2014-12-19 15:30:07 -07:00
|
|
|
/* misc.c
|
|
|
|
|
*
|
2025-01-21 09:55:03 -07:00
|
|
|
* Copyright (C) 2006-2025 wolfSSL Inc.
|
2014-12-19 15:30:07 -07:00
|
|
|
*
|
2016-03-17 16:02:13 -06:00
|
|
|
* This file is part of wolfSSL.
|
2014-12-19 15:30:07 -07:00
|
|
|
*
|
2014-12-29 12:59:14 -07:00
|
|
|
* wolfSSL is free software; you can redistribute it and/or modify
|
2014-12-19 15:30:07 -07:00
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
2014-12-29 12:59:14 -07:00
|
|
|
* wolfSSL is distributed in the hope that it will be useful,
|
2014-12-19 15:30:07 -07:00
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
2016-03-17 16:02:13 -06:00
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
2014-12-19 15:30:07 -07:00
|
|
|
*/
|
2020-07-09 15:13:01 -07:00
|
|
|
/*
|
2014-12-19 15:30:07 -07:00
|
|
|
|
2020-07-09 15:13:01 -07:00
|
|
|
DESCRIPTION
|
|
|
|
|
This module implements the arithmetic-shift right, left, byte swapping, XOR,
|
|
|
|
|
masking and clearing memory logic.
|
2016-03-17 16:02:13 -06:00
|
|
|
|
2020-07-09 15:13:01 -07:00
|
|
|
*/
|
2014-12-19 15:30:07 -07:00
|
|
|
|
Add wolfcrypt/src/wolfssl_sources.h and wolfcrypt/src/wolfssl_sources_asm.h,
which force on BUILDING_WOLFSSL and do boilerplate includes, and update library
sources to include them at the top.
wolfssl_sources.h includes types.h, error-crypt.h, and logging.h, and
conditionally, config.h. settings.h and wc_port.h are unconditionally
included at the top of types.h.
wolfssl_sources_asm.h includes settings.h, and conditionally, config.h.
Add wolfssl_sources*.h to wolfcrypt/src/include.am, and to several IDE/ project
files.
Also added a TEST_WOLFSSL_SOURCES_INCLUSION_SEQUENCE clause in
wolfssl/wolfcrypt/settings.h to allow coverage testing.
In wolfcrypt/src/misc.c, retain existing ad hoc boilerplate includes, and use
them if WOLFSSL_VIS_FOR_TESTS, otherwise include the new wolfssl_sources.h.
Define WOLFSSL_VIS_FOR_TESTS at top of wolfcrypt/test/test.c.
Also renamed WOLFSSL_NEED_LINUX_CURRENT to WOLFSSL_LINUXKM_NEED_LINUX_CURRENT,
for clarity.
2025-04-04 16:51:04 -05:00
|
|
|
#ifdef WOLFSSL_VIS_FOR_TESTS
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
|
#include <config.h>
|
|
|
|
|
#endif
|
|
|
|
|
#include <wolfssl/wolfcrypt/settings.h>
|
|
|
|
|
#else
|
2025-04-04 18:44:12 -05:00
|
|
|
#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
|
Add wolfcrypt/src/wolfssl_sources.h and wolfcrypt/src/wolfssl_sources_asm.h,
which force on BUILDING_WOLFSSL and do boilerplate includes, and update library
sources to include them at the top.
wolfssl_sources.h includes types.h, error-crypt.h, and logging.h, and
conditionally, config.h. settings.h and wc_port.h are unconditionally
included at the top of types.h.
wolfssl_sources_asm.h includes settings.h, and conditionally, config.h.
Add wolfssl_sources*.h to wolfcrypt/src/include.am, and to several IDE/ project
files.
Also added a TEST_WOLFSSL_SOURCES_INCLUSION_SEQUENCE clause in
wolfssl/wolfcrypt/settings.h to allow coverage testing.
In wolfcrypt/src/misc.c, retain existing ad hoc boilerplate includes, and use
them if WOLFSSL_VIS_FOR_TESTS, otherwise include the new wolfssl_sources.h.
Define WOLFSSL_VIS_FOR_TESTS at top of wolfcrypt/test/test.c.
Also renamed WOLFSSL_NEED_LINUX_CURRENT to WOLFSSL_LINUXKM_NEED_LINUX_CURRENT,
for clarity.
2025-04-04 16:51:04 -05:00
|
|
|
#endif
|
2014-12-19 15:30:07 -07:00
|
|
|
|
2015-05-13 15:10:05 -07:00
|
|
|
#ifndef WOLF_CRYPT_MISC_C
|
|
|
|
|
#define WOLF_CRYPT_MISC_C
|
|
|
|
|
|
2014-12-29 12:59:14 -07:00
|
|
|
#include <wolfssl/wolfcrypt/misc.h>
|
2014-12-19 15:30:07 -07:00
|
|
|
|
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
|
|
|
/* inlining these functions is a huge speed increase and a small size decrease,
|
2014-12-19 15:30:07 -07:00
|
|
|
because the functions are smaller than function call setup/cleanup, e.g.,
|
|
|
|
|
md5 benchmark is twice as fast with inline. If you don't want it, then
|
2015-01-05 09:48:43 -07:00
|
|
|
define NO_INLINE and compile this file into wolfssl, otherwise it's used as
|
2014-12-19 15:30:07 -07:00
|
|
|
a source header
|
|
|
|
|
*/
|
|
|
|
|
|
2016-03-29 13:42:40 -06:00
|
|
|
/* Check for if compiling misc.c when not needed. */
|
|
|
|
|
#if !defined(WOLFSSL_MISC_INCLUDED) && !defined(NO_INLINE)
|
2018-01-17 13:27:59 -08:00
|
|
|
#ifndef WOLFSSL_IGNORE_FILE_WARN
|
|
|
|
|
#warning misc.c does not need to be compiled when using inline (NO_INLINE not defined)
|
|
|
|
|
#endif
|
2016-08-08 13:13:59 -07:00
|
|
|
|
|
|
|
|
#else
|
2014-12-19 15:30:07 -07:00
|
|
|
|
2016-12-28 11:18:41 -08:00
|
|
|
|
|
|
|
|
#if defined(__ICCARM__)
|
|
|
|
|
#include <intrinsics.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
|
2014-12-19 15:30:07 -07:00
|
|
|
#ifdef INTEL_INTRINSICS
|
|
|
|
|
|
|
|
|
|
#include <stdlib.h> /* get intrinsic definitions */
|
|
|
|
|
|
|
|
|
|
/* for non visual studio probably need no long version, 32 bit only
|
|
|
|
|
* i.e., _rotl and _rotr */
|
|
|
|
|
#pragma intrinsic(_lrotl, _lrotr)
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE word32 rotlFixed(word32 x, word32 y)
|
2014-12-19 15:30:07 -07:00
|
|
|
{
|
|
|
|
|
return y ? _lrotl(x, y) : x;
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE word32 rotrFixed(word32 x, word32 y)
|
2014-12-19 15:30:07 -07:00
|
|
|
{
|
|
|
|
|
return y ? _lrotr(x, y) : x;
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-22 16:44:19 +02:00
|
|
|
#elif defined(__CCRX__)
|
|
|
|
|
|
|
|
|
|
#include <builtin.h> /* get intrinsic definitions */
|
|
|
|
|
|
|
|
|
|
#if !defined(NO_INLINE)
|
|
|
|
|
|
|
|
|
|
#define rotlFixed(x, y) _builtin_rotl(x, y)
|
|
|
|
|
|
|
|
|
|
#define rotrFixed(x, y) _builtin_rotr(x, y)
|
|
|
|
|
|
|
|
|
|
#else /* create real function */
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE word32 rotlFixed(word32 x, word32 y)
|
2021-04-22 16:44:19 +02:00
|
|
|
{
|
|
|
|
|
return _builtin_rotl(x, y);
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE word32 rotrFixed(word32 x, word32 y)
|
2021-04-22 16:44:19 +02:00
|
|
|
{
|
|
|
|
|
return _builtin_rotr(x, y);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
|
2014-12-19 15:30:07 -07:00
|
|
|
#else /* generic */
|
2020-07-09 15:13:01 -07:00
|
|
|
/* This routine performs a left circular arithmetic shift of <x> by <y> value. */
|
2014-12-19 15:30:07 -07:00
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE word32 rotlFixed(word32 x, word32 y)
|
2014-12-19 15:30:07 -07:00
|
|
|
{
|
2023-02-10 11:48:59 +10:00
|
|
|
return (x << y) | (x >> (sizeof(x) * 8 - y));
|
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
|
|
|
}
|
2014-12-19 15:30:07 -07:00
|
|
|
|
2020-07-09 15:13:01 -07:00
|
|
|
/* This routine performs a right circular arithmetic shift of <x> by <y> value. */
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE word32 rotrFixed(word32 x, word32 y)
|
2014-12-19 15:30:07 -07:00
|
|
|
{
|
2023-02-10 11:48:59 +10:00
|
|
|
return (x >> y) | (x << (sizeof(x) * 8 - y));
|
2014-12-19 15:30:07 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#endif
|
|
|
|
|
|
2020-09-25 16:25:49 -06:00
|
|
|
/* This routine performs a left circular arithmetic shift of <x> by <y> value */
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE word16 rotlFixed16(word16 x, word16 y)
|
2020-09-25 16:25:49 -06:00
|
|
|
{
|
2024-12-18 11:51:06 -06:00
|
|
|
return (word16)((x << y) | (x >> (sizeof(x) * 8U - y)));
|
2020-09-25 16:25:49 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* This routine performs a right circular arithmetic shift of <x> by <y> value */
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE word16 rotrFixed16(word16 x, word16 y)
|
2020-09-25 16:25:49 -06:00
|
|
|
{
|
2024-12-18 11:51:06 -06:00
|
|
|
return (word16)((x >> y) | (x << (sizeof(x) * 8U - y)));
|
2020-09-25 16:25:49 -06:00
|
|
|
}
|
|
|
|
|
|
2020-07-09 15:13:01 -07:00
|
|
|
/* This routine performs a byte swap of 32-bit word value. */
|
2021-11-05 18:16:08 -05:00
|
|
|
#if defined(__CCRX__) && !defined(NO_INLINE) /* shortest version for CC-RX */
|
2021-04-22 16:44:19 +02:00
|
|
|
#define ByteReverseWord32(value) _builtin_revl(value)
|
|
|
|
|
#else
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE word32 ByteReverseWord32(word32 value)
|
2014-12-19 15:30:07 -07:00
|
|
|
{
|
|
|
|
|
#ifdef PPC_INTRINSICS
|
|
|
|
|
/* PPC: load reverse indexed instruction */
|
|
|
|
|
return (word32)__lwbrx(&value,0);
|
2016-12-13 10:24:55 -08:00
|
|
|
#elif defined(__ICCARM__)
|
|
|
|
|
return (word32)__REV(value);
|
2014-12-19 15:30:07 -07:00
|
|
|
#elif defined(KEIL_INTRINSICS)
|
|
|
|
|
return (word32)__rev(value);
|
2021-04-22 16:44:19 +02:00
|
|
|
#elif defined(__CCRX__)
|
|
|
|
|
return (word32)_builtin_revl(value);
|
2018-02-07 11:13:13 -08:00
|
|
|
#elif defined(WOLF_ALLOW_BUILTIN) && \
|
|
|
|
|
defined(__GNUC_PREREQ) && __GNUC_PREREQ(4, 3)
|
|
|
|
|
return (word32)__builtin_bswap32(value);
|
2020-12-07 11:02:15 +10:00
