diff --git a/src/Certs.c b/src/Certs.c index 7b887eede..226c44809 100644 --- a/src/Certs.c +++ b/src/Certs.c @@ -62,11 +62,15 @@ void Certs_FreeChain( struct X509CertContext* ctx) { #include "Errors.h" #include "Funcs.h" /* === BEGIN OPENSSL HEADERS === */ -#include +typedef struct X509_ X509; +typedef struct X509_STORE_ X509_STORE; +typedef struct X509_STORE_CTX_ X509_STORE_CTX; +typedef struct OPENSSL_STACK_ OPENSSL_STACK; +typedef void (*OPENSSL_PopFunc)(void* data); static OPENSSL_STACK* (*_OPENSSL_sk_new_null)(void); int (*_OPENSSL_sk_push)(OPENSSL_STACK* st, const void* data); -void (*_OPENSSL_sk_pop_free)(OPENSSL_STACK* st, void (*func) (void*)); +void (*_OPENSSL_sk_pop_free)(OPENSSL_STACK* st, OPENSSL_PopFunc func); static X509* (*_d2i_X509)(X509** px, const unsigned char** in, int len); @@ -170,7 +174,7 @@ int Certs_VerifyChain(struct X509CertContext* chain) { } _X509_STORE_CTX_free(ctx); - _OPENSSL_sk_pop_free(inter, _X509_free); + _OPENSSL_sk_pop_free(inter, (OPENSSL_PopFunc)_X509_free); _X509_free(cert); return ret; diff --git a/third_party/bearssl/src/i32_add.c b/third_party/bearssl/src/i32_add.c deleted file mode 100644 index 620baffd7..000000000 --- a/third_party/bearssl/src/i32_add.c +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (c) 2016 Thomas Pornin - * - * Permission is hereby granted, free of charge, to any person obtaining - * a copy of this software and associated documentation files (the - * "Software"), to deal in the Software without restriction, including - * without limitation the rights to use, copy, modify, merge, publish, - * distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to - * the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -#include "inner.h" - -/* see inner.h */ -uint32_t -br_i32_add(uint32_t *a, const uint32_t *b, uint32_t ctl) -{ - uint32_t cc; - size_t u, m; - - cc = 0; - m = (a[0] + 63) >> 5; - for (u = 1; u < m; u ++) { - uint32_t aw, bw, naw; - - aw = a[u]; - bw = b[u]; - naw = aw + bw + cc; - - /* - * Carry is 1 if naw < aw. Carry is also 1 if naw == aw - * AND the carry was already 1. - */ - cc = (cc & EQ(naw, aw)) | LT(naw, aw); - a[u] = MUX(ctl, naw, aw); - } - return cc; -} diff --git a/third_party/bearssl/src/i32_bitlen.c b/third_party/bearssl/src/i32_bitlen.c deleted file mode 100644 index 40ce9fa0b..000000000 --- a/third_party/bearssl/src/i32_bitlen.c +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (c) 2016 Thomas Pornin - * - * Permission is hereby granted, free of charge, to any person obtaining - * a copy of this software and associated documentation files (the - * "Software"), to deal in the Software without restriction, including - * without limitation the rights to use, copy, modify, merge, publish, - * distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to - * the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -#include "inner.h" - -/* see inner.h */ -uint32_t -br_i32_bit_length(uint32_t *x, size_t xlen) -{ - uint32_t tw, twk; - - tw = 0; - twk = 0; - while (xlen -- > 0) { - uint32_t w, c; - - c = EQ(tw, 0); - w = x[xlen]; - tw = MUX(c, w, tw); - twk = MUX(c, (uint32_t)xlen, twk); - } - return (twk << 5) + BIT_LENGTH(tw); -} diff --git a/third_party/bearssl/src/i32_decmod.c b/third_party/bearssl/src/i32_decmod.c deleted file mode 100644 index a859af122..000000000 --- a/third_party/bearssl/src/i32_decmod.c +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright (c) 2016 Thomas Pornin - * - * Permission is hereby granted, free of charge, to any person obtaining - * a copy of this software and associated documentation files (the - * "Software"), to deal in the Software without restriction, including - * without limitation the rights to use, copy, modify, merge, publish, - * distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to - * the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -#include "inner.h" - -/* see inner.h */ -uint32_t -br_i32_decode_mod(uint32_t *x, const void *src, size_t len, const uint32_t *m) -{ - const unsigned char *buf; - uint32_t r; - size_t u, v, mlen; - - buf = src; - - /* - * First pass: determine whether the value fits. The 'r' value - * will contain the comparison result, as 0x00000000 (value is - * equal to the modulus), 0x00000001 (value is greater than the - * modulus), or 0xFFFFFFFF (value is lower than the modulus). - */ - mlen = (m[0] + 7) >> 3; - r = 0; - for (u = (mlen > len) ? mlen : len; u > 0; u --) { - uint32_t mb, xb; - - v = u - 1; - if (v >= mlen) { - mb = 0; - } else { - mb = (m[1 + (v >> 2)] >> ((v & 3) << 3)) & 0xFF; - } - if (v >= len) { - xb = 0; - } else { - xb = buf[len - u]; - } - r = MUX(EQ(r, 0), (uint32_t)CMP(xb, mb), r); - } - - /* - * Only r == 0xFFFFFFFF is acceptable. We want to set r to 0xFF if - * the value fits, 0x00 otherwise. - */ - r >>= 24; - br_i32_zero(x, m[0]); - u = (mlen > len) ? len : mlen; - while (u > 0) { - uint32_t xb; - - xb = buf[len - u] & r; - u --; - x[1 + (u >> 2)] |= xb << ((u & 3) << 3); - } - return r >> 7; -} diff --git a/third_party/bearssl/src/i32_decode.c b/third_party/bearssl/src/i32_decode.c deleted file mode 100644 index f28903846..000000000 --- a/third_party/bearssl/src/i32_decode.c +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright (c) 2016 Thomas Pornin - * - * Permission is hereby granted, free of charge, to any person obtaining - * a copy of this software and associated documentation files (the - * "Software"), to deal in the Software without restriction, including - * without limitation the rights to use, copy, modify, merge, publish, - * distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to - * the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -#include "inner.h" - -/* see inner.h */ -void -br_i32_decode(uint32_t *x, const void *src, size_t len) -{ - const unsigned char *buf; - size_t u, v; - - buf = src; - u = len; - v = 1; - for (;;) { - if (u < 4) { - uint32_t w; - - if (u < 2) { - if (u == 0) { - break; - } else { - w = buf[0]; - } - } else { - if (u == 2) { - w = br_dec16be(buf); - } else { - w = ((uint32_t)buf[0] << 16) - | br_dec16be(buf + 1); - } - } - x[v ++] = w; - break; - } else { - u -= 4; - x[v ++] = br_dec32be(buf + u); - } - } - x[0] = br_i32_bit_length(x + 1, v - 1); -} diff --git a/third_party/bearssl/src/i32_decred.c b/third_party/bearssl/src/i32_decred.c deleted file mode 100644 index dc476db0d..000000000 --- a/third_party/bearssl/src/i32_decred.c +++ /dev/null @@ -1,107 +0,0 @@ -/* - * Copyright (c) 2016 Thomas Pornin - * - * Permission is hereby granted, free of charge, to any person obtaining - * a copy of this software and associated documentation files (the - * "Software"), to deal in the Software without restriction, including - * without limitation the rights to use, copy, modify, merge, publish, - * distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to - * the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -#include "inner.h" - -/* see inner.h */ -void -br_i32_decode_reduce(uint32_t *x, - const void *src, size_t len, const uint32_t *m) -{ - uint32_t m_bitlen; - size_t mblen, k, q; - const unsigned char *buf; - - m_bitlen = m[0]; - - /* - * Special case for an invalid modulus. - */ - if (m_bitlen == 0) { - x[0] = 0; - return; - } - - /* - * Clear the destination. - */ - br_i32_zero(x, m_bitlen); - - /* - * First decode directly as many bytes as possible without - * reduction, taking care to leave a number of bytes which - * is a multiple of 4. - */ - mblen = (m_bitlen + 7) >> 3; - k = mblen - 1; - - /* - * Up to k bytes can be safely decoded. - */ - if (k >= len) { - br_i32_decode(x, src, len); - x[0] = m_bitlen; - return; - } - - /* - * We want to first inject some bytes with direct decoding, - * then extra bytes by whole 32-bit words. First compute - * the size that should be injected that way. - */ - buf = src; - q = (len - k + 3) & ~(size_t)3; - - /* - * It may happen that this is more than what we already have - * (by at most 3 bytes). Such a case may happen only with - * a very short modulus. In that case, we must process the first - * bytes "manually". - */ - if (q > len) { - int i; - uint32_t w; - - w = 0; - for (i = 0; i < 4; i ++) { - w <<= 8; - if (q <= len) { - w |= buf[len - q]; - } - q --; - } - br_i32_muladd_small(x, w, m); - } else { - br_i32_decode(x, buf, len - q); - x[0] = m_bitlen; - } - - /* - * At that point, we have exactly q bytes to inject, and q is - * a multiple of 4. - */ - for (k = len - q; k < len; k += 4) { - br_i32_muladd_small(x, br_dec32be(buf + k), m); - } -} diff --git a/third_party/bearssl/src/i32_encode.c b/third_party/bearssl/src/i32_encode.c deleted file mode 100644 index 303652f96..000000000 --- a/third_party/bearssl/src/i32_encode.c +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright (c) 2016 Thomas Pornin - * - * Permission is hereby granted, free of charge, to any person obtaining - * a copy of this software and associated documentation files (the - * "Software"), to deal in the Software without restriction, including - * without limitation the rights to use, copy, modify, merge, publish, - * distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to - * the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -#include "inner.h" - -/* see inner.h */ -void -br_i32_encode(void *dst, size_t len, const uint32_t *x) -{ - unsigned char *buf; - size_t k; - - buf = dst; - - /* - * Compute the announced size of x in bytes; extra bytes are - * filled with zeros. - */ - k = (x[0] + 7) >> 3; - while (len > k) { - *buf ++ = 0; - len --; - } - - /* - * Now we use k as index within x[]. That index starts at 1; - * we initialize it to the topmost complete word, and process - * any remaining incomplete word. - */ - k = (len + 3) >> 2; - switch (len & 3) { - case 3: - *buf ++ = x[k] >> 16; - /* fall through */ - case 2: - *buf ++ = x[k] >> 8; - /* fall through */ - case 1: - *buf ++ = x[k]; - k --; - } - - /* - * Encode all complete words. - */ - while (k > 0) { - br_enc32be(buf, x[k]); - k --; - buf += 4; - } -} diff --git a/third_party/bearssl/src/i32_fmont.c b/third_party/bearssl/src/i32_fmont.c deleted file mode 100644 index dc1c93440..000000000 --- a/third_party/bearssl/src/i32_fmont.c +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright (c) 2016 Thomas Pornin - * - * Permission is hereby granted, free of charge, to any person obtaining - * a copy of this software and associated documentation files (the - * "Software"), to deal in the Software without restriction, including - * without limitation the rights to use, copy, modify, merge, publish, - * distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to - * the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -#include "inner.h" - -/* see inner.h */ -void -br_i32_from_monty(uint32_t *x, const uint32_t *m, uint32_t m0i) -{ - size_t len, u, v; - - len = (m[0] + 31) >> 5; - for (u = 0; u < len; u ++) { - uint32_t f; - uint64_t cc; - - f = x[1] * m0i; - cc = 0; - for (v = 0; v < len; v ++) { - uint64_t z; - - z = (uint64_t)x[v + 1] + MUL(f, m[v + 1]) + cc; - cc = z >> 32; - if (v != 0) { - x[v] = (uint32_t)z; - } - } - x[len] = (uint32_t)cc; - } - - /* - * We may have to do an extra subtraction, but only if the - * value in x[] is indeed greater than or equal to that of m[], - * which is why we must do two calls (first call computes the - * carry, second call performs the subtraction only if the carry - * is 0). - */ - br_i32_sub(x, m, NOT(br_i32_sub(x, m, 0))); -} diff --git a/third_party/bearssl/src/i32_iszero.c b/third_party/bearssl/src/i32_iszero.c deleted file mode 100644 index 659df7f24..000000000 --- a/third_party/bearssl/src/i32_iszero.c +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright (c) 2016 Thomas Pornin - * - * Permission is