#include "bearssl_x509.h"
#include "bearssl_pem.h"
+/** \brief Type for a configuration option.
+ *
+ * A "configuration option" is a value that is selected when the BearSSL
+ * library itself is compiled. Most options are boolean; their value is
+ * then either 1 (option is enabled) or 0 (option is disabled). Some
+ * values have other integer values. Option names correspond to macro
+ * names. Some of the options can be explicitly set in the internal
+ * `"config.h"` file.
+ */
+typedef struct {
+ /** \brief Configurable option name. */
+ const char *name;
+ /** \brief Configurable option value. */
+ long value;
+} br_config_option;
+
+/** \brief Get configuration report.
+ *
+ * This function returns compiled configuration options, each as a
+ * 'long' value. Names match internal macro names, in particular those
+ * that can be set in the `"config.h"` inner file. For boolean options,
+ * the numerical value is 1 if enabled, 0 if disabled. For maximum
+ * key sizes, values are expressed in bits.
+ *
+ * The returned array is terminated by an entry whose `name` is `NULL`.
+ *
+ * \return the configuration report.
+ */
+const br_config_option *br_get_config(void);
+
#endif
return ctx->digest_class;
}
+/**
+ * \brief Type for a provider of entropy seeds.
+ *
+ * A "seeder" is a function that is able to obtain random values from
+ * some source and inject them as entropy seed in a PRNG. A seeder
+ * shall guarantee that the total entropy of the injected seed is large
+ * enough to seed a PRNG for purposes of cryptographic key generation
+ * (i.e. at least 128 bits).
+ *
+ * A seeder may report a failure to obtain adequate entropy. Seeders
+ * shall endeavour to fix themselves transient errors by trying again;
+ * thus, callers may consider reported errors as permanent.
+ *
+ * \param ctx PRNG context to seed.
+ * \return 1 on success, 0 on error.
+ */
+typedef int (*br_prng_seeder)(const br_prng_class **ctx);
+
+/**
+ * \brief Get a seeder backed by the operating system or hardware.
+ *
+ * Get a seeder that feeds on RNG facilities provided by the current
+ * operating system or hardware. If no such facility is known, then 0
+ * is returned.
+ *
+ * If `name` is not `NULL`, then `*name` is set to a symbolic string
+ * that identifies the seeder implemention. If no seeder is returned
+ * and `name` is not `NULL`, then `*name` is set to a pointer to the
+ * constant string `"none"`.
+ *
+ * \param name receiver for seeder name, or `NULL`.
+ * \return the system seeder, if available, or 0.
+ */
+br_prng_seeder br_prng_seeder_system(const char **name);
+
#ifdef __cplusplus
}
#endif
/*
* Context RNG.
+ *
+ * rng_init_done is initially 0. It is set to 1 when the
+ * basic structure of the RNG is set, and 2 when some
+ * entropy has been pushed in. The value 2 marks the RNG
+ * as "properly seeded".
+ *
+ * rng_os_rand_done is initially 0. It is set to 1 when
+ * some seeding from the OS or hardware has been attempted.
*/
br_hmac_drbg_context rng;
int rng_init_done;
# Automatically generated rules. Use 'mkrules.sh' to modify/regenerate.
-OBJ = $(OBJDIR)$Pgcm$O $(OBJDIR)$Pccopy$O $(OBJDIR)$Pdec16be$O $(OBJDIR)$Pdec16le$O $(OBJDIR)$Pdec32be$O $(OBJDIR)$Pdec32le$O $(OBJDIR)$Pdec64be$O $(OBJDIR)$Pdec64le$O $(OBJDIR)$Penc16be$O $(OBJDIR)$Penc16le$O $(OBJDIR)$Penc32be$O $(OBJDIR)$Penc32le$O $(OBJDIR)$Penc64be$O $(OBJDIR)$Penc64le$O $(OBJDIR)$Ppemdec$O $(OBJDIR)$Pec_all_m15$O $(OBJDIR)$Pec_all_m31$O $(OBJDIR)$Pec_c25519_i15$O $(OBJDIR)$Pec_c25519_i31$O $(OBJDIR)$Pec_c25519_m15$O $(OBJDIR)$Pec_c25519_m31$O $(OBJDIR)$Pec_curve25519$O $(OBJDIR)$Pec_default$O $(OBJDIR)$Pec_p256_m15$O $(OBJDIR)$Pec_p256_m31$O $(OBJDIR)$Pec_prime_i15$O $(OBJDIR)$Pec_prime_i31$O $(OBJDIR)$Pec_secp256r1$O $(OBJDIR)$Pec_secp384r1$O $(OBJDIR)$Pec_secp521r1$O $(OBJDIR)$Pecdsa_atr$O $(OBJDIR)$Pecdsa_default_sign_asn1$O $(OBJDIR)$Pecdsa_default_sign_raw$O $(OBJDIR)$Pecdsa_default_vrfy_asn1$O $(OBJDIR)$Pecdsa_default_vrfy_raw$O $(OBJDIR)$Pecdsa_i15_bits$O $(OBJDIR)$Pecdsa_i15_sign_asn1$O $(OBJDIR)$Pecdsa_i15_sign_raw$O $(OBJDIR)$Pecdsa_i15_vrfy_asn1$O $(OBJDIR)$Pecdsa_i15_vrfy_raw$O $(OBJDIR)$Pecdsa_i31_bits$O $(OBJDIR)$Pecdsa_i31_sign_asn1$O $(OBJDIR)$Pecdsa_i31_sign_raw$O $(OBJDIR)$Pecdsa_i31_vrfy_asn1$O $(OBJDIR)$Pecdsa_i31_vrfy_raw$O $(OBJDIR)$Pecdsa_rta$O $(OBJDIR)$Pdig_oid$O $(OBJDIR)$Pdig_size$O $(OBJDIR)$Pghash_ctmul$O $(OBJDIR)$Pghash_ctmul32$O $(OBJDIR)$Pghash_ctmul64$O $(OBJDIR)$Pghash_pclmul$O $(OBJDIR)$Pghash_pwr8$O $(OBJDIR)$Pmd5$O $(OBJDIR)$Pmd5sha1$O $(OBJDIR)$Pmultihash$O $(OBJDIR)$Psha1$O $(OBJDIR)$Psha2big$O $(OBJDIR)$Psha2small$O $(OBJDIR)$Pi15_add$O $(OBJDIR)$Pi15_bitlen$O $(OBJDIR)$Pi15_decmod$O $(OBJDIR)$Pi15_decode$O $(OBJDIR)$Pi15_decred$O $(OBJDIR)$Pi15_encode$O $(OBJDIR)$Pi15_fmont$O $(OBJDIR)$Pi15_iszero$O $(OBJDIR)$Pi15_modpow$O $(OBJDIR)$Pi15_modpow2$O $(OBJDIR)$Pi15_montmul$O $(OBJDIR)$Pi15_mulacc$O $(OBJDIR)$Pi15_muladd$O $(OBJDIR)$Pi15_ninv15$O $(OBJDIR)$Pi15_reduce$O $(OBJDIR)$Pi15_rshift$O $(OBJDIR)$Pi15_sub$O $(OBJDIR)$Pi15_tmont$O $(OBJDIR)$Pi31_add$O $(OBJDIR)$Pi31_bitlen$O $(OBJDIR)$Pi31_decmod$O $(OBJDIR)$Pi31_decode$O $(OBJDIR)$Pi31_decred$O $(OBJDIR)$Pi31_encode$O $(OBJDIR)$Pi31_fmont$O $(OBJDIR)$Pi31_iszero$O $(OBJDIR)$Pi31_modpow$O $(OBJDIR)$Pi31_modpow2$O $(OBJDIR)$Pi31_montmul$O $(OBJDIR)$Pi31_mulacc$O $(OBJDIR)$Pi31_muladd$O $(OBJDIR)$Pi31_ninv31$O $(OBJDIR)$Pi31_reduce$O $(OBJDIR)$Pi31_rshift$O $(OBJDIR)$Pi31_sub$O $(OBJDIR)$Pi31_tmont$O $(OBJDIR)$Pi32_add$O $(OBJDIR)$Pi32_bitlen$O $(OBJDIR)$Pi32_decmod$O $(OBJDIR)$Pi32_decode$O $(OBJDIR)$Pi32_decred$O $(OBJDIR)$Pi32_div32$O $(OBJDIR)$Pi32_encode$O $(OBJDIR)$Pi32_fmont$O $(OBJDIR)$Pi32_iszero$O $(OBJDIR)$Pi32_modpow$O $(OBJDIR)$Pi32_montmul$O $(OBJDIR)$Pi32_mulacc$O $(OBJDIR)$Pi32_muladd$O $(OBJDIR)$Pi32_ninv32$O $(OBJDIR)$Pi32_reduce$O $(OBJDIR)$Pi32_sub$O $(OBJDIR)$Pi32_tmont$O $(OBJDIR)$Pi62_modpow2$O $(OBJDIR)$Phmac$O $(OBJDIR)$Phmac_ct$O $(OBJDIR)$Phmac_drbg$O $(OBJDIR)$Prsa_default_pkcs1_sign$O $(OBJDIR)$Prsa_default_pkcs1_vrfy$O $(OBJDIR)$Prsa_default_priv$O $(OBJDIR)$Prsa_default_pub$O $(OBJDIR)$Prsa_i15_pkcs1_sign$O $(OBJDIR)$Prsa_i15_pkcs1_vrfy$O $(OBJDIR)$Prsa_i15_priv$O $(OBJDIR)$Prsa_i15_pub$O $(OBJDIR)$Prsa_i31_pkcs1_sign$O $(OBJDIR)$Prsa_i31_pkcs1_vrfy$O $(OBJDIR)$Prsa_i31_priv$O $(OBJDIR)$Prsa_i31_pub$O $(OBJDIR)$Prsa_i32_pkcs1_sign$O $(OBJDIR)$Prsa_i32_pkcs1_vrfy$O $(OBJDIR)$Prsa_i32_priv$O $(OBJDIR)$Prsa_i32_pub$O $(OBJDIR)$Prsa_i62_pkcs1_sign$O $(OBJDIR)$Prsa_i62_pkcs1_vrfy$O $(OBJDIR)$Prsa_i62_priv$O $(OBJDIR)$Prsa_i62_pub$O $(OBJDIR)$Prsa_pkcs1_sig_pad$O $(OBJDIR)$Prsa_pkcs1_sig_unpad$O $(OBJDIR)$Prsa_ssl_decrypt$O $(OBJDIR)$Pprf$O $(OBJDIR)$Pprf_md5sha1$O $(OBJDIR)$Pprf_sha256$O $(OBJDIR)$Pprf_sha384$O $(OBJDIR)$Pssl_ccert_single_ec$O $(OBJDIR)$Pssl_ccert_single_rsa$O $(OBJDIR)$Pssl_client$O $(OBJDIR)$Pssl_client_default_rsapub$O $(OBJDIR)$Pssl_client_full$O $(OBJDIR)$Pssl_engine$O $(OBJDIR)$Pssl_engine_default_aescbc$O $(OBJDIR)$Pssl_engine_default_aesgcm$O $(OBJDIR)$Pssl_engine_default_chapol$O $(OBJDIR)$Pssl_engine_default_descbc$O $(OBJDIR)$Pssl_engine_default_ec$O $(OBJDIR)$Pssl_engine_default_ecdsa$O $(OBJDIR)$Pssl_engine_default_rsavrfy$O $(OBJDIR)$Pssl_hashes$O $(OBJDIR)$Pssl_hs_client$O $(OBJDIR)$Pssl_hs_server$O $(OBJDIR)$Pssl_io$O $(OBJDIR)$Pssl_keyexport$O $(OBJDIR)$Pssl_lru$O $(OBJDIR)$Pssl_rec_cbc$O $(OBJDIR)$Pssl_rec_chapol$O $(OBJDIR)$Pssl_rec_gcm$O $(OBJDIR)$Pssl_scert_single_ec$O $(OBJDIR)$Pssl_scert_single_rsa$O $(OBJDIR)$Pssl_server$O $(OBJDIR)$Pssl_server_full_ec$O $(OBJDIR)$Pssl_server_full_rsa$O $(OBJDIR)$Pssl_server_mine2c$O $(OBJDIR)$Pssl_server_mine2g$O $(OBJDIR)$Pssl_server_minf2c$O $(OBJDIR)$Pssl_server_minf2g$O $(OBJDIR)$Pssl_server_minr2g$O $(OBJDIR)$Pssl_server_minu2g$O $(OBJDIR)$Pssl_server_minv2g$O $(OBJDIR)$Paes_big_cbcdec$O $(OBJDIR)$Paes_big_cbcenc$O $(OBJDIR)$Paes_big_ctr$O $(OBJDIR)$Paes_big_dec$O $(OBJDIR)$Paes_big_enc$O $(OBJDIR)$Paes_common$O $(OBJDIR)$Paes_ct$O $(OBJDIR)$Paes_ct64$O $(OBJDIR)$Paes_ct64_cbcdec$O $(OBJDIR)$Paes_ct64_cbcenc$O $(OBJDIR)$Paes_ct64_ctr$O $(OBJDIR)$Paes_ct64_dec$O $(OBJDIR)$Paes_ct64_enc$O $(OBJDIR)$Paes_ct_cbcdec$O $(OBJDIR)$Paes_ct_cbcenc$O $(OBJDIR)$Paes_ct_ctr$O $(OBJDIR)$Paes_ct_dec$O $(OBJDIR)$Paes_ct_enc$O $(OBJDIR)$Paes_pwr8$O $(OBJDIR)$Paes_pwr8_cbcdec$O $(OBJDIR)$Paes_pwr8_cbcenc$O $(OBJDIR)$Paes_pwr8_ctr$O $(OBJDIR)$Paes_small_cbcdec$O $(OBJDIR)$Paes_small_cbcenc$O $(OBJDIR)$Paes_small_ctr$O $(OBJDIR)$Paes_small_dec$O $(OBJDIR)$Paes_small_enc$O $(OBJDIR)$Paes_x86ni$O $(OBJDIR)$Paes_x86ni_cbcdec$O $(OBJDIR)$Paes_x86ni_cbcenc$O $(OBJDIR)$Paes_x86ni_ctr$O $(OBJDIR)$Pchacha20_ct$O $(OBJDIR)$Pchacha20_sse2$O $(OBJDIR)$Pdes_ct$O $(OBJDIR)$Pdes_ct_cbcdec$O $(OBJDIR)$Pdes_ct_cbcenc$O $(OBJDIR)$Pdes_support$O $(OBJDIR)$Pdes_tab$O $(OBJDIR)$Pdes_tab_cbcdec$O $(OBJDIR)$Pdes_tab_cbcenc$O $(OBJDIR)$Ppoly1305_ctmul$O $(OBJDIR)$Ppoly1305_ctmul32$O $(OBJDIR)$Ppoly1305_ctmulq$O $(OBJDIR)$Ppoly1305_i15$O $(OBJDIR)$Pskey_decoder$O $(OBJDIR)$Px509_decoder$O $(OBJDIR)$Px509_knownkey$O $(OBJDIR)$Px509_minimal$O $(OBJDIR)$Px509_minimal_full$O
-OBJBRSSL = $(OBJDIR)$Pbrssl$O $(OBJDIR)$Pcerts$O $(OBJDIR)$Pchain$O $(OBJDIR)$Pclient$O $(OBJDIR)$Perrors$O $(OBJDIR)$Pfiles$O $(OBJDIR)$Pkeys$O $(OBJDIR)$Pnames$O $(OBJDIR)$Pserver$O $(OBJDIR)$Pskey$O $(OBJDIR)$Psslio$O $(OBJDIR)$Pta$O $(OBJDIR)$Ptwrch$O $(OBJDIR)$Pvector$O $(OBJDIR)$Pverify$O $(OBJDIR)$Pxmem$O
+OBJ = $(OBJDIR)$Psettings$O $(OBJDIR)$Pgcm$O $(OBJDIR)$Pccopy$O $(OBJDIR)$Pdec16be$O $(OBJDIR)$Pdec16le$O $(OBJDIR)$Pdec32be$O $(OBJDIR)$Pdec32le$O $(OBJDIR)$Pdec64be$O $(OBJDIR)$Pdec64le$O $(OBJDIR)$Penc16be$O $(OBJDIR)$Penc16le$O $(OBJDIR)$Penc32be$O $(OBJDIR)$Penc32le$O $(OBJDIR)$Penc64be$O $(OBJDIR)$Penc64le$O $(OBJDIR)$Ppemdec$O $(OBJDIR)$Pec_all_m15$O $(OBJDIR)$Pec_all_m31$O $(OBJDIR)$Pec_c25519_i15$O $(OBJDIR)$Pec_c25519_i31$O $(OBJDIR)$Pec_c25519_m15$O $(OBJDIR)$Pec_c25519_m31$O $(OBJDIR)$Pec_curve25519$O $(OBJDIR)$Pec_default$O $(OBJDIR)$Pec_p256_m15$O $(OBJDIR)$Pec_p256_m31$O $(OBJDIR)$Pec_prime_i15$O $(OBJDIR)$Pec_prime_i31$O $(OBJDIR)$Pec_secp256r1$O $(OBJDIR)$Pec_secp384r1$O $(OBJDIR)$Pec_secp521r1$O $(OBJDIR)$Pecdsa_atr$O $(OBJDIR)$Pecdsa_default_sign_asn1$O $(OBJDIR)$Pecdsa_default_sign_raw$O $(OBJDIR)$Pecdsa_default_vrfy_asn1$O $(OBJDIR)$Pecdsa_default_vrfy_raw$O $(OBJDIR)$Pecdsa_i15_bits$O $(OBJDIR)$Pecdsa_i15_sign_asn1$O $(OBJDIR)$Pecdsa_i15_sign_raw$O $(OBJDIR)$Pecdsa_i15_vrfy_asn1$O $(OBJDIR)$Pecdsa_i15_vrfy_raw$O $(OBJDIR)$Pecdsa_i31_bits$O $(OBJDIR)$Pecdsa_i31_sign_asn1$O $(OBJDIR)$Pecdsa_i31_sign_raw$O $(OBJDIR)$Pecdsa_i31_vrfy_asn1$O $(OBJDIR)$Pecdsa_i31_vrfy_raw$O $(OBJDIR)$Pecdsa_rta$O $(OBJDIR)$Pdig_oid$O $(OBJDIR)$Pdig_size$O $(OBJDIR)$Pghash_ctmul$O $(OBJDIR)$Pghash_ctmul32$O $(OBJDIR)$Pghash_ctmul64$O $(OBJDIR)$Pghash_pclmul$O $(OBJDIR)$Pghash_pwr8$O $(OBJDIR)$Pmd5$O $(OBJDIR)$Pmd5sha1$O $(OBJDIR)$Pmultihash$O $(OBJDIR)$Psha1$O $(OBJDIR)$Psha2big$O $(OBJDIR)$Psha2small$O $(OBJDIR)$Pi15_add$O $(OBJDIR)$Pi15_bitlen$O $(OBJDIR)$Pi15_decmod$O $(OBJDIR)$Pi15_decode$O $(OBJDIR)$Pi15_decred$O $(OBJDIR)$Pi15_encode$O $(OBJDIR)$Pi15_fmont$O $(OBJDIR)$Pi15_iszero$O $(OBJDIR)$Pi15_modpow$O $(OBJDIR)$Pi15_modpow2$O $(OBJDIR)$Pi15_montmul$O $(OBJDIR)$Pi15_mulacc$O $(OBJDIR)$Pi15_muladd$O $(OBJDIR)$Pi15_ninv15$O $(OBJDIR)$Pi15_reduce$O $(OBJDIR)$Pi15_rshift$O $(OBJDIR)$Pi15_sub$O $(OBJDIR)$Pi15_tmont$O $(OBJDIR)$Pi31_add$O $(OBJDIR)$Pi31_bitlen$O $(OBJDIR)$Pi31_decmod$O $(OBJDIR)$Pi31_decode$O $(OBJDIR)$Pi31_decred$O $(OBJDIR)$Pi31_encode$O $(OBJDIR)$Pi31_fmont$O $(OBJDIR)$Pi31_iszero$O $(OBJDIR)$Pi31_modpow$O $(OBJDIR)$Pi31_modpow2$O $(OBJDIR)$Pi31_montmul$O $(OBJDIR)$Pi31_mulacc$O $(OBJDIR)$Pi31_muladd$O $(OBJDIR)$Pi31_ninv31$O $(OBJDIR)$Pi31_reduce$O $(OBJDIR)$Pi31_rshift$O $(OBJDIR)$Pi31_sub$O $(OBJDIR)$Pi31_tmont$O $(OBJDIR)$Pi32_add$O $(OBJDIR)$Pi32_bitlen$O $(OBJDIR)$Pi32_decmod$O $(OBJDIR)$Pi32_decode$O $(OBJDIR)$Pi32_decred$O $(OBJDIR)$Pi32_div32$O $(OBJDIR)$Pi32_encode$O $(OBJDIR)$Pi32_fmont$O $(OBJDIR)$Pi32_iszero$O $(OBJDIR)$Pi32_modpow$O $(OBJDIR)$Pi32_montmul$O $(OBJDIR)$Pi32_mulacc$O $(OBJDIR)$Pi32_muladd$O $(OBJDIR)$Pi32_ninv32$O $(OBJDIR)$Pi32_reduce$O $(OBJDIR)$Pi32_sub$O $(OBJDIR)$Pi32_tmont$O $(OBJDIR)$Pi62_modpow2$O $(OBJDIR)$Phmac$O $(OBJDIR)$Phmac_ct$O $(OBJDIR)$Phmac_drbg$O $(OBJDIR)$Psysrng$O $(OBJDIR)$Prsa_default_pkcs1_sign$O $(OBJDIR)$Prsa_default_pkcs1_vrfy$O $(OBJDIR)$Prsa_default_priv$O $(OBJDIR)$Prsa_default_pub$O $(OBJDIR)$Prsa_i15_pkcs1_sign$O $(OBJDIR)$Prsa_i15_pkcs1_vrfy$O $(OBJDIR)$Prsa_i15_priv$O $(OBJDIR)$Prsa_i15_pub$O $(OBJDIR)$Prsa_i31_pkcs1_sign$O $(OBJDIR)$Prsa_i31_pkcs1_vrfy$O $(OBJDIR)$Prsa_i31_priv$O $(OBJDIR)$Prsa_i31_pub$O $(OBJDIR)$Prsa_i32_pkcs1_sign$O $(OBJDIR)$Prsa_i32_pkcs1_vrfy$O $(OBJDIR)$Prsa_i32_priv$O $(OBJDIR)$Prsa_i32_pub$O $(OBJDIR)$Prsa_i62_pkcs1_sign$O $(OBJDIR)$Prsa_i62_pkcs1_vrfy$O $(OBJDIR)$Prsa_i62_priv$O $(OBJDIR)$Prsa_i62_pub$O $(OBJDIR)$Prsa_pkcs1_sig_pad$O $(OBJDIR)$Prsa_pkcs1_sig_unpad$O $(OBJDIR)$Prsa_ssl_decrypt$O $(OBJDIR)$Pprf$O $(OBJDIR)$Pprf_md5sha1$O $(OBJDIR)$Pprf_sha256$O $(OBJDIR)$Pprf_sha384$O $(OBJDIR)$Pssl_ccert_single_ec$O $(OBJDIR)$Pssl_ccert_single_rsa$O $(OBJDIR)$Pssl_client$O $(OBJDIR)$Pssl_client_default_rsapub$O $(OBJDIR)$Pssl_client_full$O $(OBJDIR)$Pssl_engine$O $(OBJDIR)$Pssl_engine_default_aescbc$O $(OBJDIR)$Pssl_engine_default_aesgcm$O $(OBJDIR)$Pssl_engine_default_chapol$O $(OBJDIR)$Pssl_engine_default_descbc$O $(OBJDIR)$Pssl_engine_default_ec$O $(OBJDIR)$Pssl_engine_default_ecdsa$O $(OBJDIR)$Pssl_engine_default_rsavrfy$O $(OBJDIR)$Pssl_hashes$O $(OBJDIR)$Pssl_hs_client$O $(OBJDIR)$Pssl_hs_server$O $(OBJDIR)$Pssl_io$O $(OBJDIR)$Pssl_keyexport$O $(OBJDIR)$Pssl_lru$O $(OBJDIR)$Pssl_rec_cbc$O $(OBJDIR)$Pssl_rec_chapol$O $(OBJDIR)$Pssl_rec_gcm$O $(OBJDIR)$Pssl_scert_single_ec$O $(OBJDIR)$Pssl_scert_single_rsa$O $(OBJDIR)$Pssl_server$O $(OBJDIR)$Pssl_server_full_ec$O $(OBJDIR)$Pssl_server_full_rsa$O $(OBJDIR)$Pssl_server_mine2c$O $(OBJDIR)$Pssl_server_mine2g$O $(OBJDIR)$Pssl_server_minf2c$O $(OBJDIR)$Pssl_server_minf2g$O $(OBJDIR)$Pssl_server_minr2g$O $(OBJDIR)$Pssl_server_minu2g$O $(OBJDIR)$Pssl_server_minv2g$O $(OBJDIR)$Paes_big_cbcdec$O $(OBJDIR)$Paes_big_cbcenc$O $(OBJDIR)$Paes_big_ctr$O $(OBJDIR)$Paes_big_dec$O $(OBJDIR)$Paes_big_enc$O $(OBJDIR)$Paes_common$O $(OBJDIR)$Paes_ct$O $(OBJDIR)$Paes_ct64$O $(OBJDIR)$Paes_ct64_cbcdec$O $(OBJDIR)$Paes_ct64_cbcenc$O $(OBJDIR)$Paes_ct64_ctr$O $(OBJDIR)$Paes_ct64_dec$O $(OBJDIR)$Paes_ct64_enc$O $(OBJDIR)$Paes_ct_cbcdec$O $(OBJDIR)$Paes_ct_cbcenc$O $(OBJDIR)$Paes_ct_ctr$O $(OBJDIR)$Paes_ct_dec$O $(OBJDIR)$Paes_ct_enc$O $(OBJDIR)$Paes_pwr8$O $(OBJDIR)$Paes_pwr8_cbcdec$O $(OBJDIR)$Paes_pwr8_cbcenc$O $(OBJDIR)$Paes_pwr8_ctr$O $(OBJDIR)$Paes_small_cbcdec$O $(OBJDIR)$Paes_small_cbcenc$O $(OBJDIR)$Paes_small_ctr$O $(OBJDIR)$Paes_small_dec$O $(OBJDIR)$Paes_small_enc$O $(OBJDIR)$Paes_x86ni$O $(OBJDIR)$Paes_x86ni_cbcdec$O $(OBJDIR)$Paes_x86ni_cbcenc$O $(OBJDIR)$Paes_x86ni_ctr$O $(OBJDIR)$Pchacha20_ct$O $(OBJDIR)$Pchacha20_sse2$O $(OBJDIR)$Pdes_ct$O $(OBJDIR)$Pdes_ct_cbcdec$O $(OBJDIR)$Pdes_ct_cbcenc$O $(OBJDIR)$Pdes_support$O $(OBJDIR)$Pdes_tab$O $(OBJDIR)$Pdes_tab_cbcdec$O $(OBJDIR)$Pdes_tab_cbcenc$O $(OBJDIR)$Ppoly1305_ctmul$O $(OBJDIR)$Ppoly1305_ctmul32$O $(OBJDIR)$Ppoly1305_ctmulq$O $(OBJDIR)$Ppoly1305_i15$O $(OBJDIR)$Pskey_decoder$O $(OBJDIR)$Px509_decoder$O $(OBJDIR)$Px509_knownkey$O $(OBJDIR)$Px509_minimal$O $(OBJDIR)$Px509_minimal_full$O
+OBJBRSSL = $(OBJDIR)$Pbrssl$O $(OBJDIR)$Pcerts$O $(OBJDIR)$Pchain$O $(OBJDIR)$Pclient$O $(OBJDIR)$Perrors$O $(OBJDIR)$Pfiles$O $(OBJDIR)$Pimpl$O $(OBJDIR)$Pkeys$O $(OBJDIR)$Pnames$O $(OBJDIR)$Pserver$O $(OBJDIR)$Pskey$O $(OBJDIR)$Psslio$O $(OBJDIR)$Pta$O $(OBJDIR)$Ptwrch$O $(OBJDIR)$Pvector$O $(OBJDIR)$Pverify$O $(OBJDIR)$Pxmem$O
OBJTESTCRYPTO = $(OBJDIR)$Ptest_crypto$O
OBJTESTSPEED = $(OBJDIR)$Ptest_speed$O
OBJTESTX509 = $(OBJDIR)$Ptest_x509$O
$(TESTX509): $(BEARSSLLIB) $(OBJTESTX509)
$(LD) $(LDFLAGS) $(LDOUT)$(TESTX509) $(OBJTESTX509) $(BEARSSLLIB)
+$(OBJDIR)$Psettings$O: src$Psettings.c $(HEADERSPRIV)
+ $(CC) $(CFLAGS) $(INCFLAGS) $(CCOUT)$(OBJDIR)$Psettings$O src$Psettings.c
+
$(OBJDIR)$Pgcm$O: src$Paead$Pgcm.c $(HEADERSPRIV)
$(CC) $(CFLAGS) $(INCFLAGS) $(CCOUT)$(OBJDIR)$Pgcm$O src$Paead$Pgcm.c
$(OBJDIR)$Phmac_drbg$O: src$Prand$Phmac_drbg.c $(HEADERSPRIV)
$(CC) $(CFLAGS) $(INCFLAGS) $(CCOUT)$(OBJDIR)$Phmac_drbg$O src$Prand$Phmac_drbg.c
+$(OBJDIR)$Psysrng$O: src$Prand$Psysrng.c $(HEADERSPRIV)
+ $(CC) $(CFLAGS) $(INCFLAGS) $(CCOUT)$(OBJDIR)$Psysrng$O src$Prand$Psysrng.c
+
$(OBJDIR)$Prsa_default_pkcs1_sign$O: src$Prsa$Prsa_default_pkcs1_sign.c $(HEADERSPRIV)
$(CC) $(CFLAGS) $(INCFLAGS) $(CCOUT)$(OBJDIR)$Prsa_default_pkcs1_sign$O src$Prsa$Prsa_default_pkcs1_sign.c
$(OBJDIR)$Pfiles$O: tools$Pfiles.c $(HEADERSTOOLS)
$(CC) $(CFLAGS) $(INCFLAGS) $(CCOUT)$(OBJDIR)$Pfiles$O tools$Pfiles.c
+$(OBJDIR)$Pimpl$O: tools$Pimpl.c $(HEADERSTOOLS)
+ $(CC) $(CFLAGS) $(INCFLAGS) $(CCOUT)$(OBJDIR)$Pimpl$O tools$Pimpl.c
+
$(OBJDIR)$Pkeys$O: tools$Pkeys.c $(HEADERSTOOLS)
$(CC) $(CFLAGS) $(INCFLAGS) $(CCOUT)$(OBJDIR)$Pkeys$O tools$Pkeys.c
# Source files. Please keep in alphabetical order.
coresrc=" \
+ src/settings.c \
src/aead/gcm.c \
src/codec/ccopy.c \
src/codec/dec16be.c \
src/mac/hmac.c \
src/mac/hmac_ct.c \
src/rand/hmac_drbg.c \
+ src/rand/sysrng.c \
src/rsa/rsa_default_pkcs1_sign.c \
src/rsa/rsa_default_pkcs1_vrfy.c \
src/rsa/rsa_default_priv.c \
tools/client.c \
tools/errors.c \
tools/files.c \
+ tools/impl.c \
tools/keys.c \
tools/names.c \
tools/server.c \
#define BR_NO_ARITH_SHIFT 1
*/
+/*
+ * When BR_RDRAND is enabled, the SSL engine will use the RDRAND opcode
+ * to automatically obtain quality randomness for seeding its internal
+ * PRNG. Since that opcode is present only in recent x86 CPU, its
+ * support is dynamically tested; if the current CPU does not support
+ * it, then another random source will be used, such as /dev/urandom or
+ * CryptGenRandom().