|
|
|
#elif defined(WOLFSSL_BYTESWAP32_ASM) && defined(__GNUC__) && \
|
|
|
|
|
defined(__aarch64__)
|
2020-10-14 14:08:06 +10:00
|
|
|
__asm__ volatile (
|
2020-12-07 11:02:15 +10:00
|
|
|
"REV32 %0, %0 \n"
|
2020-10-14 14:08:06 +10:00
|
|
|
: "+r" (value)
|
|
|
|
|
:
|
|
|
|
|
);
|
|
|
|
|
return value;
|
2020-12-07 11:02:15 +10:00
|
|
|
#elif defined(WOLFSSL_BYTESWAP32_ASM) && defined(__GNUC__) && \
|
|
|
|
|
(defined(__thumb__) || defined(__arm__))
|
2020-10-14 14:08:06 +10:00
|
|
|
__asm__ volatile (
|
2020-12-07 11:02:15 +10:00
|
|
|
"REV %0, %0 \n"
|
2020-10-14 14:08:06 +10:00
|
|
|
: "+r" (value)
|
|
|
|
|
:
|
|
|
|
|
);
|
|
|
|
|
return value;
|
2014-12-19 15:30:07 -07:00
|
|
|
#elif defined(FAST_ROTATE)
|
|
|
|
|
/* 5 instructions with rotate instruction, 9 without */
|
|
|
|
|
return (rotrFixed(value, 8U) & 0xff00ff00) |
|
|
|
|
|
(rotlFixed(value, 8U) & 0x00ff00ff);
|
|
|
|
|
#else
|
|
|
|
|
/* 6 instructions with rotate instruction, 8 without */
|
|
|
|
|
value = ((value & 0xFF00FF00) >> 8) | ((value & 0x00FF00FF) << 8);
|
|
|
|
|
return rotlFixed(value, 16U);
|
|
|
|
|
#endif
|
|
|
|
|
}
|
2021-04-22 16:44:19 +02:00
|
|
|
#endif /* __CCRX__ */
|
2020-07-09 15:13:01 -07:00
|
|
|
/* This routine performs a byte swap of words array of a given count. */
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in,
|
2014-12-19 15:30:07 -07:00
|
|
|
word32 byteCount)
|
|
|
|
|
{
|
2023-04-03 16:51:07 +10:00
|
|
|
word32 i;
|
2014-12-19 15:30:07 -07:00
|
|
|
|
2022-09-27 02:02:31 -05:00
|
|
|
#ifdef WOLFSSL_USE_ALIGN
|
2022-09-27 10:05:07 -05:00
|
|
|
if ((((size_t)in & 0x3) == 0) &&
|
|
|
|
|
(((size_t)out & 0x3) == 0))
|
2022-09-27 02:02:31 -05:00
|
|
|
#endif
|
2023-04-03 16:51:07 +10:00
|
|
|
{
|
|
|
|
|
word32 count = byteCount/(word32)sizeof(word32);
|
2022-09-27 02:02:31 -05:00
|
|
|
for (i = 0; i < count; i++)
|
|
|
|
|
out[i] = ByteReverseWord32(in[i]);
|
|
|
|
|
}
|
2023-04-03 16:51:07 +10:00
|
|
|
#ifdef WOLFSSL_USE_ALIGN
|
2025-02-26 20:55:56 -06:00
|
|
|
else if (((size_t)in & 0x3) == 0) {
|
|
|
|
|
byte *out_bytes = (byte *)out;
|
|
|
|
|
word32 scratch;
|
|
|
|
|
|
|
|
|
|
byteCount &= ~0x3U;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < byteCount; i += (word32)sizeof(word32)) {
|
|
|
|
|
scratch = ByteReverseWord32(*in++);
|
|
|
|
|
XMEMCPY(out_bytes + i, &scratch, sizeof(scratch));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else if (((size_t)out & 0x3) == 0) {
|
|
|
|
|
byte *in_bytes = (byte *)in;
|
|
|
|
|
word32 scratch;
|
|
|
|
|
|
|
|
|
|
byteCount &= ~0x3U;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < byteCount; i += (word32)sizeof(word32)) {
|
|
|
|
|
XMEMCPY(&scratch, in_bytes + i, sizeof(scratch));
|
|
|
|
|
*out++ = ByteReverseWord32(scratch);
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-09-27 02:02:31 -05:00
|
|
|
else {
|
|
|
|
|
byte *in_bytes = (byte *)in;
|
|
|
|
|
byte *out_bytes = (byte *)out;
|
|
|
|
|
word32 scratch;
|
|
|
|
|
|
|
|
|
|
byteCount &= ~0x3U;
|
|
|
|
|
|
2024-12-18 11:51:06 -06:00
|
|
|
for (i = 0; i < byteCount; i += (word32)sizeof(word32)) {
|
2022-09-27 02:02:31 -05:00
|
|
|
XMEMCPY(&scratch, in_bytes + i, sizeof(scratch));
|
|
|
|
|
scratch = ByteReverseWord32(scratch);
|
|
|
|
|
XMEMCPY(out_bytes + i, &scratch, sizeof(scratch));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2014-12-19 15:30:07 -07:00
|
|
|
}
|
|
|
|
|
|
fixes for gating and ARM32 alignment defects:
wolfcrypt/src/port/arm/armv8-aes.c: in the WOLFSSL_ARMASM_NO_HW_CRYPTO version of wc_AesSetKey(), copy the supplied userKey to a properly aligned buffer if necessary before calling AES_set_encrypt_key();
src/dtls13.c: in Dtls13GetRnMask(), if defined(WOLFSSL_LINUXKM)), return retval of wc_AesEncryptDirect();
wolfcrypt/src/misc.c: add readUnalignedWord32(), writeUnalignedWord32(), readUnalignedWords32(), and writeUnalignedWords32();
wolfcrypt/src/siphash.c: use readUnalignedWord64(), readUnalignedWord32(), and writeUnalignedWord64(), to avoid unaligned access faults, and fix cast in byte-reversing version of GET_U32().
2024-10-25 23:52:32 -05:00
|
|
|
WC_MISC_STATIC WC_INLINE word32 readUnalignedWord32(const byte *in)
|
|
|
|
|
{
|
|
|
|
|
if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0)
|
|
|
|
|
return *(word32 *)in;
|
|
|
|
|
else {
|
|
|
|
|
word32 out = 0; /* else CONFIG_FORTIFY_SOURCE -Wmaybe-uninitialized */
|
|
|
|
|
XMEMCPY(&out, in, sizeof(out));
|
|
|
|
|
return out;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
WC_MISC_STATIC WC_INLINE word32 writeUnalignedWord32(void *out, word32 in)
|
|
|
|
|
{
|
|
|
|
|
if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0)
|
|
|
|
|
*(word32 *)out = in;
|
|
|
|
|
else {
|
|
|
|
|
XMEMCPY(out, &in, sizeof(in));
|
|
|
|
|
}
|
|
|
|
|
return in;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
WC_MISC_STATIC WC_INLINE void readUnalignedWords32(word32 *out, const byte *in,
|
|
|
|
|
size_t count)
|
|
|
|
|
{
|
|
|
|
|
if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0) {
|
|
|
|
|
const word32 *in_word32 = (const word32 *)in;
|
|
|
|
|
while (count-- > 0)
|
|
|
|
|
*out++ = *in_word32++;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
XMEMCPY(out, in, count * sizeof(*out));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
WC_MISC_STATIC WC_INLINE void writeUnalignedWords32(byte *out, const word32 *in,
|
|
|
|
|
size_t count)
|
|
|
|
|
{
|
|
|
|
|
if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0) {
|
|
|
|
|
word32 *out_word32 = (word32 *)out;
|
|
|
|
|
while (count-- > 0)
|
|
|
|
|
*out_word32++ = *in++;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
XMEMCPY(out, in, count * sizeof(*in));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-06 17:27:10 +10:00
|
|
|
#if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_NO_WORD64_OPS)
|
2014-12-19 15:30:07 -07:00
|
|
|
|
wolfssl/wolfcrypt/types.h: when defining fallback do-nothing SAVE_VECTOR_REGISTERS2(), also define SAVE_VECTOR_REGISTERS2_DOES_NOTHING, and likewise for fallback CAN_SAVE_VECTOR_REGISTERS, define CAN_SAVE_VECTOR_REGISTERS_ALWAYS_TRUE;
wolfcrypt/src/aes.c:
* when SAVE_VECTOR_REGISTERS2_DOES_NOTHING, define do-nothing VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, to mollify Coverity CONSTANT_EXPRESSION_RESULT;
* in AesGcmDecryptUpdate_aesni(), omit " && (c != NULL)" clause from computation of endA argument to AesGcmAadUpdate_aesni(), to mollify Coverity FORWARD_NULL (impermissible nullness is already checked and BAD_FUNC_ARGed by the sole caller, wc_AesGcmDecryptUpdate());
wolfcrypt/src/misc.c: add readUnalignedWord64(), writeUnalignedWord64(), readUnalignedWords64(), and writeUnalignedWords64(), for safe word64 access to possibly-unaligned data;
wolfcrypt/src/wc_kyber_poly.c: use readUnalignedWords64() and readUnalignedWord64() to mitigate sanitizer-reported "load of misaligned address".
2024-09-27 17:15:17 -05:00
|
|
|
WC_MISC_STATIC WC_INLINE word64 readUnalignedWord64(const byte *in)
|
|
|
|
|
{
|
|
|
|
|
if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0)
|
|
|
|
|
return *(word64 *)in;
|
|
|
|
|
else {
|
fixes for gating and ARM32 alignment defects:
wolfcrypt/src/port/arm/armv8-aes.c: in the WOLFSSL_ARMASM_NO_HW_CRYPTO version of wc_AesSetKey(), copy the supplied userKey to a properly aligned buffer if necessary before calling AES_set_encrypt_key();
src/dtls13.c: in Dtls13GetRnMask(), if defined(WOLFSSL_LINUXKM)), return retval of wc_AesEncryptDirect();
wolfcrypt/src/misc.c: add readUnalignedWord32(), writeUnalignedWord32(), readUnalignedWords32(), and writeUnalignedWords32();
wolfcrypt/src/siphash.c: use readUnalignedWord64(), readUnalignedWord32(), and writeUnalignedWord64(), to avoid unaligned access faults, and fix cast in byte-reversing version of GET_U32().
2024-10-25 23:52:32 -05:00
|
|
|
word64 out = 0; /* else CONFIG_FORTIFY_SOURCE -Wmaybe-uninitialized */
|
|
|
|
|
XMEMCPY(&out, in, sizeof(out));
|
wolfssl/wolfcrypt/types.h: when defining fallback do-nothing SAVE_VECTOR_REGISTERS2(), also define SAVE_VECTOR_REGISTERS2_DOES_NOTHING, and likewise for fallback CAN_SAVE_VECTOR_REGISTERS, define CAN_SAVE_VECTOR_REGISTERS_ALWAYS_TRUE;
wolfcrypt/src/aes.c:
* when SAVE_VECTOR_REGISTERS2_DOES_NOTHING, define do-nothing VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, to mollify Coverity CONSTANT_EXPRESSION_RESULT;
* in AesGcmDecryptUpdate_aesni(), omit " && (c != NULL)" clause from computation of endA argument to AesGcmAadUpdate_aesni(), to mollify Coverity FORWARD_NULL (impermissible nullness is already checked and BAD_FUNC_ARGed by the sole caller, wc_AesGcmDecryptUpdate());
wolfcrypt/src/misc.c: add readUnalignedWord64(), writeUnalignedWord64(), readUnalignedWords64(), and writeUnalignedWords64(), for safe word64 access to possibly-unaligned data;
wolfcrypt/src/wc_kyber_poly.c: use readUnalignedWords64() and readUnalignedWord64() to mitigate sanitizer-reported "load of misaligned address".