hereby granted, free of charge, to any person obtaining - * a copy of this software and associated documentation files (the - * "Software"), to deal in the Software without restriction, including - * without limitation the rights to use, copy, modify, merge, publish, - * distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to - * the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -#include "inner.h" - -/* see inner.h */ -uint32_t -br_i32_iszero(const uint32_t *x) -{ - uint32_t z; - size_t u; - - z = 0; - for (u = (x[0] + 31) >> 5; u > 0; u --) { - z |= x[u]; - } - return ~(z | -z) >> 31; -} diff --git a/third_party/bearssl/src/i32_modpow.c b/third_party/bearssl/src/i32_modpow.c deleted file mode 100644 index 034aba06d..000000000 --- a/third_party/bearssl/src/i32_modpow.c +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright (c) 2016 Thomas Pornin - * - * Permission is hereby granted, free of charge, to any person obtaining - * a copy of this software and associated documentation files (the - * "Software"), to deal in the Software without restriction, including - * without limitation the rights to use, copy, modify, merge, publish, - * distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to - * the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -#include "inner.h" - -/* see inner.h */ -void -br_i32_modpow(uint32_t *x, - const unsigned char *e, size_t elen, - const uint32_t *m, uint32_t m0i, uint32_t *t1, uint32_t *t2) -{ - size_t mlen; - uint32_t k; - - /* - * 'mlen' is the length of m[] expressed in bytes (including - * the "bit length" first field). - */ - mlen = ((m[0] + 63) >> 5) * sizeof m[0]; - - /* - * Throughout the algorithm: - * -- t1[] is in Montgomery representation; it contains x, x^2, - * x^4, x^8... - * -- The result is accumulated, in normal representation, in - * the x[] array. - * -- t2[] is used as destination buffer for each multiplication. - * - * Note that there is no need to call br_i32_from_monty(). - */ - memcpy(t1, x, mlen); - br_i32_to_monty(t1, m); - br_i32_zero(x, m[0]); - x[1] = 1; - for (k = 0; k < ((uint32_t)elen << 3); k ++) { - uint32_t ctl; - - ctl = (e[elen - 1 - (k >> 3)] >> (k & 7)) & 1; - br_i32_montymul(t2, x, t1, m, m0i); - CCOPY(ctl, x, t2, mlen); - br_i32_montymul(t2, t1, t1, m, m0i); - memcpy(t1, t2, mlen); - } -} diff --git a/third_party/bearssl/src/i32_montmul.c b/third_party/bearssl/src/i32_montmul.c deleted file mode 100644 index 7edb376cd..000000000 --- a/third_party/bearssl/src/i32_montmul.c +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright (c) 2016 Thomas Pornin - * - * Permission is hereby granted, free of charge, to any person obtaining - * a copy of this software and associated documentation files (the - * "Software"), to deal in the Software without restriction, including - * without limitation the rights to use, copy, modify, merge, publish, - * distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to - * the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -#include "inner.h" - -/* see inner.h */ -void -br_i32_montymul(uint32_t *d, const uint32_t *x, const uint32_t *y, - const uint32_t *m, uint32_t m0i) -{ - size_t len, u, v; - uint64_t dh; - - len = (m[0] + 31) >> 5; - br_i32_zero(d, m[0]); - dh = 0; - for (u = 0; u < len; u ++) { - uint32_t f, xu; - uint64_t r1, r2, zh; - - xu = x[u + 1]; - f = (d[1] + x[u + 1] * y[1]) * m0i; - r1 = 0; - r2 = 0; - for (v = 0; v < len; v ++) { - uint64_t z; - uint32_t t; - - z = (uint64_t)d[v + 1] + MUL(xu, y[v + 1]) + r1; - r1 = z >> 32; - t = (uint32_t)z; - z = (uint64_t)t + MUL(f, m[v + 1]) + r2; - r2 = z >> 32; - if (v != 0) { - d[v] = (uint32_t)z; - } - } - zh = dh + r1 + r2; - d[len] = (uint32_t)zh; - dh = zh >> 32; - } - - /* - * d[] may still be greater than m[] at that point; notably, the - * 'dh' word may be non-zero. - */ - br_i32_sub(d, m, NEQ(dh, 0) | NOT(br_i32_sub(d, m, 0))); -} diff --git