIO_B64_CTX *)b->ptr; if (ctx == NULL || b->next_bio == NULL) { return 0; @@ -281,8 +282,8 @@ } i = z; } else { - i = EVP_DecodeUpdate(&(ctx->base64), (uint8_t *)ctx->buf, - &ctx->buf_len, (uint8_t *)ctx->tmp, i); + i = EVP_DecodeUpdate(&(ctx->base64), (uint8_t *)ctx->buf, &ctx->buf_len, + (uint8_t *)ctx->tmp, i); ctx->tmp_len = 0; } ctx->buf_off = 0; @@ -450,7 +451,8 @@ case BIO_CTRL_WPENDING: // More to write in buffer assert(ctx->buf_len >= ctx->buf_off); ret = ctx->buf_len - ctx->buf_off; - if ((ret == 0) && (ctx->encode != B64_NONE) && (ctx->base64.data_used != 0)) { + if ((ret == 0) && (ctx->encode != B64_NONE) && + (ctx->base64.data_used != 0)) { ret = 1; } else if (ret <= 0) { ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
diff --git a/decrepit/blowfish/blowfish.c b/decrepit/blowfish/blowfish.c deleted file mode 100644 index 82acb5f..0000000 --- a/decrepit/blowfish/blowfish.c +++ /dev/null
@@ -1,633 +0,0 @@ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] */ - -#include <openssl/blowfish.h> -#include <openssl/cipher.h> -#include <openssl/obj.h> - -#include <assert.h> -#include <string.h> - -#include "../../crypto/fipsmodule/cipher/internal.h" -#include "../../crypto/internal.h" -#include "../macros.h" - - -#define BF_ENC(LL, R, S, P) \ - (LL ^= P, \ - LL ^= \ - (((S[((int)(R >> 24) & 0xff)] + S[0x0100 + ((int)(R >> 16) & 0xff)]) ^ \ - S[0x0200 + ((int)(R >> 8) & 0xff)]) + \ - S[0x0300 + ((int)(R)&0xff)]) & \ - 0xffffffffL) - -void BF_encrypt(uint32_t *data, const BF_KEY *key) { - uint32_t l, r; - const uint32_t *p, *s; - - p = key->P; - s = &(key->S[0]); - l = data[0]; - r = data[1]; - - l ^= p[0]; - BF_ENC(r, l, s, p[1]); - BF_ENC(l, r, s, p[2]); - BF_ENC(r, l, s, p[3]); - BF_ENC(l, r, s, p[4]); - BF_ENC(r, l, s, p[5]); - BF_ENC(l, r, s, p[6]); - BF_ENC(r, l, s, p[7]); - BF_ENC(l, r, s, p[8]); - BF_ENC(r, l, s, p[9]); - BF_ENC(l, r, s, p[10]); - BF_ENC(r, l, s, p[11]); - BF_ENC(l, r, s, p[12]); - BF_ENC(r, l, s, p[13]); - BF_ENC(l, r, s, p[14]); - BF_ENC(r, l, s, p[15]); - BF_ENC(l, r, s, p[16]); - r ^= p[BF_ROUNDS + 1]; - - data[1] = l & 0xffffffffL; - data[0] = r & 0xffffffffL; -} - -void BF_decrypt(uint32_t *data, const BF_KEY *key) { - uint32_t l, r; - const uint32_t *p, *s; - - p = key->P; - s = &(key->S[0]); - l = data[0]; - r = data[1]; - - l ^= p[BF_ROUNDS + 1]; - BF_ENC(r, l, s, p[16]); - BF_ENC(l, r, s, p[15]); - BF_ENC(r, l, s, p[14]); - BF_ENC(l, r, s, p[13]); - BF_ENC(r, l, s, p[12]); - BF_ENC(l, r, s, p[11]); - BF_ENC(r, l, s, p[10]); - BF_ENC(l, r, s, p[9]); - BF_ENC(r, l, s, p[8]); - BF_ENC(l, r, s, p[7]); - BF_ENC(r, l, s, p[6]); - BF_ENC(l, r, s, p[5]); - BF_ENC(r, l, s, p[4]); - BF_ENC(l, r, s, p[3]); - BF_ENC(r, l, s, p[2]); - BF_ENC(l, r, s, p[1]); - r ^= p[0]; - - data[1] = l & 0xffffffffL; - data[0] = r & 0xffffffffL; -} - -void BF_ecb_encrypt(const uint8_t *in, uint8_t *out, - const BF_KEY *key, int encrypt) { - uint32_t d[2]; - - n2l(in, d[0]); - n2l(in, d[1]); - if (encrypt) { - BF_encrypt(d, key); - } else { - BF_decrypt(d, key); - } - l2n(d[0], out); - l2n(d[1], out); -} - -void BF_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length, - const BF_KEY *schedule, uint8_t *ivec, int encrypt) { - uint32_t tin0, tin1; - uint32_t tout0, tout1, xor0, xor1; - size_t l = length; - uint32_t tin[2]; - - if (encrypt) { - n2l(ivec, tout0); - n2l(ivec, tout1); - ivec -= 8; - while (l >= 8) { - n2l(in, tin0); - n2l(in, tin1); - tin0 ^= tout0; - tin1 ^= tout1; - tin[0] = tin0; - tin[1] = tin1; - BF_encrypt(tin, schedule); - tout0 = tin[0]; - tout1 = tin[1]; - l2n(tout0, out); - l2n(tout1, out); - l -= 8; - } - if (l != 0) { - n2ln(in, tin0, tin1, l); - tin0 ^= tout0; - tin1 ^= tout1; - tin[0] = tin0; - tin[1] = tin1; - BF_encrypt(tin, schedule); - tout0 = tin[0]; - tout1 = tin[1]; - l2n(tout0, out); - l2n(tout1, out); - } - l2n(tout0, ivec); - l2n(tout1, ivec); - } else { - n2l(ivec, xor0); - n2l(ivec, xor1); - ivec -= 8; - while (l >= 8) { - n2l(in, tin0); - n2l(in, tin1); - tin[0] = tin0; - tin[1] = tin1; - BF_decrypt(tin, schedule); - tout0 = tin[0] ^ xor0; - tout1 = tin[1] ^ xor1; - l2n(tout0, out); - l2n(tout1, out); - xor0 = tin0; - xor1 = tin1; - l -= 8; - } - if (l != 0) { - n2l(in, tin0); - n2l(in, tin1); - tin[0] = tin0; - tin[1] = tin1; - BF_decrypt(tin, schedule); - tout0 = tin[0] ^ xor0; - tout1 = tin[1] ^ xor1; - l2nn(tout0, tout1, out, l); - xor0 = tin0; - xor1 = tin1; - } - l2n(xor0, ivec); - l2n(xor1, ivec); - } - tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; - tin[0] = tin[1] = 0; -} - -static const BF_KEY bf_init = { - {0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L, 0xa4093822L, - 0x299f31d0L, 0x082efa98L, 0xec4e6c89L, 0x452821e6L, 0x38d01377L, - 0xbe5466cfL, 0x34e90c6cL, 0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L, - 0xb5470917L, 0x9216d5d9L, 0x8979fb1b}, - { - 0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL, 0xd01adfb7L, 0xb8e1afedL, - 0x6a267e96L, 0xba7c9045L, 0xf12c7f99L, 0x24a19947L, 0xb3916cf7L, - 0x0801f2e2L, 0x858efc16L, 0x636920d8L, 0x71574e69L, 0xa458fea3L, - 0xf4933d7eL, 0x0d95748fL, 0x728eb658L, 0x718bcd58L, 0x82154aeeL, - 0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L, 0x2af26013L, 0xc5d1b023L, - 0x286085f0L, 0xca417918L, 0xb8db38efL, 0x8e79dcb0L, 0x603a180eL, - 0x6c9e0e8bL, 0xb01e8a3eL, 0xd71577c1L, 0xbd314b27L, 0x78af2fdaL, - 0x55605c60L, 0xe65525f3L, 0xaa55ab94L, 0x57489862L, 0x63e81440L, - 0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L, 0x1141e8ceL, 0xa15486afL, - 0x7c72e993L, 0xb3ee1411L, 0x636fbc2aL, 0x2ba9c55dL, 0x741831f6L, - 0xce5c3e16L, 0x9b87931eL, 0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L, - 0x28958677L, 0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL, 0x66282193L, - 0x61d809ccL, 0xfb21a991L, 0x487cac60L, 0x5dec8032L, 0xef845d5dL, - 0xe98575b1L, 0xdc262302L, 0xeb651b88L, 0x23893e81L, 0xd396acc5L, - 0x0f6d6ff3L, 0x83f44239L, 0x2e0b4482L, 0xa4842004L, 0x69c8f04aL, - 0x9e1f9b5eL, 0x21c66842L, 0xf6e96c9aL, 0x670c9c61L, 0xabd388f0L, - 0x6a51a0d2L, 0xd8542f68L, 0x960fa728L, 0xab5133a3L, 0x6eef0b6cL, - 0x137a3be4L, 0xba3bf050L, 0x7efb2a98L, 0xa1f1651dL, 0x39af0176L, - 0x66ca593eL, 0x82430e88L, 0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L, - 0x3b8b5ebeL, 0xe06f75d8L, 0x85c12073L, 0x401a449fL, 0x56c16aa6L, - 0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L, 0x429b023dL, 0x37d0d724L, - 0xd00a1248L, 0xdb0fead3L, 0x49f1c09bL, 0x075372c9L, 0x80991b7bL, - 0x25d479d8L, 0xf6e8def7L, 0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL, - 0x04c006baL, 0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L, 0x196a2463L, - 0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL, 0x3b52ec6fL, 0x6dfc511fL, - 0x9b30952cL, 0xcc814544L, 0xaf5ebd09L, 0xbee3d004L, 0xde334afdL, - 0x660f2807L, 0x192e4bb3L, 0xc0cba857L, 0x45c8740fL, 0xd20b5f39L, - 0xb9d3fbdbL, 0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L, 0x402c7279L, - 0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L, 0xdb3222f8L, 0x3c7516dfL, - 0xfd616b15L, 0x2f501ec8L, 0xad0552abL, 0x323db5faL, 0xfd238760L, - 0x53317b48L, 0x3e00df82L, 0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL, - 0xdf1769dbL, 0xd542a8f6L, 0x287effc3L, 0xac6732c6L, 0x8c4f5573L, - 0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL, 0xb8f011a0L, 0x10fa3d98L, - 0xfd2183b8L, 0x4afcb56cL, 0x2dd1d35bL, 0x9a53e479L, 0xb6f84565L, - 0xd28e49bcL, 0x4bfb9790L, 0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L, - 0xcee4c6e8L, 0xef20cadaL, 0x36774c01L, 0xd07e9efeL, 0x2bf11fb4L, - 0x95dbda4dL, 0xae909198L, 0xeaad8e71L, 0x6b93d5a0L, 0xd08ed1d0L, - 0xafc725e0L, 0x8e3c5b2fL, 0x8e7594b7L, 0x8ff6e2fbL, 0xf2122b64L, - 0x8888b812L, 0x900df01cL, 0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L, - 0xb3a8c1adL, 0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL, 0x8b021fa1L, - 0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L, 0xce89e299L, 0xb4a84fe0L, - 0xfd13e0b7L, 0x7cc43b81L, 0xd2ada8d9L, 0x165fa266L, 0x80957705L, - 0x93cc7314L, 0x211a1477L, 0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L, - 0xfb9d35cfL, 0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L, 0xae1e7e49L, - 0x00250e2dL, 0x2071b35eL, 0x226800bbL, 0x57b8e0afL, 0x2464369bL, - 0xf009b91eL, 0x5563911dL, 0x59dfa6aaL, 0x78c14389L, 0xd95a537fL, - 0x207d5ba2L, 0x02e5b9c5L, 0x83260376L, 0x6295cfa9L, 0x11c81968L, - 0x4e734a41L, 0xb3472dcaL, 0x7b14a94aL, 0x1b510052L, 0x9a532915L, - 0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L, 0x81e67400L, 0x08ba6fb5L, - 0x571be91fL, 0xf296ec6bL, 0x2a0dd915L, 0xb6636521L, 0xe7b9f9b6L, - 0xff34052eL, 0xc5855664L, 0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L, - 0x6e85076aL, 0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL, 0xc4192623L, - 0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L, 0x8fedb266L, 0xecaa8c71L, - 0x699a17ffL, 0x5664526cL, 0xc2b19ee1L, 0x193602a5L, 0x75094c29L, - 0xa0591340L, 0xe4183a3eL, 0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L, - 0x99f73fd6L, 0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L, 0xf0255dc1L, - 0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L, 0x021ecc5eL, 0x09686b3fL, - 0x3ebaefc9L, 0x3c971814L, 0x6b6a70a1L, 0x687f3584L, 0x52a0e286L, - 0xb79c5305L, 0xaa500737L, 0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL, - 0x5716f2b8L, 0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L, 0x0200b3ffL, - 0xae0cf51aL, 0x3cb574b2L, 0x25837a58L, 0xdc0921bdL, 0xd19113f9L, - 0x7ca92ff6L, 0x94324773L, 0x22f54701L, 0x3ae5e581L, 0x37c2dadcL, - 0xc8b57634L, 0x9af3dda7L, 0xa9446146L, 0x0fd0030eL, 0xecc8c73eL, - 0xa4751e41L, 0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L, 0x183eb331L, - 0x4e548b38L, 0x4f6db908L, 0x6f420d03L, 0xf60a04bfL, 0x2cb81290L, - 0x24977c79L, 0x5679b072L, 0xbcaf89afL, 0xde9a771fL, 0xd9930810L, - 0xb38bae12L, 0xdccf3f2eL, 0x5512721fL, 0x2e6b7124L, 0x501adde6L, - 0x9f84cd87L, 0x7a584718L, 0x7408da17L, 0xbc9f9abcL, 0xe94b7d8cL, - 0xec7aec3aL, 0xdb851dfaL, 0x63094366L, 0xc464c3d2L, 0xef1c1847L, - 0x3215d908L, 0xdd433b37L, 0x24c2ba16L, 0x12a14d43L, 0x2a65c451L, - 0x50940002L, 0x133ae4ddL, 0x71dff89eL, 0x10314e55L, 0x81ac77d6L, - 0x5f11199bL, 0x043556f1L, 0xd7a3c76bL, 0x3c11183bL, 0x5924a509L, - 0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL, 0x1e153c6eL, 0x86e34570L, - 0xeae96fb1L, 0x860e5e0aL, 0x5a3e2ab3L, 0x771fe71cL, 0x4e3d06faL, - 0x2965dcb9L, 0x99e71d0fL, 0x803e89d6L, 0x5266c825L, 0x2e4cc978L, - 0x9c10b36aL, 0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L, 0x1e0a2df4L, - 0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL, 0x19c27960L, 0x5223a708L, - 0xf71312b6L, 0xebadfe6eL, 0xeac31f66L, 0xe3bc4595L, 0xa67bc883L, - 0xb17f37d1L, 0x018cff28L, 0xc332ddefL, 0xbe6c5aa5L, 0x65582185L, - 0x68ab9802L, 0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL, 0x5b6e2f84L, - 0x1521b628L, 0x29076170L, 0xecdd4775L, 0x619f1510L, 0x13cca830L, - 0xeb61bd96L, 0x0334fe1eL, 0xaa0363cfL, 0xb5735c90L, 0x4c70a239L, - 0xd59e9e0bL, 0xcbaade14L, 0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL, - 0xb2f3846eL, 0x648b1eafL, 0x19bdf0caL, 0xa02369b9L, 0x655abb50L, - 0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L, 0xc021b8f7L, 0x9b540b19L, - 0x875fa099L, 0x95f7997eL, 0x623d7da8L, 0xf837889aL, 0x97e32d77L, - 0x11ed935fL, 0x16681281L, 0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L, - 0x7858ba99L, 0x57f584a5L, 0x1b227263L, 0x9b83c3ffL, 0x1ac24696L, - 0xcdb30aebL, 0x532e3054L, 0x8fd948e4L, 0x6dbc3128L, 0x58ebf2efL, - 0x34c6ffeaL, 0xfe28ed61L, 0xee7c3c73L, 0x5d4a14d9L, 0xe864b7e3L, - 0x42105d14L, 0x203e13e0L, 0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L, - 0xfacb4fd0L, 0xc742f442L, 0xef6abbb5L, 0x654f3b1dL, 0x41cd2105L, - 0xd81e799eL, 0x86854dc7L, 0xe44b476aL, 0x3d816250L, 0xcf62a1f2L, - 0x5b8d2646L, 0xfc8883a0L, 0xc1c7b6a3L, 0x7f1524c3L, 0x69cb7492L, - 0x47848a0bL, 0x5692b285L, 0x095bbf00L, 0xad19489dL, 0x1462b174L, - 0x23820e00L, 0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL, 0x233f7061L, - 0x3372f092L, 0x8d937e41L, 0xd65fecf1L, 0x6c223bdbL, 0x7cde3759L, - 0xcbee7460L, 0x4085f2a7L, 0xce77326eL, 0xa6078084L, 0x19f8509eL, - 0xe8efd855L, 0x61d99735L, 0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL, - 0x800bcadcL, 0x9e447a2eL, 0xc3453484L, 0xfdd56705L, 0x0e1e9ec9L, - 0xdb73dbd3L, 0x105588cdL, 0x675fda79L, 0xe3674340L, 0xc5c43465L, - 0x713e38d8L, 0x3d28f89eL, 0xf16dff20L, 0x153e21e7L, 0x8fb03d4aL, - 0xe6e39f2bL, 0xdb83adf7L, 0xe93d5a68L, 0x948140f7L, 0xf64c261cL, - 0x94692934L, 0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL, 0xd4a20068L, - 0xd4082471L, 0x3320f46aL, 0x43b7d4b7L, 0x500061afL, 0x1e39f62eL, - 0x97244546L, 0x14214f74L, 0xbf8b8840L, 0x4d95fc1dL, 0x96b591afL, - 0x70f4ddd3L, 0x66a02f45L, 0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L, - 0x31cb8504L, 0x96eb27b3L, 0x55fd3941L, 0xda2547e6L, 0xabca0a9aL, - 0x28507825L, 0x530429f4L, 0x0a2c86daL, 0xe9b66dfbL, 0x68dc1462L, - 0xd7486900L, 0x680ec0a4L, 0x27a18deeL, 0x4f3ffea2L, 0xe887ad8cL, - 0xb58ce006L, 0x7af4d6b6L, 0xaace1e7cL, 0xd3375fecL, 0xce78a399L, - 0x406b2a42L, 0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL, 0x3b124e8bL, - 0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L, 0xeae397b2L, 0x3a6efa74L, - 0xdd5b4332L, 0x6841e7f7L, 0xca7820fbL, 0xfb0af54eL, 0xd8feb397L, - 0x454056acL, 0xba489527L, 0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L, - 0xd096954bL, 0x55a867bcL, 0xa1159a58L, 0xcca92963L, 0x99e1db33L, - 0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL, 0x9029317cL, 0xfdf8e802L, - 0x04272f70L, 0x80bb155cL, 0x05282ce3L, 0x95c11548L, 0xe4c66d22L, - 0x48c1133fL, 0xc70f86dcL, 0x07f9c9eeL, 0x41041f0fL, 0x404779a4L, - 0x5d886e17L, 0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL, 0x41113564L, - 0x257b7834L, 0x602a9c60L, 0xdff8e8a3L, 0x1f636c1bL, 0x0e12b4c2L, - 0x02e1329eL, 0xaf664fd1L, 0xcad18115L, 0x6b2395e0L, 0x333e92e1L, - 0x3b240b62L, 0xeebeb922L, 0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL, - 0x2da2f728L, 0xd0127845L, 0x95b794fdL, 0x647d0862L, 0xe7ccf5f0L, - 0x5449a36fL, 0x877d48faL, 0xc39dfd27L, 0xf33e8d1eL, 0x0a476341L, - 0x992eff74L, 0x3a6f6eabL, 0xf4f8fd37L, 0xa812dc60L, 0xa1ebddf8L, - 0x991be14cL, 0xdb6e6b0dL, 0xc67b5510L, 0x6d672c37L, 0x2765d43bL, - 0xdcd0e804L, 0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L, 0x690fed0bL, - 0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL, 0xd9155ea3L, 0xbb132f88L, - 0x515bad24L, 0x7b9479bfL, 0x763bd6ebL, 0x37392eb3L, 0xcc115979L, - 0x8026e297L, 0xf42e312dL, 0x6842ada7L, 0xc66a2b3bL, 0x12754cccL, - 0x782ef11cL, 0x6a124237L, 0xb79251e7L, 0x06a1bbe6L, 0x4bfb6350L, - 0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L, 0xe2e1c3c9L, 0x44421659L, - 0x0a121386L, 0xd90cec6eL, 0xd5abea2aL, 0x64af674eL, 0xda86a85fL, - 0xbebfe988L, 0x64e4c3feL, 0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L, - 0x6003604dL, 0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L, 0xd736fcccL, - 0x83426b33L, 0xf01eab71L, 0xb0804187L, 0x3c005e5fL, 0x77a057beL, - 0xbde8ae24L, 0x55464299L, 0xbf582e61L, 0x4e58f48fL, 0xf2ddfda2L, - 0xf474ef38L, 0x8789bdc2L, 0x5366f9c3L, 0xc8b38e74L, 0xb475f255L, - 0x46fcd9b9L, 0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L, 0x915f95e2L, - 0x466e598eL, 0x20b45770L, 0x8cd55591L, 0xc902de4cL, 0xb90bace1L, - 0xbb8205d0L, 0x11a86248L, 0x7574a99eL, 0xb77f19b6L, 0xe0a9dc09L, - 0x662d09a1L, 0xc4324633L, 0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L, - 0x1d6efe10L, 0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL, 0x2868f169L, - 0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL, 0x4fcd7f52L, 0x50115e01L, - 0xa70683faL, 0xa002b5c4L, 0x0de6d027L, 0x9af88c27L, 0x773f8641L, - 0xc3604c06L, 0x61a806b5L, 0xf0177a28L, 0xc0f586e0L, 0x006058aaL, - 0x30dc7d62L, 0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L, 0xc2c21634L, - 0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L, 0xce591d76L, 0x6f05e409L, - 0x4b7c0188L, 0x39720a3dL, 0x7c927c24L, 0x86e3725fL, 0x724d9db9L, - 0x1ac15bb4L, 0xd39eb8fcL, 0xed545578L, 0x08fca5b5L, 0xd83d7cd3L, - 0x4dad0fc4L, 0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L, 0x6c51133cL, - 0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL, 0xddc6c837L, 0xd79a3234L, - 0x92638212L, 0x670efa8eL, 0x406000e0L, 0x3a39ce37L, 0xd3faf5cfL, - 0xabc27737L, 0x5ac52d1bL, 0x5cb0679eL, 0x4fa33742L, 0xd3822740L, - 0x99bc9bbeL, 0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL, 0xc700c47bL, - 0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL, 0x6a366eb4L, 0x5748ab2fL, - 0xbc946e79L, 0xc6a376d2L, 0x6549c2c8L, 0x530ff8eeL, 0x468dde7dL, - 0xd5730a1dL, 0x4cd04dc6L, 0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L, - 0xbe5ee304L, 0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L, 0x9a86ee22L, - 0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL, 0x9cf2d0a4L, 0x83c061baL, - 0x9be96a4dL, 0x8fe51550L, 0xba645bd6L, 0x2826a2f9L, 0xa73a3ae1L, - 0x4ba99586L, 0xef5562e9L, 0xc72fefd3L, 0xf752f7daL, 0x3f046f69L, - 0x77fa0a59L, 0x80e4a915L, 0x87b08601L, 0x9b09e6adL, 0x3b3ee593L, - 0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L, 0x022b8b51L, 0x96d5ac3aL, - 0x017da67dL, 0xd1cf3ed6L, 0x7c7d2d28L, 0x1f9f25cfL, 0xadf2b89bL, - 0x5ad6b472L, 0x5a88f54cL, 0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL, - 0xed93fa9bL, 0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L, 0x79132e28L, - 0x785f0191L, 0xed756055L, 0xf7960e44L, 0xe3d35e8cL, 0x15056dd4L, - 0x88f46dbaL, 0x03a16125L, 0x0564f0bdL, 0xc3eb9e15L, 0x3c9057a2L, - 0x97271aecL, 0xa93a072aL, 0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL, - 0x26dcf319L, 0x7533d928L, 0xb155fdf5L, 0x03563482L, 0x8aba3cbbL, - 0x28517711L, 0xc20ad9f8L, 0xabcc5167L, 0xccad925fL, 0x4de81751L, - 0x3830dc8eL, 0x379d5862L, 0x9320f991L, 0xea7a90c2L, 0xfb3e7bceL, - 0x5121ce64L, 0x774fbe32L, 0xa8b6e37eL, 0xc3293d46L, 0x48de5369L, - 0x6413e680L, 0xa2ae0810L, 0xdd6db224L, 0x69852dfdL, 0x09072166L, - 0xb39a460aL, 0x6445c0ddL, 0x586cdecfL, 0x1c20c8aeL, 0x5bbef7ddL, - 0x1b588d40L, 0xccd2017fL, 0x6bb4e3bbL, 0xdda26a7eL, 0x3a59ff45L, - 0x3e350a44L, 0xbcb4cdd5L, 0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL, - 0xbf3c6f47L, 0xd29be463L, 0x542f5d9eL, 0xaec2771bL, 0xf64e6370L, - 0x740e0d8dL, 0xe75b1357L, 0xf8721671L, 0xaf537d5dL, 0x4040cb08L, - 0x4eb4e2ccL, 0x34d2466aL, 0x0115af84L, 0xe1b00428L, 0x95983a1dL, - 0x06b89fb4L, 0xce6ea048L, 0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL, - 0x277227f8L, 0x611560b1L, 0xe7933fdcL, 0xbb3a792bL, 0x344525bdL, - 0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L, 0xa01fbac9L, 0xe01cc87eL, - 0xbcc7d1f6L, 0xcf0111c3L, 0xa1e8aac7L, 0x1a908749L, 0xd44fbd9aL, - 0xd0dadecbL, 0xd50ada38L, 0x0339c32aL, 0xc6913667L, 0x8df9317cL, - 0xe0b12b4fL, 0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL, 0x27d9459cL, - 0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L, 0x9b941525L, 0xfae59361L, - 0xceb69cebL, 0xc2a86459L, 0x12baa8d1L, 0xb6c1075eL, 0xe3056a0cL, - 0x10d25065L, 0xcb03a442L, 0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL, - 0x3278e964L, 0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL, 0x8971f21eL, - 0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L, 0xc37632d8L, 0xdf359f8dL, - 0x9b992f2eL, 0xe60b6f47L, 0x0fe3f11dL, 0xe54cda54L, 0x1edad891L, - 0xce6279cfL, 0xcd3e7e6fL, 0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L, - 0xf6fb2299L, 0xf523f357L, 0xa6327623L, 0x93a83531L, 0x56cccd02L, - 0xacf08162L, 0x5a75ebb5L, 0x6e163697L, 0x88d273ccL, 0xde966292L, - 0x81b949d0L, 0x4c50901bL, 0x71c65614L, 0xe6c6c7bdL, 0x327a140aL, - 0x45e1d006L, 0xc3f27b9aL, 0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L, - 0x35bdd2f6L, 0x71126905L, 0xb2040222L, 0xb6cbcf7cL, 0xcd769c2bL, - 0x53113ec0L, 0x1640e3d3L, 0x38abbd60L, 0x2547adf0L, 0xba38209cL, - 0xf746ce76L, 0x77afa1c5L, 0x20756060L, 0x85cbfe4eL, 0x8ae88dd8L, - 0x7aaaf9b0L, 0x4cf9aa7eL, 0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L, - 0xd6ebe1f9L, 0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, 0xc208e69fL, - 0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, 0x3ac372e6L, - }, -}; - -void BF_set_key(BF_KEY *key, size_t len, const uint8_t *data) { - int i; - uint32_t *p, ri, in[2]; - const uint8_t *d, *end; - - OPENSSL_memcpy(key, &bf_init, sizeof(BF_KEY)); - p = key->P; - - if (len > ((BF_ROUNDS + 2) * 4)) - len = (BF_ROUNDS + 2) * 4; - - d = data; - end = &data[len]; - for (i = 0; i < BF_ROUNDS + 2; i++) { - ri = *(d++); - if (d >= end) { - d = data; - } - - ri <<= 8; - ri |= *(d++); - if (d >= end) { - d = data; - } - - ri <<= 8; - ri |= *(d++); - if (d >= end) { - d = data; - } - - ri <<= 8; - ri |= *(d++); - if (d >= end) { - d = data; - } - - p[i] ^= ri; - } - - in[0] = 0L; - in[1] = 0L; - for (i = 0; i < BF_ROUNDS + 2; i += 2) { - BF_encrypt(in, key); - p[i] = in[0]; - p[i + 1] = in[1]; - } - - p = key->S; - for (i = 0; i < 4 * 256; i += 2) { - BF_encrypt(in, key); - p[i] = in[0]; - p[i + 1] = in[1]; - } -} - -static void BF_cfb64_encrypt(const uint8_t *in, uint8_t *out, size_t length, - const BF_KEY *schedule, uint8_t *ivec, int *num, - int encrypt) { - uint32_t v0, v1, t; - int n = *num; - size_t l = length; - uint32_t ti[2]; - uint8_t c, cc; - - uint8_t *iv = ivec; - if (encrypt) { - while (l--) { - if (n == 0) { - n2l(iv, v0); - ti[0] = v0; - n2l(iv, v1); - ti[1] = v1; - BF_encrypt(ti, schedule); - iv = ivec; - t = ti[0]; - l2n(t, iv); - t = ti[1]; - l2n(t, iv); - iv = ivec; - } - c = *(in++) ^ iv[n]; - *(out++) = c; - iv[n] = c; - n = (n + 1) & 0x07; - } - } else { - while (l--) { - if (n == 0) { - n2l(iv, v0); - ti[0] = v0; - n2l(iv, v1); - ti[1] = v1; - BF_encrypt(ti, schedule); - iv = ivec; - t = ti[0]; - l2n(t, iv); - t = ti[1]; - l2n(t, iv); - iv = ivec; - } - cc = *(in++); - c = iv[n]; - iv[n] = cc; - *(out++) = c ^ cc; - n = (n + 1) & 0x07; - } - } - - *num = n; -} - -static int bf_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, - const uint8_t *iv, int enc) { - BF_KEY *bf_key = ctx->cipher_data; - BF_set_key(bf_key, ctx->key_len, key); - return 1; -} - -static int bf_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, - size_t len) { - BF_KEY *bf_key = ctx->cipher_data; - - while (len >= BF_BLOCK) { - BF_ecb_encrypt(in, out, bf_key, ctx->encrypt); - in += BF_BLOCK; - out += BF_BLOCK; - len -= BF_BLOCK; - } - assert(len == 0); - - return 1; -} - -static int bf_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, - size_t len) { - BF_KEY *bf_key = ctx->cipher_data; - BF_cbc_encrypt(in, out, len, bf_key, ctx->iv, ctx->encrypt); - return 1; -} - -static int bf_cfb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, - size_t len) { - BF_KEY *bf_key = ctx->cipher_data; - int num = ctx->num; - BF_cfb64_encrypt(in, out, len, bf_key, ctx->iv, &num, ctx->encrypt); - ctx->num = num; - return 1; -} - -static const EVP_CIPHER bf_ecb = { - .nid = NID_bf_ecb, - .block_size = BF_BLOCK, - .key_len = 16, - .iv_len = BF_BLOCK, - .ctx_size = sizeof(BF_KEY), - .flags = EVP_CIPH_ECB_MODE | EVP_CIPH_VARIABLE_LENGTH, - .init = bf_init_key, - .cipher = bf_ecb_cipher, -}; - -static const EVP_CIPHER bf_cbc = { - .nid = NID_bf_cbc, - .block_size = BF_BLOCK, - .key_len = 16, - .iv_len = BF_BLOCK, - .ctx_size = sizeof(BF_KEY), - .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH, - .init = bf_init_key, - .cipher = bf_cbc_cipher, -}; - -static const EVP_CIPHER bf_cfb = { - .nid = NID_bf_cfb64, - .block_size = 1, - .key_len = 16, - .iv_len = BF_BLOCK, - .ctx_size = sizeof(BF_KEY), - .flags = EVP_CIPH_CFB_MODE | EVP_CIPH_VARIABLE_LENGTH, - .init = bf_init_key, - .cipher = bf_cfb_cipher, -}; - -const EVP_CIPHER *EVP_bf_ecb(void) { return &bf_ecb; } - -const EVP_CIPHER *EVP_bf_cbc(void) { return &bf_cbc; } - -const EVP_CIPHER *EVP_bf_cfb(void) { return &bf_cfb; }
diff --git a/decrepit/blowfish/blowfish.cc b/decrepit/blowfish/blowfish.cc new file mode 100644 index 0000000..11e5b5a --- /dev/null +++ b/decrepit/blowfish/blowfish.cc