2024-09-27 17:15:17 -05:00
|
|
|
return out;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
WC_MISC_STATIC WC_INLINE word64 writeUnalignedWord64(void *out, word64 in)
|
|
|
|
|
{
|
|
|
|
|
if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0)
|
|
|
|
|
*(word64 *)out = in;
|
|
|
|
|
else {
|
fixes for gating and ARM32 alignment defects:
wolfcrypt/src/port/arm/armv8-aes.c: in the WOLFSSL_ARMASM_NO_HW_CRYPTO version of wc_AesSetKey(), copy the supplied userKey to a properly aligned buffer if necessary before calling AES_set_encrypt_key();
src/dtls13.c: in Dtls13GetRnMask(), if defined(WOLFSSL_LINUXKM)), return retval of wc_AesEncryptDirect();
wolfcrypt/src/misc.c: add readUnalignedWord32(), writeUnalignedWord32(), readUnalignedWords32(), and writeUnalignedWords32();
wolfcrypt/src/siphash.c: use readUnalignedWord64(), readUnalignedWord32(), and writeUnalignedWord64(), to avoid unaligned access faults, and fix cast in byte-reversing version of GET_U32().
2024-10-25 23:52:32 -05:00
|
|
|
XMEMCPY(out, &in, sizeof(in));
|
wolfssl/wolfcrypt/types.h: when defining fallback do-nothing SAVE_VECTOR_REGISTERS2(), also define SAVE_VECTOR_REGISTERS2_DOES_NOTHING, and likewise for fallback CAN_SAVE_VECTOR_REGISTERS, define CAN_SAVE_VECTOR_REGISTERS_ALWAYS_TRUE;
wolfcrypt/src/aes.c:
* when SAVE_VECTOR_REGISTERS2_DOES_NOTHING, define do-nothing VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, to mollify Coverity CONSTANT_EXPRESSION_RESULT;
* in AesGcmDecryptUpdate_aesni(), omit " && (c != NULL)" clause from computation of endA argument to AesGcmAadUpdate_aesni(), to mollify Coverity FORWARD_NULL (impermissible nullness is already checked and BAD_FUNC_ARGed by the sole caller, wc_AesGcmDecryptUpdate());
wolfcrypt/src/misc.c: add readUnalignedWord64(), writeUnalignedWord64(), readUnalignedWords64(), and writeUnalignedWords64(), for safe word64 access to possibly-unaligned data;
wolfcrypt/src/wc_kyber_poly.c: use readUnalignedWords64() and readUnalignedWord64() to mitigate sanitizer-reported "load of misaligned address".
2024-09-27 17:15:17 -05:00
|
|
|
}
|
|
|
|
|
return in;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
WC_MISC_STATIC WC_INLINE void readUnalignedWords64(word64 *out, const byte *in,
|
|
|
|
|
size_t count)
|
|
|
|
|
{
|
|
|
|
|
if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0) {
|
|
|
|
|
const word64 *in_word64 = (const word64 *)in;
|
|
|
|
|
while (count-- > 0)
|
|
|
|
|
*out++ = *in_word64++;
|
|
|
|
|
}
|
|
|
|
|
else {
|
fixes for gating and ARM32 alignment defects:
wolfcrypt/src/port/arm/armv8-aes.c: in the WOLFSSL_ARMASM_NO_HW_CRYPTO version of wc_AesSetKey(), copy the supplied userKey to a properly aligned buffer if necessary before calling AES_set_encrypt_key();
src/dtls13.c: in Dtls13GetRnMask(), if defined(WOLFSSL_LINUXKM)), return retval of wc_AesEncryptDirect();
wolfcrypt/src/misc.c: add readUnalignedWord32(), writeUnalignedWord32(), readUnalignedWords32(), and writeUnalignedWords32();
wolfcrypt/src/siphash.c: use readUnalignedWord64(), readUnalignedWord32(), and writeUnalignedWord64(), to avoid unaligned access faults, and fix cast in byte-reversing version of GET_U32().
2024-10-25 23:52:32 -05:00
|
|
|
XMEMCPY(out, in, count * sizeof(*out));
|
wolfssl/wolfcrypt/types.h: when defining fallback do-nothing SAVE_VECTOR_REGISTERS2(), also define SAVE_VECTOR_REGISTERS2_DOES_NOTHING, and likewise for fallback CAN_SAVE_VECTOR_REGISTERS, define CAN_SAVE_VECTOR_REGISTERS_ALWAYS_TRUE;
wolfcrypt/src/aes.c:
* when SAVE_VECTOR_REGISTERS2_DOES_NOTHING, define do-nothing VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, to mollify Coverity CONSTANT_EXPRESSION_RESULT;
* in AesGcmDecryptUpdate_aesni(), omit " && (c != NULL)" clause from computation of endA argument to AesGcmAadUpdate_aesni(), to mollify Coverity FORWARD_NULL (impermissible nullness is already checked and BAD_FUNC_ARGed by the sole caller, wc_AesGcmDecryptUpdate());
wolfcrypt/src/misc.c: add readUnalignedWord64(), writeUnalignedWord64(), readUnalignedWords64(), and writeUnalignedWords64(), for safe word64 access to possibly-unaligned data;
wolfcrypt/src/wc_kyber_poly.c: use readUnalignedWords64() and readUnalignedWord64() to mitigate sanitizer-reported "load of misaligned address".
2024-09-27 17:15:17 -05:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
WC_MISC_STATIC WC_INLINE void writeUnalignedWords64(byte *out, const word64 *in,
|
|
|
|
|
size_t count)
|
|
|
|
|
{
|
|
|
|
|
if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0) {
|
|
|
|
|
word64 *out_word64 = (word64 *)out;
|
|
|
|
|
while (count-- > 0)
|
|
|
|
|
*out_word64++ = *in++;
|
|
|
|
|
}
|
|
|
|
|
else {
|
fixes for gating and ARM32 alignment defects:
wolfcrypt/src/port/arm/armv8-aes.c: in the WOLFSSL_ARMASM_NO_HW_CRYPTO version of wc_AesSetKey(), copy the supplied userKey to a properly aligned buffer if necessary before calling AES_set_encrypt_key();
src/dtls13.c: in Dtls13GetRnMask(), if defined(WOLFSSL_LINUXKM)), return retval of wc_AesEncryptDirect();
wolfcrypt/src/misc.c: add readUnalignedWord32(), writeUnalignedWord32(), readUnalignedWords32(), and writeUnalignedWords32();
wolfcrypt/src/siphash.c: use readUnalignedWord64(), readUnalignedWord32(), and writeUnalignedWord64(), to avoid unaligned access faults, and fix cast in byte-reversing version of GET_U32().
2024-10-25 23:52:32 -05:00
|
|
|
XMEMCPY(out, in, count * sizeof(*in));
|
wolfssl/wolfcrypt/types.h: when defining fallback do-nothing SAVE_VECTOR_REGISTERS2(), also define SAVE_VECTOR_REGISTERS2_DOES_NOTHING, and likewise for fallback CAN_SAVE_VECTOR_REGISTERS, define CAN_SAVE_VECTOR_REGISTERS_ALWAYS_TRUE;
wolfcrypt/src/aes.c:
* when SAVE_VECTOR_REGISTERS2_DOES_NOTHING, define do-nothing VECTOR_REGISTERS_PUSH and VECTOR_REGISTERS_POP, to mollify Coverity CONSTANT_EXPRESSION_RESULT;
* in AesGcmDecryptUpdate_aesni(), omit " && (c != NULL)" clause from computation of endA argument to AesGcmAadUpdate_aesni(), to mollify Coverity FORWARD_NULL (impermissible nullness is already checked and BAD_FUNC_ARGed by the sole caller, wc_AesGcmDecryptUpdate());
wolfcrypt/src/misc.c: add readUnalignedWord64(), writeUnalignedWord64(), readUnalignedWords64(), and writeUnalignedWords64(), for safe word64 access to possibly-unaligned data;
wolfcrypt/src/wc_kyber_poly.c: use readUnalignedWords64() and readUnalignedWord64() to mitigate sanitizer-reported "load of misaligned address".
2024-09-27 17:15:17 -05:00
|
|
|
}
|
|
|
|
|
}
|
2014-12-19 15:30:07 -07:00
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE word64 rotlFixed64(word64 x, word64 y)
|
2014-12-19 15:30:07 -07:00
|
|
|
{
|
|
|
|
|
return (x << y) | (x >> (sizeof(y) * 8 - y));
|
Intel QuickAssist (QAT) support and async enhancements/fixes:
* Adds ./configure "--with-intelqa=../QAT1.6”, port files, memory management and README.md (see wolfcrypt/src/port/intel/).
* Added Intel QAT support for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC.
* wolfSSL async enabled all client and server: PKI, Encrypt/Decrypt, Hashing/HMAC and Certificate Sign/Verify.
* wolfSSL async support in functions: Encrypt, Decrypt, VerifyMAC, BuildMessage, ConfirmSignature, DoCertificate, ParseCertRelative, and MakeSignature.
* wolfCrypt test and benchmark async support added for all HW acceleration.
* wolfCrypt benchmark multi-threading support.
* Added QuickAssist memory overrides for XMALLOC, XFREE and XREALLOC. XREALLOC determines if existing pointer needs reallocated for NUMA.
* Refactor to make sure “heap” is available for async dev init.
* Added async support for all examples for connect, accept, read and write.
* Added new WC_BIGINT (in wolfmath.c) for async hardware support.
* Added async simulator tests for DES3 CBC, AES CBC/GCM.
* Added QAT standalone build for unit testing.
* Added int return code to SHA and MD5 functions.
* Refactor of the async stack variable handling, so async operations have generic args buffer area and cleanup function pointer.
* Combined duplicate code for async push/pop handling.
* Refactor internal.c to add AllocKey / FreeKey.
* Refactor of hash init/free in TLS to use InitHashes and FreeHashes.
* Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL for WOLFSSL* and WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT for WC_ASYNC_DEV*.
* Suppress error message for WC_PENDING_E.
* Implemented "wolfSSL_EVP_MD_CTX_init" to do memset.
* Cleanup of the openssl compat CTX sizes when async is enabled.
* Cleanup of AES, DES3, DH, SHA, MD5, DES3, DH, HMAC, MD5 for consistency and readability.
* Cleanup of the OPAQUE_LEN.
* Cleanup to use ENCRYPT_LEN instead of sizeof(ssl->arrays.preMasterSecret).
* Changed ssl->arrays.preMasterSecret to use XMALLOC (accelerates HW operations)
* Reduce verbosity with debug enabled for "GetMyVersion", "wolfSSL Using RSA OAEP padding" and "wolfSSL Using RSA PKCSV15 padding".
* Updated RSA un-padding error message so its different than one above it for better debugging.
* Added QAT async enables for each algorithm.
* Refactor of the async init to use _ex.
* Added WC_ASYNC_THRESH_NONE to allow bypass of the async thresholds for testing.
* Reformatted the benchmark results:
PKI: "RSA 2048 private HW 18522 ops took 1.003 sec, avg 0.054 ms, 18467.763 ops/sec"
Crypto/Hashing: SHA-256 SW 350 megs took 1.009 seconds, 346.946 MB/s Cycles per byte = 9.87
* Added min execution time for all benchmarks.
* Moved wc_*GetHash and wc_*RestorePos to appropriate files so use of isCopy flag is local.
* Fix for ECC sign status sometimes being invalid due to uninitialized ECC digest in benchmark.
* Added new DECLARE_VAR/FREE_VAR and DECLARE_ARRAY/FREE_ARRAY macros for helping setup test/benchmark variables to accelerate async.
* Added NO_SW_BENCH option to only run HW bench.
* Added support for PRNG to use hardware SHA256 if _wc devId provided.
* Fix to prevent curve tests from running against wrong curve sizes. Changed wc_ecc_set_curve to match on exact size.
* Added the wc_*GetHash calls to the wolfCrypt tests.
* Added async hardware start/stop to wolfSSL init/cleanup.
* Refactor to add wc_*Copy for hashing context (for async), which replaces wc_*RestorePos.