+ *
+#define BR_RDRAND 1
+ */
+
/*
* When BR_USE_URANDOM is enabled, the SSL engine will use /dev/urandom
* to automatically obtain quality randomness for seedings its internal
* SOFTWARE.
*/
+#define BR_ENABLE_INTRINSICS 1
#include "inner.h"
/*
#if BR_AES_X86NI
-#if BR_AES_X86NI_GCC
-#if BR_AES_X86NI_GCC_OLD
-#pragma GCC push_options
-#pragma GCC target("sse2,ssse3,pclmul")
-#pragma GCC diagnostic ignored "-Wpsabi"
-#endif
-#include <tmmintrin.h>
-#include <wmmintrin.h>
-#include <cpuid.h>
-#endif
+/*
+ * Test CPU support for PCLMULQDQ.
+ */
+static inline int
+pclmul_supported(void)
+{
+ /*
+ * Bit mask for features in ECX:
+ * 1 PCLMULQDQ support
+ */
+ return br_cpuid(0, 0, 0x00000002, 0);
+}
-#if BR_AES_X86NI_MSC
-#include <intrin.h>
-#endif
+/* see bearssl_hash.h */
+br_ghash
+br_ghash_pclmul_get(void)
+{
+ return pclmul_supported() ? &br_ghash_pclmul : 0;
+}
+
+BR_TARGETS_X86_UP
/*
* GHASH is defined over elements of GF(2^128) with "full little-endian"
* chunks. We number chunks from 0 to 3 in left to right order.
*/
+/*
+ * Byte-swap a complete 128-bit value. This normally uses
+ * _mm_shuffle_epi8(), which gets translated to pshufb (an SSSE3 opcode).
+ * However, this crashes old Clang versions, so, for Clang before 3.8,
+ * we use an alternate (and less efficient) version.
+ */
+#if BR_CLANG && !BR_CLANG_3_8
+#define BYTESWAP_DECL
+#define BYTESWAP_PREP (void)0
+#define BYTESWAP(x) do { \
+ __m128i byteswap1, byteswap2; \
+ byteswap1 = (x); \
+ byteswap2 = _mm_srli_epi16(byteswap1, 8); \
+ byteswap1 = _mm_slli_epi16(byteswap1, 8); \
+ byteswap1 = _mm_or_si128(byteswap1, byteswap2); \
+ byteswap1 = _mm_shufflelo_epi16(byteswap1, 0x1B); \
+ byteswap1 = _mm_shufflehi_epi16(byteswap1, 0x1B); \
+ (x) = _mm_shuffle_epi32(byteswap1, 0x4E); \
+ } while (0)
+#else
+#define BYTESWAP_DECL __m128i byteswap_index;
+#define BYTESWAP_PREP do { \
+ byteswap_index = _mm_set_epi8( \
+ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15); \
+ } while (0)
+#define BYTESWAP(x) do { \
+ (x) = _mm_shuffle_epi8((x), byteswap_index); \
+ } while (0)
+#endif
+
+/*
+ * Call pclmulqdq. Clang appears to have trouble with the intrinsic, so,
+ * for that compiler, we use inline assembly. Inline assembly is
+ * potentially a bit slower because the compiler does not understand
+ * what the opcode does, and thus cannot optimize instruction
+ * scheduling.
+ *
+ * We use a target of "sse2" only, so that Clang may still handle the
+ * '__m128i' type and allocate SSE2 registers.
+ */
+#if BR_CLANG
+BR_TARGET("sse2")
+static inline __m128i
+pclmulqdq00(__m128i x, __m128i y)
+{
+ __asm__ ("pclmulqdq $0x00, %1, %0" : "+x" (x) : "x" (y));
+ return x;
+}
+BR_TARGET("sse2")
+static inline __m128i
+pclmulqdq11(__m128i x, __m128i y)
+{
+ __asm__ ("pclmulqdq $0x11, %1, %0" : "+x" (x) : "x" (y));
+ return x;
+}
+#else
+#define pclmulqdq00(x, y) _mm_clmulepi64_si128(x, y, 0x00)
+#define pclmulqdq11(x, y) _mm_clmulepi64_si128(x, y, 0x11)
+#endif
+
/*
* From a 128-bit value kw, compute kx as the XOR of the two 64-bit
* halves of kw (into the right half of kx; left half is unspecified).
*/
#define SQUARE_F128(kw, dw, dx) do { \
__m128i z0, z1, z2, z3; \
- z1 = _mm_clmulepi64_si128(kw, kw, 0x11); \
- z3 = _mm_clmulepi64_si128(kw, kw, 0x00); \
+ z1 = pclmulqdq11(kw, kw); \
+ z3 = pclmulqdq00(kw, kw); \
z0 = _mm_shuffle_epi32(z1, 0x0E); \
z2 = _mm_shuffle_epi32(z3, 0x0E); \
SL_256(z0, z1, z2, z3); \
unsigned char tmp[64];
size_t num4, num1;
__m128i yw, h1w, h1x;
- __m128i byteswap_index;
+ BYTESWAP_DECL
/*
* We split data into two chunks. First chunk starts at buf1
}
/*
- * Constant value to perform endian conversion.
+ * Preparatory step for endian conversions.
*/
- byteswap_index = _mm_set_epi8(
- 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15);
+ BYTESWAP_PREP;
/*
* Load y and h.
*/
yw = _mm_loadu_si128(y);
h1w = _mm_loadu_si128(h);
- yw = _mm_shuffle_epi8(yw, byteswap_index);
- h1w = _mm_shuffle_epi8(h1w, byteswap_index);
+ BYTESWAP(yw);
+ BYTESWAP(h1w);
BK(h1w, h1x);
if (num4 > 0) {
/*
* Compute h3 = h^3 = h*(h^2).
*/
- t1 = _mm_clmulepi64_si128(h1w, h2w, 0x11);
- t3 = _mm_clmulepi64_si128(h1w, h2w, 0x00);
- t2 = _mm_xor_si128(_mm_clmulepi64_si128(h1x, h2x, 0x00),
+ t1 = pclmulqdq11(h1w, h2w);
+ t3 = pclmulqdq00(h1w, h2w);
+ t2 = _mm_xor_si128(pclmulqdq00(h1x, h2x),
_mm_xor_si128(t1, t3));
t0 = _mm_shuffle_epi32(t1, 0x0E);
t1 = _mm_xor_si128(t1, _mm_shuffle_epi32(t2, 0x0E));
aw1 = _mm_loadu_si128((void *)(buf1 + 16));
aw2 = _mm_loadu_si128((void *)(buf1 + 32));
aw3 = _mm_loadu_si128((void *)(buf1 + 48));
- aw0 = _mm_shuffle_epi8(aw0, byteswap_index);
- aw1 = _mm_shuffle_epi8(aw1, byteswap_index);
- aw2 = _mm_shuffle_epi8(aw2, byteswap_index);
- aw3 = _mm_shuffle_epi8(aw3, byteswap_index);
+ BYTESWAP(aw0);
+ BYTESWAP(aw1);
+ BYTESWAP(aw2);
+ BYTESWAP(aw3);
buf1 += 64;
aw0 = _mm_xor_si128(aw0, yw);
t1 = _mm_xor_si128(
_mm_xor_si128(
- _mm_clmulepi64_si128(aw0, h4w, 0x11),
- _mm_clmulepi64_si128(aw1, h3w, 0x11)),
+ pclmulqdq11(aw0, h4w),
+ pclmulqdq11(aw1, h3w)),
_mm_xor_si128(
- _mm_clmulepi64_si128(aw2, h2w, 0x11),
- _mm_clmulepi64_si128(aw3, h1w, 0x11)));
+ pclmulqdq11(aw2, h2w),
+ pclmulqdq11(aw3, h1w)));
t3 = _mm_xor_si128(
_mm_xor_si128(
- _mm_clmulepi64_si128(aw0, h4w, 0x00),
- _mm_clmulepi64_si128(aw1, h3w, 0x00)),
+ pclmulqdq00(aw0, h4w),
+ pclmulqdq00(aw1, h3w)),
_mm_xor_si128(
- _mm_clmulepi64_si128(aw2, h2w, 0x00),
- _mm_clmulepi64_si128(aw3, h1w, 0x00)));
+ pclmulqdq00(aw2, h2w),
+ pclmulqdq00(aw3, h1w)));
t2 = _mm_xor_si128(
_mm_xor_si128(
- _mm_clmulepi64_si128(ax0, h4x, 0x00),
- _mm_clmulepi64_si128(ax1, h3x, 0x00)),
+ pclmulqdq00(ax0, h4x),
+ pclmulqdq00(ax1, h3x)),
_mm_xor_si128(
- _mm_clmulepi64_si128(ax2, h2x, 0x00),
- _mm_clmulepi64_si128(ax3, h1x, 0x00)));
+ pclmulqdq00(ax2, h2x),
+ pclmulqdq00(ax3, h1x)));
t2 = _mm_xor_si128(t2, _mm_xor_si128(t1, t3));
t0 = _mm_shuffle_epi32(t1, 0x0E);
t1 = _mm_xor_si128(t1, _mm_shuffle_epi32(t2, 0x0E));
__m128i t0, t1, t2, t3;
aw = _mm_loadu_si128((void *)buf2);
- aw = _mm_shuffle_epi8(aw, byteswap_index);
+ BYTESWAP(aw);
buf2 += 16;
aw = _mm_xor_si128(aw, yw);
BK(aw, ax);
- t1 = _mm_clmulepi64_si128(aw, h1w, 0x11);
- t3 = _mm_clmulepi64_si128(aw, h1w, 0x00);
- t2 = _mm_clmulepi64_si128(ax, h1x, 0x00);
+ t1 = pclmulqdq11(aw, h1w);
+ t3 = pclmulqdq00(aw, h1w);
+ t2 = pclmulqdq00(ax, h1x);
t2 = _mm_xor_si128(t2, _mm_xor_si128(t1, t3));
t0 = _mm_shuffle_epi32(t1, 0x0E);
t1 = _mm_xor_si128(t1, _mm_shuffle_epi32(t2, 0x0E));
yw = _mm_unpacklo_epi64(t1, t0);
}
- yw = _mm_shuffle_epi8(yw, byteswap_index);
+ BYTESWAP(yw);
_mm_storeu_si128(y, yw);
}
-/*
- * Test CPU support for PCLMULQDQ.
