diff options
author | Robert Sloan <varomodt@google.com> | 2017-03-13 08:03:59 -0700 |
---|---|---|
committer | Robert Sloan <varomodt@google.com> | 2017-03-13 08:04:08 -0700 |
commit | 1c9db5392e4ec0845f9a934061677636f5400d14 (patch) | |
tree | 72f78bdf659aa12daca5389c5d9bbd96e4278ff9 /src/crypto | |
parent | 7d422bcfd9ada9af993f3f332e789ff2d4928c3e (diff) | |
download | boringssl-1c9db5392e4ec0845f9a934061677636f5400d14.tar.gz |
external/boringssl: Sync to 2070f8ad9151dc8f3a73bffaa146b5e6937a583f.android-n-mr2-preview-2
This includes the following changes:
https://boringssl.googlesource.com/boringssl/+log/8ebeabf0e2e01b331e56d0a491c12539baa55d3d..2070f8ad9151dc8f3a73bffaa146b5e6937a583f
Test: BoringSSL CTS Presubmits
Change-Id: Ia779c6476e45c44e426e09afeca65b2192e783ae
Diffstat (limited to 'src/crypto')
-rwxr-xr-x | src/crypto/bn/asm/rsaz-avx2.pl | 4 | ||||
-rw-r--r-- | src/crypto/bn/montgomery.c | 51 | ||||
-rw-r--r-- | src/crypto/err/ssl.errordata | 4 | ||||
-rw-r--r-- | src/crypto/x509v3/v3_pci.c | 33 |
4 files changed, 41 insertions, 51 deletions
diff --git a/src/crypto/bn/asm/rsaz-avx2.pl b/src/crypto/bn/asm/rsaz-avx2.pl index 5562d691..60c4ca23 100755 --- a/src/crypto/bn/asm/rsaz-avx2.pl +++ b/src/crypto/bn/asm/rsaz-avx2.pl @@ -84,8 +84,8 @@ die "can't locate x86_64-xlate.pl"; # output, so this isn't useful anyway. # # TODO(davidben): Enable these after testing. $avx goes up to 2 and $addx to 1. -$avx = 0; -$addx = 0; +$avx = 2; +$addx = 1; open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""; *STDOUT = *OUT; diff --git a/src/crypto/bn/montgomery.c b/src/crypto/bn/montgomery.c index aa5bc424..29e82a4c 100644 --- a/src/crypto/bn/montgomery.c +++ b/src/crypto/bn/montgomery.c @@ -125,6 +125,11 @@ #define OPENSSL_BN_ASM_MONT #endif +static int bn_mod_mul_montgomery_fallback(BIGNUM *r, const BIGNUM *a, + const BIGNUM *b, + const BN_MONT_CTX *mont, BN_CTX *ctx); + + BN_MONT_CTX *BN_MONT_CTX_new(void) { BN_MONT_CTX *ret = OPENSSL_malloc(sizeof(BN_MONT_CTX)); @@ -361,27 +366,43 @@ err: int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BN_MONT_CTX *mont, BN_CTX *ctx) { - BIGNUM *tmp; - int ret = 0; - -#if defined(OPENSSL_BN_ASM_MONT) +#if !defined(OPENSSL_BN_ASM_MONT) + return bn_mod_mul_montgomery_fallback(r, a, b, mont, ctx); +#else int num = mont->N.top; - if (num > 1 && a->top == num && b->top == num) { - if (bn_wexpand(r, num) == NULL) { - return 0; - } - if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) { - r->neg = a->neg ^ b->neg; - r->top = num; - bn_correct_top(r); - return 1; - } + /* |bn_mul_mont| requires at least 128 bits of limbs, at least for x86. */ + if (num < (128 / BN_BITS2) || + a->top != num || + b->top != num) { + return bn_mod_mul_montgomery_fallback(r, a, b, mont, ctx); + } + + if (bn_wexpand(r, num) == NULL) { + return 0; } + if (!bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) { + /* The