* Fixes for building with TI hashing (including: SHA224, missing new API’s and building with dummy build for non hw testing). Note: We need to add build test for this `./configure CFLAGS="-DWOLFSSL_TI_HASH -DTI_DUMMY_BUILD”`.
* Added arg checks on wc_*GetHash and wc_*Copy.
* Cleanup of the BuildMD5, BuildSHA, BuildMD5_CertVerify and BuildSHA_CertVerify functions.
* Added new ./configure --enable-asyncthreads, to allow enable/disable of the async threading support. If --enable-asynccrypt set this will be enabled by default if pthread is supported. Allows multi-threaded benchmarks with async simulator.
* Added checks for all hashing to verify valid ->buffLen.
* Fix for SHA512 scan-build warning about un-initialized “W_X”.
* Fix for valgrind un-initialized use of buffer in AllocDer (der->buffer) and BuildTlsFinished handshake_hash.
* Refactor of the benchmarking to use common function for start, check and finish of the stats.
* Fixed issue with ECC cache loading in multi-threading.
* Fix bug with AESNI not aligned code that assumes XMALLOC is 16-byte aligned.
* Added new WC_ASYNC_NO_… options to allow disabling of individual async algorithms. New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define.
* Added “wolfSSL_GetAllocators” API and fixed the wolfCrypt memcb_test so it restores callback pointers after test is complete (fixes issue with using custom allocators and test breaking it).
2017-04-07 15:46:32 -07:00
|
|
|
}
|
2014-12-19 15:30:07 -07:00
|
|
|
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE word64 rotrFixed64(word64 x, word64 y)
|
2014-12-19 15:30:07 -07:00
|
|
|
{
|
|
|
|
|
return (x >> y) | (x << (sizeof(y) * 8 - y));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE word64 ByteReverseWord64(word64 value)
|
2014-12-19 15:30:07 -07:00
|
|
|
{
|
2018-02-07 11:13:13 -08:00
|
|
|
#if defined(WOLF_ALLOW_BUILTIN) && defined(__GNUC_PREREQ) && __GNUC_PREREQ(4, 3)
|
|
|
|
|
return (word64)__builtin_bswap64(value);
|
|
|
|
|
#elif defined(WOLFCRYPT_SLOW_WORD64)
|
2021-11-05 18:16:08 -05:00
|
|
|
return (word64)((word64)ByteReverseWord32((word32) value)) << 32 |
|
|
|
|
|
(word64)ByteReverseWord32((word32)(value >> 32));
|
2014-12-19 15:30:07 -07:00
|
|
|
#else
|
2021-11-05 18:16:08 -05:00
|
|
|
value = ((value & W64LIT(0xFF00FF00FF00FF00)) >> 8) |
|
|
|
|
|
((value & W64LIT(0x00FF00FF00FF00FF)) << 8);
|
|
|
|
|
value = ((value & W64LIT(0xFFFF0000FFFF0000)) >> 16) |
|
|
|
|
|
((value & W64LIT(0x0000FFFF0000FFFF)) << 16);
|
|
|
|
|
return rotlFixed64(value, 32U);
|
2014-12-19 15:30:07 -07:00
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE void ByteReverseWords64(word64* out, const word64* in,
|
2014-12-19 15:30:07 -07:00
|
|
|
word32 byteCount)
|
|
|
|
|
{
|
|
|
|
|
word32 count = byteCount/(word32)sizeof(word64), i;
|
|
|
|
|
|
2025-02-26 20:55:56 -06:00
|
|
|
#ifdef WOLFSSL_USE_ALIGN
|
|
|
|
|
if ((((size_t)in & 0x7) == 0) &&
|
|
|
|
|
(((size_t)out & 0x7) == 0))
|
|
|
|
|
#endif
|
|
|
|
|
{
|
|
|
|
|
for (i = 0; i < count; i++)
|
|
|
|
|
out[i] = ByteReverseWord64(in[i]);
|
|
|
|
|
}
|
|
|
|
|
#ifdef WOLFSSL_USE_ALIGN
|
|
|
|
|
else if (((size_t)in & 0x7) == 0) {
|
|
|
|
|
byte *out_bytes = (byte *)out;
|
|
|
|
|
word64 scratch;
|
|
|
|
|
|
|
|
|
|
byteCount &= ~0x7U;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < byteCount; i += (word32)sizeof(word64)) {
|
|
|
|
|
scratch = ByteReverseWord64(*in++);
|
|
|
|
|
XMEMCPY(out_bytes + i, &scratch, sizeof(scratch));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else if (((size_t)out & 0x7) == 0) {
|
|
|
|
|
byte *in_bytes = (byte *)in;
|
|
|
|
|
word64 scratch;
|
|
|
|
|
|
|
|
|
|
byteCount &= ~0x7U;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < byteCount; i += (word32)sizeof(word64)) {
|
|
|
|
|
XMEMCPY(&scratch, in_bytes + i, sizeof(scratch));
|
|
|
|
|
*out++ = ByteReverseWord64(scratch);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
byte *in_bytes = (byte *)in;
|
|
|
|
|
byte *out_bytes = (byte *)out;
|
|
|
|
|
word64 scratch;
|
|
|
|
|
|
|
|
|
|
byteCount &= ~0x7U;
|
2014-12-19 15:30:07 -07:00
|
|
|
|
2025-02-26 20:55:56 -06:00
|
|
|
for (i = 0; i < byteCount; i += (word32)sizeof(word64)) {
|
|
|
|
|
XMEMCPY(&scratch, in_bytes + i, sizeof(scratch));
|
|
|
|
|
scratch = ByteReverseWord64(scratch);
|
|
|
|
|
XMEMCPY(out_bytes + i, &scratch, sizeof(scratch));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2014-12-19 15:30:07 -07:00
|
|
|
}
|
|
|
|
|
|
2018-12-06 17:27:10 +10:00
|
|
|
#endif /* WORD64_AVAILABLE && !WOLFSSL_NO_WORD64_OPS */
|
2014-12-19 15:30:07 -07:00
|
|
|
|
2018-12-06 17:27:10 +10:00
|
|
|
#ifndef WOLFSSL_NO_XOR_OPS
|
2025-03-07 17:55:21 -06:00
|
|
|
|
|
|
|
|
/* Leave no doubt that WOLFSSL_WORD_SIZE is a power of 2. */
|
|
|
|
|
wc_static_assert((WOLFSSL_WORD_SIZE & (WOLFSSL_WORD_SIZE - 1)) == 0);
|
|
|
|
|
|
2020-10-14 14:08:06 +10:00
|
|
|
/* This routine performs a bitwise XOR operation of <*r> and <*a> for <n> number
|
|
|
|
|
of wolfssl_words, placing the result in <*r>. */
|
2023-03-23 10:46:09 +01:00
|
|
|
WC_MISC_STATIC WC_INLINE void XorWordsOut(wolfssl_word** r,
|
|
|
|
|
const wolfssl_word** a, const wolfssl_word** b, word32 n)
|
2020-10-14 14:08:06 +10:00
|
|
|
{
|
2025-03-07 17:55:21 -06:00
|
|
|
const wolfssl_word *e = *a + n;
|
2020-10-14 14:08:06 +10:00
|
|
|
|
2025-03-07 17:55:21 -06:00
|
|
|
while (*a < e)
|
2023-03-29 16:08:36 +02:00
|
|
|
*((*r)++) = *((*a)++) ^ *((*b)++);
|
2020-10-14 14:08:06 +10:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* This routine performs a bitwise XOR operation of <*buf> and <*mask> of n
|
|
|
|
|
counts, placing the result in <*buf>. */
|
|
|
|
|
|
2023-03-23 10:46:09 +01:00
|
|
|
WC_MISC_STATIC WC_INLINE void xorbufout(void* out, const void* buf,
|
2023-03-03 22:30:08 -06:00
|
|
|
const void* mask, word32 count)
|
2020-10-14 14:08:06 +10:00
|
|
|
{
|
2025-03-07 17:55:21 -06:00
|
|
|
byte* o = (byte*)out;
|
|
|
|
|
const byte* b = (const byte*)buf;
|
|
|
|
|
const byte* m = (const byte*)mask;
|
|
|
|
|
|
|
|
|
|
/* type-punning helpers */
|
|
|
|
|
union {
|
|
|
|
|
byte* bp;
|
|
|
|
|
wolfssl_word* wp;
|
|
|
|
|
} tpo;
|
|
|
|
|
union {
|
|
|
|
|
const byte* bp;
|
|
|
|
|
const wolfssl_word* wp;
|
|
|
|
|
} tpb, tpm;
|
|
|
|
|
|
|
|
|
|
if (((((wc_ptr_t)o) & (WOLFSSL_WORD_SIZE - 1)) == 0) &&
|
|
|
|
|
((((wc_ptr_t)b) & (WOLFSSL_WORD_SIZE - 1)) == 0) &&
|
|
|
|
|
((((wc_ptr_t)m) & (WOLFSSL_WORD_SIZE - 1)) == 0))
|
|
|
|
|
{
|
|
|
|
|
/* All buffers are already aligned. Possible to XOR by words without
|
|
|
|
|
* fixup.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
tpo.bp = o;
|
|
|
|
|
tpb.bp = b;
|
|
|
|
|
tpm.bp = m;
|
|
|
|
|
XorWordsOut(&tpo.wp, &tpb.wp, &tpm.wp, count >> WOLFSSL_WORD_SIZE_LOG2);
|
|
|
|
|
o = tpo.bp;
|
|
|
|
|
b = tpb.bp;
|
|
|
|
|
m = tpm.bp;
|
|
|
|
|
count &= (WOLFSSL_WORD_SIZE - 1);
|
|
|
|
|
}
|
|
|
|
|
else if ((((wc_ptr_t)o) & (WOLFSSL_WORD_SIZE - 1)) ==
|
|
|
|
|
(((wc_ptr_t)b) & (WOLFSSL_WORD_SIZE - 1)) &&
|
|
|
|
|
(((wc_ptr_t)b) & (WOLFSSL_WORD_SIZE - 1)) ==
|
|
|
|
|
(((wc_ptr_t)m) & (WOLFSSL_WORD_SIZE - 1)))
|
|
|
|
|
{
|
|
|
|
|
/* Alignment can be fixed up to allow XOR by words. */
|
|
|
|
|
|
|
|
|
|
/* Perform bytewise xor until pointers are aligned to
|
|
|
|
|
* WOLFSSL_WORD_SIZE.