@@ -0,0 +1,640 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] */ + +#include <openssl/blowfish.h> +#include <openssl/cipher.h> +#include <openssl/obj.h> + +#include <assert.h> +#include <string.h> + +#include "../../crypto/fipsmodule/cipher/internal.h" +#include "../../crypto/internal.h" +#include "../macros.h" + + +#define BF_ENC(LL, R, S, P) \ + (LL ^= P, \ + LL ^= \ + (((S[((int)(R >> 24) & 0xff)] + S[0x0100 + ((int)(R >> 16) & 0xff)]) ^ \ + S[0x0200 + ((int)(R >> 8) & 0xff)]) + \ + S[0x0300 + ((int)(R) & 0xff)]) & \ + 0xffffffffL) + +void BF_encrypt(uint32_t *data, const BF_KEY *key) { + uint32_t l, r; + const uint32_t *p, *s; + + p = key->P; + s = &(key->S[0]); + l = data[0]; + r = data[1]; + + l ^= p[0]; + BF_ENC(r, l, s, p[1]); + BF_ENC(l, r, s, p[2]); + BF_ENC(r, l, s, p[3]); + BF_ENC(l, r, s, p[4]); + BF_ENC(r, l, s, p[5]); + BF_ENC(l, r, s, p[6]); + BF_ENC(r, l, s, p[7]); + BF_ENC(l, r, s, p[8]); + BF_ENC(r, l, s, p[9]); + BF_ENC(l, r, s, p[10]); + BF_ENC(r, l, s, p[11]); + BF_ENC(l, r, s, p[12]); + BF_ENC(r, l, s, p[13]); + BF_ENC(l, r, s, p[14]); + BF_ENC(r, l, s, p[15]); + BF_ENC(l, r, s, p[16]); + r ^= p[BF_ROUNDS + 1]; + + data[1] = l & 0xffffffffL; + data[0] = r & 0xffffffffL; +} + +void BF_decrypt(uint32_t *data, const BF_KEY *key) { + uint32_t l, r; + const uint32_t *p, *s; + + p = key->P; + s = &(key->S[0]); + l = data[0]; + r = data[1]; + + l ^= p[BF_ROUNDS + 1]; + BF_ENC(r, l, s, p[16]); + BF_ENC(l, r, s, p[15]); + BF_ENC(r, l, s, p[14]); + BF_ENC(l, r, s, p[13]); + BF_ENC(r, l, s, p[12]); + BF_ENC(l, r, s, p[11]); + BF_ENC(r, l, s, p[10]); + BF_ENC(l, r, s, p[9]); + BF_ENC(r, l, s, p[8]); + BF_ENC(l, r, s, p[7]); + BF_ENC(r, l, s, p[6]); + BF_ENC(l, r, s, p[5]); + BF_ENC(r, l, s, p[4]); + BF_ENC(l, r, s, p[3]); + BF_ENC(r, l, s, p[2]); + BF_ENC(l, r, s, p[1]); + r ^= p[0]; + + data[1] = l & 0xffffffffL; + data[0] = r & 0xffffffffL; +} + +void BF_ecb_encrypt(const uint8_t *in, uint8_t *out, const BF_KEY *key, + int encrypt) { + uint32_t d[2]; + + n2l(in, d[0]); + n2l(in, d[1]); + if (encrypt) { + BF_encrypt(d, key); + } else { + BF_decrypt(d, key); + } + l2n(d[0], out); + l2n(d[1], out); +} + +void BF_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length, + const BF_KEY *schedule, uint8_t *ivec, int encrypt) { + uint32_t tin0, tin1; + uint32_t tout0, tout1, xor0, xor1; + size_t l = length; + uint32_t tin[2]; + + if (encrypt) { + n2l(ivec, tout0); + n2l(ivec, tout1); + ivec -= 8; + while (l >= 8) { + n2l(in, tin0); + n2l(in, tin1); + tin0 ^= tout0; + tin1 ^= tout1; + tin[0] = tin0; + tin[1] = tin1; + BF_encrypt(tin, schedule); + tout0 = tin[0]; + tout1 = tin[1]; + l2n(tout0, out); + l2n(tout1, out); + l -= 8; + } + if (l != 0) { + n2ln(in, tin0, tin1, l); + tin0 ^= tout0; + tin1 ^= tout1; + tin[0] = tin0; + tin[1] = tin1; + BF_encrypt(tin, schedule); + tout0 = tin[0]; + tout1 = tin[1]; + l2n(tout0, out); + l2n(tout1, out); + } + l2n(tout0, ivec); + l2n(tout1, ivec); + } else { + n2l(ivec, xor0); + n2l(ivec, xor1); + ivec -= 8; + while (l >= 8) { + n2l(in, tin0); + n2l(in, tin1); + tin[0] = tin0; + tin[1] = tin1; + BF_decrypt(tin, schedule); + tout0 = tin[0] ^ xor0; + tout1 = tin[1] ^ xor1; + l2n(tout0, out); + l2n(tout1, out); + xor0 = tin0; + xor1 = tin1; + l -= 8; + } + if (l != 0) { + n2l(in, tin0); + n2l(in, tin1); + tin[0] = tin0; + tin[1] = tin1; + BF_decrypt(tin, schedule); + tout0 = tin[0] ^ xor0; + tout1 = tin[1] ^ xor1; + l2nn(tout0, tout1, out, l); + xor0 = tin0; + xor1 = tin1; + } + l2n(xor0, ivec); + l2n(xor1, ivec); + } + tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; + tin[0] = tin[1] = 0; +} + +static const BF_KEY bf_init = { + {0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L, 0xa4093822L, + 0x299f31d0L, 0x082efa98L, 0xec4e6c89L, 0x452821e6L, 0x38d01377L, + 0xbe5466cfL, 0x34e90c6cL, 0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L, + 0xb5470917L, 0x9216d5d9L, 0x8979fb1b}, + { + 0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL, 0xd01adfb7L, 0xb8e1afedL, + 0x6a267e96L, 0xba7c9045L, 0xf12c7f99L, 0x24a19947L, 0xb3916cf7L, + 0x0801f2e2L, 0x858efc16L, 0x636920d8L, 0x71574e69L, 0xa458fea3L, + 0xf4933d7eL, 0x0d95748fL, 0x728eb658L, 0x718bcd58L, 0x82154aeeL, + 0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L, 0x2af26013L, 0xc5d1b023L, + 0x286085f0L, 0xca417918L, 0xb8db38efL, 0x8e79dcb0L, 0x603a180eL, + 0x6c9e0e8bL, 0xb01e8a3eL, 0xd71577c1L, 0xbd314b27L, 0x78af2fdaL, + 0x55605c60L, 0xe65525f3L, 0xaa55ab94L, 0x57489862L, 0x63e81440L, + 0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L, 0x1141e8ceL, 0xa15486afL, + 0x7c72e993L, 0xb3ee1411L, 0x636fbc2aL, 0x2ba9c55dL, 0x741831f6L, + 0xce5c3e16L, 0x9b87931eL, 0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L, + 0x28958677L, 0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL, 0x66282193L, + 0x61d809ccL, 0xfb21a991L, 0x487cac60L, 0x5dec8032L, 0xef845d5dL, + 0xe98575b1L, 0xdc262302L, 0xeb651b88L, 0x23893e81L, 0xd396acc5L, + 0x0f6d6ff3L, 0x83f44239L, 0x2e0b4482L, 0xa4842004L, 0x69c8f04aL, + 0x9e1f9b5eL, 0x21c66842L, 0xf6e96c9aL, 0x670c9c61L, 0xabd388f0L, + 0x6a51a0d2L, 0xd8542f68L, 0x960fa728L, 0xab5133a3L, 0x6eef0b6cL, + 0x137a3be4L, 0xba3bf050L, 0x7efb2a98L, 0xa1f1651dL, 0x39af0176L, + 0x66ca593eL, 0x82430e88L, 0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L, + 0x3b8b5ebeL, 0xe06f75d8L, 0x85c12073L, 0x401a449fL, 0x56c16aa6L, + 0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L, 0x429b023dL, 0x37d0d724L, + 0xd00a1248L, 0xdb0fead3L, 0x49f1c09bL, 0x075372c9L, 0x80991b7bL, + 0x25d479d8L, 0xf6e8def7L, 0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL, + 0x04c006baL, 0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L, 0x196a2463L, + 0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL, 0x3b52ec6fL, 0x6dfc511fL, + 0x9b30952cL, 0xcc814544L, 0xaf5ebd09L, 0xbee3d004L, 0xde334afdL, + 0x660f2807L, 0x192e4bb3L, 0xc0cba857L, 0x45c8740fL, 0xd20b5f39L, + 0xb9d3fbdbL, 0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L, 0x402c7279L, + 0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L, 0xdb3222f8L, 0x3c7516dfL, + 0xfd616b15L, 0x2f501ec8L, 0xad0552abL, 0x323db5faL, 0xfd238760L, + 0x53317b48L, 0x3e00df82L, 0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL, + 0xdf1769dbL, 0xd542a8f6L, 0x287effc3L, 0xac6732c6L, 0x8c4f5573L, + 0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL, 0xb8f011a0L, 0x10fa3d98L, + 0xfd2183b8L, 0x4afcb56cL, 0x2dd1d35bL, 0x9a53e479L, 0xb6f84565L, + 0xd28e49bcL, 0x4bfb9790L, 0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L, + 0xcee4c6e8L, 0xef20cadaL, 0x36774c01L, 0xd07e9efeL, 0x2bf11fb4L, + 0x95dbda4dL, 0xae909198L, 0xeaad8e71L, 0x6b93d5a0L, 0xd08ed1d0L, + 0xafc725e0L, 0x8e3c5b2fL, 0x8e7594b7L, 0x8ff6e2fbL, 0xf2122b64L, + 0x8888b812L, 0x900df01cL, 0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L, + 0xb3a8c1adL, 0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL, 0x8b021fa1L, + 0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L, 0xce89e299L, 0xb4a84fe0L, + 0xfd13e0b7L, 0x7cc43b81L, 0xd2ada8d9L, 0x165fa266L, 0x80957705L, + 0x93cc7314L, 0x211a1477L, 0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L, + 0xfb9d35cfL, 0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L, 0xae1e7e49L, + 0x00250e2dL, 0x2071b35eL, 0x226800bbL, 0x57b8e0afL, 0x2464369bL, + 0xf009b91eL, 0x5563911dL, 0x59dfa6aaL, 0x78c14389L, 0xd95a537fL, + 0x207d5ba2L, 0x02e5b9c5L, 0x83260376L, 0x6295cfa9L, 0x11c81968L, + 0x4e734a41L, 0xb3472dcaL, 0x7b14a94aL, 0x1b510052L, 0x9a532915L, + 0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L, 0x81e67400L, 0x08ba6fb5L, + 0x571be91fL, 0xf296ec6bL, 0x2a0dd915L, 0xb6636521L, 0xe7b9f9b6L, + 0xff34052eL, 0xc5855664L, 0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L, + 0x6e85076aL, 0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL, 0xc4192623L, + 0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L, 0x8fedb266L, 0xecaa8c71L, + 0x699a17ffL, 0x5664526cL, 0xc2b19ee1L, 0x193602a5L, 0x75094c29L, + 0xa0591340L, 0xe4183a3eL, 0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L, + 0x99f73fd6L, 0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L, 0xf0255dc1L, + 0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L, 0x021ecc5eL, 0x09686b3fL, + 0x3ebaefc9L, 0x3c971814L, 0x6b6a70a1L, 0x687f3584L, 0x52a0e286L, + 0xb79c5305L, 0xaa500737L, 0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL, + 0x5716f2b8L, 0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L, 0x0200b3ffL, + 0xae0cf51aL, 0x3cb574b2L, 0x25837a58L, 0xdc0921bdL, 0xd19113f9L, + 0x7ca92ff6L, 0x94324773L, 0x22f54701L, 0x3ae5e581L, 0x37c2dadcL, + 0xc8b57634L, 0x9af3dda7L, 0xa9446146L, 0x0fd0030eL, 0xecc8c73eL, + 0xa4751e41L, 0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L, 0x183eb331L, + 0x4e548b38L, 0x4f6db908L, 0x6f420d03L, 0xf60a04bfL, 0x2cb81290L, + 0x24977c79L, 0x5679b072L, 0xbcaf89afL, 0xde9a771fL, 0xd9930810L, + 0xb38bae12L, 0xdccf3f2eL, 0x5512721fL, 0x2e6b7124L, 0x501adde6L, + 0x9f84cd87L, 0x7a584718L, 0x7408da17L, 0xbc9f9abcL, 0xe94b7d8cL, + 0xec7aec3aL, 0xdb851dfaL, 0x63094366L, 0xc464c3d2L, 0xef1c1847L, + 0x3215d908L, 0xdd433b37L, 0x24c2ba16L, 0x12a14d43L, 0x2a65c451L, + 0x50940002L, 0x133ae4ddL, 0x71dff89eL, 0x10314e55L, 0x81ac77d6L, + 0x5f11199bL, 0x043556f1L, 0xd7a3c76bL, 0x3c11183bL, 0x5924a509L, + 0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL, 0x1e153c6eL, 0x86e34570L, + 0xeae96fb1L, 0x860e5e0aL, 0x5a3e2ab3L, 0x771fe71cL, 0x4e3d06faL, + 0x2965dcb9L, 0x99e71d0fL, 0x803e89d6L, 0x5266c825L, 0x2e4cc978L, + 0x9c10b36aL, 0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L, 0x1e0a2df4L, + 0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL, 0x19c27960L, 0x5223a708L, + 0xf71312b6L, 0xebadfe6eL, 0xeac31f66L, 0xe3bc4595L, 0xa67bc883L, + 0xb17f37d1L, 0x018cff28L, 0xc332ddefL, 0xbe6c5aa5L, 0x65582185L, + 0x68ab9802L, 0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL, 0x5b6e2f84L, + 0x1521b628L, 0x29076170L, 0xecdd4775L, 0x619f1510L, 0x13cca830L, + 0xeb61bd96L, 0x0334fe1eL, 0xaa0363cfL, 0xb5735c90L, 0x4c70a239L, + 0xd59e9e0bL, 0xcbaade14L, 0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL, + 0xb2f3846eL, 0x648b1eafL, 0x19bdf0caL, 0xa02369b9L, 0x655abb50L, + 0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L, 0xc021b8f7L, 0x9b540b19L, + 0x875fa099L, 0x95f7997eL, 0x623d7da8L, 0xf837889aL, 0x97e32d77L, + 0x11ed935fL, 0x16681281L, 0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L, + 0x7858ba99L, 0x57f584a5L, 0x1b227263L, 0x9b83c3ffL, 0x1ac24696L, + 0xcdb30aebL, 0x532e3054L, 0x8fd948e4L, 0x6dbc3128L, 0x58ebf2efL, + 0x34c6ffeaL, 0xfe28ed61L, 0xee7c3c73L, 0x5d4a14d9L, 0xe864b7e3L, + 0x42105d14L, 0x203e13e0L, 0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L, + 0xfacb4fd0L, 0xc742f442L, 0xef6abbb5L, 0x654f3b1dL, 0x41cd2105L, + 0xd81e799eL, 0x86854dc7L, 0xe44b476aL, 0x3d816250L, 0xcf62a1f2L, + 0x5b8d2646L, 0xfc8883a0L, 0xc1c7b6a3L, 0x7f1524c3L, 0x69cb7492L, + 0x47848a0bL, 0x5692b285L, 0x095bbf00L, 0xad19489dL, 0x1462b174L, + 0x23820e00L, 0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL, 0x233f7061L, + 0x3372f092L, 0x8d937e41L, 0xd65fecf1L, 0x6c223bdbL, 0x7cde3759L, + 0xcbee7460L, 0x4085f2a7L, 0xce77326eL, 0xa6078084L, 0x19f8509eL, + 0xe8efd855L, 0x61d99735L, 0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL, + 0x800bcadcL, 0x9e447a2eL, 0xc3453484L, 0xfdd56705L, 0x0e1e9ec9L, + 0xdb73dbd3L, 0x105588cdL, 0x675fda79L, 0xe3674340L, 0xc5c43465L, + 0x713e38d8L, 0x3d28f89eL, 0xf16dff20L, 0x153e21e7L, 0x8fb03d4aL, + 0xe6e39f2bL, 0xdb83adf7L, 0xe93d5a68L, 0x948140f7L, 0xf64c261cL, + 0x94692934L, 0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL, 0xd4a20068L, + 0xd4082471L, 0x3320f46aL, 0x43b7d4b7L, 0x500061afL, 0x1e39f62eL, + 0x97244546L, 0x14214f74L, 0xbf8b8840L, 0x4d95fc1dL, 0x96b591afL, + 0x70f4ddd3L, 0x66a02f45L, 0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L, + 0x31cb8504L, 0x96eb27b3L, 0x55fd3941L, 0xda2547e6L, 0xabca0a9aL, + 0x28507825L, 0x530429f4L, 0x0a2c86daL, 0xe9b66dfbL, 0x68dc1462L, + 0xd7486900L, 0x680ec0a4L, 0x27a18deeL, 0x4f3ffea2L, 0xe887ad8cL, + 0xb58ce006L, 0x7af4d6b6L, 0xaace1e7cL, 0xd3375fecL, 0xce78a399L, + 0x406b2a42L, 0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL, 0x3b124e8bL, + 0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L, 0xeae397b2L, 0x3a6efa74L, + 0xdd5b4332L, 0x6841e7f7L, 0xca7820fbL, 0xfb0af54eL, 0xd8feb397L, + 0x454056acL, 0xba489527L, 0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L, + 0xd096954bL, 0x55a867bcL, 0xa1159a58L, 0xcca92963L, 0x99e1db33L, + 0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL, 0x9029317cL, 0xfdf8e802L, + 0x04272f70L, 0x80bb155cL, 0x05282ce3L, 0x95c11548L, 0xe4c66d22L, + 0x48c1133fL, 0xc70f86dcL, 0x07f9c9eeL, 0x41041f0fL, 0x404779a4L, + 0x5d886e17L, 0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL, 0x41113564L, + 0x257b7834L, 0x602a9c60L, 0xdff8e8a3L, 0x1f636c1bL, 0x0e12b4c2L, + 0x02e1329eL, 0xaf664fd1L, 0xcad18115L, 0x6b2395e0L, 0x333e92e1L, + 0x3b240b62L, 0xeebeb922L, 0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL, + 0x2da2f728L, 0xd0127845L, 0x95b794fdL, 0x647d0862L, 0xe7ccf5f0L, + 0x5449a36fL, 0x877d48faL, 0xc39dfd27L, 0xf33e8d1eL, 0x0a476341L, + 0x992eff74L, 0x3a6f6eabL, 0xf4f8fd37L, 0xa812dc60L, 0xa1ebddf8L, + 0x991be14cL, 0xdb6e6b0dL, 0xc67b5510L, 0x6d672c37L, 0x2765d43bL, + 0xdcd0e804L, 0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L, 0x690fed0bL, + 0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL, 0xd9155ea3L, 0xbb132f88L, + 0x515bad24L, 0x7b9479bfL, 0x763bd6ebL, 0x37392eb3L, 0xcc115979L, + 0x8026e297L, 0xf42e312dL, 0x6842ada7L, 0xc66a2b3bL, 0x12754cccL, + 0x782ef11cL, 0x6a124237L, 0xb79251e7L, 0x06a1bbe6L, 0x4bfb6350L, + 0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L, 0xe2e1c3c9L, 0x44421659L, + 0x0a121386L, 0xd90cec6eL, 0xd5abea2aL, 0x64af674eL, 0xda86a85fL, + 0xbebfe988L, 0x64e4c3feL, 0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L, + 0x6003604dL, 0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L, 0xd736fcccL, + 0x83426b33L, 0xf01eab71L, 0xb0804187L, 0x3c005e5fL, 0x77a057beL, + 0xbde8ae24L, 0x55464299L, 0xbf582e61L, 0x4e58f48fL, 0xf2ddfda2L, + 0xf474ef38L, 0x8789bdc2L, 0x5366f9c3L, 0xc8b38e74L, 0xb475f255L, + 0x46fcd9b9L, 0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L, 0x915f95e2L, + 0x466e598eL, 0x20b45770L, 0x8cd55591L, 0xc902de4cL, 0xb90bace1L, + 0xbb8205d0L, 0x11a86248L, 0x7574a99eL, 0xb77f19b6L, 0xe0a9dc09L, + 0x662d09a1L, 0xc4324633L, 0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L, + 0x1d6efe10L, 0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL, 0x2868f169L, + 0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL, 0x4fcd7f52L, 0x50115e01L, + 0xa70683faL, 0xa002b5c4L, 0x0de6d027L, 0x9af88c27L, 0x773f8641L, + 0xc3604c06L, 0x61a806b5L, 0xf0177a28L, 0xc0f586e0L, 0x006058aaL, + 0x30dc7d62L, 0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L, 0xc2c21634L, + 0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L, 0xce591d76L, 0x6f05e409L, + 0x4b7c0188L, 0x39720a3dL, 0x7c927c24L, 0x86e3725fL, 0x724d9db9L, + 0x1ac15bb4L, 0xd39eb8fcL, 0xed545578L, 0x08fca5b5L, 0xd83d7cd3L, + 0x4dad0fc4L, 0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L, 0x6c51133cL, + 0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL, 0xddc6c837L, 0xd79a3234L, + 0x92638212L, 0x670efa8eL, 0x406000e0L, 0x3a39ce37L, 0xd3faf5cfL, + 0xabc27737L, 0x5ac52d1bL, 0x5cb0679eL, 0x4fa33742L, 0xd3822740L, + 0x99bc9bbeL, 0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL, 0xc700c47bL, + 0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL, 0x6a366eb4L, 0x5748ab2fL, + 0xbc946e79L, 0xc6a376d2L, 0x6549c2c8L, 0x530ff8eeL, 0x468dde7dL, + 0xd5730a1dL, 0x4cd04dc6L, 0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L, + 0xbe5ee304L, 0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L, 0x9a86ee22L, + 0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL, 0x9cf2d0a4L, 0x83c061baL, + 0x9be96a4dL, 0x8fe51550L, 0xba645bd6L, 0x2826a2f9L, 0xa73a3ae1L, + 0x4ba99586L, 0xef5562e9L, 0xc72fefd3L, 0xf752f7daL, 0x3f046f69L, + 0x77fa0a59L, 0x80e4a915L, 0x87b08601L, 0x9b09e6adL, 0x3b3ee593L, + 0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L, 0x022b8b51L, 0x96d5ac3aL, + 0x017da67dL, 0xd1cf3ed6L, 0x7c7d2d28L, 0x1f9f25cfL, 0xadf2b89bL, + 0x5ad6b472L, 0x5a88f54cL, 0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL, + 0xed93fa9bL, 0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L, 0x79132e28L, + 0x785f0191L, 0xed756055L, 0xf7960e44L, 0xe3d35e8cL, 0x15056dd4L, + 0x88f46dbaL, 0x03a16125L, 0x0564f0bdL, 0xc3eb9e15L, 0x3c9057a2L, + 0x97271aecL, 0xa93a072aL, 0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL, + 0x26dcf319L, 0x7533d928L, 0xb155fdf5L, 0x03563482L, 0x8aba3cbbL, + 0x28517711L, 0xc20ad9f8L, 0xabcc5167L, 0xccad925fL, 0x4de81751L, + 0x3830dc8eL, 0x379d5862L, 0x9320f991L, 0xea7a90c2L, 0xfb3e7bceL, + 0x5121ce64L, 0x774fbe32L, 0xa8b6e37eL, 0xc3293d46L, 0x48de5369L, + 0x6413e680L, 0xa2ae0810L, 0xdd6db224L, 0x69852dfdL, 0x09072166L, + 0xb39a460aL, 0x6445c0ddL, 0x586cdecfL, 0x1c20c8aeL, 0x5bbef7ddL, + 0x1b588d40L, 0xccd2017fL, 0x6bb4e3bbL, 0xdda26a7eL, 0x3a59ff45L, + 0x3e350a44L, 0xbcb4cdd5L, 0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL, + 0xbf3c6f47L, 0xd29be463L, 0x542f5d9eL, 0xaec2771bL, 0xf64e6370L, + 0x740e0d8dL, 0xe75b1357L, 0xf8721671L, 0xaf537d5dL, 0x4040cb08L, + 0x4eb4e2ccL, 0x34d2466aL, 0x0115af84L, 0xe1b00428L, 0x95983a1dL, + 0x06b89fb4L, 0xce6ea048L, 0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL, + 0x277227f8L, 0x611560b1L, 0xe7933fdcL, 0xbb3a792bL, 0x344525bdL, + 0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L, 0xa01fbac9L, 0xe01cc87eL, + 0xbcc7d1f6L, 0xcf0111c3L, 0xa1e8aac7L, 0x1a908749L, 0xd44fbd9aL, + 0xd0dadecbL, 0xd50ada38L, 0x0339c32aL, 0xc6913667L, 0x8df9317cL, + 0xe0b12b4fL, 0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL, 0x27d9459cL, + 0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L, 0x9b941525L, 0xfae59361L, + 0xceb69cebL, 0xc2a86459L, 0x12baa8d1L, 0xb6c1075eL, 0xe3056a0cL, + 0x10d25065L, 0xcb03a442L, 0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL, + 0x3278e964L, 0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL, 0x8971f21eL, + 0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L, 0xc37632d8L, 0xdf359f8dL, + 0x9b992f2eL, 0xe60b6f47L, 0x0fe3f11dL, 0xe54cda54L, 0x1edad891L, + 0xce6279cfL, 0xcd3e7e6fL, 0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L, + 0xf6fb2299L, 0xf523f357L, 0xa6327623L, 0x93a83531L, 0x56cccd02L, + 0xacf08162L, 0x5a75ebb5L, 0x6e163697L, 0x88d273ccL, 0xde966292L, + 0x81b949d0L, 0x4c50901bL, 0x71c65614L, 0xe6c6c7bdL, 0x327a140aL, + 0x45e1d006L, 0xc3f27b9aL, 0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L, + 0x35bdd2f6L, 0x71126905L, 0xb2040222L, 0xb6cbcf7cL, 0xcd769c2bL, + 0x53113ec0L, 0x1640e3d3L, 0x38abbd60L, 0x2547adf0L, 0xba38209cL, + 0xf746ce76L, 0x77afa1c5L, 0x20756060L, 0x85cbfe4eL, 0x8ae88dd8L, + 0x7aaaf9b0L, 0x4cf9aa7eL, 0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L, + 0xd6ebe1f9L, 0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, 0xc208e69fL, + 0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, 0x3ac372e6L, + }, +}; + +void BF_set_key(BF_KEY *key, size_t len, const uint8_t *data) { + int i; + uint32_t *p, ri, in[2]; + const uint8_t *d, *end; + + OPENSSL_memcpy(key, &bf_init, sizeof(BF_KEY)); + p = key->P; + + if (len > ((BF_ROUNDS + 2) * 4)) { + len = (BF_ROUNDS + 2) * 4; + } + + d = data; + end = &data[len]; + for (i = 0; i < BF_ROUNDS + 2; i++) { + ri = *(d++); + if (d >= end) { + d = data; + } + + ri <<= 8; + ri |= *(d++); + if (d >= end) { + d = data; + } + + ri <<= 8; + ri |= *(d++); + if (d >= end) { + d = data; + } + + ri <<= 8; + ri |= *(d++); + if (d >= end) { + d = data; + } + + p[i] ^= ri; + } + + in[0] = 0L; + in[1] = 0L; + for (i = 0; i < BF_ROUNDS + 2; i += 2) { + BF_encrypt(in, key); + p[i] = in[0]; + p[i + 1] = in[1]; + } + + p = key->S; + for (i = 0; i < 4 * 256; i += 2) { + BF_encrypt(in, key); + p[i] = in[0]; + p[i + 1] = in[1]; + } +} + +static void BF_cfb64_encrypt(const uint8_t *in, uint8_t *out, size_t length, + const BF_KEY *schedule, uint8_t *ivec, int *num, + int encrypt) { + uint32_t v0, v1, t; + int n = *num; + size_t l = length; + uint32_t ti[2]; + uint8_t c, cc; + + uint8_t *iv = ivec; + if (encrypt) { + while (l--) { + if (n == 0) { + n2l(iv, v0); + ti[0] = v0; + n2l(iv, v1); + ti[1] = v1; + BF_encrypt(ti, schedule); + iv = ivec; + t = ti[0]; + l2n(t, iv); + t = ti[1]; + l2n(t, iv); + iv = ivec; + } + c = *(in++) ^ iv[n]; + *(out++) = c; + iv[n] = c; + n = (n + 1) & 0x07; + } + } else { + while (l--) { + if (n == 0) { + n2l(iv, v0); + ti[0] = v0; + n2l(iv, v1); + ti[1] = v1; + BF_encrypt(ti, schedule); + iv = ivec; + t = ti[0]; + l2n(t, iv); + t = ti[1]; + l2n(t, iv); + iv = ivec; + } + cc = *(in++); + c = iv[n]; + iv[n] = cc; + *(out++) = c ^ cc; + n = (n + 1) & 0x07; + } + } + + *num = n; +} + +static int bf_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, + const uint8_t *iv, int enc) { + BF_KEY *bf_key = reinterpret_cast<BF_KEY *>(ctx->cipher_data); + BF_set_key(bf_key, ctx->key_len, key); + return 1; +} + +static int bf_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, + size_t len) { + BF_KEY *bf_key = reinterpret_cast<BF_KEY *>(ctx->cipher_data); + + while (len >= BF_BLOCK) { + BF_ecb_encrypt(in, out, bf_key, ctx->encrypt); + in += BF_BLOCK; + out += BF_BLOCK; + len -= BF_BLOCK; + } + assert(len == 0); + + return 1; +} + +static int bf_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, + size_t len) { + BF_KEY *bf_key = reinterpret_cast<BF_KEY *>(ctx->cipher_data); + BF_cbc_encrypt(in, out, len, bf_key, ctx->iv, ctx->encrypt); + return 1; +} + +static int bf_cfb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, + size_t len) { + BF_KEY *bf_key = reinterpret_cast<BF_KEY *>(ctx->cipher_data); + int num = ctx->num; + BF_cfb64_encrypt(in, out, len, bf_key, ctx->iv, &num, ctx->encrypt); + ctx->num = num; + return 1; +} + +static const EVP_CIPHER bf_ecb = { + /* nid= */ NID_bf_ecb, + /* block_size= */ BF_BLOCK, + /* key_len= */ 16, + /* iv_len= */ BF_BLOCK, + /* ctx_size= */ sizeof(BF_KEY), + /* flags= */ EVP_CIPH_ECB_MODE | EVP_CIPH_VARIABLE_LENGTH, + /* init= */ bf_init_key, + /* cipher= */ bf_ecb_cipher, + /* cleanup= */ nullptr, + /* ctrl= */ nullptr, +}; + +static const EVP_CIPHER bf_cbc = { + /* nid= */ NID_bf_cbc, + /* block_size= */ BF_BLOCK, + /* key_len= */ 16, + /* iv_len= */ BF_BLOCK, + /* ctx_size= */ sizeof(BF_KEY), + /* flags= */ EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH, + /* init= */ bf_init_key, + /* cipher= */ bf_cbc_cipher, + /* cleanup= */ nullptr, + /* ctrl= */ nullptr, +}; + +static const EVP_CIPHER bf_cfb = { + /* nid= */ NID_bf_cfb64, + /* block_size= */ 1, + /* key_len= */ 16, + /* iv_len= */ BF_BLOCK, + /* ctx_size= */ sizeof(BF_KEY), + /* flags= */ EVP_CIPH_CFB_MODE | EVP_CIPH_VARIABLE_LENGTH, + /* init= */ bf_init_key, + /* cipher= */ bf_cfb_cipher, + /* cleanup= */ nullptr, + /* ctrl= */ nullptr, +}; + +const EVP_CIPHER *EVP_bf_ecb(void) { return &bf_ecb; } + +const EVP_CIPHER *EVP_bf_cbc(void) { return &bf_cbc; } + +const EVP_CIPHER *EVP_bf_cfb(void) { return &bf_cfb; }
diff --git a/decrepit/cast/cast.c b/decrepit/cast/cast.cc similarity index 91% rename from decrepit/cast/cast.c rename to decrepit/cast/cast.cc index f6f1963..15f776e 100644 --- a/decrepit/cast/cast.c +++ b/decrepit/cast/cast.cc
@@ -66,8 +66,8 @@ #include "../../crypto/fipsmodule/cipher/internal.h" #include "../../crypto/internal.h" -#include "internal.h" #include "../macros.h" +#include "internal.h" void CAST_ecb_encrypt(const uint8_t *in, uint8_t *out, const CAST_KEY *ks, @@ -85,16 +85,17 @@ l2n(d[1], out); } -#define E_CAST(n, key, L, R, OP1, OP2, OP3) \ - { \ - uint32_t a, b, c, d; \ - t = (key[n * 2] OP1 R) & 0xffffffff; \ - t = CRYPTO_rotl_u32(t, (key[n * 2 + 1])); \ - a = CAST_S_table0[(t >> 8) & 0xff]; \ - b = CAST_S_table1[(t)&0xff]; \ - c = CAST_S_table2[(t >> 24) & 0xff]; \ - d = CAST_S_table3[(t >> 16) & 0xff]; \ - L ^= (((((a OP2 b)&0xffffffffL)OP3 c) & 0xffffffffL) OP1 d) & 0xffffffffL; \ +#define E_CAST(n, key, L, R, OP1, OP2, OP3) \ + { \ + uint32_t a, b, c, d; \ + t = (key[n * 2] OP1 R) & 0xffffffff; \ + t = CRYPTO_rotl_u32(t, (key[n * 2 + 1])); \ + a = CAST_S_table0[(t >> 8) & 0xff]; \ + b = CAST_S_table1[(t) & 0xff]; \ + c = CAST_S_table2[(t >> 24) & 0xff]; \ + d = CAST_S_table3[(t >> 16) & 0xff]; \ + L ^= (((((a OP2 b) & 0xffffffffL) OP3 c) & 0xffffffffL) OP1 d) & \ + 0xffffffffL; \ } void CAST_encrypt(uint32_t *data, const CAST_KEY *key) { @@ -239,7 +240,7 @@ #define CAST_exp(l, A, a, n) \ A[n / 4] = l; \ - a[n + 3] = (l)&0xff; \ + a[n + 3] = (l) & 0xff; \ a[n + 2] = (l >> 8) & 0xff; \ a[n + 1] = (l >> 16) & 0xff; \ a[n + 0] = (l >> 24) & 0xff; @@ -409,14 +410,14 @@ static int cast_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, const uint8_t *iv, int enc) { - CAST_KEY *cast_key = ctx->cipher_data; + CAST_KEY *cast_key = reinterpret_cast<CAST_KEY *>(ctx->cipher_data); CAST_set_key(cast_key, ctx->key_len, key); return 1; } static int cast_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, size_t len) { - CAST_KEY *cast_key = ctx->cipher_data; + CAST_KEY *cast_key = reinterpret_cast<CAST_KEY *>(ctx->cipher_data); while (len >= CAST_BLOCK) { CAST_ecb_encrypt(in, out, cast_key, ctx->encrypt); @@ -431,31 +432,35 @@ static int cast_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, size_t len) { - CAST_KEY *cast_key = ctx->cipher_data; + CAST_KEY *cast_key = reinterpret_cast<CAST_KEY *>(ctx->cipher_data); CAST_cbc_encrypt(in, out, len, cast_key, ctx->iv, ctx->encrypt); return 1; } static const EVP_CIPHER cast5_ecb = { - .nid = NID_cast5_ecb, - .block_size = CAST_BLOCK, - .key_len = CAST_KEY_LENGTH, - .iv_len = CAST_BLOCK, - .ctx_size = sizeof(CAST_KEY), - .flags = EVP_CIPH_ECB_MODE | EVP_CIPH_VARIABLE_LENGTH, - .init = cast_init_key, - .cipher = cast_ecb_cipher, + /* nid= */ NID_cast5_ecb, + /* block_size= */ CAST_BLOCK, + /* key_len= */ CAST_KEY_LENGTH, + /* iv_len= */ CAST_BLOCK, + /* ctx_size= */ sizeof(CAST_KEY), + /* flags= */ EVP_CIPH_ECB_MODE | EVP_CIPH_VARIABLE_LENGTH, + /* init= */ cast_init_key, + /* cipher= */ cast_ecb_cipher, + /* cleanup= */ nullptr, + /* ctrl= */ nullptr, }; static const EVP_CIPHER cast5_cbc = { - .nid = NID_cast5_cbc, - .block_size = CAST_BLOCK, - .key_len = CAST_KEY_LENGTH, - .iv_len = CAST_BLOCK, - .ctx_size = sizeof(CAST_KEY), - .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH, - .init = cast_init_key, - .cipher = cast_cbc_cipher, + /* nid= */ NID_cast5_cbc, + /* block_size= */ CAST_BLOCK, + /* key_len= */ CAST_KEY_LENGTH, + /* iv_len= */ CAST_BLOCK, + /* ctx_size= */ sizeof(CAST_KEY), + /* flags= */ EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH, + /* init= */ cast_init_key, + /* cipher= */ cast_cbc_cipher, + /* cleanup= */ nullptr, + /* ctrl= */ nullptr, }; const EVP_CIPHER *EVP_cast5_ecb(void) { return &cast5_ecb; }
diff --git a/decrepit/cast/cast_tables.c b/decrepit/cast/cast_tables.cc similarity index 100% rename from decrepit/cast/cast_tables.c rename to decrepit/cast/cast_tables.cc
diff --git a/decrepit/cfb/cfb.c b/decrepit/cfb/cfb.cc similarity index 66% rename from decrepit/cfb/cfb.c rename to decrepit/cfb/cfb.cc index 0ac3228..89bceec 100644 --- a/decrepit/cfb/cfb.c +++ b/decrepit/cfb/cfb.cc