a/third_party/bearssl/src/i32_mulacc.c b/third_party/bearssl/src/i32_mulacc.c deleted file mode 100644 index 55da38580..000000000 --- a/third_party/bearssl/src/i32_mulacc.c +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright (c) 2016 Thomas Pornin - * - * Permission is hereby granted, free of charge, to any person obtaining - * a copy of this software and associated documentation files (the - * "Software"), to deal in the Software without restriction, including - * without limitation the rights to use, copy, modify, merge, publish, - * distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to - * the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -#include "inner.h" - -/* see inner.h */ -void -br_i32_mulacc(uint32_t *d, const uint32_t *a, const uint32_t *b) -{ - size_t alen, blen, u; - - alen = (a[0] + 31) >> 5; - blen = (b[0] + 31) >> 5; - d[0] = a[0] + b[0]; - for (u = 0; u < blen; u ++) { - uint32_t f; - size_t v; -#if BR_64 - uint64_t cc; -#else - uint32_t cc; -#endif - - f = b[1 + u]; - cc = 0; - for (v = 0; v < alen; v ++) { - uint64_t z; - - z = (uint64_t)d[1 + u + v] + MUL(f, a[1 + v]) + cc; - cc = z >> 32; - d[1 + u + v] = (uint32_t)z; - } - d[1 + u + alen] = (uint32_t)cc; - } -} diff --git a/third_party/bearssl/src/i32_muladd.c b/third_party/bearssl/src/i32_muladd.c deleted file mode 100644 index dd526ad5e..000000000 --- a/third_party/bearssl/src/i32_muladd.c +++ /dev/null @@ -1,138 +0,0 @@ -/* - * Copyright (c) 2016 Thomas Pornin - * - * Permission is hereby granted, free of charge, to any person obtaining - * a copy of this software and associated documentation files (the - * "Software"), to deal in the Software without restriction, including - * without limitation the rights to use, copy, modify, merge, publish, - * distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to - * the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -#include "inner.h" - -/* see inner.h */ -void -br_i32_muladd_small(uint32_t *x, uint32_t z, const uint32_t *m) -{ - uint32_t m_bitlen; - size_t u, mlen; - uint32_t a0, a1, b0, hi, g, q, tb; - uint32_t chf, clow, under, over; - uint64_t cc; - - /* - * We can test on the modulus bit length since we accept to - * leak that length. - */ - m_bitlen = m[0]; - if (m_bitlen == 0) { - return; - } - if (m_bitlen <= 32) { - x[1] = br_rem(x[1], z, m[1]); - return; - } - mlen = (m_bitlen + 31) >> 5; - - /* - * Principle: we estimate the quotient (x*2^32+z)/m by - * doing a 64/32 division with the high words. - * - * Let: - * w = 2^32 - * a = (w*a0 + a1) * w^N + a2 - * b = b0 * w^N + b2 - * such that: - * 0 <= a0 < w - * 0 <= a1 < w - * 0 <= a2 < w^N - * w/2 <= b0 < w - * 0 <= b2 < w^N - * a < w*b - * I.e. the two top words of a are a0:a1, the top word of b is - * b0, we ensured that b0 is "full" (high bit set), and a is - * such that the quotient q = a/b fits on one word (0 <= q < w). - * - * If a = b*q + r (with 0 <= r < q), we can estimate q by - * doing an Euclidean division on the top words: - * a0*w+a1 = b0*u + v (with 0 <= v < w) - * Then the following holds: - * 0 <= u <= w - * u-2 <= q <= u - */ - a0 = br_i32_word(x, m_bitlen - 32); - hi = x[mlen]; - memmove(x + 2, x + 1, (mlen - 1) * sizeof *x); - x[1] = z; - a1 = br_i32_word(x, m_bitlen - 32); - b0 = br_i32_word(m, m_bitlen - 32); - - /* - * We estimate a divisor q. If the quotient returned by br_div() - * is g: - * -- If a0 == b0 then g == 0; we want q = 0xFFFFFFFF. - * -- Otherwise: - * -- if g == 0 then we set q = 0; - * -- otherwise, we set q = g - 1. - * The properties described above then ensure that the true - * quotient is q-1, q or q+1. - */ - g = br_div(a0, a1, b0); - q = MUX(EQ(a0, b0), 0xFFFFFFFF, MUX(EQ(g, 0), 0, g - 1)); - - /* - * We subtract q*m from x (with the extra high word of value 'hi'). - * Since q may be off by 1 (in either direction), we may have to - * add or subtract m afterwards. - * - * The 'tb' flag will be true (1) at the end of the loop if the - * result is greater than or equal to the modulus (not counting - * 'hi' or the carry). - */ - cc = 0; - tb = 1; - for (u = 1; u <= mlen; u ++) { - uint32_t mw, zw, xw, nxw; - uint64_t zl; - - mw = m[u]; - zl = MUL(mw, q) + cc; - cc = (uint32_t)(zl >> 32); - zw = (uint32_t)zl; - xw = x[u]; - nxw = xw - zw; - cc += (uint64_t)GT(nxw, xw); - x[u] = nxw; - tb = MUX(EQ(nxw, mw), tb, GT(nxw, mw)); - } - - /* - * If we underestimated q, then either cc < hi (one extra bit - * beyond the top array word), or cc == hi and tb is true (no - * extra bit, but the result is not lower than the modulus). In - * these cases we must subtract m once. - * - * Otherwise, we may have overestimated, which will show as - * cc > hi (thus a negative result). Correction is adding m once. - */ - chf = (uint32_t)(cc >> 32); - clow = (uint32_t)cc; - over = chf | GT(clow, hi); - under = ~over & (tb | (~chf & LT(clow, hi))); - br_i32_add(x, m, over); - br_i32_sub(x, m, under); -} diff --git a/third_party/bearssl/src/i32_ninv32.c b/third_party/bearssl/src/i32_ninv32.c deleted file mode 100644 index 656443413..000000000 --- a/third_party/bearssl/src/i32_ninv32.c +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright (c) 2016 Thomas Pornin - * - * Permission is hereby granted, free of charge, to any person obtaining - * a copy of this software and associated documentation files (the - * "Software"), to deal in the Software without restriction, including - * without limitation the rights to use, copy, modify, merge, publish, - * distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to - * the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -#include "inner.h" - -/* see inner.h */ -uint32_t -br_i32_ninv32(uint32_t x) -{ - uint32_t y; - - y = 2 - x; - y *= 2 - y * x; - y *= 2 - y * x; - y *= 2 - y * x; - y *= 2 - y * x; - return MUX(x & 1, -y, 0); -} diff --git a/third_party/bearssl/src/i32_reduce.c b/third_party/bearssl/src/i32_reduce.c deleted file mode 100644 index 90fff092b..000000000 --- a/third_party/bearssl/src/i32_reduce.c +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright (c) 2016 Thomas Pornin - * - * Permission is hereby granted, free of charge, to any person obtaining - * a copy of this software and associated documentation files (the - * "Software"), to deal in the Software without restriction, including - * without limitation the rights to use, copy, modify, merge, publish, - * distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to - * the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -#include "inner.h" - -/* see inner.h */ -void -br_i32_reduce(uint32_t *x, const uint32_t *a, const uint32_t *m) -{ - uint32_t m_bitlen, a_bitlen; - size_t mlen, alen, u; - - m_bitlen = m[0]; - mlen = (m_bitlen + 31) >> 5; - - x[0] = m_bitlen; - if (m_bitlen == 0) { - return; - } - - /* - * If the source is shorter, then simply copy all words from a[] - * and zero out the upper words. - */ - a_bitlen = a[0]; - alen = (a_bitlen + 31) >> 5; - if (a_bitlen < m_bitlen) { - memcpy(x + 1, a + 1, alen * sizeof *a); - for (u = alen; u < mlen; u ++) { - x[u + 1] = 0; - } - return; - } - - /* - * The source length is at least equal to that of the modulus. - * We must thus copy N-1 words, and input the remaining words - * one by one. - */ - memcpy(x + 1, a + 2 + (alen - mlen), (mlen - 1) * sizeof *a); - x[mlen] = 0; - for (u = 1 + alen - mlen; u > 0; u --) { - br_i32_muladd_small(x, a[u], m); - } -} diff --git a/third_party/bearssl/src/i32_sub.c b/third_party/bearssl/src/i32_sub.c deleted file mode 100644 index 9c5002382..000000000 --- a/third_party/bearssl/src/i32_sub.c +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (c) 2016 Thomas Pornin - * - * Permission is hereby granted, free of charge, to any person obtaining - * a copy of this software and associated documentation files (the - * "Software"), to deal in the Software