|
|
|
|
|
*/
|
|
|
|
|
while ((((wc_ptr_t)b & (WOLFSSL_WORD_SIZE - 1)) != 0) && (count > 0))
|
|
|
|
|
{
|
|
|
|
|
*o++ = (byte)(*b++ ^ *m++);
|
2023-03-29 16:08:36 +02:00
|
|
|
count--;
|
|
|
|
|
}
|
2025-03-07 17:55:21 -06:00
|
|
|
|
2023-08-24 10:34:48 +02:00
|
|
|
tpo.bp = o;
|
|
|
|
|
tpb.bp = b;
|
|
|
|
|
tpm.bp = m;
|
2025-03-07 17:55:21 -06:00
|
|
|
XorWordsOut(&tpo.wp, &tpb.wp, &tpm.wp, count >> WOLFSSL_WORD_SIZE_LOG2);
|
2023-08-24 10:34:48 +02:00
|
|
|
o = tpo.bp;
|
|
|
|
|
b = tpb.bp;
|
|
|
|
|
m = tpm.bp;
|
2025-03-07 17:55:21 -06:00
|
|
|
count &= (WOLFSSL_WORD_SIZE - 1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
while (count > 0) {
|
|
|
|
|
*o++ = (byte)(*b++ ^ *m++);
|
|
|
|
|
count--;
|
2023-03-29 16:08:36 +02:00
|
|
|
}
|
|
|
|
|
|
2020-10-14 14:08:06 +10:00
|
|
|
}
|
|
|
|
|
|
2020-07-09 15:13:01 -07:00
|
|
|
/* This routine performs a bitwise XOR operation of <*r> and <*a> for <n> number
|
|
|
|
|
of wolfssl_words, placing the result in <*r>. */
|
2023-03-23 10:46:09 +01:00
|
|
|
WC_MISC_STATIC WC_INLINE void XorWords(wolfssl_word** r, const wolfssl_word** a,
|
2023-03-03 22:30:08 -06:00
|
|
|
word32 n)
|
2014-12-19 15:30:07 -07:00
|
|
|
{
|
2025-03-07 17:55:21 -06:00
|
|
|
const wolfssl_word *e = *a + n;
|
2014-12-19 15:30:07 -07:00
|
|
|
|
2025-03-07 17:55:21 -06:00
|
|
|
while (*a < e)
|
2023-03-29 16:08:36 +02:00
|
|
|
*((*r)++) ^= *((*a)++);
|
2014-12-19 15:30:07 -07:00
|
|
|
}
|
|
|
|
|
|
2020-07-09 15:13:01 -07:00
|
|
|
/* This routine performs a bitwise XOR operation of <*buf> and <*mask> of n
|
|
|
|
|
counts, placing the result in <*buf>. */
|
2014-12-19 15:30:07 -07:00
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE void xorbuf(void* buf, const void* mask, word32 count)
|
2014-12-19 15:30:07 -07:00
|
|
|
{
|
2025-03-07 17:55:21 -06:00
|
|
|
byte* b = (byte*)buf;
|
|
|
|
|
const byte* m = (const byte*)mask;
|
|
|
|
|
|
|
|
|
|
/* type-punning helpers */
|
|
|
|
|
union {
|
|
|
|
|
byte* bp;
|
|
|
|
|
wolfssl_word* wp;
|
|
|
|
|
} tpb;
|
|
|
|
|
union {
|
|
|
|
|
const byte* bp;
|
|
|
|
|
const wolfssl_word* wp;
|
|
|
|
|
} tpm;
|
|
|
|
|
|
|
|
|
|
if ((((wc_ptr_t)buf & (WOLFSSL_WORD_SIZE - 1)) == 0) &&
|
|
|
|
|
(((wc_ptr_t)mask & (WOLFSSL_WORD_SIZE - 1)) == 0))
|
|
|
|
|
{
|
|
|
|
|
/* Both buffers are already aligned. Possible to XOR by words without
|
|
|
|
|
* fixup.
|
|
|
|
|
*/
|
2023-03-29 16:08:36 +02:00
|
|
|
|
2025-03-07 17:55:21 -06:00
|
|
|
tpb.bp = b;
|
|
|
|
|
tpm.bp = m;
|
|
|
|
|
/* Work around false positives from linuxkm CONFIG_FORTIFY_SOURCE. */
|
|
|
|
|
#if defined(WOLFSSL_LINUXKM) && defined(CONFIG_FORTIFY_SOURCE)
|
|
|
|
|
PRAGMA_GCC_DIAG_PUSH;
|
|
|
|
|
PRAGMA_GCC("GCC diagnostic ignored \"-Wmaybe-uninitialized\"")
|
|
|
|
|
#endif
|
|
|
|
|
XorWords(&tpb.wp, &tpm.wp, count >> WOLFSSL_WORD_SIZE_LOG2);
|
|
|
|
|
#if defined(WOLFSSL_LINUXKM) && defined(CONFIG_FORTIFY_SOURCE)
|
|
|
|
|
PRAGMA_GCC_DIAG_POP;
|
|
|
|
|
#endif
|
|
|
|
|
b = tpb.bp;
|
|
|
|
|
m = tpm.bp;
|
|
|
|
|
count &= (WOLFSSL_WORD_SIZE - 1);
|
|
|
|
|
}
|
|
|
|
|
else if (((wc_ptr_t)buf & (WOLFSSL_WORD_SIZE - 1)) ==
|
|
|
|
|
((wc_ptr_t)mask & (WOLFSSL_WORD_SIZE - 1)))
|
2025-03-05 15:33:17 -06:00
|
|
|
{
|
2025-03-07 17:55:21 -06:00
|
|
|
/* Alignment can be fixed up to allow XOR by words. */
|
|
|
|
|
|
|
|
|
|
/* Perform bytewise xor until pointers are aligned to
|
|
|
|
|
* WOLFSSL_WORD_SIZE.
|
|
|
|
|
*/
|
|
|
|
|
while ((((wc_ptr_t)b & (WOLFSSL_WORD_SIZE - 1)) != 0) && (count > 0))
|
2025-03-05 15:33:17 -06:00
|
|
|
{
|
2023-03-29 16:08:36 +02:00
|
|
|
*(b++) ^= *(m++);
|
|
|
|
|
count--;
|
|
|
|
|
}
|
2025-03-07 17:55:21 -06:00
|
|
|
|
2023-08-24 10:34:48 +02:00
|
|
|
tpb.bp = b;
|
|
|
|
|
tpm.bp = m;
|
2025-03-05 15:33:17 -06:00
|
|
|
/* Work around false positives from linuxkm CONFIG_FORTIFY_SOURCE. */
|
|
|
|
|
#if defined(WOLFSSL_LINUXKM) && defined(CONFIG_FORTIFY_SOURCE)
|
|
|
|
|
PRAGMA_GCC_DIAG_PUSH;
|
|
|
|
|
PRAGMA_GCC("GCC diagnostic ignored \"-Wmaybe-uninitialized\"")
|
|
|
|
|
#endif
|
|
|
|
|
XorWords(&tpb.wp, &tpm.wp, count >> WOLFSSL_WORD_SIZE_LOG2);
|
|
|
|
|
#if defined(WOLFSSL_LINUXKM) && defined(CONFIG_FORTIFY_SOURCE)
|
|
|
|
|
PRAGMA_GCC_DIAG_POP;
|
|
|
|
|
#endif
|
2023-08-24 10:34:48 +02:00
|
|
|
b = tpb.bp;
|
|
|
|
|
m = tpm.bp;
|
2025-03-05 15:33:17 -06:00
|
|
|
count &= (WOLFSSL_WORD_SIZE - 1);
|
2014-12-19 15:30:07 -07:00
|
|
|
}
|
2023-03-23 10:46:09 +01:00
|
|
|
|
2025-03-07 17:55:21 -06:00
|
|
|
while (count > 0) {
|
|
|
|
|
*b++ ^= *m++;
|
|
|
|
|
count--;
|
|
|
|
|
}
|
2014-12-19 15:30:07 -07:00
|
|
|
}
|
2025-03-07 17:55:21 -06:00
|
|
|
|
|
|
|
|
#endif /* !WOLFSSL_NO_XOR_OPS */
|
2014-12-19 15:30:07 -07:00
|
|
|
|
2018-12-06 17:27:10 +10:00
|
|
|
#ifndef WOLFSSL_NO_FORCE_ZERO
|
2020-07-09 15:13:01 -07:00
|
|
|
/* This routine fills the first len bytes of the memory area pointed by mem
|
2025-03-05 15:33:17 -06:00
|
|
|
with zeros. It ensures compiler optimization doesn't skip it */
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE void ForceZero(void* mem, word32 len)
|
2015-02-20 15:51:21 -08:00
|
|
|
{
|
|
|
|
|
volatile byte* z = (volatile byte*)mem;
|
2018-05-16 13:27:13 -07:00
|
|
|
|
2021-01-06 09:18:57 -08:00
|
|
|
#if (defined(WOLFSSL_X86_64_BUILD) || defined(WOLFSSL_AARCH64_BUILD)) \
|
|
|
|
|
&& defined(WORD64_AVAILABLE)
|
2016-11-10 15:06:59 +10:00
|
|
|
volatile word64* w;
|
2018-05-15 10:45:11 +10:00
|
|
|
#ifndef WOLFSSL_UNALIGNED_64BIT_ACCESS
|
2018-05-21 21:26:25 +10:00
|
|
|
word32 l = (sizeof(word64) - ((size_t)z & (sizeof(word64)-1))) &
|
|
|
|
|
(sizeof(word64)-1);
|
2015-02-20 15:51:21 -08:00
|
|
|
|
2018-05-15 10:45:11 +10:00
|
|
|
if (len < l) l = len;
|
|
|
|
|
len -= l;
|
|
|
|
|
while (l--) *z++ = 0;
|
|
|
|
|
#endif
|
2023-04-10 19:05:09 -05:00
|
|
|
for (w = (volatile word64*)z;
|
|
|
|
|
len >= sizeof(*w);
|
|
|
|
|
len -= (word32)sizeof(*w))
|
|
|
|
|
{
|
|
|
|
|
*w++ = 0;
|
|
|
|
|
}
|
2016-11-10 15:06:59 +10:00
|
|
|
z = (volatile byte*)w;
|
|
|
|
|
#endif
|
2018-05-16 13:27:13 -07:00
|
|
|
|
2015-02-20 15:51:21 -08:00
|
|
|
while (len--) *z++ = 0;
|
|
|
|
|
}
|
2018-12-06 17:27:10 +10:00
|
|
|
#endif
|
2015-02-20 15:51:21 -08:00
|
|
|
|
2015-02-26 17:31:47 -08:00
|
|
|
|
2018-12-06 17:27:10 +10:00
|
|
|
#ifndef WOLFSSL_NO_CONST_CMP
|
2015-02-26 17:31:47 -08:00
|
|
|
/* check all length bytes for equality, return 0 on success */
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE int ConstantCompare(const byte* a, const byte* b,
|
|
|
|
|
int length)
|
2015-02-26 17:31:47 -08:00
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
int compareSum = 0;
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < length; i++) {
|
|
|
|
|
compareSum |= a[i] ^ b[i];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return compareSum;
|
|
|
|
|
}
|
2018-12-06 17:27:10 +10:00
|
|
|
#endif
|
2015-02-26 17:31:47 -08:00
|
|
|
|
2025-01-30 01:24:40 -06:00
|
|
|
#ifndef WOLFSSL_NO_CT_OPS
|
|
|
|
|
/* Constant time - mask set when a > b. */
|
|
|
|
|
WC_MISC_STATIC WC_INLINE byte ctMaskGT(int a, int b)
|
|
|
|
|
{
|
|
|
|
|
return (byte)((((word32)a - (word32)b - 1) >> 31) - 1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Constant time - mask set when a >= b. */
|
|
|
|
|
WC_MISC_STATIC WC_INLINE byte ctMaskGTE(int a, int b)
|
|
|
|
|
{
|
|
|
|
|
return (byte)((((word32)a - (word32)b) >> 31) - 1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Constant time - mask set when a >= b. */
|
|
|
|
|
WC_MISC_STATIC WC_INLINE int ctMaskIntGTE(int a, int b)
|
|
|
|
|
{
|
|
|
|
|
return (int)((((word32)a - (word32)b) >> 31) - 1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifdef WORD64_AVAILABLE
|
|
|
|
|
/* Constant time - mask set when a >= b. */
|
|
|
|
|
WC_MISC_STATIC WC_INLINE word32 ctMaskWord32GTE(word32 a, word32 b)
|
|
|
|
|
{
|
|
|
|
|
return (word32)((((word64)a - (word64)b) >> 63) - 1);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/* Constant time - mask set when a < b. */
|
|
|
|
|
WC_MISC_STATIC WC_INLINE byte ctMaskLT(int a, int b)
|
|
|
|
|
{
|
|
|
|
|
return (byte)((((word32)b - (word32)a - 1) >> 31) - 1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Constant time - mask set when a <= b. */
|
|
|
|
|
WC_MISC_STATIC WC_INLINE byte ctMaskLTE(int a, int b)
|
|
|
|
|
{
|
|
|
|
|
return (byte)((((word32)b - (word32)a) >> 31) - 1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Constant time - mask set when a == b. */
|
|
|
|
|