@@ -29,7 +29,7 @@ static int aes_cfb_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, const uint8_t *iv, int enc) { if (key) { - EVP_CFB_CTX *cfb_ctx = ctx->cipher_data; + EVP_CFB_CTX *cfb_ctx = reinterpret_cast<EVP_CFB_CTX *>(ctx->cipher_data); AES_set_encrypt_key(key, ctx->key_len * 8, &cfb_ctx->ks); } @@ -42,7 +42,7 @@ return 0; } - EVP_CFB_CTX *cfb_ctx = ctx->cipher_data; + EVP_CFB_CTX *cfb_ctx = reinterpret_cast<EVP_CFB_CTX *>(ctx->cipher_data); int num = ctx->num; AES_cfb128_encrypt(in, out, len, &cfb_ctx->ks, ctx->iv, &num, ctx->encrypt ? AES_ENCRYPT : AES_DECRYPT); @@ -52,36 +52,42 @@ } static const EVP_CIPHER aes_128_cfb128 = { - .nid = NID_aes_128_cfb128, - .block_size = 1, - .key_len = 16, - .iv_len = 16, - .ctx_size = sizeof(EVP_CFB_CTX), - .flags = EVP_CIPH_CFB_MODE, - .init = aes_cfb_init_key, - .cipher = aes_cfb128_cipher, + /* nid= */ NID_aes_128_cfb128, + /* block_size= */ 1, + /* key_len= */ 16, + /* iv_len= */ 16, + /* ctx_size= */ sizeof(EVP_CFB_CTX), + /* flags= */ EVP_CIPH_CFB_MODE, + /* init= */ aes_cfb_init_key, + /* cipher= */ aes_cfb128_cipher, + /* cleanup= */ nullptr, + /* ctrl= */ nullptr, }; static const EVP_CIPHER aes_192_cfb128 = { - .nid = NID_aes_192_cfb128, - .block_size = 1, - .key_len = 24, - .iv_len = 16, - .ctx_size = sizeof(EVP_CFB_CTX), - .flags = EVP_CIPH_CFB_MODE, - .init = aes_cfb_init_key, - .cipher = aes_cfb128_cipher, + /* nid= */ NID_aes_192_cfb128, + /* block_size= */ 1, + /* key_len= */ 24, + /* iv_len= */ 16, + /* ctx_size= */ sizeof(EVP_CFB_CTX), + /* flags= */ EVP_CIPH_CFB_MODE, + /* init= */ aes_cfb_init_key, + /* cipher= */ aes_cfb128_cipher, + /* cleanup= */ nullptr, + /* ctrl= */ nullptr, }; static const EVP_CIPHER aes_256_cfb128 = { - .nid = NID_aes_256_cfb128, - .block_size = 1, - .key_len = 32, - .iv_len = 16, - .ctx_size = sizeof(EVP_CFB_CTX), - .flags = EVP_CIPH_CFB_MODE, - .init = aes_cfb_init_key, - .cipher = aes_cfb128_cipher, + /* nid= */ NID_aes_256_cfb128, + /* block_size= */ 1, + /* key_len= */ 32, + /* iv_len= */ 16, + /* ctx_size= */ sizeof(EVP_CFB_CTX), + /* flags= */ EVP_CIPH_CFB_MODE, + /* init= */ aes_cfb_init_key, + /* cipher= */ aes_cfb128_cipher, + /* cleanup= */ nullptr, + /* ctrl= */ nullptr, }; const EVP_CIPHER *EVP_aes_128_cfb128(void) { return &aes_128_cfb128; }
diff --git a/decrepit/des/cfb64ede.c b/decrepit/des/cfb64ede.cc similarity index 100% rename from decrepit/des/cfb64ede.c rename to decrepit/des/cfb64ede.cc
diff --git a/decrepit/dh/dh_decrepit.c b/decrepit/dh/dh_decrepit.cc similarity index 100% rename from decrepit/dh/dh_decrepit.c rename to decrepit/dh/dh_decrepit.cc
diff --git a/decrepit/dsa/dsa_decrepit.c b/decrepit/dsa/dsa_decrepit.cc similarity index 100% rename from decrepit/dsa/dsa_decrepit.c rename to decrepit/dsa/dsa_decrepit.cc
diff --git a/decrepit/evp/dss1.c b/decrepit/evp/dss1.cc similarity index 100% rename from decrepit/evp/dss1.c rename to decrepit/evp/dss1.cc
diff --git a/decrepit/evp/evp_do_all.c b/decrepit/evp/evp_do_all.cc similarity index 100% rename from decrepit/evp/evp_do_all.c rename to decrepit/evp/evp_do_all.cc
diff --git a/decrepit/obj/obj_decrepit.c b/decrepit/obj/obj_decrepit.cc similarity index 100% rename from decrepit/obj/obj_decrepit.c rename to decrepit/obj/obj_decrepit.cc
diff --git a/decrepit/rc4/rc4_decrepit.c b/decrepit/rc4/rc4_decrepit.cc similarity index 100% rename from decrepit/rc4/rc4_decrepit.c rename to decrepit/rc4/rc4_decrepit.cc
diff --git a/decrepit/ripemd/ripemd.c b/decrepit/ripemd/ripemd.cc similarity index 84% rename from decrepit/ripemd/ripemd.c rename to decrepit/ripemd/ripemd.cc index 3ae6904..91f488d 100644 --- a/decrepit/ripemd/ripemd.c +++ b/decrepit/ripemd/ripemd.cc
@@ -58,8 +58,8 @@ #include <string.h> -#include "../../crypto/internal.h" #include "../../crypto/fipsmodule/digest/md32_common.h" +#include "../../crypto/internal.h" #define RIPEMD160_A 0x67452301L @@ -88,7 +88,8 @@ int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len) { crypto_md32_update(&ripemd160_block_data_order, c->h, c->data, - RIPEMD160_CBLOCK, &c->num, &c->Nh, &c->Nl, data, len); + RIPEMD160_CBLOCK, &c->num, &c->Nh, &c->Nl, + reinterpret_cast<const uint8_t *>(data), len); return 1; } @@ -159,332 +160,332 @@ #define KR3 0x7A6D76E9L #define KR4 0x00000000L -#define WL00 0 +#define WL00 0 #define SL00 11 -#define WL01 1 +#define WL01 1 #define SL01 14 -#define WL02 2 +#define WL02 2 #define SL02 15 -#define WL03 3 +#define WL03 3 #define SL03 12 -#define WL04 4 -#define SL04 5 -#define WL05 5 -#define SL05 8 -#define WL06 6 -#define SL06 7 -#define WL07 7 -#define SL07 9 -#define WL08 8 +#define WL04 4 +#define SL04 5 +#define WL05 5 +#define SL05 8 +#define WL06 6 +#define SL06 7 +#define WL07 7 +#define SL07 9 +#define WL08 8 #define SL08 11 -#define WL09 9 +#define WL09 9 #define SL09 13 #define WL10 10 #define SL10 14 #define WL11 11 #define SL11 15 #define WL12 12 -#define SL12 6 +#define SL12 6 #define WL13 13 -#define SL13 7 +#define SL13 7 #define WL14 14 -#define SL14 9 +#define SL14 9 #define WL15 15 -#define SL15 8 +#define SL15 8 -#define WL16 7 -#define SL16 7 -#define WL17 4 -#define SL17 6 +#define WL16 7 +#define SL16 7 +#define WL17 4 +#define SL17 6 #define WL18 13 -#define SL18 8 -#define WL19 1 +#define SL18 8 +#define WL19 1 #define SL19 13 #define WL20 10 #define SL20 11 -#define WL21 6 -#define SL21 9 +#define WL21 6 +#define SL21 9 #define WL22 15 -#define SL22 7 -#define WL23 3 +#define SL22 7 +#define WL23 3 #define SL23 15 #define WL24 12 -#define SL24 7 -#define WL25 0 +#define SL24 7 +#define WL25 0 #define SL25 12 -#define WL26 9 +#define WL26 9 #define SL26 15 -#define WL27 5 -#define SL27 9 -#define WL28 2 +#define WL27 5 +#define SL27 9 +#define WL28 2 #define SL28 11 #define WL29 14 -#define SL29 7 +#define SL29 7 #define WL30 11 #define SL30 13 -#define WL31 8 +#define WL31 8 #define SL31 12 -#define WL32 3 +#define WL32 3 #define SL32 11 #define WL33 10 #define SL33 13 #define WL34 14 -#define SL34 6 -#define WL35 4 -#define SL35 7 -#define WL36 9 +#define SL34 6 +#define WL35 4 +#define SL35 7 +#define WL36 9 #define SL36 14 #define WL37 15 -#define SL37 9 -#define WL38 8 +#define SL37 9 +#define WL38 8 #define SL38 13 -#define WL39 1 +#define WL39 1 #define SL39 15 -#define WL40 2 +#define WL40 2 #define SL40 14 -#define WL41 7 -#define SL41 8 -#define WL42 0 +#define WL41 7 +#define SL41 8 +#define WL42 0 #define SL42 13 -#define WL43 6 -#define SL43 6 +#define WL43 6 +#define SL43 6 #define WL44 13 -#define SL44 5 +#define SL44 5 #define WL45 11 #define SL45 12 -#define WL46 5 -#define SL46 7 +#define WL46 5 +#define SL46 7 #define WL47 12 -#define SL47 5 +#define SL47 5 -#define WL48 1 +#define WL48 1 #define SL48 11 -#define WL49 9 +#define WL49 9 #define SL49 12 #define WL50 11 #define SL50 14 #define WL51 10 #define SL51 15 -#define WL52 0 +#define WL52 0 #define SL52 14 -#define WL53 8 +#define WL53 8 #define SL53 15 #define WL54 12 -#define SL54 9 -#define WL55 4 -#define SL55 8 +#define SL54 9 +#define WL55 4 +#define SL55 8 #define WL56 13 -#define SL56 9 -#define WL57 3 +#define SL56 9 +#define WL57 3 #define SL57 14 -#define WL58 7 -#define SL58 5 +#define WL58 7 +#define SL58 5 #define WL59 15 -#define SL59 6 +#define SL59 6 #define WL60 14 -#define SL60 8 -#define WL61 5 -#define SL61 6 -#define WL62 6 -#define SL62 5 -#define WL63 2 +#define SL60 8 +#define WL61 5 +#define SL61 6 +#define WL62 6 +#define SL62 5 +#define WL63 2 #define SL63 12 -#define WL64 4 -#define SL64 9 -#define WL65 0 +#define WL64 4 +#define SL64 9 +#define WL65 0 #define SL65 15 -#define WL66 5 -#define SL66 5 -#define WL67 9 +#define WL66 5 +#define SL66 5 +#define WL67 9 #define SL67 11 -#define WL68 7 -#define SL68 6 +#define WL68 7 +#define SL68 6 #define WL69 12 -#define SL69 8 -#define WL70 2 +#define SL69 8 +#define WL70 2 #define SL70 13 #define WL71 10 #define SL71 12 #define WL72 14 -#define SL72 5 -#define WL73 1 +#define SL72 5 +#define WL73 1 #define SL73 12 -#define WL74 3 +#define WL74 3 #define SL74 13 -#define WL75 8 +#define WL75 8 #define SL75 14 #define WL76 11 #define SL76 11 -#define WL77 6 -#define SL77 8 +#define WL77 6 +#define SL77 8 #define WL78 15 -#define SL78 5 +#define SL78 5 #define WL79 13 -#define SL79 6 +#define SL79 6 -#define WR00 5 -#define SR00 8 +#define WR00 5 +#define SR00 8 #define WR01 14 -#define SR01 9 -#define WR02 7 -#define SR02 9 -#define WR03 0 +#define SR01 9 +#define WR02 7 +#define SR02 9 +#define WR03 0 #define SR03 11 -#define WR04 9 +#define WR04 9 #define SR04 13 -#define WR05 2 +#define WR05 2 #define SR05 15 #define WR06 11 #define SR06 15 -#define WR07 4 -#define SR07 5 +#define WR07 4 +#define SR07 5 #define WR08 13 -#define SR08 7 -#define WR09 6 -#define SR09 7 +#define SR08 7 +#define WR09 6 +#define SR09 7 #define WR10 15 -#define SR10 8 -#define WR11 8 +#define SR10 8 +#define WR11 8 #define SR11 11 -#define WR12 1 +#define WR12 1 #define SR12 14 #define WR13 10 #define SR13 14 -#define WR14 3 +#define WR14 3 #define SR14 12 #define WR15 12 -#define SR15 6 +#define SR15 6 -#define WR16 6 -#define SR16 9 +#define WR16 6 +#define SR16 9 #define WR17 11 #define SR17 13 -#define WR18 3 +#define WR18 3 #define SR18 15 -#define WR19 7 -#define SR19 7 -#define WR20 0 +#define WR19 7 +#define SR19 7 +#define WR20 0 #define SR20 12 #define WR21 13 -#define SR21 8 -#define WR22 5 -#define SR22 9 +#define SR21 8 +#define WR22 5 +#define SR22 9 #define WR23 10 #define SR23 11 #define WR24 14 -#define SR24 7 +#define SR24 7 #define WR25 15 -#define SR25 7 -#define WR26 8 +#define SR25 7 +#define WR26 8 #define SR26 12 #define WR27 12 -#define SR27 7 -#define WR28 4 -#define SR28 6 -#define WR29 9 +#define SR27 7 +#define WR28 4 +#define SR28 6 +#define WR29 9 #define SR29 15 -#define WR30 1 +#define WR30 1 #define SR30 13 -#define WR31 2 +#define WR31 2 #define SR31 11 #define WR32 15 -#define SR32 9 -#define WR33 5 -#define SR33 7 -#define WR34 1 +#define SR32 9 +#define WR33 5 +#define SR33 7 +#define WR34 1 #define SR34 15 -#define WR35 3 +#define WR35 3 #define SR35 11 -#define WR36 7 -#define SR36 8 +#define WR36 7 +#define SR36 8 #define WR37 14 -#define SR37 6 -#define WR38 6 -#define SR38 6 -#define WR39 9 +#define SR37 6 +#define WR38 6 +#define SR38 6 +#define WR39 9 #define SR39 14 #define WR40 11 #define SR40 12 -#define WR41 8 +#define WR41 8 #define SR41 13 #define WR42 12 -#define SR42 5 -#define WR43 2 +#define SR42 5 +#define WR43 2 #define SR43 14 #define WR44 10 #define SR44 13 -#define WR45 0 +#define WR45 0 #define SR45 13 -#define WR46 4 -#define SR46 7 +#define WR46 4 +#define SR46 7 #define WR47 13 -#define SR47 5 +#define SR47 5 -#define WR48 8 +#define WR48 8 #define SR48 15 -#define WR49 6 -#define SR49 5 -#define WR50 4 -#define SR50 8 -#define WR51 1 +#define WR49 6 +#define SR49 5 +#define WR50 4 +#define SR50 8 +#define WR51 1 #define SR51 11 -#define WR52 3 +#define WR52 3 #define SR52 14 #define WR53 11 #define SR53 14 #define WR54 15 -#define SR54 6 -#define WR55 0 +#define SR54 6 +#define WR55 0 #define SR55 14 -#define WR56 5 -#define SR56 6 +#define WR56 5 +#define SR56 6 #define WR57 12 -#define SR57 9 -#define WR58 2 +#define SR57 9 +#define WR58 2 #define SR58 12 #define WR59 13 -#define SR59 9 -#define WR60 9 +#define SR59 9 +#define WR60 9 #define SR60 12 -#define WR61 7 -#define SR61 5 +#define WR61 7 +#define SR61 5 #define WR62 10 #define SR62 15 #define WR63 14 -#define SR63 8 +#define SR63 8 #define WR64 12 -#define SR64 8 +#define SR64 8 #define WR65 15 -#define SR65 5 +#define SR65 5 #define WR66 10 #define SR66 12 -#define WR67 4 -#define SR67 9 -#define WR68 1 +#define WR67 4 +#define SR67 9 +#define WR68 1 #define SR68 12 -#define WR69 5 -#define SR69 5 -#define WR70 8 +#define WR69 5 +#define SR69 5 +#define WR70 8 #define SR70 14 -#define WR71 7 -#define SR71 6 -#define WR72 6 -#define SR72 8 -#define WR73 2 +#define WR71 7 +#define SR71 6 +#define WR72 6 +#define SR72 8 +#define WR73 2 #define SR73 13 #define WR74 13 -#define SR74 6 +#define SR74 6 #define WR75 14 -#define SR75 5 -#define WR76 0 +#define SR75 5 +#define WR76 0 #define SR76 15 -#define WR77 3 +#define WR77 3 #define SR77 13 -#define WR78 9 +#define WR78 9 #define SR78 11 #define WR79 11 #define SR79 11
diff --git a/decrepit/rsa/rsa_decrepit.c b/decrepit/rsa/rsa_decrepit.cc similarity index 100% rename from decrepit/rsa/rsa_decrepit.c rename to decrepit/rsa/rsa_decrepit.cc
diff --git a/decrepit/ssl/ssl_decrepit.c b/decrepit/ssl/ssl_decrepit.cc similarity index 100% rename from decrepit/ssl/ssl_decrepit.c rename to decrepit/ssl/ssl_decrepit.cc
diff --git a/decrepit/x509/x509_decrepit.c b/decrepit/x509/x509_decrepit.cc similarity index 100% rename from decrepit/x509/x509_decrepit.c rename to decrepit/x509/x509_decrepit.cc
diff --git a/decrepit/xts/xts.c b/decrepit/xts/xts.cc similarity index 84% rename from decrepit/xts/xts.c rename to decrepit/xts/xts.cc index 47c7044..ce83829 100644 --- a/decrepit/xts/xts.c +++ b/decrepit/xts/xts.cc
@@ -72,13 +72,17 @@ } tweak, scratch; unsigned int i; - if (len < 16) return 0; + if (len < 16) { + return 0; + } OPENSSL_memcpy(tweak.c, iv, 16); (*ctx->block2)(tweak.c, tweak.c, ctx->key2); - if (!enc && (len % 16)) len -= 16; + if (!enc && (len % 16)) { + len -= 16; + } while (len >= 16) { OPENSSL_memcpy(scratch.c, inp, 16); @@ -92,7 +96,9 @@ out += 16; len -= 16; - if (len == 0) return 1; + if (len == 0) { + return 1; + } unsigned int carry, res; @@ -158,7 +164,7 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key, const uint8_t *iv, int enc) { - EVP_AES_XTS_CTX *xctx = ctx->cipher_data; + EVP_AES_XTS_CTX *xctx = reinterpret_cast<EVP_AES_XTS_CTX *>(ctx->cipher_data); if (!iv && !key) { return 1; } @@ -173,8 +179,8 @@ xctx->xts.block1 = AES_decrypt; } - AES_set_encrypt_key(key + ctx->key_len / 2, - ctx->key_len * 4, &xctx->ks2.ks); + AES_set_encrypt_key(key + ctx->key_len / 2, ctx->key_len * 4, + &xctx->ks2.ks); xctx->xts.block2 = AES_encrypt; xctx->xts.key1 = &xctx->ks1.ks; } @@ -187,13 +193,10 @@ return 1; } -static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, - const uint8_t *in, size_t len) { - EVP_AES_XTS_CTX *xctx = ctx->cipher_data; - if (!xctx->xts.key1 || - !xctx->xts.key2 || - !out || - !in || +static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in, + size_t len) { + EVP_AES_XTS_CTX *xctx = reinterpret_cast<EVP_AES_XTS_CTX *>(ctx->cipher_data); + if (!xctx->xts.key1 || !xctx->xts.key2 || !out || !in || len < AES_BLOCK_SIZE || !CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len, ctx->encrypt)) { return 0; @@ -202,10 +205,11 @@ } static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { - EVP_AES_XTS_CTX *xctx = c->cipher_data; + EVP_AES_XTS_CTX *xctx = reinterpret_cast<EVP_AES_XTS_CTX *>(c->cipher_data); if (type == EVP_CTRL_COPY) { - EVP_CIPHER_CTX *out = ptr; - EVP_AES_XTS_CTX *xctx_out = out->cipher_data; + EVP_CIPHER_CTX *out = reinterpret_cast<EVP_CIPHER_CTX *>(ptr); + EVP_AES_XTS_CTX *xctx_out = + reinterpret_cast<EVP_AES_XTS_CTX *>(out->cipher_data); if (xctx->xts.key1) { if (xctx->xts.key1 != &xctx->ks1.ks) { return 0; @@ -229,16 +233,18 @@ } static const EVP_CIPHER aes_256_xts = { - .nid = NID_aes_256_xts, - .block_size = 1, - .key_len = 64 /* 2 AES-256 keys */, - .iv_len = 16, - .ctx_size = sizeof(EVP_AES_XTS_CTX), - .flags = EVP_CIPH_XTS_MODE | EVP_CIPH_CUSTOM_IV | + /* nid= */ NID_aes_256_xts, + /* block_size= */ 1, + /* key_len= */ 64 /* 2 AES-256 keys */, + /* iv_len= */ 16, + /* ctx_size= */ sizeof(EVP_AES_XTS_CTX), + /* flags= */ EVP_CIPH_XTS_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | EVP_CIPH_CUSTOM_COPY, - .init = aes_xts_init_key, - .cipher = aes_xts_cipher, - .ctrl = aes_xts_ctrl}; + /* init= */ aes_xts_init_key, + /* cipher= */ aes_xts_cipher, + /* cleanup= */ nullptr, + /* ctrl= */ aes_xts_ctrl, +}; const EVP_CIPHER *EVP_aes_256_xts(void) { return &aes_256_xts; }
diff --git a/gen/crypto/err_data.c b/gen/crypto/err_data.cc similarity index 83% rename from gen/crypto/err_data.c rename to gen/crypto/err_data.cc index 665423b..796aa3d 100644 --- a/gen/crypto/err_data.c +++ b/gen/crypto/err_data.cc
@@ -54,6 +54,7 @@ static_assert(ERR_LIB_USER == 33, "library value changed"); static_assert(ERR_NUM_LIBS == 34, "number of libraries changed"); +extern const uint32_t kOpenSSLReasonValues[]; const uint32_t kOpenSSLReasonValues[] = { 0xc320885, 0xc32889f, @@ -196,51 +197,51 @@ 0x283500f7, 0x28358c81, 0x2836099a, - 0x2c3232fa, + 0x2c3232d4, 0x2c329385, - 0x2c333308, - 0x2c33b31a, - 0x2c34332e, - 0x2c34b340, - 0x2c35335b, - 0x2c35b36d, - 0x2c36339d, + 0x2c3332e2, + 0x2c33b2f4, + 0x2c343308, + 0x2c34b31a, + 0x2c353335, + 0x2c35b347, + 0x2c363377, 0x2c36833a, - 0x2c3733aa, - 0x2c37b3d6, - 0x2c383414, - 0x2c38b42b, - 0x2c393449, - 0x2c39b459, - 0x2c3a346b, - 0x2c3ab47f, - 0x2c3b3490, - 0x2c3bb4af, + 0x2c373384, + 0x2c37b3b0, + 0x2c3833ee, + 0x2c38b405, + 0x2c393423, + 0x2c39b433, + 0x2c3a3445, + 0x2c3ab459, + 0x2c3b346a, + 0x2c3bb489, 0x2c3c1397, 0x2c3c93ad, - 0x2c3d34f4, + 0x2c3d34ce, 0x2c3d93c6, - 0x2c3e351e, - 0x2c3eb52c, - 0x2c3f3544, - 0x2c3fb55c, - 0x2c403586, + 0x2c3e34f8, + 0x2c3eb506, + 0x2c3f351e, + 0x2c3fb536, + 0x2c403560, 0x2c409298, - 0x2c413597, - 0x2c41b5aa, + 0x2c413571, + 0x2c41b584, 0x2c42125e, - 0x2c42b5bb, + 0x2c42b595, 0x2c43076d, - 0x2c43b4a1, - 0x2c4433e9, - 0x2c44b569, - 0x2c453380, - 0x2c45b3bc, - 0x2c463439, - 0x2c46b4c3, - 0x2c4734d8, - 0x2c47b511, - 0x2c4833fb, + 0x2c43b47b, + 0x2c4433c3, + 0x2c44b543, + 0x2c45335a, + 0x2c45b396, + 0x2c463413, + 0x2c46b49d, + 0x2c4734b2, + 0x2c47b4eb, + 0x2c4833d5, 0x30320000, 0x30328015, 0x3033001f, @@ -380,261 +381,260 @@ 0x3c418dd3, 0x3c420edf, 0x3c428e69, - 0x40321a42, - 0x40329a58, - 0x40331a86, - 0x40339a90, - 0x40341aa7, - 0x40349ac5, - 0x40351ad5, - 0x40359ae7, - 0x40361af4, - 0x40369b00, - 0x40371b15, - 0x40379b27, - 0x40381b32, - 0x40389b44, + 0x40321a1c, + 0x40329a32, + 0x40331a60, + 0x40339a6a, + 0x40341a81, + 0x40349a9f, + 0x40351aaf, + 0x40359ac1, + 0x40361ace, + 0x40369ada, + 0x40371aef, + 0x40379b01, + 0x40381b0c, + 0x40389b1e, 0x40390f93, - 0x40399b54, - 0x403a1b67, - 0x403a9b88, - 0x403b1b99, - 0x403b9ba9, + 0x40399b2e, + 0x403a1b41, + 0x403a9b62, + 0x403b1b73, + 0x403b9b83, 0x403c0071, 0x403c8090, - 0x403d1c0a, - 0x403d9c20, - 0x403e1c2f, - 0x403e9c67, - 0x403f1c81, - 0x403f9ca9, - 0x40401cbe, - 0x40409cd2, - 0x40411d0d, - 0x40419d28, - 0x40421d41, - 0x40429d54, - 0x40431d68, - 0x40439d96, - 0x40441dad, + 0x403d1be4, + 0x403d9bfa, + 0x403e1c09, + 0x403e9c41, + 0x403f1c5b, + 0x403f9c83, + 0x40401c98, + 0x40409cac, + 0x40411ce7, + 0x40419d02, + 0x40421d1b, + 0x40429d2e, + 0x40431d42, + 0x40439d70, + 0x40441d87, 0x404480b9, - 0x40451dc2, - 0x40459dd4, - 0x40461df8, - 0x40469e18, - 0x40471e26, - 0x40479e4d, - 0x40481ebe, - 0x40489f78, - 0x40491f8f, - 0x40499fa9, - 0x404a1fc0, - 0x404a9fde, - 0x404b1ff6, - 0x404ba023, - 0x404c2039, - 0x404ca04b, - 0x404d206c, - 0x404da0a5, - 0x404e20b9, - 0x404ea0c6, - 0x404f2177, - 0x404fa1ed, - 0x4050225c, - 0x4050a270, - 0x405122a3, - 0x405222b3, - 0x4052a2d7, - 0x405322ef, - 0x4053a302, - 0x40542317, - 0x4054a33a, - 0x40552365, - 0x4055a3a2, - 0x405623c7, - 0x4056a3e0, - 0x405723f8, - 0x4057a40b, - 0x40582420, - 0x4058a447, - 0x40592476, - 0x4059a4a3, - 0x405aa4b7, - 0x405b24cf, - 0x405ba4e0, - 0x405c24f3, - 0x405ca532, - 0x405d253f, - 0x405da564, - 0x405e25a2, + 0x40451d9c, + 0x40459dae, + 0x40461dd2, + 0x40469df2, + 0x40471e00, + 0x40479e27, + 0x40481e98, + 0x40489f52, + 0x40491f69, + 0x40499f83, + 0x404a1f9a, + 0x404a9fb8, + 0x404b1fd0, + 0x404b9ffd, + 0x404c2013, + 0x404ca025, + 0x404d2046, + 0x404da07f, + 0x404e2093, + 0x404ea0a0, + 0x404f2151, + 0x404fa1c7, + 0x40502236, + 0x4050a24a, + 0x4051227d, + 0x4052228d, + 0x4052a2b1, + 0x405322c9, + 0x4053a2dc, + 0x405422f1, + 0x4054a314, + 0x4055233f, + 0x4055a37c, + 0x405623a1, + 0x4056a3ba, + 0x405723d2, + 0x4057a3e5, + 0x405823fa, + 0x4058a421, + 0x40592450, + 0x4059a47d, + 0x405aa491, + 0x405b24a9, + 0x405ba4ba, + 0x405c24cd, + 0x405ca50c, + 0x405d2519, + 0x405da53e, + 0x405e257c, 0x405e8afe, - 0x405f25c3, - 0x405fa5d0, - 0x406025de, - 0x4060a600, - 0x40612661, - 0x4061a699, - 0x406226b0, - 0x4062a6c1, - 0x4063270e, - 0x4063a723, - 0x4064273a, - 0x4064a766, - 0x40652781, - 0x4065a798, - 0x406627b0, - 0x4066a7da, - 0x40672805, - 0x4067a84a, - 0x40682892, - 0x4068a8b3, - 0x406928e5, - 0x4069a913, - 0x406a2934, - 0x406aa954, - 0x406b2adc, - 0x406baaff, - 0x406c2b15, - 0x406cae1f, - 0x406d2e4e, - 0x406dae76, - 0x406e2ea4, - 0x406eaef1, - 0x406f2f4a, - 0x406faf82, - 0x40702f95, - 0x4070afb2, + 0x405f259d, + 0x405fa5aa, + 0x406025b8, + 0x4060a5da, + 0x4061263b, + 0x4061a673, + 0x4062268a, + 0x4062a69b, + 0x406326e8, + 0x4063a6fd, + 0x40642714, + 0x4064a740, + 0x4065275b, + 0x4065a772, + 0x4066278a, + 0x4066a7b4, + 0x406727df, + 0x4067a824, + 0x4068286c, + 0x4068a88d, + 0x406928bf, + 0x4069a8ed, + 0x406a290e, + 0x406aa92e, + 0x406b2ab6, + 0x406baad9, + 0x406c2aef, + 0x406cadf9, + 0x406d2e28, + 0x406dae50, + 0x406e2e7e, + 0x406eaecb, + 0x406f2f24, + 0x406faf5c, + 0x40702f6f, + 0x4070af8c, 0x4071084d, - 0x4071afc4, - 0x40722fd7, - 0x4072b00d, - 0x40733025, + 0x4071af9e, + 0x40722fb1, + 0x4072afe7, + 0x40732fff, 0x407395af, - 0x40743039, - 0x4074b053, - 0x40753064, - 0x4075b078, - 0x40763086, + 0x40743013, + 0x4074b02d, + 0x4075303e, + 0x4075b052, + 0x40763060, 0x4076935b, - 0x407730ab, - 0x4077b0eb, - 0x40783106, - 0x4078b13f, - 0x40793156, - 0x4079b16c, - 0x407a3198, - 0x407ab1ab, - 0x407b31c0, - 0x407bb1d2, - 0x407c3203, - 0x407cb20c, - 0x407d28ce, - 0x407da215, - 0x407e311b, - 0x407ea457, - 0x407f1e3a, - 0x407fa00d, - 0x40802187, - 0x40809e62, - 0x408122c5, - 0x4081a114, - 0x40822e8f, - 0x40829bb5, - 0x40832432, - 0x4083a74b, - 0x40841e76, - 0x4084a48f, - 0x40852504, - 0x4085a628, - 0x40862584, - 0x4086a22f, - 0x40872ed5, - 0x4087a676, - 0x40881bf3, - 0x4088a85d, - 0x40891c42, - 0x40899bcf, - 0x408a2b4d, + 0x40773085, + 0x4077b0c5, + 0x407830e0, + 0x4078b119, + 0x40793130, + 0x4079b146, + 0x407a3172, + 0x407ab185, + 0x407b319a, + 0x407bb1ac, + 0x407c31dd, + 0x407cb1e6, + 0x407d28a8, + 0x407da1ef, + 0x407e30f5, + 0x407ea431, + 0x407f1e14, + 0x407f9fe7, + 0x40802161, + 0x40809e3c, + 0x4081229f, + 0x4081a0ee, + 0x40822e69, + 0x40829b8f, + 0x4083240c, + 0x4083a725, + 0x40841e50, + 0x4084a469, + 0x408524de, + 0x4085a602, + 0x4086255e, + 0x4086a209, + 0x40872eaf, + 0x4087a650, + 0x40881bcd, + 0x4088a837, + 0x40891c1c, + 0x40899ba9, + 0x408a2b27, 0x408a99c7, - 0x408b31e7, - 0x408baf5f, - 0x408c2514, - 0x408c99ff, - 0x408d1f5e, - 0x408d9ea8, - 0x408e208e, - 0x408ea382, - 0x408f2871, - 0x408fa644, - 0x40902826, - 0x4090a556, - 0x40912b35, - 0x40919a25, - 0x40921c8f, - 0x4092af10, - 0x40932ff0, - 0x4093a240, - 0x40941e8a, - 0x4094ab66, - 0x409526d2, - 0x4095b178, - 0x40962ebc, - 0x4096a1a0, - 0x4097228b, - 0x4097a0dd, - 0x40981cef, - 0x4098a6e6, - 0x40992f2c, - 0x4099a3af, - 0x409a2348, + 0x408b31c1, + 0x408baf39, + 0x408c24ee, + 0x408d1f38, + 0x408d9e82, + 0x408e2068, + 0x408ea35c, + 0x408f284b, + 0x408fa61e, + 0x40902800, + 0x4090a530, + 0x40912b0f, + 0x409199ff, + 0x40921c69, + 0x4092aeea, + 0x40932fca, + 0x4093a21a, + 0x40941e64, + 0x4094ab40, + 0x409526ac, + 0x4095b152, + 0x40962e96, + 0x4096a17a, + 0x40972265, + 0x4097a0b7, + 0x40981cc9, + 0x4098a6c0, + 0x40992f06, + 0x4099a389, + 0x409a2322, 0x409a99e3, - 0x409b1ee4, - 0x409b9f0f, - 0x409c30cd, - 0x409c9f37, - 0x409d215c, - 0x409da12a, - 0x409e1d80, - 0x409ea1d5, - 0x409f21bd, - 0x409f9ed7, - 0x40a021fd, - 0x40a0a0f7, - 0x40a12145, - 0x41f42a07, - 0x41f92a99, - 0x41fe298c, - 0x41feac42, - 0x41ff2d70, - 0x42032a20, - 0x42082a42, - 0x4208aa7e, - 0x42092970, - 0x4209aab8, - 0x420a29c7, - 0x420aa9a7, - 0x420b29e7, - 0x420baa60, - 0x420c2d8c, - 0x420cab76, - 0x420d2c29, - 0x420dac60, - 0x42122c93, - 0x42172d53, - 0x4217acd5, - 0x421c2cf7, - 0x421f2cb2, - 0x42212e04, - 0x42262d36, - 0x422b2de2, - 0x422bac04, - 0x422c2dc4, - 0x422cabb7, - 0x422d2b90, - 0x422dada3, - 0x422e2be3, - 0x42302d12, - 0x4230ac7a, + 0x409b1ebe, + 0x409b9ee9, + 0x409c30a7, + 0x409c9f11, + 0x409d2136, + 0x409da104, + 0x409e1d5a, + 0x409ea1af, + 0x409f2197, + 0x409f9eb1, + 0x40a021d7, + 0x40a0a0d1, + 0x40a1211f, + 0x41f429e1, + 0x41f92a73, + 0x41fe2966, + 0x41feac1c, + 0x41ff2d4a, + 0x420329fa, + 0x42082a1c, + 0x4208aa58, + 0x4209294a, + 0x4209aa92, + 0x420a29a1, + 0x420aa981, + 0x420b29c1, + 0x420baa3a, + 0x420c2d66, + 0x420cab50, + 0x420d2c03, + 0x420dac3a, + 0x42122c6d, + 0x42172d2d, + 0x4217acaf, + 0x421c2cd1, + 0x421f2c8c, + 0x42212dde, + 0x42262d10, + 0x422b2dbc, + 0x422babde, + 0x422c2d9e, + 0x422cab91, + 0x422d2b6a, + 0x422dad7d, + 0x422e2bbd, + 0x42302cec, + 0x4230ac54, 0x44320778, 0x44328787, 0x44330793, @@ -690,71 +690,71 @@ 0x4c41948f, 0x4c4215f8, 0x4c4293d7, - 0x503235cd, - 0x5032b5dc, - 0x503335e7, - 0x5033b5f7, - 0x50343610, - 0x5034b62a, - 0x50353638, - 0x5035b64e, - 0x50363660, - 0x5036b676, - 0x5037368f, - 0x5037b6a2, - 0x503836ba, - 0x5038b6cb, - 0x503936e0, - 0x5039b6f4, - 0x503a3714, - 0x503ab72a, - 0x503b3742, - 0x503bb754, - 0x503c3770, - 0x503cb787, - 0x503d37a0, - 0x503db7b6, - 0x503e37c3, - 0x503eb7d9, - 0x503f37eb, + 0x503235a7, + 0x5032b5b6, + 0x503335c1, + 0x5033b5d1, + 0x503435ea, + 0x5034b604, + 0x50353612, + 0x5035b628, + 0x5036363a, + 0x5036b650, + 0x50373669, + 0x5037b67c, + 0x50383694, + 0x5038b6a5, + 0x503936ba, + 0x5039b6ce, + 0x503a36ee, + 0x503ab704, + 0x503b371c, + 0x503bb72e, + 0x503c374a, + 0x503cb761, + 0x503d377a, + 0x503db790, + 0x503e379d, + 0x503eb7b3, + 0x503f37c5, 0x503f83b3, - 0x504037fe, - 0x5040b80e, - 0x50413828, - 0x5041b837, - 0x50423851, - 0x5042b86e, - 0x5043387e, - 0x5043b88e, - 0x504438ab, + 0x504037d8, + 0x5040b7e8, + 0x50413802, + 0x5041b811, + 0x5042382b, + 0x5042b848, + 0x50433858, + 0x5043b868, + 0x50443885, 0x50448469, - 0x504538bf, - 0x5045b8dd, - 0x504638f0, - 0x5046b906, - 0x50473918, - 0x5047b92d, - 0x50483953, - 0x5048b961, - 0x50493974, - 0x5049b989, - 0x504a399f, - 0x504ab9af, - 0x504b39cf, - 0x504bb9e2, - 0x504c3a05, - 0x504cba33, - 0x504d3a60, - 0x504dba7d, - 0x504e3a98, - 0x504ebab4, - 0x504f3ac6, - 0x504fbadd, - 0x50503aec, + 0x50453899, + 0x5045b8b7, + 0x504638ca, + 0x5046b8e0, + 0x504738f2, + 0x5047b907, + 0x5048392d, + 0x5048b93b, + 0x5049394e, + 0x5049b963, + 0x504a3979, + 0x504ab989, + 0x504b39a9, + 0x504bb9bc, + 0x504c39df, + 0x504cba0d, + 0x504d3a3a, + 0x504dba57, + 0x504e3a72, + 0x504eba8e, + 0x504f3aa0, + 0x504fbab7, + 0x50503ac6, 0x50508729, - 0x50513aff, - 0x5051b89d, - 0x50523a45, + 0x50513ad9, + 0x5051b877, + 0x50523a1f, 0x58320fd1, 0x68320f93, 0x68328ceb, @@ -799,23 +799,25 @@ 0x7c321274, 0x803214a2, 0x80328090, - 0x803332c9, + 0x803332a3, 0x803380b9, - 0x803432d8, - 0x8034b240, - 0x8035325e, - 0x8035b2ec, - 0x803632a0, - 0x8036b24f, - 0x80373292, - 0x8037b22d, - 0x803832b3, - 0x8038b26f, - 0x80393284, + 0x803432b2, + 0x8034b21a, + 0x80353238, + 0x8035b2c6, + 0x8036327a, + 0x8036b229, + 0x8037326c, + 0x8037b207, + 0x8038328d, + 0x8038b249, + 0x8039325e, }; +extern const size_t kOpenSSLReasonValuesLen; const size_t kOpenSSLReasonValuesLen = sizeof(kOpenSSLReasonValues) / sizeof(kOpenSSLReasonValues[0]); +extern const char kOpenSSLReasonStringData[]; const char kOpenSSLReasonStringData[] = "ASN1_LENGTH_MISMATCH\0" "AUX_ERROR\0" @@ -1154,7 +1156,6 @@ "WRONG_SIGNATURE_LENGTH\0" "ALPN_MISMATCH_ON_EARLY_DATA\0" "ALPS_MISMATCH_ON_EARLY_DATA\0" - "APPLICATION_DATA_INSTEAD_OF_HANDSHAKE\0" "APPLICATION_DATA_ON_SHUTDOWN\0" "APP_DATA_IN_HANDSHAKE\0" "ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT\0"