check above ensures this won't happen. */ + assert(0); + OPENSSL_PUT_ERROR(BN, ERR_R_INTERNAL_ERROR); + return 0; + } + r->neg = a->neg ^ b->neg; + r->top = num; + bn_correct_top(r); + + return 1; #endif +} + +static int bn_mod_mul_montgomery_fallback(BIGNUM *r, const BIGNUM *a, + const BIGNUM *b, + const BN_MONT_CTX *mont, + BN_CTX *ctx) { + int ret = 0; BN_CTX_start(ctx); - tmp = BN_CTX_get(ctx); + BIGNUM *tmp = BN_CTX_get(ctx); if (tmp == NULL) { goto err; } diff --git a/src/crypto/err/ssl.errordata b/src/crypto/err/ssl.errordata index 106c4c43..7fddc983 100644 --- a/src/crypto/err/ssl.errordata +++ b/src/crypto/err/ssl.errordata @@ -22,10 +22,12 @@ SSL,261,BLOCK_CIPHER_PAD_IS_WRONG SSL,120,BN_LIB SSL,255,BUFFERED_MESSAGES_ON_CIPHER_CHANGE SSL,121,BUFFER_TOO_SMALL +SSL,275,CANNOT_HAVE_BOTH_PRIVKEY_AND_METHOD SSL,272,CANNOT_PARSE_LEAF_CERT SSL,122,CA_DN_LENGTH_MISMATCH SSL,123,CA_DN_TOO_LONG SSL,124,CCS_RECEIVED_EARLY +SSL,274,CERTIFICATE_AND_PRIVATE_KEY_MISMATCH SSL,125,CERTIFICATE_VERIFY_FAILED SSL,126,CERT_CB_ERROR SSL,127,CERT_LENGTH_MISMATCH @@ -71,7 +73,6 @@ SSL,269,INVALID_SCT_LIST SSL,160,INVALID_SSL_SESSION SSL,161,INVALID_TICKET_KEYS_LENGTH SSL,162,LENGTH_MISMATCH -SSL,163,LIBRARY_HAS_NO_CIPHERS SSL,164,MISSING_EXTENSION SSL,258,MISSING_KEY_SHARE SSL,165,MISSING_RSA_CERTIFICATE @@ -148,6 +149,7 @@ SSL,1043,SSLV3_ALERT_UNSUPPORTED_CERTIFICATE SSL,214,SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION SSL,215,SSL_HANDSHAKE_FAILURE SSL,216,SSL_SESSION_ID_CONTEXT_TOO_LONG +SSL,276,TICKET_ENCRYPTION_FAILED SSL,1049,TLSV1_ALERT_ACCESS_DENIED SSL,1050,TLSV1_ALERT_DECODE_ERROR SSL,1021,TLSV1_ALERT_DECRYPTION_FAILED diff --git a/src/crypto/x509v3/v3_pci.c b/src/crypto/x509v3/v3_pci.c index 68dca5e7..4352abee 100644 --- a/src/crypto/x509v3/v3_pci.c +++ b/src/crypto/x509v3/v3_pci.c @@ -35,7 +35,6 @@ * SUCH DAMAGE. */ -#include <stdio.h> #include <string.h> #include <openssl/conf.h> @@ -153,38 +152,6 @@ static int process_pci_value(CONF_VALUE *val, goto err; } OPENSSL_free(tmp_data2); - } else if (strncmp(val->value, "file:", 5) == 0) { - unsigned char buf[2048]; - int n; - BIO *b = BIO_new_file(val->value + 5, "r"); - if (!b) { - OPENSSL_PUT_ERROR(X509V3, ERR_R_BIO_LIB); - X509V3_conf_err(val); - goto err; - } - while ((n = BIO_read(b, buf, sizeof(buf))) > 0 - || (n == 0 && BIO_should_retry(b))) { - if (!n) - continue; - - tmp_data = OPENSSL_realloc((*policy)->data, - (*policy)->length + n + 1); - - if (!tmp_data) - break; - - (*policy)->data = tmp_data; - OPENSSL_memcpy(&(*policy)->data[(*policy)->length], buf, n); - (*policy)->length += n; - (*policy)->data[(*policy)->length] = '\0'; - } - BIO_free_all(b); - - if (n < 0) { - OPENSSL_PUT_ERROR(X509V3, ERR_R_BIO_LIB); - X509V3_conf_err(val); - goto err; - } } else if (strncmp(val->value, "text:", 5) == 0) { val_len = strlen(val->value + 5); tmp_data = OPENSSL_realloc((*policy)->data, |