WC_MISC_STATIC WC_INLINE byte ctMaskEq(int a, int b)
|
|
|
|
|
{
|
|
|
|
|
return (byte)((byte)(~ctMaskGT(a, b)) & (byte)(~ctMaskLT(a, b)));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Constant time - sets 16 bit integer mask when a > b */
|
|
|
|
|
WC_MISC_STATIC WC_INLINE word16 ctMask16GT(int a, int b)
|
|
|
|
|
{
|
|
|
|
|
return (word16)((((word32)a - (word32)b - 1) >> 31) - 1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Constant time - sets 16 bit integer mask when a >= b */
|
|
|
|
|
WC_MISC_STATIC WC_INLINE word16 ctMask16GTE(int a, int b)
|
|
|
|
|
{
|
|
|
|
|
return (word16)((((word32)a - (word32)b) >> 31) - 1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Constant time - sets 16 bit integer mask when a < b. */
|
|
|
|
|
WC_MISC_STATIC WC_INLINE word16 ctMask16LT(int a, int b)
|
|
|
|
|
{
|
|
|
|
|
return (word16)((((word32)b - (word32)a - 1) >> 31) - 1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Constant time - sets 16 bit integer mask when a <= b. */
|
|
|
|
|
WC_MISC_STATIC WC_INLINE word16 ctMask16LTE(int a, int b)
|
|
|
|
|
{
|
|
|
|
|
return (word16)((((word32)b - (word32)a) >> 31) - 1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Constant time - sets 16 bit integer mask when a == b. */
|
|
|
|
|
WC_MISC_STATIC WC_INLINE word16 ctMask16Eq(int a, int b)
|
|
|
|
|
{
|
|
|
|
|
return (word16)((word16)(~ctMask16GT(a, b)) & (word16)(~ctMask16LT(a, b)));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Constant time - mask set when a != b. */
|
|
|
|
|
WC_MISC_STATIC WC_INLINE byte ctMaskNotEq(int a, int b)
|
|
|
|
|
{
|
|
|
|
|
return (byte)((byte)ctMaskGT(a, b) | (byte)ctMaskLT(a, b));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Constant time - select a when mask is set and b otherwise. */
|
|
|
|
|
WC_MISC_STATIC WC_INLINE byte ctMaskSel(byte m, byte a, byte b)
|
|
|
|
|
{
|
|
|
|
|
return (byte)((b & ((byte)~(word32)m)) | (a & m));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Constant time - select integer a when mask is set and integer b otherwise. */
|
|
|
|
|
WC_MISC_STATIC WC_INLINE int ctMaskSelInt(byte m, int a, int b)
|
|
|
|
|
{
|
|
|
|
|
return (b & (~(signed int)(signed char)m)) |
|
|
|
|
|
(a & ( (signed int)(signed char)m));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Constant time - select word32 a when mask is set and word32 b otherwise. */
|
|
|
|
|
WC_MISC_STATIC WC_INLINE word32 ctMaskSelWord32(byte m, word32 a, word32 b)
|
|
|
|
|
{
|
|
|
|
|
return (((word32)b & (word32)(~(signed int)(signed char)m)) |
|
|
|
|
|
((word32)a & (word32)( (signed int)(signed char)m)));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Constant time - bit set when a <= b. */
|
|
|
|
|
WC_MISC_STATIC WC_INLINE byte ctSetLTE(int a, int b)
|
|
|
|
|
{
|
|
|
|
|
return (byte)(((word32)a - (word32)b - 1) >> 31);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Constant time - conditionally copy size bytes from src to dst if mask is set
|
|
|
|
|
*/
|
|
|
|
|
WC_MISC_STATIC WC_INLINE void ctMaskCopy(byte mask, byte* dst, byte* src,
|
|
|
|
|
word16 size)
|
|
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
for (i = 0; i < size; ++i) {
|
|
|
|
|
dst[i] ^= (dst[i] ^ src[i]) & mask;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#endif /* !WOLFSSL_NO_CT_OPS */
|
2017-03-28 19:10:19 -07:00
|
|
|
|
2016-12-21 14:05:00 -08:00
|
|
|
#ifndef WOLFSSL_HAVE_MIN
|
|
|
|
|
#define WOLFSSL_HAVE_MIN
|
2017-03-28 19:10:19 -07:00
|
|
|
#if defined(HAVE_FIPS) && !defined(min) /* so ifdef check passes */
|
2016-12-22 18:11:25 -08:00
|
|
|
#define min min
|
|
|
|
|
#endif
|
2020-07-09 15:13:01 -07:00
|
|
|
/* returns the smaller of a and b */
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE word32 min(word32 a, word32 b)
|
2016-12-21 14:05:00 -08:00
|
|
|
{
|
2025-01-30 01:24:40 -06:00
|
|
|
#if !defined(WOLFSSL_NO_CT_OPS) && defined(WORD64_AVAILABLE)
|
|
|
|
|
word32 gte_mask = (word32)ctMaskWord32GTE(a, b);
|
|
|
|
|
return (a & ~gte_mask) | (b & gte_mask);
|
|
|
|
|
#else /* WOLFSSL_NO_CT_OPS */
|
2016-12-21 14:05:00 -08:00
|
|
|
return a > b ? b : a;
|
2025-01-30 01:24:40 -06:00
|
|
|
#endif /* WOLFSSL_NO_CT_OPS */
|
2016-12-21 14:05:00 -08:00
|
|
|
}
|
2017-03-28 19:10:19 -07:00
|
|
|
#endif /* !WOLFSSL_HAVE_MIN */
|
|
|
|
|
|
|
|
|
|
#ifndef WOLFSSL_HAVE_MAX
|
|
|
|
|
#define WOLFSSL_HAVE_MAX
|
|
|
|
|
#if defined(HAVE_FIPS) && !defined(max) /* so ifdef check passes */
|
|
|
|
|
#define max max
|
|
|
|
|
#endif
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE word32 max(word32 a, word32 b)
|
2017-03-28 19:10:19 -07:00
|
|
|
{
|
2025-01-30 01:24:40 -06:00
|
|
|
#if !defined(WOLFSSL_NO_CT_OPS) && defined(WORD64_AVAILABLE)
|
|
|
|
|
word32 gte_mask = (word32)ctMaskWord32GTE(a, b);
|
|
|
|
|
return (a & gte_mask) | (b & ~gte_mask);
|
|
|
|
|
#else /* WOLFSSL_NO_CT_OPS */
|
2017-03-28 19:10:19 -07:00
|
|
|
return a > b ? a : b;
|
2025-01-30 01:24:40 -06:00
|
|
|
#endif /* WOLFSSL_NO_CT_OPS */
|
2017-03-28 19:10:19 -07:00
|
|
|
}
|
|
|
|
|
#endif /* !WOLFSSL_HAVE_MAX */
|
2016-12-21 14:05:00 -08:00
|
|
|
|
2018-12-06 17:27:10 +10:00
|
|
|
#ifndef WOLFSSL_NO_INT_ENCODE
|
2017-10-13 11:56:58 -07:00
|
|
|
/* converts a 32 bit integer to 24 bit */
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE void c32to24(word32 in, word24 out)
|
2017-10-13 11:56:58 -07:00
|
|
|
{
|
2023-04-04 13:46:30 -07:00
|
|
|
out[0] = (byte)((in >> 16) & 0xff);
|
|
|
|
|
out[1] = (byte)((in >> 8) & 0xff);
|
|
|
|
|
out[2] = (byte)(in & 0xff);
|
2017-10-13 11:56:58 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* convert 16 bit integer to opaque */
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE void c16toa(word16 wc_u16, byte* c)
|
2017-10-13 11:56:58 -07:00
|
|
|
{
|
2023-04-04 13:46:30 -07:00
|
|
|
c[0] = (byte)((wc_u16 >> 8) & 0xff);
|
|
|
|
|
c[1] = (byte)(wc_u16 & 0xff);
|
2017-10-13 11:56:58 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* convert 32 bit integer to opaque */
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE void c32toa(word32 wc_u32, byte* c)
|
2017-10-13 11:56:58 -07:00
|
|
|
{
|
2024-02-29 08:44:33 +10:00
|
|
|
#ifdef WOLFSSL_USE_ALIGN
|
2023-04-04 13:46:30 -07:00
|
|
|
c[0] = (byte)((wc_u32 >> 24) & 0xff);
|
|
|
|
|
c[1] = (byte)((wc_u32 >> 16) & 0xff);
|
|
|
|
|
c[2] = (byte)((wc_u32 >> 8) & 0xff);
|
|
|
|
|
c[3] = (byte)(wc_u32 & 0xff);
|
2024-02-29 08:44:33 +10:00
|
|
|
#elif defined(LITTLE_ENDIAN_ORDER)
|
|
|
|
|
*(word32*)c = ByteReverseWord32(wc_u32);
|
|
|
|
|
#else
|
|
|
|
|
*(word32*)c = wc_u32;
|
|
|
|
|
#endif
|
2017-10-13 11:56:58 -07:00
|
|
|
}
|
2018-12-06 17:27:10 +10:00
|
|
|
#endif
|
2017-10-13 11:56:58 -07:00
|
|
|
|
2018-12-06 17:27:10 +10:00
|
|
|
#ifndef WOLFSSL_NO_INT_DECODE
|
2017-10-13 11:56:58 -07:00
|
|
|
/* convert a 24 bit integer into a 32 bit one */
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE void c24to32(const word24 wc_u24, word32* wc_u32)
|
2017-10-13 11:56:58 -07:00
|
|
|
{
|
2023-04-04 13:46:30 -07:00
|
|
|
*wc_u32 = ((word32)wc_u24[0] << 16) |
|
|
|
|
|
((word32)wc_u24[1] << 8) |
|
|
|
|
|
(word32)wc_u24[2];
|
2017-10-13 11:56:58 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* convert opaque to 24 bit integer */
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE void ato24(const byte* c, word32* wc_u24)
|
2017-10-13 11:56:58 -07:00
|
|
|
{
|
2023-04-04 13:46:30 -07:00
|
|
|
*wc_u24 = ((word32)c[0] << 16) | ((word32)c[1] << 8) | c[2];
|
2017-10-13 11:56:58 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* convert opaque to 16 bit integer */
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE void ato16(const byte* c, word16* wc_u16)
|
2017-10-13 11:56:58 -07:00
|
|
|
{
|
2018-02-26 11:48:33 -07:00
|
|
|
*wc_u16 = (word16) ((c[0] << 8) | (c[1]));
|
2017-10-13 11:56:58 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* convert opaque to 32 bit integer */
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE void ato32(const byte* c, word32* wc_u32)
|
2017-10-13 11:56:58 -07:00
|
|
|
{
|
2024-02-29 08:44:33 +10:00
|
|
|
#ifdef WOLFSSL_USE_ALIGN
|
2023-04-04 13:46:30 -07:00
|
|
|
*wc_u32 = ((word32)c[0] << 24) |
|
|
|
|
|
((word32)c[1] << 16) |
|
|
|
|
|
((word32)c[2] << 8) |
|
|
|
|
|
(word32)c[3];
|
2024-02-29 08:44:33 +10:00
|
|
|
#elif defined(LITTLE_ENDIAN_ORDER)
|
|
|
|
|
*wc_u32 = ByteReverseWord32(*(word32*)c);
|
|
|
|
|
#else
|
|
|
|
|
*wc_u32 = *(word32*)c;
|
|
|
|
|
#endif
|
2017-10-13 11:56:58 -07:00
|
|
|
}
|
|
|
|
|
|