without restriction, including - * without limitation the rights to use, copy, modify, merge, publish, - * distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to - * the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -#include "inner.h" - -/* see inner.h */ -uint32_t -br_i32_sub(uint32_t *a, const uint32_t *b, uint32_t ctl) -{ - uint32_t cc; - size_t u, m; - - cc = 0; - m = (a[0] + 63) >> 5; - for (u = 1; u < m; u ++) { - uint32_t aw, bw, naw; - - aw = a[u]; - bw = b[u]; - naw = aw - bw - cc; - - /* - * Carry is 1 if naw > aw. Carry is 1 also if naw == aw - * AND the carry was already 1. - */ - cc = (cc & EQ(naw, aw)) | GT(naw, aw); - a[u] = MUX(ctl, naw, aw); - } - return cc; -} diff --git a/third_party/bearssl/src/i32_tmont.c b/third_party/bearssl/src/i32_tmont.c deleted file mode 100644 index 058cd8868..000000000 --- a/third_party/bearssl/src/i32_tmont.c +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright (c) 2016 Thomas Pornin - * - * Permission is hereby granted, free of charge, to any person obtaining - * a copy of this software and associated documentation files (the - * "Software"), to deal in the Software without restriction, including - * without limitation the rights to use, copy, modify, merge, publish, - * distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to - * the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -#include "inner.h" - -/* see inner.h */ -void -br_i32_to_monty(uint32_t *x, const uint32_t *m) -{ - uint32_t k; - - for (k = (m[0] + 31) >> 5; k > 0; k --) { - br_i32_muladd_small(x, 0, m); - } -} diff --git a/third_party/bearssl/src/x509_knownkey.c b/third_party/bearssl/src/x509_knownkey.c deleted file mode 100644 index 7674f3fd0..000000000 --- a/third_party/bearssl/src/x509_knownkey.c +++ /dev/null @@ -1,105 +0,0 @@ -/* - * Copyright (c) 2016 Thomas Pornin - * - * Permission is hereby granted, free of charge, to any person obtaining - * a copy of this software and associated documentation files (the - * "Software"), to deal in the Software without restriction, including - * without limitation the rights to use, copy, modify, merge, publish, - * distribute, sublicense, and/or sell copies of the Software, and to - * permit persons to whom the Software is furnished to do so, subject to - * the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -#include "inner.h" - -/* see bearssl_x509.h */ -void -br_x509_knownkey_init_rsa(br_x509_knownkey_context *ctx, - const br_rsa_public_key *pk, unsigned usages) -{ - ctx->vtable = &br_x509_knownkey_vtable; - ctx->pkey.key_type = BR_KEYTYPE_RSA; - ctx->pkey.key.rsa = *pk; - ctx->usages = usages; -} - -/* see bearssl_x509.h */ -void -br_x509_knownkey_init_ec(br_x509_knownkey_context *ctx, - const br_ec_public_key *pk, unsigned usages) -{ - ctx->vtable = &br_x509_knownkey_vtable; - ctx->pkey.key_type = BR_KEYTYPE_EC; - ctx->pkey.key.ec = *pk; - ctx->usages = usages; -} - -static void -kk_start_chain(const br_x509_class **ctx, const char *server_name) -{ - (void)ctx; - (void)server_name; -} - -static void -kk_start_cert(const br_x509_class **ctx, uint32_t length) -{ - (void)ctx; - (void)length; -} - -static void -kk_append(const br_x509_class **ctx, const unsigned char *buf, size_t len) -{ - (void)ctx; - (void)buf; - (void)len; -} - -static void -kk_end_cert(const br_x509_class **ctx) -{ - (void)ctx; -} - -static unsigned -kk_end_chain(const br_x509_class **ctx) -{ - (void)ctx; - return 0; -} - -static const br_x509_pkey * -kk_get_pkey(const br_x509_class *const *ctx, unsigned *usages) -{ - const br_x509_knownkey_context *xc; - - xc = (const br_x509_knownkey_context *)ctx; - if (usages != NULL) { - *usages = xc->usages; - } - return &xc->pkey; -} - -/* see bearssl_x509.h */ -const br_x509_class br_x509_knownkey_vtable = { - sizeof(br_x509_knownkey_context), - kk_start_chain, - kk_start_cert, - kk_append, - kk_end_cert, - kk_end_chain, - kk_get_pkey -};