diff --git a/gen/sources.bzl b/gen/sources.bzl index ac4ef67..4024735 100644 --- a/gen/sources.bzl +++ b/gen/sources.bzl
@@ -15,82 +15,82 @@ # Generated by go ./util/pregenerate. Do not edit manually. bcm_sources = [ - "crypto/fipsmodule/bcm.c", + "crypto/fipsmodule/bcm.cc", ] bcm_internal_headers = [ - "crypto/fipsmodule/aes/aes.c.inc", - "crypto/fipsmodule/aes/aes_nohw.c.inc", - "crypto/fipsmodule/aes/key_wrap.c.inc", - "crypto/fipsmodule/aes/mode_wrappers.c.inc", - "crypto/fipsmodule/bn/add.c.inc", - "crypto/fipsmodule/bn/asm/x86_64-gcc.c.inc", - "crypto/fipsmodule/bn/bn.c.inc", - "crypto/fipsmodule/bn/bytes.c.inc", - "crypto/fipsmodule/bn/cmp.c.inc", - "crypto/fipsmodule/bn/ctx.c.inc", - "crypto/fipsmodule/bn/div.c.inc", - "crypto/fipsmodule/bn/div_extra.c.inc", - "crypto/fipsmodule/bn/exponentiation.c.inc", - "crypto/fipsmodule/bn/gcd.c.inc", - "crypto/fipsmodule/bn/gcd_extra.c.inc", - "crypto/fipsmodule/bn/generic.c.inc", - "crypto/fipsmodule/bn/jacobi.c.inc", - "crypto/fipsmodule/bn/montgomery.c.inc", - "crypto/fipsmodule/bn/montgomery_inv.c.inc", - "crypto/fipsmodule/bn/mul.c.inc", - "crypto/fipsmodule/bn/prime.c.inc", - "crypto/fipsmodule/bn/random.c.inc", - "crypto/fipsmodule/bn/rsaz_exp.c.inc", - "crypto/fipsmodule/bn/shift.c.inc", - "crypto/fipsmodule/bn/sqrt.c.inc", - "crypto/fipsmodule/cipher/aead.c.inc", - "crypto/fipsmodule/cipher/cipher.c.inc", - "crypto/fipsmodule/cipher/e_aes.c.inc", - "crypto/fipsmodule/cipher/e_aesccm.c.inc", - "crypto/fipsmodule/cmac/cmac.c.inc", - "crypto/fipsmodule/dh/check.c.inc", - "crypto/fipsmodule/dh/dh.c.inc", - "crypto/fipsmodule/digest/digest.c.inc", - "crypto/fipsmodule/digest/digests.c.inc", - "crypto/fipsmodule/digestsign/digestsign.c.inc", - "crypto/fipsmodule/ec/ec.c.inc", - "crypto/fipsmodule/ec/ec_key.c.inc", - "crypto/fipsmodule/ec/ec_montgomery.c.inc", - "crypto/fipsmodule/ec/felem.c.inc", - "crypto/fipsmodule/ec/oct.c.inc", - "crypto/fipsmodule/ec/p224-64.c.inc", - "crypto/fipsmodule/ec/p256-nistz.c.inc", - "crypto/fipsmodule/ec/p256.c.inc", - "crypto/fipsmodule/ec/scalar.c.inc", - "crypto/fipsmodule/ec/simple.c.inc", - "crypto/fipsmodule/ec/simple_mul.c.inc", - "crypto/fipsmodule/ec/util.c.inc", - "crypto/fipsmodule/ec/wnaf.c.inc", - "crypto/fipsmodule/ecdh/ecdh.c.inc", - "crypto/fipsmodule/ecdsa/ecdsa.c.inc", - "crypto/fipsmodule/hkdf/hkdf.c.inc", - "crypto/fipsmodule/hmac/hmac.c.inc", - "crypto/fipsmodule/modes/cbc.c.inc", - "crypto/fipsmodule/modes/cfb.c.inc", - "crypto/fipsmodule/modes/ctr.c.inc", - "crypto/fipsmodule/modes/gcm.c.inc", - "crypto/fipsmodule/modes/gcm_nohw.c.inc", - "crypto/fipsmodule/modes/ofb.c.inc", - "crypto/fipsmodule/modes/polyval.c.inc", - "crypto/fipsmodule/rand/ctrdrbg.c.inc", - "crypto/fipsmodule/rand/rand.c.inc", - "crypto/fipsmodule/rsa/blinding.c.inc", - "crypto/fipsmodule/rsa/padding.c.inc", - "crypto/fipsmodule/rsa/rsa.c.inc", - "crypto/fipsmodule/rsa/rsa_impl.c.inc", - "crypto/fipsmodule/self_check/fips.c.inc", - "crypto/fipsmodule/self_check/self_check.c.inc", - "crypto/fipsmodule/service_indicator/service_indicator.c.inc", - "crypto/fipsmodule/sha/sha1.c.inc", - "crypto/fipsmodule/sha/sha256.c.inc", - "crypto/fipsmodule/sha/sha512.c.inc", - "crypto/fipsmodule/tls/kdf.c.inc", + "crypto/fipsmodule/aes/aes.cc.inc", + "crypto/fipsmodule/aes/aes_nohw.cc.inc", + "crypto/fipsmodule/aes/key_wrap.cc.inc", + "crypto/fipsmodule/aes/mode_wrappers.cc.inc", + "crypto/fipsmodule/bn/add.cc.inc", + "crypto/fipsmodule/bn/asm/x86_64-gcc.cc.inc", + "crypto/fipsmodule/bn/bn.cc.inc", + "crypto/fipsmodule/bn/bytes.cc.inc", + "crypto/fipsmodule/bn/cmp.cc.inc", + "crypto/fipsmodule/bn/ctx.cc.inc", + "crypto/fipsmodule/bn/div.cc.inc", + "crypto/fipsmodule/bn/div_extra.cc.inc", + "crypto/fipsmodule/bn/exponentiation.cc.inc", + "crypto/fipsmodule/bn/gcd.cc.inc", + "crypto/fipsmodule/bn/gcd_extra.cc.inc", + "crypto/fipsmodule/bn/generic.cc.inc", + "crypto/fipsmodule/bn/jacobi.cc.inc", + "crypto/fipsmodule/bn/montgomery.cc.inc", + "crypto/fipsmodule/bn/montgomery_inv.cc.inc", + "crypto/fipsmodule/bn/mul.cc.inc", + "crypto/fipsmodule/bn/prime.cc.inc", + "crypto/fipsmodule/bn/random.cc.inc", + "crypto/fipsmodule/bn/rsaz_exp.cc.inc", + "crypto/fipsmodule/bn/shift.cc.inc", + "crypto/fipsmodule/bn/sqrt.cc.inc", + "crypto/fipsmodule/cipher/aead.cc.inc", + "crypto/fipsmodule/cipher/cipher.cc.inc", + "crypto/fipsmodule/cipher/e_aes.cc.inc", + "crypto/fipsmodule/cipher/e_aesccm.cc.inc", + "crypto/fipsmodule/cmac/cmac.cc.inc", + "crypto/fipsmodule/dh/check.cc.inc", + "crypto/fipsmodule/dh/dh.cc.inc", + "crypto/fipsmodule/digest/digest.cc.inc", + "crypto/fipsmodule/digest/digests.cc.inc", + "crypto/fipsmodule/digestsign/digestsign.cc.inc", + "crypto/fipsmodule/ec/ec.cc.inc", + "crypto/fipsmodule/ec/ec_key.cc.inc", + "crypto/fipsmodule/ec/ec_montgomery.cc.inc", + "crypto/fipsmodule/ec/felem.cc.inc", + "crypto/fipsmodule/ec/oct.cc.inc", + "crypto/fipsmodule/ec/p224-64.cc.inc", + "crypto/fipsmodule/ec/p256-nistz.cc.inc", + "crypto/fipsmodule/ec/p256.cc.inc", + "crypto/fipsmodule/ec/scalar.cc.inc", + "crypto/fipsmodule/ec/simple.cc.inc", + "crypto/fipsmodule/ec/simple_mul.cc.inc", + "crypto/fipsmodule/ec/util.cc.inc", + "crypto/fipsmodule/ec/wnaf.cc.inc", + "crypto/fipsmodule/ecdh/ecdh.cc.inc", + "crypto/fipsmodule/ecdsa/ecdsa.cc.inc", + "crypto/fipsmodule/hkdf/hkdf.cc.inc", + "crypto/fipsmodule/hmac/hmac.cc.inc", + "crypto/fipsmodule/modes/cbc.cc.inc", + "crypto/fipsmodule/modes/cfb.cc.inc", + "crypto/fipsmodule/modes/ctr.cc.inc", + "crypto/fipsmodule/modes/gcm.cc.inc", + "crypto/fipsmodule/modes/gcm_nohw.cc.inc", + "crypto/fipsmodule/modes/ofb.cc.inc", + "crypto/fipsmodule/modes/polyval.cc.inc", + "crypto/fipsmodule/rand/ctrdrbg.cc.inc", + "crypto/fipsmodule/rand/rand.cc.inc", + "crypto/fipsmodule/rsa/blinding.cc.inc", + "crypto/fipsmodule/rsa/padding.cc.inc", + "crypto/fipsmodule/rsa/rsa.cc.inc", + "crypto/fipsmodule/rsa/rsa_impl.cc.inc", + "crypto/fipsmodule/self_check/fips.cc.inc", + "crypto/fipsmodule/self_check/self_check.cc.inc", + "crypto/fipsmodule/service_indicator/service_indicator.cc.inc", + "crypto/fipsmodule/sha/sha1.cc.inc", + "crypto/fipsmodule/sha/sha256.cc.inc", + "crypto/fipsmodule/sha/sha512.cc.inc", + "crypto/fipsmodule/tls/kdf.cc.inc", ] bcm_sources_asm = [ @@ -244,255 +244,255 @@ ] crypto_sources = [ - "crypto/asn1/a_bitstr.c", - "crypto/asn1/a_bool.c", - "crypto/asn1/a_d2i_fp.c", - "crypto/asn1/a_dup.c", - "crypto/asn1/a_gentm.c", - "crypto/asn1/a_i2d_fp.c", - "crypto/asn1/a_int.c", - "crypto/asn1/a_mbstr.c", - "crypto/asn1/a_object.c", - "crypto/asn1/a_octet.c", - "crypto/asn1/a_strex.c", - "crypto/asn1/a_strnid.c", - "crypto/asn1/a_time.c", - "crypto/asn1/a_type.c", - "crypto/asn1/a_utctm.c", - "crypto/asn1/asn1_lib.c", - "crypto/asn1/asn1_par.c", - "crypto/asn1/asn_pack.c", - "crypto/asn1/f_int.c", - "crypto/asn1/f_string.c", - "crypto/asn1/posix_time.c", - "crypto/asn1/tasn_dec.c", - "crypto/asn1/tasn_enc.c", - "crypto/asn1/tasn_fre.c", - "crypto/asn1/tasn_new.c", - "crypto/asn1/tasn_typ.c", - "crypto/asn1/tasn_utl.c", - "crypto/base64/base64.c", - "crypto/bio/bio.c", - "crypto/bio/bio_mem.c", - "crypto/bio/connect.c", - "crypto/bio/errno.c", - "crypto/bio/fd.c", - "crypto/bio/file.c", - "crypto/bio/hexdump.c", - "crypto/bio/pair.c", - "crypto/bio/printf.c", - "crypto/bio/socket.c", - "crypto/bio/socket_helper.c", - "crypto/blake2/blake2.c", - "crypto/bn_extra/bn_asn1.c", - "crypto/bn_extra/convert.c", - "crypto/buf/buf.c", - "crypto/bytestring/asn1_compat.c", - "crypto/bytestring/ber.c", - "crypto/bytestring/cbb.c", - "crypto/bytestring/cbs.c", - "crypto/bytestring/unicode.c", - "crypto/chacha/chacha.c", - "crypto/cipher_extra/cipher_extra.c", - "crypto/cipher_extra/derive_key.c", - "crypto/cipher_extra/e_aesctrhmac.c", - "crypto/cipher_extra/e_aesgcmsiv.c", - "crypto/cipher_extra/e_chacha20poly1305.c", - "crypto/cipher_extra/e_des.c", - "crypto/cipher_extra/e_null.c", - "crypto/cipher_extra/e_rc2.c", - "crypto/cipher_extra/e_rc4.c", - "crypto/cipher_extra/e_tls.c", - "crypto/cipher_extra/tls_cbc.c", - "crypto/conf/conf.c", - "crypto/cpu_aarch64_apple.c", - "crypto/cpu_aarch64_fuchsia.c", - "crypto/cpu_aarch64_linux.c", - "crypto/cpu_aarch64_openbsd.c", - "crypto/cpu_aarch64_sysreg.c", - "crypto/cpu_aarch64_win.c", - "crypto/cpu_arm_freebsd.c", - "crypto/cpu_arm_linux.c", - "crypto/cpu_intel.c", - "crypto/crypto.c", - "crypto/curve25519/curve25519.c", - "crypto/curve25519/curve25519_64_adx.c", - "crypto/curve25519/spake25519.c", - "crypto/des/des.c", - "crypto/dh_extra/dh_asn1.c", - "crypto/dh_extra/params.c", - "crypto/digest_extra/digest_extra.c", - "crypto/dilithium/dilithium.c", - "crypto/dsa/dsa.c", - "crypto/dsa/dsa_asn1.c", - "crypto/ec_extra/ec_asn1.c", - "crypto/ec_extra/ec_derive.c", - "crypto/ec_extra/hash_to_curve.c", - "crypto/ecdh_extra/ecdh_extra.c", - "crypto/ecdsa_extra/ecdsa_asn1.c", - "crypto/engine/engine.c", - "crypto/err/err.c", - "crypto/evp/evp.c", - "crypto/evp/evp_asn1.c", - "crypto/evp/evp_ctx.c", - "crypto/evp/p_dh.c", - "crypto/evp/p_dh_asn1.c", - "crypto/evp/p_dsa_asn1.c", - "crypto/evp/p_ec.c", - "crypto/evp/p_ec_asn1.c", - "crypto/evp/p_ed25519.c", - "crypto/evp/p_ed25519_asn1.c", - "crypto/evp/p_hkdf.c", - "crypto/evp/p_rsa.c", - "crypto/evp/p_rsa_asn1.c", - "crypto/evp/p_x25519.c", - "crypto/evp/p_x25519_asn1.c", - "crypto/evp/pbkdf.c", - "crypto/evp/print.c", - "crypto/evp/scrypt.c", - "crypto/evp/sign.c", - "crypto/ex_data.c", - "crypto/fipsmodule/fips_shared_support.c", - "crypto/hpke/hpke.c", - "crypto/hrss/hrss.c", - "crypto/keccak/keccak.c", - "crypto/kyber/kyber.c", - "crypto/lhash/lhash.c", - "crypto/md4/md4.c", - "crypto/md5/md5.c", - "crypto/mem.c", + "crypto/asn1/a_bitstr.cc", + "crypto/asn1/a_bool.cc", + "crypto/asn1/a_d2i_fp.cc", + "crypto/asn1/a_dup.cc", + "crypto/asn1/a_gentm.cc", + "crypto/asn1/a_i2d_fp.cc", + "crypto/asn1/a_int.cc", + "crypto/asn1/a_mbstr.cc", + "crypto/asn1/a_object.cc", + "crypto/asn1/a_octet.cc", + "crypto/asn1/a_strex.cc", + "crypto/asn1/a_strnid.cc", + "crypto/asn1/a_time.cc", + "crypto/asn1/a_type.cc", + "crypto/asn1/a_utctm.cc", + "crypto/asn1/asn1_lib.cc", + "crypto/asn1/asn1_par.cc", + "crypto/asn1/asn_pack.cc", + "crypto/asn1/f_int.cc", + "crypto/asn1/f_string.cc", + "crypto/asn1/posix_time.cc", + "crypto/asn1/tasn_dec.cc", + "crypto/asn1/tasn_enc.cc", + "crypto/asn1/tasn_fre.cc", + "crypto/asn1/tasn_new.cc", + "crypto/asn1/tasn_typ.cc", + "crypto/asn1/tasn_utl.cc", + "crypto/base64/base64.cc", + "crypto/bio/bio.cc", + "crypto/bio/bio_mem.cc", + "crypto/bio/connect.cc", + "crypto/bio/errno.cc", + "crypto/bio/fd.cc", + "crypto/bio/file.cc", + "crypto/bio/hexdump.cc", + "crypto/bio/pair.cc", + "crypto/bio/printf.cc", + "crypto/bio/socket.cc", + "crypto/bio/socket_helper.cc", + "crypto/blake2/blake2.cc", + "crypto/bn_extra/bn_asn1.cc", + "crypto/bn_extra/convert.cc", + "crypto/buf/buf.cc", + "crypto/bytestring/asn1_compat.cc", + "crypto/bytestring/ber.cc", + "crypto/bytestring/cbb.cc", + "crypto/bytestring/cbs.cc", + "crypto/bytestring/unicode.cc", + "crypto/chacha/chacha.cc", + "crypto/cipher_extra/cipher_extra.cc", + "crypto/cipher_extra/derive_key.cc", + "crypto/cipher_extra/e_aesctrhmac.cc", + "crypto/cipher_extra/e_aesgcmsiv.cc", + "crypto/cipher_extra/e_chacha20poly1305.cc", + "crypto/cipher_extra/e_des.cc", + "crypto/cipher_extra/e_null.cc", + "crypto/cipher_extra/e_rc2.cc", + "crypto/cipher_extra/e_rc4.cc", + "crypto/cipher_extra/e_tls.cc", + "crypto/cipher_extra/tls_cbc.cc", + "crypto/conf/conf.cc", + "crypto/cpu_aarch64_apple.cc", + "crypto/cpu_aarch64_fuchsia.cc", + "crypto/cpu_aarch64_linux.cc", + "crypto/cpu_aarch64_openbsd.cc", + "crypto/cpu_aarch64_sysreg.cc", + "crypto/cpu_aarch64_win.cc", + "crypto/cpu_arm_freebsd.cc", + "crypto/cpu_arm_linux.cc", + "crypto/cpu_intel.cc", + "crypto/crypto.cc", + "crypto/curve25519/curve25519.cc", + "crypto/curve25519/curve25519_64_adx.cc", + "crypto/curve25519/spake25519.cc", + "crypto/des/des.cc", + "crypto/dh_extra/dh_asn1.cc", + "crypto/dh_extra/params.cc", + "crypto/digest_extra/digest_extra.cc", + "crypto/dilithium/dilithium.cc", + "crypto/dsa/dsa.cc", + "crypto/dsa/dsa_asn1.cc", + "crypto/ec_extra/ec_asn1.cc", + "crypto/ec_extra/ec_derive.cc", + "crypto/ec_extra/hash_to_curve.cc", + "crypto/ecdh_extra/ecdh_extra.cc", + "crypto/ecdsa_extra/ecdsa_asn1.cc", + "crypto/engine/engine.cc", + "crypto/err/err.cc", + "crypto/evp/evp.cc", + "crypto/evp/evp_asn1.cc", + "crypto/evp/evp_ctx.cc", + "crypto/evp/p_dh.cc", + "crypto/evp/p_dh_asn1.cc", + "crypto/evp/p_dsa_asn1.cc", + "crypto/evp/p_ec.cc", + "crypto/evp/p_ec_asn1.cc", + "crypto/evp/p_ed25519.cc", + "crypto/evp/p_ed25519_asn1.cc", + "crypto/evp/p_hkdf.cc", + "crypto/evp/p_rsa.cc", + "crypto/evp/p_rsa_asn1.cc", + "crypto/evp/p_x25519.cc", + "crypto/evp/p_x25519_asn1.cc", + "crypto/evp/pbkdf.cc", + "crypto/evp/print.cc", + "crypto/evp/scrypt.cc", + "crypto/evp/sign.cc", + "crypto/ex_data.cc", + "crypto/fipsmodule/fips_shared_support.cc", + "crypto/hpke/hpke.cc", + "crypto/hrss/hrss.cc", + "crypto/keccak/keccak.cc", + "crypto/kyber/kyber.cc", + "crypto/lhash/lhash.cc", + "crypto/md4/md4.cc", + "crypto/md5/md5.cc", + "crypto/mem.cc", "crypto/mldsa/mldsa.cc", "crypto/mlkem/mlkem.cc", - "crypto/obj/obj.c", - "crypto/obj/obj_xref.c", - "crypto/pem/pem_all.c", - "crypto/pem/pem_info.c", - "crypto/pem/pem_lib.c", - "crypto/pem/pem_oth.c", - "crypto/pem/pem_pk8.c", - "crypto/pem/pem_pkey.c", - "crypto/pem/pem_x509.c", - "crypto/pem/pem_xaux.c", - "crypto/pkcs7/pkcs7.c", - "crypto/pkcs7/pkcs7_x509.c", - "crypto/pkcs8/p5_pbev2.c", - "crypto/pkcs8/pkcs8.c", - "crypto/pkcs8/pkcs8_x509.c", - "crypto/poly1305/poly1305.c", - "crypto/poly1305/poly1305_arm.c", - "crypto/poly1305/poly1305_vec.c", - "crypto/pool/pool.c", - "crypto/rand_extra/deterministic.c", - "crypto/rand_extra/fork_detect.c", - "crypto/rand_extra/forkunsafe.c", - "crypto/rand_extra/getentropy.c", - "crypto/rand_extra/ios.c", - "crypto/rand_extra/passive.c", - "crypto/rand_extra/rand_extra.c", - "crypto/rand_extra/trusty.c", - "crypto/rand_extra/urandom.c", - "crypto/rand_extra/windows.c", - "crypto/rc4/rc4.c", - "crypto/refcount.c", - "crypto/rsa_extra/rsa_asn1.c", - "crypto/rsa_extra/rsa_crypt.c", - "crypto/rsa_extra/rsa_extra.c", - "crypto/rsa_extra/rsa_print.c", - "crypto/sha/sha1.c", - "crypto/sha/sha256.c", - "crypto/sha/sha512.c", - "crypto/siphash/siphash.c", - "crypto/slhdsa/fors.c", - "crypto/slhdsa/merkle.c", - "crypto/slhdsa/slhdsa.c", - "crypto/slhdsa/thash.c", - "crypto/slhdsa/wots.c", - "crypto/spx/spx.c", - "crypto/spx/spx_address.c", - "crypto/spx/spx_fors.c", - "crypto/spx/spx_merkle.c", - "crypto/spx/spx_thash.c", - "crypto/spx/spx_util.c", - "crypto/spx/spx_wots.c", - "crypto/stack/stack.c", - "crypto/thread.c", - "crypto/thread_none.c", - "crypto/thread_pthread.c", - "crypto/thread_win.c", - "crypto/trust_token/pmbtoken.c", - "crypto/trust_token/trust_token.c", - "crypto/trust_token/voprf.c", - "crypto/x509/a_digest.c", - "crypto/x509/a_sign.c", - "crypto/x509/a_verify.c", - "crypto/x509/algorithm.c", - "crypto/x509/asn1_gen.c", - "crypto/x509/by_dir.c", - "crypto/x509/by_file.c", - "crypto/x509/i2d_pr.c", - "crypto/x509/name_print.c", - "crypto/x509/policy.c", - "crypto/x509/rsa_pss.c", - "crypto/x509/t_crl.c", - "crypto/x509/t_req.c", - "crypto/x509/t_x509.c", - "crypto/x509/t_x509a.c", - "crypto/x509/v3_akey.c", - "crypto/x509/v3_akeya.c", - "crypto/x509/v3_alt.c", - "crypto/x509/v3_bcons.c", - "crypto/x509/v3_bitst.c", - "crypto/x509/v3_conf.c", - "crypto/x509/v3_cpols.c", - "crypto/x509/v3_crld.c", - "crypto/x509/v3_enum.c", - "crypto/x509/v3_extku.c", - "crypto/x509/v3_genn.c", - "crypto/x509/v3_ia5.c", - "crypto/x509/v3_info.c", - "crypto/x509/v3_int.c", - "crypto/x509/v3_lib.c", - "crypto/x509/v3_ncons.c", - "crypto/x509/v3_ocsp.c", - "crypto/x509/v3_pcons.c", - "crypto/x509/v3_pmaps.c", - "crypto/x509/v3_prn.c", - "crypto/x509/v3_purp.c", - "crypto/x509/v3_skey.c", - "crypto/x509/v3_utl.c", - "crypto/x509/x509.c", - "crypto/x509/x509_att.c", - "crypto/x509/x509_cmp.c", - "crypto/x509/x509_d2.c", - "crypto/x509/x509_def.c", - "crypto/x509/x509_ext.c", - "crypto/x509/x509_lu.c", - "crypto/x509/x509_obj.c", - "crypto/x509/x509_req.c", - "crypto/x509/x509_set.c", - "crypto/x509/x509_trs.c", - "crypto/x509/x509_txt.c", - "crypto/x509/x509_v3.c", - "crypto/x509/x509_vfy.c", - "crypto/x509/x509_vpm.c", - "crypto/x509/x509cset.c", - "crypto/x509/x509name.c", - "crypto/x509/x509rset.c", - "crypto/x509/x509spki.c", - "crypto/x509/x_algor.c", - "crypto/x509/x_all.c", - "crypto/x509/x_attrib.c", - "crypto/x509/x_crl.c", - "crypto/x509/x_exten.c", - "crypto/x509/x_name.c", - "crypto/x509/x_pubkey.c", - "crypto/x509/x_req.c", - "crypto/x509/x_sig.c", - "crypto/x509/x_spki.c", - "crypto/x509/x_val.c", - "crypto/x509/x_x509.c", - "crypto/x509/x_x509a.c", - "gen/crypto/err_data.c", + "crypto/obj/obj.cc", + "crypto/obj/obj_xref.cc", + "crypto/pem/pem_all.cc", + "crypto/pem/pem_info.cc", + "crypto/pem/pem_lib.cc", + "crypto/pem/pem_oth.cc", + "crypto/pem/pem_pk8.cc", + "crypto/pem/pem_pkey.cc", + "crypto/pem/pem_x509.cc", + "crypto/pem/pem_xaux.cc", + "crypto/pkcs7/pkcs7.cc", + "crypto/pkcs7/pkcs7_x509.cc", + "crypto/pkcs8/p5_pbev2.cc", + "crypto/pkcs8/pkcs8.cc", + "crypto/pkcs8/pkcs8_x509.cc", + "crypto/poly1305/poly1305.cc", + "crypto/poly1305/poly1305_arm.cc", + "crypto/poly1305/poly1305_vec.cc", + "crypto/pool/pool.cc", + "crypto/rand_extra/deterministic.cc", + "crypto/rand_extra/fork_detect.cc", + "crypto/rand_extra/forkunsafe.cc", + "crypto/rand_extra/getentropy.cc", + "crypto/rand_extra/ios.cc", + "crypto/rand_extra/passive.cc", + "crypto/rand_extra/rand_extra.cc", + "crypto/rand_extra/trusty.cc", + "crypto/rand_extra/urandom.cc", + "crypto/rand_extra/windows.cc", + "crypto/rc4/rc4.cc", + "crypto/refcount.cc", + "crypto/rsa_extra/rsa_asn1.cc", + "crypto/rsa_extra/rsa_crypt.cc", + "crypto/rsa_extra/rsa_extra.cc", + "crypto/rsa_extra/rsa_print.cc", + "crypto/sha/sha1.cc", + "crypto/sha/sha256.cc", + "crypto/sha/sha512.cc", + "crypto/siphash/siphash.cc", + "crypto/slhdsa/fors.cc", + "crypto/slhdsa/merkle.cc", + "crypto/slhdsa/slhdsa.cc", + "crypto/slhdsa/thash.cc", + "crypto/slhdsa/wots.cc", + "crypto/spx/spx.cc", + "crypto/spx/spx_address.cc", + "crypto/spx/spx_fors.cc", + "crypto/spx/spx_merkle.cc", + "crypto/spx/spx_thash.cc", + "crypto/spx/spx_util.cc", + "crypto/spx/spx_wots.cc", + "crypto/stack/stack.cc", + "crypto/thread.cc", + "crypto/thread_none.cc", + "crypto/thread_pthread.cc", + "crypto/thread_win.cc", + "crypto/trust_token/pmbtoken.cc", + "crypto/trust_token/trust_token.cc", + "crypto/trust_token/voprf.cc", + "crypto/x509/a_digest.cc", + "crypto/x509/a_sign.cc", + "crypto/x509/a_verify.cc", + "crypto/x509/algorithm.cc", + "crypto/x509/asn1_gen.cc", + "crypto/x509/by_dir.cc", + "crypto/x509/by_file.cc", + "crypto/x509/i2d_pr.cc", + "crypto/x509/name_print.cc", + "crypto/x509/policy.cc", + "crypto/x509/rsa_pss.cc", + "crypto/x509/t_crl.cc", + "crypto/x509/t_req.cc", + "crypto/x509/t_x509.cc", + "crypto/x509/t_x509a.cc", + "crypto/x509/v3_akey.cc", + "crypto/x509/v3_akeya.cc", + "crypto/x509/v3_alt.cc", + "crypto/x509/v3_bcons.cc", + "crypto/x509/v3_bitst.cc", + "crypto/x509/v3_conf.cc", + "crypto/x509/v3_cpols.cc", + "crypto/x509/v3_crld.cc", + "crypto/x509/v3_enum.cc", + "crypto/x509/v3_extku.cc", + "crypto/x509/v3_genn.cc", + "crypto/x509/v3_ia5.cc", + "crypto/x509/v3_info.cc", + "crypto/x509/v3_int.cc", + "crypto/x509/v3_lib.cc", + "crypto/x509/v3_ncons.cc", + "crypto/x509/v3_ocsp.cc", + "crypto/x509/v3_pcons.cc", + "crypto/x509/v3_pmaps.cc", + "crypto/x509/v3_prn.cc", + "crypto/x509/v3_purp.cc", + "crypto/x509/v3_skey.cc", + "crypto/x509/v3_utl.cc", + "crypto/x509/x509.cc", + "crypto/x509/x509_att.cc", + "crypto/x509/x509_cmp.cc", + "crypto/x509/x509_d2.cc", + "crypto/x509/x509_def.cc", + "crypto/x509/x509_ext.cc", + "crypto/x509/x509_lu.cc", + "crypto/x509/x509_obj.cc", + "crypto/x509/x509_req.cc", + "crypto/x509/x509_set.cc", + "crypto/x509/x509_trs.cc", + "crypto/x509/x509_txt.cc", + "crypto/x509/x509_v3.cc", + "crypto/x509/x509_vfy.cc", + "crypto/x509/x509_vpm.cc", + "crypto/x509/x509cset.cc", + "crypto/x509/x509name.cc", + "crypto/x509/x509rset.cc", + "crypto/x509/x509spki.cc", + "crypto/x509/x_algor.cc", + "crypto/x509/x_all.cc", + "crypto/x509/x_attrib.cc", + "crypto/x509/x_crl.cc", + "crypto/x509/x_exten.cc", + "crypto/x509/x_name.cc", + "crypto/x509/x_pubkey.cc", + "crypto/x509/x_req.cc", + "crypto/x509/x_sig.cc", + "crypto/x509/x_spki.cc", + "crypto/x509/x_val.cc", + "crypto/x509/x_x509.cc", + "crypto/x509/x_x509a.cc", + "gen/crypto/err_data.cc", ] crypto_headers = [ @@ -1042,23 +1042,23 @@ ] decrepit_sources = [ - "decrepit/bio/base64_bio.c", - "decrepit/blowfish/blowfish.c", - "decrepit/cast/cast.c", - "decrepit/cast/cast_tables.c", - "decrepit/cfb/cfb.c", - "decrepit/des/cfb64ede.c", - "decrepit/dh/dh_decrepit.c", - "decrepit/dsa/dsa_decrepit.c", - "decrepit/evp/dss1.c", - "decrepit/evp/evp_do_all.c", - "decrepit/obj/obj_decrepit.c", - "decrepit/rc4/rc4_decrepit.c", - "decrepit/ripemd/ripemd.c", - "decrepit/rsa/rsa_decrepit.c", - "decrepit/ssl/ssl_decrepit.c", - "decrepit/x509/x509_decrepit.c", - "decrepit/xts/xts.c", + "decrepit/bio/base64_bio.cc", + "decrepit/blowfish/blowfish.cc", + "decrepit/cast/cast.cc", + "decrepit/cast/cast_tables.cc", + "decrepit/cfb/cfb.cc", + "decrepit/des/cfb64ede.cc", + "decrepit/dh/dh_decrepit.cc", + "decrepit/dsa/dsa_decrepit.cc", + "decrepit/evp/dss1.cc", + "decrepit/evp/evp_do_all.cc", + "decrepit/obj/obj_decrepit.cc", + "decrepit/rc4/rc4_decrepit.cc", + "decrepit/ripemd/ripemd.cc", + "decrepit/rsa/rsa_decrepit.cc", + "decrepit/ssl/ssl_decrepit.cc", + "decrepit/x509/x509_decrepit.cc", + "decrepit/xts/xts.cc", ] decrepit_internal_headers = [
diff --git a/gen/sources.cmake b/gen/sources.cmake index 8c157e3..ea33e32 100644 --- a/gen/sources.cmake +++ b/gen/sources.cmake