2023-07-21 14:48:28 +02:00
|
|
|
/* convert opaque to 32 bit integer. Interpret as little endian. */
|
|
|
|
|
WC_MISC_STATIC WC_INLINE void ato32le(const byte* c, word32* wc_u32)
|
|
|
|
|
{
|
|
|
|
|
*wc_u32 = (word32)c[0] |
|
|
|
|
|
((word32)c[1] << 8) |
|
|
|
|
|
((word32)c[2] << 16) |
|
|
|
|
|
((word32)c[3] << 24);
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-13 11:56:58 -07:00
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE word32 btoi(byte b)
|
2017-10-13 11:56:58 -07:00
|
|
|
{
|
|
|
|
|
return (word32)(b - 0x30);
|
|
|
|
|
}
|
2018-12-06 17:27:10 +10:00
|
|
|
#endif
|
2017-10-13 11:56:58 -07:00
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE signed char HexCharToByte(char ch)
|
2019-09-19 14:44:27 -07:00
|
|
|
{
|
2021-11-18 22:58:50 -07:00
|
|
|
signed char ret = (signed char)ch;
|
|
|
|
|
if (ret >= '0' && ret <= '9')
|
2024-12-18 11:51:06 -06:00
|
|
|
ret = (signed char)(ret - '0');
|
2021-11-18 22:58:50 -07:00
|
|
|
else if (ret >= 'A' && ret <= 'F')
|
2024-12-18 11:51:06 -06:00
|
|
|
ret = (signed char)(ret - ('A' - 10));
|
2021-11-18 22:58:50 -07:00
|
|
|
else if (ret >= 'a' && ret <= 'f')
|
2024-12-18 11:51:06 -06:00
|
|
|
ret = (signed char)(ret - ('a' - 10));
|
2019-09-19 14:44:27 -07:00
|
|
|
else
|
2021-11-18 22:58:50 -07:00
|
|
|
ret = -1; /* error case - return code must be signed */
|
|
|
|
|
return ret;
|
2019-09-19 14:44:27 -07:00
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE char ByteToHex(byte in)
|
2019-09-19 14:44:27 -07:00
|
|
|
{
|
2025-01-30 01:24:40 -06:00
|
|
|
static ALIGN64 const char kHexChar[] = {
|
|
|
|
|
'0', '1', '2', '3', '4', '5', '6', '7',
|
|
|
|
|
'8', '9', 'A', 'B', 'C', 'D', 'E', 'F'
|
|
|
|
|
};
|
2019-09-19 14:44:27 -07:00
|
|
|
return (char)(kHexChar[in & 0xF]);
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE int ByteToHexStr(byte in, char* out)
|
2019-09-19 14:44:27 -07:00
|
|
|
{
|
|
|
|
|
if (out == NULL)
|
|
|
|
|
return -1;
|
|
|
|
|
|
2023-05-09 23:55:08 -05:00
|
|
|
out[0] = ByteToHex((byte)(in >> 4));
|
|
|
|
|
out[1] = ByteToHex((byte)(in & 0xf));
|
2019-09-19 14:44:27 -07:00
|
|
|
return 0;
|
|
|
|
|
}
|
2017-10-13 11:56:58 -07:00
|
|
|
|
2024-01-31 13:36:34 +01:00
|
|
|
WC_MISC_STATIC WC_INLINE int CharIsWhiteSpace(char ch)
|
|
|
|
|
{
|
2025-01-30 01:24:40 -06:00
|
|
|
#ifndef WOLFSSL_NO_CT_OPS
|
|
|
|
|
return (ctMaskEq(ch, ' ') |
|
|
|
|
|
ctMaskEq(ch, '\t') |
|
|
|
|
|
ctMaskEq(ch, '\n')) & 1;
|
|
|
|
|
#else /* WOLFSSL_NO_CT_OPS */
|
2024-01-31 13:36:34 +01:00
|
|
|
switch (ch) {
|
|
|
|
|
case ' ':
|
|
|
|
|
case '\t':
|
|
|
|
|
case '\n':
|
|
|
|
|
return 1;
|
|
|
|
|
default:
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2025-01-30 01:24:40 -06:00
|
|
|
#endif /* WOLFSSL_NO_CT_OPS */
|
2024-01-31 13:36:34 +01:00
|
|
|
}
|
|
|
|
|
|
2022-05-30 11:17:03 +02:00
|
|
|
#if defined(WOLFSSL_W64_WRAPPER)
|
|
|
|
|
#if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_W64_WRAPPER_TEST)
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE void w64Increment(w64wrapper *n) {
|
2022-05-30 11:17:03 +02:00
|
|
|
n->n++;
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE void w64Decrement(w64wrapper *n) {
|
2022-05-30 11:17:03 +02:00
|
|
|
n->n--;
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE byte w64Equal(w64wrapper a, w64wrapper b) {
|
2022-05-30 11:17:03 +02:00
|
|
|
return (a.n == b.n);
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE word32 w64GetLow32(w64wrapper n) {
|
2022-05-30 11:17:03 +02:00
|
|
|
return (word32)n.n;
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE word32 w64GetHigh32(w64wrapper n) {
|
2022-05-30 11:17:03 +02:00
|
|
|
return (word32)(n.n >> 32);
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE void w64SetLow32(w64wrapper *n, word32 low) {
|
2022-05-30 11:17:03 +02:00
|
|
|
n->n = (n->n & (~(word64)(0xffffffff))) | low;
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE w64wrapper w64Add32(w64wrapper a, word32 b, byte *wrap)
|
|
|
|
|
{
|
2024-08-06 09:12:17 -06:00
|
|
|
a.n += b;
|
2022-05-30 11:17:03 +02:00
|
|
|
if (a.n < b && wrap != NULL)
|
|
|
|
|
*wrap = 1;
|
|
|
|
|
|
|
|
|
|
return a;
|
|
|
|
|
}
|
|
|
|
|
|
2024-08-05 16:47:35 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE w64wrapper w64Add(w64wrapper a, w64wrapper b,
|
|
|
|
|
byte *wrap)
|
|
|
|
|
{
|
2024-08-06 09:12:17 -06:00
|
|
|
a.n += b.n;
|
2024-08-05 16:47:35 -06:00
|
|
|
if (a.n < b.n && wrap != NULL)
|
|
|
|
|
*wrap = 1;
|
|
|
|
|
|
|
|
|
|
return a;
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE w64wrapper w64Sub32(w64wrapper a, word32 b, byte *wrap)
|
2022-05-30 11:17:03 +02:00
|
|
|
{
|
|
|
|
|
if (a.n < b && wrap != NULL)
|
|
|
|
|
*wrap = 1;
|
|
|
|
|
a.n = a.n - b;
|
|
|
|
|
return a;
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE byte w64GT(w64wrapper a, w64wrapper b)
|
2022-05-30 11:17:03 +02:00
|
|
|
{
|
|
|
|
|
return a.n > b.n;
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE byte w64IsZero(w64wrapper a)
|
2022-05-30 11:17:03 +02:00
|
|
|
{
|
|
|
|
|
return a.n == 0;
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE void c64toa(const w64wrapper *a, byte *out)
|
2022-05-30 11:17:03 +02:00
|
|
|
{
|
|
|
|
|
#ifdef BIG_ENDIAN_ORDER
|
|
|
|
|
XMEMCPY(out, &a->n, sizeof(a->n));
|
|
|
|
|
#else
|
|
|
|
|
word64 _out;
|
|
|
|
|
_out = ByteReverseWord64(a->n);
|
|
|
|
|
XMEMCPY(out, &_out, sizeof(_out));
|
|
|
|
|
#endif /* BIG_ENDIAN_ORDER */
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE void ato64(const byte *in, w64wrapper *w64)
|
2022-05-30 11:17:03 +02:00
|
|
|
{
|
|
|
|
|
#ifdef BIG_ENDIAN_ORDER
|
|
|
|
|
XMEMCPY(&w64->n, in, sizeof(w64->n));
|
|
|
|
|
#else
|
|
|
|
|
word64 _in;
|
|
|
|
|
XMEMCPY(&_in, in, sizeof(_in));
|
|
|
|
|
w64->n = ByteReverseWord64(_in);
|
|
|
|
|
#endif /* BIG_ENDIAN_ORDER */
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE w64wrapper w64From32(word32 hi, word32 lo)
|
2022-05-30 11:17:03 +02:00
|
|
|
{
|
|
|
|
|
w64wrapper ret;
|
|
|
|
|
ret.n = ((word64)hi << 32) | lo;
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE byte w64GTE(w64wrapper a, w64wrapper b)
|
2022-05-30 11:17:03 +02:00
|
|
|
{
|
|
|
|
|
return a.n >= b.n;
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE byte w64LT(w64wrapper a, w64wrapper b)
|
2022-05-30 11:17:03 +02:00
|
|
|
{
|
|
|
|
|
return a.n < b.n;
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE w64wrapper w64Sub(w64wrapper a, w64wrapper b)
|
2022-05-30 11:17:03 +02:00
|
|
|
{
|
|
|
|
|
a.n -= b.n;
|
|
|
|
|
return a;
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE void w64Zero(w64wrapper *a)
|
2022-05-30 11:17:03 +02:00
|
|
|
{
|
|
|
|
|
a->n = 0;
|
|
|
|
|
}
|
|
|
|
|
|
2024-01-23 15:22:46 +10:00
|
|
|
WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftRight(w64wrapper a, int shift)
|
|
|
|
|
{
|
|
|
|
|
a.n >>= shift;
|
|
|
|
|
return a;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftLeft(w64wrapper a, int shift)
|
|
|
|
|
{
|
|
|
|
|
a.n <<= shift;
|
|
|
|
|
return a;
|
|
|
|
|
}
|
|
|
|
|
|
2024-07-19 11:03:44 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE w64wrapper w64Mul(word32 a, word32 b)
|
2024-07-18 07:21:57 -06:00
|
|
|
{
|
|
|
|
|
w64wrapper ret;
|
|
|
|
|
ret.n = (word64)a * (word64)b;
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2022-05-30 11:17:03 +02:00
|
|
|
#else
|
2024-01-23 15:22:46 +10:00
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE void w64Increment(w64wrapper *n)
|
2022-05-30 11:17:03 +02:00
|
|
|
{
|
|
|
|
|
n->n[1]++;
|
|
|
|
|
if (n->n[1] == 0)
|
|
|
|
|
n->n[0]++;
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE void w64Decrement(w64wrapper *n) {
|
2022-05-30 11:17:03 +02:00
|
|
|
if (n->n[1] == 0)
|
|
|
|
|
n->n[0]--;
|
|
|
|
|
n->n[1]--;
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE byte w64Equal(w64wrapper a, w64wrapper b)
|
2022-05-30 11:17:03 +02:00
|
|
|
{
|
|
|
|
|
return (a.n[0] == b.n[0] && a.n[1] == b.n[1]);
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE word32 w64GetLow32(w64wrapper n) {
|
2022-05-30 11:17:03 +02:00
|
|
|
return n.n[1];
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE word32 w64GetHigh32(w64wrapper n) {
|
2022-05-30 11:17:03 +02:00
|
|
|
return n.n[0];
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE void w64SetLow32(w64wrapper *n, word32 low)
|
2022-05-30 11:17:03 +02:00
|
|
|
{
|
|
|
|
|
n->n[1] = low;
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE w64wrapper w64Add32(w64wrapper a, word32 b, byte *wrap)