- */
-static int
-pclmul_supported(void)
-{
- /*
- * Bit mask for features in ECX:
- * 1 PCLMULQDQ support
- */
-#define MASK 0x00000002
-
-#if BR_AES_X86NI_GCC
- unsigned eax, ebx, ecx, edx;
-
- if (__get_cpuid(1, &eax, &ebx, &ecx, &edx)) {
- return (ecx & MASK) == MASK;
- } else {
- return 0;
- }
-#elif BR_AES_X86NI_MSC
- int info[4];
-
- __cpuid(info, 1);
- return ((uint32_t)info[2] & MASK) == MASK;
-#else
- return 0;
-#endif
-
-#undef MASK
-}
-
-/* see bearssl_hash.h */
-br_ghash
-br_ghash_pclmul_get(void)
-{
- return pclmul_supported() ? &br_ghash_pclmul : 0;
-}
-
-#if BR_AES_X86NI_GCC && BR_AES_X86NI_GCC_OLD
-#pragma GCC pop_options
-#endif
+BR_TARGETS_X86_DOWN
#else
* Set BR_LOMUL on platforms where it makes sense.
*/
#ifndef BR_LOMUL
-#if BR_ARMEL_CORTEX_GCC
+#if BR_ARMEL_CORTEXM_GCC
#define BR_LOMUL 1
#endif
#endif
/*
- * Determine whether x86 AES instructions are understood by the compiler.
+ * Architecture detection.
*/
-#ifndef BR_AES_X86NI
-#if (__i386__ || __x86_64__) \
- && ((__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 8)) \
- || (__clang_major__ > 3 \
- || (__clang_major__ == 3 && __clang_minor__ >= 7)))
-#define BR_AES_X86NI 1
-#elif (_M_IX86 || _M_X64) && (_MSC_VER >= 1700)
-#define BR_AES_X86NI 1
+#ifndef BR_i386
+#if __i386__ || _M_IX86
+#define BR_i386 1
+#endif
+#endif
+
+#ifndef BR_amd64
+#if __x86_64__ || _M_X64
+#define BR_amd64 1
#endif
#endif
/*
- * If we use x86 AES instruction, determine the compiler brand.
- */
-#if BR_AES_X86NI
-#ifndef BR_AES_X86NI_GCC
-#if __GNUC__
-#define BR_AES_X86NI_GCC 1
+ * Compiler brand and version.
+ *
+ * Implementations that use intrinsics need to detect the compiler type
+ * and version because some specific actions may be needed to activate
+ * the corresponding opcodes, both for header inclusion, and when using
+ * them in a function.
+ *
+ * BR_GCC, BR_CLANG and BR_MSC will be set to 1 for, respectively, GCC,
+ * Clang and MS Visual C. For each of them, sub-macros will be defined
+ * for versions; each sub-macro is set whenever the compiler version is
+ * at least as recent as the one corresponding to the macro.
+ */
+
+/*
+ * GCC thresholds are on versions 4.4 to 4.9 and 5.0.
+ */
+#ifndef BR_GCC
+#if __GNUC__ && !__clang__
+#define BR_GCC 1
+
+#if __GNUC__ > 4
+#define BR_GCC_5_0 1
+#elif __GNUC__ == 4 && __GNUC_MINOR__ >= 9
+#define BR_GCC_4_9 1
+#elif __GNUC__ == 4 && __GNUC_MINOR__ >= 8
+#define BR_GCC_4_8 1
+#elif __GNUC__ == 4 && __GNUC_MINOR__ >= 7
+#define BR_GCC_4_7 1
+#elif __GNUC__ == 4 && __GNUC_MINOR__ >= 6
+#define BR_GCC_4_6 1
+#elif __GNUC__ == 4 && __GNUC_MINOR__ >= 5
+#define BR_GCC_4_5 1
+#elif __GNUC__ == 4 && __GNUC_MINOR__ >= 4
+#define BR_GCC_4_4 1
+#endif
+
+#if BR_GCC_5_0
+#define BR_GCC_4_9 1
+#endif
+#if BR_GCC_4_9
+#define BR_GCC_4_8 1
#endif
+#if BR_GCC_4_8
+#define BR_GCC_4_7 1
#endif
-#ifndef BR_AES_X86NI_MSC
-#if _MSC_VER >= 1700
-#define BR_AES_X86NI_MSC 1
+#if BR_GCC_4_7
+#define BR_GCC_4_6 1
#endif
+#if BR_GCC_4_6
+#define BR_GCC_4_5 1
+#endif
+#if BR_GCC_4_5
+#define BR_GCC_4_4 1
+#endif
+
#endif
#endif
/*
- * Determine whether SSE2 intrinsics are understood by the compiler.
- * Right now, we restrict ourselves to compiler versions where things
- * are documented to work well:
- * -- GCC 4.4+ and Clang 3.7+ understand the function attribute "target"
- * -- MS Visual Studio 2005 documents the existence of <emmintrin.h>
- * SSE2-powered code _might_ work with older versions, but there is no
- * pressing need to do so right now.
+ * Clang thresholds are on versions 3.7.0 and 3.8.0.
*/
-#ifndef BR_SSE2
-#if (__i386__ || __x86_64__) \
- && ((__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 4)) \
- || (__clang_major__ > 3 \
- || (__clang_major__ == 3 && __clang_minor__ >= 7)))
-#define BR_SSE2 1
-#elif (_M_IX86 || _M_X64) && (_MSC_VER >= 1400)
-#define BR_SSE2 1
+#ifndef BR_CLANG
+#if __clang__
+#define BR_CLANG 1
+
+#if __clang_major__ > 3 || (__clang_major__ == 3 && __clang_minor__ >= 8)
+#define BR_CLANG_3_8 1
+#elif __clang_major__ == 3 && __clang_minor__ >= 7
+#define BR_CLANG_3_7 1
+#endif
+
+#if BR_CLANG_3_8
+#define BR_CLANG_3_7 1
+#endif
+
#endif
#endif
/*
- * If we use SSE2 intrinsics, determine the compiler brand.
+ * MS Visual C thresholds are on Visual Studio 2005 to 2015.
*/
-#if BR_SSE2
-#ifndef BR_SSE2_GCC
-#if __GNUC__
-#define BR_SSE2_GCC 1
+#ifndef BR_MSC
+#if _MSC_VER
+#define BR_MSC 1
+
+#if _MSC_VER >= 1900
+#define BR_MSC_2015 1
+#elif _MSC_VER >= 1800
+#define BR_MSC_2013 1
+#elif _MSC_VER >= 1700
+#define BR_MSC_2012 1
+#elif _MSC_VER >= 1600
+#define BR_MSC_2010 1
+#elif _MSC_VER >= 1500
+#define BR_MSC_2008 1
+#elif _MSC_VER >= 1400
+#define BR_MSC_2005 1
#endif
+
+#if BR_MSC_2015
+#define BR_MSC_2013 1
+#endif
+#if BR_MSC_2013
+#define BR_MSC_2012 1
+#endif
+#if BR_MSC_2012
+#define BR_MSC_2010 1
#endif
-#ifndef BR_SSE2_MSC
-#if _MSC_VER >= 1400
-#define BR_SSE2_MSC 1
+#if BR_MSC_2010
+#define BR_MSC_2008 1
#endif
+#if BR_MSC_2008
+#define BR_MSC_2005 1
+#endif
+
#endif
#endif
/*
- * A macro to tag a function with a "target" attribute (for GCC and Clang).
+ * GCC 4.4+ and Clang 3.7+ allow tagging specific functions with a
+ * 'target' attribute that activates support for specific opcodes.
*/
-#if BR_AES_X86NI_GCC || BR_SSE2_GCC
+#if BR_GCC_4_4 || BR_CLANG_3_7
#define BR_TARGET(x) __attribute__((target(x)))
#else
#define BR_TARGET(x)
#endif
/*
- * GCC versions from 4.4 to 4.8 (inclusive) must use a special #pragma
- * to activate extra opcodes before including the relevant intrinsic
- * AES-NI headers. But these don't work with Clang (which does not need
- * them either). We also need that #pragma for GCC 4.9 in order to work
- * around a compiler bug (it tends to blow up on ghash_pclmul code
- * otherwise).
+ * AES-NI intrinsics are available on x86 (32-bit and 64-bit) with
+ * GCC 4.8+, Clang 3.7+ and MSC 2012+.
+ */
+#ifndef BR_AES_X86NI
+#if (BR_i386 || BR_amd64) && (BR_GCC_4_8 || BR_CLANG_3_7 || BR_MSC_2012)
+#define BR_AES_X86NI 1
+#endif
+#endif
+
+/*
+ * SSE2 intrinsics are available on x86 (32-bit and 64-bit) with
+ * GCC 4.4+, Clang 3.7+ and MSC 2005+.