@@ -17,84 +17,84 @@ set( BCM_SOURCES - crypto/fipsmodule/bcm.c + crypto/fipsmodule/bcm.cc ) set( BCM_INTERNAL_HEADERS - crypto/fipsmodule/aes/aes.c.inc - crypto/fipsmodule/aes/aes_nohw.c.inc - crypto/fipsmodule/aes/key_wrap.c.inc - crypto/fipsmodule/aes/mode_wrappers.c.inc - crypto/fipsmodule/bn/add.c.inc - crypto/fipsmodule/bn/asm/x86_64-gcc.c.inc - crypto/fipsmodule/bn/bn.c.inc - crypto/fipsmodule/bn/bytes.c.inc - crypto/fipsmodule/bn/cmp.c.inc - crypto/fipsmodule/bn/ctx.c.inc - crypto/fipsmodule/bn/div.c.inc - crypto/fipsmodule/bn/div_extra.c.inc - crypto/fipsmodule/bn/exponentiation.c.inc - crypto/fipsmodule/bn/gcd.c.inc - crypto/fipsmodule/bn/gcd_extra.c.inc - crypto/fipsmodule/bn/generic.c.inc - crypto/fipsmodule/bn/jacobi.c.inc - crypto/fipsmodule/bn/montgomery.c.inc - crypto/fipsmodule/bn/montgomery_inv.c.inc - crypto/fipsmodule/bn/mul.c.inc - crypto/fipsmodule/bn/prime.c.inc - crypto/fipsmodule/bn/random.c.inc - crypto/fipsmodule/bn/rsaz_exp.c.inc - crypto/fipsmodule/bn/shift.c.inc - crypto/fipsmodule/bn/sqrt.c.inc - crypto/fipsmodule/cipher/aead.c.inc - crypto/fipsmodule/cipher/cipher.c.inc - crypto/fipsmodule/cipher/e_aes.c.inc - crypto/fipsmodule/cipher/e_aesccm.c.inc - crypto/fipsmodule/cmac/cmac.c.inc - crypto/fipsmodule/dh/check.c.inc - crypto/fipsmodule/dh/dh.c.inc - crypto/fipsmodule/digest/digest.c.inc - crypto/fipsmodule/digest/digests.c.inc - crypto/fipsmodule/digestsign/digestsign.c.inc - crypto/fipsmodule/ec/ec.c.inc - crypto/fipsmodule/ec/ec_key.c.inc - crypto/fipsmodule/ec/ec_montgomery.c.inc - crypto/fipsmodule/ec/felem.c.inc - crypto/fipsmodule/ec/oct.c.inc - crypto/fipsmodule/ec/p224-64.c.inc - crypto/fipsmodule/ec/p256-nistz.c.inc - crypto/fipsmodule/ec/p256.c.inc - crypto/fipsmodule/ec/scalar.c.inc - crypto/fipsmodule/ec/simple.c.inc - crypto/fipsmodule/ec/simple_mul.c.inc - crypto/fipsmodule/ec/util.c.inc - crypto/fipsmodule/ec/wnaf.c.inc - crypto/fipsmodule/ecdh/ecdh.c.inc - crypto/fipsmodule/ecdsa/ecdsa.c.inc - crypto/fipsmodule/hkdf/hkdf.c.inc - crypto/fipsmodule/hmac/hmac.c.inc - crypto/fipsmodule/modes/cbc.c.inc - crypto/fipsmodule/modes/cfb.c.inc - crypto/fipsmodule/modes/ctr.c.inc - crypto/fipsmodule/modes/gcm.c.inc - crypto/fipsmodule/modes/gcm_nohw.c.inc - crypto/fipsmodule/modes/ofb.c.inc - crypto/fipsmodule/modes/polyval.c.inc - crypto/fipsmodule/rand/ctrdrbg.c.inc - crypto/fipsmodule/rand/rand.c.inc - crypto/fipsmodule/rsa/blinding.c.inc - crypto/fipsmodule/rsa/padding.c.inc - crypto/fipsmodule/rsa/rsa.c.inc - crypto/fipsmodule/rsa/rsa_impl.c.inc - crypto/fipsmodule/self_check/fips.c.inc - crypto/fipsmodule/self_check/self_check.c.inc - crypto/fipsmodule/service_indicator/service_indicator.c.inc - crypto/fipsmodule/sha/sha1.c.inc - crypto/fipsmodule/sha/sha256.c.inc - crypto/fipsmodule/sha/sha512.c.inc - crypto/fipsmodule/tls/kdf.c.inc + crypto/fipsmodule/aes/aes.cc.inc + crypto/fipsmodule/aes/aes_nohw.cc.inc + crypto/fipsmodule/aes/key_wrap.cc.inc + crypto/fipsmodule/aes/mode_wrappers.cc.inc + crypto/fipsmodule/bn/add.cc.inc + crypto/fipsmodule/bn/asm/x86_64-gcc.cc.inc + crypto/fipsmodule/bn/bn.cc.inc + crypto/fipsmodule/bn/bytes.cc.inc + crypto/fipsmodule/bn/cmp.cc.inc + crypto/fipsmodule/bn/ctx.cc.inc + crypto/fipsmodule/bn/div.cc.inc + crypto/fipsmodule/bn/div_extra.cc.inc + crypto/fipsmodule/bn/exponentiation.cc.inc + crypto/fipsmodule/bn/gcd.cc.inc + crypto/fipsmodule/bn/gcd_extra.cc.inc + crypto/fipsmodule/bn/generic.cc.inc + crypto/fipsmodule/bn/jacobi.cc.inc + crypto/fipsmodule/bn/montgomery.cc.inc + crypto/fipsmodule/bn/montgomery_inv.cc.inc + crypto/fipsmodule/bn/mul.cc.inc + crypto/fipsmodule/bn/prime.cc.inc + crypto/fipsmodule/bn/random.cc.inc + crypto/fipsmodule/bn/rsaz_exp.cc.inc + crypto/fipsmodule/bn/shift.cc.inc + crypto/fipsmodule/bn/sqrt.cc.inc + crypto/fipsmodule/cipher/aead.cc.inc + crypto/fipsmodule/cipher/cipher.cc.inc + crypto/fipsmodule/cipher/e_aes.cc.inc + crypto/fipsmodule/cipher/e_aesccm.cc.inc + crypto/fipsmodule/cmac/cmac.cc.inc + crypto/fipsmodule/dh/check.cc.inc + crypto/fipsmodule/dh/dh.cc.inc + crypto/fipsmodule/digest/digest.cc.inc + crypto/fipsmodule/digest/digests.cc.inc + crypto/fipsmodule/digestsign/digestsign.cc.inc + crypto/fipsmodule/ec/ec.cc.inc + crypto/fipsmodule/ec/ec_key.cc.inc + crypto/fipsmodule/ec/ec_montgomery.cc.inc + crypto/fipsmodule/ec/felem.cc.inc + crypto/fipsmodule/ec/oct.cc.inc + crypto/fipsmodule/ec/p224-64.cc.inc + crypto/fipsmodule/ec/p256-nistz.cc.inc + crypto/fipsmodule/ec/p256.cc.inc + crypto/fipsmodule/ec/scalar.cc.inc + crypto/fipsmodule/ec/simple.cc.inc + crypto/fipsmodule/ec/simple_mul.cc.inc + crypto/fipsmodule/ec/util.cc.inc + crypto/fipsmodule/ec/wnaf.cc.inc + crypto/fipsmodule/ecdh/ecdh.cc.inc + crypto/fipsmodule/ecdsa/ecdsa.cc.inc + crypto/fipsmodule/hkdf/hkdf.cc.inc + crypto/fipsmodule/hmac/hmac.cc.inc + crypto/fipsmodule/modes/cbc.cc.inc + crypto/fipsmodule/modes/cfb.cc.inc + crypto/fipsmodule/modes/ctr.cc.inc + crypto/fipsmodule/modes/gcm.cc.inc + crypto/fipsmodule/modes/gcm_nohw.cc.inc + crypto/fipsmodule/modes/ofb.cc.inc + crypto/fipsmodule/modes/polyval.cc.inc + crypto/fipsmodule/rand/ctrdrbg.cc.inc + crypto/fipsmodule/rand/rand.cc.inc + crypto/fipsmodule/rsa/blinding.cc.inc + crypto/fipsmodule/rsa/padding.cc.inc + crypto/fipsmodule/rsa/rsa.cc.inc + crypto/fipsmodule/rsa/rsa_impl.cc.inc + crypto/fipsmodule/self_check/fips.cc.inc + crypto/fipsmodule/self_check/self_check.cc.inc + crypto/fipsmodule/service_indicator/service_indicator.cc.inc + crypto/fipsmodule/sha/sha1.cc.inc + crypto/fipsmodule/sha/sha256.cc.inc + crypto/fipsmodule/sha/sha512.cc.inc + crypto/fipsmodule/tls/kdf.cc.inc ) set( @@ -258,255 +258,255 @@ set( CRYPTO_SOURCES - crypto/asn1/a_bitstr.c - crypto/asn1/a_bool.c - crypto/asn1/a_d2i_fp.c - crypto/asn1/a_dup.c - crypto/asn1/a_gentm.c - crypto/asn1/a_i2d_fp.c - crypto/asn1/a_int.c - crypto/asn1/a_mbstr.c - crypto/asn1/a_object.c - crypto/asn1/a_octet.c - crypto/asn1/a_strex.c - crypto/asn1/a_strnid.c - crypto/asn1/a_time.c - crypto/asn1/a_type.c - crypto/asn1/a_utctm.c - crypto/asn1/asn1_lib.c - crypto/asn1/asn1_par.c - crypto/asn1/asn_pack.c - crypto/asn1/f_int.c - crypto/asn1/f_string.c - crypto/asn1/posix_time.c - crypto/asn1/tasn_dec.c - crypto/asn1/tasn_enc.c - crypto/asn1/tasn_fre.c - crypto/asn1/tasn_new.c - crypto/asn1/tasn_typ.c - crypto/asn1/tasn_utl.c - crypto/base64/base64.c - crypto/bio/bio.c - crypto/bio/bio_mem.c - crypto/bio/connect.c - crypto/bio/errno.c - crypto/bio/fd.c - crypto/bio/file.c - crypto/bio/hexdump.c - crypto/bio/pair.c - crypto/bio/printf.c - crypto/bio/socket.c - crypto/bio/socket_helper.c - crypto/blake2/blake2.c - crypto/bn_extra/bn_asn1.c - crypto/bn_extra/convert.c - crypto/buf/buf.c - crypto/bytestring/asn1_compat.c - crypto/bytestring/ber.c - crypto/bytestring/cbb.c - crypto/bytestring/cbs.c - crypto/bytestring/unicode.c - crypto/chacha/chacha.c - crypto/cipher_extra/cipher_extra.c - crypto/cipher_extra/derive_key.c - crypto/cipher_extra/e_aesctrhmac.c - crypto/cipher_extra/e_aesgcmsiv.c - crypto/cipher_extra/e_chacha20poly1305.c - crypto/cipher_extra/e_des.c - crypto/cipher_extra/e_null.c - crypto/cipher_extra/e_rc2.c - crypto/cipher_extra/e_rc4.c - crypto/cipher_extra/e_tls.c - crypto/cipher_extra/tls_cbc.c - crypto/conf/conf.c - crypto/cpu_aarch64_apple.c - crypto/cpu_aarch64_fuchsia.c - crypto/cpu_aarch64_linux.c - crypto/cpu_aarch64_openbsd.c - crypto/cpu_aarch64_sysreg.c - crypto/cpu_aarch64_win.c - crypto/cpu_arm_freebsd.c - crypto/cpu_arm_linux.c - crypto/cpu_intel.c - crypto/crypto.c - crypto/curve25519/curve25519.c - crypto/curve25519/curve25519_64_adx.c - crypto/curve25519/spake25519.c - crypto/des/des.c - crypto/dh_extra/dh_asn1.c - crypto/dh_extra/params.c - crypto/digest_extra/digest_extra.c - crypto/dilithium/dilithium.c - crypto/dsa/dsa.c - crypto/dsa/dsa_asn1.c - crypto/ec_extra/ec_asn1.c - crypto/ec_extra/ec_derive.c - crypto/ec_extra/hash_to_curve.c - crypto/ecdh_extra/ecdh_extra.c - crypto/ecdsa_extra/ecdsa_asn1.c - crypto/engine/engine.c - crypto/err/err.c - crypto/evp/evp.c - crypto/evp/evp_asn1.c - crypto/evp/evp_ctx.c - crypto/evp/p_dh.c - crypto/evp/p_dh_asn1.c - crypto/evp/p_dsa_asn1.c - crypto/evp/p_ec.c - crypto/evp/p_ec_asn1.c - crypto/evp/p_ed25519.c - crypto/evp/p_ed25519_asn1.c - crypto/evp/p_hkdf.c - crypto/evp/p_rsa.c - crypto/evp/p_rsa_asn1.c - crypto/evp/p_x25519.c - crypto/evp/p_x25519_asn1.c - crypto/evp/pbkdf.c - crypto/evp/print.c - crypto/evp/scrypt.c - crypto/evp/sign.c - crypto/ex_data.c - crypto/fipsmodule/fips_shared_support.c - crypto/hpke/hpke.c - crypto/hrss/hrss.c - crypto/keccak/keccak.c - crypto/kyber/kyber.c - crypto/lhash/lhash.c - crypto/md4/md4.c - crypto/md5/md5.c - crypto/mem.c + crypto/asn1/a_bitstr.cc + crypto/asn1/a_bool.cc + crypto/asn1/a_d2i_fp.cc + crypto/asn1/a_dup.cc + crypto/asn1/a_gentm.cc + crypto/asn1/a_i2d_fp.cc + crypto/asn1/a_int.cc + crypto/asn1/a_mbstr.cc + crypto/asn1/a_object.cc + crypto/asn1/a_octet.cc + crypto/asn1/a_strex.cc + crypto/asn1/a_strnid.cc + crypto/asn1/a_time.cc + crypto/asn1/a_type.cc + crypto/asn1/a_utctm.cc + crypto/asn1/asn1_lib.cc + crypto/asn1/asn1_par.cc + crypto/asn1/asn_pack.cc + crypto/asn1/f_int.cc + crypto/asn1/f_string.cc + crypto/asn1/posix_time.cc + crypto/asn1/tasn_dec.cc + crypto/asn1/tasn_enc.cc + crypto/asn1/tasn_fre.cc + crypto/asn1/tasn_new.cc + crypto/asn1/tasn_typ.cc + crypto/asn1/tasn_utl.cc + crypto/base64/base64.cc + crypto/bio/bio.cc + crypto/bio/bio_mem.cc + crypto/bio/connect.cc + crypto/bio/errno.cc + crypto/bio/fd.cc + crypto/bio/file.cc + crypto/bio/hexdump.cc + crypto/bio/pair.cc + crypto/bio/printf.cc + crypto/bio/socket.cc + crypto/bio/socket_helper.cc + crypto/blake2/blake2.cc + crypto/bn_extra/bn_asn1.cc + crypto/bn_extra/convert.cc + crypto/buf/buf.cc + crypto/bytestring/asn1_compat.cc + crypto/bytestring/ber.cc + crypto/bytestring/cbb.cc + crypto/bytestring/cbs.cc + crypto/bytestring/unicode.cc + crypto/chacha/chacha.cc + crypto/cipher_extra/cipher_extra.cc + crypto/cipher_extra/derive_key.cc + crypto/cipher_extra/e_aesctrhmac.cc + crypto/cipher_extra/e_aesgcmsiv.cc + crypto/cipher_extra/e_chacha20poly1305.cc + crypto/cipher_extra/e_des.cc + crypto/cipher_extra/e_null.cc + crypto/cipher_extra/e_rc2.cc + crypto/cipher_extra/e_rc4.cc + crypto/cipher_extra/e_tls.cc + crypto/cipher_extra/tls_cbc.cc + crypto/conf/conf.cc + crypto/cpu_aarch64_apple.cc + crypto/cpu_aarch64_fuchsia.cc + crypto/cpu_aarch64_linux.cc + crypto/cpu_aarch64_openbsd.cc + crypto/cpu_aarch64_sysreg.cc + crypto/cpu_aarch64_win.cc + crypto/cpu_arm_freebsd.cc + crypto/cpu_arm_linux.cc + crypto/cpu_intel.cc + crypto/crypto.cc + crypto/curve25519/curve25519.cc + crypto/curve25519/curve25519_64_adx.cc + crypto/curve25519/spake25519.cc + crypto/des/des.cc + crypto/dh_extra/dh_asn1.cc + crypto/dh_extra/params.cc + crypto/digest_extra/digest_extra.cc + crypto/dilithium/dilithium.cc + crypto/dsa/dsa.cc + crypto/dsa/dsa_asn1.cc + crypto/ec_extra/ec_asn1.cc + crypto/ec_extra/ec_derive.cc + crypto/ec_extra/hash_to_curve.cc + crypto/ecdh_extra/ecdh_extra.cc + crypto/ecdsa_extra/ecdsa_asn1.cc + crypto/engine/engine.cc + crypto/err/err.cc + crypto/evp/evp.cc + crypto/evp/evp_asn1.cc + crypto/evp/evp_ctx.cc + crypto/evp/p_dh.cc + crypto/evp/p_dh_asn1.cc + crypto/evp/p_dsa_asn1.cc + crypto/evp/p_ec.cc + crypto/evp/p_ec_asn1.cc + crypto/evp/p_ed25519.cc + crypto/evp/p_ed25519_asn1.cc + crypto/evp/p_hkdf.cc + crypto/evp/p_rsa.cc + crypto/evp/p_rsa_asn1.cc + crypto/evp/p_x25519.cc + crypto/evp/p_x25519_asn1.cc + crypto/evp/pbkdf.cc + crypto/evp/print.cc + crypto/evp/scrypt.cc + crypto/evp/sign.cc + crypto/ex_data.cc + crypto/fipsmodule/fips_shared_support.cc + crypto/hpke/hpke.cc + crypto/hrss/hrss.cc + crypto/keccak/keccak.cc + crypto/kyber/kyber.cc + crypto/lhash/lhash.cc + crypto/md4/md4.cc + crypto/md5/md5.cc + crypto/mem.cc crypto/mldsa/mldsa.cc crypto/mlkem/mlkem.cc - crypto/obj/obj.c - crypto/obj/obj_xref.c - crypto/pem/pem_all.c - crypto/pem/pem_info.c - crypto/pem/pem_lib.c - crypto/pem/pem_oth.c - crypto/pem/pem_pk8.c - crypto/pem/pem_pkey.c - crypto/pem/pem_x509.c - crypto/pem/pem_xaux.c - crypto/pkcs7/pkcs7.c - crypto/pkcs7/pkcs7_x509.c - crypto/pkcs8/p5_pbev2.c - crypto/pkcs8/pkcs8.c - crypto/pkcs8/pkcs8_x509.c - crypto/poly1305/poly1305.c - crypto/poly1305/poly1305_arm.c - crypto/poly1305/poly1305_vec.c - crypto/pool/pool.c - crypto/rand_extra/deterministic.c - crypto/rand_extra/fork_detect.c - crypto/rand_extra/forkunsafe.c - crypto/rand_extra/getentropy.c - crypto/rand_extra/ios.c - crypto/rand_extra/passive.c - crypto/rand_extra/rand_extra.c - crypto/rand_extra/trusty.c - crypto/rand_extra/urandom.c - crypto/rand_extra/windows.c - crypto/rc4/rc4.c - crypto/refcount.c - crypto/rsa_extra/rsa_asn1.c - crypto/rsa_extra/rsa_crypt.c - crypto/rsa_extra/rsa_extra.c - crypto/rsa_extra/rsa_print.c - crypto/sha/sha1.c - crypto/sha/sha256.c - crypto/sha/sha512.c - crypto/siphash/siphash.c - crypto/slhdsa/fors.c - crypto/slhdsa/merkle.c - crypto/slhdsa/slhdsa.c - crypto/slhdsa/thash.c - crypto/slhdsa/wots.c - crypto/spx/spx.c - crypto/spx/spx_address.c - crypto/spx/spx_fors.c - crypto/spx/spx_merkle.c - crypto/spx/spx_thash.c - crypto/spx/spx_util.c - crypto/spx/spx_wots.c - crypto/stack/stack.c - crypto/thread.c - crypto/thread_none.c - crypto/thread_pthread.c - crypto/thread_win.c - crypto/trust_token/pmbtoken.c - crypto/trust_token/trust_token.c - crypto/trust_token/voprf.c - crypto/x509/a_digest.c - crypto/x509/a_sign.c - crypto/x509/a_verify.c - crypto/x509/algorithm.c - crypto/x509/asn1_gen.c - crypto/x509/by_dir.c - crypto/x509/by_file.c - crypto/x509/i2d_pr.c - crypto/x509/name_print.c - crypto/x509/policy.c - crypto/x509/rsa_pss.c - crypto/x509/t_crl.c - crypto/x509/t_req.c - crypto/x509/t_x509.c - crypto/x509/t_x509a.c - crypto/x509/v3_akey.c - crypto/x509/v3_akeya.c - crypto/x509/v3_alt.c - crypto/x509/v3_bcons.c - crypto/x509/v3_bitst.c - crypto/x509/v3_conf.c - crypto/x509/v3_cpols.c - crypto/x509/v3_crld.c - crypto/x509/v3_enum.c - crypto/x509/v3_extku.c - crypto/x509/v3_genn.c - crypto/x509/v3_ia5.c - crypto/x509/v3_info.c - crypto/x509/v3_int.c - crypto/x509/v3_lib.c - crypto/x509/v3_ncons.c - crypto/x509/v3_ocsp.c - crypto/x509/v3_pcons.c - crypto/x509/v3_pmaps.c - crypto/x509/v3_prn.c - crypto/x509/v3_purp.c - crypto/x509/v3_skey.c - crypto/x509/v3_utl.c - crypto/x509/x509.c - crypto/x509/x509_att.c - crypto/x509/x509_cmp.c - crypto/x509/x509_d2.c - crypto/x509/x509_def.c - crypto/x509/x509_ext.c - crypto/x509/x509_lu.c - crypto/x509/x509_obj.c - crypto/x509/x509_req.c - crypto/x509/x509_set.c - crypto/x509/x509_trs.c - crypto/x509/x509_txt.c - crypto/x509/x509_v3.c - crypto/x509/x509_vfy.c - crypto/x509/x509_vpm.c - crypto/x509/x509cset.c - crypto/x509/x509name.c - crypto/x509/x509rset.c - crypto/x509/x509spki.c - crypto/x509/x_algor.c - crypto/x509/x_all.c - crypto/x509/x_attrib.c - crypto/x509/x_crl.c - crypto/x509/x_exten.c - crypto/x509/x_name.c - crypto/x509/x_pubkey.c - crypto/x509/x_req.c - crypto/x509/x_sig.c - crypto/x509/x_spki.c - crypto/x509/x_val.c - crypto/x509/x_x509.c - crypto/x509/x_x509a.c - gen/crypto/err_data.c + crypto/obj/obj.cc + crypto/obj/obj_xref.cc + crypto/pem/pem_all.cc + crypto/pem/pem_info.cc + crypto/pem/pem_lib.cc + crypto/pem/pem_oth.cc + crypto/pem/pem_pk8.cc + crypto/pem/pem_pkey.cc + crypto/pem/pem_x509.cc + crypto/pem/pem_xaux.cc + crypto/pkcs7/pkcs7.cc + crypto/pkcs7/pkcs7_x509.cc + crypto/pkcs8/p5_pbev2.cc + crypto/pkcs8/pkcs8.cc + crypto/pkcs8/pkcs8_x509.cc + crypto/poly1305/poly1305.cc + crypto/poly1305/poly1305_arm.cc + crypto/poly1305/poly1305_vec.cc + crypto/pool/pool.cc + crypto/rand_extra/deterministic.cc + crypto/rand_extra/fork_detect.cc + crypto/rand_extra/forkunsafe.cc + crypto/rand_extra/getentropy.cc + crypto/rand_extra/ios.cc + crypto/rand_extra/passive.cc + crypto/rand_extra/rand_extra.cc + crypto/rand_extra/trusty.cc + crypto/rand_extra/urandom.cc + crypto/rand_extra/windows.cc + crypto/rc4/rc4.cc + crypto/refcount.cc + crypto/rsa_extra/rsa_asn1.cc + crypto/rsa_extra/rsa_crypt.cc + crypto/rsa_extra/rsa_extra.cc + crypto/rsa_extra/rsa_print.cc + crypto/sha/sha1.cc + crypto/sha/sha256.cc + crypto/sha/sha512.cc + crypto/siphash/siphash.cc + crypto/slhdsa/fors.cc + crypto/slhdsa/merkle.cc + crypto/slhdsa/slhdsa.cc + crypto/slhdsa/thash.cc + crypto/slhdsa/wots.cc + crypto/spx/spx.cc + crypto/spx/spx_address.cc + crypto/spx/spx_fors.cc + crypto/spx/spx_merkle.cc + crypto/spx/spx_thash.cc + crypto/spx/spx_util.cc + crypto/spx/spx_wots.cc + crypto/stack/stack.cc + crypto/thread.cc + crypto/thread_none.cc + crypto/thread_pthread.cc + crypto/thread_win.cc + crypto/trust_token/pmbtoken.cc + crypto/trust_token/trust_token.cc + crypto/trust_token/voprf.cc + crypto/x509/a_digest.cc + crypto/x509/a_sign.cc + crypto/x509/a_verify.cc + crypto/x509/algorithm.cc + crypto/x509/asn1_gen.cc + crypto/x509/by_dir.cc + crypto/x509/by_file.cc + crypto/x509/i2d_pr.cc + crypto/x509/name_print.cc + crypto/x509/policy.cc + crypto/x509/rsa_pss.cc + crypto/x509/t_crl.cc + crypto/x509/t_req.cc + crypto/x509/t_x509.cc + crypto/x509/t_x509a.cc + crypto/x509/v3_akey.cc + crypto/x509/v3_akeya.cc + crypto/x509/v3_alt.cc + crypto/x509/v3_bcons.cc + crypto/x509/v3_bitst.cc + crypto/x509/v3_conf.cc + crypto/x509/v3_cpols.cc + crypto/x509/v3_crld.cc + crypto/x509/v3_enum.cc + crypto/x509/v3_extku.cc + crypto/x509/v3_genn.cc + crypto/x509/v3_ia5.cc + crypto/x509/v3_info.cc + crypto/x509/v3_int.cc + crypto/x509/v3_lib.cc + crypto/x509/v3_ncons.cc + crypto/x509/v3_ocsp.cc + crypto/x509/v3_pcons.cc + crypto/x509/v3_pmaps.cc + crypto/x509/v3_prn.cc + crypto/x509/v3_purp.cc + crypto/x509/v3_skey.cc + crypto/x509/v3_utl.cc + crypto/x509/x509.cc + crypto/x509/x509_att.cc + crypto/x509/x509_cmp.cc + crypto/x509/x509_d2.cc + crypto/x509/x509_def.cc + crypto/x509/x509_ext.cc + crypto/x509/x509_lu.cc + crypto/x509/x509_obj.cc + crypto/x509/x509_req.cc + crypto/x509/x509_set.cc + crypto/x509/x509_trs.cc + crypto/x509/x509_txt.cc + crypto/x509/x509_v3.cc + crypto/x509/x509_vfy.cc + crypto/x509/x509_vpm.cc + crypto/x509/x509cset.cc + crypto/x509/x509name.cc + crypto/x509/x509rset.cc + crypto/x509/x509spki.cc + crypto/x509/x_algor.cc + crypto/x509/x_all.cc + crypto/x509/x_attrib.cc + crypto/x509/x_crl.cc + crypto/x509/x_exten.cc + crypto/x509/x_name.cc + crypto/x509/x_pubkey.cc + crypto/x509/x_req.cc + crypto/x509/x_sig.cc + crypto/x509/x_spki.cc + crypto/x509/x_val.cc + crypto/x509/x_x509.cc + crypto/x509/x_x509a.cc + gen/crypto/err_data.cc ) set( @@ -1070,23 +1070,23 @@ set( DECREPIT_SOURCES - decrepit/bio/base64_bio.c - decrepit/blowfish/blowfish.c - decrepit/cast/cast.c - decrepit/cast/cast_tables.c - decrepit/cfb/cfb.c - decrepit/des/cfb64ede.c - decrepit/dh/dh_decrepit.c - decrepit/dsa/dsa_decrepit.c - decrepit/evp/dss1.c - decrepit/evp/evp_do_all.c - decrepit/obj/obj_decrepit.c - decrepit/rc4/rc4_decrepit.c - decrepit/ripemd/ripemd.c - decrepit/rsa/rsa_decrepit.c - decrepit/ssl/ssl_decrepit.c - decrepit/x509/x509_decrepit.c - decrepit/xts/xts.c + decrepit/bio/base64_bio.cc + decrepit/blowfish/blowfish.cc + decrepit/cast/cast.cc + decrepit/cast/cast_tables.cc + decrepit/cfb/cfb.cc + decrepit/des/cfb64ede.cc + decrepit/dh/dh_decrepit.cc + decrepit/dsa/dsa_decrepit.cc + decrepit/evp/dss1.cc + decrepit/evp/evp_do_all.cc + decrepit/obj/obj_decrepit.cc + decrepit/rc4/rc4_decrepit.cc + decrepit/ripemd/ripemd.cc + decrepit/rsa/rsa_decrepit.cc + decrepit/ssl/ssl_decrepit.cc + decrepit/x509/x509_decrepit.cc + decrepit/xts/xts.cc ) set(
diff --git a/gen/sources.gni b/gen/sources.gni index 2aacebb..6fb50e9 100644 --- a/gen/sources.gni +++ b/gen/sources.gni
@@ -15,82 +15,82 @@ # Generated by go ./util/pregenerate. Do not edit manually. bcm_sources = [ - "crypto/fipsmodule/bcm.c", + "crypto/fipsmodule/bcm.cc", ] bcm_internal_headers = [ - "crypto/fipsmodule/aes/aes.c.inc", - "crypto/fipsmodule/aes/aes_nohw.c.inc", - "crypto/fipsmodule/aes/key_wrap.c.inc", - "crypto/fipsmodule/aes/mode_wrappers.c.inc", - "crypto/fipsmodule/bn/add.c.inc", - "crypto/fipsmodule/bn/asm/x86_64-gcc.c.inc", - "crypto/fipsmodule/bn/bn.c.inc", - "crypto/fipsmodule/bn/bytes.c.inc", - "crypto/fipsmodule/bn/cmp.c.inc", - "crypto/fipsmodule/bn/ctx.c.inc", - "crypto/fipsmodule/bn/div.c.inc", - "crypto/fipsmodule/bn/div_extra.c.inc", - "crypto/fipsmodule/bn/exponentiation.c.inc", - "crypto/fipsmodule/bn/gcd.c.inc", - "crypto/fipsmodule/bn/gcd_extra.c.inc", - "crypto/fipsmodule/bn/generic.c.inc", - "crypto/fipsmodule/bn/jacobi.c.inc", - "crypto/fipsmodule/bn/montgomery.c.inc", - "crypto/fipsmodule/bn/montgomery_inv.c.inc", - "crypto/fipsmodule/bn/mul.c.inc", - "crypto/fipsmodule/bn/prime.c.inc", - "crypto/fipsmodule/bn/random.c.inc", - "crypto/fipsmodule/bn/rsaz_exp.c.inc", - "crypto/fipsmodule/bn/shift.c.inc", - "crypto/fipsmodule/bn/sqrt.c.inc", - "crypto/fipsmodule/cipher/aead.c.inc", - "crypto/fipsmodule/cipher/cipher.c.inc", - "crypto/fipsmodule/cipher/e_aes.c.inc", - "crypto/fipsmodule/cipher/e_aesccm.c.inc", - "crypto/fipsmodule/cmac/cmac.c.inc", - "crypto/fipsmodule/dh/check.c.inc", - "crypto/fipsmodule/dh/dh.c.inc", - "crypto/fipsmodule/digest/digest.c.inc", - "crypto/fipsmodule/digest/digests.c.inc", - "crypto/fipsmodule/digestsign/digestsign.c.inc", - "crypto/fipsmodule/ec/ec.c.inc", - "crypto/fipsmodule/ec/ec_key.c.inc", - "crypto/fipsmodule/ec/ec_montgomery.c.inc", - "crypto/fipsmodule/ec/felem.c.inc", - "crypto/fipsmodule/ec/oct.c.inc", - "crypto/fipsmodule/ec/p224-64.c.inc", - "crypto/fipsmodule/ec/p256-nistz.c.inc", - "crypto/fipsmodule/ec/p256.c.inc", - "crypto/fipsmodule/ec/scalar.c.inc", - "crypto/fipsmodule/ec/simple.c.inc", - "crypto/fipsmodule/ec/simple_mul.c.inc", - "crypto/fipsmodule/ec/util.c.inc", - "crypto/fipsmodule/ec/wnaf.c.inc", - "crypto/fipsmodule/ecdh/ecdh.c.inc", - "crypto/fipsmodule/ecdsa/ecdsa.c.inc", - "crypto/fipsmodule/hkdf/hkdf.c.inc", - "crypto/fipsmodule/hmac/hmac.c.inc", - "crypto/fipsmodule/modes/cbc.c.inc", - "crypto/fipsmodule/modes/cfb.c.inc", - "crypto/fipsmodule/modes/ctr.c.inc", - "crypto/fipsmodule/modes/gcm.c.inc", - "crypto/fipsmodule/modes/gcm_nohw.c.inc", - "crypto/fipsmodule/modes/ofb.c.inc", - "crypto/fipsmodule/modes/polyval.c.inc", - "crypto/fipsmodule/rand/ctrdrbg.c.inc", - "crypto/fipsmodule/rand/rand.c.inc", - "crypto/fipsmodule/rsa/blinding.c.inc", - "crypto/fipsmodule/rsa/padding.c.inc", - "crypto/fipsmodule/rsa/rsa.c.inc", - "crypto/fipsmodule/rsa/rsa_impl.c.inc", - "crypto/fipsmodule/self_check/fips.c.inc", - "crypto/fipsmodule/self_check/self_check.c.inc", - "crypto/fipsmodule/service_indicator/service_indicator.c.inc", - "crypto/fipsmodule/sha/sha1.c.inc", - "crypto/fipsmodule/sha/sha256.c.inc", - "crypto/fipsmodule/sha/sha512.c.inc", - "crypto/fipsmodule/tls/kdf.c.inc", + "crypto/fipsmodule/aes/aes.cc.inc", + "crypto/fipsmodule/aes/aes_nohw.cc.inc", + "crypto/fipsmodule/aes/key_wrap.cc.inc", + "crypto/fipsmodule/aes/mode_wrappers.cc.inc", + "crypto/fipsmodule/bn/add.cc.inc", + "crypto/fipsmodule/bn/asm/x86_64-gcc.cc.inc", + "crypto/fipsmodule/bn/bn.cc.inc", + "crypto/fipsmodule/bn/bytes.cc.inc", + "crypto/fipsmodule/bn/cmp.cc.inc", + "crypto/fipsmodule/bn/ctx.cc.inc", + "crypto/fipsmodule/bn/div.cc.inc", + "crypto/fipsmodule/bn/div_extra.cc.inc", + "crypto/fipsmodule/bn/exponentiation.cc.inc", + "crypto/fipsmodule/bn/gcd.cc.inc", + "crypto/fipsmodule/bn/gcd_extra.cc.inc", + "crypto/fipsmodule/bn/generic.cc.inc", + "crypto/fipsmodule/bn/jacobi.cc.inc", + "crypto/fipsmodule/bn/montgomery.cc.inc", + "crypto/fipsmodule/bn/montgomery_inv.cc.inc", + "crypto/fipsmodule/bn/mul.cc.inc", + "crypto/fipsmodule/bn/prime.cc.inc", + "crypto/fipsmodule/bn/random.cc.inc", + "crypto/fipsmodule/bn/rsaz_exp.cc.inc", + "crypto/fipsmodule/bn/shift.cc.inc", + "crypto/fipsmodule/bn/sqrt.cc.inc", + "crypto/fipsmodule/cipher/aead.cc.inc", + "crypto/fipsmodule/cipher/cipher.cc.inc", + "crypto/fipsmodule/cipher/e_aes.cc.inc", + "crypto/fipsmodule/cipher/e_aesccm.cc.inc", + "crypto/fipsmodule/cmac/cmac.cc.inc", + "crypto/fipsmodule/dh/check.cc.inc", + "crypto/fipsmodule/dh/dh.cc.inc", + "crypto/fipsmodule/digest/digest.cc.inc", + "crypto/fipsmodule/digest/digests.cc.inc", + "crypto/fipsmodule/digestsign/digestsign.cc.inc", + "crypto/fipsmodule/ec/ec.cc.inc", + "crypto/fipsmodule/ec/ec_key.cc.inc", + "crypto/fipsmodule/ec/ec_montgomery.cc.inc", + "crypto/fipsmodule/ec/felem.cc.inc", + "crypto/fipsmodule/ec/oct.cc.inc", + "crypto/fipsmodule/ec/p224-64.cc.inc", + "crypto/fipsmodule/ec/p256-nistz.cc.inc", + "crypto/fipsmodule/ec/p256.cc.inc", + "crypto/fipsmodule/ec/scalar.cc.inc", + "crypto/fipsmodule/ec/simple.cc.inc", + "crypto/fipsmodule/ec/simple_mul.cc.inc", + "crypto/fipsmodule/ec/util.cc.inc", + "crypto/fipsmodule/ec/wnaf.cc.inc", + "crypto/fipsmodule/ecdh/ecdh.cc.inc", + "crypto/fipsmodule/ecdsa/ecdsa.cc.inc", + "crypto/fipsmodule/hkdf/hkdf.cc.inc", + "crypto/fipsmodule/hmac/hmac.cc.inc", + "crypto/fipsmodule/modes/cbc.cc.inc", + "crypto/fipsmodule/modes/cfb.cc.inc", + "crypto/fipsmodule/modes/ctr.cc.inc", + "crypto/fipsmodule/modes/gcm.cc.inc", + "crypto/fipsmodule/modes/gcm_nohw.cc.inc", + "crypto/fipsmodule/modes/ofb.cc.inc", + "crypto/fipsmodule/modes/polyval.cc.inc", + "crypto/fipsmodule/rand/ctrdrbg.cc.inc", + "crypto/fipsmodule/rand/rand.cc.inc", + "crypto/fipsmodule/rsa/blinding.cc.inc", + "crypto/fipsmodule/rsa/padding.cc.inc", + "crypto/fipsmodule/rsa/rsa.cc.inc", + "crypto/fipsmodule/rsa/rsa_impl.cc.inc", + "crypto/fipsmodule/self_check/fips.cc.inc", + "crypto/fipsmodule/self_check/self_check.cc.inc", + "crypto/fipsmodule/service_indicator/service_indicator.cc.inc", + "crypto/fipsmodule/sha/sha1.cc.inc", + "crypto/fipsmodule/sha/sha256.cc.inc", + "crypto/fipsmodule/sha/sha512.cc.inc", + "crypto/fipsmodule/tls/kdf.cc.inc", ] bcm_sources_asm = [ @@ -244,255 +244,255 @@ ] crypto_sources = [ - "crypto/asn1/a_bitstr.c", - "crypto/asn1/a_bool.c", - "crypto/asn1/a_d2i_fp.c", - "crypto/asn1/a_dup.c", - "crypto/asn1/a_gentm.c", - "crypto/asn1/a_i2d_fp.c", - "crypto/asn1/a_int.c", - "crypto/asn1/a_mbstr.c", - "crypto/asn1/a_object.c", - "crypto/asn1/a_octet.c", - "crypto/asn1/a_strex.c", - "crypto/asn1/a_strnid.c", - "crypto/asn1/a_time.c", - "crypto/asn1/a_type.c", - "crypto/asn1/a_utctm.c", - "crypto/asn1/asn1_lib.c", - "crypto/asn1/asn1_par.c", - "crypto/asn1/asn_pack.c", - "crypto/asn1/f_int.c", - "crypto/asn1/f_string.c", - "crypto/asn1/posix_time.c", - "crypto/asn1/tasn_dec.c", - "crypto/asn1/tasn_enc.c", - "crypto/asn1/tasn_fre.c", - "crypto/asn1/tasn_new.c", - "crypto/asn1/tasn_typ.c", - "crypto/asn1/tasn_utl.c", - "crypto/base64/base64.c", - "crypto/bio/bio.c", - "crypto/bio/bio_mem.c", - "crypto/bio/connect.c", - "crypto/bio/errno.c", - "crypto/bio/fd.c", - "crypto/bio/file.c", - "crypto/bio/hexdump.c", - "crypto/bio/pair.c", - "crypto/bio/printf.c", - "crypto/bio/socket.c", - "crypto/bio/socket_helper.c", - "crypto/blake2/blake2.c", - "crypto/bn_extra/bn_asn1.c", - "crypto/bn_extra/convert.c", - "crypto/buf/buf.c", - "crypto/bytestring/asn1_compat.c", - "crypto/bytestring/ber.c", - "crypto/bytestring/cbb.c", - "crypto/bytestring/cbs.c", - "crypto/bytestring/unicode.c", - "crypto/chacha/chacha.c", - "crypto/cipher_extra/cipher_extra.c", - "crypto/cipher_extra/derive_key.c", - "crypto/cipher_extra/e_aesctrhmac.c", - "crypto/cipher_extra/e_aesgcmsiv.c", - "crypto/cipher_extra/e_chacha20poly1305.c", - "crypto/cipher_extra/e_des.c", - "crypto/cipher_extra/e_null.c", - "crypto/cipher_extra/e_rc2.c", - "crypto/cipher_extra/e_rc4.c", - "crypto/cipher_extra/e_tls.c", - "crypto/cipher_extra/tls_cbc.c", - "crypto/conf/conf.c", - "crypto/cpu_aarch64_apple.c", - "crypto/cpu_aarch64_fuchsia.c", - "crypto/cpu_aarch64_linux.c", - "crypto/cpu_aarch64_openbsd.c", - "crypto/cpu_aarch64_sysreg.c", - "crypto/cpu_aarch64_win.c", - "crypto/cpu_arm_freebsd.c", - "crypto/cpu_arm_linux.c", - "crypto/cpu_intel.c", - "crypto/crypto.c", - "crypto/curve25519/curve25519.c", - "crypto/curve25519/curve25519_64_adx.c", - "crypto/curve25519/spake25519.c", - "crypto/des/des.c", - "crypto/dh_extra/dh_asn1.c", - "crypto/dh_extra/params.c", - "crypto/digest_extra/digest_extra.c", - "crypto/dilithium/dilithium.c", - "crypto/dsa/dsa.c", - "crypto/dsa/dsa_asn1.c", - "crypto/ec_extra/ec_asn1.c", - "crypto/ec_extra/ec_derive.c", - "crypto/ec_extra/hash_to_curve.c", - "crypto/ecdh_extra/ecdh_extra.c", - "crypto/ecdsa_extra/ecdsa_asn1.c", - "crypto/engine/engine.c", - "crypto/err/err.c", - "crypto/evp/evp.c", - "crypto/evp/evp_asn1.c", - "crypto/evp/evp_ctx.c", - "crypto/evp/p_dh.c", - "crypto/evp/p_dh_asn1.c", - "crypto/evp/p_dsa_asn1.c", - "crypto/evp/p_ec.c", - "crypto/evp/p_ec_asn1.c", - "crypto/evp/p_ed25519.c", - "crypto/evp/p_ed25519_asn1.c", - "crypto/evp/p_hkdf.c", - "crypto/evp/p_rsa.c", - "crypto/evp/p_rsa_asn1.c", - "crypto/evp/p_x25519.c", - "crypto/evp/p_x25519_asn1.c", - "crypto/evp/pbkdf.c", - "crypto/evp/print.c", - "crypto/evp/scrypt.c", - "crypto/evp/sign.c", - "crypto/ex_data.c", - "crypto/fipsmodule/fips_shared_support.c", - "crypto/hpke/hpke.c", - "crypto/hrss/hrss.c", - "crypto/keccak/keccak.c", - "crypto/kyber/kyber.c", - "crypto/lhash/lhash.c", - "crypto/md4/md4.c", - "crypto/md5/md5.c", - "crypto/mem.c", + "crypto/asn1/a_bitstr.cc", + "crypto/asn1/a_bool.cc", + "crypto/asn1/a_d2i_fp.cc", + "crypto/asn1/a_dup.cc", + "crypto/asn1/a_gentm.cc", + "crypto/asn1/a_i2d_fp.cc", + "crypto/asn1/a_int.cc", + "crypto/asn1/a_mbstr.cc", + "crypto/asn1/a_object.cc", + "crypto/asn1/a_octet.cc", + "crypto/asn1/a_strex.cc", + "crypto/asn1/a_strnid.cc", + "crypto/asn1/a_time.cc", + "crypto/asn1/a_type.cc", + "crypto/asn1/a_utctm.cc", + "crypto/asn1/asn1_lib.cc", + "crypto/asn1/asn1_par.cc", + "crypto/asn1/asn_pack.cc", + "crypto/asn1/f_int.cc", + "crypto/asn1/f_string.cc", + "crypto/asn1/posix_time.cc", + "crypto/asn1/tasn_dec.cc", + "crypto/asn1/tasn_enc.cc", + "crypto/asn1/tasn_fre.cc", + "crypto/asn1/tasn_new.cc", + "crypto/asn1/tasn_typ.cc", + "crypto/asn1/tasn_utl.cc", + "crypto/base64/base64.cc", + "crypto/bio/bio.cc", + "crypto/bio/bio_mem.cc", + "crypto/bio/connect.cc", + "crypto/bio/errno.cc", + "crypto/bio/fd.cc", + "crypto/bio/file.cc", + "crypto/bio/hexdump.cc", + "crypto/bio/pair.cc", + "crypto/bio/printf.cc", + "crypto/bio/socket.cc", + "crypto/bio/socket_helper.cc", + "crypto/blake2/blake2.cc", + "crypto/bn_extra/bn_asn1.cc", + "crypto/bn_extra/convert.cc", + "crypto/buf/buf.cc", + "crypto/bytestring/asn1_compat.cc", + "crypto/bytestring/ber.cc", + "crypto/bytestring/cbb.cc", + "crypto/bytestring/cbs.cc", + "crypto/bytestring/unicode.cc", + "crypto/chacha/chacha.cc", + "crypto/cipher_extra/cipher_extra.cc", + "crypto/cipher_extra/derive_key.cc", + "crypto/cipher_extra/e_aesctrhmac.cc", + "crypto/cipher_extra/e_aesgcmsiv.cc", + "crypto/cipher_extra/e_chacha20poly1305.cc", + "crypto/cipher_extra/e_des.cc", + "crypto/cipher_extra/e_null.cc", + "crypto/cipher_extra/e_rc2.cc", + "crypto/cipher_extra/e_rc4.cc", + "crypto/cipher_extra/e_tls.cc", + "crypto/cipher_extra/tls_cbc.cc", + "crypto/conf/conf.cc", + "crypto/cpu_aarch64_apple.cc", + "crypto/cpu_aarch64_fuchsia.cc", + "crypto/cpu_aarch64_linux.cc", + "crypto/cpu_aarch64_openbsd.cc", + "crypto/cpu_aarch64_sysreg.cc", + "crypto/cpu_aarch64_win.cc", + "crypto/cpu_arm_freebsd.cc", + "crypto/cpu_arm_linux.cc", + "crypto/cpu_intel.cc", + "crypto/crypto.cc", + "crypto/curve25519/curve25519.cc", + "crypto/curve25519/curve25519_64_adx.cc", + "crypto/curve25519/spake25519.cc", + "crypto/des/des.cc", + "crypto/dh_extra/dh_asn1.cc", + "crypto/dh_extra/params.cc", + "crypto/digest_extra/digest_extra.cc", + "crypto/dilithium/dilithium.cc", + "crypto/dsa/dsa.cc", + "crypto/dsa/dsa_asn1.cc", + "crypto/ec_extra/ec_asn1.cc", + "crypto/ec_extra/ec_derive.cc", + "crypto/ec_extra/hash_to_curve.cc", + "crypto/ecdh_extra/ecdh_extra.cc", + "crypto/ecdsa_extra/ecdsa_asn1.cc", + "crypto/engine/engine.cc", + "crypto/err/err.cc", + "crypto/evp/evp.cc", + "crypto/evp/evp_asn1.cc", + "crypto/evp/evp_ctx.cc", + "crypto/evp/p_dh.cc", + "crypto/evp/p_dh_asn1.cc", + "crypto/evp/p_dsa_asn1.cc", + "crypto/evp/p_ec.cc", + "crypto/evp/p_ec_asn1.cc", + "crypto/evp/p_ed25519.cc", + "crypto/evp/p_ed25519_asn1.cc", + "crypto/evp/p_hkdf.cc", + "crypto/evp/p_rsa.cc", + "crypto/evp/p_rsa_asn1.cc", + "crypto/evp/p_x25519.cc", + "crypto/evp/p_x25519_asn1.cc", + "crypto/evp/pbkdf.cc", + "crypto/evp/print.cc", + "crypto/evp/scrypt.cc", + "crypto/evp/sign.cc", + "crypto/ex_data.cc", + "crypto/fipsmodule/fips_shared_support.cc", + "crypto/hpke/hpke.cc", + "crypto/hrss/hrss.cc", + "crypto/keccak/keccak.cc", + "crypto/kyber/kyber.cc", + "crypto/lhash/lhash.cc", + "crypto/md4/md4.cc", + "crypto/md5/md5.cc", + "crypto/mem.cc", "crypto/mldsa/mldsa.cc", "crypto/mlkem/mlkem.cc", - "crypto/obj/obj.c", - "crypto/obj/obj_xref.c", - "crypto/pem/pem_all.c", - "crypto/pem/pem_info.c", - "crypto/pem/pem_lib.c", - "crypto/pem/pem_oth.c", - "crypto/pem/pem_pk8.c", - "crypto/pem/pem_pkey.c", - "crypto/pem/pem_x509.c", - "crypto/pem/pem_xaux.c", - "crypto/pkcs7/pkcs7.c", - "crypto/pkcs7/pkcs7_x509.c", - "crypto/pkcs8/p5_pbev2.c", - "crypto/pkcs8/pkcs8.c", - "crypto/pkcs8/pkcs8_x509.c", - "crypto/poly1305/poly1305.c", - "crypto/poly1305/poly1305_arm.c", - "crypto/poly1305/poly1305_vec.c", - "crypto/pool/pool.c", - "crypto/rand_extra/deterministic.c", - "crypto/rand_extra/fork_detect.c", - "crypto/rand_extra/forkunsafe.c", - "crypto/rand_extra/getentropy.c", - "crypto/rand_extra/ios.c", - "crypto/rand_extra/passive.c", - "crypto/rand_extra/rand_extra.c", - "crypto/rand_extra/trusty.c", - "crypto/rand_extra/urandom.c", - "crypto/rand_extra/windows.c", - "crypto/rc4/rc4.c", - "crypto/refcount.c", - "crypto/rsa_extra/rsa_asn1.c", - "crypto/rsa_extra/rsa_crypt.c", - "crypto/rsa_extra/rsa_extra.c", - "crypto/rsa_extra/rsa_print.c", - "crypto/sha/sha1.c", - "crypto/sha/sha256.c", - "crypto/sha/sha512.c", - "crypto/siphash/siphash.c", - "crypto/slhdsa/fors.c", - "crypto/slhdsa/merkle.c", - "crypto/slhdsa/slhdsa.c", - "crypto/slhdsa/thash.c", - "crypto/slhdsa/wots.c", - "crypto/spx/spx.c", - "crypto/spx/spx_address.c", - "crypto/spx/spx_fors.c", - "crypto/spx/spx_merkle.c", - "crypto/spx/spx_thash.c", - "crypto/spx/spx_util.c", - "crypto/spx/spx_wots.c", - "crypto/stack/stack.c", - "crypto/thread.c", - "crypto/thread_none.c", - "crypto/thread_pthread.c", - "crypto/thread_win.c", - "crypto/trust_token/pmbtoken.c", - "crypto/trust_token/trust_token.c", - "crypto/trust_token/voprf.c", - "crypto/x509/a_digest.c", - "crypto/x509/a_sign.c", - "crypto/x509/a_verify.c", - "crypto/x509/algorithm.c", - "crypto/x509/asn1_gen.c", - "crypto/x509/by_dir.c", - "crypto/x509/by_file.c", - "crypto/x509/i2d_pr.c", - "crypto/x509/name_print.c", - "crypto/x509/policy.c", - "crypto/x509/rsa_pss.c", - "crypto/x509/t_crl.c", - "crypto/x509/t_req.c", - "crypto/x509/t_x509.c", - "crypto/x509/t_x509a.c", - "crypto/x509/v3_akey.c", - "crypto/x509/v3_akeya.c", - "crypto/x509/v3_alt.c", - "crypto/x509/v3_bcons.c", - "crypto/x509/v3_bitst.c", - "crypto/x509/v3_conf.c", - "crypto/x509/v3_cpols.c", - "crypto/x509/v3_crld.c", - "crypto/x509/v3_enum.c", - "crypto/x509/v3_extku.c", - "crypto/x509/v3_genn.c", - "crypto/x509/v3_ia5.c", - "crypto/x509/v3_info.c", - "crypto/x509/v3_int.c", - "crypto/x509/v3_lib.c", - "crypto/x509/v3_ncons.c", - "crypto/x509/v3_ocsp.c", - "crypto/x509/v3_pcons.c", - "crypto/x509/v3_pmaps.c", - "crypto/x509/v3_prn.c", - "crypto/x509/v3_purp.c", - "crypto/x509/v3_skey.c", - "crypto/x509/v3_utl.c", - "crypto/x509/x509.c", - "crypto/x509/x509_att.c", - "crypto/x509/x509_cmp.c", - "crypto/x509/x509_d2.c", - "crypto/x509/x509_def.c", - "crypto/x509/x509_ext.c", - "crypto/x509/x509_lu.c", - "crypto/x509/x509_obj.c", - "crypto/x509/x509_req.c", - "crypto/x509/x509_set.c", - "crypto/x509/x509_trs.c", - "crypto/x509/x509_txt.c", - "crypto/x509/x509_v3.c", - "crypto/x509/x509_vfy.c", - "crypto/x509/x509_vpm.c", - "crypto/x509/x509cset.c", - "crypto/x509/x509name.c", - "crypto/x509/x509rset.c", - "crypto/x509/x509spki.c", - "crypto/x509/x_algor.c", - "crypto/x509/x_all.c", - "crypto/x509/x_attrib.c", - "crypto/x509/x_crl.c", - "crypto/x509/x_exten.c", - "crypto/x509/x_name.c", - "crypto/x509/x_pubkey.c", - "crypto/x509/x_req.c", - "crypto/x509/x_sig.c", - "crypto/x509/x_spki.c", - "crypto/x509/x_val.c", - "crypto/x509/x_x509.c", - "crypto/x509/x_x509a.c", - "gen/crypto/err_data.c", + "crypto/obj/obj.cc", + "crypto/obj/obj_xref.cc", + "crypto/pem/pem_all.cc", + "crypto/pem/pem_info.cc", + "crypto/pem/pem_lib.cc", + "crypto/pem/pem_oth.cc", + "crypto/pem/pem_pk8.cc", + "crypto/pem/pem_pkey.cc", + "crypto/pem/pem_x509.cc", + "crypto/pem/pem_xaux.cc", + "crypto/pkcs7/pkcs7.cc", + "crypto/pkcs7/pkcs7_x509.cc", + "crypto/pkcs8/p5_pbev2.cc", + "crypto/pkcs8/pkcs8.cc", + "crypto/pkcs8/pkcs8_x509.cc", + "crypto/poly1305/poly1305.cc", + "crypto/poly1305/poly1305_arm.cc", + "crypto/poly1305/poly1305_vec.cc", + "crypto/pool/pool.cc", + "crypto/rand_extra/deterministic.cc", + "crypto/rand_extra/fork_detect.cc", + "crypto/rand_extra/forkunsafe.cc", + "crypto/rand_extra/getentropy.cc", + "crypto/rand_extra/ios.cc", + "crypto/rand_extra/passive.cc", + "crypto/rand_extra/rand_extra.cc", + "crypto/rand_extra/trusty.cc", + "crypto/rand_extra/urandom.cc", + "crypto/rand_extra/windows.cc", + "crypto/rc4/rc4.cc", + "crypto/refcount.cc", + "crypto/rsa_extra/rsa_asn1.cc", + "crypto/rsa_extra/rsa_crypt.cc", + "crypto/rsa_extra/rsa_extra.cc", + "crypto/rsa_extra/rsa_print.cc", + "crypto/sha/sha1.cc", + "crypto/sha/sha256.cc", + "crypto/sha/sha512.cc", + "crypto/siphash/siphash.cc", + "crypto/slhdsa/fors.cc", + "crypto/slhdsa/merkle.cc", + "crypto/slhdsa/slhdsa.cc", + "crypto/slhdsa/thash.cc", + "crypto/slhdsa/wots.cc", + "crypto/spx/spx.cc", + "crypto/spx/spx_address.cc", + "crypto/spx/spx_fors.cc", + "crypto/spx/spx_merkle.cc", + "crypto/spx/spx_thash.cc", + "crypto/spx/spx_util.cc", + "crypto/spx/spx_wots.cc", + "crypto/stack/stack.cc", + "crypto/thread.cc", + "crypto/thread_none.cc", + "crypto/thread_pthread.cc", + "crypto/thread_win.cc", + "crypto/trust_token/pmbtoken.cc", + "crypto/trust_token/trust_token.cc", + "crypto/trust_token/voprf.cc", + "crypto/x509/a_digest.cc", + "crypto/x509/a_sign.cc", + "crypto/x509/a_verify.cc", + "crypto/x509/algorithm.cc", + "crypto/x509/asn1_gen.cc", + "crypto/x509/by_dir.cc", + "crypto/x509/by_file.cc", + "crypto/x509/i2d_pr.cc", + "crypto/x509/name_print.cc", + "crypto/x509/policy.cc", + "crypto/x509/rsa_pss.cc", + "crypto/x509/t_crl.cc", + "crypto/x509/t_req.cc", + "crypto/x509/t_x509.cc", + "crypto/x509/t_x509a.cc", + "crypto/x509/v3_akey.cc", + "crypto/x509/v3_akeya.cc", + "crypto/x509/v3_alt.cc", + "crypto/x509/v3_bcons.cc", + "crypto/x509/v3_bitst.cc", + "crypto/x509/v3_conf.cc", + "crypto/x509/v3_cpols.cc", + "crypto/x509/v3_crld.cc", + "crypto/x509/v3_enum.cc", + "crypto/x509/v3_extku.cc", + "crypto/x509/v3_genn.cc", + "crypto/x509/v3_ia5.cc", + "crypto/x509/v3_info.cc", + "crypto/x509/v3_int.cc", + "crypto/x509/v3_lib.cc", + "crypto/x509/v3_ncons.cc", + "crypto/x509/v3_ocsp.cc", + "crypto/x509/v3_pcons.cc", + "crypto/x509/v3_pmaps.cc", + "crypto/x509/v3_prn.cc", + "crypto/x509/v3_purp.cc", + "crypto/x509/v3_skey.cc", + "crypto/x509/v3_utl.cc", + "crypto/x509/x509.cc", + "crypto/x509/x509_att.cc", + "crypto/x509/x509_cmp.cc", + "crypto/x509/x509_d2.cc", + "crypto/x509/x509_def.cc", + "crypto/x509/x509_ext.cc", + "crypto/x509/x509_lu.cc", + "crypto/x509/x509_obj.cc", + "crypto/x509/x509_req.cc", + "crypto/x509/x509_set.cc", + "crypto/x509/x509_trs.cc", + "crypto/x509/x509_txt.cc", + "crypto/x509/x509_v3.cc", + "crypto/x509/x509_vfy.cc", + "crypto/x509/x509_vpm.cc", + "crypto/x509/x509cset.cc", + "crypto/x509/x509name.cc", + "crypto/x509/x509rset.cc", + "crypto/x509/x509spki.cc", + "crypto/x509/x_algor.cc", + "crypto/x509/x_all.cc", + "crypto/x509/x_attrib.cc", + "crypto/x509/x_crl.cc", + "crypto/x509/x_exten.cc", + "crypto/x509/x_name.cc", + "crypto/x509/x_pubkey.cc", + "crypto/x509/x_req.cc", + "crypto/x509/x_sig.cc", + "crypto/x509/x_spki.cc", + "crypto/x509/x_val.cc", + "crypto/x509/x_x509.cc", + "crypto/x509/x_x509a.cc", + "gen/crypto/err_data.cc", ] crypto_headers = [ @@ -1042,23 +1042,23 @@ ] decrepit_sources = [ - "decrepit/bio/base64_bio.c", - "decrepit/blowfish/blowfish.c", - "decrepit/cast/cast.c", - "decrepit/cast/cast_tables.c", - "decrepit/cfb/cfb.c", - "decrepit/des/cfb64ede.c", - "decrepit/dh/dh_decrepit.c", - "decrepit/dsa/dsa_decrepit.c", - "decrepit/evp/dss1.c", - "decrepit/evp/evp_do_all.c", - "decrepit/obj/obj_decrepit.c", - "decrepit/rc4/rc4_decrepit.c", - "decrepit/ripemd/ripemd.c", - "decrepit/rsa/rsa_decrepit.c", - "decrepit/ssl/ssl_decrepit.c", - "decrepit/x509/x509_decrepit.c", - "decrepit/xts/xts.c", + "decrepit/bio/base64_bio.cc", + "decrepit/blowfish/blowfish.cc", + "decrepit/cast/cast.cc", + "decrepit/cast/cast_tables.cc", + "decrepit/cfb/cfb.cc", + "decrepit/des/cfb64ede.cc", + "decrepit/dh/dh_decrepit.cc", + "decrepit/dsa/dsa_decrepit.cc", + "decrepit/evp/dss1.cc", + "decrepit/evp/evp_do_all.cc", + "decrepit/obj/obj_decrepit.cc", + "decrepit/rc4/rc4_decrepit.cc", + "decrepit/ripemd/ripemd.cc", + "decrepit/rsa/rsa_decrepit.cc", + "decrepit/ssl/ssl_decrepit.cc", + "decrepit/x509/x509_decrepit.cc", + "decrepit/xts/xts.cc", ] decrepit_internal_headers = [
diff --git a/gen/sources.json b/gen/sources.json index 667a16c..9e52ec4 100644 --- a/gen/sources.json +++ b/gen/sources.json
@@ -1,81 +1,81 @@ { "bcm": { "srcs": [ - "crypto/fipsmodule/bcm.c" + "crypto/fipsmodule/bcm.cc" ], "internal_hdrs": [ - "crypto/fipsmodule/aes/aes.c.inc", - "crypto/fipsmodule/aes/aes_nohw.c.inc", - "crypto/fipsmodule/aes/key_wrap.c.inc", - "crypto/fipsmodule/aes/mode_wrappers.c.inc", - "crypto/fipsmodule/bn/add.c.inc", - "crypto/fipsmodule/bn/asm/x86_64-gcc.c.inc", - "crypto/fipsmodule/bn/bn.c.inc", - "crypto/fipsmodule/bn/bytes.c.inc", - "crypto/fipsmodule/bn/cmp.c.inc", - "crypto/fipsmodule/bn/ctx.c.inc", - "crypto/fipsmodule/bn/div.c.inc", - "crypto/fipsmodule/bn/div_extra.c.inc", - "crypto/fipsmodule/bn/exponentiation.c.inc", - "crypto/fipsmodule/bn/gcd.c.inc", - "crypto/fipsmodule/bn/gcd_extra.c.inc", - "crypto/fipsmodule/bn/generic.c.inc", - "crypto/fipsmodule/bn/jacobi.c.inc", - "crypto/fipsmodule/bn/montgomery.c.inc", - "crypto/fipsmodule/bn/montgomery_inv.c.inc", - "crypto/fipsmodule/bn/mul.c.inc", - "crypto/fipsmodule/bn/prime.c.inc", - "crypto/fipsmodule/bn/random.c.inc", - "crypto/fipsmodule/bn/rsaz_exp.c.inc", - "crypto/fipsmodule/bn/shift.c.inc", - "crypto/fipsmodule/bn/sqrt.c.inc", - "crypto/fipsmodule/cipher/aead.c.inc", - "crypto/fipsmodule/cipher/cipher.c.inc", - "crypto/fipsmodule/cipher/e_aes.c.inc", - "crypto/fipsmodule/cipher/e_aesccm.c.inc", - "crypto/fipsmodule/cmac/cmac.c.inc", - "crypto/fipsmodule/dh/check.c.inc", - "crypto/fipsmodule/dh/dh.c.inc", - "crypto/fipsmodule/digest/digest.c.inc", - "crypto/fipsmodule/digest/digests.c.inc", - "crypto/fipsmodule/digestsign/digestsign.c.inc", - "crypto/fipsmodule/ec/ec.c.inc", - "crypto/fipsmodule/ec/ec_key.c.inc", - "crypto/fipsmodule/ec/ec_montgomery.c.inc", - "crypto/fipsmodule/ec/felem.c.inc", - "crypto/fipsmodule/ec/oct.c.inc", - "crypto/fipsmodule/ec/p224-64.c.inc", - "crypto/fipsmodule/ec/p256-nistz.c.inc", - "crypto/fipsmodule/ec/p256.c.inc", - "crypto/fipsmodule/ec/scalar.c.inc", - "crypto/fipsmodule/ec/simple.c.inc", - "crypto/fipsmodule/ec/simple_mul.c.inc", - "crypto/fipsmodule/ec/util.c.inc", - "crypto/fipsmodule/ec/wnaf.c.inc", - "crypto/fipsmodule/ecdh/ecdh.c.inc", - "crypto/fipsmodule/ecdsa/ecdsa.c.inc", - "crypto/fipsmodule/hkdf/hkdf.c.inc", - "crypto/fipsmodule/hmac/hmac.c.inc", - "crypto/fipsmodule/modes/cbc.c.inc", - "crypto/fipsmodule/modes/cfb.c.inc", - "crypto/fipsmodule/modes/ctr.c.inc", - "crypto/fipsmodule/modes/gcm.c.inc", - "crypto/fipsmodule/modes/gcm_nohw.c.inc", - "crypto/fipsmodule/modes/ofb.c.inc", - "crypto/fipsmodule/modes/polyval.c.inc", - "crypto/fipsmodule/rand/ctrdrbg.c.inc", - "crypto/fipsmodule/rand/rand.c.inc", - "crypto/fipsmodule/rsa/blinding.c.inc", - "crypto/fipsmodule/rsa/padding.c.inc", - "crypto/fipsmodule/rsa/rsa.c.inc", - "crypto/fipsmodule/rsa/rsa_impl.c.inc", - "crypto/fipsmodule/self_check/fips.c.inc", - "crypto/fipsmodule/self_check/self_check.c.inc", - "crypto/fipsmodule/service_indicator/service_indicator.c.inc", - "crypto/fipsmodule/sha/sha1.c.inc", - "crypto/fipsmodule/sha/sha256.c.inc", - "crypto/fipsmodule/sha/sha512.c.inc", - "crypto/fipsmodule/tls/kdf.c.inc" + "crypto/fipsmodule/aes/aes.cc.inc", + "crypto/fipsmodule/aes/aes_nohw.cc.inc", + "crypto/fipsmodule/aes/key_wrap.cc.inc", + "crypto/fipsmodule/aes/mode_wrappers.cc.inc", + "crypto/fipsmodule/bn/add.cc.inc", + "crypto/fipsmodule/bn/asm/x86_64-gcc.cc.inc", + "crypto/fipsmodule/bn/bn.cc.inc", + "crypto/fipsmodule/bn/bytes.cc.inc", + "crypto/fipsmodule/bn/cmp.cc.inc", + "crypto/fipsmodule/bn/ctx.cc.inc", + "crypto/fipsmodule/bn/div.cc.inc", + "crypto/fipsmodule/bn/div_extra.cc.inc", + "crypto/fipsmodule/bn/exponentiation.cc.inc", + "crypto/fipsmodule/bn/gcd.cc.inc", + "crypto/fipsmodule/bn/gcd_extra.cc.inc", + "crypto/fipsmodule/bn/generic.cc.inc", + "crypto/fipsmodule/bn/jacobi.cc.inc", + "crypto/fipsmodule/bn/montgomery.cc.inc", + "crypto/fipsmodule/bn/montgomery_inv.cc.inc", + "crypto/fipsmodule/bn/mul.cc.inc", + "crypto/fipsmodule/bn/prime.cc.inc", + "crypto/fipsmodule/bn/random.cc.inc", + "crypto/fipsmodule/bn/rsaz_exp.cc.inc", + "crypto/fipsmodule/bn/shift.cc.inc", + "crypto/fipsmodule/bn/sqrt.cc.inc", + "crypto/fipsmodule/cipher/aead.cc.inc", + "crypto/fipsmodule/cipher/cipher.cc.inc", + "crypto/fipsmodule/cipher/e_aes.cc.inc", + "crypto/fipsmodule/cipher/e_aesccm.cc.inc", + "crypto/fipsmodule/cmac/cmac.cc.inc", + "crypto/fipsmodule/dh/check.cc.inc", + "crypto/fipsmodule/dh/dh.cc.inc", + "crypto/fipsmodule/digest/digest.cc.inc", + "crypto/fipsmodule/digest/digests.cc.inc", + "crypto/fipsmodule/digestsign/digestsign.cc.inc", + "crypto/fipsmodule/ec/ec.cc.inc", + "crypto/fipsmodule/ec/ec_key.cc.inc", + "crypto/fipsmodule/ec/ec_montgomery.cc.inc", + "crypto/fipsmodule/ec/felem.cc.inc", + "crypto/fipsmodule/ec/oct.cc.inc", + "crypto/fipsmodule/ec/p224-64.cc.inc", + "crypto/fipsmodule/ec/p256-nistz.cc.inc", + "crypto/fipsmodule/ec/p256.cc.inc", + "crypto/fipsmodule/ec/scalar.cc.inc", + "crypto/fipsmodule/ec/simple.cc.inc", + "crypto/fipsmodule/ec/simple_mul.cc.inc", + "crypto/fipsmodule/ec/util.cc.inc", + "crypto/fipsmodule/ec/wnaf.cc.inc", + "crypto/fipsmodule/ecdh/ecdh.cc.inc", + "crypto/fipsmodule/ecdsa/ecdsa.cc.inc", + "crypto/fipsmodule/hkdf/hkdf.cc.inc", + "crypto/fipsmodule/hmac/hmac.cc.inc", + "crypto/fipsmodule/modes/cbc.cc.inc", + "crypto/fipsmodule/modes/cfb.cc.inc", + "crypto/fipsmodule/modes/ctr.cc.inc", + "crypto/fipsmodule/modes/gcm.cc.inc", + "crypto/fipsmodule/modes/gcm_nohw.cc.inc", + "crypto/fipsmodule/modes/ofb.cc.inc", + "crypto/fipsmodule/modes/polyval.cc.inc", + "crypto/fipsmodule/rand/ctrdrbg.cc.inc", + "crypto/fipsmodule/rand/rand.cc.inc", + "crypto/fipsmodule/rsa/blinding.cc.inc", + "crypto/fipsmodule/rsa/padding.cc.inc", + "crypto/fipsmodule/rsa/rsa.cc.inc", + "crypto/fipsmodule/rsa/rsa_impl.cc.inc", + "crypto/fipsmodule/self_check/fips.cc.inc", + "crypto/fipsmodule/self_check/self_check.cc.inc", + "crypto/fipsmodule/service_indicator/service_indicator.cc.inc", + "crypto/fipsmodule/sha/sha1.cc.inc", + "crypto/fipsmodule/sha/sha256.cc.inc", + "crypto/fipsmodule/sha/sha512.cc.inc", + "crypto/fipsmodule/tls/kdf.cc.inc" ], "asm": [ "gen/bcm/aesni-gcm-x86_64-apple.S", @@ -228,255 +228,255 @@ }, "crypto": { "srcs": [ - "crypto/asn1/a_bitstr.c", - "crypto/asn1/a_bool.c", - "crypto/asn1/a_d2i_fp.c", - "crypto/asn1/a_dup.c", - "crypto/asn1/a_gentm.c", - "crypto/asn1/a_i2d_fp.c", - "crypto/asn1/a_int.c", - "crypto/asn1/a_mbstr.c", - "crypto/asn1/a_object.c", - "crypto/asn1/a_octet.c", - "crypto/asn1/a_strex.c", - "crypto/asn1/a_strnid.c", - "crypto/asn1/a_time.c", - "crypto/asn1/a_type.c", - "crypto/asn1/a_utctm.c", - "crypto/asn1/asn1_lib.c", - "crypto/asn1/asn1_par.c", - "crypto/asn1/asn_pack.c", - "crypto/asn1/f_int.c", - "crypto/asn1/f_string.c", - "crypto/asn1/posix_time.c", - "crypto/asn1/tasn_dec.c", - "crypto/asn1/tasn_enc.c", - "crypto/asn1/tasn_fre.c", - "crypto/asn1/tasn_new.c", - "crypto/asn1/tasn_typ.c", - "crypto/asn1/tasn_utl.c", - "crypto/base64/base64.c", - "crypto/bio/bio.c", - "crypto/bio/bio_mem.c", - "crypto/bio/connect.c", - "crypto/bio/errno.c", - "crypto/bio/fd.c", - "crypto/bio/file.c", - "crypto/bio/hexdump.c", - "crypto/bio/pair.c", - "crypto/bio/printf.c", - "crypto/bio/socket.c", - "crypto/bio/socket_helper.c", - "crypto/blake2/blake2.c", - "crypto/bn_extra/bn_asn1.c", - "crypto/bn_extra/convert.c", - "crypto/buf/buf.c", - "crypto/bytestring/asn1_compat.c", - "crypto/bytestring/ber.c", - "crypto/bytestring/cbb.c", - "crypto/bytestring/cbs.c", - "crypto/bytestring/unicode.c", - "crypto/chacha/chacha.c", - "crypto/cipher_extra/cipher_extra.c", - "crypto/cipher_extra/derive_key.c", - "crypto/cipher_extra/e_aesctrhmac.c", - "crypto/cipher_extra/e_aesgcmsiv.c", - "crypto/cipher_extra/e_chacha20poly1305.c", - "crypto/cipher_extra/e_des.c", - "crypto/cipher_extra/e_null.c", - "crypto/cipher_extra/e_rc2.c", - "crypto/cipher_extra/e_rc4.c", - "crypto/cipher_extra/e_tls.c", - "crypto/cipher_extra/tls_cbc.c", - "crypto/conf/conf.c", - "crypto/cpu_aarch64_apple.c", - "crypto/cpu_aarch64_fuchsia.c", - "crypto/cpu_aarch64_linux.c", - "crypto/cpu_aarch64_openbsd.c", - "crypto/cpu_aarch64_sysreg.c", - "crypto/cpu_aarch64_win.c", - "crypto/cpu_arm_freebsd.c", - "crypto/cpu_arm_linux.c", - "crypto/cpu_intel.c", - "crypto/crypto.c", - "crypto/curve25519/curve25519.c", - "crypto/curve25519/curve25519_64_adx.c", - "crypto/curve25519/spake25519.c", - "crypto/des/des.c", - "crypto/dh_extra/dh_asn1.c", - "crypto/dh_extra/params.c", - "crypto/digest_extra/digest_extra.c", - "crypto/dilithium/dilithium.c", - "crypto/dsa/dsa.c", - "crypto/dsa/dsa_asn1.c", - "crypto/ec_extra/ec_asn1.c", - "crypto/ec_extra/ec_derive.c", - "crypto/ec_extra/hash_to_curve.c", - "crypto/ecdh_extra/ecdh_extra.c", - "crypto/ecdsa_extra/ecdsa_asn1.c", - "crypto/engine/engine.c", - "crypto/err/err.c", - "crypto/evp/evp.c", - "crypto/evp/evp_asn1.c", - "crypto/evp/evp_ctx.c", - "crypto/evp/p_dh.c", - "crypto/evp/p_dh_asn1.c", - "crypto/evp/p_dsa_asn1.c", - "crypto/evp/p_ec.c", - "crypto/evp/p_ec_asn1.c", - "crypto/evp/p_ed25519.c", - "crypto/evp/p_ed25519_asn1.c", - "crypto/evp/p_hkdf.c", - "crypto/evp/p_rsa.c", - "crypto/evp/p_rsa_asn1.c", - "crypto/evp/p_x25519.c", - "crypto/evp/p_x25519_asn1.c", - "crypto/evp/pbkdf.c", - "crypto/evp/print.c", - "crypto/evp/scrypt.c", - "crypto/evp/sign.c", - "crypto/ex_data.c", - "crypto/fipsmodule/fips_shared_support.c", - "crypto/hpke/hpke.c", - "crypto/hrss/hrss.c", - "crypto/keccak/keccak.c", - "crypto/kyber/kyber.c", - "crypto/lhash/lhash.c", - "crypto/md4/md4.c", - "crypto/md5/md5.c", - "crypto/mem.c", + "crypto/asn1/a_bitstr.cc", + "crypto/asn1/a_bool.cc", + "crypto/asn1/a_d2i_fp.cc", + "crypto/asn1/a_dup.cc", + "crypto/asn1/a_gentm.cc", + "crypto/asn1/a_i2d_fp.cc", + "crypto/asn1/a_int.cc", + "crypto/asn1/a_mbstr.cc", + "crypto/asn1/a_object.cc", + "crypto/asn1/a_octet.cc", + "crypto/asn1/a_strex.cc", + "crypto/asn1/a_strnid.cc", + "crypto/asn1/a_time.cc", + "crypto/asn1/a_type.cc", + "crypto/asn1/a_utctm.cc", + "crypto/asn1/asn1_lib.cc", + "crypto/asn1/asn1_par.cc", + "crypto/asn1/asn_pack.cc", + "crypto/asn1/f_int.cc", + "crypto/asn1/f_string.cc", + "crypto/asn1/posix_time.cc", + "crypto/asn1/tasn_dec.cc", + "crypto/asn1/tasn_enc.cc", + "crypto/asn1/tasn_fre.cc", + "crypto/asn1/tasn_new.cc", + "crypto/asn1/tasn_typ.cc", + "crypto/asn1/tasn_utl.cc", + "crypto/base64/base64.cc", + "crypto/bio/bio.cc", + "crypto/bio/bio_mem.cc", + "crypto/bio/connect.cc", + "crypto/bio/errno.cc", + "crypto/bio/fd.cc", + "crypto/bio/file.cc", + "crypto/bio/hexdump.cc", + "crypto/bio/pair.cc", + "crypto/bio/printf.cc", + "crypto/bio/socket.cc", + "crypto/bio/socket_helper.cc", + "crypto/blake2/blake2.cc", + "crypto/bn_extra/bn_asn1.cc", + "crypto/bn_extra/convert.cc", + "crypto/buf/buf.cc", + "crypto/bytestring/asn1_compat.cc", + "crypto/bytestring/ber.cc", + "crypto/bytestring/cbb.cc", + "crypto/bytestring/cbs.cc", + "crypto/bytestring/unicode.cc", + "crypto/chacha/chacha.cc", + "crypto/cipher_extra/cipher_extra.cc", + "crypto/cipher_extra/derive_key.cc", + "crypto/cipher_extra/e_aesctrhmac.cc", + "crypto/cipher_extra/e_aesgcmsiv.cc", + "crypto/cipher_extra/e_chacha20poly1305.cc", + "crypto/cipher_extra/e_des.cc", + "crypto/cipher_extra/e_null.cc", + "crypto/cipher_extra/e_rc2.cc", + "crypto/cipher_extra/e_rc4.cc", + "crypto/cipher_extra/e_tls.cc", + "crypto/cipher_extra/tls_cbc.cc", + "crypto/conf/conf.cc", + "crypto/cpu_aarch64_apple.cc", + "crypto/cpu_aarch64_fuchsia.cc", + "crypto/cpu_aarch64_linux.cc", + "crypto/cpu_aarch64_openbsd.cc", + "crypto/cpu_aarch64_sysreg.cc", + "crypto/cpu_aarch64_win.cc", + "crypto/cpu_arm_freebsd.cc", + "crypto/cpu_arm_linux.cc", + "crypto/cpu_intel.cc", + "crypto/crypto.cc", + "crypto/curve25519/curve25519.cc", + "crypto/curve25519/curve25519_64_adx.cc", + "crypto/curve25519/spake25519.cc", + "crypto/des/des.cc", + "crypto/dh_extra/dh_asn1.cc", + "crypto/dh_extra/params.cc", + "crypto/digest_extra/digest_extra.cc", + "crypto/dilithium/dilithium.cc", + "crypto/dsa/dsa.cc", + "crypto/dsa/dsa_asn1.cc", + "crypto/ec_extra/ec_asn1.cc", + "crypto/ec_extra/ec_derive.cc", + "crypto/ec_extra/hash_to_curve.cc", + "crypto/ecdh_extra/ecdh_extra.cc", + "crypto/ecdsa_extra/ecdsa_asn1.cc", + "crypto/engine/engine.cc", + "crypto/err/err.cc", + "crypto/evp/evp.cc", + "crypto/evp/evp_asn1.cc", + "crypto/evp/evp_ctx.cc", + "crypto/evp/p_dh.cc", + "crypto/evp/p_dh_asn1.cc", + "crypto/evp/p_dsa_asn1.cc", + "crypto/evp/p_ec.cc", + "crypto/evp/p_ec_asn1.cc", + "crypto/evp/p_ed25519.cc", + "crypto/evp/p_ed25519_asn1.cc", + "crypto/evp/p_hkdf.cc", + "crypto/evp/p_rsa.cc", + "crypto/evp/p_rsa_asn1.cc", + "crypto/evp/p_x25519.cc", + "crypto/evp/p_x25519_asn1.cc", + "crypto/evp/pbkdf.cc", + "crypto/evp/print.cc", + "crypto/evp/scrypt.cc", + "crypto/evp/sign.cc", + "crypto/ex_data.cc", + "crypto/fipsmodule/fips_shared_support.cc", + "crypto/hpke/hpke.cc", + "crypto/hrss/hrss.cc", + "crypto/keccak/keccak.cc", + "crypto/kyber/kyber.cc", + "crypto/lhash/lhash.cc", + "crypto/md4/md4.cc", + "crypto/md5/md5.cc", + "crypto/mem