|
2022-05-30 11:17:03 +02:00
|
|
|
{
|
2024-07-19 11:03:44 -06:00
|
|
|
a.n[1] += b;
|
2022-05-30 11:17:03 +02:00
|
|
|
if (a.n[1] < b) {
|
|
|
|
|
a.n[0]++;
|
|
|
|
|
if (wrap != NULL && a.n[0] == 0)
|
|
|
|
|
*wrap = 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return a;
|
|
|
|
|
}
|
|
|
|
|
|
2024-07-18 07:21:57 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE w64wrapper w64Add(w64wrapper a, w64wrapper b,
|
|
|
|
|
byte *wrap)
|
|
|
|
|
{
|
2024-07-19 11:03:44 -06:00
|
|
|
a.n[1] += b.n[1];
|
2024-07-18 07:21:57 -06:00
|
|
|
if (a.n[1] < b.n[1]) {
|
|
|
|
|
a.n[0]++;
|
|
|
|
|
if (wrap != NULL && a.n[0] == 0)
|
|
|
|
|
*wrap = 1;
|
|
|
|
|
}
|
|
|
|
|
|
2024-07-19 11:03:44 -06:00
|
|
|
a.n[0] += b.n[0];
|
2024-08-06 09:12:17 -06:00
|
|
|
if (wrap != NULL && a.n[0] < b.n[0]) {
|
2024-07-18 07:21:57 -06:00
|
|
|
*wrap = 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return a;
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE w64wrapper w64Sub32(w64wrapper a, word32 b, byte *wrap)
|
2022-05-30 11:17:03 +02:00
|
|
|
{
|
|
|
|
|
byte _underflow = 0;
|
|
|
|
|
if (a.n[1] < b)
|
|
|
|
|
_underflow = 1;
|
|
|
|
|
|
|
|
|
|
a.n[1] -= b;
|
|
|
|
|
if (_underflow) {
|
|
|
|
|
if (a.n[0] == 0 && wrap != NULL)
|
|
|
|
|
*wrap = 1;
|
|
|
|
|
a.n[0]--;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return a;
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE w64wrapper w64Sub(w64wrapper a, w64wrapper b)
|
2022-05-30 11:17:03 +02:00
|
|
|
{
|
|
|
|
|
if (a.n[1] < b.n[1])
|
|
|
|
|
a.n[0]--;
|
|
|
|
|
a.n[1] -= b.n[1];
|
|
|
|
|
a.n[0] -= b.n[0];
|
|
|
|
|
return a;
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE void w64Zero(w64wrapper *a)
|
2022-05-30 11:17:03 +02:00
|
|
|
{
|
|
|
|
|
a->n[0] = a->n[1] = 0;
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE byte w64GT(w64wrapper a, w64wrapper b)
|
2022-05-30 11:17:03 +02:00
|
|
|
{
|
|
|
|
|
if (a.n[0] > b.n[0])
|
|
|
|
|
return 1;
|
|
|
|
|
if (a.n[0] == b.n[0])
|
|
|
|
|
return a.n[1] > b.n[1];
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE byte w64GTE(w64wrapper a, w64wrapper b)
|
2022-05-30 11:17:03 +02:00
|
|
|
{
|
|
|
|
|
if (a.n[0] > b.n[0])
|
|
|
|
|
return 1;
|
|
|
|
|
if (a.n[0] == b.n[0])
|
|
|
|
|
return a.n[1] >= b.n[1];
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE byte w64IsZero(w64wrapper a)
|
2022-05-30 11:17:03 +02:00
|
|
|
{
|
|
|
|
|
return a.n[0] == 0 && a.n[1] == 0;
|
|
|
|
|
}
|
|
|
|
|
|
2024-08-05 16:47:35 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE void c64toa(const w64wrapper *a, byte *out)
|
2022-05-30 11:17:03 +02:00
|
|
|
{
|
|
|
|
|
#ifdef BIG_ENDIAN_ORDER
|
|
|
|
|
word32 *_out = (word32*)(out);
|
|
|
|
|
_out[0] = a->n[0];
|
|
|
|
|
_out[1] = a->n[1];
|
|
|
|
|
#else
|
|
|
|
|
c32toa(a->n[0], out);
|
|
|
|
|
c32toa(a->n[1], out + 4);
|
|
|
|
|
#endif /* BIG_ENDIAN_ORDER */
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE void ato64(const byte *in, w64wrapper *w64)
|
2022-05-30 11:17:03 +02:00
|
|
|
{
|
|
|
|
|
#ifdef BIG_ENDIAN_ORDER
|
|
|
|
|
const word32 *_in = (const word32*)(in);
|
|
|
|
|
w64->n[0] = *_in;
|
|
|
|
|
w64->n[1] = *(_in + 1);
|
|
|
|
|
#else
|
|
|
|
|
ato32(in, &w64->n[0]);
|
|
|
|
|
ato32(in + 4, &w64->n[1]);
|
|
|
|
|
#endif /* BIG_ENDIAN_ORDER */
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE w64wrapper w64From32(word32 hi, word32 lo)
|
2022-05-30 11:17:03 +02:00
|
|
|
{
|
|
|
|
|
w64wrapper w64;
|
|
|
|
|
w64.n[0] = hi;
|
|
|
|
|
w64.n[1] = lo;
|
|
|
|
|
return w64;
|
|
|
|
|
}
|
|
|
|
|
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE byte w64LT(w64wrapper a, w64wrapper b)
|
2022-05-30 11:17:03 +02:00
|
|
|
{
|
|
|
|
|
if (a.n[0] < b.n[0])
|
|
|
|
|
return 1;
|
|
|
|
|
if (a.n[0] == b.n[0])
|
|
|
|
|
return a.n[1] < b.n[1];
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2024-01-23 15:22:46 +10:00
|
|
|
WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftRight(w64wrapper a, int shift)
|
|
|
|
|
{
|
|
|
|
|
if (shift < 32) {
|
2024-07-18 07:21:57 -06:00
|
|
|
a.n[1] = (a.n[1] >> shift) | (a.n[0] << (32 - shift));
|
2024-01-23 15:22:46 +10:00
|
|
|
a.n[0] >>= shift;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
a.n[1] = a.n[0] >> (shift - 32);
|
|
|
|
|
a.n[0] = 0;
|
|
|
|
|
}
|
|
|
|
|
return a;
|
|
|
|
|
}
|
|
|
|
|
WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftLeft(w64wrapper a, int shift)
|
|
|
|
|
{
|
|
|
|
|
if (shift < 32) {
|
2024-07-18 07:21:57 -06:00
|
|
|
a.n[0] = (a.n[0] << shift) | (a.n[1] >> (32 - shift));
|
2024-01-23 15:22:46 +10:00
|
|
|
a.n[1] <<= shift;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
a.n[0] = a.n[1] << (shift - 32);
|
|
|
|
|
a.n[1] = 0;
|
|
|
|
|
}
|
|
|
|
|
return a;
|
|
|
|
|
}
|
|
|
|
|
|
2024-07-18 07:21:57 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE w64wrapper w64Mul(word32 a, word32 b)
|
|
|
|
|
{
|
|
|
|
|
w64wrapper ret;
|
|
|
|
|
word16 ltlA, ltlB, ltlC, ltlD;
|
|
|
|
|
word32 bigA, bigB, bigC, bigD;
|
|
|
|
|
|
|
|
|
|
ltlA = a & 0xFFFF;
|
|
|
|
|
ltlB = (a >> 16) & 0xFFFF;
|
|
|
|
|
ltlC = b & 0xFFFF;
|
|
|
|
|
ltlD = (b >> 16) & 0xFFFF;
|
|
|
|
|
|
2024-07-19 13:59:05 -06:00
|
|
|
bigA = (word32)ltlA * (word32)ltlC;
|
|
|
|
|
bigC = (word32)ltlB * (word32)ltlC;
|
|
|
|
|
bigD = (word32)ltlA * (word32)ltlD;
|
|
|
|
|
bigB = (word32)ltlB * (word32)ltlD;
|
2024-07-18 07:21:57 -06:00
|
|
|
|
|
|
|
|
ret = w64From32(0, bigB);
|
|
|
|
|
ret = w64ShiftLeft(ret, 16);
|
|
|
|
|
ret = w64Add32(ret, bigD, NULL);
|
|
|
|
|
ret = w64Add32(ret, bigC, NULL);
|
|
|
|
|
ret = w64ShiftLeft(ret, 16);
|
|
|
|
|
return w64Add32(ret, bigA, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
2022-05-30 11:17:03 +02:00
|
|
|
#endif /* WORD64_AVAILABLE && !WOLFSSL_W64_WRAPPER_TEST */
|
|
|
|
|
#endif /* WOLFSSL_W64_WRAPPER */
|
|
|
|
|
|
2022-08-19 11:31:00 +02:00
|
|
|
#if defined(HAVE_SESSION_TICKET) || !defined(NO_CERTS) || \
|
|
|
|
|
!defined(NO_SESSION_CACHE)
|
|
|
|
|
/* Make a word from the front of random hash */
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE word32 MakeWordFromHash(const byte* hashID)
|
2022-08-19 11:31:00 +02:00
|
|
|
{
|
|
|
|
|
return ((word32)hashID[0] << 24) | ((word32)hashID[1] << 16) |
|
|
|
|
|
((word32)hashID[2] << 8) | (word32)hashID[3];
|
|
|
|
|
}
|
|
|
|
|
#endif /* HAVE_SESSION_TICKET || !NO_CERTS || !NO_SESSION_CACHE */
|
|
|
|
|
|
|
|
|
|
|
2023-01-03 10:48:00 -08:00
|
|
|
#if !defined(WOLFCRYPT_ONLY) && !defined(NO_HASH_WRAPPER) && \
|
|
|
|
|
(!defined(NO_SESSION_CACHE) || defined(HAVE_SESSION_TICKET))
|
2022-08-19 11:31:00 +02:00
|
|
|
|
|
|
|
|
#include <wolfssl/wolfcrypt/hash.h>
|
|
|
|
|
|
|
|
|
|
/* some session IDs aren't random after all, let's make them random */
|
2023-03-03 22:30:08 -06:00
|
|
|
WC_MISC_STATIC WC_INLINE word32 HashObject(const byte* o, word32 len,
|
|
|
|
|
int* error)
|
2022-08-19 11:31:00 +02:00
|
|
|
{
|
|
|
|
|
byte digest[WC_MAX_DIGEST_SIZE];
|
|
|
|
|
|
|
|
|
|
#ifndef NO_MD5
|
|
|
|
|
*error = wc_Md5Hash(o, len, digest);
|
|
|
|
|
#elif !defined(NO_SHA)
|
|
|
|
|
*error = wc_ShaHash(o, len, digest);
|
|
|
|
|
#elif !defined(NO_SHA256)
|
|
|
|
|
*error = wc_Sha256Hash(o, len, digest);
|
|
|
|
|
#else
|
|
|
|
|
#error "We need a digest to hash the session IDs"
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
return *error == 0 ? MakeWordFromHash(digest) : 0; /* 0 on failure */
|
|
|
|
|
}
|
2023-01-03 10:48:00 -08:00
|
|
|
#endif /* WOLFCRYPT_ONLY && !NO_HASH_WRAPPER &&
|
|
|
|
|
* (!NO_SESSION_CACHE || HAVE_SESSION_TICKET) */
|
2022-08-19 11:31:00 +02:00
|
|
|
|
2024-03-20 17:33:50 +01:00
|
|
|
WC_MISC_STATIC WC_INLINE char* CopyString(const char* src, int srcLen,
|
|
|
|
|
void* heap, int type) {
|
|
|
|
|
char* dst = NULL;
|
|
|
|
|
|
|
|
|
|
if (src == NULL)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
if (srcLen <= 0)
|
|
|
|
|
srcLen = (int)XSTRLEN(src);
|
|
|
|
|
|
2024-05-18 02:31:58 -05:00
|
|
|
dst = (char*)XMALLOC((size_t)srcLen + 1, heap, type);
|
2024-03-20 17:33:50 +01:00
|
|
|
if (dst != NULL) {
|
2024-05-18 02:31:58 -05:00
|
|
|
XMEMCPY(dst, src, (size_t)srcLen);
|
2024-03-20 17:33:50 +01:00
|
|
|
dst[srcLen] = '\0';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return dst;
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-08 13:13:59 -07:00
|
|
|
#endif /* !WOLFSSL_MISC_INCLUDED && !NO_INLINE */
|
|
|
|
|
|
2015-05-13 15:10:05 -07:00
|
|
|
#endif /* WOLF_CRYPT_MISC_C */
|