*/
-#if BR_AES_X86NI_GCC && !defined BR_AES_X86NI_GCC_OLD
-#if __GNUC__ == 4 && __GNUC_MINOR__ >= 4 && __GNUC_MINOR__ <= 9 && !__clang__
-#define BR_AES_X86NI_GCC_OLD 1
+#ifndef BR_SSE2
+#if (BR_i386 || BR_amd64) && (BR_GCC_4_4 || BR_CLANG_3_7 || BR_MSC_2005)
+#define BR_SSE2 1
+#endif
+#endif
+
+/*
+ * RDRAND intrinsics are available on x86 (32-bit and 64-bit) with
+ * GCC 4.6+, Clang 3.7+ and MSC 2012+.
+ */
+#ifndef BR_RDRAND
+#if (BR_i386 || BR_amd64) && (BR_GCC_4_6 || BR_CLANG_3_7 || BR_MSC_2012)
+#define BR_RDRAND 1
+#endif
+#endif
+
+/*
+ * Determine type of OS for random number generation. Macro names and
+ * values are documented on:
+ * https://sourceforge.net/p/predef/wiki/OperatingSystems/
+ *
+ * TODO: enrich the list of detected system. Also add detection for
+ * alternate system calls like getentropy(), which are usually
+ * preferable when available.
+ */
+
+#ifndef BR_USE_URANDOM
+#if defined _AIX \
+ || defined __ANDROID__ \
+ || defined __FreeBSD__ \
+ || defined __NetBSD__ \
+ || defined __OpenBSD__ \
+ || defined __DragonFly__ \
+ || defined __linux__ \
+ || (defined __sun && (defined __SVR4 || defined __svr4__)) \
+ || (defined __APPLE__ && defined __MACH__)
+#define BR_USE_URANDOM 1
+#endif
+#endif
+
+#ifndef BR_USE_WIN32_RAND
+#if defined _WIN32 || defined _WIN64
+#define BR_USE_WIN32_RAND 1
#endif
#endif
#endif
+/*
+ * Detect support for an OS-provided time source.
+ */
+
+#ifndef BR_USE_UNIX_TIME
+#if defined __unix__ || defined __linux__ \
+ || defined _POSIX_SOURCE || defined _POSIX_C_SOURCE \
+ || (defined __APPLE__ && defined __MACH__)
+#define BR_USE_UNIX_TIME 1
+#endif
+#endif
+
+#ifndef BR_USE_WIN32_TIME
+#if defined _WIN32 || defined _WIN64
+#define BR_USE_WIN32_TIME 1
+#endif
+#endif
+
/* ==================================================================== */
/*
* Encoding/decoding functions.
#endif
+/* ==================================================================== */
+/*
+ * Special "activate intrinsics" code, needed for some compiler versions.
+ * This is defined at the end of this file, so that it won't impact any
+ * of the inline functions defined previously; and it is controlled by
+ * a specific macro defined in the caller code.
+ *
+ * Calling code conventions:
+ *
+ * - Caller must define BR_ENABLE_INTRINSICS before including "inner.h".
+ * - Functions that use intrinsics must be enclosed in an "enabled"
+ * region (between BR_TARGETS_X86_UP and BR_TARGETS_X86_DOWN).
+ * - Functions that use intrinsics must be tagged with the appropriate
+ * BR_TARGET().
+ */
+
+#if BR_ENABLE_INTRINSICS && (BR_GCC_4_4 || BR_CLANG_3_7 || BR_MSC_2005)
+
+/*
+ * x86 intrinsics (both 32-bit and 64-bit).
+ */
+#if BR_i386 || BR_amd64
+
+#if BR_GCC && !BR_GCC_5_0
+#if BR_GCC_4_6
+#define BR_TARGETS_X86_UP \
+ _Pragma("GCC push_options") \
+ _Pragma("GCC target(\"sse2,ssse3,sse4.1,aes,pclmul,rdrnd\")")
+#else
+#define BR_TARGETS_X86_UP \
+ _Pragma("GCC push_options") \
+ _Pragma("GCC target(\"sse2,ssse3,sse4.1,aes,pclmul\")")
+#endif
+#define BR_TARGETS_X86_DOWN \
+ _Pragma("GCC pop_options")
+#pragma GCC diagnostic ignored "-Wpsabi"
+#endif
+
+#if BR_CLANG && !BR_CLANG_3_8
+#undef __SSE2__
+#undef __SSE3__
+#undef __SSSE3__
+#undef __SSE4_1__
+#undef __AES__
+#undef __PCLMUL__
+#undef __RDRND__
+#define __SSE2__ 1
+#define __SSE3__ 1
+#define __SSSE3__ 1
+#define __SSE4_1__ 1
+#define __AES__ 1
+#define __PCLMUL__ 1
+#define __RDRND__ 1
+#endif
+
+#ifndef BR_TARGETS_X86_UP
+#define BR_TARGETS_X86_UP
+#endif
+#ifndef BR_TARGETS_X86_DOWN
+#define BR_TARGETS_X86_DOWN
+#endif
+
+#if BR_GCC || BR_CLANG
+BR_TARGETS_X86_UP
+#include <x86intrin.h>
+#include <cpuid.h>
+#define bswap32 __builtin_bswap32
+BR_TARGETS_X86_DOWN
+#endif
+
+#if BR_MSC
+#include <stdlib.h>
+#include <intrin.h>
+#include <immintrin.h>
+#define bswap32 _byteswap_ulong
+#endif
+
+static inline int
+br_cpuid(uint32_t mask_eax, uint32_t mask_ebx,
+ uint32_t mask_ecx, uint32_t mask_edx)
+{
+#if BR_GCC || BR_CLANG
+ unsigned eax, ebx, ecx, edx;
+
+ if (__get_cpuid(1, &eax, &ebx, &ecx, &edx)) {
+ if ((eax & mask_eax) == mask_eax
+ && (ebx & mask_ebx) == mask_ebx
+ && (ecx & mask_ecx) == mask_ecx
+ && (edx & mask_edx) == mask_edx)
+ {
+ return 1;
+ }
+ }
+#elif BR_MSC
+ int info[4];
+
+ __cpuid(info, 1);
+ if (((uint32_t)info[0] & mask_eax) == mask_eax
+ && ((uint32_t)info[1] & mask_ebx) == mask_ebx
+ && ((uint32_t)info[2] & mask_ecx) == mask_ecx
+ && ((uint32_t)info[3] & mask_edx) == mask_edx)
+ {
+ return 1;
+ }
+#endif
+ return 0;
+}
+
+#endif
+
+#endif
+
/* ==================================================================== */
#endif
--- /dev/null
+/*
+ * Copyright (c) 2017 Thomas Pornin <pornin@bolet.org>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+#define BR_ENABLE_INTRINSICS 1
+#include "inner.h"
+
+#if BR_USE_URANDOM
+#include <sys/types.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <errno.h>
+#endif
+
+#if BR_USE_WIN32_RAND
+#include <windows.h>
+#include <wincrypt.h>
+#pragma comment(lib, "advapi32")
+#endif
+
+#if BR_RDRAND
+BR_TARGETS_X86_UP
+BR_TARGET("rdrnd")
+static int
+seeder_rdrand(const br_prng_class **ctx)
+{
+ unsigned char tmp[32];
+ size_t u;
+
+ for (u = 0; u < sizeof tmp; u += sizeof(uint32_t)) {
+ int j;
+ uint32_t x;
+
+ /*
+ * We use the 32-bit intrinsic so that code is compatible
+ * with both 32-bit and 64-bit architectures.
+ *
+ * Intel recommends trying at least 10 times in case of
+ * failure.
+ */
+ for (j = 0; j < 10; j ++) {
+ if (_rdrand32_step(&x)) {
+ goto next_word;
+ }
+ }
+ return 0;
+ next_word:
+ br_enc32le(tmp + u, x);
+ }
+ (*ctx)->update(ctx, tmp, sizeof tmp);
+ return 1;
+}
+BR_TARGETS_X86_DOWN
+
+static int
+rdrand_supported(void)
+{
+ /*
+ * The RDRND support is bit 30 of ECX, as returned by CPUID.