.cc", "crypto/mldsa/mldsa.cc", "crypto/mlkem/mlkem.cc", - "crypto/obj/obj.c", - "crypto/obj/obj_xref.c", - "crypto/pem/pem_all.c", - "crypto/pem/pem_info.c", - "crypto/pem/pem_lib.c", - "crypto/pem/pem_oth.c", - "crypto/pem/pem_pk8.c", - "crypto/pem/pem_pkey.c", - "crypto/pem/pem_x509.c", - "crypto/pem/pem_xaux.c", - "crypto/pkcs7/pkcs7.c", - "crypto/pkcs7/pkcs7_x509.c", - "crypto/pkcs8/p5_pbev2.c", - "crypto/pkcs8/pkcs8.c", - "crypto/pkcs8/pkcs8_x509.c", - "crypto/poly1305/poly1305.c", - "crypto/poly1305/poly1305_arm.c", - "crypto/poly1305/poly1305_vec.c", - "crypto/pool/pool.c", - "crypto/rand_extra/deterministic.c", - "crypto/rand_extra/fork_detect.c", - "crypto/rand_extra/forkunsafe.c", - "crypto/rand_extra/getentropy.c", - "crypto/rand_extra/ios.c", - "crypto/rand_extra/passive.c", - "crypto/rand_extra/rand_extra.c", - "crypto/rand_extra/trusty.c", - "crypto/rand_extra/urandom.c", - "crypto/rand_extra/windows.c", - "crypto/rc4/rc4.c", - "crypto/refcount.c", - "crypto/rsa_extra/rsa_asn1.c", - "crypto/rsa_extra/rsa_crypt.c", - "crypto/rsa_extra/rsa_extra.c", - "crypto/rsa_extra/rsa_print.c", - "crypto/sha/sha1.c", - "crypto/sha/sha256.c", - "crypto/sha/sha512.c", - "crypto/siphash/siphash.c", - "crypto/slhdsa/fors.c", - "crypto/slhdsa/merkle.c", - "crypto/slhdsa/slhdsa.c", - "crypto/slhdsa/thash.c", - "crypto/slhdsa/wots.c", - "crypto/spx/spx.c", - "crypto/spx/spx_address.c", - "crypto/spx/spx_fors.c", - "crypto/spx/spx_merkle.c", - "crypto/spx/spx_thash.c", - "crypto/spx/spx_util.c", - "crypto/spx/spx_wots.c", - "crypto/stack/stack.c", - "crypto/thread.c", - "crypto/thread_none.c", - "crypto/thread_pthread.c", - "crypto/thread_win.c", - "crypto/trust_token/pmbtoken.c", - "crypto/trust_token/trust_token.c", - "crypto/trust_token/voprf.c", - "crypto/x509/a_digest.c", - "crypto/x509/a_sign.c", - "crypto/x509/a_verify.c", - "crypto/x509/algorithm.c", - "crypto/x509/asn1_gen.c", - "crypto/x509/by_dir.c", - "crypto/x509/by_file.c", - "crypto/x509/i2d_pr.c", - "crypto/x509/name_print.c", - "crypto/x509/policy.c", - "crypto/x509/rsa_pss.c", - "crypto/x509/t_crl.c", - "crypto/x509/t_req.c", - "crypto/x509/t_x509.c", - "crypto/x509/t_x509a.c", - "crypto/x509/v3_akey.c", - "crypto/x509/v3_akeya.c", - "crypto/x509/v3_alt.c", - "crypto/x509/v3_bcons.c", - "crypto/x509/v3_bitst.c", - "crypto/x509/v3_conf.c", - "crypto/x509/v3_cpols.c", - "crypto/x509/v3_crld.c", - "crypto/x509/v3_enum.c", - "crypto/x509/v3_extku.c", - "crypto/x509/v3_genn.c", - "crypto/x509/v3_ia5.c", - "crypto/x509/v3_info.c", - "crypto/x509/v3_int.c", - "crypto/x509/v3_lib.c", - "crypto/x509/v3_ncons.c", - "crypto/x509/v3_ocsp.c", - "crypto/x509/v3_pcons.c", - "crypto/x509/v3_pmaps.c", - "crypto/x509/v3_prn.c", - "crypto/x509/v3_purp.c", - "crypto/x509/v3_skey.c", - "crypto/x509/v3_utl.c", - "crypto/x509/x509.c", - "crypto/x509/x509_att.c", - "crypto/x509/x509_cmp.c", - "crypto/x509/x509_d2.c", - "crypto/x509/x509_def.c", - "crypto/x509/x509_ext.c", - "crypto/x509/x509_lu.c", - "crypto/x509/x509_obj.c", - "crypto/x509/x509_req.c", - "crypto/x509/x509_set.c", - "crypto/x509/x509_trs.c", - "crypto/x509/x509_txt.c", - "crypto/x509/x509_v3.c", - "crypto/x509/x509_vfy.c", - "crypto/x509/x509_vpm.c", - "crypto/x509/x509cset.c", - "crypto/x509/x509name.c", - "crypto/x509/x509rset.c", - "crypto/x509/x509spki.c", - "crypto/x509/x_algor.c", - "crypto/x509/x_all.c", - "crypto/x509/x_attrib.c", - "crypto/x509/x_crl.c", - "crypto/x509/x_exten.c", - "crypto/x509/x_name.c", - "crypto/x509/x_pubkey.c", - "crypto/x509/x_req.c", - "crypto/x509/x_sig.c", - "crypto/x509/x_spki.c", - "crypto/x509/x_val.c", - "crypto/x509/x_x509.c", - "crypto/x509/x_x509a.c", - "gen/crypto/err_data.c" + "crypto/obj/obj.cc", + "crypto/obj/obj_xref.cc", + "crypto/pem/pem_all.cc", + "crypto/pem/pem_info.cc", + "crypto/pem/pem_lib.cc", + "crypto/pem/pem_oth.cc", + "crypto/pem/pem_pk8.cc", + "crypto/pem/pem_pkey.cc", + "crypto/pem/pem_x509.cc", + "crypto/pem/pem_xaux.cc", + "crypto/pkcs7/pkcs7.cc", + "crypto/pkcs7/pkcs7_x509.cc", + "crypto/pkcs8/p5_pbev2.cc", + "crypto/pkcs8/pkcs8.cc", + "crypto/pkcs8/pkcs8_x509.cc", + "crypto/poly1305/poly1305.cc", + "crypto/poly1305/poly1305_arm.cc", + "crypto/poly1305/poly1305_vec.cc", + "crypto/pool/pool.cc", + "crypto/rand_extra/deterministic.cc", + "crypto/rand_extra/fork_detect.cc", + "crypto/rand_extra/forkunsafe.cc", + "crypto/rand_extra/getentropy.cc", + "crypto/rand_extra/ios.cc", + "crypto/rand_extra/passive.cc", + "crypto/rand_extra/rand_extra.cc", + "crypto/rand_extra/trusty.cc", + "crypto/rand_extra/urandom.cc", + "crypto/rand_extra/windows.cc", + "crypto/rc4/rc4.cc", + "crypto/refcount.cc", + "crypto/rsa_extra/rsa_asn1.cc", + "crypto/rsa_extra/rsa_crypt.cc", + "crypto/rsa_extra/rsa_extra.cc", + "crypto/rsa_extra/rsa_print.cc", + "crypto/sha/sha1.cc", + "crypto/sha/sha256.cc", + "crypto/sha/sha512.cc", + "crypto/siphash/siphash.cc", + "crypto/slhdsa/fors.cc", + "crypto/slhdsa/merkle.cc", + "crypto/slhdsa/slhdsa.cc", + "crypto/slhdsa/thash.cc", + "crypto/slhdsa/wots.cc", + "crypto/spx/spx.cc", + "crypto/spx/spx_address.cc", + "crypto/spx/spx_fors.cc", + "crypto/spx/spx_merkle.cc", + "crypto/spx/spx_thash.cc", + "crypto/spx/spx_util.cc", + "crypto/spx/spx_wots.cc", + "crypto/stack/stack.cc", + "crypto/thread.cc", + "crypto/thread_none.cc", + "crypto/thread_pthread.cc", + "crypto/thread_win.cc", + "crypto/trust_token/pmbtoken.cc", + "crypto/trust_token/trust_token.cc", + "crypto/trust_token/voprf.cc", + "crypto/x509/a_digest.cc", + "crypto/x509/a_sign.cc", + "crypto/x509/a_verify.cc", + "crypto/x509/algorithm.cc", + "crypto/x509/asn1_gen.cc", + "crypto/x509/by_dir.cc", + "crypto/x509/by_file.cc", + "crypto/x509/i2d_pr.cc", + "crypto/x509/name_print.cc", + "crypto/x509/policy.cc", + "crypto/x509/rsa_pss.cc", + "crypto/x509/t_crl.cc", + "crypto/x509/t_req.cc", + "crypto/x509/t_x509.cc", + "crypto/x509/t_x509a.cc", + "crypto/x509/v3_akey.cc", + "crypto/x509/v3_akeya.cc", + "crypto/x509/v3_alt.cc", + "crypto/x509/v3_bcons.cc", + "crypto/x509/v3_bitst.cc", + "crypto/x509/v3_conf.cc", + "crypto/x509/v3_cpols.cc", + "crypto/x509/v3_crld.cc", + "crypto/x509/v3_enum.cc", + "crypto/x509/v3_extku.cc", + "crypto/x509/v3_genn.cc", + "crypto/x509/v3_ia5.cc", + "crypto/x509/v3_info.cc", + "crypto/x509/v3_int.cc", + "crypto/x509/v3_lib.cc", + "crypto/x509/v3_ncons.cc", + "crypto/x509/v3_ocsp.cc", + "crypto/x509/v3_pcons.cc", + "crypto/x509/v3_pmaps.cc", + "crypto/x509/v3_prn.cc", + "crypto/x509/v3_purp.cc", + "crypto/x509/v3_skey.cc", + "crypto/x509/v3_utl.cc", + "crypto/x509/x509.cc", + "crypto/x509/x509_att.cc", + "crypto/x509/x509_cmp.cc", + "crypto/x509/x509_d2.cc", + "crypto/x509/x509_def.cc", + "crypto/x509/x509_ext.cc", + "crypto/x509/x509_lu.cc", + "crypto/x509/x509_obj.cc", + "crypto/x509/x509_req.cc", + "crypto/x509/x509_set.cc", + "crypto/x509/x509_trs.cc", + "crypto/x509/x509_txt.cc", + "crypto/x509/x509_v3.cc", + "crypto/x509/x509_vfy.cc", + "crypto/x509/x509_vpm.cc", + "crypto/x509/x509cset.cc", + "crypto/x509/x509name.cc", + "crypto/x509/x509rset.cc", + "crypto/x509/x509spki.cc", + "crypto/x509/x_algor.cc", + "crypto/x509/x_all.cc", + "crypto/x509/x_attrib.cc", + "crypto/x509/x_crl.cc", + "crypto/x509/x_exten.cc", + "crypto/x509/x_name.cc", + "crypto/x509/x_pubkey.cc", + "crypto/x509/x_req.cc", + "crypto/x509/x_sig.cc", + "crypto/x509/x_spki.cc", + "crypto/x509/x_val.cc", + "crypto/x509/x_x509.cc", + "crypto/x509/x_x509a.cc", + "gen/crypto/err_data.cc" ], "hdrs": [ "include/openssl/aead.h", @@ -1023,23 +1023,23 @@ }, "decrepit": { "srcs": [ - "decrepit/bio/base64_bio.c", - "decrepit/blowfish/blowfish.c", - "decrepit/cast/cast.c", - "decrepit/cast/cast_tables.c", - "decrepit/cfb/cfb.c", - "decrepit/des/cfb64ede.c", - "decrepit/dh/dh_decrepit.c", - "decrepit/dsa/dsa_decrepit.c", - "decrepit/evp/dss1.c", - "decrepit/evp/evp_do_all.c", - "decrepit/obj/obj_decrepit.c", - "decrepit/rc4/rc4_decrepit.c", - "decrepit/ripemd/ripemd.c", - "decrepit/rsa/rsa_decrepit.c", - "decrepit/ssl/ssl_decrepit.c", - "decrepit/x509/x509_decrepit.c", - "decrepit/xts/xts.c" + "decrepit/bio/base64_bio.cc", + "decrepit/blowfish/blowfish.cc", + "decrepit/cast/cast.cc", + "decrepit/cast/cast_tables.cc", + "decrepit/cfb/cfb.cc", + "decrepit/des/cfb64ede.cc", + "decrepit/dh/dh_decrepit.cc", + "decrepit/dsa/dsa_decrepit.cc", + "decrepit/evp/dss1.cc", + "decrepit/evp/evp_do_all.cc", + "decrepit/obj/obj_decrepit.cc", + "decrepit/rc4/rc4_decrepit.cc", + "decrepit/ripemd/ripemd.cc", + "decrepit/rsa/rsa_decrepit.cc", + "decrepit/ssl/ssl_decrepit.cc", + "decrepit/x509/x509_decrepit.cc", + "decrepit/xts/xts.cc" ], "internal_hdrs": [ "decrepit/cast/internal.h",
diff --git a/include/openssl/asn1t.h b/include/openssl/asn1t.h index 7547b60..0f47d09 100644 --- a/include/openssl/asn1t.h +++ b/include/openssl/asn1t.h
@@ -9,7 +9,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,8 +57,8 @@ #ifndef OPENSSL_HEADER_ASN1T_H #define OPENSSL_HEADER_ASN1T_H -#include <openssl/base.h> #include <openssl/asn1.h> +#include <openssl/base.h> #if defined(__cplusplus) extern "C" { @@ -81,32 +81,23 @@ /* Macros for start and end of ASN1_ITEM definition */ -#define ASN1_ITEM_start(itname) \ - const ASN1_ITEM itname##_it = { - +#define ASN1_ITEM_start(itname) const ASN1_ITEM itname##_it = { #define ASN1_ITEM_end(itname) \ - }; + } \ + ; /* Macros to aid ASN1 template writing */ -#define ASN1_ITEM_TEMPLATE(tname) \ - static const ASN1_TEMPLATE tname##_item_tt +#define ASN1_ITEM_TEMPLATE(tname) static const ASN1_TEMPLATE tname##_item_tt -#define ASN1_ITEM_TEMPLATE_END(tname) \ - ;\ - ASN1_ITEM_start(tname) \ - ASN1_ITYPE_PRIMITIVE,\ - -1,\ - &tname##_item_tt,\ - 0,\ - NULL,\ - 0,\ - #tname \ - ASN1_ITEM_end(tname) +#define ASN1_ITEM_TEMPLATE_END(tname) \ + ; \ + ASN1_ITEM_start(tname) ASN1_ITYPE_PRIMITIVE, -1, &tname##_item_tt, 0, NULL, \ + 0, #tname ASN1_ITEM_end(tname) /* This is a ASN1 type which just embeds a template */ - + /* This pair helps declare a SEQUENCE. We can do: * * ASN1_SEQUENCE(stname) = { @@ -127,50 +118,40 @@ * a structure called stname. */ -#define ASN1_SEQUENCE(tname) \ - static const ASN1_TEMPLATE tname##_seq_tt[] +#define ASN1_SEQUENCE(tname) static const ASN1_TEMPLATE tname##_seq_tt[] #define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname) -#define ASN1_SEQUENCE_END_name(stname, tname) \ - ;\ - ASN1_ITEM_start(tname) \ - ASN1_ITYPE_SEQUENCE,\ - V_ASN1_SEQUENCE,\ - tname##_seq_tt,\ - sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ - NULL,\ - sizeof(stname),\ - #stname \ - ASN1_ITEM_end(tname) +#define ASN1_SEQUENCE_END_name(stname, tname) \ + ; \ + ASN1_ITEM_start(tname) ASN1_ITYPE_SEQUENCE, V_ASN1_SEQUENCE, tname##_seq_tt, \ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE), NULL, sizeof(stname), \ + #stname ASN1_ITEM_end(tname) -#define ASN1_SEQUENCE_cb(tname, cb) \ - static const ASN1_AUX tname##_aux = {NULL, 0, 0, cb, 0}; \ - ASN1_SEQUENCE(tname) +#define ASN1_SEQUENCE_cb(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, cb, 0}; \ + ASN1_SEQUENCE(tname) -#define ASN1_SEQUENCE_ref(tname, cb) \ - static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), cb, 0}; \ - ASN1_SEQUENCE(tname) +#define ASN1_SEQUENCE_ref(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, \ + offsetof(tname, references), cb, 0}; \ + ASN1_SEQUENCE(tname) -#define ASN1_SEQUENCE_enc(tname, enc, cb) \ - static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, cb, offsetof(tname, enc)}; \ - ASN1_SEQUENCE(tname) +#define ASN1_SEQUENCE_enc(tname, enc, cb) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, cb, \ + offsetof(tname, enc)}; \ + ASN1_SEQUENCE(tname) -#define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) +#define ASN1_SEQUENCE_END_enc(stname, tname) \ + ASN1_SEQUENCE_END_ref(stname, tname) #define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) -#define ASN1_SEQUENCE_END_ref(stname, tname) \ - ;\ - ASN1_ITEM_start(tname) \ - ASN1_ITYPE_SEQUENCE,\ - V_ASN1_SEQUENCE,\ - tname##_seq_tt,\ - sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ - &tname##_aux,\ - sizeof(stname),\ - #stname \ - ASN1_ITEM_end(tname) +#define ASN1_SEQUENCE_END_ref(stname, tname) \ + ; \ + ASN1_ITEM_start(tname) ASN1_ITYPE_SEQUENCE, V_ASN1_SEQUENCE, tname##_seq_tt, \ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE), &tname##_aux, \ + sizeof(stname), #stname ASN1_ITEM_end(tname) /* This pair helps declare a CHOICE type. We can do: @@ -189,152 +170,145 @@ * ASN1_SOMEOTHER *opt2; * } value; * } chname; - * + * * the name of the selector must be 'type'. * to use an alternative selector name use the * ASN1_CHOICE_END_selector() version. */ -#define ASN1_CHOICE(tname) \ - static const ASN1_TEMPLATE tname##_ch_tt[] +#define ASN1_CHOICE(tname) static const ASN1_TEMPLATE tname##_ch_tt[] -#define ASN1_CHOICE_cb(tname, cb) \ - static const ASN1_AUX tname##_aux = {NULL, 0, 0, cb, 0}; \ - ASN1_CHOICE(tname) +#define ASN1_CHOICE_cb(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, cb, 0}; \ + ASN1_CHOICE(tname) #define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname) -#define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type) +#define ASN1_CHOICE_END_name(stname, tname) \ + ASN1_CHOICE_END_selector(stname, tname, type) -#define ASN1_CHOICE_END_selector(stname, tname, selname) \ - ;\ - ASN1_ITEM_start(tname) \ - ASN1_ITYPE_CHOICE,\ - offsetof(stname,selname) ,\ - tname##_ch_tt,\ - sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ - NULL,\ - sizeof(stname),\ - #stname \ - ASN1_ITEM_end(tname) +#define ASN1_CHOICE_END_selector(stname, tname, selname) \ + ; \ + ASN1_ITEM_start(tname) ASN1_ITYPE_CHOICE, offsetof(stname, selname), \ + tname##_ch_tt, sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE), NULL, \ + sizeof(stname), #stname ASN1_ITEM_end(tname) -#define ASN1_CHOICE_END_cb(stname, tname, selname) \ - ;\ - ASN1_ITEM_start(tname) \ - ASN1_ITYPE_CHOICE,\ - offsetof(stname,selname) ,\ - tname##_ch_tt,\ - sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ - &tname##_aux,\ - sizeof(stname),\ - #stname \ - ASN1_ITEM_end(tname) +#define ASN1_CHOICE_END_cb(stname, tname, selname) \ + ; \ + ASN1_ITEM_start(tname) ASN1_ITYPE_CHOICE, offsetof(stname, selname), \ + tname##_ch_tt, sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE), \ + &tname##_aux, sizeof(stname), #stname ASN1_ITEM_end(tname) /* This helps with the template wrapper form of ASN1_ITEM */ -#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \ - (flags), (tag), 0,\ - #name, ASN1_ITEM_ref(type) } +#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) \ + { (flags), (tag), 0, #name, ASN1_ITEM_ref(type) } /* These help with SEQUENCE or CHOICE components */ /* used to declare other types */ -#define ASN1_EX_TYPE(flags, tag, stname, field, type) { \ - (flags), (tag), offsetof(stname, field),\ - #field, ASN1_ITEM_ref(type) } +#define ASN1_EX_TYPE(flags, tag, stname, field, type) \ + { (flags), (tag), offsetof(stname, field), #field, ASN1_ITEM_ref(type) } /* implicit and explicit helper macros */ #define ASN1_IMP_EX(stname, field, type, tag, ex) \ - ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type) + ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type) #define ASN1_EXP_EX(stname, field, type, tag, ex) \ - ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type) + ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type) /* Any defined by macros: the field used is in the table itself */ -#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) } +#define ASN1_ADB_OBJECT(tblname) \ + { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) } /* Plain simple type */ -#define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type) +#define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0, 0, stname, field, type) /* OPTIONAL simple type */ -#define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type) +#define ASN1_OPT(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type) /* IMPLICIT tagged simple type */ -#define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0) +#define ASN1_IMP(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, 0) /* IMPLICIT tagged OPTIONAL simple type */ -#define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) +#define ASN1_IMP_OPT(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) /* Same as above but EXPLICIT */ -#define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0) -#define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) +#define ASN1_EXP(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, 0) +#define ASN1_EXP_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) /* SEQUENCE OF type */ #define ASN1_SEQUENCE_OF(stname, field, type) \ - ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type) + ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type) /* OPTIONAL SEQUENCE OF */ -#define ASN1_SEQUENCE_OF_OPT(stname, field, type) \ - ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) +#define ASN1_SEQUENCE_OF_OPT(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, 0, stname, field, \ + type) /* Same as above but for SET OF */ #define ASN1_SET_OF(stname, field, type) \ - ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type) + ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type) #define ASN1_SET_OF_OPT(stname, field, type) \ - ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) + ASN1_EX_TYPE(ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL, 0, stname, field, type) /* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */ #define ASN1_IMP_SET_OF(stname, field, type, tag) \ - ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) #define ASN1_EXP_SET_OF(stname, field, type, tag) \ - ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) #define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \ - ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL) #define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \ - ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL) #define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \ - ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) #define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \ - ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) + ASN1_IMP_EX(stname, field, type, tag, \ + ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL) #define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \ - ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) #define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \ - ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) + ASN1_EXP_EX(stname, field, type, tag, \ + ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL) /* Macros for the ASN1_ADB structure */ -#define ASN1_ADB(name) \ - static const ASN1_ADB_TABLE name##_adbtbl[] +#define ASN1_ADB(name) static const ASN1_ADB_TABLE name##_adbtbl[] #define ASN1_ADB_END(name, flags, field, app_table, def, none) \ - ;\ - static const ASN1_ADB name##_adb = {\ - flags,\ - offsetof(name, field),\ - app_table,\ - name##_adbtbl,\ - sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ - def,\ - none\ - } + ; \ + static const ASN1_ADB name##_adb = { \ + flags, \ + offsetof(name, field), \ + app_table, \ + name##_adbtbl, \ + sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE), \ + def, \ + none} -#define ADB_ENTRY(val, template) {val, template} +#define ADB_ENTRY(val, template) \ + { val, template } -#define ASN1_ADB_TEMPLATE(name) \ - static const ASN1_TEMPLATE name##_tt +#define ASN1_ADB_TEMPLATE(name) static const ASN1_TEMPLATE name##_tt /* This is the ASN1 template structure that defines * a wrapper round the actual type. It determines the @@ -343,11 +317,11 @@ */ struct ASN1_TEMPLATE_st { -uint32_t flags; /* Various flags */ -int tag; /* tag, not used if no tagging */ -unsigned long offset; /* Offset of this field in structure */ -const char *field_name; /* Field name */ -ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ + uint32_t flags; /* Various flags */ + int tag; /* tag, not used if no tagging */ + unsigned long offset; /* Offset of this field in structure */ + const char *field_name; /* Field name */ + ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ }; /* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */ @@ -361,33 +335,33 @@ typedef struct asn1_must_be_null_st ASN1_MUST_BE_NULL; struct ASN1_ADB_st { - uint32_t flags; /* Various flags */ - unsigned long offset; /* Offset of selector field */ - ASN1_MUST_BE_NULL *unused; - const ASN1_ADB_TABLE *tbl; /* Table of possible types */ - long tblcount; /* Number of entries in tbl */ - const ASN1_TEMPLATE *default_tt; /* Type to use if no match */ - const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */ + uint32_t flags; /* Various flags */ + unsigned long offset; /* Offset of selector field */ + ASN1_MUST_BE_NULL *unused; + const ASN1_ADB_TABLE *tbl; /* Table of possible types */ + long tblcount; /* Number of entries in tbl */ + const ASN1_TEMPLATE *default_tt; /* Type to use if no match */ + const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */ }; struct ASN1_ADB_TABLE_st { - int value; /* NID for an object */ - const ASN1_TEMPLATE tt; /* item for this value */ + int value; /* NID for an object */ + const ASN1_TEMPLATE tt; /* item for this value */ }; /* template flags */ /* Field is optional */ -#define ASN1_TFLG_OPTIONAL (0x1) +#define ASN1_TFLG_OPTIONAL (0x1) /* Field is a SET OF */ -#define ASN1_TFLG_SET_OF (0x1 << 1) +#define ASN1_TFLG_SET_OF (0x1 << 1) /* Field is a SEQUENCE OF */ -#define ASN1_TFLG_SEQUENCE_OF (0x2 << 1) +#define ASN1_TFLG_SEQUENCE_OF (0x2 << 1) /* Mask for SET OF or SEQUENCE OF */ -#define ASN1_TFLG_SK_MASK (0x3 << 1) +#define ASN1_TFLG_SK_MASK (0x3 << 1) /* These flags mean the tag should be taken from the * tag field. If EXPLICIT then the underlying type @@ -395,36 +369,36 @@ */ /* IMPLICIT tagging */ -#define ASN1_TFLG_IMPTAG (0x1 << 3) +#define ASN1_TFLG_IMPTAG (0x1 << 3) /* EXPLICIT tagging, inner tag from underlying type */ -#define ASN1_TFLG_EXPTAG (0x2 << 3) +#define ASN1_TFLG_EXPTAG (0x2 << 3) -#define ASN1_TFLG_TAG_MASK (0x3 << 3) +#define ASN1_TFLG_TAG_MASK (0x3 << 3) /* context specific IMPLICIT */ -#define ASN1_TFLG_IMPLICIT ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT +#define ASN1_TFLG_IMPLICIT ASN1_TFLG_IMPTAG | ASN1_TFLG_CONTEXT /* context specific EXPLICIT */ -#define ASN1_TFLG_EXPLICIT ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT +#define ASN1_TFLG_EXPLICIT ASN1_TFLG_EXPTAG | ASN1_TFLG_CONTEXT /* If tagging is in force these determine the * type of tag to use. Otherwise the tag is - * determined by the underlying type. These + * determined by the underlying type. These * values reflect the actual octet format. */ -/* Universal tag */ -#define ASN1_TFLG_UNIVERSAL (0x0<<6) -/* Application tag */ -#define ASN1_TFLG_APPLICATION (0x1<<6) -/* Context specific tag */ -#define ASN1_TFLG_CONTEXT (0x2<<6) -/* Private tag */ -#define ASN1_TFLG_PRIVATE (0x3<<6) +/* Universal tag */ +#define ASN1_TFLG_UNIVERSAL (0x0 << 6) +/* Application tag */ +#define ASN1_TFLG_APPLICATION (0x1 << 6) +/* Context specific tag */ +#define ASN1_TFLG_CONTEXT (0x2 << 6) +/* Private tag */ +#define ASN1_TFLG_PRIVATE (0x3 << 6) -#define ASN1_TFLG_TAG_CLASS (0x3<<6) +#define ASN1_TFLG_TAG_CLASS (0x3 << 6) /* These are for ANY DEFINED BY type. In this case * the 'item' field points to an ASN1_ADB structure @@ -432,20 +406,21 @@ * relevant type */ -#define ASN1_TFLG_ADB_MASK (0x3<<8) +#define ASN1_TFLG_ADB_MASK (0x3 << 8) -#define ASN1_TFLG_ADB_OID (0x1<<8) +#define ASN1_TFLG_ADB_OID (0x1 << 8) /* This is the actual ASN1 item itself */ struct ASN1_ITEM_st { -char itype; /* The item type, primitive, SEQUENCE, CHOICE or extern */ -int utype; /* underlying type */ -const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains the contents */ -long tcount; /* Number of templates if SEQUENCE or CHOICE */ -const void *funcs; /* functions that handle this type */ -long size; /* Structure size (usually)*/ -const char *sname; /* Structure name */ + char itype; /* The item type, primitive, SEQUENCE, CHOICE or extern */ + int utype; /* underlying type */ + const ASN1_TEMPLATE + *templates; /* If SEQUENCE or CHOICE this contains the contents */ + long tcount; /* Number of templates if SEQUENCE or CHOICE */ + const void *funcs; /* functions that handle this type */ + long size; /* Structure size (usually)*/ + const char *sname; /* Structure name */ }; /* These are values for the itype field and @@ -454,7 +429,7 @@ * For PRIMITIVE types the underlying type * determines the behaviour if items is NULL. * - * Otherwise templates must contain a single + * Otherwise templates must contain a single * template and the type is treated in the * same way as the type specified in the template. * @@ -468,7 +443,7 @@ * selector. * * The 'funcs' field is used for application - * specific functions. + * specific functions. * * The EXTERN type uses a new style d2i/i2d. * The new style should be used where possible @@ -484,15 +459,15 @@ * */ -#define ASN1_ITYPE_PRIMITIVE 0x0 +#define ASN1_ITYPE_PRIMITIVE 0x0 -#define ASN1_ITYPE_SEQUENCE 0x1 +#define ASN1_ITYPE_SEQUENCE 0x1 -#define ASN1_ITYPE_CHOICE 0x2 +#define ASN1_ITYPE_CHOICE 0x2 -#define ASN1_ITYPE_EXTERN 0x4 +#define ASN1_ITYPE_EXTERN 0x4 -#define ASN1_ITYPE_MSTRING 0x5 +#define ASN1_ITYPE_MSTRING 0x5 /* Deprecated tag and length cache */ struct ASN1_TLC_st; @@ -507,7 +482,7 @@ * used. This is most useful where the supplied routines * *almost* do the right thing but need some extra help * at a few points. If the callback returns zero then - * it is assumed a fatal error has occurred and the + * it is assumed a fatal error has occurred and the * main operation should be abandoned. * * If major changes in the default behaviour are required @@ -515,142 +490,129 @@ */ typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it, - void *exarg); + void *exarg); typedef struct ASN1_AUX_st { - void *app_data; - uint32_t flags; - int ref_offset; /* Offset of reference value */ - ASN1_aux_cb *asn1_cb; - int enc_offset; /* Offset of ASN1_ENCODING structure */ + void *app_data; + uint32_t flags; + int ref_offset; /* Offset of reference value */ + ASN1_aux_cb *asn1_cb; + int enc_offset; /* Offset of ASN1_ENCODING structure */ } ASN1_AUX; /* Flags in ASN1_AUX */ /* Use a reference count */ -#define ASN1_AFLG_REFCOUNT 1 +#define ASN1_AFLG_REFCOUNT 1 /* Save the encoding of structure (useful for signatures) */ -#define ASN1_AFLG_ENCODING 2 +#define ASN1_AFLG_ENCODING 2 /* operation values for asn1_cb */ -#define ASN1_OP_NEW_PRE 0 -#define ASN1_OP_NEW_POST 1 -#define ASN1_OP_FREE_PRE 2 -#define ASN1_OP_FREE_POST 3 -#define ASN1_OP_D2I_PRE 4 -#define ASN1_OP_D2I_POST 5 +#define ASN1_OP_NEW_PRE 0 +#define ASN1_OP_NEW_POST 1 +#define ASN1_OP_FREE_PRE 2 +#define ASN1_OP_FREE_POST 3 +#define ASN1_OP_D2I_PRE 4 +#define ASN1_OP_D2I_POST 5 /* ASN1_OP_I2D_PRE and ASN1_OP_I2D_POST are not supported. We leave the * constants undefined so code relying on them does not accidentally compile. */ -#define ASN1_OP_PRINT_PRE 8 -#define ASN1_OP_PRINT_POST 9 -#define ASN1_OP_STREAM_PRE 10 -#define ASN1_OP_STREAM_POST 11 -#define ASN1_OP_DETACHED_PRE 12 -#define ASN1_OP_DETACHED_POST 13 +#define ASN1_OP_PRINT_PRE 8 +#define ASN1_OP_PRINT_POST 9 +#define ASN1_OP_STREAM_PRE 10 +#define ASN1_OP_STREAM_POST 11 +#define ASN1_OP_DETACHED_PRE 12 +#define ASN1_OP_DETACHED_POST 13 /* Macro to implement a primitive type */ #define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0) -#define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \ - ASN1_ITEM_start(itname) \ - ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \ - ASN1_ITEM_end(itname) +#define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \ + ASN1_ITEM_start(itname) ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, \ + #itname ASN1_ITEM_end(itname) /* Macro to implement a multi string type */ -#define IMPLEMENT_ASN1_MSTRING(itname, mask) \ - ASN1_ITEM_start(itname) \ - ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \ - ASN1_ITEM_end(itname) +#define IMPLEMENT_ASN1_MSTRING(itname, mask) \ + ASN1_ITEM_start(itname) ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, \ + sizeof(ASN1_STRING), #itname ASN1_ITEM_end(itname) -#define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \ - ASN1_ITEM_start(sname) \ - ASN1_ITYPE_EXTERN, \ - tag, \ - NULL, \ - 0, \ - &fptrs, \ - 0, \ - #sname \ - ASN1_ITEM_end(sname) +#define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \ + ASN1_ITEM_start(sname) ASN1_ITYPE_EXTERN, tag, NULL, 0, &fptrs, 0, \ + #sname ASN1_ITEM_end(sname) /* Macro to implement standard functions in terms of ASN1_ITEM structures */ -#define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname) +#define IMPLEMENT_ASN1_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname) -#define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname) +#define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) \ + IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname) #define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \ - IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) + IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) #define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \ - IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname) + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname) #define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \ - IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname) + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname) #define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \ - pre stname *fname##_new(void) \ - { \ - return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ - } \ - pre void fname##_free(stname *a) \ - { \ - ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ - } + pre stname *fname##_new(void) { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + pre void fname##_free(stname *a) { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } #define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \ - stname *fname##_new(void) \ - { \ - return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ - } \ - void fname##_free(stname *a) \ - { \ - ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ - } + stname *fname##_new(void) { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + void fname##_free(stname *a) { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } -#define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \ - IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ - IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) +#define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) -#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ - stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ - { \ - return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ - } \ - int i2d_##fname(stname *a, unsigned char **out) \ - { \ - return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ - } +#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ + stname *d2i_##fname(stname **a, const unsigned char **in, long len) { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, \ + ASN1_ITEM_rptr(itname)); \ + } \ + int i2d_##fname(stname *a, unsigned char **out) { \ + return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname)); \ + } /* This includes evil casts to remove const: they will go away when full * ASN1 constification is done. */ #define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ - stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ - { \ - return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ - } \ - int i2d_##fname(const stname *a, unsigned char **out) \ - { \ - return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ - } - -#define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \ - stname *stname##_dup(stname *x) { \ - return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \ + stname *d2i_##fname(stname **a, const unsigned char **in, long len) { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, \ + ASN1_ITEM_rptr(itname)); \ + } \ + int i2d_##fname(const stname *a, unsigned char **out) { \ + return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname)); \ } -#define IMPLEMENT_ASN1_DUP_FUNCTION_const(stname) \ - stname *stname##_dup(const stname *x) { \ - return ASN1_item_dup(ASN1_ITEM_rptr(stname), (void *)x); \ +#define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \ + stname *stname##_dup(stname *x) { \ + return (stname *)ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \ + } + +#define IMPLEMENT_ASN1_DUP_FUNCTION_const(stname) \ + stname *stname##_dup(const stname *x) { \ + return (stname *)ASN1_item_dup(ASN1_ITEM_rptr(stname), (void *)x); \ } #define IMPLEMENT_ASN1_FUNCTIONS_const(name) \ - IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name) + IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name) -#define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \ - IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ - IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) +#define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) /* external definitions for primitive types */
diff --git a/include/openssl/base.h b/include/openssl/base.h index e95efba..ecd878a 100644 --- a/include/openssl/base.h +++ b/include/openssl/base.h
@@ -171,8 +171,8 @@ // https://sourceforge.net/p/mingw-w64/wiki2/gnu%20printf/. #if defined(__MINGW_PRINTF_FORMAT) #define OPENSSL_PRINTF_FORMAT_FUNC(string_index, first_to_check) \ - __attribute__( \ - (__format__(__MINGW_PRINTF_FORMAT, string_index, first_to_check))) + __attribute__(( \ + __format__(__MINGW_PRINTF_FORMAT, string_index, first_to_check))) #else #define OPENSSL_PRINTF_FORMAT_FUNC(string_index, first_to_check) \ __attribute__((__format__(__printf__, string_index, first_to_check))) @@ -197,6 +197,13 @@ #if defined(__GNUC__) || defined(__clang__) #define OPENSSL_UNUSED __attribute__((unused)) +#elif defined(_MSC_VER) +// __pragma wants to be on a separate line. The following is what it takes to +// stop clang-format from messing with that. +// clang-format off +#define OPENSSL_UNUSED __pragma(warning(suppress : 4505)) \ +/* */ +// clang-format on #else #define OPENSSL_UNUSED #endif @@ -438,7 +445,7 @@ #define BORINGSSL_NO_CXX #endif -} // extern C++ +} // extern C++ #endif // !BORINGSSL_NO_CXX #if defined(BORINGSSL_NO_CXX) @@ -482,7 +489,7 @@ ~StackAllocated() { cleanup(&ctx_); } StackAllocated(const StackAllocated &) = delete; - StackAllocated& operator=(const StackAllocated &) = delete; + StackAllocated &operator=(const StackAllocated &) = delete; T *get() { return &ctx_; } const T *get() const { return &ctx_; }
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index c463195..bb7b257 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h
@@ -6144,7 +6144,6 @@ #define SSL_R_WRONG_VERSION_ON_EARLY_DATA 278 #define SSL_R_UNEXPECTED_EXTENSION_ON_EARLY_DATA 279 #define SSL_R_NO_SUPPORTED_VERSIONS_ENABLED 280 -#define SSL_R_APPLICATION_DATA_INSTEAD_OF_HANDSHAKE 281 #define SSL_R_EMPTY_HELLO_RETRY_REQUEST 282 #define SSL_R_EARLY_DATA_NOT_IN_USE 283 #define SSL_R_HANDSHAKE_NOT_COMPLETE 284
diff --git a/ssl/s3_both.cc b/ssl/s3_both.cc index 6912dc4..0bd75f0 100644 --- a/ssl/s3_both.cc +++ b/ssl/s3_both.cc
@@ -385,7 +385,7 @@ return ssl_open_record_partial; } - CBS v2_client_hello = CBS(ssl->s3->read_buffer.span().subspan(2, msg_length)); + CBS v2_client_hello = CBS(in.subspan(2, msg_length)); // The V2ClientHello without the length is incorporated into the handshake // hash. This is only ever called at the start of the handshake, so hs is // guaranteed to be non-NULL. @@ -619,17 +619,6 @@ return ret; } - // WatchGuard's TLS 1.3 interference bug is very distinctive: they drop the - // ServerHello and send the remaining encrypted application data records - // as-is. This manifests as an application data record when we expect - // handshake. Report a dedicated error code for this case. - if (!ssl->server && type == SSL3_RT_APPLICATION_DATA && - ssl->s3->aead_read_ctx->is_null_cipher()) { - OPENSSL_PUT_ERROR(SSL, SSL_R_APPLICATION_DATA_INSTEAD_OF_HANDSHAKE); - *out_alert = SSL_AD_UNEXPECTED_MESSAGE; - return ssl_open_record_error; - } - if (type != SSL3_RT_HANDSHAKE) { OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_RECORD); *out_alert = SSL_AD_UNEXPECTED_MESSAGE;
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go index b7481c1..1e9ca3c 100644 --- a/ssl/test/runner/runner.go +++ b/ssl/test/runner/runner.go
@@ -2490,7 +2490,7 @@ }, }, shouldFail: true, - expectedError: ":APPLICATION_DATA_INSTEAD_OF_HANDSHAKE:", + expectedError: ":UNEXPECTED_RECORD:", }, { name: "AppDataBeforeHandshake-Empty", @@ -2500,7 +2500,7 @@ }, }, shouldFail: true, - expectedError: ":APPLICATION_DATA_INSTEAD_OF_HANDSHAKE:", + expectedError: ":UNEXPECTED_RECORD:", }, { protocol: dtls, @@ -2728,7 +2728,7 @@ }, shimWritesFirst: true, shouldFail: true, - expectedError: ":APPLICATION_DATA_INSTEAD_OF_HANDSHAKE:", + expectedError: ":UNEXPECTED_RECORD:", }, { name: "FalseStart-SkipServerSecondLeg-Implicit", @@ -2749,7 +2749,7 @@ "-advertise-alpn", "\x03foo", }, shouldFail: true, - expectedError: ":APPLICATION_DATA_INSTEAD_OF_HANDSHAKE:", + expectedError: ":UNEXPECTED_RECORD:", }, { testType: serverTest,
diff --git a/third_party/fiat/curve25519_32.h b/third_party/fiat/curve25519_32.h index cb83c60..45dd682 100644 --- a/third_party/fiat/curve25519_32.h +++ b/third_party/fiat/curve25519_32.h
@@ -928,6 +928,8 @@ out1[9] = x10; } +/* Not used in BoringSSL. */ +#if 0 /* * The function fiat_25519_selectznz is a multi-limb conditional select. * @@ -973,6 +975,7 @@ out1[8] = x9; out1[9] = x10; } +#endif /* * The function fiat_25519_to_bytes serializes a field element to bytes in little-endian order. @@ -1410,6 +1413,8 @@ out1[9] = x78; } +/* Not used in BoringSSL. */ +#if 0 /* * The function fiat_25519_relax is the identity function converting from tight field elements to loose field elements. * @@ -1449,6 +1454,7 @@ out1[8] = x9; out1[9] = x10; } +#endif /* * The function fiat_25519_carry_scmul_121666 multiplies a field element by 121666 and reduces the result.
diff --git a/third_party/fiat/curve25519_64.h b/third_party/fiat/curve25519_64.h index faed049..ea5b78f 100644 --- a/third_party/fiat/curve25519_64.h +++ b/third_party/fiat/curve25519_64.h
@@ -471,6 +471,8 @@ out1[4] = x5; } +/* Not used in BoringSSL. */ +#if 0 /* * The function fiat_25519_selectznz is a multi-limb conditional select. * @@ -501,6 +503,7 @@ out1[3] = x4; out1[4] = x5; } +#endif /* * The function fiat_25519_to_bytes serializes a field element to bytes in little-endian order. @@ -877,6 +880,8 @@ out1[4] = x71; } +/* Not used in BoringSSL. */ +#if 0 /* * The function fiat_25519_relax is the identity function converting from tight field elements to loose field elements. * @@ -901,6 +906,7 @@ out1[3] = x4; out1[4] = x5; } +#endif /* * The function fiat_25519_carry_scmul_121666 multiplies a field element by 121666 and reduces the result.
diff --git a/third_party/fiat/curve25519_64_adx.h b/third_party/fiat/curve25519_64_adx.h index 8acfc1b..b902612 100644 --- a/third_party/fiat/curve25519_64_adx.h +++ b/third_party/fiat/curve25519_64_adx.h
@@ -611,7 +611,10 @@ uint8_t babs = b - ((bnegative & b) << 1); uint8_t t_bytes[3][32] = { - {constant_time_is_zero_w(b) & 1}, {constant_time_is_zero_w(b) & 1}, {0}}; + {static_cast<uint8_t>(constant_time_is_zero_w(b) & 1)}, + {static_cast<uint8_t>(constant_time_is_zero_w(b) & 1)}, + {0}, + }; #if defined(__clang__) __asm__("" : "+m" (t_bytes) : /*no inputs*/); #endif
diff --git a/third_party/fiat/p256_32.h b/third_party/fiat/p256_32.h index 3812d8c..e184049 100644 --- a/third_party/fiat/p256_32.h +++ b/third_party/fiat/p256_32.h
@@ -23,7 +23,7 @@ #if defined(__GNUC__) || defined(__clang__) # define FIAT_P256_FIAT_INLINE __inline__ #else -# define FIAT_P256_FIAT_INLINE +# define FIAT_P256_FIAT_INLINE inline #endif /* The type fiat_p256_montgomery_domain_field_element is a field element in the Montgomery domain. */
diff --git a/third_party/fiat/p256_64.h b/third_party/fiat/p256_64.h index 6667b31..48a1560 100644 --- a/third_party/fiat/p256_64.h +++ b/third_party/fiat/p256_64.h
@@ -1,8 +1,11 @@ #include <openssl/base.h> #include "../../crypto/internal.h" + #if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) && defined(__x86_64__) +extern "C" { void fiat_p256_adx_mul(uint64_t*, const uint64_t*, const uint64_t*); void fiat_p256_adx_sqr(uint64_t*, const uint64_t*); +} #endif /* Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --inline --static --use-value-barrier p256 64 '2^256 - 2^224 + 2^192 + 2^96 - 1' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp */
diff --git a/util/fipstools/CMakeLists.txt b/util/fipstools/CMakeLists.txt index 69e1284..ff33b4f 100644 --- a/util/fipstools/CMakeLists.txt +++ b/util/fipstools/CMakeLists.txt
@@ -1,6 +1,6 @@ add_executable( test_fips - test_fips.c + test_fips.cc ) target_link_libraries(test_fips crypto)
diff --git a/util/fipstools/delocate/delocate.go b/util/fipstools/delocate/delocate.go index 64eb0cf..fa3de15 100644 --- a/util/fipstools/delocate/delocate.go +++ b/util/fipstools/delocate/delocate.go
@@ -195,7 +195,7 @@ if len(args) < 1 { return nil, errors.New("comm directive has no arguments") } - d.bssAccessorsNeeded[args[0]] = args[0] + d.bssAccessorsNeeded[demangle(args[0])] = args[0] d.writeNode(statement) case "data": @@ -1303,7 +1303,7 @@ localSymbol := localTargetName(symbol) d.output.WriteString(fmt.Sprintf("\n%s:\n", localSymbol)) - d.bssAccessorsNeeded[symbol] = localSymbol + d.bssAccessorsNeeded[demangle(symbol)] = localSymbol } case ruleLabelContainingDirective: @@ -1813,6 +1813,42 @@ return "bcm_redirector_" + symbol } +// Optionally demangle C++ local variable names. +func demangle(symbol string) string { + if !strings.HasPrefix(symbol, "_Z") { + return symbol + } + + // The names must have the form "_ZL", followed by the length of the name + // in base 10, followed by the name. + if !strings.HasPrefix(symbol, "_ZL") { + panic("malformed symbol: starts with _Z but not _ZL") + } + + if len(symbol) < 4 { + panic("malformed symbol: too short") + } + + pos := 3 + for pos < len(symbol) && '0' <= symbol[pos] && symbol[pos] <= '9' { + pos++ + } + if pos == 3 { + panic("malformed symbol: no length digits") + } + + length, err := strconv.Atoi(symbol[3:pos]) + if err != nil { + panic("malformed symbol: invalid length") + } + + if len(symbol[pos:]) != length { + panic("malformed symbol: length mismatch") + } + + return symbol[pos:] +} + // sectionType returns the type of a section. I.e. a section called “.text.foo” // is a “.text” section. func sectionType(section string) (string, bool) {
diff --git a/util/fipstools/test_fips.c b/util/fipstools/test_fips.cc similarity index 92% rename from util/fipstools/test_fips.c rename to util/fipstools/test_fips.cc index d225a5d..aa81f42 100644 --- a/util/fipstools/test_fips.c +++ b/util/fipstools/test_fips.cc
@@ -50,7 +50,7 @@ } #endif -int main(int argc, char **argv) { +static int run_test() { // Ensure that the output is line-buffered rather than fully buffered. When // some of the tests fail, some of the output can otherwise be lost. setvbuf(stdout, NULL, _IOLBF, 0); @@ -58,14 +58,14 @@ if (!FIPS_mode()) { printf("Module not in FIPS mode\n"); - goto err; + return 0; } printf("Module is in FIPS mode\n"); const uint32_t module_version = FIPS_version(); if (module_version == 0) { printf("No module version set\n"); - goto err; + return 0; } printf("Module: '%s', version: %" PRIu32 " hash:\n", FIPS_module_name(), module_version); @@ -74,7 +74,7 @@ // |module_version| will be zero, so the non-FIPS build will never get // this far. printf("Non zero module version in non-FIPS build - should not happen!\n"); - goto err; + return 0; #else #if defined(OPENSSL_ASAN) printf("(not available when compiled for ASAN)"); @@ -82,23 +82,23 @@ hexdump(FIPS_module_hash(), SHA256_DIGEST_LENGTH); #endif - static const uint8_t kAESKey[16] = "BoringCrypto Key"; + static const uint8_t kAESKey[16] = "BoringCrypto Ky"; static const uint8_t kPlaintext[64] = - "BoringCryptoModule FIPS KAT Encryption and Decryption Plaintext!"; - static const DES_cblock kDESKey1 = {"BCMDESK1"}; - static const DES_cblock kDESKey2 = {"BCMDESK2"}; - static const DES_cblock kDESKey3 = {"BCMDESK3"}; - static const DES_cblock kDESIV = {"BCMDESIV"}; + "BoringCryptoModule FIPS KAT Encryption and Decryption Plaintext"; + static const DES_cblock kDESKey1 = {"BCMDES1"}; + static const DES_cblock kDESKey2 = {"BCMDES2"}; + static const DES_cblock kDESKey3 = {"BCMDES3"}; + static const DES_cblock kDESIV = {"BCMDESI"}; static const uint8_t kPlaintextSHA256[32] = { 0x37, 0xbd, 0x70, 0x53, 0x72, 0xfc, 0xd4, 0x03, 0x79, 0x70, 0xfb, 0x06, 0x95, 0xb1, 0x2a, 0x82, 0x48, 0xe1, 0x3e, 0xf2, 0x33, 0xfb, 0xef, 0x29, 0x81, 0x22, 0x45, 0x40, 0x43, 0x70, 0xce, 0x0f}; const uint8_t kDRBGEntropy[48] = - "DBRG Initial Entropy "; - const uint8_t kDRBGPersonalization[18] = "BCMPersonalization"; - const uint8_t kDRBGAD[16] = "BCM DRBG AD "; + "DBRG Initial Entropy "; + const uint8_t kDRBGPersonalization[19] = "BCMPersonalization"; + const uint8_t kDRBGAD[16] = "BCM DRBG AD "; const uint8_t kDRBGEntropy2[48] = - "DBRG Reseed Entropy "; + "DBRG Reseed Entropy "; AES_KEY aes_key; uint8_t aes_iv[16]; @@ -108,7 +108,7 @@ memset(aes_iv, 0, sizeof(aes_iv)); if (AES_set_encrypt_key(kAESKey, 8 * sizeof(kAESKey), &aes_key) != 0) { printf("AES_set_encrypt_key failed\n"); - goto err; + return 0; } printf("About to AES-CBC encrypt "); @@ -122,7 +122,7 @@ memset(aes_iv, 0, sizeof(aes_iv)); if (AES_set_decrypt_key(kAESKey, 8 * sizeof(kAESKey), &aes_key) != 0) { printf("AES decrypt failed\n"); - goto err; + return 0; } printf("About to AES-CBC decrypt "); hexdump(output, sizeof(kPlaintext)); @@ -138,7 +138,7 @@ if (!EVP_AEAD_CTX_init(&aead_ctx, EVP_aead_aes_128_gcm(), kAESKey, sizeof(kAESKey), 0, NULL)) { printf("EVP_AEAD_CTX_init failed\n"); - goto err; + return 0; } /* AES-GCM Encryption */ @@ -148,7 +148,7 @@ EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm()), kPlaintext, sizeof(kPlaintext), NULL, 0)) { printf("AES-GCM encrypt failed\n"); - goto err; + return 0; } printf(" got "); hexdump(output, out_len); @@ -160,7 +160,7 @@ EVP_AEAD_nonce_length(EVP_aead_aes_128_gcm()), output, out_len, NULL, 0)) { printf("AES-GCM decrypt failed\n"); - goto err; + return 0; } printf(" got "); hexdump(output, out_len); @@ -216,7 +216,7 @@ printf("About to generate RSA key\n"); if (!RSA_generate_key_fips(rsa_key, 2048, NULL)) { printf("RSA_generate_key_fips failed\n"); - goto err; + return 0; } /* RSA Sign */ @@ -226,7 +226,7 @@ if (!RSA_sign(NID_sha256, kPlaintextSHA256, sizeof(kPlaintextSHA256), output, &sig_len, rsa_key)) { printf("RSA Sign failed\n"); - goto err; + return 0; } printf(" got "); hexdump(output, sig_len); @@ -237,7 +237,7 @@ if (!RSA_verify(NID_sha256, kPlaintextSHA256, sizeof(kPlaintextSHA256), output, sig_len, rsa_key)) { printf("RSA Verify failed.\n"); - goto err; + return 0; } RSA_free(rsa_key); @@ -251,19 +251,19 @@ printf( "RSA_generate_key_fips unexpectedly succeeded with null output " "parameter\n"); - goto err; + return 0; } EC_KEY *ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); if (ec_key == NULL) { printf("invalid ECDSA key\n"); - goto err; + return 0; } printf("About to generate P-256 key\n"); if (!EC_KEY_generate_key_fips(ec_key)) { printf("EC_KEY_generate_key_fips failed\n"); - goto err; + return 0; } /* Primitive Z Computation */ @@ -277,7 +277,7 @@ z_result, sizeof(z_result), NULL) != sizeof(z_result)) { fprintf(stderr, "EC_POINT_mul failed.\n"); - goto err; + return 0; } EC_POINT_free(z_point); @@ -292,7 +292,7 @@ if (sig == NULL || !ECDSA_do_verify(kPlaintextSHA256, sizeof(kPlaintextSHA256), sig, ec_key)) { printf("ECDSA Sign/Verify PWCT failed.\n"); - goto err; + return 0; } ECDSA_SIG_free(sig); @@ -307,7 +307,7 @@ printf( "EC_KEY_generate_key_fips unexpectedly succeeded with a NULL output " "pointer.\n"); - goto err; + return 0; } /* ECDSA with an invalid public key. */ @@ -318,7 +318,7 @@ printf("Error while parsing invalid ECDSA public key\n"); } else { printf("Unexpected success while parsing invalid ECDSA public key\n"); - goto err; + return 0; } EC_KEY_free(ec_key); @@ -334,7 +334,7 @@ !CTR_DRBG_generate(&drbg, output, sizeof(output), kDRBGAD, sizeof(kDRBGAD))) { printf("DRBG failed\n"); - goto err; + return 0; } printf(" generated "); hexdump(output, sizeof(output)); @@ -347,7 +347,7 @@ sizeof(kAESKey), (const uint8_t *)"salt", 4, kPlaintextSHA256, sizeof(kPlaintextSHA256))) { fprintf(stderr, "HKDF failed.\n"); - goto err; + return 0; } printf(" got "); hexdump(hkdf_output, sizeof(hkdf_output)); @@ -360,7 +360,7 @@ sizeof(kPlaintextSHA256), kPlaintextSHA256, sizeof(kPlaintextSHA256))) { fprintf(stderr, "TLS v1.0 KDF failed.\n"); - goto err; + return 0; } printf(" got "); hexdump(tls10_output, sizeof(tls10_output)); @@ -373,7 +373,7 @@ sizeof(kPlaintextSHA256), kPlaintextSHA256, sizeof(kPlaintextSHA256))) { fprintf(stderr, "TLS v1.2 KDF failed.\n"); - goto err; + return 0; } printf(" got "); hexdump(tls12_output, sizeof(tls12_output)); @@ -386,7 +386,7 @@ sizeof(kAESKey), (const uint8_t *)"foo", 3, kPlaintextSHA256, sizeof(kPlaintextSHA256))) { fprintf(stderr, "TLS v1.3 KDF failed.\n"); - goto err; + return 0; } printf(" got "); hexdump(tls13_output, sizeof(tls13_output)); @@ -399,7 +399,7 @@ DH_compute_key_padded(dh_result, DH_get0_pub_key(dh), dh) != sizeof(dh_result)) { fprintf(stderr, "FFDH failed.\n"); - goto err; + return 0; } DH_free(dh); @@ -407,11 +407,15 @@ hexdump(dh_result, sizeof(dh_result)); printf("PASS\n"); - return 0; -#endif // !defined(BORINGSSL_FIPS) + return 1; +#endif // !defined(BORINGSSL_FIPS) +} -err: - printf("FAIL\n"); - fflush(stdout); - abort(); +int main(int argc, char **argv) { + if (!run_test()) { + printf("FAIL\n"); + fflush(stdout); + abort(); + } + return 0; }
diff --git a/util/pregenerate/build.go b/util/pregenerate/build.go index ca0cc96..d17ada0 100644 --- a/util/pregenerate/build.go +++ b/util/pregenerate/build.go
@@ -32,7 +32,7 @@ // patterns as in filepath.Glob. type InputTarget struct { build.Target - // ErrData contains a list of errordata files to combine into err_data.c. + // ErrData contains a list of errordata files to combine into err_data.cc. ErrData []string `json:"err_data,omitempty"` // The following fields define perlasm sources for the corresponding // architecture.
diff --git a/util/pregenerate/err_data.go b/util/pregenerate/err_data.go index 8d89d99..6757122 100644 --- a/util/pregenerate/err_data.go +++ b/util/pregenerate/err_data.go
@@ -125,14 +125,17 @@ func (st *stringList) WriteTo(out stringWriter, name string) { list := st.buildList() values := "kOpenSSL" + name + "Values" + out.WriteString("extern const uint32_t " + values + "[];\n") out.WriteString("const uint32_t " + values + "[] = {\n") for _, v := range list { fmt.Fprintf(out, " 0x%x,\n", v) } out.WriteString("};\n\n") + out.WriteString("extern const size_t " + values + "Len;\n") out.WriteString("const size_t " + values + "Len = sizeof(" + values + ") / sizeof(" + values + "[0]);\n\n") stringData := "kOpenSSL" + name + "StringData" + out.WriteString("extern const char " + stringData + "[];\n") out.WriteString("const char " + stringData + "[] =\n \"") for i, c := range st.stringData { if c == 0 { @@ -204,7 +207,7 @@ } func (t *ErrDataTask) Destination() string { - return path.Join("gen", t.TargetName, "err_data.c") + return path.Join("gen", t.TargetName, "err_data.cc") } func (t *ErrDataTask) Run() ([]byte, error) {