+ */
+ return br_cpuid(0, 0, 0x40000000, 0);
+}
+
+#endif
+
+#if BR_USE_URANDOM
+static int
+seeder_urandom(const br_prng_class **ctx)
+{
+ int f;
+
+ f = open("/dev/urandom", O_RDONLY);
+ if (f >= 0) {
+ unsigned char tmp[32];
+ size_t u;
+
+ for (u = 0; u < sizeof tmp;) {
+ ssize_t len;
+
+ len = read(f, tmp + u, (sizeof tmp) - u);
+ if (len < 0) {
+ if (errno == EINTR) {
+ continue;
+ }
+ break;
+ }
+ u += (size_t)len;
+ }
+ close(f);
+ if (u == sizeof tmp) {
+ (*ctx)->update(ctx, tmp, sizeof tmp);
+ return 1;
+ }
+ }
+ return 0;
+}
+#endif
+
+#if BR_USE_WIN32_RAND
+static int
+seeder_win32(const br_prng_class **ctx)
+{
+ HCRYPTPROV hp;
+
+ if (CryptAcquireContext(&hp, 0, 0, PROV_RSA_FULL,
+ CRYPT_VERIFYCONTEXT | CRYPT_SILENT))
+ {
+ BYTE buf[32];
+ BOOL r;
+
+ r = CryptGenRandom(hp, sizeof buf, buf);
+ CryptReleaseContext(hp, 0);
+ if (r) {
+ (*ctx)->update(ctx, buf, sizeof buf);
+ return 1;
+ }
+ }
+ return 0;
+}
+#endif
+
+/* see bearssl_rand.h.h */
+br_prng_seeder
+br_prng_seeder_system(const char **name)
+{
+#if BR_RDRAND
+ if (rdrand_supported()) {
+ if (name != NULL) {
+ *name = "rdrand";
+ }
+ return &seeder_rdrand;
+ }
+#endif
+#if BR_USE_URANDOM
+ if (name != NULL) {
+ *name = "urandom";
+ }
+ return &seeder_urandom;
+#elif BR_USE_WIN32_RAND
+ if (name != NULL) {
+ *name = "win32";
+ }
+ return &seeder_win32;
+#endif
+ if (name != NULL) {
+ *name = "none";
+ }
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (c) 2017 Thomas Pornin <pornin@bolet.org>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+#include "inner.h"
+
+static const br_config_option config[] = {
+ { "BR_64",
+#if BR_64
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_AES_X86NI",
+#if BR_AES_X86NI
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_amd64",
+#if BR_amd64
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_ARMEL_CORTEXM_GCC",
+#if BR_ARMEL_CORTEXM_GCC
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_BE_UNALIGNED",
+#if BR_BE_UNALIGNED
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_CLANG",
+#if BR_CLANG
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_CLANG_3_7",
+#if BR_CLANG_3_7
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_CLANG_3_8",
+#if BR_CLANG_3_8
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_CT_MUL15",
+#if BR_CT_MUL15
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_CT_MUL31",
+#if BR_CT_MUL31
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_GCC",
+#if BR_GCC
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_GCC_4_4",
+#if BR_GCC_4_4
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_GCC_4_5",
+#if BR_GCC_4_5
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_GCC_4_6",
+#if BR_GCC_4_6
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_GCC_4_7",
+#if BR_GCC_4_7
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_GCC_4_8",
+#if BR_GCC_4_8
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_GCC_4_9",
+#if BR_GCC_4_9
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_GCC_5_0",
+#if BR_GCC_5_0
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_i386",
+#if BR_i386
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_INT128",
+#if BR_INT128
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_LE_UNALIGNED",
+#if BR_LE_UNALIGNED
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_LOMUL",
+#if BR_LOMUL
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_MAX_EC_SIZE", BR_MAX_EC_SIZE },
+ { "BR_MAX_RSA_SIZE", BR_MAX_RSA_SIZE },
+ { "BR_MAX_RSA_FACTOR", BR_MAX_RSA_FACTOR },
+ { "BR_MSC",
+#if BR_MSC
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_MSC_2005",
+#if BR_MSC_2005
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_MSC_2008",
+#if BR_MSC_2008
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_MSC_2010",
+#if BR_MSC_2010
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_MSC_2012",
+#if BR_MSC_2012
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_MSC_2013",
+#if BR_MSC_2013
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_MSC_2015",
+#if BR_MSC_2015
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_POWER8",
+#if BR_POWER8
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_RDRAND",
+#if BR_RDRAND
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_SLOW_MUL",
+#if BR_SLOW_MUL
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_SLOW_MUL15",
+#if BR_SLOW_MUL15
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_SSE2",
+#if BR_SSE2
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_UMUL128",
+#if BR_UMUL128
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_USE_UNIX_TIME",
+#if BR_USE_UNIX_TIME
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_USE_WIN32_RAND",
+#if BR_USE_WIN32_RAND
+ 1
+#else
+ 0
+#endif
+ },
+ { "BR_USE_WIN32_TIME",
+#if BR_USE_WIN32_TIME
+ 1
+#else
+ 0
+#endif
+ },
+
+ { NULL, 0 }
+};
+
+/* see bearssl.h */
+const br_config_option *
+br_get_config(void)
+{
+ return config;
+}
#include "inner.h"
+#if 0
+/* obsolete */
+
/*
* If BR_USE_URANDOM is not defined, then try to autodetect its presence
* through compiler macros.
#pragma comment(lib, "advapi32")
#endif
+#endif
+
/* ==================================================================== */
/*
* This part of the file does the low-level record management.
make_ready_out(rc);
}
-/* see inner.h */
-int
-br_ssl_engine_init_rand(br_ssl_engine_context *cc)
+/*
+ * Make sure the internal PRNG is initialised (but not necessarily
+ * seeded properly yet).
+ */
+static int
+rng_init(br_ssl_engine_context *cc)
{
+ const br_hash_class *h;
+
+ if (cc->rng_init_done != 0) {
+ return 1;
+ }
+
/*
- * TODO: use getrandom() on Linux systems, with a fallback to
- * opening /dev/urandom if that system call fails.
+ * If using TLS-1.2, then SHA-256 or SHA-384 must be present (or
+ * both); we prefer SHA-256 which is faster for 32-bit systems.
*
- * Use similar OS facilities on other OS (getentropy() on OpenBSD,
- * specialized sysctl on NetBSD and FreeBSD...).
+ * If using TLS-1.0 or 1.1 then SHA-1 must be present.
+ *
+ * Though HMAC_DRBG/SHA-1 is, as far as we know, as safe as
+ * these things can be, we still prefer the SHA-2 functions over
+ * SHA-1, if only for public relations (known theoretical
+ * weaknesses of SHA-1 with regards to collisions are mostly
+ * irrelevant here, but they still make people nervous).
*/
-#if BR_USE_URANDOM
- if (!cc->rng_os_rand_done) {
- int f;
-
- f = open("/dev/urandom", O_RDONLY);
- if (f >= 0) {
- unsigned char tmp[32];
- size_t u;
-
- for (u = 0; u < sizeof tmp;) {
- ssize_t len;
-
- len = read(f, tmp + u, (sizeof tmp) - u);
- if (len < 0) {
- if (errno == EINTR) {
- continue;
- }
- break;
- }
- u += (size_t)len;
- }
- close(f);
- if (u == sizeof tmp) {
- br_ssl_engine_inject_entropy(cc, tmp, u);
- cc->rng_os_rand_done = 1;
+ h = br_multihash_getimpl(&cc->mhash, br_sha256_ID);
+ if (!h) {
+ h = br_multihash_getimpl(&cc->mhash, br_sha384_ID);
+ if (!h) {
+ h = br_multihash_getimpl(&cc->mhash,
+ br_sha1_ID);
+ if (!h) {
+ br_ssl_engine_fail(cc, BR_ERR_BAD_STATE);
+ return 0;
}
}
}
-#elif BR_USE_WIN32_RAND
- if (!cc->rng_os_rand_done) {
- HCRYPTPROV hp;
+ br_hmac_drbg_init(&cc->rng, h, NULL, 0);
+ cc->rng_init_done = 1;
+ return 1;
+}
- if (CryptAcquireContextW(&hp, 0, 0, PROV_RSA_FULL,
- CRYPT_VERIFYCONTEXT | CRYPT_SILENT))
- {
- BYTE buf[32];
+/* see inner.h */
+int
+br_ssl_engine_init_rand(br_ssl_engine_context *cc)
+{
+ if (!rng_init(cc)) {
+ return 0;
+ }
- if (CryptGenRandom(hp, sizeof buf, buf)) {
- br_ssl_engine_inject_entropy(cc,
- buf, sizeof buf);
- cc->rng_os_rand_done = 1;
- }
- CryptReleaseContext(hp, 0);
+ /*
+ * We always try OS/hardware seeding once. If it works, then
+ * we assume proper seeding. If not, then external entropy must
+ * have been injected; otherwise, we report an error.
+ */
+ if (!cc->rng_os_rand_done) {
+ br_prng_seeder sd;
+
+ sd = br_prng_seeder_system(NULL);
+ if (sd != 0 && sd(&cc->rng.vtable)) {
+ cc->rng_init_done = 2;
}
+ cc->rng_os_rand_done = 1;
}
-#endif
-
- if (!cc->rng_init_done) {
+ if (cc->rng_init_done < 2) {
br_ssl_engine_fail(cc, BR_ERR_NO_RANDOM);
return 0;
}
br_ssl_engine_inject_entropy(br_ssl_engine_context *cc,
const void *data, size_t len)
{
- if (cc->rng_init_done) {
- br_hmac_drbg_update(&cc->rng, data, len);
- } else {
- /*
- * If using TLS-1.2, then SHA-256 or SHA-384 must be
- * present (or both); we prefer SHA-256 which is faster
- * for 32-bit systems.
- *
- * If using TLS-1.0 or 1.1 then SHA-1 must be present.
- *
- * Though HMAC_DRBG/SHA-1 is, as far as we know, as safe
- * as these things can be, we still prefer the SHA-2
- * functions over SHA-1, if only for public relations
- * (known theoretical weaknesses of SHA-1 with regards to
- * collisions are mostly irrelevant here, but they still
- * make people nervous).
- */
- const br_hash_class *h;
-
- h = br_multihash_getimpl(&cc->mhash, br_sha256_ID);
- if (!h) {
- h = br_multihash_getimpl(&cc->mhash, br_sha384_ID);
- if (!h) {
- h = br_multihash_getimpl(&cc->mhash,
- br_sha1_ID);
- if (!h) {
- br_ssl_engine_fail(cc,
- BR_ERR_BAD_STATE);
- return;
- }
- }
- }
- br_hmac_drbg_init(&cc->rng, h, data, len);
- cc->rng_init_done = 1;
+ /*
+ * Externally provided entropy is assumed to be "good enough"
+ * (we cannot really test its quality) so if the RNG structure
+ * could be initialised at all, then we marked the RNG as
+ * "properly seeded".
+ */
+ if (!rng_init(cc)) {
+ return;
}
+ br_hmac_drbg_update(&cc->rng, data, len);
+ cc->rng_init_done = 2;
}
/*
* SOFTWARE.
*/
+#define BR_ENABLE_INTRINSICS 1
#include "inner.h"
/*
#if BR_AES_X86NI
-#if BR_AES_X86NI_GCC
-#if BR_AES_X86NI_GCC_OLD
-#pragma GCC push_options
-#pragma GCC target("sse2,sse4.1,aes,pclmul")
-#endif
-#include <wmmintrin.h>
-#include <cpuid.h>
-#if BR_AES_X86NI_GCC_OLD
-#pragma GCC pop_options
-#endif
-#endif
-
-#if BR_AES_X86NI_MSC
-#include <intrin.h>
-#endif
-
/* see inner.h */
int
br_aes_x86ni_supported(void)
* 19 SSE4.1 (used for _mm_insert_epi32(), for AES-CTR)
* 25 AES-NI
*/
-#define MASK 0x02080000
-
-#if BR_AES_X86NI_GCC
- unsigned eax, ebx, ecx, edx;
-
- if (__get_cpuid(1, &eax, &ebx, &ecx, &edx)) {
- return (ecx & MASK) == MASK;
- } else {
- return 0;
- }
-#elif BR_AES_X86NI_MSC
- int info[4];
-
- __cpuid(info, 1);
- return ((uint32_t)info[2] & MASK) == MASK;
-#else
- return 0;
-#endif
-
-#undef MASK
+ return br_cpuid(0, 0, 0x02080000, 0);
}
-/*
- * Per-function attributes appear unreliable on old GCC, so we use the
- * pragma for all remaining functions in this file.
- */
-#if BR_AES_X86NI_GCC_OLD
-#pragma GCC target("sse2,sse4.1,aes,pclmul")
-#endif
+BR_TARGETS_X86_UP
BR_TARGET("sse2,aes")
static inline __m128i
return num_rounds;
}
+BR_TARGETS_X86_DOWN
+
#endif
* SOFTWARE.
*/
+#define BR_ENABLE_INTRINSICS 1
#include "inner.h"
#if BR_AES_X86NI
-#if BR_AES_X86NI_GCC
-#if BR_AES_X86NI_GCC_OLD
-#pragma GCC target("sse2,sse4.1,aes,pclmul")
-#endif
-#include <wmmintrin.h>
-#endif
-
-#if BR_AES_X86NI_MSC
-#include <intrin.h>
-#endif
+/* see bearssl_block.h */
+const br_block_cbcdec_class *
+br_aes_x86ni_cbcdec_get_vtable(void)
+{
+ return br_aes_x86ni_supported() ? &br_aes_x86ni_cbcdec_vtable : NULL;
+}
/* see bearssl_block.h */
void
ctx->num_rounds = br_aes_x86ni_keysched_dec(ctx->skey.skni, key, len);
}
+BR_TARGETS_X86_UP
+
/* see bearssl_block.h */
BR_TARGET("sse2,aes")
void
_mm_storeu_si128(iv, ivx);
}
+BR_TARGETS_X86_DOWN
+
/* see bearssl_block.h */
const br_block_cbcdec_class br_aes_x86ni_cbcdec_vtable = {
sizeof(br_aes_x86ni_cbcdec_keys),
&br_aes_x86ni_cbcdec_run
};
-/* see bearssl_block.h */
-const br_block_cbcdec_class *
-br_aes_x86ni_cbcdec_get_vtable(void)
-{
- return br_aes_x86ni_supported() ? &br_aes_x86ni_cbcdec_vtable : NULL;
-}
-
#else
/* see bearssl_block.h */
* SOFTWARE.
*/
+#define BR_ENABLE_INTRINSICS 1
#include "inner.h"
#if BR_AES_X86NI
-#if BR_AES_X86NI_GCC
-#if BR_AES_X86NI_GCC_OLD
-#pragma GCC target("sse2,sse4.1,aes,pclmul")
-#endif
-#include <wmmintrin.h>
-#endif
-
-#if BR_AES_X86NI_MSC
-#include <intrin.h>
-#endif
+/* see bearssl_block.h */
+const br_block_cbcenc_class *
+br_aes_x86ni_cbcenc_get_vtable(void)
+{
+ return br_aes_x86ni_supported() ? &br_aes_x86ni_cbcenc_vtable : NULL;
+}
/* see bearssl_block.h */
void
ctx->num_rounds = br_aes_x86ni_keysched_enc(ctx->skey.skni, key, len);
}
+BR_TARGETS_X86_UP
+
/* see bearssl_block.h */
BR_TARGET("sse2,aes")
void
_mm_storeu_si128(iv, ivx);
}
+BR_TARGETS_X86_DOWN
+
/* see bearssl_block.h */
const br_block_cbcenc_class br_aes_x86ni_cbcenc_vtable = {
sizeof(br_aes_x86ni_cbcenc_keys),
&br_aes_x86ni_cbcenc_run
};
-/* see bearssl_block.h */
-const br_block_cbcenc_class *
-br_aes_x86ni_cbcenc_get_vtable(void)
-{
- return br_aes_x86ni_supported() ? &br_aes_x86ni_cbcenc_vtable : NULL;
-}
-
#else
/* see bearssl_block.h */
* SOFTWARE.
*/
+#define BR_ENABLE_INTRINSICS 1
#include "inner.h"
#if BR_AES_X86NI
-#if BR_AES_X86NI_GCC
-#if BR_AES_X86NI_GCC_OLD
-#pragma GCC target("sse2,sse4.1,aes,pclmul")
-#endif
-#include <smmintrin.h>
-#include <wmmintrin.h>
-#define bswap32 __builtin_bswap32
-#endif
-
-#if BR_AES_X86NI_MSC
-#include <stdlib.h>
-#include <intrin.h>
-#define bswap32 _byteswap_ulong
-#endif
+/* see bearssl_block.h */
+const br_block_ctr_class *
+br_aes_x86ni_ctr_get_vtable(void)
+{
+ return br_aes_x86ni_supported() ? &br_aes_x86ni_ctr_vtable : NULL;
+}
/* see bearssl_block.h */
void
ctx->num_rounds = br_aes_x86ni_keysched_enc(ctx->skey.skni, key, len);
}
+BR_TARGETS_X86_UP
+
/* see bearssl_block.h */
BR_TARGET("sse2,sse4.1,aes")
uint32_t
return cc;
}
+BR_TARGETS_X86_DOWN
+
/* see bearssl_block.h */
const br_block_ctr_class br_aes_x86ni_ctr_vtable = {
sizeof(br_aes_x86ni_ctr_keys),
&br_aes_x86ni_ctr_run
};
-/* see bearssl_block.h */
-const br_block_ctr_class *
-br_aes_x86ni_ctr_get_vtable(void)
-{
- return br_aes_x86ni_supported() ? &br_aes_x86ni_ctr_vtable : NULL;
-}
-
#else
/* see bearssl_block.h */
* SOFTWARE.
*/
+#define BR_ENABLE_INTRINSICS 1
#include "inner.h"
+#if BR_SSE2
+
/*
* This file contains a ChaCha20 implementation that leverages SSE2
* opcodes for better performance.
*/
-#if BR_SSE2
+/* see bearssl_block.h */
+br_chacha20_run
+br_chacha20_sse2_get(void)
+{
+ /*
+ * If using 64-bit mode, then SSE2 opcodes should be automatically
+ * available, since they are part of the ABI.
+ *
+ * In 32-bit mode, we use CPUID to detect the SSE2 feature.
+ */
-#if BR_SSE2_GCC
-#include <emmintrin.h>
-#include <cpuid.h>
-#endif
-#if BR_SSE2_MSC
-#include <intrin.h>
+#if BR_amd64
+ return &br_chacha20_sse2_run;
+#else
+
+ /*
+ * SSE2 support is indicated by bit 26 in EDX.
+ */
+ if (br_cpuid(0, 0, 0, 0x04000000)) {
+ return &br_chacha20_sse2_run;
+ } else {
+ return 0;
+ }
#endif
+}
+
+BR_TARGETS_X86_UP
/* see bearssl_block.h */
BR_TARGET("sse2")
| ((uint32_t)_mm_extract_epi16(iw, 1) << 16);
}
-/* see bearssl_block.h */
-br_chacha20_run
-br_chacha20_sse2_get(void)
-{
- /*
- * If using 64-bit mode, then SSE2 opcodes should be automatically
- * available, since they are part of the ABI.
- *
- * In 32-bit mode, we use CPUID to detect the SSE2 feature.
- */
-
-#if __x86_64__ || _M_X64
-
- return &br_chacha20_sse2_run;
-
-#else
-
- /*
- * SSE2 support is indicated by bit 26 in EDX.
- */
-#define MASK 0x04000000
-
-#if BR_SSE2_GCC
- unsigned eax, ebx, ecx, edx;
-
- if (__get_cpuid(1, &eax, &ebx, &ecx, &edx)) {
- if ((edx & MASK) == MASK) {
- return &br_chacha20_sse2_run;
- }
- }
-#elif BR_SSE2_MSC
- int info[4];
-
- __cpuid(info, 1);
- if (((uint32_t)info[3] & MASK) == MASK) {
- return &br_chacha20_sse2_run;
- }
-#endif
- return 0;
-
-#endif
-}
+BR_TARGETS_X86_DOWN
#else
* then validation is reported as failed.
*/
-#ifndef BR_USE_UNIX_TIME
-#if defined __unix__ || defined __linux__ \
- || defined _POSIX_SOURCE || defined _POSIX_C_SOURCE \
- || (defined __APPLE__ && defined __MACH__)
-#define BR_USE_UNIX_TIME 1
-#endif
-#endif
-
-#ifndef BR_USE_WIN32_TIME
-#if defined _WIN32 || defined _WIN64
-#define BR_USE_WIN32_TIME 1
-#endif
-#endif
-
#if BR_USE_UNIX_TIME
#include <time.h>
#endif
* then validation is reported as failed.
*/
-#ifndef BR_USE_UNIX_TIME
-#if defined __unix__ || defined __linux__ \
- || defined _POSIX_SOURCE || defined _POSIX_C_SOURCE \
- || (defined __APPLE__ && defined __MACH__)
-#define BR_USE_UNIX_TIME 1
-#endif
-#endif
-
-#ifndef BR_USE_WIN32_TIME
-#if defined _WIN32 || defined _WIN64
-#define BR_USE_WIN32_TIME 1
-#endif
-#endif
-
#if BR_USE_UNIX_TIME
#include <time.h>
#endif
fprintf(stderr, " ta decode trust anchors\n");
fprintf(stderr, " chain make C code for certificate chains\n");
fprintf(stderr, " twrch run the Twrch protocol\n");
+ fprintf(stderr, " impl report on implementations\n");
}
int
} else {
return ret;
}
+ } else if (eqstr(cmd, "impl")) {
+ if (do_impl(argc - 2, argv + 2) < 0) {
+ return EXIT_FAILURE;
+ }
} else {
fprintf(stderr, "unknown command: '%s'\n", cmd);
usage();
*/
int do_twrch(int argc, char *argv[]);
+/*
+ * Do the "impl" command. Returned value is 0 on success, -1 on failure.
+ * Command-line arguments start _after_ the command name.
+ */
+int do_impl(int argc, char *argv[]);
+
#endif
--- /dev/null
+/*
+ * Copyright (c) 2017 Thomas Pornin <pornin@bolet.org>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+#include <errno.h>
+
+#include "brssl.h"
+#include "bearssl.h"
+
+/* see brssl.h */
+int
+do_impl(int argc, char *argv[])
+{
+ const br_config_option *opt;
+
+ (void)argc;
+ (void)argv;
+
+ for (opt = br_get_config(); opt->name != NULL; opt ++) {
+ printf("%-25s %8ld\n", opt->name, opt->value);
+ }
+
+ return 0;
+}
* Print algorithm details.
*/
if (verbose) {
+ const char *rngname;
+
fprintf(stderr, "Algorithms:\n");
+ br_prng_seeder_system(&rngname);
+ fprintf(stderr, " RNG: %s\n", rngname);
if (cc->iaes_cbcenc != 0) {
fprintf(stderr, " AES/CBC (enc): %s\n",
get_algo_name(cc->iaes_cbcenc, 0));
projects / BearSSL / commitdiff